301 Moved Permanently 225 B URL User Request GET HTTP/1.1 IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 7fecc762baf71157b2cc64e6a16fd942
6bd5436003ec8cd665ec9c9d6f73835191e38220
a3b9fc4cd2ac44816db1d86e1079c5b49dc73d3ac73ccda874ac0eecc02f16ee
GET / HTTP/1.1
Host: wedirectpass.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Location: http://www.wedirectpass.com/
Date: Wed, 03 May 2023 16:33:31 GMT
Content-Type: text/html; charset=UTF-8
Server: ghs
Content-Length: 225
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
301 Moved Permanently 176 B URL User Request GET HTTP/1.1 IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 7a05dc41dbc6073f26a6599d2d549622
13ebc233dde93e3ca749d3846200c36458efadf6
540159cbda9e0d52ae6e6f9360ac2d6fcd6c9ddc3087c3ac696efbd1ce2df0d0
GET / HTTP/1.1
Host: www.wedirectpass.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Location: https://www.wedirectpass.com/
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Date: Wed, 03 May 2023 16:33:32 GMT
Expires: Wed, 03 May 2023 16:33:32 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Content-Length: 176
Server: GSE
ocsp.pki.goog/s/gts1d4/EQD9vag9A5M
471 B URL ocsp.pki.goog/s/gts1d4/EQD9vag9A5M
IP
Hash 0b93db1e9d24e469b116de792169f4d8
639ab6c5a13b927036b89a1758a551976ee91c9c
7c1da3580386a7fcd75e6e83e0728b8fb399d11a51d713696b26f43e49437113
POST /s/gts1d4/EQD9vag9A5M HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 03 May 2023 16:33:32 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
301 Moved Permanently 55 kB URL User Request GET HTTP/1.1 IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (1228)
Hash 6cc18c66053f9b56d29bc2e3c20f3f6a
7ae18302d965dcac88fbc9df4c29ad8f353b3c6d
8b27341bc2a21e6465199db02fdf3fa475b1cb42557afb61a3efa86b5333d0e4
GET / HTTP/1.1
Host: www.wedirectpass.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
expires: Wed, 03 May 2023 16:33:33 GMT
date: Wed, 03 May 2023 16:33:33 GMT
cache-control: private, max-age=0
last-modified: Wed, 03 May 2023 16:21:08 GMT
etag: W/"75e732ec66bff8e5b964ceeec570756a34756929eff2b4867c629e29ca1f4726"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 54969
server: GSE
X-Firefox-Spdy: h2
www.wedirectpass.com/js/cookienotice.js
200 OK 2.0 kB URL GET HTTP/2 www.wedirectpass.com/js/cookienotice.js
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerGoogle Trust Services LLC
Subjectwww.wedirectpass.com
Fingerprint02:B4:BF:9C:3B:16:18:6A:BF:D1:6F:C1:4E:5E:FF:8D:7C:96:E5:30
ValidityWed, 26 Apr 2023 12:01:03 GMT - Tue, 25 Jul 2023 12:45:10 GMT
Hash c4e1ed83d89245089b8a1203be20a377
f3940e1215b89300ef97d57a25993f25243b8688
afa801a129ff6fc98533118275db8a7d4a38fc91f8ab55ed4c19b864255e68d2
GET /js/cookienotice.js HTTP/1.1
Host: www.wedirectpass.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 2026
date: Wed, 03 May 2023 16:33:34 GMT
expires: Wed, 10 May 2023 16:33:34 GMT
cache-control: public, max-age=604800
last-modified: Wed, 03 May 2023 14:51:04 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.11.2/css/all.min.css
200 OK 10 kB URL GET HTTP/2 cdnjs.cloudflare.com/ajax/libs/font-awesome/5.11.2/css/all.min.css
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintA9:11:71:07:07:92:48:7E:A9:3C:E8:32:25:3F:EB:AC:7D:51:7E:8F
ValidityWed, 03 Aug 2022 00:00:00 GMT - Wed, 02 Aug 2023 23:59:59 GMT
File type ASCII text, with very long lines (56656)
Hash 5c32368e2726220885c82f35b6fb4e78
bb3909d2aaca84d895296187aeaea024c76f46ec
53ceda316a9da4b956909214bb1bdaf76d2b2e3d2037614a13b6749e1e5c9e17
GET /ajax/libs/font-awesome/5.11.2/css/all.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 03 May 2023 16:33:34 GMT
content-type: text/css; charset=utf-8
content-length: 10022
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e60-de0a"
last-modified: Mon, 04 May 2020 16:10:08 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 4125665
expires: Mon, 22 Apr 2024 16:33:34 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EzWRwye5MkAHfPZ8o6XHWHYfwIGLvTpUJqcrF6zr17%2FTqXc2foWxjM%2BQ%2B%2Bj%2F5xUHPNtgHZZR6%2BTatEweJkOVIC8ImXADTwXyBhpdH3uDUmBhMh2JbPQKXFUWT4Myt97UKfsSbPqd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7c19e80d5e4ab52d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.13.0/css/all.min.css
200 OK 10 kB URL GET HTTP/2 cdnjs.cloudflare.com/ajax/libs/font-awesome/5.13.0/css/all.min.css
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintA9:11:71:07:07:92:48:7E:A9:3C:E8:32:25:3F:EB:AC:7D:51:7E:8F
ValidityWed, 03 Aug 2022 00:00:00 GMT - Wed, 02 Aug 2023 23:59:59 GMT
File type ASCII text, with very long lines (58392)
Hash 536b6de3113d2c4762be5f5fa6d4b11e
6819ef5f5338f8c86f42dc6ecf5e6a17679e0dab
a0bd64b9dfc97e8ac4ccd97e7dd54209901dcffef8a5cabf701750746201c5ac
GET /ajax/libs/font-awesome/5.13.0/css/all.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.wedirectpass.com
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 03 May 2023 16:33:34 GMT
content-type: text/css; charset=utf-8
content-length: 10301
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e60-e4d2"
last-modified: Mon, 04 May 2020 16:10:08 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 4117095
expires: Mon, 22 Apr 2024 16:33:34 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3C%2Bem%2BpiQlYV8s7o3xTthHFw7quQLHp0V2k7m7RAwvw%2B6AhaXl1vv7TxXSZD4fF55YyQAk2oP43LsftZEkseH2IkznIOVMN5ywsEcWP9RpJIqf5Mlf4oOFwepTfluYlukK6BXM2D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7c19e80d5be4b4f3-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/OwlCarousel2/2.0.0-beta.2.4/owl.carousel.min.js
200 OK 9.7 kB URL GET HTTP/2 cdnjs.cloudflare.com/ajax/libs/OwlCarousel2/2.0.0-beta.2.4/owl.carousel.min.js
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintA9:11:71:07:07:92:48:7E:A9:3C:E8:32:25:3F:EB:AC:7D:51:7E:8F
ValidityWed, 03 Aug 2022 00:00:00 GMT - Wed, 02 Aug 2023 23:59:59 GMT
File type ASCII text, with very long lines (32130)
Hash 95325af25d159ae7aab1c9f3d494982b
87517fdf5df473de27379c9e9cba328169b98e11
f4c6f88eb66cfd7428954767a5196c12331656ac552986ae43691a5d074ed67e
GET /ajax/libs/OwlCarousel2/2.0.0-beta.2.4/owl.carousel.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 03 May 2023 16:33:34 GMT
content-type: application/javascript; charset=utf-8
content-length: 9746
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03cf0-a8e8"
last-modified: Mon, 04 May 2020 16:04:00 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 21843229
expires: Mon, 22 Apr 2024 16:33:34 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=08WE6HD5ffR5Ts1Q5n6ngdPpasNvAKuhDRR9WAi12SORUcH2xE81cE9YPq0GirDJJbrz1TDvtW4PLFb0KXdRgPnohe6g3JZHHYjEFZojZ%2Bj9ZVfyKvAvrjzXbPH8f0tw%2FbFNAdiu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7c19e80d8e84b52d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
200 OK 27 kB URL GET HTTP/2 cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintA9:11:71:07:07:92:48:7E:A9:3C:E8:32:25:3F:EB:AC:7D:51:7E:8F
ValidityWed, 03 Aug 2022 00:00:00 GMT - Wed, 02 Aug 2023 23:59:59 GMT
File type ASCII text, with very long lines (32065)
Hash 63827323c175768ccb0e8ed54589a3e5
9760e238d6ecced66396798559f70593793d801e
196f9479a27db836a2a7454e222f0cb52d4eeb162e0a50e69401ba1a8d81b564
GET /ajax/libs/jquery/2.2.4/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 03 May 2023 16:33:34 GMT
content-type: application/javascript; charset=utf-8
content-length: 26909
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec4-14e4a"
last-modified: Mon, 04 May 2020 16:11:48 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 5527028
expires: Mon, 22 Apr 2024 16:33:34 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vcD%2BMtBv76rW1HUwaldT7D%2Bkh4lrWo7OOtVg8sSEubkzyWaJhF1S2LcJGE16ENxjhBey8ihsN00SnbMtNxW51PMW%2FJcBaCI0JhLCusTrqN%2FlYxxBovF0kc46vLI7Dmt8J7Std22o"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7c19e80d9e97b52d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
472 B IP
Hash 12ba8eaf8df351c1b04c5aa90a1654ca
89c8ed3f837bd937b60d8b6862af6e81510a41f5
6b2c88a08976f9b12290abc6f4e7a6cffd00698f8853f3d7bd0a87974c354bfb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 03 May 2023 16:33:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
472 B IP
Hash 12ba8eaf8df351c1b04c5aa90a1654ca
89c8ed3f837bd937b60d8b6862af6e81510a41f5
6b2c88a08976f9b12290abc6f4e7a6cffd00698f8853f3d7bd0a87974c354bfb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 03 May 2023 16:33:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
472 B IP
Hash 12ba8eaf8df351c1b04c5aa90a1654ca
89c8ed3f837bd937b60d8b6862af6e81510a41f5
6b2c88a08976f9b12290abc6f4e7a6cffd00698f8853f3d7bd0a87974c354bfb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 03 May 2023 16:33:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
472 B IP
Hash 12ba8eaf8df351c1b04c5aa90a1654ca
89c8ed3f837bd937b60d8b6862af6e81510a41f5
6b2c88a08976f9b12290abc6f4e7a6cffd00698f8853f3d7bd0a87974c354bfb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 03 May 2023 16:33:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
472 B IP
Hash fa0db92ea8bbb9279320cd1329b2f651
19738d829be5db864df400a06cb3aa3da2fe4396
690f3dcead66b5793b384e4234a3de585a1c6af789296fe25d688b2c37905145
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 03 May 2023 16:33:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
200 OK 30 kB URL GET HTTP/2 ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint78:8B:BB:40:DD:1D:5B:E9:7B:AA:CC:94:45:44:7F:FD:56:6E:E4:60
ValidityMon, 03 Apr 2023 08:24:24 GMT - Mon, 26 Jun 2023 08:24:23 GMT
File type ASCII text, with very long lines (32065)
Hash 6d973c8b7e2439d958e09c0a1ab9fe50
05ae0830200c20b9a2dfd5a825adc400481a60fb
f3c122dc227e829ed96b2a754296809201bd78abbad7ba50ef5079654e1cc894
GET /ajax/libs/jquery/2.2.4/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30028
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 29 Apr 2023 16:18:50 GMT
expires: Sun, 28 Apr 2024 16:18:50 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 346484
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.blogger.com/static/v1/widgets/3104864162-widgets.js
200 OK 57 kB URL GET HTTP/2 www.blogger.com/static/v1/widgets/3104864162-widgets.js
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.blogger.com
Fingerprint11:BB:2F:A7:2A:D7:16:23:7A:6D:82:93:B4:53:08:58:92:0B:87:5E
ValidityMon, 03 Apr 2023 08:16:37 GMT - Mon, 26 Jun 2023 08:16:36 GMT
File type ASCII text, with very long lines (2215)
Hash 7cc41abf641cc2b875f72572c0987bc2
a6229b582a1e03c6893aaa50ba971a9503da8bb1
cd3271b768e04c16ded199cf922c4622987ab2bc102f5b476b652b4c113c4e5f
GET /static/v1/widgets/3104864162-widgets.js HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 56664
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 29 Apr 2023 15:57:00 GMT
expires: Sun, 28 Apr 2024 15:57:00 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 25 Apr 2023 20:56:36 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 347794
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdn.jsdelivr.net/hls.js/latest/hls.js
200 OK 132 kB URL GET HTTP/2 cdn.jsdelivr.net/hls.js/latest/hls.js
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint88:D1:D3:FA:BE:69:45:71:5A:74:78:14:1A:E8:F3:5A:88:69:9C:7F
ValidityFri, 23 Dec 2022 10:55:14 GMT - Wed, 24 Jan 2024 10:55:13 GMT
File type Unicode text, UTF-8 text, with very long lines (843), with CRLF, LF line terminators
Size 132 kB (131674 bytes)
Hash 9da4666f78eb98c9f3e1d6718353755a
645dcba37be2a7def4a945156c8384a57c544cb5
7c160f83a234e00e401b51238da6e4590e3e13caf41ab4ddc62fca6eda35cb81
GET /hls.js/latest/hls.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
etag: W/"9d20e-6dUw+P0y341T5Nxyw0jrvlIxGAo"
content-encoding: br
accept-ranges: bytes
date: Wed, 03 May 2023 16:33:34 GMT
age: 1338684
x-served-by: cache-fra-eddf8230135-FRA, cache-bma1645-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 131674
X-Firefox-Spdy: h2
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4
1.5 kB URL ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4
IP
Hash d5965ebe36fcc9516bada2a1f27eb612
d3fdcd34e4f8a43773aca01e18f32b5be049e14f
a64a2f2312b1434548b8e3e63abd62da3e0d5ee22992c55acc01afee90d687f2
POST /ca/gsatlasr3dvtlsca2022q4 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 03 May 2023 16:33:34 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "8F337D0B89D05ACA65F8D5186599FF6B0EAADD7C"
Expires: Thu, 04 May 2023 03:00:00 GMT
Last-Modified: Wed, 03 May 2023 15:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 2606
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7c19e81018fe0b39-OSL
ocsp.pki.goog/gts1c3
472 B IP
Hash 12ba8eaf8df351c1b04c5aa90a1654ca
89c8ed3f837bd937b60d8b6862af6e81510a41f5
6b2c88a08976f9b12290abc6f4e7a6cffd00698f8853f3d7bd0a87974c354bfb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 03 May 2023 16:33:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
472 B IP
Hash 17cac047f503e9e8bf1818f4271c9b78
0aa3f3adbeb5649f345dc9d0be12f1e2381a98df
52a6e1bc3e2c1281f2ca2c53888cc785b4a00f7e065fc9f0441a2e2ae94e8b91
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 03 May 2023 16:33:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.googleapis.com/css2?family=Varela+Round&display=swap
200 OK 952 B URL GET HTTP/2 fonts.googleapis.com/css2?family=Varela+Round&display=swap
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint78:8B:BB:40:DD:1D:5B:E9:7B:AA:CC:94:45:44:7F:FD:56:6E:E4:60
ValidityMon, 03 Apr 2023 08:24:24 GMT - Mon, 26 Jun 2023 08:24:23 GMT
Hash 9921315b7ee6acb980e9381ceb88bd56
b94534f1f023a948d9f94f054736077984d8d8a2
f71543dfa4c2b0e1ed3cafe7bf4183d817325fc9eec930d31c400d40ae4877cf
GET /css2?family=Varela+Round&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 03 May 2023 16:33:34 GMT
date: Wed, 03 May 2023 16:33:34 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.11.2/webfonts/fa-solid-900.woff2
200 OK 76 kB URL GET HTTP/2 cdnjs.cloudflare.com/ajax/libs/font-awesome/5.11.2/webfonts/fa-solid-900.woff2
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintA9:11:71:07:07:92:48:7E:A9:3C:E8:32:25:3F:EB:AC:7D:51:7E:8F
ValidityWed, 03 Aug 2022 00:00:00 GMT - Wed, 02 Aug 2023 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 75728, version 330.32636\012- data
Hash 44d537ab79f921fde5a28b2c1636f397
b2879f9e1d0985a96842bf7f55a2b2cc4c636d04
3d1080625d3030e88357b3ac9aa377dcec23f1b529c4ad03f7a9a435ccae04be
GET /ajax/libs/font-awesome/5.11.2/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.wedirectpass.com
Connection: keep-alive
Referer: https://cdnjs.cloudflare.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 03 May 2023 16:33:34 GMT
content-type: application/octet-stream; charset=utf-8
content-length: 75728
access-control-allow-origin: *
cache-control: public, max-age=30672000
etag: "5eb03e60-127d0"
last-modified: Mon, 04 May 2020 16:10:08 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 170346
expires: Mon, 22 Apr 2024 16:33:34 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cpeLU7eY81TkBgRCpwu0t%2B7qEnhvL%2FRuXgY7Dt48YDmDfITLbcLoTg80FCopwYe%2FyeEJksqEst8bA90yDPhlwxVy70tqt4V4hcQq7uZ%2FY5z%2FjyGkCmngeRuZrwOGnXMSQV%2B3uNI5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7c19e810783fb4f3-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
471 B IP
Hash 2ce978767c05692aa24c6454c05de9fc
2daae46f8a6cc154414210a7fa409479f51991e6
2f804b51a4f9a047a1d9de696906484b648e1f6e052a1fc85f3e29a8f0309e2d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 03 May 2023 16:33:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.googleapis.com/css2?family=Josefin+Sans:wght@600&display=swap
200 OK 13 kB URL GET HTTP/2 fonts.googleapis.com/css2?family=Josefin+Sans:wght@600&display=swap
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint78:8B:BB:40:DD:1D:5B:E9:7B:AA:CC:94:45:44:7F:FD:56:6E:E4:60
ValidityMon, 03 Apr 2023 08:24:24 GMT - Mon, 26 Jun 2023 08:24:23 GMT
Hash 5ab98b1052ac140f3c2ca6619c84ca31
2b819e8beee16eed60bcefe143c4a1771d0fca61
6a2149f8549a043011300d3384608527f5d492301317139c323b93c2df8e067e
GET /css2?family=Josefin+Sans:wght@600&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 03 May 2023 16:33:34 GMT
date: Wed, 03 May 2023 16:33:34 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
compoundpeeredfrankly.com/57bf8254239baa87e722d8273fea8a6c/invoke.js
200 OK 9.3 kB URL GET HTTP/1.1 compoundpeeredfrankly.com/57bf8254239baa87e722d8273fea8a6c/invoke.js
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerLet's Encrypt
Subject*.compoundpeeredfrankly.com
FingerprintAF:C2:91:AC:E8:07:F7:39:5C:01:85:8B:44:11:7D:8D:03:1D:77:A9
ValidityTue, 28 Mar 2023 06:15:16 GMT - Mon, 26 Jun 2023 06:15:15 GMT
File type Unicode text, UTF-8 text, with very long lines (25066), with no line terminators
Hash 9bfb737099748bda0d31bfd9ab626193
6e050be9469d8612b0904a5a11a147a84a264063
133cca3189001493235f84faa2df23714d8b51ffcad8835fecd06155512b6944
GET /57bf8254239baa87e722d8273fea8a6c/invoke.js HTTP/1.1
Host: compoundpeeredfrankly.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 03 May 2023 16:33:34 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: bd11514692d858d8e44af14f8af62fa4
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
471 B IP
Hash 2ce978767c05692aa24c6454c05de9fc
2daae46f8a6cc154414210a7fa409479f51991e6
2f804b51a4f9a047a1d9de696906484b648e1f6e052a1fc85f3e29a8f0309e2d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 03 May 2023 16:33:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
compoundpeeredfrankly.com/f5/cd/d6/f5cdd6689bc2581a9da8b3738bf62f1e.js
200 OK 13 kB URL GET HTTP/1.1 compoundpeeredfrankly.com/f5/cd/d6/f5cdd6689bc2581a9da8b3738bf62f1e.js
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerLet's Encrypt
Subject*.compoundpeeredfrankly.com
FingerprintAF:C2:91:AC:E8:07:F7:39:5C:01:85:8B:44:11:7D:8D:03:1D:77:A9
ValidityTue, 28 Mar 2023 06:15:16 GMT - Mon, 26 Jun 2023 06:15:15 GMT
File type ASCII text, with very long lines (37140), with no line terminators
Hash bb8c1c4c3f17d0f9ebafd626eff41ca8
c99397c0d4bc741fc49fbcc4c4ca76d1221ec6e6
1a438ad5bafa860512e395384f2032bf80684186af29481f9ee343284169d398
GET /f5/cd/d6/f5cdd6689bc2581a9da8b3738bf62f1e.js HTTP/1.1
Host: compoundpeeredfrankly.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 03 May 2023 16:33:34 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8abbaa4e974df7ceaf7606cfc3e589a1
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
compoundpeeredfrankly.com/15bc91630ec0963008ff48491aacecba/invoke.js
200 OK 9.8 kB URL GET HTTP/1.1 compoundpeeredfrankly.com/15bc91630ec0963008ff48491aacecba/invoke.js
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerLet's Encrypt
Subject*.compoundpeeredfrankly.com
FingerprintAF:C2:91:AC:E8:07:F7:39:5C:01:85:8B:44:11:7D:8D:03:1D:77:A9
ValidityTue, 28 Mar 2023 06:15:16 GMT - Mon, 26 Jun 2023 06:15:15 GMT
File type exported SGML document, ASCII text, with very long lines (26974), with no line terminators
Hash 7e7ed1158064af09f6b4e6d20a5322a7
c7f1cf5dd95ad7f9830170bcc39b886fd2fa31ce
d4a18c958504e9fb93af8dc09e148012383447c1c72cd8edad07553c78f91a25
GET /15bc91630ec0963008ff48491aacecba/invoke.js HTTP/1.1
Host: compoundpeeredfrankly.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 03 May 2023 16:33:35 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 334cfbdb5f5cd6f3609e57a37d25bdca
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
compoundpeeredfrankly.com/15bc91630ec0963008ff48491aacecba/invoke.js
200 OK 9.8 kB URL GET HTTP/1.1 compoundpeeredfrankly.com/15bc91630ec0963008ff48491aacecba/invoke.js
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerLet's Encrypt
Subject*.compoundpeeredfrankly.com
FingerprintAF:C2:91:AC:E8:07:F7:39:5C:01:85:8B:44:11:7D:8D:03:1D:77:A9
ValidityTue, 28 Mar 2023 06:15:16 GMT - Mon, 26 Jun 2023 06:15:15 GMT
File type exported SGML document, ASCII text, with very long lines (26986), with no line terminators
Hash 4885ebd07ccd83eaa516d490b20611f5
1e39a13cc9104c36cbe54d5d78880a8bdc1c5628
0031003cf4ae332abe5699548a9f7bfb2abd98f3588c8c531c6264254b8a630d
GET /15bc91630ec0963008ff48491aacecba/invoke.js HTTP/1.1
Host: compoundpeeredfrankly.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 03 May 2023 16:33:35 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c99849f9b1aa6dfad197defed98d49a3
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.r2m01.amazontrust.com/
471 B URL ocsp.r2m01.amazontrust.com/
IP
Hash 2e6f9458101c64e6355192fcb790a32d
64b31b66aa1f8b3bd5c4aea2bbe6edd86c65a1a7
b2ab1050a9e28b745e9538e648d3bab02a67c6c579c1231333ba468551aa3bd9
POST / HTTP/1.1
Host: ocsp.r2m01.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 03 May 2023 16:33:35 GMT
Last-Modified: Wed, 03 May 2023 15:04:26 GMT
Server: ECAcc (bsa/EB6C)
X-Cache: Miss from cloudfront
Via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: cqloEPYgG-aDJxOM8___1wU2WIwMyS_UG__YY6CFGX2uDjS9mazyJA==
Age: 5349
ocsp.r2m01.amazontrust.com/
471 B URL ocsp.r2m01.amazontrust.com/
IP
Hash 2e6f9458101c64e6355192fcb790a32d
64b31b66aa1f8b3bd5c4aea2bbe6edd86c65a1a7
b2ab1050a9e28b745e9538e648d3bab02a67c6c579c1231333ba468551aa3bd9
POST / HTTP/1.1
Host: ocsp.r2m01.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 03 May 2023 16:33:35 GMT
Last-Modified: Wed, 03 May 2023 15:04:26 GMT
Server: ECAcc (bsa/EACA)
X-Cache: Miss from cloudfront
Via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 5HRsZZt8mDivkAChh6Q1eWqoOaqqBQqYoK5lrVGYFCXVF3s9nLamgA==
Age: 5349
simplewebanalysis.com/stats
200 OK 40 B URL GET HTTP/2 simplewebanalysis.com/stats
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerAmazon
Subjectsimplewebanalysis.com
FingerprintE5:9D:30:D3:0E:8A:EF:0D:43:46:4C:4C:53:AD:05:78:63:E9:04:07
ValidityThu, 02 Mar 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT
File type ASCII text, with no line terminators
Hash ec19a7c33efc61fdae606e053fb6c69b
bdcc689d2236918e5d89d7617e31c6fe55fb61bd
d71bcb33b6001fe512ffdac7abff333cecb66b9f426bbef373fa46b01aa64258
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.wedirectpass.com
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 03 May 2023 16:33:35 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://www.wedirectpass.com
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=36ba16f2-aca4-4be7-86c2-f85515b6ea8c:3:1; expires=Sat, 30 Apr 2033 16:33:35 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
simplewebanalysis.com/stats
200 OK 40 B URL GET HTTP/2 simplewebanalysis.com/stats
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerAmazon
Subjectsimplewebanalysis.com
FingerprintE5:9D:30:D3:0E:8A:EF:0D:43:46:4C:4C:53:AD:05:78:63:E9:04:07
ValidityThu, 02 Mar 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT
File type ASCII text, with no line terminators
Hash 6fcda0ac6a62d2b293ffc4866f64e79a
84e454ef8377fe09ae8faf23ba7e4e802cacf523
3d8809023a00b00e2a2125f1396bff784badc2896cf2ad2e931b68e68e0cde45
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.wedirectpass.com
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 03 May 2023 16:33:35 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://www.wedirectpass.com
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=0a6ea199-6991-4b04-b8c1-b7d0a7833b09:2:1; expires=Sat, 30 Apr 2033 16:33:35 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
simplewebanalysis.com/stats
200 OK 40 B URL GET HTTP/2 simplewebanalysis.com/stats
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerAmazon
Subjectsimplewebanalysis.com
FingerprintE5:9D:30:D3:0E:8A:EF:0D:43:46:4C:4C:53:AD:05:78:63:E9:04:07
ValidityThu, 02 Mar 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT
File type ASCII text, with no line terminators
Hash fad752d96563d4549ae378de991cda55
229823ab59df922daf7973d045e40d1105947704
e22aaa23a8003e2a74e1a475e04aeeb67446580d2add1a9471a52356035a65f3
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.wedirectpass.com
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 03 May 2023 16:33:35 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://www.wedirectpass.com
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=2a66c861-860f-4872-9e1d-c24f5869c10c:3:1; expires=Sat, 30 Apr 2033 16:33:35 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
compoundpeeredfrankly.com/15bc91630ec0963008ff48491aacecba/invoke.js
200 OK 9.8 kB URL GET HTTP/1.1 compoundpeeredfrankly.com/15bc91630ec0963008ff48491aacecba/invoke.js
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerLet's Encrypt
Subject*.compoundpeeredfrankly.com
FingerprintAF:C2:91:AC:E8:07:F7:39:5C:01:85:8B:44:11:7D:8D:03:1D:77:A9
ValidityTue, 28 Mar 2023 06:15:16 GMT - Mon, 26 Jun 2023 06:15:15 GMT
File type exported SGML document, ASCII text, with very long lines (26980), with no line terminators
Hash 61c8e70cb69a0be6c8361b179634264d
35208e2b2e88b601f84cfbb5f16a65c5079ea0e7
b35b551d25ee28f94ab511559aefff49bb36aaa0ed083c1d21e2d60dfc137fe2
GET /15bc91630ec0963008ff48491aacecba/invoke.js HTTP/1.1
Host: compoundpeeredfrankly.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 03 May 2023 16:33:35 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b30b160ca7536031dfd1c1b1f3d82e6f
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
compoundpeeredfrankly.com/15bc91630ec0963008ff48491aacecba/invoke.js
200 OK 9.8 kB URL GET HTTP/1.1 compoundpeeredfrankly.com/15bc91630ec0963008ff48491aacecba/invoke.js
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerLet's Encrypt
Subject*.compoundpeeredfrankly.com
FingerprintAF:C2:91:AC:E8:07:F7:39:5C:01:85:8B:44:11:7D:8D:03:1D:77:A9
ValidityTue, 28 Mar 2023 06:15:16 GMT - Mon, 26 Jun 2023 06:15:15 GMT
File type exported SGML document, ASCII text, with very long lines (26986), with no line terminators
Hash 037bf88c3eb38f5fe4d0f7938a06c8dc
295ba12dbc36db56cf2e3ba7e61dbc47eba22a9c
b2b57e535ea5cff938331f22399871a8849a0b5c5a1b885f0f24fe5a048ebd3b
GET /15bc91630ec0963008ff48491aacecba/invoke.js HTTP/1.1
Host: compoundpeeredfrankly.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 03 May 2023 16:33:35 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0c44b9ca19321b8e84d54a483c7a4c4a
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
compoundpeeredfrankly.com/15bc91630ec0963008ff48491aacecba/invoke.js
200 OK 9.8 kB URL GET HTTP/1.1 compoundpeeredfrankly.com/15bc91630ec0963008ff48491aacecba/invoke.js
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerLet's Encrypt
Subject*.compoundpeeredfrankly.com
FingerprintAF:C2:91:AC:E8:07:F7:39:5C:01:85:8B:44:11:7D:8D:03:1D:77:A9
ValidityTue, 28 Mar 2023 06:15:16 GMT - Mon, 26 Jun 2023 06:15:15 GMT
File type exported SGML document, ASCII text, with very long lines (26966), with no line terminators
Hash f1d8ce5b560c8a56681fe191d5dfafa8
64e8a88aa9874424bea27f8305d14a9bb74983e6
de2ed706748fb2b3401570a65f572fb62d09fcf4d2ca0d05ec09c40b62d25ce1
GET /15bc91630ec0963008ff48491aacecba/invoke.js HTTP/1.1
Host: compoundpeeredfrankly.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 03 May 2023 16:33:35 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 200a33d37d91afd2ef06c3eefb108347
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
handbaggather.com/35/d1/24/35d1247b354f56697190b0a1eaa02236.js
200 OK 29 kB URL GET HTTP/1.1 handbaggather.com/35/d1/24/35d1247b354f56697190b0a1eaa02236.js
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerLet's Encrypt
Subjecthandbaggather.com
FingerprintAA:C3:B2:B7:C4:DC:3B:FA:64:BF:B0:F3:38:ED:6B:B3:B1:27:20:81
ValidityFri, 28 Apr 2023 01:16:44 GMT - Thu, 27 Jul 2023 01:16:43 GMT
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash 863c7026892883b04c549f7b1c185a47
9464a7e2aba4d336b9160012b1ef0ad59eeb348c
b5cbbd72156044e4b5e58c14d76754021009552380296170b3934beefe2ad850
Analyzer Verdict Alert quad9 Sinkholed
GET /35/d1/24/35d1247b354f56697190b0a1eaa02236.js HTTP/1.1
Host: handbaggather.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 03 May 2023 16:33:35 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 43b3d3bfa3e22d95369df50523a26ad1
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
handbaggather.com/watch.925831884100.js?key=15bc91630ec0963008ff48491aacecba&kw=%5B%22live%22%2C%22news%22%2C%2224%22%2C%227%22%5D&refer=https%3A%2F%2Fwww.wedirectpass.com%2F&tz=0&dev=e&res=12.2079&uuid=36ba16f2-aca4-4be7-86c2-f85515b6ea8c%3A3%3A1
307 Temporary Redirect 0 B URL GET HTTP/1.1 handbaggather.com/watch.925831884100.js?key=15bc91630ec0963008ff48491aacecba&kw=%5B%22live%22%2C%22news%22%2C%2224%22%2C%227%22%5D&refer=https%3A%2F%2Fwww.wedirectpass.com%2F&tz=0&dev=e&res=12.2079&uuid=36ba16f2-aca4-4be7-86c2-f85515b6ea8c%3A3%3A1
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerLet's Encrypt
Subjecthandbaggather.com
FingerprintAA:C3:B2:B7:C4:DC:3B:FA:64:BF:B0:F3:38:ED:6B:B3:B1:27:20:81
ValidityFri, 28 Apr 2023 01:16:44 GMT - Thu, 27 Jul 2023 01:16:43 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.925831884100.js?key=15bc91630ec0963008ff48491aacecba&kw=%5B%22live%22%2C%22news%22%2C%2224%22%2C%227%22%5D&refer=https%3A%2F%2Fwww.wedirectpass.com%2F&tz=0&dev=e&res=12.2079&uuid=36ba16f2-aca4-4be7-86c2-f85515b6ea8c%3A3%3A1 HTTP/1.1
Host: handbaggather.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.wedirectpass.com
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Wed, 03 May 2023 16:33:35 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://www.wedirectpass.com
Access-Control-Allow-Origin: https://www.wedirectpass.com
Access-Control-Allow-Credentials: true
Location: https://handbaggather.com/watch.925831884100.js?key=15bc91630ec0963008ff48491aacecba&kw=%5B%22live%22%2C%22news%22%2C%2224%22%2C%227%22%5D&refer=https%3A%2F%2Fwww.wedirectpass.com%2F&tz=0&dev=e&res=12.2079&uuid=36ba16f2-aca4-4be7-86c2-f85515b6ea8c%3A3%3A1&shu=d9005bffa926a22e2abcfe30496159f2faf8b32c7b8b9effb01c2e328cbb911cd57c74b295485f222f5f1d4d0e1897f67707432cab3908bfa33b870f72d4b9ee3c6d01c0ce9d5dd0041bd4e10ef806e880597023831e8db23d71d942141697&pst=1683131675&rmtc=t
Set-Cookie: u_pl=16607872; expires=Thu, 04 May 2023 16:33:35 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjYwNzg3MiwiayI6IjE1YmM5MTYzMGVjMDk2MzAwOGZmNDg0OTFhYWNlY2JhIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNjYzODIzLCJwaWQiOjI3NDUxMSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxLCJhaWQiOjIzLCJwdCI6NCwicGsiOiJlc3hxeXRkeWgiLCJjcGtzIjp7ICIyOCI6IjM1ZDEyNDdiMzU0ZjU2Njk3MTkwYjBhMWVhYTAyMjM2In0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoxNzkwODg5NDgsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTI0Mzg2LCJibiI6IkZpcmVmb3giLCJidiI6IjExMS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vd3d3LndlZGlyZWN0cGFzcy5jb20vIn19.wzEwUido1LLxb-ZBSBZbkHNMTWnY15uQ0NbLLfxSbqs; expires=Wed, 03 May 2023 16:34:35 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4d138fff6532b33f80065420528221b3
Strict-Transport-Security: max-age=0; includeSubdomains
compoundpeeredfrankly.com/15bc91630ec0963008ff48491aacecba/invoke.js
200 OK 9.8 kB URL GET HTTP/1.1 compoundpeeredfrankly.com/15bc91630ec0963008ff48491aacecba/invoke.js
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerLet's Encrypt
Subject*.compoundpeeredfrankly.com
FingerprintAF:C2:91:AC:E8:07:F7:39:5C:01:85:8B:44:11:7D:8D:03:1D:77:A9
ValidityTue, 28 Mar 2023 06:15:16 GMT - Mon, 26 Jun 2023 06:15:15 GMT
File type exported SGML document, ASCII text, with very long lines (26996), with no line terminators
Hash 46ef660862e6c8d074f713afeaed7141
91e5de06a11e4661c16d45916e0609cb59869930
d5be751290d7dac0d7cda99432541f8b15721db453b34aa143469ae366e3c330
GET /15bc91630ec0963008ff48491aacecba/invoke.js HTTP/1.1
Host: compoundpeeredfrankly.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 03 May 2023 16:33:35 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 755e32fdd7a5c59523cddd1082b33c88
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
princesinistervirus.com/35/d1/24/35d1247b354f56697190b0a1eaa02236.js
200 OK 29 kB URL GET HTTP/1.1 princesinistervirus.com/35/d1/24/35d1247b354f56697190b0a1eaa02236.js
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://www.wedirectpass.com/
Certificate IssuerLet's Encrypt
Subjectprincesinistervirus.com
Fingerprint3F:32:44:B2:F0:11:1E:65:F0:CE:5F:D8:67:23:DD:C4:40:8E:9D:CB
ValidityThu, 27 Apr 2023 02:00:35 GMT - Wed, 26 Jul 2023 02:00:34 GMT
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash c8bca6f7c808596391095836b2bb3a51
d7a2783c33af8598a662238983a32e329a097692
6c026be436a0cf3a16d98475b458a089a39d1f4627fd28b641c6aad961b38777
Analyzer Verdict Alert quad9 Sinkholed
GET /35/d1/24/35d1247b354f56697190b0a1eaa02236.js HTTP/1.1
Host: princesinistervirus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 03 May 2023 16:33:35 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 637dd12eb76189b1e92ffb41b0001657
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ryepublisher.com/ntv.json?key=57bf8254239baa87e722d8273fea8a6c&vstc=4
200 OK 17 kB URL GET HTTP/1.1 ryepublisher.com/ntv.json?key=57bf8254239baa87e722d8273fea8a6c&vstc=4
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://www.wedirectpass.com/
Certificate IssuerLet's Encrypt
Subjectryepublisher.com
Fingerprint44:89:F7:BE:9D:B5:64:34:EC:82:1B:65:8A:E0:06:09:57:BA:28:51
ValiditySun, 16 Apr 2023 07:12:11 GMT - Sat, 15 Jul 2023 07:12:10 GMT
File type JSON data\012- , ASCII text, with very long lines (17097), with no line terminators
Hash dfa7197952155b7421d85bc18c8a214a
d358c8b1771d8d674f687d0b90231602e26f3cf0
29891a4bbd3e0458b4db8b16f37f93d801d1fa9d1543e4c0332e25bdf41f01aa
GET /ntv.json?key=57bf8254239baa87e722d8273fea8a6c&vstc=4 HTTP/1.1
Host: ryepublisher.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.wedirectpass.com
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 03 May 2023 16:33:35 GMT
Content-Type: application/json
Content-Length: 17097
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://www.wedirectpass.com
Access-Control-Allow-Origin: https://www.wedirectpass.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=18728464; expires=Thu, 04 May 2023 16:33:35 GMT; secure; SameSite=None
pdhtkv=true; expires=Thu, 04 May 2023 16:33:35 GMT; secure; SameSite=None
uncs=1; expires=Thu, 04 May 2023 16:33:35 GMT; secure; SameSite=None
pdhtkv49=true; expires=Thu, 04 May 2023 16:33:35 GMT; secure; SameSite=None
uncs49=1; expires=Thu, 04 May 2023 16:33:35 GMT; secure; SameSite=None
nlec57bf8254239baa87e722d8273fea8a6c=[2229213,2229214,2229215]; expires=Wed, 03 May 2023 16:33:40 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d63664d4e192ce32c8e9aa5a56d55c78
Strict-Transport-Security: max-age=0; includeSubdomains
princesinistervirus.com/watch.948006104742.js?key=15bc91630ec0963008ff48491aacecba&kw=%5B%22live%22%2C%22news%22%2C%2224%22%2C%227%22%5D&refer=https%3A%2F%2Fwww.wedirectpass.com%2F&tz=0&dev=e&res=12.2079&uuid=2a66c861-860f-4872-9e1d-c24f5869c10c%3A3%3A1
307 Temporary Redirect 0 B URL GET HTTP/1.1 princesinistervirus.com/watch.948006104742.js?key=15bc91630ec0963008ff48491aacecba&kw=%5B%22live%22%2C%22news%22%2C%2224%22%2C%227%22%5D&refer=https%3A%2F%2Fwww.wedirectpass.com%2F&tz=0&dev=e&res=12.2079&uuid=2a66c861-860f-4872-9e1d-c24f5869c10c%3A3%3A1
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://www.wedirectpass.com/
Certificate IssuerLet's Encrypt
Subjectprincesinistervirus.com
Fingerprint3F:32:44:B2:F0:11:1E:65:F0:CE:5F:D8:67:23:DD:C4:40:8E:9D:CB
ValidityThu, 27 Apr 2023 02:00:35 GMT - Wed, 26 Jul 2023 02:00:34 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.948006104742.js?key=15bc91630ec0963008ff48491aacecba&kw=%5B%22live%22%2C%22news%22%2C%2224%22%2C%227%22%5D&refer=https%3A%2F%2Fwww.wedirectpass.com%2F&tz=0&dev=e&res=12.2079&uuid=2a66c861-860f-4872-9e1d-c24f5869c10c%3A3%3A1 HTTP/1.1
Host: princesinistervirus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.wedirectpass.com
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Wed, 03 May 2023 16:33:35 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://www.wedirectpass.com
Access-Control-Allow-Origin: https://www.wedirectpass.com
Access-Control-Allow-Credentials: true
Location: https://princesinistervirus.com/watch.948006104742.js?key=15bc91630ec0963008ff48491aacecba&kw=%5B%22live%22%2C%22news%22%2C%2224%22%2C%227%22%5D&refer=https%3A%2F%2Fwww.wedirectpass.com%2F&tz=0&dev=e&res=12.2079&uuid=2a66c861-860f-4872-9e1d-c24f5869c10c%3A3%3A1&shu=46ecd916fde746b296ac504fda7396075cca0248a8138db817e86054125f418c21a171822142c6d512b5a926df1f795e8bfa0018a9266bedca69ffd60a5625e76124a5b40a3842f7576c9511c7caa162e9da2213&pst=1683131675&rmtc=t
Set-Cookie: u_pl=16607872; expires=Thu, 04 May 2023 16:33:35 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjYwNzg3MiwiayI6IjE1YmM5MTYzMGVjMDk2MzAwOGZmNDg0OTFhYWNlY2JhIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNjYzODIzLCJwaWQiOjI3NDUxMSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxLCJhaWQiOjIzLCJwdCI6NCwicGsiOiJlc3hxeXRkeWgiLCJjcGtzIjp7ICIyOCI6IjM1ZDEyNDdiMzU0ZjU2Njk3MTkwYjBhMWVhYTAyMjM2In0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoxNzkwODg5NDgsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTI0Mzg2LCJibiI6IkZpcmVmb3giLCJidiI6IjExMS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vd3d3LndlZGlyZWN0cGFzcy5jb20vIn19.wzEwUido1LLxb-ZBSBZbkHNMTWnY15uQ0NbLLfxSbqs; expires=Wed, 03 May 2023 16:34:35 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: fa36970d67f34db0c8304fd9aa814709
Strict-Transport-Security: max-age=0; includeSubdomains
eyebrowsneardual.com/watch.87684788803.js?key=15bc91630ec0963008ff48491aacecba&kw=%5B%22live%22%2C%22news%22%2C%2224%22%2C%227%22%5D&refer=https%3A%2F%2Fwww.wedirectpass.com%2F&tz=0&dev=e&res=12.2079&uuid=2a66c861-860f-4872-9e1d-c24f5869c10c%3A3%3A1
307 Temporary Redirect 0 B URL GET HTTP/1.1 eyebrowsneardual.com/watch.87684788803.js?key=15bc91630ec0963008ff48491aacecba&kw=%5B%22live%22%2C%22news%22%2C%2224%22%2C%227%22%5D&refer=https%3A%2F%2Fwww.wedirectpass.com%2F&tz=0&dev=e&res=12.2079&uuid=2a66c861-860f-4872-9e1d-c24f5869c10c%3A3%3A1
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerLet's Encrypt
Subjecteyebrowsneardual.com
Fingerprint2C:8B:17:85:35:44:9E:22:29:58:89:0A:71:07:83:E7:9C:70:F3:3B
ValidityFri, 28 Apr 2023 01:15:11 GMT - Thu, 27 Jul 2023 01:15:10 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.87684788803.js?key=15bc91630ec0963008ff48491aacecba&kw=%5B%22live%22%2C%22news%22%2C%2224%22%2C%227%22%5D&refer=https%3A%2F%2Fwww.wedirectpass.com%2F&tz=0&dev=e&res=12.2079&uuid=2a66c861-860f-4872-9e1d-c24f5869c10c%3A3%3A1 HTTP/1.1
Host: eyebrowsneardual.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.wedirectpass.com
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Wed, 03 May 2023 16:33:35 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://www.wedirectpass.com
Access-Control-Allow-Origin: https://www.wedirectpass.com
Access-Control-Allow-Credentials: true
Location: https://eyebrowsneardual.com/watch.87684788803.js?key=15bc91630ec0963008ff48491aacecba&kw=%5B%22live%22%2C%22news%22%2C%2224%22%2C%227%22%5D&refer=https%3A%2F%2Fwww.wedirectpass.com%2F&tz=0&dev=e&res=12.2079&uuid=2a66c861-860f-4872-9e1d-c24f5869c10c%3A3%3A1&shu=8280b70ad04e4f009e5cec108b10c4c1740915a3e8a3cb4e348c1776369fd05d489b78c23d2bd91a3faeacb943c0dc3a162219c6d363dd584040694e8baa89d56c120d152bdcfe84b98a63d4862f8cba7e41ff3545baf9144503a9c12c2c77&pst=1683131675&rmtc=t
Set-Cookie: u_pl=16607872; expires=Thu, 04 May 2023 16:33:35 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjYwNzg3MiwiayI6IjE1YmM5MTYzMGVjMDk2MzAwOGZmNDg0OTFhYWNlY2JhIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNjYzODIzLCJwaWQiOjI3NDUxMSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxLCJhaWQiOjIzLCJwdCI6NCwicGsiOiJlc3hxeXRkeWgiLCJjcGtzIjp7ICIyOCI6IjM1ZDEyNDdiMzU0ZjU2Njk3MTkwYjBhMWVhYTAyMjM2In0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoxNzkwODg5NDgsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTI0Mzg2LCJibiI6IkZpcmVmb3giLCJidiI6IjExMS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vd3d3LndlZGlyZWN0cGFzcy5jb20vIn19.wzEwUido1LLxb-ZBSBZbkHNMTWnY15uQ0NbLLfxSbqs; expires=Wed, 03 May 2023 16:34:35 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e6bf41d759f1bfe63a8c663ac1999171
Strict-Transport-Security: max-age=0; includeSubdomains
eyebrowsneardual.com/35/d1/24/35d1247b354f56697190b0a1eaa02236.js
200 OK 29 kB URL GET HTTP/1.1 eyebrowsneardual.com/35/d1/24/35d1247b354f56697190b0a1eaa02236.js
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerLet's Encrypt
Subjecteyebrowsneardual.com
Fingerprint2C:8B:17:85:35:44:9E:22:29:58:89:0A:71:07:83:E7:9C:70:F3:3B
ValidityFri, 28 Apr 2023 01:15:11 GMT - Thu, 27 Jul 2023 01:15:10 GMT
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash dec5140b0d57b504df81c718effd1dba
198ad44ae534853644cdf279f63e628e0f6b9097
ff42d400443a9e44d4fc952954db166ed1ef5beacd2931cb4a515ad2f32ec478
Analyzer Verdict Alert quad9 Sinkholed
GET /35/d1/24/35d1247b354f56697190b0a1eaa02236.js HTTP/1.1
Host: eyebrowsneardual.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 03 May 2023 16:33:35 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 09aaf7363c79f131e6e72c6e138e9699
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
handbaggather.com/watch.925831884100.js?key=15bc91630ec0963008ff48491aacecba&kw=%5B%22live%22%2C%22news%22%2C%2224%22%2C%227%22%5D&refer=https%3A%2F%2Fwww.wedirectpass.com%2F&tz=0&dev=e&res=12.2079&uuid=36ba16f2-aca4-4be7-86c2-f85515b6ea8c%3A3%3A1&shu=d9005bffa926a22e2abcfe30496159f2faf8b32c7b8b9effb01c2e328cbb911cd57c74b295485f222f5f1d4d0e1897f67707432cab3908bfa33b870f72d4b9ee3c6d01c0ce9d5dd0041bd4e10ef806e880597023831e8db23d71d942141697&pst=1683131675&rmtc=t
200 OK 2.0 kB URL GET HTTP/1.1 handbaggather.com/watch.925831884100.js?key=15bc91630ec0963008ff48491aacecba&kw=%5B%22live%22%2C%22news%22%2C%2224%22%2C%227%22%5D&refer=https%3A%2F%2Fwww.wedirectpass.com%2F&tz=0&dev=e&res=12.2079&uuid=36ba16f2-aca4-4be7-86c2-f85515b6ea8c%3A3%3A1&shu=d9005bffa926a22e2abcfe30496159f2faf8b32c7b8b9effb01c2e328cbb911cd57c74b295485f222f5f1d4d0e1897f67707432cab3908bfa33b870f72d4b9ee3c6d01c0ce9d5dd0041bd4e10ef806e880597023831e8db23d71d942141697&pst=1683131675&rmtc=t
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerLet's Encrypt
Subjecthandbaggather.com
FingerprintAA:C3:B2:B7:C4:DC:3B:FA:64:BF:B0:F3:38:ED:6B:B3:B1:27:20:81
ValidityFri, 28 Apr 2023 01:16:44 GMT - Thu, 27 Jul 2023 01:16:43 GMT
File type HTML document, ASCII text, with very long lines (2435)
Hash 42ef36eee1f4da91c1285e75bfff2c98
43ed938807bff7a78a01ba75cdbe8328e201c973
2718c4acda3830ace1656085d6e93f5afcf5a1f00bc1c09820df825edfaca378
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.925831884100.js?key=15bc91630ec0963008ff48491aacecba&kw=%5B%22live%22%2C%22news%22%2C%2224%22%2C%227%22%5D&refer=https%3A%2F%2Fwww.wedirectpass.com%2F&tz=0&dev=e&res=12.2079&uuid=36ba16f2-aca4-4be7-86c2-f85515b6ea8c%3A3%3A1&shu=d9005bffa926a22e2abcfe30496159f2faf8b32c7b8b9effb01c2e328cbb911cd57c74b295485f222f5f1d4d0e1897f67707432cab3908bfa33b870f72d4b9ee3c6d01c0ce9d5dd0041bd4e10ef806e880597023831e8db23d71d942141697&pst=1683131675&rmtc=t HTTP/1.1
Host: handbaggather.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.wedirectpass.com
Referer: https://www.wedirectpass.com/
Connection: keep-alive
Cookie: u_pl=16607872; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjYwNzg3MiwiayI6IjE1YmM5MTYzMGVjMDk2MzAwOGZmNDg0OTFhYWNlY2JhIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNjYzODIzLCJwaWQiOjI3NDUxMSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxLCJhaWQiOjIzLCJwdCI6NCwicGsiOiJlc3hxeXRkeWgiLCJjcGtzIjp7ICIyOCI6IjM1ZDEyNDdiMzU0ZjU2Njk3MTkwYjBhMWVhYTAyMjM2In0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoxNzkwODg5NDgsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTI0Mzg2LCJibiI6IkZpcmVmb3giLCJidiI6IjExMS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vd3d3LndlZGlyZWN0cGFzcy5jb20vIn19.wzEwUido1LLxb-ZBSBZbkHNMTWnY15uQ0NbLLfxSbqs
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 03 May 2023 16:33:36 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://www.wedirectpass.com
Access-Control-Allow-Origin: https://www.wedirectpass.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=36ba16f2-aca4-4be7-86c2-f85515b6ea8c:3:1; expires=Wed, 10 May 2023 16:33:36 GMT; secure; SameSite=None
pdhtkv=true; expires=Thu, 04 May 2023 16:33:36 GMT; secure; SameSite=None
uncs=1; expires=Thu, 04 May 2023 16:33:36 GMT; secure; SameSite=None
pdhtkv23=true; expires=Thu, 04 May 2023 16:33:36 GMT; secure; SameSite=None
uncs23=1; expires=Thu, 04 May 2023 16:33:36 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ae9a33c0292316ac4810fa97741e6eb1
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
compoundpeeredfrankly.com/15bc91630ec0963008ff48491aacecba/invoke.js
200 OK 9.8 kB URL GET HTTP/1.1 compoundpeeredfrankly.com/15bc91630ec0963008ff48491aacecba/invoke.js
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerLet's Encrypt
Subject*.compoundpeeredfrankly.com
FingerprintAF:C2:91:AC:E8:07:F7:39:5C:01:85:8B:44:11:7D:8D:03:1D:77:A9
ValidityTue, 28 Mar 2023 06:15:16 GMT - Mon, 26 Jun 2023 06:15:15 GMT
File type exported SGML document, ASCII text, with very long lines (26976), with no line terminators
Hash 973d36e747e636ccdf8754c5e39f1206
a465ba5638b10c59dd126c50dc8148dd71c0654f
4b1e50f80c72a4a59f4fe5346c534bac80aa74cb7df7cec42c4372cf9cb8e25d
GET /15bc91630ec0963008ff48491aacecba/invoke.js HTTP/1.1
Host: compoundpeeredfrankly.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 03 May 2023 16:33:36 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c0af3dff3dcdfa855aec8b6a99e4927c
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
princesinistervirus.com/watch.948006104742.js?key=15bc91630ec0963008ff48491aacecba&kw=%5B%22live%22%2C%22news%22%2C%2224%22%2C%227%22%5D&refer=https%3A%2F%2Fwww.wedirectpass.com%2F&tz=0&dev=e&res=12.2079&uuid=2a66c861-860f-4872-9e1d-c24f5869c10c%3A3%3A1&shu=46ecd916fde746b296ac504fda7396075cca0248a8138db817e86054125f418c21a171822142c6d512b5a926df1f795e8bfa0018a9266bedca69ffd60a5625e76124a5b40a3842f7576c9511c7caa162e9da2213&pst=1683131675&rmtc=t
200 OK 2.0 kB URL GET HTTP/1.1 princesinistervirus.com/watch.948006104742.js?key=15bc91630ec0963008ff48491aacecba&kw=%5B%22live%22%2C%22news%22%2C%2224%22%2C%227%22%5D&refer=https%3A%2F%2Fwww.wedirectpass.com%2F&tz=0&dev=e&res=12.2079&uuid=2a66c861-860f-4872-9e1d-c24f5869c10c%3A3%3A1&shu=46ecd916fde746b296ac504fda7396075cca0248a8138db817e86054125f418c21a171822142c6d512b5a926df1f795e8bfa0018a9266bedca69ffd60a5625e76124a5b40a3842f7576c9511c7caa162e9da2213&pst=1683131675&rmtc=t
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://www.wedirectpass.com/
Certificate IssuerLet's Encrypt
Subjectprincesinistervirus.com
Fingerprint3F:32:44:B2:F0:11:1E:65:F0:CE:5F:D8:67:23:DD:C4:40:8E:9D:CB
ValidityThu, 27 Apr 2023 02:00:35 GMT - Wed, 26 Jul 2023 02:00:34 GMT
File type HTML document, ASCII text, with very long lines (2463)
Hash be62d9d6213d175e4d3c7e70d21d0790
e9219eb1837fd9e0c3aff52d7601e86f67e73668
4783431851b26395eddc584e7ebdb9350f9a0c465d9a91427567390363b72c77
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.948006104742.js?key=15bc91630ec0963008ff48491aacecba&kw=%5B%22live%22%2C%22news%22%2C%2224%22%2C%227%22%5D&refer=https%3A%2F%2Fwww.wedirectpass.com%2F&tz=0&dev=e&res=12.2079&uuid=2a66c861-860f-4872-9e1d-c24f5869c10c%3A3%3A1&shu=46ecd916fde746b296ac504fda7396075cca0248a8138db817e86054125f418c21a171822142c6d512b5a926df1f795e8bfa0018a9266bedca69ffd60a5625e76124a5b40a3842f7576c9511c7caa162e9da2213&pst=1683131675&rmtc=t HTTP/1.1
Host: princesinistervirus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.wedirectpass.com
Referer: https://www.wedirectpass.com/
Connection: keep-alive
Cookie: u_pl=16607872; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjYwNzg3MiwiayI6IjE1YmM5MTYzMGVjMDk2MzAwOGZmNDg0OTFhYWNlY2JhIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNjYzODIzLCJwaWQiOjI3NDUxMSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxLCJhaWQiOjIzLCJwdCI6NCwicGsiOiJlc3hxeXRkeWgiLCJjcGtzIjp7ICIyOCI6IjM1ZDEyNDdiMzU0ZjU2Njk3MTkwYjBhMWVhYTAyMjM2In0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoxNzkwODg5NDgsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTI0Mzg2LCJibiI6IkZpcmVmb3giLCJidiI6IjExMS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vd3d3LndlZGlyZWN0cGFzcy5jb20vIn19.wzEwUido1LLxb-ZBSBZbkHNMTWnY15uQ0NbLLfxSbqs
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 03 May 2023 16:33:36 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://www.wedirectpass.com
Access-Control-Allow-Origin: https://www.wedirectpass.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=2a66c861-860f-4872-9e1d-c24f5869c10c:3:1; expires=Wed, 10 May 2023 16:33:36 GMT; secure; SameSite=None
pdhtkv=true; expires=Thu, 04 May 2023 16:33:36 GMT; secure; SameSite=None
uncs=1; expires=Thu, 04 May 2023 16:33:36 GMT; secure; SameSite=None
pdhtkv23=true; expires=Thu, 04 May 2023 16:33:36 GMT; secure; SameSite=None
uncs23=1; expires=Thu, 04 May 2023 16:33:36 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: aac184173a01ada9a0d996054d365462
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ryepublisher.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSQYgcRReuTubwk%2F8Sg5eAwuBBFGS2u6dnZ8YcgmtcWVwzcRPRm1RXVc%2BWW93VVHVPz%2B5pNSg5eBjBi556v9nNYlyCnsUgsxKQRWHntodsQPDgWQgepSeLow%2Bq3vfqfYfve68%2B3clPiYucniy%2FrbekUnSh1XDrL73veVfqqzLJh%2FVhZ%2FGDxeBK3Qxe9dxuw325%2FqZgG3rBdz3X9VyvviyNiPRwwfO8hguZHnS9RtdtBH7DawUYmv%2FWNndgqQM%2BOCWXIPn0wsH9AJJNkMTfXhN2I9PpK2%2FEuaKZNhjw%2FXeTjUQXCeI5jIyDKNk%2FY0Pb4%2BUH0MneTDD04B9iKKfE%2Bf03hMn%2BmUqEg72nQkMFkSDk%2F0cxmECoCSSdgOnbkPyYAIzjeg9JfPe6NgXdfNqlVXdKak%2F%2BhCympPboWSTx%2FSUlh%2FWbWuWZ1InFMCohhxPI%2FgRpfohs6xxkcQiWfQzJfyULT1aRxLs9qzQkL2fmpZxARhMoMQK1DvLqSAd55CBPHcT8pN5mQafDOy1OBWN%2BGHmdKIiCLmVuxNxm10fOKnkjZOkITI3AzDZSs40N%2Bflx6xJM%2FiPsegnLHdhsSpx3tjHgJQpBUFiCghIUkqDICIpBuceV9W15lyubh95Z9s9ysxzrrL9D93TWFwnZSU%2FJM9VonOcfXsSGOKm32mHU8VuB3%2ByGlHbaou37vOO3m5GgHbrIYGUJac%2FN3G7JKbnMekjllNTcHkJ6CKsOwaQDmnugxbjtu6Dr46DjYiv5PqaJpCzWAyk8v9kIle7bVGcNpmNwXSLNasg2nR11Si7PNvbC%2BUcQ7OjqvecO%2Fue9%2BAeYKZGaEh%2FKnwj66s54TRdkd00XlnzXSzMZyy1abfNmRjNx%2Ft5bYrPQhq9cs6OvX2NVo4IHt4TNVmnCZdK35Jslybkwy9owQX5Yse%2BJ8EZu15dyk%2BTp6o3Xl1fi1AhrpU4moPK49xdY5fejB7N%2FevGXTyDNBCYvEedH5Cwg9SFYug2bztVbTWDUnBOmDoq8HBs%2FnD8qSaDEvKZhCfuvOpzjHXsHfVMDzW4jiUsMTImBKkHVCDa%2FMM5Sc3T15y%2Br%2BAqhqo1DZWq7oTLqi9lop%2BTqrYcVOq2ux7DypC7aYrHbDdygzV03DLjvey3BaDOgXer7URuZnfK1zx7%2FDQAA%2F%2F8BAAD%2F%2F9xF1ICDBAAA
200 OK 7 B URL GET HTTP/1.1 ryepublisher.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSQYgcRReuTubwk%2F8Sg5eAwuBBFGS2u6dnZ8YcgmtcWVwzcRPRm1RXVc%2BWW93VVHVPz%2B5pNSg5eBjBi556v9nNYlyCnsUgsxKQRWHntodsQPDgWQgepSeLow%2Bq3vfqfYfve68%2B3clPiYucniy%2FrbekUnSh1XDrL73veVfqqzLJh%2FVhZ%2FGDxeBK3Qxe9dxuw325%2FqZgG3rBdz3X9VyvviyNiPRwwfO8hguZHnS9RtdtBH7DawUYmv%2FWNndgqQM%2BOCWXIPn0wsH9AJJNkMTfXhN2I9PpK2%2FEuaKZNhjw%2FXeTjUQXCeI5jIyDKNk%2FY0Pb4%2BUH0MneTDD04B9iKKfE%2Bf03hMn%2BmUqEg72nQkMFkSDk%2F0cxmECoCSSdgOnbkPyYAIzjeg9JfPe6NgXdfNqlVXdKak%2F%2BhCympPboWSTx%2FSUlh%2FWbWuWZ1InFMCohhxPI%2FgRpfohs6xxkcQiWfQzJfyULT1aRxLs9qzQkL2fmpZxARhMoMQK1DvLqSAd55CBPHcT8pN5mQafDOy1OBWN%2BGHmdKIiCLmVuxNxm10fOKnkjZOkITI3AzDZSs40N%2Bflx6xJM%2FiPsegnLHdhsSpx3tjHgJQpBUFiCghIUkqDICIpBuceV9W15lyubh95Z9s9ysxzrrL9D93TWFwnZSU%2FJM9VonOcfXsSGOKm32mHU8VuB3%2ByGlHbaou37vOO3m5GgHbrIYGUJac%2FN3G7JKbnMekjllNTcHkJ6CKsOwaQDmnugxbjtu6Dr46DjYiv5PqaJpCzWAyk8v9kIle7bVGcNpmNwXSLNasg2nR11Si7PNvbC%2BUcQ7OjqvecO%2Fue9%2BAeYKZGaEh%2FKnwj66s54TRdkd00XlnzXSzMZyy1abfNmRjNx%2Ft5bYrPQhq9cs6OvX2NVo4IHt4TNVmnCZdK35Jslybkwy9owQX5Yse%2BJ8EZu15dyk%2BTp6o3Xl1fi1AhrpU4moPK49xdY5fejB7N%2FevGXTyDNBCYvEedH5Cwg9SFYug2bztVbTWDUnBOmDoq8HBs%2FnD8qSaDEvKZhCfuvOpzjHXsHfVMDzW4jiUsMTImBKkHVCDa%2FMM5Sc3T15y%2Br%2BAqhqo1DZWq7oTLqi9lop%2BTqrYcVOq2ux7DypC7aYrHbDdygzV03DLjvey3BaDOgXer7URuZnfK1zx7%2FDQAA%2F%2F8BAAD%2F%2F9xF1ICDBAAA
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://www.wedirectpass.com/
Certificate IssuerLet's Encrypt
Subjectryepublisher.com
Fingerprint44:89:F7:BE:9D:B5:64:34:EC:82:1B:65:8A:E0:06:09:57:BA:28:51
ValiditySun, 16 Apr 2023 07:12:11 GMT - Sat, 15 Jul 2023 07:12:10 GMT
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSQYgcRReuTubwk%2F8Sg5eAwuBBFGS2u6dnZ8YcgmtcWVwzcRPRm1RXVc%2BWW93VVHVPz%2B5pNSg5eBjBi556v9nNYlyCnsUgsxKQRWHntodsQPDgWQgepSeLow%2Bq3vfqfYfve68%2B3clPiYucniy%2FrbekUnSh1XDrL73veVfqqzLJh%2FVhZ%2FGDxeBK3Qxe9dxuw325%2FqZgG3rBdz3X9VyvviyNiPRwwfO8hguZHnS9RtdtBH7DawUYmv%2FWNndgqQM%2BOCWXIPn0wsH9AJJNkMTfXhN2I9PpK2%2FEuaKZNhjw%2FXeTjUQXCeI5jIyDKNk%2FY0Pb4%2BUH0MneTDD04B9iKKfE%2Bf03hMn%2BmUqEg72nQkMFkSDk%2F0cxmECoCSSdgOnbkPyYAIzjeg9JfPe6NgXdfNqlVXdKak%2F%2BhCympPboWSTx%2FSUlh%2FWbWuWZ1InFMCohhxPI%2FgRpfohs6xxkcQiWfQzJfyULT1aRxLs9qzQkL2fmpZxARhMoMQK1DvLqSAd55CBPHcT8pN5mQafDOy1OBWN%2BGHmdKIiCLmVuxNxm10fOKnkjZOkITI3AzDZSs40N%2Bflx6xJM%2FiPsegnLHdhsSpx3tjHgJQpBUFiCghIUkqDICIpBuceV9W15lyubh95Z9s9ysxzrrL9D93TWFwnZSU%2FJM9VonOcfXsSGOKm32mHU8VuB3%2ByGlHbaou37vOO3m5GgHbrIYGUJac%2FN3G7JKbnMekjllNTcHkJ6CKsOwaQDmnugxbjtu6Dr46DjYiv5PqaJpCzWAyk8v9kIle7bVGcNpmNwXSLNasg2nR11Si7PNvbC%2BUcQ7OjqvecO%2Fue9%2BAeYKZGaEh%2FKnwj66s54TRdkd00XlnzXSzMZyy1abfNmRjNx%2Ft5bYrPQhq9cs6OvX2NVo4IHt4TNVmnCZdK35Jslybkwy9owQX5Yse%2BJ8EZu15dyk%2BTp6o3Xl1fi1AhrpU4moPK49xdY5fejB7N%2FevGXTyDNBCYvEedH5Cwg9SFYug2bztVbTWDUnBOmDoq8HBs%2FnD8qSaDEvKZhCfuvOpzjHXsHfVMDzW4jiUsMTImBKkHVCDa%2FMM5Sc3T15y%2Br%2BAqhqo1DZWq7oTLqi9lop%2BTqrYcVOq2ux7DypC7aYrHbDdygzV03DLjvey3BaDOgXer7URuZnfK1zx7%2FDQAA%2F%2F8BAAD%2F%2F9xF1ICDBAAA HTTP/1.1
Host: ryepublisher.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Cookie: u_pl=18728464; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 03 May 2023 16:33:36 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 6f3b60811788d5f37494934984a9d314
Strict-Transport-Security: max-age=0; includeSubdomains
eyebrowsneardual.com/watch.87684788803.js?key=15bc91630ec0963008ff48491aacecba&kw=%5B%22live%22%2C%22news%22%2C%2224%22%2C%227%22%5D&refer=https%3A%2F%2Fwww.wedirectpass.com%2F&tz=0&dev=e&res=12.2079&uuid=2a66c861-860f-4872-9e1d-c24f5869c10c%3A3%3A1&shu=8280b70ad04e4f009e5cec108b10c4c1740915a3e8a3cb4e348c1776369fd05d489b78c23d2bd91a3faeacb943c0dc3a162219c6d363dd584040694e8baa89d56c120d152bdcfe84b98a63d4862f8cba7e41ff3545baf9144503a9c12c2c77&pst=1683131675&rmtc=t
200 OK 2.0 kB URL GET HTTP/1.1 eyebrowsneardual.com/watch.87684788803.js?key=15bc91630ec0963008ff48491aacecba&kw=%5B%22live%22%2C%22news%22%2C%2224%22%2C%227%22%5D&refer=https%3A%2F%2Fwww.wedirectpass.com%2F&tz=0&dev=e&res=12.2079&uuid=2a66c861-860f-4872-9e1d-c24f5869c10c%3A3%3A1&shu=8280b70ad04e4f009e5cec108b10c4c1740915a3e8a3cb4e348c1776369fd05d489b78c23d2bd91a3faeacb943c0dc3a162219c6d363dd584040694e8baa89d56c120d152bdcfe84b98a63d4862f8cba7e41ff3545baf9144503a9c12c2c77&pst=1683131675&rmtc=t
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerLet's Encrypt
Subjecteyebrowsneardual.com
Fingerprint2C:8B:17:85:35:44:9E:22:29:58:89:0A:71:07:83:E7:9C:70:F3:3B
ValidityFri, 28 Apr 2023 01:15:11 GMT - Thu, 27 Jul 2023 01:15:10 GMT
File type HTML document, ASCII text, with very long lines (2466)
Hash 6df3a8a1da19f325d51424daf73007b1
c3b04dc264dc77333cfc2ecfc2097db9eb7f6fb7
8b0bb3d483e945170a117193ea8b08dbd2037ccb88c37137ecd09a88f15a5714
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.87684788803.js?key=15bc91630ec0963008ff48491aacecba&kw=%5B%22live%22%2C%22news%22%2C%2224%22%2C%227%22%5D&refer=https%3A%2F%2Fwww.wedirectpass.com%2F&tz=0&dev=e&res=12.2079&uuid=2a66c861-860f-4872-9e1d-c24f5869c10c%3A3%3A1&shu=8280b70ad04e4f009e5cec108b10c4c1740915a3e8a3cb4e348c1776369fd05d489b78c23d2bd91a3faeacb943c0dc3a162219c6d363dd584040694e8baa89d56c120d152bdcfe84b98a63d4862f8cba7e41ff3545baf9144503a9c12c2c77&pst=1683131675&rmtc=t HTTP/1.1
Host: eyebrowsneardual.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.wedirectpass.com
Referer: https://www.wedirectpass.com/
Connection: keep-alive
Cookie: u_pl=16607872; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjYwNzg3MiwiayI6IjE1YmM5MTYzMGVjMDk2MzAwOGZmNDg0OTFhYWNlY2JhIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNjYzODIzLCJwaWQiOjI3NDUxMSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxLCJhaWQiOjIzLCJwdCI6NCwicGsiOiJlc3hxeXRkeWgiLCJjcGtzIjp7ICIyOCI6IjM1ZDEyNDdiMzU0ZjU2Njk3MTkwYjBhMWVhYTAyMjM2In0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoxNzkwODg5NDgsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTI0Mzg2LCJibiI6IkZpcmVmb3giLCJidiI6IjExMS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vd3d3LndlZGlyZWN0cGFzcy5jb20vIn19.wzEwUido1LLxb-ZBSBZbkHNMTWnY15uQ0NbLLfxSbqs
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 03 May 2023 16:33:36 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://www.wedirectpass.com
Access-Control-Allow-Origin: https://www.wedirectpass.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=2a66c861-860f-4872-9e1d-c24f5869c10c:3:1; expires=Wed, 10 May 2023 16:33:36 GMT; secure; SameSite=None
pdhtkv=true; expires=Thu, 04 May 2023 16:33:36 GMT; secure; SameSite=None
uncs=1; expires=Thu, 04 May 2023 16:33:36 GMT; secure; SameSite=None
pdhtkv23=true; expires=Thu, 04 May 2023 16:33:36 GMT; secure; SameSite=None
uncs23=1; expires=Thu, 04 May 2023 16:33:36 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 68f9f73638cfc164dbd0f14381d4125f
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
fonts.gstatic.com/s/hanuman/v22/VuJxdNvD15HhpJJBSKHdOQ.woff2
200 OK 11 kB URL GET HTTP/2 fonts.gstatic.com/s/hanuman/v22/VuJxdNvD15HhpJJBSKHdOQ.woff2
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint34:5A:0A:3B:4F:02:F9:C6:C9:D7:3F:CA:9D:17:0D:40:27:05:05:0A
ValidityMon, 03 Apr 2023 08:24:23 GMT - Mon, 26 Jun 2023 08:24:22 GMT
File type Web Open Font Format (Version 2), TrueType, length 11348, version 1.0\012- data
Hash 1de46655d5388cc5c37ddea8e8fe379f
2dbc7f790283301b97fb4b68ab63523e3aad983e
c5f293e66ce9ecab378f73dad02db933adfe1a8b9f030be1618f38e99cc25c73
GET /s/hanuman/v22/VuJxdNvD15HhpJJBSKHdOQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.wedirectpass.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 11348
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 29 Apr 2023 01:02:35 GMT
expires: Sun, 28 Apr 2024 01:02:35 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 21 Apr 2022 16:40:41 GMT
content-type: font/woff2
age: 401461
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/varelaround/v20/w8gdH283Tvk__Lua32TysjIfp8uP.woff2
200 OK 22 kB URL GET HTTP/2 fonts.gstatic.com/s/varelaround/v20/w8gdH283Tvk__Lua32TysjIfp8uP.woff2
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint34:5A:0A:3B:4F:02:F9:C6:C9:D7:3F:CA:9D:17:0D:40:27:05:05:0A
ValidityMon, 03 Apr 2023 08:24:23 GMT - Mon, 26 Jun 2023 08:24:22 GMT
File type Web Open Font Format (Version 2), TrueType, length 21808, version 1.0\012- data
Hash bed0b6ef830a8fdca63db20160803630
c21459429e36d6cb01dc9d15569f52bb33da6acd
2044a0abfd7b116f6d091d6d9227a5720bd4848519cd38d274b2a3a9356969dd
GET /s/varelaround/v20/w8gdH283Tvk__Lua32TysjIfp8uP.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.wedirectpass.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 21808
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 29 Apr 2023 03:26:12 GMT
expires: Sun, 28 Apr 2024 03:26:12 GMT
cache-control: public, max-age=31536000
age: 392844
last-modified: Wed, 15 Feb 2023 23:41:52 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
princessallotgather.com/watch.1379341486799.js?key=15bc91630ec0963008ff48491aacecba&kw=%5B%22live%22%2C%22news%22%2C%2224%22%2C%227%22%5D&refer=https%3A%2F%2Fwww.wedirectpass.com%2F&tz=0&dev=e&res=12.2079&uuid=2a66c861-860f-4872-9e1d-c24f5869c10c%3A3%3A1
307 Temporary Redirect 0 B URL GET HTTP/1.1 princessallotgather.com/watch.1379341486799.js?key=15bc91630ec0963008ff48491aacecba&kw=%5B%22live%22%2C%22news%22%2C%2224%22%2C%227%22%5D&refer=https%3A%2F%2Fwww.wedirectpass.com%2F&tz=0&dev=e&res=12.2079&uuid=2a66c861-860f-4872-9e1d-c24f5869c10c%3A3%3A1
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://www.wedirectpass.com/
Certificate IssuerLet's Encrypt
Subjectprincessallotgather.com
FingerprintC7:B3:BA:6F:D1:89:40:D9:3F:05:86:EF:C6:7A:90:DF:CF:EB:61:D6
ValidityMon, 01 May 2023 19:23:07 GMT - Sun, 30 Jul 2023 19:23:06 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.1379341486799.js?key=15bc91630ec0963008ff48491aacecba&kw=%5B%22live%22%2C%22news%22%2C%2224%22%2C%227%22%5D&refer=https%3A%2F%2Fwww.wedirectpass.com%2F&tz=0&dev=e&res=12.2079&uuid=2a66c861-860f-4872-9e1d-c24f5869c10c%3A3%3A1 HTTP/1.1
Host: princessallotgather.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.wedirectpass.com
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Wed, 03 May 2023 16:33:36 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://www.wedirectpass.com
Access-Control-Allow-Origin: https://www.wedirectpass.com
Access-Control-Allow-Credentials: true
Location: https://princessallotgather.com/watch.1379341486799.js?key=15bc91630ec0963008ff48491aacecba&kw=%5B%22live%22%2C%22news%22%2C%2224%22%2C%227%22%5D&refer=https%3A%2F%2Fwww.wedirectpass.com%2F&tz=0&dev=e&res=12.2079&uuid=2a66c861-860f-4872-9e1d-c24f5869c10c%3A3%3A1&shu=90036b7eb6d8c04ba655935270d264bf84aeaffc96b1b18eeb9603125c76ee8b952c50abc9f4a34fcbcdb5c147bb365723b96933230314e246b2c18feb76462b40605480e32bba6e97e79c19bcfe86c3b4f28256&pst=1683131676&rmtc=t
Set-Cookie: u_pl=16607872; expires=Thu, 04 May 2023 16:33:36 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjYwNzg3MiwiayI6IjE1YmM5MTYzMGVjMDk2MzAwOGZmNDg0OTFhYWNlY2JhIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNjYzODIzLCJwaWQiOjI3NDUxMSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxLCJhaWQiOjIzLCJwdCI6NCwicGsiOiJlc3hxeXRkeWgiLCJjcGtzIjp7ICIyOCI6IjM1ZDEyNDdiMzU0ZjU2Njk3MTkwYjBhMWVhYTAyMjM2In0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoxNzkwODg5NDgsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTI0Mzg2LCJibiI6IkZpcmVmb3giLCJidiI6IjExMS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vd3d3LndlZGlyZWN0cGFzcy5jb20vIn19.wzEwUido1LLxb-ZBSBZbkHNMTWnY15uQ0NbLLfxSbqs; expires=Wed, 03 May 2023 16:34:36 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: af5452f7b9f920ac860151c329834686
Strict-Transport-Security: max-age=0; includeSubdomains
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.11.2/webfonts/fa-brands-400.woff2
200 OK 75 kB URL GET HTTP/3 cdnjs.cloudflare.com/ajax/libs/font-awesome/5.11.2/webfonts/fa-brands-400.woff2
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintA9:11:71:07:07:92:48:7E:A9:3C:E8:32:25:3F:EB:AC:7D:51:7E:8F
ValidityWed, 03 Aug 2022 00:00:00 GMT - Wed, 02 Aug 2023 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 75336, version 330.32636\012- data
Hash cccc9d29470e879e40eb70249d9a2705
5fe986cda635681b4b6bbd6111df2f26d7fca286
d3caf12591d194712facd10bca14f0a924edb59c24447a3fd994a48286db8843
GET /ajax/libs/font-awesome/5.11.2/webfonts/fa-brands-400.woff2 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.wedirectpass.com
Connection: keep-alive
Referer: https://cdnjs.cloudflare.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 16:33:36 GMT
content-type: application/octet-stream; charset=utf-8
content-length: 75336
access-control-allow-origin: *
cache-control: public, max-age=30672000
etag: "5eb03e60-12648"
last-modified: Mon, 04 May 2020 16:10:08 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 3527972
expires: Mon, 22 Apr 2024 16:33:36 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rSixGgN12%2Fzj5atM60iPHk0wBCyiASMbp%2Fh5tZQP5bGHUlGKRV2Ylx8xq2qr1rSKAAHLPac3LQ4Fg4nb%2BF4mAlTZXhXzceDeoFpGH7C4D6SU9qo482Y3lgXn68UXpJkNaAvsGnDX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7c19e819ef6ab4ff-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
ryepublisher.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSQYgcRReuTubwk%2F8Sg5eAwuBBFGS2u6dnZ8YcgmtcWVwzcRPRm1RXVc%2BWW93VVHVPz%2B5pNRBy8DCCFz31frObxbgEPYtBZiUgi8LObQ%2FZgODBsxA8Sk8WRx9UvffqfYfv%2B17d2clPiYucniy%2Fq7ekUnSh1XDrr3zoeVfqqzLJh%2FVhZ%2FGjxeBK3Qxe99xuw321%2FrZgG3rBdz3X9VyvviyNiPRwwfO8hguZHnS9RtdtBH7DawUYmv%2F2NndgqQM%2BOCWXIPn0wsGDAJJNkMTfXhN2I9Ppa2%2FFuaKZNhjw%2FfeTjUQXCeJ5GRkHUbJ%2Fhoa2x8sPoZO9GWHowT%2FAUE6J8%2FtvCJP9M5YIB3vPiIYKIkHI%2F49iMIFQE0g6AdO3IfkxARjH9R6S%2BN51bQq6%2BWxKq%2BmU1J7%2BCVlMSe3x80jiB0tKDus3tcozqROLYVRCDieQ%2FQnS%2FBDZ1jnI4hAs%2BxSS%2F0oWnq4iiXd7VmlIXs7ESzmBjCZQYgRqHeTVkQ7yyEGeOoj5Sb3Ngk6Hd1qcCsb8MPI6URAFXcrciLnNro%2BcVfRGyNIRmBqBmW2kZhsb8vPj1iWY%2FEfY9RKWO7DZlDjvbWPASxSCoLAEBSUoJEGRERSDco8r69vyHlc2D72z7J%2FlZjnWWX%2BH7umsLxKyk56S5yprnBcfXcSGOKm32mHU8VuB3%2ByGlHbaou37vOO3m5GgHbrIYGUJac%2FN1G7JKbnMekjllNTcHkJ6CKsOwaQDmnugxbjtu6Dr46DjYiv5PqaJpCzWAyk8v9kIle7bVGcNpmNwXSLNasg2nR11Si7PNvbS%2BVMIdnT1%2FgsH%2F%2FNe%2FgPMlEhNiY%2FlTwR9dXe8pguyu6YLS77rpZmM5Rattnkzo5k4f%2F8dsVlow1eu2dHXb7BqUJUHt4TNVmnCZdK35Jslybkwy9owQX5YsR%2BI8EZu15dyk%2BTp6o03l1fi1AhrpU4moPK49xdYpfeTh7N%2FevGXO5BmApOXiPMjchaQ%2BhAs3YZN5%2BytJjBqjgnT8yjycmz8cP6oJIES856GJey%2F%2BnBe79i76JsaaHYbSVxiYEoMVAmqRrD5hXGWmqOrP39ZxVcIVW0cKlPbDZVRX1TWPp6Sq7cezUyuriew8qQu2mKx2w3coM1dNwy473stwWgzoF3q%2B1EbmZ3ytc%2Be%2FA0AAP%2F%2FAQAA%2F%2F%2B4OgPwgwQAAA%3D%3D
200 OK 7 B URL GET HTTP/1.1 ryepublisher.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSQYgcRReuTubwk%2F8Sg5eAwuBBFGS2u6dnZ8YcgmtcWVwzcRPRm1RXVc%2BWW93VVHVPz%2B5pNRBy8DCCFz31frObxbgEPYtBZiUgi8LObQ%2FZgODBsxA8Sk8WRx9UvffqfYfv%2B17d2clPiYucniy%2Fq7ekUnSh1XDrr3zoeVfqqzLJh%2FVhZ%2FGjxeBK3Qxe99xuw321%2FrZgG3rBdz3X9VyvviyNiPRwwfO8hguZHnS9RtdtBH7DawUYmv%2F2NndgqQM%2BOCWXIPn0wsGDAJJNkMTfXhN2I9Ppa2%2FFuaKZNhjw%2FfeTjUQXCeJ5GRkHUbJ%2Fhoa2x8sPoZO9GWHowT%2FAUE6J8%2FtvCJP9M5YIB3vPiIYKIkHI%2F49iMIFQE0g6AdO3IfkxARjH9R6S%2BN51bQq6%2BWxKq%2BmU1J7%2BCVlMSe3x80jiB0tKDus3tcozqROLYVRCDieQ%2FQnS%2FBDZ1jnI4hAs%2BxSS%2F0oWnq4iiXd7VmlIXs7ESzmBjCZQYgRqHeTVkQ7yyEGeOoj5Sb3Ngk6Hd1qcCsb8MPI6URAFXcrciLnNro%2BcVfRGyNIRmBqBmW2kZhsb8vPj1iWY%2FEfY9RKWO7DZlDjvbWPASxSCoLAEBSUoJEGRERSDco8r69vyHlc2D72z7J%2FlZjnWWX%2BH7umsLxKyk56S5yprnBcfXcSGOKm32mHU8VuB3%2ByGlHbaou37vOO3m5GgHbrIYGUJac%2FN1G7JKbnMekjllNTcHkJ6CKsOwaQDmnugxbjtu6Dr46DjYiv5PqaJpCzWAyk8v9kIle7bVGcNpmNwXSLNasg2nR11Si7PNvbS%2BVMIdnT1%2FgsH%2F%2FNe%2FgPMlEhNiY%2FlTwR9dXe8pguyu6YLS77rpZmM5Rattnkzo5k4f%2F8dsVlow1eu2dHXb7BqUJUHt4TNVmnCZdK35Jslybkwy9owQX5YsR%2BI8EZu15dyk%2BTp6o03l1fi1AhrpU4moPK49xdYpfeTh7N%2FevGXO5BmApOXiPMjchaQ%2BhAs3YZN5%2BytJjBqjgnT8yjycmz8cP6oJIES856GJey%2F%2BnBe79i76JsaaHYbSVxiYEoMVAmqRrD5hXGWmqOrP39ZxVcIVW0cKlPbDZVRX1TWPp6Sq7cezUyuriew8qQu2mKx2w3coM1dNwy473stwWgzoF3q%2B1EbmZ3ytc%2Be%2FA0AAP%2F%2FAQAA%2F%2F%2B4OgPwgwQAAA%3D%3D
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://www.wedirectpass.com/
Certificate IssuerLet's Encrypt
Subjectryepublisher.com
Fingerprint44:89:F7:BE:9D:B5:64:34:EC:82:1B:65:8A:E0:06:09:57:BA:28:51
ValiditySun, 16 Apr 2023 07:12:11 GMT - Sat, 15 Jul 2023 07:12:10 GMT
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSQYgcRReuTubwk%2F8Sg5eAwuBBFGS2u6dnZ8YcgmtcWVwzcRPRm1RXVc%2BWW93VVHVPz%2B5pNRBy8DCCFz31frObxbgEPYtBZiUgi8LObQ%2FZgODBsxA8Sk8WRx9UvffqfYfv%2B17d2clPiYucniy%2Fq7ekUnSh1XDrr3zoeVfqqzLJh%2FVhZ%2FGjxeBK3Qxe99xuw321%2FrZgG3rBdz3X9VyvviyNiPRwwfO8hguZHnS9RtdtBH7DawUYmv%2F2NndgqQM%2BOCWXIPn0wsGDAJJNkMTfXhN2I9Ppa2%2FFuaKZNhjw%2FfeTjUQXCeJ5GRkHUbJ%2Fhoa2x8sPoZO9GWHowT%2FAUE6J8%2FtvCJP9M5YIB3vPiIYKIkHI%2F49iMIFQE0g6AdO3IfkxARjH9R6S%2BN51bQq6%2BWxKq%2BmU1J7%2BCVlMSe3x80jiB0tKDus3tcozqROLYVRCDieQ%2FQnS%2FBDZ1jnI4hAs%2BxSS%2F0oWnq4iiXd7VmlIXs7ESzmBjCZQYgRqHeTVkQ7yyEGeOoj5Sb3Ngk6Hd1qcCsb8MPI6URAFXcrciLnNro%2BcVfRGyNIRmBqBmW2kZhsb8vPj1iWY%2FEfY9RKWO7DZlDjvbWPASxSCoLAEBSUoJEGRERSDco8r69vyHlc2D72z7J%2FlZjnWWX%2BH7umsLxKyk56S5yprnBcfXcSGOKm32mHU8VuB3%2ByGlHbaou37vOO3m5GgHbrIYGUJac%2FN1G7JKbnMekjllNTcHkJ6CKsOwaQDmnugxbjtu6Dr46DjYiv5PqaJpCzWAyk8v9kIle7bVGcNpmNwXSLNasg2nR11Si7PNvbS%2BVMIdnT1%2FgsH%2F%2FNe%2FgPMlEhNiY%2FlTwR9dXe8pguyu6YLS77rpZmM5Rattnkzo5k4f%2F8dsVlow1eu2dHXb7BqUJUHt4TNVmnCZdK35Jslybkwy9owQX5YsR%2BI8EZu15dyk%2BTp6o03l1fi1AhrpU4moPK49xdYpfeTh7N%2FevGXO5BmApOXiPMjchaQ%2BhAs3YZN5%2BytJjBqjgnT8yjycmz8cP6oJIES856GJey%2F%2BnBe79i76JsaaHYbSVxiYEoMVAmqRrD5hXGWmqOrP39ZxVcIVW0cKlPbDZVRX1TWPp6Sq7cezUyuriew8qQu2mKx2w3coM1dNwy473stwWgzoF3q%2B1EbmZ3ytc%2Be%2FA0AAP%2F%2FAQAA%2F%2F%2B4OgPwgwQAAA%3D%3D HTTP/1.1
Host: ryepublisher.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Cookie: u_pl=18728464; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 03 May 2023 16:33:36 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: dbcfde50a18a3a4925719a0a1b15aeb4
Strict-Transport-Security: max-age=0; includeSubdomains
princessallotgather.com/35/d1/24/35d1247b354f56697190b0a1eaa02236.js
200 OK 29 kB URL GET HTTP/1.1 princessallotgather.com/35/d1/24/35d1247b354f56697190b0a1eaa02236.js
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://www.wedirectpass.com/
Certificate IssuerLet's Encrypt
Subjectprincessallotgather.com
FingerprintC7:B3:BA:6F:D1:89:40:D9:3F:05:86:EF:C6:7A:90:DF:CF:EB:61:D6
ValidityMon, 01 May 2023 19:23:07 GMT - Sun, 30 Jul 2023 19:23:06 GMT
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash 9cfc65f2a2668a90069184ef11716f0b
7b40b53b6832fe41b13487f1c199b4f61cf9f111
2bb9088449aa93f7d5e8eb90c475474eda44f677a44da40eb1562512ad2f59b6
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /35/d1/24/35d1247b354f56697190b0a1eaa02236.js HTTP/1.1
Host: princessallotgather.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 03 May 2023 16:33:36 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e4e3d26d88b96b6346619152adac01c1
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
varycares.com/watch.894893592636.js?key=15bc91630ec0963008ff48491aacecba&kw=%5B%22live%22%2C%22news%22%2C%2224%22%2C%227%22%5D&refer=https%3A%2F%2Fwww.wedirectpass.com%2F&tz=0&dev=e&res=12.2079&uuid=2a66c861-860f-4872-9e1d-c24f5869c10c%3A3%3A1
307 Temporary Redirect 0 B URL GET HTTP/1.1 varycares.com/watch.894893592636.js?key=15bc91630ec0963008ff48491aacecba&kw=%5B%22live%22%2C%22news%22%2C%2224%22%2C%227%22%5D&refer=https%3A%2F%2Fwww.wedirectpass.com%2F&tz=0&dev=e&res=12.2079&uuid=2a66c861-860f-4872-9e1d-c24f5869c10c%3A3%3A1
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerLet's Encrypt
Subjectvarycares.com
FingerprintD4:DA:6E:A7:73:68:5A:78:BD:2D:8F:1F:7B:50:F0:57:13:45:7A:B6
ValidityMon, 01 May 2023 19:24:05 GMT - Sun, 30 Jul 2023 19:24:04 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /watch.894893592636.js?key=15bc91630ec0963008ff48491aacecba&kw=%5B%22live%22%2C%22news%22%2C%2224%22%2C%227%22%5D&refer=https%3A%2F%2Fwww.wedirectpass.com%2F&tz=0&dev=e&res=12.2079&uuid=2a66c861-860f-4872-9e1d-c24f5869c10c%3A3%3A1 HTTP/1.1
Host: varycares.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.wedirectpass.com
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Wed, 03 May 2023 16:33:36 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://www.wedirectpass.com
Access-Control-Allow-Origin: https://www.wedirectpass.com
Access-Control-Allow-Credentials: true
Location: https://varycares.com/watch.894893592636.js?key=15bc91630ec0963008ff48491aacecba&kw=%5B%22live%22%2C%22news%22%2C%2224%22%2C%227%22%5D&refer=https%3A%2F%2Fwww.wedirectpass.com%2F&tz=0&dev=e&res=12.2079&uuid=2a66c861-860f-4872-9e1d-c24f5869c10c%3A3%3A1&shu=fa71c50166d6226a35608216e503f41dbc5fe691dc155b0b3a501afd7afc3ff717cb02f50a32bde9a0d8e400d87c89929cb27e75d1068f19a2a5b1210ef1b75775a12728dce39d46b20646767ca1022d36d207ee5ea0677f7e439cc5f9df&pst=1683131676&rmtc=t
Set-Cookie: u_pl=16607872; expires=Thu, 04 May 2023 16:33:36 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjYwNzg3MiwiayI6IjE1YmM5MTYzMGVjMDk2MzAwOGZmNDg0OTFhYWNlY2JhIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNjYzODIzLCJwaWQiOjI3NDUxMSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxLCJhaWQiOjIzLCJwdCI6NCwicGsiOiJlc3hxeXRkeWgiLCJjcGtzIjp7ICIyOCI6IjM1ZDEyNDdiMzU0ZjU2Njk3MTkwYjBhMWVhYTAyMjM2In0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoxNzkwODg5NDgsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTI0Mzg2LCJibiI6IkZpcmVmb3giLCJidiI6IjExMS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vd3d3LndlZGlyZWN0cGFzcy5jb20vIn19.wzEwUido1LLxb-ZBSBZbkHNMTWnY15uQ0NbLLfxSbqs; expires=Wed, 03 May 2023 16:34:36 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f765dcf56cc803a19e10b13466773f21
Strict-Transport-Security: max-age=0; includeSubdomains
cdn.cloudimagesb.com/cti/5d/60/ed/5d60edea793259cd719bfa3d19bcae3e/1628587069.jpg
200 OK 28 kB URL GET HTTP/2 cdn.cloudimagesb.com/cti/5d/60/ed/5d60edea793259cd719bfa3d19bcae3e/1628587069.jpg
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://www.wedirectpass.com/
Certificate IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
Fingerprint6F:9C:41:9B:BA:6A:17:A2:42:F8:28:FF:ED:09:F8:26:12:F1:4C:7B
ValidityThu, 30 Mar 2023 06:08:09 GMT - Wed, 28 Jun 2023 06:08:08 GMT
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 321x240, components 3\012- data
Hash f4fabf64be47ce667e0cfc150667b36c
234d722efa06cbedfdad9c1bb497a942997741dd
272b7875492a55c6f53a4e4704e715cc5b3cc4e5093758cbfedd95441bfe98d8
GET /cti/5d/60/ed/5d60edea793259cd719bfa3d19bcae3e/1628587069.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 03 May 2023 16:33:36 GMT
content-type: image/jpeg
content-length: 27606
server: nginx/1.17.6
last-modified: Tue, 10 Aug 2021 09:17:59 GMT
etag: "61124447-6bd6"
expires: Fri, 05 May 2023 16:33:36 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.cloudimagesb.com/cti/29/eb/08/29eb08c32bad57ff8c8e14af3a16e9c1/1628586955.jpg
200 OK 23 kB URL GET HTTP/2 cdn.cloudimagesb.com/cti/29/eb/08/29eb08c32bad57ff8c8e14af3a16e9c1/1628586955.jpg
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://www.wedirectpass.com/
Certificate IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
Fingerprint6F:9C:41:9B:BA:6A:17:A2:42:F8:28:FF:ED:09:F8:26:12:F1:4C:7B
ValidityThu, 30 Mar 2023 06:08:09 GMT - Wed, 28 Jun 2023 06:08:08 GMT
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 320x240, components 3\012- data
Hash 4452445afb73fab8af9ff308eb667024
130401c47d822426e1cce9981c30d775cba1b576
923b0ac505decd181f473f1fa460f21590777993c3581723f127b032d8c45bdd
GET /cti/29/eb/08/29eb08c32bad57ff8c8e14af3a16e9c1/1628586955.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 03 May 2023 16:33:36 GMT
content-type: image/jpeg
content-length: 22987
server: nginx/1.17.6
last-modified: Tue, 10 Aug 2021 09:16:05 GMT
etag: "611243d5-59cb"
expires: Fri, 05 May 2023 16:33:36 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
stackpath.bootstrapcdn.com/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0
200 OK 77 kB URL GET HTTP/3 stackpath.bootstrapcdn.com/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint5B:F7:8F:50:AD:E5:5B:5E:8C:4A:39:3D:0C:98:E8:8C:18:4B:3D:8A
ValidityFri, 30 Dec 2022 00:00:00 GMT - Sat, 30 Dec 2023 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 77160, version 4.459\012- data
Hash af7ae505a9eed503f8b8e6982036873e
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
GET /font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1
Host: stackpath.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.wedirectpass.com
Connection: keep-alive
Referer: https://stackpath.bootstrapcdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 16:33:36 GMT
content-type: font/woff2
content-length: 77160
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: "af7ae505a9eed503f8b8e6982036873e"
last-modified: Mon, 25 Jan 2021 22:04:55 GMT
cdn-cachedat: 08/17/2022 18:20:14
cdn-proxyver: 1.02
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 752
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: afaa94352176d949f3c6e232842ea146
cdn-cache: HIT
cf-cache-status: HIT
age: 86902
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 7c19e81a686c0b61-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cdn.cloudimagesb.com/si/22/66/7a/22667a4a830d3b482f77cc1408e98e5e/1680615948.png
200 OK 134 kB URL GET HTTP/2 cdn.cloudimagesb.com/si/22/66/7a/22667a4a830d3b482f77cc1408e98e5e/1680615948.png
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://www.wedirectpass.com/
Certificate IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
Fingerprint6F:9C:41:9B:BA:6A:17:A2:42:F8:28:FF:ED:09:F8:26:12:F1:4C:7B
ValidityThu, 30 Mar 2023 06:08:09 GMT - Wed, 28 Jun 2023 06:08:08 GMT
File type PNG image data, 320 x 240, 8-bit/color RGBA, non-interlaced\012- data
Size 134 kB (133641 bytes)
Hash 300540e239d873b7fc529fe590383c17
1d5c065ef06635a7dffc21b37def47a01d256744
30c7332e1541ff8efb734089c08a3dd33603baa1cd3a219ab0cb654339156a20
GET /si/22/66/7a/22667a4a830d3b482f77cc1408e98e5e/1680615948.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 03 May 2023 16:33:36 GMT
content-type: image/png
content-length: 133641
server: nginx/1.17.6
last-modified: Tue, 04 Apr 2023 13:45:56 GMT
etag: "642c2a14-20a09"
expires: Fri, 05 May 2023 16:33:36 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.cloudimagesb.com/cti/4e/61/98/4e619871efbab123abb0e0121e08e11d/1628586907.jpg
200 OK 23 kB URL GET HTTP/2 cdn.cloudimagesb.com/cti/4e/61/98/4e619871efbab123abb0e0121e08e11d/1628586907.jpg
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://www.wedirectpass.com/
Certificate IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
Fingerprint6F:9C:41:9B:BA:6A:17:A2:42:F8:28:FF:ED:09:F8:26:12:F1:4C:7B
ValidityThu, 30 Mar 2023 06:08:09 GMT - Wed, 28 Jun 2023 06:08:08 GMT
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 320x240, components 3\012- data
Hash c6f19781c79ff746b99178f813cfbff2
5c307e43c63001535aa3a3683777dbb1a7f0775b
816b5a5d078f27271fa2d7c210d708f386a6f9fbd9242531b07f0b051382870d
GET /cti/4e/61/98/4e619871efbab123abb0e0121e08e11d/1628586907.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 03 May 2023 16:33:36 GMT
content-type: image/jpeg
content-length: 22883
server: nginx/1.17.6
last-modified: Tue, 10 Aug 2021 09:15:16 GMT
etag: "611243a4-5963"
expires: Fri, 05 May 2023 16:33:36 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
varycares.com/35/d1/24/35d1247b354f56697190b0a1eaa02236.js
200 OK 29 kB URL GET HTTP/1.1 varycares.com/35/d1/24/35d1247b354f56697190b0a1eaa02236.js
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerLet's Encrypt
Subjectvarycares.com
FingerprintD4:DA:6E:A7:73:68:5A:78:BD:2D:8F:1F:7B:50:F0:57:13:45:7A:B6
ValidityMon, 01 May 2023 19:24:05 GMT - Sun, 30 Jul 2023 19:24:04 GMT
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash 3f34fee9968600518796aa940aa530b8
60c2f7036d427c0a161ac83fba28a4884215082b
ba5bbb14ee297c5f6d181c2fd55143b807aec95e6e65fe53a347e4fa4f30f2e7
GET /35/d1/24/35d1247b354f56697190b0a1eaa02236.js HTTP/1.1
Host: varycares.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 03 May 2023 16:33:36 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f2f47454bd5820e27cd6a2ca33d32886
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ryepublisher.com/ren.gif?sid=H4sIAAAAAAAC%2F1RST2gkxReu3t8cfuxedPGyoDDsQVZYJt09PZkZ9xBc10gwbtbsih4Eqa6qnpSp7mqquqcn8RJckT0IjuBFT51vkg2uYVE8in%2Fo6MISEDK3HDYLggdvgrhnmUkw%2BKD7vVffd%2Fje995Hm%2FkRcZHTw%2FnX9bpUis60Gm790tued6W%2BKJN8UB90Zt%2BdDa7UTf9Fz%2B023Bfqrwq2qmd813Ndz%2FXq89KISA9mPM9ruJDpbtdrdN1G4De8VoCB%2BW9vcweWOuD9I3Ieko%2FP7t4PIFmFJP76mrCrmU4vvxLnimbaoM933kxWE10kiE%2FLyDiIkp0TNrQ9mP8BOtmeCobu%2F0sM5Zg4v%2F%2BGMNk5UYmwv30sNFQQCUJ%2BDkW%2FglAVJK3A9G1IfkAAxnF9CUl897o2BV07RukEHZPak78gizGpPXoGSXz%2FqpKD%2Bk2t8kzqxGIQlZCDCrJXIc33kK2fgSz2wLIPIPmvZObJIpJ4a8kqDcnL6fBSVpBRBSWGoNZBPvmkgzxykKcOYn5Yb7Og0%2BGdFqeCMT%2BMvE4UREGXMjdibrPrI2cTeUNk6RBMDcHMBlKzgVX56UHrPEz%2BE%2BxKCcsd2GxMnDc20OclCkFQWIKCEhSSoMgIin65zZX1bXmXK5uH3kn2T3KzHOmst0m3ddYTCdlMj8jTE2uc5x48hVVxWG%2B1w6jjtwK%2F2Q0p7bRF2%2Fd5x283I0E7dJbByhLSnplOuy7H5AJbQirHpOYuIaR7sGoPTDqguQdajNq%2BC7oyCjou1pPvYppIymLdl8Lzm41Q6Z5NddZgOgbXJdKshmzN2VRH5MJ0Y3O3HkCw%2Fblfqk%2FeufT3HpgpkZoS78mfCXrqzmhZF2RrWReWfLOUZjKW63SyzZsZzUTt3mtirdCGL1yzwy9fYhNgUu7eEjZbpAmXSc%2BSr65KzoWZ14YJ8v2CfUuEN3K7cjU3SZ4u3nh5fiFOjbBW6qQCnVxm8RBMjsm5b9%2BfXurFDy9DmgomLxHn%2B%2BQkIHUFlm7Apvtz957d%2Fb%2F3%2FB%2BwmsCoU06YnkGRlyPjh6ePShIocdrTsIQVpyaEYv%2FHP4%2BxTXsHPVMDzW4jiUv0TYm%2BKkHVEDY%2FO8pSsz%2F38PNJfIFQ1UahMrWtUBn12Zhc%2FN%2BjqcOT6mjyewwrD%2BuiLWa73cAN2tx1w4D7vtcSjDYD2qW%2BH7WR2TFf%2FvjxPwAAAP%2F%2FAQAA%2F%2F9SZ9IfhQQAAA%3D%3D
200 OK 7 B URL GET HTTP/1.1 ryepublisher.com/ren.gif?sid=H4sIAAAAAAAC%2F1RST2gkxReu3t8cfuxedPGyoDDsQVZYJt09PZkZ9xBc10gwbtbsih4Eqa6qnpSp7mqquqcn8RJckT0IjuBFT51vkg2uYVE8in%2Fo6MISEDK3HDYLggdvgrhnmUkw%2BKD7vVffd%2Fje995Hm%2FkRcZHTw%2FnX9bpUis60Gm790tued6W%2BKJN8UB90Zt%2BdDa7UTf9Fz%2B023Bfqrwq2qmd813Ndz%2FXq89KISA9mPM9ruJDpbtdrdN1G4De8VoCB%2BW9vcweWOuD9I3Ieko%2FP7t4PIFmFJP76mrCrmU4vvxLnimbaoM933kxWE10kiE%2FLyDiIkp0TNrQ9mP8BOtmeCobu%2F0sM5Zg4v%2F%2BGMNk5UYmwv30sNFQQCUJ%2BDkW%2FglAVJK3A9G1IfkAAxnF9CUl897o2BV07RukEHZPak78gizGpPXoGSXz%2FqpKD%2Bk2t8kzqxGIQlZCDCrJXIc33kK2fgSz2wLIPIPmvZObJIpJ4a8kqDcnL6fBSVpBRBSWGoNZBPvmkgzxykKcOYn5Yb7Og0%2BGdFqeCMT%2BMvE4UREGXMjdibrPrI2cTeUNk6RBMDcHMBlKzgVX56UHrPEz%2BE%2BxKCcsd2GxMnDc20OclCkFQWIKCEhSSoMgIin65zZX1bXmXK5uH3kn2T3KzHOmst0m3ddYTCdlMj8jTE2uc5x48hVVxWG%2B1w6jjtwK%2F2Q0p7bRF2%2Fd5x283I0E7dJbByhLSnplOuy7H5AJbQirHpOYuIaR7sGoPTDqguQdajNq%2BC7oyCjou1pPvYppIymLdl8Lzm41Q6Z5NddZgOgbXJdKshmzN2VRH5MJ0Y3O3HkCw%2Fblfqk%2FeufT3HpgpkZoS78mfCXrqzmhZF2RrWReWfLOUZjKW63SyzZsZzUTt3mtirdCGL1yzwy9fYhNgUu7eEjZbpAmXSc%2BSr65KzoWZ14YJ8v2CfUuEN3K7cjU3SZ4u3nh5fiFOjbBW6qQCnVxm8RBMjsm5b9%2BfXurFDy9DmgomLxHn%2B%2BQkIHUFlm7Apvtz957d%2Fb%2F3%2FB%2BwmsCoU06YnkGRlyPjh6ePShIocdrTsIQVpyaEYv%2FHP4%2BxTXsHPVMDzW4jiUv0TYm%2BKkHVEDY%2FO8pSsz%2F38PNJfIFQ1UahMrWtUBn12Zhc%2FN%2BjqcOT6mjyewwrD%2BuiLWa73cAN2tx1w4D7vtcSjDYD2qW%2BH7WR2TFf%2FvjxPwAAAP%2F%2FAQAA%2F%2F9SZ9IfhQQAAA%3D%3D
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://www.wedirectpass.com/
Certificate IssuerLet's Encrypt
Subjectryepublisher.com
Fingerprint44:89:F7:BE:9D:B5:64:34:EC:82:1B:65:8A:E0:06:09:57:BA:28:51
ValiditySun, 16 Apr 2023 07:12:11 GMT - Sat, 15 Jul 2023 07:12:10 GMT
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RST2gkxReu3t8cfuxedPGyoDDsQVZYJt09PZkZ9xBc10gwbtbsih4Eqa6qnpSp7mqquqcn8RJckT0IjuBFT51vkg2uYVE8in%2Fo6MISEDK3HDYLggdvgrhnmUkw%2BKD7vVffd%2Fje995Hm%2FkRcZHTw%2FnX9bpUis60Gm790tued6W%2BKJN8UB90Zt%2BdDa7UTf9Fz%2B023Bfqrwq2qmd813Ndz%2FXq89KISA9mPM9ruJDpbtdrdN1G4De8VoCB%2BW9vcweWOuD9I3Ieko%2FP7t4PIFmFJP76mrCrmU4vvxLnimbaoM933kxWE10kiE%2FLyDiIkp0TNrQ9mP8BOtmeCobu%2F0sM5Zg4v%2F%2BGMNk5UYmwv30sNFQQCUJ%2BDkW%2FglAVJK3A9G1IfkAAxnF9CUl897o2BV07RukEHZPak78gizGpPXoGSXz%2FqpKD%2Bk2t8kzqxGIQlZCDCrJXIc33kK2fgSz2wLIPIPmvZObJIpJ4a8kqDcnL6fBSVpBRBSWGoNZBPvmkgzxykKcOYn5Yb7Og0%2BGdFqeCMT%2BMvE4UREGXMjdibrPrI2cTeUNk6RBMDcHMBlKzgVX56UHrPEz%2BE%2BxKCcsd2GxMnDc20OclCkFQWIKCEhSSoMgIin65zZX1bXmXK5uH3kn2T3KzHOmst0m3ddYTCdlMj8jTE2uc5x48hVVxWG%2B1w6jjtwK%2F2Q0p7bRF2%2Fd5x283I0E7dJbByhLSnplOuy7H5AJbQirHpOYuIaR7sGoPTDqguQdajNq%2BC7oyCjou1pPvYppIymLdl8Lzm41Q6Z5NddZgOgbXJdKshmzN2VRH5MJ0Y3O3HkCw%2Fblfqk%2FeufT3HpgpkZoS78mfCXrqzmhZF2RrWReWfLOUZjKW63SyzZsZzUTt3mtirdCGL1yzwy9fYhNgUu7eEjZbpAmXSc%2BSr65KzoWZ14YJ8v2CfUuEN3K7cjU3SZ4u3nh5fiFOjbBW6qQCnVxm8RBMjsm5b9%2BfXurFDy9DmgomLxHn%2B%2BQkIHUFlm7Apvtz957d%2Fb%2F3%2FB%2BwmsCoU06YnkGRlyPjh6ePShIocdrTsIQVpyaEYv%2FHP4%2BxTXsHPVMDzW4jiUv0TYm%2BKkHVEDY%2FO8pSsz%2F38PNJfIFQ1UahMrWtUBn12Zhc%2FN%2BjqcOT6mjyewwrD%2BuiLWa73cAN2tx1w4D7vtcSjDYD2qW%2BH7WR2TFf%2FvjxPwAAAP%2F%2FAQAA%2F%2F9SZ9IfhQQAAA%3D%3D HTTP/1.1
Host: ryepublisher.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Cookie: u_pl=18728464; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 03 May 2023 16:33:36 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7c69952f403767f8cfd7ff239a5a9d66
Strict-Transport-Security: max-age=0; includeSubdomains
ryepublisher.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSQWgkRRut3p3Dz%2F6XdfGyoDB4EAWZdPf0ZGbcQzCukWDcWbMrepPqqupJmequpqp7epJTdEH34GEEL3rqvEk2uIZFz%2BIiE1mQoJC55bBZEDx4FhaP0klw9IPme19%2F7%2FDe%2B%2BqT7fyEuMjp8dLbelMqRedaDbf%2B0vued62%2BIpN8WB925j%2BYD67VzeBVz%2B023Jfrbwq2rud813Ndz%2FXqS9KISA%2FnPM9ruJDpftdrdN1G4De8VoCh%2Be9scweWOuCDE3IFkk8v7T8IINkESfztdWHXM52%2B8kacK5ppgwHfezdZT3SRIJ7ByDiIkr1zNrQ9WnoIneyeCoYe%2FEMM5ZQ4v%2F%2BGMNk7V4lwsHsmNFQQCUL%2BfxSDCYSaQNIJmL4DyY8IwDhu9JDE925oU9CNsy2ttlNSe%2FonZDEltcfPIokfLCo5rN%2FSKs%2BkTiyGUQk5nED2J0jzA2SbFyCLA7DsY0j%2BK5l7uoIk3ulZpSF5eWpeyglkNIESI1DrIK8%2B6SCPHOSpg5gf19ss6HR4p8WpYMwPI68TBVHQpcyNmNvs%2BshZJW%2BELB2BqRGY2UJqtrAuPz9qXYHJf4RdK2G5A5tNifPOFga8RCEICktQUIJCEhQZQTEod7myvi3vcWXz0Dvv%2FnlvlmOd9bfprs76IiHb6Ql5porGef7RZayL43qrHUYdvxX4zW5Iaact2r7PO367GQnaofMMVpaQ9sKp2005JVdZD6mckprbQ0gPYNUBmHRAcw%2B0GLd9F3RtHHRcbCbfxzSRlMV6IIXnNxuh0n2b6qzBdAyuS6RZDdmGs61OyNXTi71w8QkEO1y4%2F9z%2B%2F7wX%2FwAzJVJT4kP5E0Ff3R2v6oLsrOrCku96aSZjuUmra97KaCYu3n9LbBTa8OXrdvT1a6xaVHD%2FtrDZCk24TPqWfLMoORdmSRsmyA%2FL9j0R3szt2mJukjxdufn60nKcGmGt1MkEVB71%2FgKr%2FH708PSdXv7lU0gzgclLxPkhOS9IfQCWbsGmM%2FVWExg144RpDUVejo0fzn4qSaDEbKZhCfuvOZzhbXsXfVMDze4giUsMTImBKkHVCDa%2FNM5Sc7jw85dVfYVQ1cahMrWdUBn1RRXt4ylZuP2oQidnSVt5XBdtMd%2FtBm7Q5q4bBtz3vZZgtBnQLvX9qI3MTvnqZ0%2F%2BBgAA%2F%2F8BAAD%2F%2F%2F%2FY58aDBAAA
200 OK 7 B URL GET HTTP/1.1 ryepublisher.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSQWgkRRut3p3Dz%2F6XdfGyoDB4EAWZdPf0ZGbcQzCukWDcWbMrepPqqupJmequpqp7epJTdEH34GEEL3rqvEk2uIZFz%2BIiE1mQoJC55bBZEDx4FhaP0klw9IPme19%2F7%2FDe%2B%2BqT7fyEuMjp8dLbelMqRedaDbf%2B0vued62%2BIpN8WB925j%2BYD67VzeBVz%2B023Jfrbwq2rud813Ndz%2FXqS9KISA%2FnPM9ruJDpftdrdN1G4De8VoCh%2Be9scweWOuCDE3IFkk8v7T8IINkESfztdWHXM52%2B8kacK5ppgwHfezdZT3SRIJ7ByDiIkr1zNrQ9WnoIneyeCoYe%2FEMM5ZQ4v%2F%2BGMNk7V4lwsHsmNFQQCUL%2BfxSDCYSaQNIJmL4DyY8IwDhu9JDE925oU9CNsy2ttlNSe%2FonZDEltcfPIokfLCo5rN%2FSKs%2BkTiyGUQk5nED2J0jzA2SbFyCLA7DsY0j%2BK5l7uoIk3ulZpSF5eWpeyglkNIESI1DrIK8%2B6SCPHOSpg5gf19ss6HR4p8WpYMwPI68TBVHQpcyNmNvs%2BshZJW%2BELB2BqRGY2UJqtrAuPz9qXYHJf4RdK2G5A5tNifPOFga8RCEICktQUIJCEhQZQTEod7myvi3vcWXz0Dvv%2FnlvlmOd9bfprs76IiHb6Ql5porGef7RZayL43qrHUYdvxX4zW5Iaact2r7PO367GQnaofMMVpaQ9sKp2005JVdZD6mckprbQ0gPYNUBmHRAcw%2B0GLd9F3RtHHRcbCbfxzSRlMV6IIXnNxuh0n2b6qzBdAyuS6RZDdmGs61OyNXTi71w8QkEO1y4%2F9z%2B%2F7wX%2FwAzJVJT4kP5E0Ff3R2v6oLsrOrCku96aSZjuUmra97KaCYu3n9LbBTa8OXrdvT1a6xaVHD%2FtrDZCk24TPqWfLMoORdmSRsmyA%2FL9j0R3szt2mJukjxdufn60nKcGmGt1MkEVB71%2FgKr%2FH708PSdXv7lU0gzgclLxPkhOS9IfQCWbsGmM%2FVWExg144RpDUVejo0fzn4qSaDEbKZhCfuvOZzhbXsXfVMDze4giUsMTImBKkHVCDa%2FNM5Sc7jw85dVfYVQ1cahMrWdUBn1RRXt4ylZuP2oQidnSVt5XBdtMd%2FtBm7Q5q4bBtz3vZZgtBnQLvX9qI3MTvnqZ0%2F%2BBgAA%2F%2F8BAAD%2F%2F%2F%2FY58aDBAAA
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerLet's Encrypt
Subjectryepublisher.com
Fingerprint44:89:F7:BE:9D:B5:64:34:EC:82:1B:65:8A:E0:06:09:57:BA:28:51
ValiditySun, 16 Apr 2023 07:12:11 GMT - Sat, 15 Jul 2023 07:12:10 GMT
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSQWgkRRut3p3Dz%2F6XdfGyoDB4EAWZdPf0ZGbcQzCukWDcWbMrepPqqupJmequpqp7epJTdEH34GEEL3rqvEk2uIZFz%2BIiE1mQoJC55bBZEDx4FhaP0klw9IPme19%2F7%2FDe%2B%2BqT7fyEuMjp8dLbelMqRedaDbf%2B0vued62%2BIpN8WB925j%2BYD67VzeBVz%2B023Jfrbwq2rud813Ndz%2FXqS9KISA%2FnPM9ruJDpftdrdN1G4De8VoCh%2Be9scweWOuCDE3IFkk8v7T8IINkESfztdWHXM52%2B8kacK5ppgwHfezdZT3SRIJ7ByDiIkr1zNrQ9WnoIneyeCoYe%2FEMM5ZQ4v%2F%2BGMNk7V4lwsHsmNFQQCUL%2BfxSDCYSaQNIJmL4DyY8IwDhu9JDE925oU9CNsy2ttlNSe%2FonZDEltcfPIokfLCo5rN%2FSKs%2BkTiyGUQk5nED2J0jzA2SbFyCLA7DsY0j%2BK5l7uoIk3ulZpSF5eWpeyglkNIESI1DrIK8%2B6SCPHOSpg5gf19ss6HR4p8WpYMwPI68TBVHQpcyNmNvs%2BshZJW%2BELB2BqRGY2UJqtrAuPz9qXYHJf4RdK2G5A5tNifPOFga8RCEICktQUIJCEhQZQTEod7myvi3vcWXz0Dvv%2FnlvlmOd9bfprs76IiHb6Ql5porGef7RZayL43qrHUYdvxX4zW5Iaact2r7PO367GQnaofMMVpaQ9sKp2005JVdZD6mckprbQ0gPYNUBmHRAcw%2B0GLd9F3RtHHRcbCbfxzSRlMV6IIXnNxuh0n2b6qzBdAyuS6RZDdmGs61OyNXTi71w8QkEO1y4%2F9z%2B%2F7wX%2FwAzJVJT4kP5E0Ff3R2v6oLsrOrCku96aSZjuUmra97KaCYu3n9LbBTa8OXrdvT1a6xaVHD%2FtrDZCk24TPqWfLMoORdmSRsmyA%2FL9j0R3szt2mJukjxdufn60nKcGmGt1MkEVB71%2FgKr%2FH708PSdXv7lU0gzgclLxPkhOS9IfQCWbsGmM%2FVWExg144RpDUVejo0fzn4qSaDEbKZhCfuvOZzhbXsXfVMDze4giUsMTImBKkHVCDa%2FNM5Sc7jw85dVfYVQ1cahMrWdUBn1RRXt4ylZuP2oQidnSVt5XBdtMd%2FtBm7Q5q4bBtz3vZZgtBnQLvX9qI3MTvnqZ0%2F%2BBgAA%2F%2F8BAAD%2F%2F%2F%2FY58aDBAAA HTTP/1.1
Host: ryepublisher.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Cookie: u_pl=18728464; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 03 May 2023 16:33:36 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ba991d36c6040d59307a563b3c387c8e
Strict-Transport-Security: max-age=0; includeSubdomains
instinctivetheeexemplify.com/watch.633615597701.js?key=15bc91630ec0963008ff48491aacecba&kw=%5B%22live%22%2C%22news%22%2C%2224%22%2C%227%22%5D&refer=https%3A%2F%2Fwww.wedirectpass.com%2F&tz=0&dev=e&res=12.2079&uuid=2a66c861-860f-4872-9e1d-c24f5869c10c%3A3%3A1
307 Temporary Redirect 0 B URL GET HTTP/1.1 instinctivetheeexemplify.com/watch.633615597701.js?key=15bc91630ec0963008ff48491aacecba&kw=%5B%22live%22%2C%22news%22%2C%2224%22%2C%227%22%5D&refer=https%3A%2F%2Fwww.wedirectpass.com%2F&tz=0&dev=e&res=12.2079&uuid=2a66c861-860f-4872-9e1d-c24f5869c10c%3A3%3A1
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://www.wedirectpass.com/
Certificate IssuerLet's Encrypt
Subjectinstinctivetheeexemplify.com
Fingerprint53:D2:59:BD:B0:52:6A:5F:7C:25:69:14:DA:17:EA:FC:01:0C:1F:41
ValidityMon, 01 May 2023 19:32:47 GMT - Sun, 30 Jul 2023 19:32:46 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.633615597701.js?key=15bc91630ec0963008ff48491aacecba&kw=%5B%22live%22%2C%22news%22%2C%2224%22%2C%227%22%5D&refer=https%3A%2F%2Fwww.wedirectpass.com%2F&tz=0&dev=e&res=12.2079&uuid=2a66c861-860f-4872-9e1d-c24f5869c10c%3A3%3A1 HTTP/1.1
Host: instinctivetheeexemplify.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.wedirectpass.com
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Wed, 03 May 2023 16:33:36 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://www.wedirectpass.com
Access-Control-Allow-Origin: https://www.wedirectpass.com
Access-Control-Allow-Credentials: true
Location: https://instinctivetheeexemplify.com/watch.633615597701.js?key=15bc91630ec0963008ff48491aacecba&kw=%5B%22live%22%2C%22news%22%2C%2224%22%2C%227%22%5D&refer=https%3A%2F%2Fwww.wedirectpass.com%2F&tz=0&dev=e&res=12.2079&uuid=2a66c861-860f-4872-9e1d-c24f5869c10c%3A3%3A1&shu=d7d019f6d4aae056ddb83ad63b42f0b269a7948cf798d4ca9f290ba43877310efd36c20bd8ce7ad8dea560ed073e11603e8d0c84595ff84aa225ef0014ac106fcce5d7c74b3738bdcd1e57c2f0c32ea5026d95&pst=1683131676&rmtc=t
Set-Cookie: u_pl=16607872; expires=Thu, 04 May 2023 16:33:36 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjYwNzg3MiwiayI6IjE1YmM5MTYzMGVjMDk2MzAwOGZmNDg0OTFhYWNlY2JhIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNjYzODIzLCJwaWQiOjI3NDUxMSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxLCJhaWQiOjIzLCJwdCI6NCwicGsiOiJlc3hxeXRkeWgiLCJjcGtzIjp7ICIyOCI6IjM1ZDEyNDdiMzU0ZjU2Njk3MTkwYjBhMWVhYTAyMjM2In0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoxNzkwODg5NDgsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTI0Mzg2LCJibiI6IkZpcmVmb3giLCJidiI6IjExMS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vd3d3LndlZGlyZWN0cGFzcy5jb20vIn19.wzEwUido1LLxb-ZBSBZbkHNMTWnY15uQ0NbLLfxSbqs; expires=Wed, 03 May 2023 16:34:36 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 04307e416b7a731c4ece0bd6504294bb
Strict-Transport-Security: max-age=0; includeSubdomains
ryepublisher.com/impr.gif?sid=H4sIAAAAAAAC%2F1RST2gkxReu3t8cfuxedPGyoDDsQVZYJt09M5ke9xBc10gwbtbsih4Eqa6qnpSp7mqquqcn8RJckT0IjuBFT51vkg2uYVE8in%2Fo6MISEDK3HDYLggdvgrhnmUkw%2BKD7vVffd%2Fje995Hm%2FkRcZHTw%2FnX9bpUis60G2790tued6W%2BKJN8UB8Es%2B%2FOtq7UTf9Fz%2B023Bfqrwq2qmd813Ndz%2FXq89KISA9mPM9ruJDpbtdrdN1Gy2947RYG5r%2B9zR1Y6oD3j8h5SD4%2Bu3u%2FBckqJPHX14RdzXR6%2BZU4VzTTBn2%2B82aymugiQXxaRsZBlOycsKHtwfwP0Mn2VDB0%2F19iKMfE%2Bf03hMnOiUqE%2Fe1joaGCSBDycyj6FYSqIGkFpm9D8gMCMI7rS0jiu9e1KejaMUon6JjUnvwFWYxJ7dEzSOL7V5Uc1G9qlWdSJxaDqIQcVJC9Cmm%2Bh2z9DGSxB5Z9AMl%2FJTNPFpHEW0tWaUheToeXsoKMKigxBLUO8sknHeSRgzx1EPPDeoe1goAHbU4FY34YeUHUilpdytyIuc2uj5xN5A2RpUMwNQQzG0jNBlblpwft8zD5T7ArJSx3YLMxcd7YQJ%2BXKARBYQkKSlBIgiIjKPrlNlfWt%2BVdrmweeifZP8nNcqSz3ibd1llPJGQzPSJPT6xxnnvwFFbFYb3dCaPAb7f8ZjekNOiIju%2FzwO80I0EDOstgZQlpz0ynXZdjcoEtIZVjUnOXENI9WLUHJh3Q3AMtRh3fBV0ZtQIX68l3MU0kZbHuS%2BH5zUaodM%2BmOmswHYPrEmlWQ7bmbKojcmG6sblbDyDY%2Ftwv1SfvXPp7D8yUSE2J9%2BTPBD11Z7SsC7K1rAtLvllKMxnLdTrZ5s2MZqJ27zWxVmjDF67Z4ZcvsQkwKXdvCZst0oTLpGfJV1cl58LMa8ME%2BX7BviXCG7lduZqbJE8Xb7w8vxCnRlgrdVKBTi6zeAgmx%2BTct%2B9PL%2FXih5chTQWTl4jzfXISkLoCSzdg0%2F25e8%2Fu%2Ft97%2Fg9YTWDUKSdMz6DIy5Hxw9NHJQmUOO1pWMKKUxNCsf%2Fjn8fYpr2DnqmBZreRxCX6pkRflaBqCJufHWWp2Z97%2BPkkvkCoaqNQmdpWqIz6bEwu%2Fu%2FR1OFJdTT5PYaVh3XGXEG9sOMJwUW7yVhrlgXhbNRsdUTQ5m1kdsyXP378DwAAAP%2F%2FAQAA%2F%2F%2BtQHoPhQQAAA%3D%3D
200 OK 7 B URL GET HTTP/1.1 ryepublisher.com/impr.gif?sid=H4sIAAAAAAAC%2F1RST2gkxReu3t8cfuxedPGyoDDsQVZYJt09M5ke9xBc10gwbtbsih4Eqa6qnpSp7mqquqcn8RJckT0IjuBFT51vkg2uYVE8in%2Fo6MISEDK3HDYLggdvgrhnmUkw%2BKD7vVffd%2Fje995Hm%2FkRcZHTw%2FnX9bpUis60G2790tued6W%2BKJN8UB8Es%2B%2FOtq7UTf9Fz%2B023Bfqrwq2qmd813Ndz%2FXq89KISA9mPM9ruJDpbtdrdN1Gy2947RYG5r%2B9zR1Y6oD3j8h5SD4%2Bu3u%2FBckqJPHX14RdzXR6%2BZU4VzTTBn2%2B82aymugiQXxaRsZBlOycsKHtwfwP0Mn2VDB0%2F19iKMfE%2Bf03hMnOiUqE%2Fe1joaGCSBDycyj6FYSqIGkFpm9D8gMCMI7rS0jiu9e1KejaMUon6JjUnvwFWYxJ7dEzSOL7V5Uc1G9qlWdSJxaDqIQcVJC9Cmm%2Bh2z9DGSxB5Z9AMl%2FJTNPFpHEW0tWaUheToeXsoKMKigxBLUO8sknHeSRgzx1EPPDeoe1goAHbU4FY34YeUHUilpdytyIuc2uj5xN5A2RpUMwNQQzG0jNBlblpwft8zD5T7ArJSx3YLMxcd7YQJ%2BXKARBYQkKSlBIgiIjKPrlNlfWt%2BVdrmweeifZP8nNcqSz3ibd1llPJGQzPSJPT6xxnnvwFFbFYb3dCaPAb7f8ZjekNOiIju%2FzwO80I0EDOstgZQlpz0ynXZdjcoEtIZVjUnOXENI9WLUHJh3Q3AMtRh3fBV0ZtQIX68l3MU0kZbHuS%2BH5zUaodM%2BmOmswHYPrEmlWQ7bmbKojcmG6sblbDyDY%2Ftwv1SfvXPp7D8yUSE2J9%2BTPBD11Z7SsC7K1rAtLvllKMxnLdTrZ5s2MZqJ27zWxVmjDF67Z4ZcvsQkwKXdvCZst0oTLpGfJV1cl58LMa8ME%2BX7BviXCG7lduZqbJE8Xb7w8vxCnRlgrdVKBTi6zeAgmx%2BTct%2B9PL%2FXih5chTQWTl4jzfXISkLoCSzdg0%2F25e8%2Fu%2Ft97%2Fg9YTWDUKSdMz6DIy5Hxw9NHJQmUOO1pWMKKUxNCsf%2Fjn8fYpr2DnqmBZreRxCX6pkRflaBqCJufHWWp2Z97%2BPkkvkCoaqNQmdpWqIz6bEwu%2Fu%2FR1OFJdTT5PYaVh3XGXEG9sOMJwUW7yVhrlgXhbNRsdUTQ5m1kdsyXP378DwAAAP%2F%2FAQAA%2F%2F%2BtQHoPhQQAAA%3D%3D
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://www.wedirectpass.com/
Certificate IssuerLet's Encrypt
Subjectryepublisher.com
Fingerprint44:89:F7:BE:9D:B5:64:34:EC:82:1B:65:8A:E0:06:09:57:BA:28:51
ValiditySun, 16 Apr 2023 07:12:11 GMT - Sat, 15 Jul 2023 07:12:10 GMT
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RST2gkxReu3t8cfuxedPGyoDDsQVZYJt09M5ke9xBc10gwbtbsih4Eqa6qnpSp7mqquqcn8RJckT0IjuBFT51vkg2uYVE8in%2Fo6MISEDK3HDYLggdvgrhnmUkw%2BKD7vVffd%2Fje995Hm%2FkRcZHTw%2FnX9bpUis60G2790tued6W%2BKJN8UB8Es%2B%2FOtq7UTf9Fz%2B023Bfqrwq2qmd813Ndz%2FXq89KISA9mPM9ruJDpbtdrdN1Gy2947RYG5r%2B9zR1Y6oD3j8h5SD4%2Bu3u%2FBckqJPHX14RdzXR6%2BZU4VzTTBn2%2B82aymugiQXxaRsZBlOycsKHtwfwP0Mn2VDB0%2F19iKMfE%2Bf03hMnOiUqE%2Fe1joaGCSBDycyj6FYSqIGkFpm9D8gMCMI7rS0jiu9e1KejaMUon6JjUnvwFWYxJ7dEzSOL7V5Uc1G9qlWdSJxaDqIQcVJC9Cmm%2Bh2z9DGSxB5Z9AMl%2FJTNPFpHEW0tWaUheToeXsoKMKigxBLUO8sknHeSRgzx1EPPDeoe1goAHbU4FY34YeUHUilpdytyIuc2uj5xN5A2RpUMwNQQzG0jNBlblpwft8zD5T7ArJSx3YLMxcd7YQJ%2BXKARBYQkKSlBIgiIjKPrlNlfWt%2BVdrmweeifZP8nNcqSz3ibd1llPJGQzPSJPT6xxnnvwFFbFYb3dCaPAb7f8ZjekNOiIju%2FzwO80I0EDOstgZQlpz0ynXZdjcoEtIZVjUnOXENI9WLUHJh3Q3AMtRh3fBV0ZtQIX68l3MU0kZbHuS%2BH5zUaodM%2BmOmswHYPrEmlWQ7bmbKojcmG6sblbDyDY%2Ftwv1SfvXPp7D8yUSE2J9%2BTPBD11Z7SsC7K1rAtLvllKMxnLdTrZ5s2MZqJ27zWxVmjDF67Z4ZcvsQkwKXdvCZst0oTLpGfJV1cl58LMa8ME%2BX7BviXCG7lduZqbJE8Xb7w8vxCnRlgrdVKBTi6zeAgmx%2BTct%2B9PL%2FXih5chTQWTl4jzfXISkLoCSzdg0%2F25e8%2Fu%2Ft97%2Fg9YTWDUKSdMz6DIy5Hxw9NHJQmUOO1pWMKKUxNCsf%2Fjn8fYpr2DnqmBZreRxCX6pkRflaBqCJufHWWp2Z97%2BPkkvkCoaqNQmdpWqIz6bEwu%2Fu%2FR1OFJdTT5PYaVh3XGXEG9sOMJwUW7yVhrlgXhbNRsdUTQ5m1kdsyXP378DwAAAP%2F%2FAQAA%2F%2F%2BtQHoPhQQAAA%3D%3D HTTP/1.1
Host: ryepublisher.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Cookie: u_pl=18728464; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 03 May 2023 16:33:36 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7f8a1f6d26807dc8f14e2e6179f30a41
Strict-Transport-Security: max-age=0; includeSubdomains
ryepublisher.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSQYgcRReuTubwk%2F8Sg5eAwuBBFGS2u2dmp8ccgmtcWVwzcRPRm1RXVc%2BWW93VVHVPz%2B5pNRBy8DCCFz31frObxbgEPYtBZiUgi8LObQ%2FZgODBsxA8Sk8WRx9UvffqfYfv%2B17d2clPiYucniy%2Fq7ekUnSh3XDrr3zoeVfqqzLJh%2FVhsPjRYutK3Qxe99xuw321%2FrZgG3rBdz3X9VyvviyNiPRwwfO8hguZHnS9RtdttPyG125haP7b29yBpQ744JRcguTTCwcPWpBsgiT%2B9pqwG5lOX3srzhXNtMGA77%2BfbCS6SBDPy8g4iJL9MzS0PV5%2BCJ3szQhDD%2F4BhnJKnN9%2FQ5jsn7FEONh7RjRUEAlC%2Fn8UgwmEmkDSCZi%2BDcmPCcA4rveQxPeua1PQzWdTWk2npPb0T8hiSmqPn0cSP1hScli%2FqVWeSZ1YDKMScjiB7E%2BQ5ofIts5BFodg2aeQ%2FFey8HQVSbzbs0pD8nImXsoJZDSBEiNQ6yCvjnSQRw7y1EHMT%2Bod1goCHrQ5FYz5YeQFUStqdSlzI%2BY2uz5yVtEbIUtHYGoEZraRmm1syM%2BP25dg8h9h10tY7sBmU%2BK8t40BL1EIgsISFJSgkARFRlAMyj2urG%2FLe1zZPPTOsn%2BWm%2BVYZ%2F0duqezvkjITnpKnquscV58dBEb4qTe7oRR4LdbfrMbUhp0RMf3eeB3mpGgAV1ksLKEtOdmarfklFxmPaRySmpuDyE9hFWHYNIBzT3QYtzxXdD1cStwsZV8H9NEUhbrgRSe32yESvdtqrMG0zG4LpFmNWSbzo46JZdnG3vp%2FCkEO7p6%2F4WD%2F3kv%2FwFmSqSmxMfyJ4K%2Bujte0wXZXdOFJd%2F10kzGcotW27yZ0Uycv%2F%2BO2Cy04SvX7OjrN1g1qMqDW8JmqzThMulb8s2S5FyYZW2YID%2Bs2A9EeCO360u5SfJ09cabyytxaoS1UicTUHnc%2Bwus0vvJw9k%2FvfjLHUgzgclLxPkROQtIfQiWbsOmc%2FZWExg1x4TpeRR5OTZ%2BOH9UkkCJeU%2FDEvZffTivd%2Bxd9E0NNLuNJC4xMCUGqgRVI9j8wjhLzdHVn7%2Bs4iuEqjYOlanthsqoLyprH0%2FJ1VuPZiZX1xNYeVJnzBXUCzueEFy0m4y1FlkQLkbNVkcEbd5GZqd87bMnfwMAAP%2F%2FAQAA%2F%2F9HHavggwQAAA%3D%3D
200 OK 7 B URL GET HTTP/1.1 ryepublisher.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSQYgcRReuTubwk%2F8Sg5eAwuBBFGS2u2dmp8ccgmtcWVwzcRPRm1RXVc%2BWW93VVHVPz%2B5pNRBy8DCCFz31frObxbgEPYtBZiUgi8LObQ%2FZgODBsxA8Sk8WRx9UvffqfYfv%2B17d2clPiYucniy%2Fq7ekUnSh3XDrr3zoeVfqqzLJh%2FVhsPjRYutK3Qxe99xuw321%2FrZgG3rBdz3X9VyvviyNiPRwwfO8hguZHnS9RtdttPyG125haP7b29yBpQ744JRcguTTCwcPWpBsgiT%2B9pqwG5lOX3srzhXNtMGA77%2BfbCS6SBDPy8g4iJL9MzS0PV5%2BCJ3szQhDD%2F4BhnJKnN9%2FQ5jsn7FEONh7RjRUEAlC%2Fn8UgwmEmkDSCZi%2BDcmPCcA4rveQxPeua1PQzWdTWk2npPb0T8hiSmqPn0cSP1hScli%2FqVWeSZ1YDKMScjiB7E%2BQ5ofIts5BFodg2aeQ%2FFey8HQVSbzbs0pD8nImXsoJZDSBEiNQ6yCvjnSQRw7y1EHMT%2Bod1goCHrQ5FYz5YeQFUStqdSlzI%2BY2uz5yVtEbIUtHYGoEZraRmm1syM%2BP25dg8h9h10tY7sBmU%2BK8t40BL1EIgsISFJSgkARFRlAMyj2urG%2FLe1zZPPTOsn%2BWm%2BVYZ%2F0duqezvkjITnpKnquscV58dBEb4qTe7oRR4LdbfrMbUhp0RMf3eeB3mpGgAV1ksLKEtOdmarfklFxmPaRySmpuDyE9hFWHYNIBzT3QYtzxXdD1cStwsZV8H9NEUhbrgRSe32yESvdtqrMG0zG4LpFmNWSbzo46JZdnG3vp%2FCkEO7p6%2F4WD%2F3kv%2FwFmSqSmxMfyJ4K%2Bujte0wXZXdOFJd%2F10kzGcotW27yZ0Uycv%2F%2BO2Cy04SvX7OjrN1g1qMqDW8JmqzThMulb8s2S5FyYZW2YID%2Bs2A9EeCO360u5SfJ09cabyytxaoS1UicTUHnc%2Bwus0vvJw9k%2FvfjLHUgzgclLxPkROQtIfQiWbsOmc%2FZWExg1x4TpeRR5OTZ%2BOH9UkkCJeU%2FDEvZffTivd%2Bxd9E0NNLuNJC4xMCUGqgRVI9j8wjhLzdHVn7%2Bs4iuEqjYOlanthsqoLyprH0%2FJ1VuPZiZX1xNYeVJnzBXUCzueEFy0m4y1FlkQLkbNVkcEbd5GZqd87bMnfwMAAP%2F%2FAQAA%2F%2F9HHavggwQAAA%3D%3D
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerLet's Encrypt
Subjectryepublisher.com
Fingerprint44:89:F7:BE:9D:B5:64:34:EC:82:1B:65:8A:E0:06:09:57:BA:28:51
ValiditySun, 16 Apr 2023 07:12:11 GMT - Sat, 15 Jul 2023 07:12:10 GMT
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSQYgcRReuTubwk%2F8Sg5eAwuBBFGS2u2dmp8ccgmtcWVwzcRPRm1RXVc%2BWW93VVHVPz%2B5pNRBy8DCCFz31frObxbgEPYtBZiUgi8LObQ%2FZgODBsxA8Sk8WRx9UvffqfYfv%2B17d2clPiYucniy%2Fq7ekUnSh3XDrr3zoeVfqqzLJh%2FVhsPjRYutK3Qxe99xuw321%2FrZgG3rBdz3X9VyvviyNiPRwwfO8hguZHnS9RtdttPyG125haP7b29yBpQ744JRcguTTCwcPWpBsgiT%2B9pqwG5lOX3srzhXNtMGA77%2BfbCS6SBDPy8g4iJL9MzS0PV5%2BCJ3szQhDD%2F4BhnJKnN9%2FQ5jsn7FEONh7RjRUEAlC%2Fn8UgwmEmkDSCZi%2BDcmPCcA4rveQxPeua1PQzWdTWk2npPb0T8hiSmqPn0cSP1hScli%2FqVWeSZ1YDKMScjiB7E%2BQ5ofIts5BFodg2aeQ%2FFey8HQVSbzbs0pD8nImXsoJZDSBEiNQ6yCvjnSQRw7y1EHMT%2Bod1goCHrQ5FYz5YeQFUStqdSlzI%2BY2uz5yVtEbIUtHYGoEZraRmm1syM%2BP25dg8h9h10tY7sBmU%2BK8t40BL1EIgsISFJSgkARFRlAMyj2urG%2FLe1zZPPTOsn%2BWm%2BVYZ%2F0duqezvkjITnpKnquscV58dBEb4qTe7oRR4LdbfrMbUhp0RMf3eeB3mpGgAV1ksLKEtOdmarfklFxmPaRySmpuDyE9hFWHYNIBzT3QYtzxXdD1cStwsZV8H9NEUhbrgRSe32yESvdtqrMG0zG4LpFmNWSbzo46JZdnG3vp%2FCkEO7p6%2F4WD%2F3kv%2FwFmSqSmxMfyJ4K%2Bujte0wXZXdOFJd%2F10kzGcotW27yZ0Uycv%2F%2BO2Cy04SvX7OjrN1g1qMqDW8JmqzThMulb8s2S5FyYZW2YID%2Bs2A9EeCO360u5SfJ09cabyytxaoS1UicTUHnc%2Bwus0vvJw9k%2FvfjLHUgzgclLxPkROQtIfQiWbsOmc%2FZWExg1x4TpeRR5OTZ%2BOH9UkkCJeU%2FDEvZffTivd%2Bxd9E0NNLuNJC4xMCUGqgRVI9j8wjhLzdHVn7%2Bs4iuEqjYOlanthsqoLyprH0%2FJ1VuPZiZX1xNYeVJnzBXUCzueEFy0m4y1FlkQLkbNVkcEbd5GZqd87bMnfwMAAP%2F%2FAQAA%2F%2F9HHavggwQAAA%3D%3D HTTP/1.1
Host: ryepublisher.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Cookie: u_pl=18728464; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 03 May 2023 16:33:36 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: bba14a38a2c17218b42777e5013b59bc
Strict-Transport-Security: max-age=0; includeSubdomains
ryepublisher.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSQYgcRReuTubwk%2F8Sg5eAwuBBFGS2u2dmp8ccgmtcWVwzcRPRm1RXVc%2BWW93VVHVPz%2B5pNSg5eBjBi556v9nNYlyCnsUgsxKQRWHntodsQPDgWQgepSeLow%2Bq3vfqfYfve68%2B3clPiYucniy%2FrbekUnSh3XDrL73veVfqqzLJh%2FVhsPjBYutK3Qxe9dxuw325%2FqZgG3rBdz3X9VyvviyNiPRwwfO8hguZHnS9RtdttPyG125haP5b29yBpQ744JRcguTTCwf3W5BsgiT%2B9pqwG5lOX3kjzhXNtMGA77%2BbbCS6SBDPYWQcRMn%2BGRvaHi8%2FgE72ZoKhB%2F8QQzklzu%2B%2FIUz2z1QiHOw9FRoqiAQh%2Fz%2BKwQRCTSDpBEzfhuTHBGAc13tI4rvXtSno5tMurbpTUnvyJ2QxJbVHzyKJ7y8pOazf1CrPpE4shlEJOZxA9idI80NkW%2Bcgi0Ow7GNI%2FitZeLKKJN7tWaUheTkzL%2BUEMppAiRGodZBXRzrIIwd56iDmJ%2FUOawUBD9qcCsb8MPKCqBW1upS5EXObXR85q%2BSNkKUjMDUCM9tIzTY25OfH7Usw%2BY%2Bw6yUsd2CzKXHe2caAlygEQWEJCkpQSIIiIygG5R5X1rflXa5sHnpn2T%2FLzXKss%2F4O3dNZXyRkJz0lz1SjcZ5%2FeBEb4qTe7oRR4LdbfrMbUhp0RMf3eeB3mpGgAV1ksLKEtOdmbrfklFxmPaRySmpuDyE9hFWHYNIBzT3QYtzxXdD1cStwsZV8H9NEUhbrgRSe32yESvdtqrMG0zG4LpFmNWSbzo46JZdnG3vh%2FCMIdnT13nMH%2F%2FNe%2FAPMlEhNiQ%2FlTwR9dWe8pguyu6YLS77rpZmM5Rattnkzo5k4f%2B8tsVlow1eu2dHXr7GqUcGDW8JmqzThMulb8s2S5FyYZW2YID%2Bs2PdEeCO360u5SfJ09cbryytxaoS1UicTUHnc%2Bwus8vvRg9k%2FvfjLJ5BmApOXiPMjchaQ%2BhAs3YZN5%2BqtJjBqzglTB0Vejo0fzh%2BVJFBiXtOwhP1XHc7xjr2DvqmBZreRxCUGpsRAlaBqBJtfGGepObr685dVfIVQ1cahMrXdUBn1xWy0U3L11sMKnVbXY1h5UmfMFdQLO54QXLSbjLUWWRAuRs1WRwRt3kZmp3zts8d%2FAwAA%2F%2F8BAAD%2F%2FyNifJCDBAAA
200 OK 7 B URL GET HTTP/1.1 ryepublisher.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSQYgcRReuTubwk%2F8Sg5eAwuBBFGS2u2dmp8ccgmtcWVwzcRPRm1RXVc%2BWW93VVHVPz%2B5pNSg5eBjBi556v9nNYlyCnsUgsxKQRWHntodsQPDgWQgepSeLow%2Bq3vfqfYfve68%2B3clPiYucniy%2FrbekUnSh3XDrL73veVfqqzLJh%2FVhsPjBYutK3Qxe9dxuw325%2FqZgG3rBdz3X9VyvviyNiPRwwfO8hguZHnS9RtdttPyG125haP5b29yBpQ744JRcguTTCwf3W5BsgiT%2B9pqwG5lOX3kjzhXNtMGA77%2BbbCS6SBDPYWQcRMn%2BGRvaHi8%2FgE72ZoKhB%2F8QQzklzu%2B%2FIUz2z1QiHOw9FRoqiAQh%2Fz%2BKwQRCTSDpBEzfhuTHBGAc13tI4rvXtSno5tMurbpTUnvyJ2QxJbVHzyKJ7y8pOazf1CrPpE4shlEJOZxA9idI80NkW%2Bcgi0Ow7GNI%2FitZeLKKJN7tWaUheTkzL%2BUEMppAiRGodZBXRzrIIwd56iDmJ%2FUOawUBD9qcCsb8MPKCqBW1upS5EXObXR85q%2BSNkKUjMDUCM9tIzTY25OfH7Usw%2BY%2Bw6yUsd2CzKXHe2caAlygEQWEJCkpQSIIiIygG5R5X1rflXa5sHnpn2T%2FLzXKss%2F4O3dNZXyRkJz0lz1SjcZ5%2FeBEb4qTe7oRR4LdbfrMbUhp0RMf3eeB3mpGgAV1ksLKEtOdmbrfklFxmPaRySmpuDyE9hFWHYNIBzT3QYtzxXdD1cStwsZV8H9NEUhbrgRSe32yESvdtqrMG0zG4LpFmNWSbzo46JZdnG3vh%2FCMIdnT13nMH%2F%2FNe%2FAPMlEhNiQ%2FlTwR9dWe8pguyu6YLS77rpZmM5Rattnkzo5k4f%2B8tsVlow1eu2dHXr7GqUcGDW8JmqzThMulb8s2S5FyYZW2YID%2Bs2PdEeCO360u5SfJ09cbryytxaoS1UicTUHnc%2Bwus8vvRg9k%2FvfjLJ5BmApOXiPMjchaQ%2BhAs3YZN5%2BqtJjBqzglTB0Vejo0fzh%2BVJFBiXtOwhP1XHc7xjr2DvqmBZreRxCUGpsRAlaBqBJtfGGepObr685dVfIVQ1cahMrXdUBn1xWy0U3L11sMKnVbXY1h5UmfMFdQLO54QXLSbjLUWWRAuRs1WRwRt3kZmp3zts8d%2FAwAA%2F%2F8BAAD%2F%2FyNifJCDBAAA
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerLet's Encrypt
Subjectryepublisher.com
Fingerprint44:89:F7:BE:9D:B5:64:34:EC:82:1B:65:8A:E0:06:09:57:BA:28:51
ValiditySun, 16 Apr 2023 07:12:11 GMT - Sat, 15 Jul 2023 07:12:10 GMT
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSQYgcRReuTubwk%2F8Sg5eAwuBBFGS2u2dmp8ccgmtcWVwzcRPRm1RXVc%2BWW93VVHVPz%2B5pNSg5eBjBi556v9nNYlyCnsUgsxKQRWHntodsQPDgWQgepSeLow%2Bq3vfqfYfve68%2B3clPiYucniy%2FrbekUnSh3XDrL73veVfqqzLJh%2FVhsPjBYutK3Qxe9dxuw325%2FqZgG3rBdz3X9VyvviyNiPRwwfO8hguZHnS9RtdttPyG125haP5b29yBpQ744JRcguTTCwf3W5BsgiT%2B9pqwG5lOX3kjzhXNtMGA77%2BbbCS6SBDPYWQcRMn%2BGRvaHi8%2FgE72ZoKhB%2F8QQzklzu%2B%2FIUz2z1QiHOw9FRoqiAQh%2Fz%2BKwQRCTSDpBEzfhuTHBGAc13tI4rvXtSno5tMurbpTUnvyJ2QxJbVHzyKJ7y8pOazf1CrPpE4shlEJOZxA9idI80NkW%2Bcgi0Ow7GNI%2FitZeLKKJN7tWaUheTkzL%2BUEMppAiRGodZBXRzrIIwd56iDmJ%2FUOawUBD9qcCsb8MPKCqBW1upS5EXObXR85q%2BSNkKUjMDUCM9tIzTY25OfH7Usw%2BY%2Bw6yUsd2CzKXHe2caAlygEQWEJCkpQSIIiIygG5R5X1rflXa5sHnpn2T%2FLzXKss%2F4O3dNZXyRkJz0lz1SjcZ5%2FeBEb4qTe7oRR4LdbfrMbUhp0RMf3eeB3mpGgAV1ksLKEtOdmbrfklFxmPaRySmpuDyE9hFWHYNIBzT3QYtzxXdD1cStwsZV8H9NEUhbrgRSe32yESvdtqrMG0zG4LpFmNWSbzo46JZdnG3vh%2FCMIdnT13nMH%2F%2FNe%2FAPMlEhNiQ%2FlTwR9dWe8pguyu6YLS77rpZmM5Rattnkzo5k4f%2B8tsVlow1eu2dHXr7GqUcGDW8JmqzThMulb8s2S5FyYZW2YID%2Bs2PdEeCO360u5SfJ09cbryytxaoS1UicTUHnc%2Bwus8vvRg9k%2FvfjLJ5BmApOXiPMjchaQ%2BhAs3YZN5%2BqtJjBqzglTB0Vejo0fzh%2BVJFBiXtOwhP1XHc7xjr2DvqmBZreRxCUGpsRAlaBqBJtfGGepObr685dVfIVQ1cahMrXdUBn1xWy0U3L11sMKnVbXY1h5UmfMFdQLO54QXLSbjLUWWRAuRs1WRwRt3kZmp3zts8d%2FAwAA%2F%2F8BAAD%2F%2FyNifJCDBAAA HTTP/1.1
Host: ryepublisher.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Cookie: u_pl=18728464; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 03 May 2023 16:33:36 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 12de2a1910b4c5a4b7e333e86943c327
Strict-Transport-Security: max-age=0; includeSubdomains
ryepublisher.com/65/aa/28/65aa283021630dfd9030555c4c61a78c.js
200 OK 29 kB URL GET HTTP/1.1 ryepublisher.com/65/aa/28/65aa283021630dfd9030555c4c61a78c.js
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerLet's Encrypt
Subjectryepublisher.com
Fingerprint44:89:F7:BE:9D:B5:64:34:EC:82:1B:65:8A:E0:06:09:57:BA:28:51
ValiditySun, 16 Apr 2023 07:12:11 GMT - Sat, 15 Jul 2023 07:12:10 GMT
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash 9816ade814850c3ea03515801068565c
dfcc3fdc7be1b4adc956dbaf2c5c68b617dec1b0
1e1d535b0748752e58f28203d93996469ac7eec4d167124e2d44f1e180cdfc6a
GET /65/aa/28/65aa283021630dfd9030555c4c61a78c.js HTTP/1.1
Host: ryepublisher.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Cookie: u_pl=18728464; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 03 May 2023 16:33:36 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c0ea09d26f0a1e877898e7d45d328d5a
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
tideairtight.com/pixel/purst?dl=0&th=0&sc=0&rs=4325&rd=4325&fd=597&bv=22.10.v.10&tmpl=136
200 OK 0 B URL GET HTTP/1.1 tideairtight.com/pixel/purst?dl=0&th=0&sc=0&rs=4325&rd=4325&fd=597&bv=22.10.v.10&tmpl=136
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://www.wedirectpass.com/
Certificate IssuerLet's Encrypt
Subjecttideairtight.com
Fingerprint1C:4D:0B:15:D2:E0:CD:05:28:C5:68:19:52:09:71:D6:CD:36:3C:D7
ValidityMon, 01 May 2023 19:33:15 GMT - Sun, 30 Jul 2023 19:33:14 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pixel/purst?dl=0&th=0&sc=0&rs=4325&rd=4325&fd=597&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: tideairtight.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 03 May 2023 16:33:36 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
instinctivetheeexemplify.com/35/d1/24/35d1247b354f56697190b0a1eaa02236.js
200 OK 29 kB URL GET HTTP/1.1 instinctivetheeexemplify.com/35/d1/24/35d1247b354f56697190b0a1eaa02236.js
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://www.wedirectpass.com/
Certificate IssuerLet's Encrypt
Subjectinstinctivetheeexemplify.com
Fingerprint53:D2:59:BD:B0:52:6A:5F:7C:25:69:14:DA:17:EA:FC:01:0C:1F:41
ValidityMon, 01 May 2023 19:32:47 GMT - Sun, 30 Jul 2023 19:32:46 GMT
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash 9466d436b76ff66a48183b083623dbc0
bf6b4f3e0abfcf19f13fb3ff2fbf5b11d37facbf
56e0022e7f65ea9af2cc3b4c3cb3333a619f79e25f14b5814705cf2e1d0364d9
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /35/d1/24/35d1247b354f56697190b0a1eaa02236.js HTTP/1.1
Host: instinctivetheeexemplify.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 03 May 2023 16:33:36 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f354a7fe9034ea8cd37e8447f0c9c8c0
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
cdn.cloudimagesb.com/cti/cb/3d/d2/cb3dd253d0efc9d9f6550d38b8063211/1627917331.png
200 OK 53 kB URL GET HTTP/2 cdn.cloudimagesb.com/cti/cb/3d/d2/cb3dd253d0efc9d9f6550d38b8063211/1627917331.png
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://www.wedirectpass.com/
Certificate IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
Fingerprint6F:9C:41:9B:BA:6A:17:A2:42:F8:28:FF:ED:09:F8:26:12:F1:4C:7B
ValidityThu, 30 Mar 2023 06:08:09 GMT - Wed, 28 Jun 2023 06:08:08 GMT
File type PNG image data, 728 x 90, 8-bit/color RGB, non-interlaced\012- data
Hash 6f53580f11cab6d69f4d14b753ce88b9
7207346b5c7900711744994dad77dc98bc61df54
570b6950078f257202916963af83af1001dd462a958ca947f8285720ca8eb9dd
GET /cti/cb/3d/d2/cb3dd253d0efc9d9f6550d38b8063211/1627917331.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 03 May 2023 16:33:36 GMT
content-type: image/png
content-length: 52906
server: nginx/1.17.6
last-modified: Mon, 02 Aug 2021 15:15:39 GMT
etag: "61080c1b-ceaa"
expires: Fri, 05 May 2023 16:33:36 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
varycares.com/watch.894893592636.js?key=15bc91630ec0963008ff48491aacecba&kw=%5B%22live%22%2C%22news%22%2C%2224%22%2C%227%22%5D&refer=https%3A%2F%2Fwww.wedirectpass.com%2F&tz=0&dev=e&res=12.2079&uuid=2a66c861-860f-4872-9e1d-c24f5869c10c%3A3%3A1&shu=fa71c50166d6226a35608216e503f41dbc5fe691dc155b0b3a501afd7afc3ff717cb02f50a32bde9a0d8e400d87c89929cb27e75d1068f19a2a5b1210ef1b75775a12728dce39d46b20646767ca1022d36d207ee5ea0677f7e439cc5f9df&pst=1683131676&rmtc=t
200 OK 2.0 kB URL GET HTTP/1.1 varycares.com/watch.894893592636.js?key=15bc91630ec0963008ff48491aacecba&kw=%5B%22live%22%2C%22news%22%2C%2224%22%2C%227%22%5D&refer=https%3A%2F%2Fwww.wedirectpass.com%2F&tz=0&dev=e&res=12.2079&uuid=2a66c861-860f-4872-9e1d-c24f5869c10c%3A3%3A1&shu=fa71c50166d6226a35608216e503f41dbc5fe691dc155b0b3a501afd7afc3ff717cb02f50a32bde9a0d8e400d87c89929cb27e75d1068f19a2a5b1210ef1b75775a12728dce39d46b20646767ca1022d36d207ee5ea0677f7e439cc5f9df&pst=1683131676&rmtc=t
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerLet's Encrypt
Subjectvarycares.com
FingerprintD4:DA:6E:A7:73:68:5A:78:BD:2D:8F:1F:7B:50:F0:57:13:45:7A:B6
ValidityMon, 01 May 2023 19:24:05 GMT - Sun, 30 Jul 2023 19:24:04 GMT
File type HTML document, ASCII text, with very long lines (2433)
Hash 77013b706cad64e0a6bf7d379a5b7401
dba846245f8f036aed6a19364a0ccbafd490dcee
912ab116841f1f4dcec3ee77abcd0cb19bebb7546335298341c0c162f96c449c
GET /watch.894893592636.js?key=15bc91630ec0963008ff48491aacecba&kw=%5B%22live%22%2C%22news%22%2C%2224%22%2C%227%22%5D&refer=https%3A%2F%2Fwww.wedirectpass.com%2F&tz=0&dev=e&res=12.2079&uuid=2a66c861-860f-4872-9e1d-c24f5869c10c%3A3%3A1&shu=fa71c50166d6226a35608216e503f41dbc5fe691dc155b0b3a501afd7afc3ff717cb02f50a32bde9a0d8e400d87c89929cb27e75d1068f19a2a5b1210ef1b75775a12728dce39d46b20646767ca1022d36d207ee5ea0677f7e439cc5f9df&pst=1683131676&rmtc=t HTTP/1.1
Host: varycares.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.wedirectpass.com
Referer: https://www.wedirectpass.com/
Connection: keep-alive
Cookie: u_pl=16607872; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjYwNzg3MiwiayI6IjE1YmM5MTYzMGVjMDk2MzAwOGZmNDg0OTFhYWNlY2JhIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNjYzODIzLCJwaWQiOjI3NDUxMSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxLCJhaWQiOjIzLCJwdCI6NCwicGsiOiJlc3hxeXRkeWgiLCJjcGtzIjp7ICIyOCI6IjM1ZDEyNDdiMzU0ZjU2Njk3MTkwYjBhMWVhYTAyMjM2In0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoxNzkwODg5NDgsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTI0Mzg2LCJibiI6IkZpcmVmb3giLCJidiI6IjExMS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vd3d3LndlZGlyZWN0cGFzcy5jb20vIn19.wzEwUido1LLxb-ZBSBZbkHNMTWnY15uQ0NbLLfxSbqs
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 03 May 2023 16:33:36 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://www.wedirectpass.com
Access-Control-Allow-Origin: https://www.wedirectpass.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=2a66c861-860f-4872-9e1d-c24f5869c10c:3:1; expires=Wed, 10 May 2023 16:33:36 GMT; secure; SameSite=None
pdhtkv=true; expires=Thu, 04 May 2023 16:33:36 GMT; secure; SameSite=None
uncs=1; expires=Thu, 04 May 2023 16:33:36 GMT; secure; SameSite=None
pdhtkv23=true; expires=Thu, 04 May 2023 16:33:36 GMT; secure; SameSite=None
uncs23=1; expires=Thu, 04 May 2023 16:33:36 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 179d3082314c7680c1ff29ddcad14a94
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
princessallotgather.com/watch.1379341486799.js?key=15bc91630ec0963008ff48491aacecba&kw=%5B%22live%22%2C%22news%22%2C%2224%22%2C%227%22%5D&refer=https%3A%2F%2Fwww.wedirectpass.com%2F&tz=0&dev=e&res=12.2079&uuid=2a66c861-860f-4872-9e1d-c24f5869c10c%3A3%3A1&shu=90036b7eb6d8c04ba655935270d264bf84aeaffc96b1b18eeb9603125c76ee8b952c50abc9f4a34fcbcdb5c147bb365723b96933230314e246b2c18feb76462b40605480e32bba6e97e79c19bcfe86c3b4f28256&pst=1683131676&rmtc=t
200 OK 2.0 kB URL GET HTTP/1.1 princessallotgather.com/watch.1379341486799.js?key=15bc91630ec0963008ff48491aacecba&kw=%5B%22live%22%2C%22news%22%2C%2224%22%2C%227%22%5D&refer=https%3A%2F%2Fwww.wedirectpass.com%2F&tz=0&dev=e&res=12.2079&uuid=2a66c861-860f-4872-9e1d-c24f5869c10c%3A3%3A1&shu=90036b7eb6d8c04ba655935270d264bf84aeaffc96b1b18eeb9603125c76ee8b952c50abc9f4a34fcbcdb5c147bb365723b96933230314e246b2c18feb76462b40605480e32bba6e97e79c19bcfe86c3b4f28256&pst=1683131676&rmtc=t
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://www.wedirectpass.com/
Certificate IssuerLet's Encrypt
Subjectprincessallotgather.com
FingerprintC7:B3:BA:6F:D1:89:40:D9:3F:05:86:EF:C6:7A:90:DF:CF:EB:61:D6
ValidityMon, 01 May 2023 19:23:07 GMT - Sun, 30 Jul 2023 19:23:06 GMT
File type HTML document, ASCII text, with very long lines (2461)
Hash 4f4ecac308a11bf9f877df811acc9b05
2e4c0293eafdac93162db10f4e58672a5f4b4235
681c706ce655f12f092c9a8df1f92d0f7872e76573249e86fe8ad540fb334789
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.1379341486799.js?key=15bc91630ec0963008ff48491aacecba&kw=%5B%22live%22%2C%22news%22%2C%2224%22%2C%227%22%5D&refer=https%3A%2F%2Fwww.wedirectpass.com%2F&tz=0&dev=e&res=12.2079&uuid=2a66c861-860f-4872-9e1d-c24f5869c10c%3A3%3A1&shu=90036b7eb6d8c04ba655935270d264bf84aeaffc96b1b18eeb9603125c76ee8b952c50abc9f4a34fcbcdb5c147bb365723b96933230314e246b2c18feb76462b40605480e32bba6e97e79c19bcfe86c3b4f28256&pst=1683131676&rmtc=t HTTP/1.1
Host: princessallotgather.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.wedirectpass.com
Referer: https://www.wedirectpass.com/
Connection: keep-alive
Cookie: u_pl=16607872; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjYwNzg3MiwiayI6IjE1YmM5MTYzMGVjMDk2MzAwOGZmNDg0OTFhYWNlY2JhIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNjYzODIzLCJwaWQiOjI3NDUxMSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxLCJhaWQiOjIzLCJwdCI6NCwicGsiOiJlc3hxeXRkeWgiLCJjcGtzIjp7ICIyOCI6IjM1ZDEyNDdiMzU0ZjU2Njk3MTkwYjBhMWVhYTAyMjM2In0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoxNzkwODg5NDgsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTI0Mzg2LCJibiI6IkZpcmVmb3giLCJidiI6IjExMS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vd3d3LndlZGlyZWN0cGFzcy5jb20vIn19.wzEwUido1LLxb-ZBSBZbkHNMTWnY15uQ0NbLLfxSbqs
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 03 May 2023 16:33:36 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://www.wedirectpass.com
Access-Control-Allow-Origin: https://www.wedirectpass.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=2a66c861-860f-4872-9e1d-c24f5869c10c:3:1; expires=Wed, 10 May 2023 16:33:36 GMT; secure; SameSite=None
pdhtkv=true; expires=Thu, 04 May 2023 16:33:36 GMT; secure; SameSite=None
uncs=1; expires=Thu, 04 May 2023 16:33:36 GMT; secure; SameSite=None
pdhtkv23=true; expires=Thu, 04 May 2023 16:33:36 GMT; secure; SameSite=None
uncs23=1; expires=Thu, 04 May 2023 16:33:36 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 6a9f6ad82b42a68850a74d4ba523adaa
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
immaculatewars.com/watch.1325885492354.js?key=15bc91630ec0963008ff48491aacecba&kw=%5B%22live%22%2C%22news%22%2C%2224%22%2C%227%22%5D&refer=https%3A%2F%2Fwww.wedirectpass.com%2F&tz=0&dev=e&res=12.2079&uuid=2a66c861-860f-4872-9e1d-c24f5869c10c%3A3%3A1
307 Temporary Redirect 0 B URL GET HTTP/1.1 immaculatewars.com/watch.1325885492354.js?key=15bc91630ec0963008ff48491aacecba&kw=%5B%22live%22%2C%22news%22%2C%2224%22%2C%227%22%5D&refer=https%3A%2F%2Fwww.wedirectpass.com%2F&tz=0&dev=e&res=12.2079&uuid=2a66c861-860f-4872-9e1d-c24f5869c10c%3A3%3A1
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerLet's Encrypt
Subjectimmaculatewars.com
Fingerprint26:64:D3:D3:7F:65:9A:0B:C3:17:67:01:B8:A2:EC:31:84:BE:D8:5B
ValidityMon, 01 May 2023 19:15:35 GMT - Sun, 30 Jul 2023 19:15:34 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.1325885492354.js?key=15bc91630ec0963008ff48491aacecba&kw=%5B%22live%22%2C%22news%22%2C%2224%22%2C%227%22%5D&refer=https%3A%2F%2Fwww.wedirectpass.com%2F&tz=0&dev=e&res=12.2079&uuid=2a66c861-860f-4872-9e1d-c24f5869c10c%3A3%3A1 HTTP/1.1
Host: immaculatewars.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.wedirectpass.com
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Wed, 03 May 2023 16:33:36 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://www.wedirectpass.com
Access-Control-Allow-Origin: https://www.wedirectpass.com
Access-Control-Allow-Credentials: true
Location: https://immaculatewars.com/watch.1325885492354.js?key=15bc91630ec0963008ff48491aacecba&kw=%5B%22live%22%2C%22news%22%2C%2224%22%2C%227%22%5D&refer=https%3A%2F%2Fwww.wedirectpass.com%2F&tz=0&dev=e&res=12.2079&uuid=2a66c861-860f-4872-9e1d-c24f5869c10c%3A3%3A1&shu=c8cc2b0875006dc9a7c9a0c95b982a6b182f4b4e7d30e26da7eefa8e17d1d655fcc8531a20e3e36b54550b3a5a3072e49522d43a796aa78a193464825a36c86cb447ff59214a78bde1f759fc8e378370cb66e7f90050119a3fe063ef1fe890483f&pst=1683131676&rmtc=t
Set-Cookie: u_pl=16607872; expires=Thu, 04 May 2023 16:33:36 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjYwNzg3MiwiayI6IjE1YmM5MTYzMGVjMDk2MzAwOGZmNDg0OTFhYWNlY2JhIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNjYzODIzLCJwaWQiOjI3NDUxMSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxLCJhaWQiOjIzLCJwdCI6NCwicGsiOiJlc3hxeXRkeWgiLCJjcGtzIjp7ICIyOCI6IjM1ZDEyNDdiMzU0ZjU2Njk3MTkwYjBhMWVhYTAyMjM2In0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoxNzkwODg5NDgsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTI0Mzg2LCJibiI6IkZpcmVmb3giLCJidiI6IjExMS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vd3d3LndlZGlyZWN0cGFzcy5jb20vIn19.wzEwUido1LLxb-ZBSBZbkHNMTWnY15uQ0NbLLfxSbqs; expires=Wed, 03 May 2023 16:34:36 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: aa3092aadc2c599fe82dc52252b16eb9
Strict-Transport-Security: max-age=0; includeSubdomains
ryepublisher.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSQWgkRRut3p3Dz%2F6XdfGyoDB4EAWZdPfMZHrcQzCukWDcWbMrepPqqupJmequpqp7epJTdEH34GEEL3rqvEk2uIZFz%2BIiE1mQoJC55bBZEDx4FhaP0klw9IPme19%2F7%2FDe%2B%2BqT7fyEuMjp8dLbelMqRefaDbf%2B0vued62%2BIpN8WB8G8x%2FMt67VzeBVz%2B023Jfrbwq2rud813Ndz%2FXqS9KISA%2FnPM9ruJDpftdrdN1Gy2947RaG5r%2BzzR1Y6oAPTsgVSD69tP%2BgBckmSOJvrwu7nun0lTfiXNFMGwz43rvJeqKLBPEMRsZBlOyds6Ht0dJD6GT3VDD04B9iKKfE%2Bf03hMneuUqEg90zoaGCSBDy%2F6MYTCDUBJJOwPQdSH5EAMZxo4ckvndDm4JunG1ptZ2S2tM%2FIYspqT1%2BFkn8YFHJYf2WVnkmdWIxjErI4QSyP0GaHyDbvABZHIBlH0PyX8nc0xUk8U7PKg3Jy1PzUk4gowmUGIFaB3n1SQd55CBPHcT8uN5hrSDgQZtTwZgfRl4QtaJWlzI3Ym6z6yNnlbwRsnQEpkZgZgup2cK6%2FPyofQUm%2FxF2rYTlDmw2Jc47WxjwEoUgKCxBQQkKSVBkBMWg3OXK%2Bra8x5XNQ%2B%2B8%2B%2Be9WY511t%2Bmuzrri4RspyfkmSoa5%2FlHl7EujuvtThgFfrvlN7shpUFHdHyfB36nGQka0HkGK0tIe%2BHU7aackqush1ROSc3tIaQHsOoATDqguQdajDu%2BC7o2bgUuNpPvY5pIymI9kMLzm41Q6b5NddZgOgbXJdKshmzD2VYn5OrpxV64%2BASCHS7cf27%2Ff96Lf4CZEqkp8aH8iaCv7o5XdUF2VnVhyXe9NJOx3KTVNW9lNBMX778lNgpt%2BPJ1O%2Fr6NVYtKrh%2FW9hshSZcJn1LvlmUnAuzpA0T5Idl%2B54Ib%2BZ2bTE3SZ6u3Hx9aTlOjbBW6mQCKo96f4FVfj96ePpOL%2F%2FyKaSZwOQl4vyQnBekPgBLt2DTmXqrCYyaccK0hiIvx8YPZz%2BVJFBiNtOwhP3XHM7wtr2LvqmBZneQxCUGpsRAlaBqBJtfGmepOVz4%2BcuqvkKoauNQmdpOqIz6oor28ZQs3H5UoZOzpK08rjPmCuqFHU8ILtpNxlrzLAjno2arI4I2byOzU7762ZO%2FAQAA%2F%2F8BAAD%2F%2FwD%2FT9aDBAAA
200 OK 7 B URL GET HTTP/1.1 ryepublisher.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSQWgkRRut3p3Dz%2F6XdfGyoDB4EAWZdPfMZHrcQzCukWDcWbMrepPqqupJmequpqp7epJTdEH34GEEL3rqvEk2uIZFz%2BIiE1mQoJC55bBZEDx4FhaP0klw9IPme19%2F7%2FDe%2B%2BqT7fyEuMjp8dLbelMqRefaDbf%2B0vued62%2BIpN8WB8G8x%2FMt67VzeBVz%2B023Jfrbwq2rud813Ndz%2FXqS9KISA%2FnPM9ruJDpftdrdN1Gy2947RaG5r%2BzzR1Y6oAPTsgVSD69tP%2BgBckmSOJvrwu7nun0lTfiXNFMGwz43rvJeqKLBPEMRsZBlOyds6Ht0dJD6GT3VDD04B9iKKfE%2Bf03hMneuUqEg90zoaGCSBDy%2F6MYTCDUBJJOwPQdSH5EAMZxo4ckvndDm4JunG1ptZ2S2tM%2FIYspqT1%2BFkn8YFHJYf2WVnkmdWIxjErI4QSyP0GaHyDbvABZHIBlH0PyX8nc0xUk8U7PKg3Jy1PzUk4gowmUGIFaB3n1SQd55CBPHcT8uN5hrSDgQZtTwZgfRl4QtaJWlzI3Ym6z6yNnlbwRsnQEpkZgZgup2cK6%2FPyofQUm%2FxF2rYTlDmw2Jc47WxjwEoUgKCxBQQkKSVBkBMWg3OXK%2Bra8x5XNQ%2B%2B8%2B%2Be9WY511t%2Bmuzrri4RspyfkmSoa5%2FlHl7EujuvtThgFfrvlN7shpUFHdHyfB36nGQka0HkGK0tIe%2BHU7aackqush1ROSc3tIaQHsOoATDqguQdajDu%2BC7o2bgUuNpPvY5pIymI9kMLzm41Q6b5NddZgOgbXJdKshmzD2VYn5OrpxV64%2BASCHS7cf27%2Ff96Lf4CZEqkp8aH8iaCv7o5XdUF2VnVhyXe9NJOx3KTVNW9lNBMX778lNgpt%2BPJ1O%2Fr6NVYtKrh%2FW9hshSZcJn1LvlmUnAuzpA0T5Idl%2B54Ib%2BZ2bTE3SZ6u3Hx9aTlOjbBW6mQCKo96f4FVfj96ePpOL%2F%2FyKaSZwOQl4vyQnBekPgBLt2DTmXqrCYyaccK0hiIvx8YPZz%2BVJFBiNtOwhP3XHM7wtr2LvqmBZneQxCUGpsRAlaBqBJtfGmepOVz4%2BcuqvkKoauNQmdpOqIz6oor28ZQs3H5UoZOzpK08rjPmCuqFHU8ILtpNxlrzLAjno2arI4I2byOzU7762ZO%2FAQAA%2F%2F8BAAD%2F%2FwD%2FT9aDBAAA
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerLet's Encrypt
Subjectryepublisher.com
Fingerprint44:89:F7:BE:9D:B5:64:34:EC:82:1B:65:8A:E0:06:09:57:BA:28:51
ValiditySun, 16 Apr 2023 07:12:11 GMT - Sat, 15 Jul 2023 07:12:10 GMT
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSQWgkRRut3p3Dz%2F6XdfGyoDB4EAWZdPfMZHrcQzCukWDcWbMrepPqqupJmequpqp7epJTdEH34GEEL3rqvEk2uIZFz%2BIiE1mQoJC55bBZEDx4FhaP0klw9IPme19%2F7%2FDe%2B%2BqT7fyEuMjp8dLbelMqRefaDbf%2B0vued62%2BIpN8WB8G8x%2FMt67VzeBVz%2B023Jfrbwq2rud813Ndz%2FXqS9KISA%2FnPM9ruJDpftdrdN1Gy2947RaG5r%2BzzR1Y6oAPTsgVSD69tP%2BgBckmSOJvrwu7nun0lTfiXNFMGwz43rvJeqKLBPEMRsZBlOyds6Ht0dJD6GT3VDD04B9iKKfE%2Bf03hMneuUqEg90zoaGCSBDy%2F6MYTCDUBJJOwPQdSH5EAMZxo4ckvndDm4JunG1ptZ2S2tM%2FIYspqT1%2BFkn8YFHJYf2WVnkmdWIxjErI4QSyP0GaHyDbvABZHIBlH0PyX8nc0xUk8U7PKg3Jy1PzUk4gowmUGIFaB3n1SQd55CBPHcT8uN5hrSDgQZtTwZgfRl4QtaJWlzI3Ym6z6yNnlbwRsnQEpkZgZgup2cK6%2FPyofQUm%2FxF2rYTlDmw2Jc47WxjwEoUgKCxBQQkKSVBkBMWg3OXK%2Bra8x5XNQ%2B%2B8%2B%2Be9WY511t%2Bmuzrri4RspyfkmSoa5%2FlHl7EujuvtThgFfrvlN7shpUFHdHyfB36nGQka0HkGK0tIe%2BHU7aackqush1ROSc3tIaQHsOoATDqguQdajDu%2BC7o2bgUuNpPvY5pIymI9kMLzm41Q6b5NddZgOgbXJdKshmzD2VYn5OrpxV64%2BASCHS7cf27%2Ff96Lf4CZEqkp8aH8iaCv7o5XdUF2VnVhyXe9NJOx3KTVNW9lNBMX778lNgpt%2BPJ1O%2Fr6NVYtKrh%2FW9hshSZcJn1LvlmUnAuzpA0T5Idl%2B54Ib%2BZ2bTE3SZ6u3Hx9aTlOjbBW6mQCKo96f4FVfj96ePpOL%2F%2FyKaSZwOQl4vyQnBekPgBLt2DTmXqrCYyaccK0hiIvx8YPZz%2BVJFBiNtOwhP3XHM7wtr2LvqmBZneQxCUGpsRAlaBqBJtfGmepOVz4%2BcuqvkKoauNQmdpOqIz6oor28ZQs3H5UoZOzpK08rjPmCuqFHU8ILtpNxlrzLAjno2arI4I2byOzU7762ZO%2FAQAA%2F%2F8BAAD%2F%2FwD%2FT9aDBAAA HTTP/1.1
Host: ryepublisher.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Cookie: u_pl=18728464; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 03 May 2023 16:33:36 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: bc3dceca8078b6785484b2055ebd2afd
Strict-Transport-Security: max-age=0; includeSubdomains
disdainkindle.com/pixel/purst?dl=0&th=0&sc=0&rs=4325&rd=4325&fd=597&bv=22.10.v.10&tmpl=136
200 OK 0 B URL GET HTTP/1.1 disdainkindle.com/pixel/purst?dl=0&th=0&sc=0&rs=4325&rd=4325&fd=597&bv=22.10.v.10&tmpl=136
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://www.wedirectpass.com/
Certificate IssuerLet's Encrypt
Subjectdisdainkindle.com
Fingerprint47:21:F5:C7:94:67:4E:9B:7D:9A:92:AF:92:BE:D0:F4:7B:EE:09:0E
ValidityMon, 01 May 2023 19:14:29 GMT - Sun, 30 Jul 2023 19:14:28 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=4325&rd=4325&fd=597&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: disdainkindle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 03 May 2023 16:33:36 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cylindermonastery.com/pixel/purst?dl=0&th=0&sc=0&rs=4325&rd=4325&fd=597&bv=22.10.v.10&tmpl=136
200 OK 0 B URL GET HTTP/1.1 cylindermonastery.com/pixel/purst?dl=0&th=0&sc=0&rs=4325&rd=4325&fd=597&bv=22.10.v.10&tmpl=136
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://www.wedirectpass.com/
Certificate IssuerLet's Encrypt
Subjectcylindermonastery.com
Fingerprint3F:FF:18:68:12:81:02:F3:4B:36:EC:BD:30:DB:00:48:EC:35:E7:2B
ValidityMon, 01 May 2023 19:27:39 GMT - Sun, 30 Jul 2023 19:27:38 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=4325&rd=4325&fd=597&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: cylindermonastery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 03 May 2023 16:33:36 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
www.wedirectpass.com/feeds/posts/summary/-/NW?alt=json&max-results=15
200 OK 3.7 kB URL GET HTTP/2 www.wedirectpass.com/feeds/posts/summary/-/NW?alt=json&max-results=15
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerGoogle Trust Services LLC
Subjectwww.wedirectpass.com
Fingerprint02:B4:BF:9C:3B:16:18:6A:BF:D1:6F:C1:4E:5E:FF:8D:7C:96:E5:30
ValidityWed, 26 Apr 2023 12:01:03 GMT - Tue, 25 Jul 2023 12:45:10 GMT
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (27732), with no line terminators
Hash c63fb54bdd9bd156640643e71316b410
c0597ad0ac72cb42c7ddc1e6d334343658b5e14f
a5e8a0eefa6b2e82331d26373c8ccac440bc7b78f5d74bbbdd7582ee7864af9a
GET /feeds/posts/summary/-/NW?alt=json&max-results=15 HTTP/1.1
Host: www.wedirectpass.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Cookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=2a66c861-860f-4872-9e1d-c24f5869c10c%3A3%3A1; m5a4xojbcp2nx3gptmm633qal3gzmadn=ryepublisher.com
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cross-origin-resource-policy: cross-origin
etag: W/"253d102a0007afa5fc432ede9a9ae00e9449db08b7a0dc1d99ce9844156cc629"
date: Wed, 03 May 2023 16:33:36 GMT
content-type: application/json; charset=UTF-8
server: blogger-renderd
expires: Wed, 03 May 2023 16:33:37 GMT
cache-control: public, must-revalidate, proxy-revalidate, max-age=1
x-content-type-options: nosniff
x-xss-protection: 0
last-modified: Wed, 03 May 2023 16:21:08 GMT
content-encoding: gzip
content-length: 3668
x-frame-options: SAMEORIGIN
X-Firefox-Spdy: h2
immaculatewars.com/35/d1/24/35d1247b354f56697190b0a1eaa02236.js
200 OK 29 kB URL GET HTTP/1.1 immaculatewars.com/35/d1/24/35d1247b354f56697190b0a1eaa02236.js
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerLet's Encrypt
Subjectimmaculatewars.com
Fingerprint26:64:D3:D3:7F:65:9A:0B:C3:17:67:01:B8:A2:EC:31:84:BE:D8:5B
ValidityMon, 01 May 2023 19:15:35 GMT - Sun, 30 Jul 2023 19:15:34 GMT
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash 3e8634789d6e9be7900488aa4e13924c
b0c5e6adb32ee9aecbe88a601c6a93203d997bb2
8f3a42cf0161f9b5a201d4e77a5c53ec5d660564403af9d4642017efa6f94ed4
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /35/d1/24/35d1247b354f56697190b0a1eaa02236.js HTTP/1.1
Host: immaculatewars.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 03 May 2023 16:33:36 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e4c018d9fcf28a96be13f5f6b6e6c39a
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
instinctivetheeexemplify.com/watch.633615597701.js?key=15bc91630ec0963008ff48491aacecba&kw=%5B%22live%22%2C%22news%22%2C%2224%22%2C%227%22%5D&refer=https%3A%2F%2Fwww.wedirectpass.com%2F&tz=0&dev=e&res=12.2079&uuid=2a66c861-860f-4872-9e1d-c24f5869c10c%3A3%3A1&shu=d7d019f6d4aae056ddb83ad63b42f0b269a7948cf798d4ca9f290ba43877310efd36c20bd8ce7ad8dea560ed073e11603e8d0c84595ff84aa225ef0014ac106fcce5d7c74b3738bdcd1e57c2f0c32ea5026d95&pst=1683131676&rmtc=t
200 OK 2.0 kB URL GET HTTP/1.1 instinctivetheeexemplify.com/watch.633615597701.js?key=15bc91630ec0963008ff48491aacecba&kw=%5B%22live%22%2C%22news%22%2C%2224%22%2C%227%22%5D&refer=https%3A%2F%2Fwww.wedirectpass.com%2F&tz=0&dev=e&res=12.2079&uuid=2a66c861-860f-4872-9e1d-c24f5869c10c%3A3%3A1&shu=d7d019f6d4aae056ddb83ad63b42f0b269a7948cf798d4ca9f290ba43877310efd36c20bd8ce7ad8dea560ed073e11603e8d0c84595ff84aa225ef0014ac106fcce5d7c74b3738bdcd1e57c2f0c32ea5026d95&pst=1683131676&rmtc=t
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://www.wedirectpass.com/
Certificate IssuerLet's Encrypt
Subjectinstinctivetheeexemplify.com
Fingerprint53:D2:59:BD:B0:52:6A:5F:7C:25:69:14:DA:17:EA:FC:01:0C:1F:41
ValidityMon, 01 May 2023 19:32:47 GMT - Sun, 30 Jul 2023 19:32:46 GMT
File type HTML document, ASCII text, with very long lines (2458)
Hash 01c52e59661fb0243d0ad4bb80f7c286
53b939feea1cd1d155fe801b43a49bdc012bafa6
98774910cf878df399924ee9d8fb9f2bd7371a8c3f8aa6feb14d0e655be0fbb8
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.633615597701.js?key=15bc91630ec0963008ff48491aacecba&kw=%5B%22live%22%2C%22news%22%2C%2224%22%2C%227%22%5D&refer=https%3A%2F%2Fwww.wedirectpass.com%2F&tz=0&dev=e&res=12.2079&uuid=2a66c861-860f-4872-9e1d-c24f5869c10c%3A3%3A1&shu=d7d019f6d4aae056ddb83ad63b42f0b269a7948cf798d4ca9f290ba43877310efd36c20bd8ce7ad8dea560ed073e11603e8d0c84595ff84aa225ef0014ac106fcce5d7c74b3738bdcd1e57c2f0c32ea5026d95&pst=1683131676&rmtc=t HTTP/1.1
Host: instinctivetheeexemplify.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.wedirectpass.com
Referer: https://www.wedirectpass.com/
Connection: keep-alive
Cookie: u_pl=16607872; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjYwNzg3MiwiayI6IjE1YmM5MTYzMGVjMDk2MzAwOGZmNDg0OTFhYWNlY2JhIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNjYzODIzLCJwaWQiOjI3NDUxMSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxLCJhaWQiOjIzLCJwdCI6NCwicGsiOiJlc3hxeXRkeWgiLCJjcGtzIjp7ICIyOCI6IjM1ZDEyNDdiMzU0ZjU2Njk3MTkwYjBhMWVhYTAyMjM2In0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoxNzkwODg5NDgsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTI0Mzg2LCJibiI6IkZpcmVmb3giLCJidiI6IjExMS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vd3d3LndlZGlyZWN0cGFzcy5jb20vIn19.wzEwUido1LLxb-ZBSBZbkHNMTWnY15uQ0NbLLfxSbqs
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 03 May 2023 16:33:36 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://www.wedirectpass.com
Access-Control-Allow-Origin: https://www.wedirectpass.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=2a66c861-860f-4872-9e1d-c24f5869c10c:3:1; expires=Wed, 10 May 2023 16:33:36 GMT; secure; SameSite=None
pdhtkv=true; expires=Thu, 04 May 2023 16:33:36 GMT; secure; SameSite=None
uncs=1; expires=Thu, 04 May 2023 16:33:36 GMT; secure; SameSite=None
pdhtkv23=true; expires=Thu, 04 May 2023 16:33:36 GMT; secure; SameSite=None
uncs23=1; expires=Thu, 04 May 2023 16:33:36 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 52090a847a47bac66b9083f182ff8775
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
immaculatewars.com/watch.1325885492354.js?key=15bc91630ec0963008ff48491aacecba&kw=%5B%22live%22%2C%22news%22%2C%2224%22%2C%227%22%5D&refer=https%3A%2F%2Fwww.wedirectpass.com%2F&tz=0&dev=e&res=12.2079&uuid=2a66c861-860f-4872-9e1d-c24f5869c10c%3A3%3A1&shu=c8cc2b0875006dc9a7c9a0c95b982a6b182f4b4e7d30e26da7eefa8e17d1d655fcc8531a20e3e36b54550b3a5a3072e49522d43a796aa78a193464825a36c86cb447ff59214a78bde1f759fc8e378370cb66e7f90050119a3fe063ef1fe890483f&pst=1683131676&rmtc=t
200 OK 2.0 kB URL GET HTTP/1.1 immaculatewars.com/watch.1325885492354.js?key=15bc91630ec0963008ff48491aacecba&kw=%5B%22live%22%2C%22news%22%2C%2224%22%2C%227%22%5D&refer=https%3A%2F%2Fwww.wedirectpass.com%2F&tz=0&dev=e&res=12.2079&uuid=2a66c861-860f-4872-9e1d-c24f5869c10c%3A3%3A1&shu=c8cc2b0875006dc9a7c9a0c95b982a6b182f4b4e7d30e26da7eefa8e17d1d655fcc8531a20e3e36b54550b3a5a3072e49522d43a796aa78a193464825a36c86cb447ff59214a78bde1f759fc8e378370cb66e7f90050119a3fe063ef1fe890483f&pst=1683131676&rmtc=t
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerLet's Encrypt
Subjectimmaculatewars.com
Fingerprint26:64:D3:D3:7F:65:9A:0B:C3:17:67:01:B8:A2:EC:31:84:BE:D8:5B
ValidityMon, 01 May 2023 19:15:35 GMT - Sun, 30 Jul 2023 19:15:34 GMT
File type HTML document, ASCII text, with very long lines (2458)
Hash 690a560ef151afe4d6d0b093d85a2646
5ccc8dcd57ab3fb3cb69313bdacb4ccd96dcf8bf
c927756273ae14fba0ac51b109e0a623693485f0443e1885d7c7ed962659ac8f
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.1325885492354.js?key=15bc91630ec0963008ff48491aacecba&kw=%5B%22live%22%2C%22news%22%2C%2224%22%2C%227%22%5D&refer=https%3A%2F%2Fwww.wedirectpass.com%2F&tz=0&dev=e&res=12.2079&uuid=2a66c861-860f-4872-9e1d-c24f5869c10c%3A3%3A1&shu=c8cc2b0875006dc9a7c9a0c95b982a6b182f4b4e7d30e26da7eefa8e17d1d655fcc8531a20e3e36b54550b3a5a3072e49522d43a796aa78a193464825a36c86cb447ff59214a78bde1f759fc8e378370cb66e7f90050119a3fe063ef1fe890483f&pst=1683131676&rmtc=t HTTP/1.1
Host: immaculatewars.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.wedirectpass.com
Referer: https://www.wedirectpass.com/
Connection: keep-alive
Cookie: u_pl=16607872; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjYwNzg3MiwiayI6IjE1YmM5MTYzMGVjMDk2MzAwOGZmNDg0OTFhYWNlY2JhIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNjYzODIzLCJwaWQiOjI3NDUxMSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxLCJhaWQiOjIzLCJwdCI6NCwicGsiOiJlc3hxeXRkeWgiLCJjcGtzIjp7ICIyOCI6IjM1ZDEyNDdiMzU0ZjU2Njk3MTkwYjBhMWVhYTAyMjM2In0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoxNzkwODg5NDgsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTI0Mzg2LCJibiI6IkZpcmVmb3giLCJidiI6IjExMS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vd3d3LndlZGlyZWN0cGFzcy5jb20vIn19.wzEwUido1LLxb-ZBSBZbkHNMTWnY15uQ0NbLLfxSbqs
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 03 May 2023 16:33:36 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://www.wedirectpass.com
Access-Control-Allow-Origin: https://www.wedirectpass.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=2a66c861-860f-4872-9e1d-c24f5869c10c:3:1; expires=Wed, 10 May 2023 16:33:36 GMT; secure; SameSite=None
pdhtkv=true; expires=Thu, 04 May 2023 16:33:36 GMT; secure; SameSite=None
uncs=1; expires=Thu, 04 May 2023 16:33:36 GMT; secure; SameSite=None
pdhtkv23=true; expires=Thu, 04 May 2023 16:33:36 GMT; secure; SameSite=None
uncs23=1; expires=Thu, 04 May 2023 16:33:36 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 658b1008125a5a198601f312e22e2daf
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
allrightpaint.com/pixel/purst?dl=0&th=0&sc=0&rs=4325&rd=4325&fd=597&bv=22.10.v.10&tmpl=136
200 OK 0 B URL GET HTTP/1.1 allrightpaint.com/pixel/purst?dl=0&th=0&sc=0&rs=4325&rd=4325&fd=597&bv=22.10.v.10&tmpl=136
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://www.wedirectpass.com/
Certificate IssuerLet's Encrypt
Subjectallrightpaint.com
Fingerprint8D:06:9F:55:16:33:4B:59:03:1D:71:41:B4:02:2A:CA:AE:26:C4:74
ValidityMon, 01 May 2023 19:31:33 GMT - Sun, 30 Jul 2023 19:31:32 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=4325&rd=4325&fd=597&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: allrightpaint.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 03 May 2023 16:33:36 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
banquetunarmedgrater.com/advertisers.js
200 OK 0 B URL GET HTTP/1.1 banquetunarmedgrater.com/advertisers.js
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerLet's Encrypt
Subject*.banquetunarmedgrater.com
FingerprintB6:94:DA:E3:84:16:54:0C:6B:00:48:97:8B:AC:17:A6:7D:9D:BE:6B
ValidityMon, 03 Apr 2023 06:06:16 GMT - Sun, 02 Jul 2023 06:06:15 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /advertisers.js HTTP/1.1
Host: banquetunarmedgrater.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 03 May 2023 16:33:37 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 000154046bd312731cfb96c017d37fae
Strict-Transport-Security: max-age=0; includeSubdomains
banquetunarmedgrater.com/advertisers.js
200 OK 0 B URL GET HTTP/1.1 banquetunarmedgrater.com/advertisers.js
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerLet's Encrypt
Subject*.banquetunarmedgrater.com
FingerprintB6:94:DA:E3:84:16:54:0C:6B:00:48:97:8B:AC:17:A6:7D:9D:BE:6B
ValidityMon, 03 Apr 2023 06:06:16 GMT - Sun, 02 Jul 2023 06:06:15 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /advertisers.js HTTP/1.1
Host: banquetunarmedgrater.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 03 May 2023 16:33:37 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8ae3feee3478a67cba63a7e4c4d88a5a
Strict-Transport-Security: max-age=0; includeSubdomains
banquetunarmedgrater.com/advertisers.js
200 OK 0 B URL GET HTTP/1.1 banquetunarmedgrater.com/advertisers.js
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerLet's Encrypt
Subject*.banquetunarmedgrater.com
FingerprintB6:94:DA:E3:84:16:54:0C:6B:00:48:97:8B:AC:17:A6:7D:9D:BE:6B
ValidityMon, 03 Apr 2023 06:06:16 GMT - Sun, 02 Jul 2023 06:06:15 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /advertisers.js HTTP/1.1
Host: banquetunarmedgrater.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 03 May 2023 16:33:37 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 80a82fa545db971d97a76bca553dc5df
Strict-Transport-Security: max-age=0; includeSubdomains
omenrandomoverlive.com/pixel/purst?dl=0&th=0&sc=0&rs=5079&rd=5079&fd=514&bv=22.10.v.10&tmpl=136
200 OK 0 B URL GET HTTP/1.1 omenrandomoverlive.com/pixel/purst?dl=0&th=0&sc=0&rs=5079&rd=5079&fd=514&bv=22.10.v.10&tmpl=136
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://www.wedirectpass.com/
Certificate IssuerLet's Encrypt
Subjectomenrandomoverlive.com
FingerprintF8:B4:78:00:B8:C0:21:9F:8D:CD:82:02:9D:07:80:16:AD:F1:C8:A5
ValidityMon, 01 May 2023 19:19:30 GMT - Sun, 30 Jul 2023 19:19:29 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pixel/purst?dl=0&th=0&sc=0&rs=5079&rd=5079&fd=514&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: omenrandomoverlive.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 03 May 2023 16:33:37 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
onsetours.com/pixel/purst?dl=0&th=0&sc=0&rs=4325&rd=4325&fd=597&bv=22.10.v.10&tmpl=136
200 OK 0 B URL GET HTTP/1.1 onsetours.com/pixel/purst?dl=0&th=0&sc=0&rs=4325&rd=4325&fd=597&bv=22.10.v.10&tmpl=136
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://www.wedirectpass.com/
Certificate IssuerLet's Encrypt
Subjectonsetours.com
FingerprintE3:58:CF:A5:6F:A3:03:F5:03:BD:F4:64:6B:5A:2B:BB:D2:69:E2:1D
ValidityMon, 01 May 2023 19:32:10 GMT - Sun, 30 Jul 2023 19:32:09 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pixel/purst?dl=0&th=0&sc=0&rs=4325&rd=4325&fd=597&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: onsetours.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 03 May 2023 16:33:37 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
www.wedirectpass.com/feeds/posts/summary/-/HD?alt=json&max-results=15
200 OK 1.8 kB URL GET HTTP/2 www.wedirectpass.com/feeds/posts/summary/-/HD?alt=json&max-results=15
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerGoogle Trust Services LLC
Subjectwww.wedirectpass.com
Fingerprint02:B4:BF:9C:3B:16:18:6A:BF:D1:6F:C1:4E:5E:FF:8D:7C:96:E5:30
ValidityWed, 26 Apr 2023 12:01:03 GMT - Tue, 25 Jul 2023 12:45:10 GMT
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (16622), with no line terminators
Hash dd997f1c6f614c8720ed64c8f259dec2
32e172b85b3f231d7303a590738ac969976df5fb
f5a391674df01c021a1e4aa0f939bf7682f408635ec9ae133d82e1b8e69ebe6c
GET /feeds/posts/summary/-/HD?alt=json&max-results=15 HTTP/1.1
Host: www.wedirectpass.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Cookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=2a66c861-860f-4872-9e1d-c24f5869c10c%3A3%3A1; m5a4xojbcp2nx3gptmm633qal3gzmadn=ryepublisher.com
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cross-origin-resource-policy: cross-origin
etag: W/"cf1516c0dfffb290e4448243ceed7ddb72e17112c8f966c301295c2733fa17f5"
date: Wed, 03 May 2023 16:33:37 GMT
content-type: application/json; charset=UTF-8
server: blogger-renderd
expires: Wed, 03 May 2023 16:33:38 GMT
cache-control: public, must-revalidate, proxy-revalidate, max-age=1
x-content-type-options: nosniff
x-xss-protection: 0
last-modified: Wed, 03 May 2023 16:21:08 GMT
content-encoding: gzip
content-length: 1806
x-frame-options: SAMEORIGIN
X-Firefox-Spdy: h2
princesinistervirus.com/sbar.json?key=f5cdd6689bc2581a9da8b3738bf62f1e&uuid=2a66c861-860f-4872-9e1d-c24f5869c10c%3A3%3A1
200 OK 3.7 kB URL GET HTTP/1.1 princesinistervirus.com/sbar.json?key=f5cdd6689bc2581a9da8b3738bf62f1e&uuid=2a66c861-860f-4872-9e1d-c24f5869c10c%3A3%3A1
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://www.wedirectpass.com/
Certificate IssuerLet's Encrypt
Subjectprincesinistervirus.com
Fingerprint3F:32:44:B2:F0:11:1E:65:F0:CE:5F:D8:67:23:DD:C4:40:8E:9D:CB
ValidityThu, 27 Apr 2023 02:00:35 GMT - Wed, 26 Jul 2023 02:00:34 GMT
File type JSON data\012- , ASCII text, with very long lines (6334), with no line terminators
Hash dc5131bc549b42e84e9f4a831ac54f4d
13c0be6ebcb26ae8440e568fe07df7c179c2144d
5738dc95a210a2eab902ea0fe63b0ef93004b050384b03ecc3f768dc5126ea04
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=f5cdd6689bc2581a9da8b3738bf62f1e&uuid=2a66c861-860f-4872-9e1d-c24f5869c10c%3A3%3A1 HTTP/1.1
Host: princesinistervirus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.wedirectpass.com
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Cookie: u_pl=16607872; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjYwNzg3MiwiayI6IjE1YmM5MTYzMGVjMDk2MzAwOGZmNDg0OTFhYWNlY2JhIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNjYzODIzLCJwaWQiOjI3NDUxMSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxLCJhaWQiOjIzLCJwdCI6NCwicGsiOiJlc3hxeXRkeWgiLCJjcGtzIjp7ICIyOCI6IjM1ZDEyNDdiMzU0ZjU2Njk3MTkwYjBhMWVhYTAyMjM2In0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoxNzkwODg5NDgsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTI0Mzg2LCJibiI6IkZpcmVmb3giLCJidiI6IjExMS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vd3d3LndlZGlyZWN0cGFzcy5jb20vIn19.wzEwUido1LLxb-ZBSBZbkHNMTWnY15uQ0NbLLfxSbqs; uid_id2=2a66c861-860f-4872-9e1d-c24f5869c10c:3:1; pdhtkv=true; uncs=1; pdhtkv23=true; uncs23=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 03 May 2023 16:33:37 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://www.wedirectpass.com
Access-Control-Allow-Origin: https://www.wedirectpass.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=16607872,16607875; expires=Thu, 04 May 2023 16:33:37 GMT; secure; SameSite=None
uid_id2=2a66c861-860f-4872-9e1d-c24f5869c10c:3:1; expires=Wed, 10 May 2023 16:33:37 GMT; secure; SameSite=None
uncs=2; expires=Thu, 04 May 2023 16:33:37 GMT; secure; SameSite=None
pdhtkv29=true; expires=Thu, 04 May 2023 16:33:37 GMT; secure; SameSite=None
uncs29=1; expires=Thu, 04 May 2023 16:33:37 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0b5be5f2b4c21f6666fa72714d83011d
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
fademployedtransactions.com/pixel/purst?dl=0&th=0&sc=0&rs=4325&rd=4325&fd=597&bv=22.10.v.10&tmpl=136
200 OK 0 B URL GET HTTP/1.1 fademployedtransactions.com/pixel/purst?dl=0&th=0&sc=0&rs=4325&rd=4325&fd=597&bv=22.10.v.10&tmpl=136
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://www.wedirectpass.com/
Certificate IssuerLet's Encrypt
Subjectfademployedtransactions.com
Fingerprint65:FD:BF:52:15:A8:3B:FA:35:76:BB:36:0B:43:5C:B3:10:6D:BF:25
ValidityMon, 01 May 2023 19:30:07 GMT - Sun, 30 Jul 2023 19:30:06 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=4325&rd=4325&fd=597&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: fademployedtransactions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 03 May 2023 16:33:37 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
ponyresentment.com/pixel/purst?dl=0&th=0&sc=0&rs=4325&rd=4325&fd=597&bv=22.10.v.10&tmpl=136
200 OK 0 B URL GET HTTP/1.1 ponyresentment.com/pixel/purst?dl=0&th=0&sc=0&rs=4325&rd=4325&fd=597&bv=22.10.v.10&tmpl=136
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://www.wedirectpass.com/
Certificate IssuerLet's Encrypt
Subjectponyresentment.com
FingerprintBD:E0:3F:20:DF:CF:8C:30:73:D6:E2:92:2B:01:C9:E3:9D:53:C2:34
ValidityMon, 01 May 2023 19:25:20 GMT - Sun, 30 Jul 2023 19:25:19 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pixel/purst?dl=0&th=0&sc=0&rs=4325&rd=4325&fd=597&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: ponyresentment.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 03 May 2023 16:33:37 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
princesinistervirus.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSPWwcRRueTfw1SfVFNClAV1CAhM%2B7e3t3u6SICMEoiolDwp9o0OzM7Hlyszurmf25WCBFBKEUIDkV7d5ztsNPFEGNQOhMZwnJR%2BUCI5BA9EjpkJDPFoZp3vf5KZ559H44Lg%2BIi5LuL7%2Bi16VSdKnbdlvPvOV5F1orMitHrVHYe6cXXGiZ6nnPjdrus62XBRvqJd%2F1XNdzvdayNCLRoyXP89ouZP4w8tqR2w78ttcNMDL%2FxbY8BUsd8OqAnIPkszMPHwWQbIos%2FfKysMNC58%2B9lJaKFtqg4g9ez4aZrjOkJ2tiHCTZg2M3tN1b%2FhY625oHhq7%2BMcZyRpzffkWcPThOibjaOgoaK4gMMT%2BLuppCqCkknYLpu5B8jwCM49oqsnT7mjY1vX2k0kN1RhYe%2FwlZz8jCT08gSx9dUnLUuqlVWUidWYySBnI0hRxMkZc7KNZPQdY7YMX7kPwHsvR4BVm6uWqVhuT7T%2Fu012Nhz1sMe26yGIR9fzESHl9kfpB0w17EPJfNG5JyCplMocQGqD2N0joopYMycVDmDlK%2B3%2BqzIAx52OVUMObHiRcmQRJElLkJczuRj5Id%2FmEDRb4BpjbAzAef5nytGFZ%2BZ7MwpdguM2b9ztjbPqLn5OYhOfaQmzsYyvt73XMw5Xewaw0s%2Fx9sMSPOq%2B%2Bh4g1qQVBbgpoS1JKgLgjqqtniyvq22ebKlrF3PP3j2WkmuhiM6ZYuBiIj4%2FyA%2FH%2Fe9F%2B37mIo9ltJl3He64VRzPxu6NGI0zDu9DthnPT8xBOwsoG0p0Ctg3U5I%2BfZKnI5IwvuKmK6A6t2wKQDWj4JWk%2F6vgu6NglCF%2BvZ1ynNJGWprqTw%2FE47Vnpgc120mU7BdYO8WEBx2xmrA3J%2BHiv6%2FSwE2734ycerP1%2Fgb4OZBrlpcEt%2BTzBQ9yY3dE02b%2Bjakq9W80Kmcp0eHsfNghbi9OdXxe1aG37lst347AV2KByuD18TtlihGZfZwJIvLknOhVnWhgnyzRX7poivl3btUmmyMl%2B5%2FuLylTQ3wlqpsymo3HvjXTA5I2fMcH72T%2F1xFdJMYcoGablLjh%2BknoLld2Dzk%2FRWExh14olzB3XZTIwfn5BKEihxgmncwP4Lxyf72N7DwDigxV1kaYPKNKhUA6o2YMvTkyI3uxd%2F7MwfYuVMYmWczVgZdf%2BoWiv3W6IvelEUuEGfu24ccN%2F3uoLRTkAj6vtJH4Wd8Rsf%2FfI3AAAA%2F%2F8BAAD%2F%2F98GkPHDBAAA
200 OK 7 B URL GET HTTP/1.1 princesinistervirus.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSPWwcRRueTfw1SfVFNClAV1CAhM%2B7e3t3u6SICMEoiolDwp9o0OzM7Hlyszurmf25WCBFBKEUIDkV7d5ztsNPFEGNQOhMZwnJR%2BUCI5BA9EjpkJDPFoZp3vf5KZ559H44Lg%2BIi5LuL7%2Bi16VSdKnbdlvPvOV5F1orMitHrVHYe6cXXGiZ6nnPjdrus62XBRvqJd%2F1XNdzvdayNCLRoyXP89ouZP4w8tqR2w78ttcNMDL%2FxbY8BUsd8OqAnIPkszMPHwWQbIos%2FfKysMNC58%2B9lJaKFtqg4g9ez4aZrjOkJ2tiHCTZg2M3tN1b%2FhY625oHhq7%2BMcZyRpzffkWcPThOibjaOgoaK4gMMT%2BLuppCqCkknYLpu5B8jwCM49oqsnT7mjY1vX2k0kN1RhYe%2FwlZz8jCT08gSx9dUnLUuqlVWUidWYySBnI0hRxMkZc7KNZPQdY7YMX7kPwHsvR4BVm6uWqVhuT7T%2Fu012Nhz1sMe26yGIR9fzESHl9kfpB0w17EPJfNG5JyCplMocQGqD2N0joopYMycVDmDlK%2B3%2BqzIAx52OVUMObHiRcmQRJElLkJczuRj5Id%2FmEDRb4BpjbAzAef5nytGFZ%2BZ7MwpdguM2b9ztjbPqLn5OYhOfaQmzsYyvt73XMw5Xewaw0s%2Fx9sMSPOq%2B%2Bh4g1qQVBbgpoS1JKgLgjqqtniyvq22ebKlrF3PP3j2WkmuhiM6ZYuBiIj4%2FyA%2FH%2Fe9F%2B37mIo9ltJl3He64VRzPxu6NGI0zDu9DthnPT8xBOwsoG0p0Ctg3U5I%2BfZKnI5IwvuKmK6A6t2wKQDWj4JWk%2F6vgu6NglCF%2BvZ1ynNJGWprqTw%2FE47Vnpgc120mU7BdYO8WEBx2xmrA3J%2BHiv6%2FSwE2734ycerP1%2Fgb4OZBrlpcEt%2BTzBQ9yY3dE02b%2Bjakq9W80Kmcp0eHsfNghbi9OdXxe1aG37lst347AV2KByuD18TtlihGZfZwJIvLknOhVnWhgnyzRX7poivl3btUmmyMl%2B5%2FuLylTQ3wlqpsymo3HvjXTA5I2fMcH72T%2F1xFdJMYcoGablLjh%2BknoLld2Dzk%2FRWExh14olzB3XZTIwfn5BKEihxgmncwP4Lxyf72N7DwDigxV1kaYPKNKhUA6o2YMvTkyI3uxd%2F7MwfYuVMYmWczVgZdf%2BoWiv3W6IvelEUuEGfu24ccN%2F3uoLRTkAj6vtJH4Wd8Rsf%2FfI3AAAA%2F%2F8BAAD%2F%2F98GkPHDBAAA
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://www.wedirectpass.com/
Certificate IssuerLet's Encrypt
Subjectprincesinistervirus.com
Fingerprint3F:32:44:B2:F0:11:1E:65:F0:CE:5F:D8:67:23:DD:C4:40:8E:9D:CB
ValidityThu, 27 Apr 2023 02:00:35 GMT - Wed, 26 Jul 2023 02:00:34 GMT
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSPWwcRRueTfw1SfVFNClAV1CAhM%2B7e3t3u6SICMEoiolDwp9o0OzM7Hlyszurmf25WCBFBKEUIDkV7d5ztsNPFEGNQOhMZwnJR%2BUCI5BA9EjpkJDPFoZp3vf5KZ559H44Lg%2BIi5LuL7%2Bi16VSdKnbdlvPvOV5F1orMitHrVHYe6cXXGiZ6nnPjdrus62XBRvqJd%2F1XNdzvdayNCLRoyXP89ouZP4w8tqR2w78ttcNMDL%2FxbY8BUsd8OqAnIPkszMPHwWQbIos%2FfKysMNC58%2B9lJaKFtqg4g9ez4aZrjOkJ2tiHCTZg2M3tN1b%2FhY625oHhq7%2BMcZyRpzffkWcPThOibjaOgoaK4gMMT%2BLuppCqCkknYLpu5B8jwCM49oqsnT7mjY1vX2k0kN1RhYe%2FwlZz8jCT08gSx9dUnLUuqlVWUidWYySBnI0hRxMkZc7KNZPQdY7YMX7kPwHsvR4BVm6uWqVhuT7T%2Fu012Nhz1sMe26yGIR9fzESHl9kfpB0w17EPJfNG5JyCplMocQGqD2N0joopYMycVDmDlK%2B3%2BqzIAx52OVUMObHiRcmQRJElLkJczuRj5Id%2FmEDRb4BpjbAzAef5nytGFZ%2BZ7MwpdguM2b9ztjbPqLn5OYhOfaQmzsYyvt73XMw5Xewaw0s%2Fx9sMSPOq%2B%2Bh4g1qQVBbgpoS1JKgLgjqqtniyvq22ebKlrF3PP3j2WkmuhiM6ZYuBiIj4%2FyA%2FH%2Fe9F%2B37mIo9ltJl3He64VRzPxu6NGI0zDu9DthnPT8xBOwsoG0p0Ctg3U5I%2BfZKnI5IwvuKmK6A6t2wKQDWj4JWk%2F6vgu6NglCF%2BvZ1ynNJGWprqTw%2FE47Vnpgc120mU7BdYO8WEBx2xmrA3J%2BHiv6%2FSwE2734ycerP1%2Fgb4OZBrlpcEt%2BTzBQ9yY3dE02b%2Bjakq9W80Kmcp0eHsfNghbi9OdXxe1aG37lst347AV2KByuD18TtlihGZfZwJIvLknOhVnWhgnyzRX7poivl3btUmmyMl%2B5%2FuLylTQ3wlqpsymo3HvjXTA5I2fMcH72T%2F1xFdJMYcoGablLjh%2BknoLld2Dzk%2FRWExh14olzB3XZTIwfn5BKEihxgmncwP4Lxyf72N7DwDigxV1kaYPKNKhUA6o2YMvTkyI3uxd%2F7MwfYuVMYmWczVgZdf%2BoWiv3W6IvelEUuEGfu24ccN%2F3uoLRTkAj6vtJH4Wd8Rsf%2FfI3AAAA%2F%2F8BAAD%2F%2F98GkPHDBAAA HTTP/1.1
Host: princesinistervirus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Cookie: u_pl=16607872,16607875; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjYwNzg3MiwiayI6IjE1YmM5MTYzMGVjMDk2MzAwOGZmNDg0OTFhYWNlY2JhIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNjYzODIzLCJwaWQiOjI3NDUxMSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxLCJhaWQiOjIzLCJwdCI6NCwicGsiOiJlc3hxeXRkeWgiLCJjcGtzIjp7ICIyOCI6IjM1ZDEyNDdiMzU0ZjU2Njk3MTkwYjBhMWVhYTAyMjM2In0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoxNzkwODg5NDgsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTI0Mzg2LCJibiI6IkZpcmVmb3giLCJidiI6IjExMS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vd3d3LndlZGlyZWN0cGFzcy5jb20vIn19.wzEwUido1LLxb-ZBSBZbkHNMTWnY15uQ0NbLLfxSbqs; uid_id2=2a66c861-860f-4872-9e1d-c24f5869c10c:3:1; pdhtkv=true; uncs=2; pdhtkv23=true; uncs23=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 03 May 2023 16:33:37 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c5af3e147b72e03e0c4dd8c925d688c9
Strict-Transport-Security: max-age=0; includeSubdomains
cdn.cloudimagesb.com/si/97/1b/94/971b94f609762e18222a7efa0ac567cc/1667590869.png
200 OK 33 kB URL GET HTTP/2 cdn.cloudimagesb.com/si/97/1b/94/971b94f609762e18222a7efa0ac567cc/1667590869.png
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://www.wedirectpass.com/
Certificate IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
Fingerprint6F:9C:41:9B:BA:6A:17:A2:42:F8:28:FF:ED:09:F8:26:12:F1:4C:7B
ValidityThu, 30 Mar 2023 06:08:09 GMT - Wed, 28 Jun 2023 06:08:08 GMT
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash 99620d5e4f1ae93546c6dd31a58b5dd2
9dbe4c1e192890c3ddf47e7d1b7ba083b6c81aa6
8bb431af545d60f16b55862430b4876b8443d4d2969eaa49be045d414864b3f2
GET /si/97/1b/94/971b94f609762e18222a7efa0ac567cc/1667590869.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 03 May 2023 16:33:37 GMT
content-type: image/png
content-length: 32558
server: nginx/1.17.6
last-modified: Fri, 04 Nov 2022 19:41:17 GMT
etag: "63656add-7f2e"
expires: Fri, 05 May 2023 16:33:37 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.wedirectpass.com/favicon.ico
200 OK 412 B URL GET HTTP/2 www.wedirectpass.com/favicon.ico
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerGoogle Trust Services LLC
Subjectwww.wedirectpass.com
Fingerprint02:B4:BF:9C:3B:16:18:6A:BF:D1:6F:C1:4E:5E:FF:8D:7C:96:E5:30
ValidityWed, 26 Apr 2023 12:01:03 GMT - Tue, 25 Jul 2023 12:45:10 GMT
File type MS Windows icon resource - 2 icons, 32x32, 8 bits/pixel, 16x16, 8 bits/pixel\012- data
Hash 501c61a70f5c41181aa050d9110909ca
5b985d5671a7caf686fdfb1df13488c4407f6c9f
c4aaf001607ee331f6871b4dbbf45942b1e197726714fd106e46d70cc10ee97e
GET /favicon.ico HTTP/1.1
Host: www.wedirectpass.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Cookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=2a66c861-860f-4872-9e1d-c24f5869c10c%3A3%3A1; m5a4xojbcp2nx3gptmm633qal3gzmadn=ryepublisher.com; ppu_main_35d1247b354f56697190b0a1eaa02236=1; ppu_idelay_35d1247b354f56697190b0a1eaa02236=1; sb_main_f5cdd6689bc2581a9da8b3738bf62f1e=1; sb_count_f5cdd6689bc2581a9da8b3738bf62f1e=1; ppu_main_65aa283021630dfd9030555c4c61a78c=1; pbpr0tpuw4isk85t8yg3jb2lj5vqf=princesinistervirus.com
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/x-icon; charset=UTF-8
expires: Wed, 03 May 2023 16:33:37 GMT
date: Wed, 03 May 2023 16:33:37 GMT
cache-control: private, max-age=86400
last-modified: Wed, 03 May 2023 16:21:08 GMT
etag: W/"75e732ec66bff8e5b964ceeec570756a34756929eff2b4867c629e29ca1f4726"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 412
server: GSE
X-Firefox-Spdy: h2
connect.facebook.net/en_US/sdk.js
1.7 kB URL connect.facebook.net/en_US/sdk.js
IP
File type ASCII text, with very long lines (1957)
Hash a041dea10cd2600383087b9c81373f0f
38095c75a4dbf0515f99fd6c6e7b28d152a63261
619d6686abfe9e2b1928ee0f2884ee8689886e0c271509738fe72e2974bfe99e
GET /en_US/sdk.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: 3cfc931a15363ec6a686fca8ce9bb763
etag: "022d256efed39e7ba47fd876b933f4c5"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Wed, 03 May 2023 16:49:13 GMT
cache-control: public,max-age=1200,stale-while-revalidate=3600
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
document-policy: force-load-at-top
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-fb-rlafr: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: oEHeoQzSYAODCHucgTc/Dw==
x-fb-debug: apDaWChjeZ9Mq8lOELz8ZOQUp8QRRKNn93BSEk/XiAHrXEFpsfJV25FVciO+37FFbjTqcv1P1eNh7ZHuGXFLpQ==
content-length: 1685
x-fb-trip-id: 1679558926
date: Wed, 03 May 2023 16:33:37 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
472 B IP
Hash 31a67514088879e290f7f3b0d89d24ca
b44848e51569aaa3b48221413073cd9b96dd17a1
9b08ddbccb257597ebfc39f92e8fd7313d79820961520e6eb595592635f49700
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 03 May 2023 16:33:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
472 B IP
Hash 31a67514088879e290f7f3b0d89d24ca
b44848e51569aaa3b48221413073cd9b96dd17a1
9b08ddbccb257597ebfc39f92e8fd7313d79820961520e6eb595592635f49700
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 03 May 2023 16:33:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
472 B IP
Hash 31a67514088879e290f7f3b0d89d24ca
b44848e51569aaa3b48221413073cd9b96dd17a1
9b08ddbccb257597ebfc39f92e8fd7313d79820961520e6eb595592635f49700
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 03 May 2023 16:33:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
472 B IP
Hash 31a67514088879e290f7f3b0d89d24ca
b44848e51569aaa3b48221413073cd9b96dd17a1
9b08ddbccb257597ebfc39f92e8fd7313d79820961520e6eb595592635f49700
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 03 May 2023 16:33:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
472 B IP
Hash 31a67514088879e290f7f3b0d89d24ca
b44848e51569aaa3b48221413073cd9b96dd17a1
9b08ddbccb257597ebfc39f92e8fd7313d79820961520e6eb595592635f49700
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 03 May 2023 16:33:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
lh3.googleusercontent.com/blogger_img_proxy/AByxGDS5hQNdtiVdB00412ScNSXttCKmy4kWkmAM9fQI7b3kVhLw2woV5sLpFFO-FbW_nyWggdzRY-bEYTRn8HhD0qnXx3RNQkgOCct8iMHQVu_OtfNA
200 OK 30 kB URL GET HTTP/2 lh3.googleusercontent.com/blogger_img_proxy/AByxGDS5hQNdtiVdB00412ScNSXttCKmy4kWkmAM9fQI7b3kVhLw2woV5sLpFFO-FbW_nyWggdzRY-bEYTRn8HhD0qnXx3RNQkgOCct8iMHQVu_OtfNA
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
Fingerprint2A:20:E3:7B:7F:8B:64:5C:E0:A1:6B:F4:DE:4C:76:6D:B9:10:D8:67
ValidityMon, 03 Apr 2023 08:24:22 GMT - Mon, 26 Jun 2023 08:24:21 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 480x360, components 3\012- data
Hash ddd9af882f76e5541566ee8f9825ff43
23b860eb883d98903c6ba89e03f4ce112c502a3b
d7869456ef803beebbea6de284239f1fd1a49584e189af910fc0c6b479d88de8
GET /blogger_img_proxy/AByxGDS5hQNdtiVdB00412ScNSXttCKmy4kWkmAM9fQI7b3kVhLw2woV5sLpFFO-FbW_nyWggdzRY-bEYTRn8HhD0qnXx3RNQkgOCct8iMHQVu_OtfNA HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
access-control-expose-headers: Content-Length
expires: Thu, 04 May 2023 16:33:37 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
x-content-type-options: nosniff
date: Wed, 03 May 2023 16:33:37 GMT
server: fife
content-length: 29979
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
lh3.googleusercontent.com/blogger_img_proxy/AByxGDT-rK4Xd8VqhrEN94NWQjACSx5tQK31GXPRfdxQvT7-ZngRJvs_pE6Ki1QpAGJ7tnod_nj-QwU275RXsclKus-A0rF2S05USaXF__xraiLKsVJm
200 OK 34 kB URL GET HTTP/2 lh3.googleusercontent.com/blogger_img_proxy/AByxGDT-rK4Xd8VqhrEN94NWQjACSx5tQK31GXPRfdxQvT7-ZngRJvs_pE6Ki1QpAGJ7tnod_nj-QwU275RXsclKus-A0rF2S05USaXF__xraiLKsVJm
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
Fingerprint2A:20:E3:7B:7F:8B:64:5C:E0:A1:6B:F4:DE:4C:76:6D:B9:10:D8:67
ValidityMon, 03 Apr 2023 08:24:22 GMT - Mon, 26 Jun 2023 08:24:21 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 480x360, components 3\012- data
Hash e380b1ee9e3d8c6a777878f41faacb83
e2e85545c69c04ea861cbb1f7bca572850cac6e8
2bb5b5d18d86737b81190c9bb27af88503b0e45915b9a858d66cc6afc53448b7
GET /blogger_img_proxy/AByxGDT-rK4Xd8VqhrEN94NWQjACSx5tQK31GXPRfdxQvT7-ZngRJvs_pE6Ki1QpAGJ7tnod_nj-QwU275RXsclKus-A0rF2S05USaXF__xraiLKsVJm HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
access-control-expose-headers: Content-Length
expires: Thu, 04 May 2023 16:33:37 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
x-content-type-options: nosniff
date: Wed, 03 May 2023 16:33:37 GMT
server: fife
content-length: 33527
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
lh3.googleusercontent.com/blogger_img_proxy/AByxGDRxqj_s5fXTF72M8Yj8DhiWd2KC8UAJDFOtFNCA0pssUO64AQcnZd_hWiE8gkcF6nTm1E_5EbW5sJ8OzLBbmPIUzhH1FjSZGU7RYTs4hBIQvjY3kQ
200 OK 43 kB URL GET HTTP/2 lh3.googleusercontent.com/blogger_img_proxy/AByxGDRxqj_s5fXTF72M8Yj8DhiWd2KC8UAJDFOtFNCA0pssUO64AQcnZd_hWiE8gkcF6nTm1E_5EbW5sJ8OzLBbmPIUzhH1FjSZGU7RYTs4hBIQvjY3kQ
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
Fingerprint2A:20:E3:7B:7F:8B:64:5C:E0:A1:6B:F4:DE:4C:76:6D:B9:10:D8:67
ValidityMon, 03 Apr 2023 08:24:22 GMT - Mon, 26 Jun 2023 08:24:21 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 480x360, components 3\012- data
Hash e59a653698794bfc1c3ca9f5c3f3993f
255f3d88e8af55360dfc9fe6cfeadde0d2b1ce57
9c9b976cfaa1c79b9c3f5c3aa8da9b9263f28929404d34a6d134b41bf62eace2
GET /blogger_img_proxy/AByxGDRxqj_s5fXTF72M8Yj8DhiWd2KC8UAJDFOtFNCA0pssUO64AQcnZd_hWiE8gkcF6nTm1E_5EbW5sJ8OzLBbmPIUzhH1FjSZGU7RYTs4hBIQvjY3kQ HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
access-control-expose-headers: Content-Length
expires: Thu, 04 May 2023 16:33:37 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
x-content-type-options: nosniff
date: Wed, 03 May 2023 16:33:37 GMT
server: fife
content-length: 42985
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
lh3.googleusercontent.com/blogger_img_proxy/AByxGDSqpJE5zBCLKjte5sBZnmdFuohgfhB7jIEv87NSEhDe6phcBwc8j9TL4ZmcyOkUIkholb-BjVRMBYFeJYPf7_d51s72BvPn-c40-SmZWU62iTQvgw
200 OK 28 kB URL GET HTTP/2 lh3.googleusercontent.com/blogger_img_proxy/AByxGDSqpJE5zBCLKjte5sBZnmdFuohgfhB7jIEv87NSEhDe6phcBwc8j9TL4ZmcyOkUIkholb-BjVRMBYFeJYPf7_d51s72BvPn-c40-SmZWU62iTQvgw
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
Fingerprint2A:20:E3:7B:7F:8B:64:5C:E0:A1:6B:F4:DE:4C:76:6D:B9:10:D8:67
ValidityMon, 03 Apr 2023 08:24:22 GMT - Mon, 26 Jun 2023 08:24:21 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 480x360, components 3\012- data
Hash 03f0254e3863f62ca8b3e0df62b2a172
613ba877a30723f9c6291e435b789640cc05ce4c
5e0725317451d67e204de4bd877488438d078344d5bfbb589c4fc4cad46b640e
GET /blogger_img_proxy/AByxGDSqpJE5zBCLKjte5sBZnmdFuohgfhB7jIEv87NSEhDe6phcBwc8j9TL4ZmcyOkUIkholb-BjVRMBYFeJYPf7_d51s72BvPn-c40-SmZWU62iTQvgw HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/jpeg
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
access-control-expose-headers: Content-Length
expires: Thu, 04 May 2023 16:33:37 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
x-content-type-options: nosniff
date: Wed, 03 May 2023 16:33:37 GMT
server: fife
content-length: 27913
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
lh3.googleusercontent.com/blogger_img_proxy/AByxGDQLwnZ1Uerg8xWlW6Q1ELUWhWNdNNNIGdktnD1S4eG_pz8miClWLO5ceGVSONtVfgPveBzZi8y2FMtRQ96D4LTbsjRWoQMVxFIp2hrZSsQBm8gwrA
200 OK 49 kB URL GET HTTP/2 lh3.googleusercontent.com/blogger_img_proxy/AByxGDQLwnZ1Uerg8xWlW6Q1ELUWhWNdNNNIGdktnD1S4eG_pz8miClWLO5ceGVSONtVfgPveBzZi8y2FMtRQ96D4LTbsjRWoQMVxFIp2hrZSsQBm8gwrA
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
Fingerprint2A:20:E3:7B:7F:8B:64:5C:E0:A1:6B:F4:DE:4C:76:6D:B9:10:D8:67
ValidityMon, 03 Apr 2023 08:24:22 GMT - Mon, 26 Jun 2023 08:24:21 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 480x360, components 3\012- data
Hash 8c95025881f7231f9ad4b3877187c5f9
cd52eb8d5d5f320eba8b0bf74b2c91c70430a318
984248ec9258a4a9f4653ad8dcf2765e1413a854b47b8996d7aa278e9e77ae05
GET /blogger_img_proxy/AByxGDQLwnZ1Uerg8xWlW6Q1ELUWhWNdNNNIGdktnD1S4eG_pz8miClWLO5ceGVSONtVfgPveBzZi8y2FMtRQ96D4LTbsjRWoQMVxFIp2hrZSsQBm8gwrA HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
access-control-expose-headers: Content-Length
expires: Thu, 04 May 2023 16:33:37 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
x-content-type-options: nosniff
date: Wed, 03 May 2023 16:33:37 GMT
server: fife
content-length: 48878
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
472 B IP
Hash 23b244110c9e48121c6f9e0188310d28
1f93e8aad3e8f335181bde10a961b9b6a09e9e11
fec1cb52107775931e77fec5b69d23ce494337e239bd08c9d995aa22c59cb7f7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 03 May 2023 16:33:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
s10.histats.com/js15_as.js
200 OK 4.4 kB URL GET HTTP/2 s10.histats.com/js15_as.js
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerLet's Encrypt
Subjecthistats.com
FingerprintF3:F6:9F:E3:A0:B3:22:C0:B2:93:4E:22:72:B6:D1:DA:40:BA:AE:9B
ValidityWed, 15 Mar 2023 12:20:28 GMT - Tue, 13 Jun 2023 12:20:27 GMT
File type HTML document, ASCII text, with very long lines (11440), with no line terminators
Hash ed192092c129db6123a3397855f42619
067e9b8e26cf6246eb84c6b9cf3da0c192ce7b3e
998fff486a7fb38b6ed445edc36c9b317b70950cd39efcf4012ca641312fcee1
GET /js15_as.js HTTP/1.1
Host: s10.histats.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 03 May 2023 16:26:01 GMT
etag: "-375139978"
last-modified: Thu, 16 Apr 2020 10:44:16 GMT
x-request-id: 738231275
content-type: text/javascript
content-encoding: br
x-cdn-pop: sbg
x-cdn-pop-ip: 137.74.120.0/27
x-cacheable: Matched cache
accept-ranges: bytes
content-length: 4364
X-Firefox-Spdy: h2
lh3.googleusercontent.com/blogger_img_proxy/AByxGDSozzgj5ZaWMei_z8Fr6kdqGUiyyRVPBYFsPys2RRCx7LLdU7x_VPDPBr0WUoVxCqOOYC7B53MgXQ2msGHanwPk39LzhUhTaqWb6WkzzA0tiDT0
200 OK 25 kB URL GET HTTP/2 lh3.googleusercontent.com/blogger_img_proxy/AByxGDSozzgj5ZaWMei_z8Fr6kdqGUiyyRVPBYFsPys2RRCx7LLdU7x_VPDPBr0WUoVxCqOOYC7B53MgXQ2msGHanwPk39LzhUhTaqWb6WkzzA0tiDT0
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
Fingerprint2A:20:E3:7B:7F:8B:64:5C:E0:A1:6B:F4:DE:4C:76:6D:B9:10:D8:67
ValidityMon, 03 Apr 2023 08:24:22 GMT - Mon, 26 Jun 2023 08:24:21 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 480x360, components 3\012- data
Hash 7efc037207aee42156993c32103a8c95
9eb9f0efbbf2ec39f39c5bd4e02395deeee46f16
0db86d8e9e364c69a1cb7b562bdf0c71a2077d1fc66d6a4061cf29d3da37208b
GET /blogger_img_proxy/AByxGDSozzgj5ZaWMei_z8Fr6kdqGUiyyRVPBYFsPys2RRCx7LLdU7x_VPDPBr0WUoVxCqOOYC7B53MgXQ2msGHanwPk39LzhUhTaqWb6WkzzA0tiDT0 HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
access-control-expose-headers: Content-Length
expires: Thu, 04 May 2023 16:33:37 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
x-content-type-options: nosniff
date: Wed, 03 May 2023 16:33:37 GMT
server: fife
content-length: 25086
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
lh3.googleusercontent.com/blogger_img_proxy/AByxGDTNP6Wjh44QgPWdfX1EPU0Ar2oAv20E48v17TgDkFIQDIKyYhiE8f8hI3eK25Bf5IyuAnvWPn9PebbHaxWjd_eX_EyhY_Ar8ALYjYk7z7cKRJBH
200 OK 52 kB URL GET HTTP/2 lh3.googleusercontent.com/blogger_img_proxy/AByxGDTNP6Wjh44QgPWdfX1EPU0Ar2oAv20E48v17TgDkFIQDIKyYhiE8f8hI3eK25Bf5IyuAnvWPn9PebbHaxWjd_eX_EyhY_Ar8ALYjYk7z7cKRJBH
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
Fingerprint2A:20:E3:7B:7F:8B:64:5C:E0:A1:6B:F4:DE:4C:76:6D:B9:10:D8:67
ValidityMon, 03 Apr 2023 08:24:22 GMT - Mon, 26 Jun 2023 08:24:21 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 480x360, components 3\012- data
Hash 5e35b3cc2f07dc7005417b9bcd0998c0
c28c56bba974fadc0b823e5b56db663511f5ca4a
6ed71f911589f4b3b18f12eb0170edf2ecaee228fb35e5561698367c485ae9c6
GET /blogger_img_proxy/AByxGDTNP6Wjh44QgPWdfX1EPU0Ar2oAv20E48v17TgDkFIQDIKyYhiE8f8hI3eK25Bf5IyuAnvWPn9PebbHaxWjd_eX_EyhY_Ar8ALYjYk7z7cKRJBH HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/jpeg
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
access-control-expose-headers: Content-Length
expires: Thu, 04 May 2023 16:33:37 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
x-content-type-options: nosniff
date: Wed, 03 May 2023 16:33:37 GMT
server: fife
content-length: 51571
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
lh3.googleusercontent.com/blogger_img_proxy/AByxGDSnJy5W_QhOjWDqL9rCIQpeK4U5zKXQ8poy3gAh0ejv9_lnPq8o9hnM5AgHqOTZpoa8fPcP2hfnCHVdpOC7hM_Pp8XbHoYsOFYw6gk61X2d-DZ30A
200 OK 45 kB URL GET HTTP/2 lh3.googleusercontent.com/blogger_img_proxy/AByxGDSnJy5W_QhOjWDqL9rCIQpeK4U5zKXQ8poy3gAh0ejv9_lnPq8o9hnM5AgHqOTZpoa8fPcP2hfnCHVdpOC7hM_Pp8XbHoYsOFYw6gk61X2d-DZ30A
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
Fingerprint2A:20:E3:7B:7F:8B:64:5C:E0:A1:6B:F4:DE:4C:76:6D:B9:10:D8:67
ValidityMon, 03 Apr 2023 08:24:22 GMT - Mon, 26 Jun 2023 08:24:21 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 480x360, components 3\012- data
Hash c7ea95b2aa7751462134a44911da9964
9201eea683a41869a0703b3015cc2f09b3470d4e
e60b950955866eaad152df8c1359a7cbcb836fbd6f55daf8dc2feb30da3612d2
GET /blogger_img_proxy/AByxGDSnJy5W_QhOjWDqL9rCIQpeK4U5zKXQ8poy3gAh0ejv9_lnPq8o9hnM5AgHqOTZpoa8fPcP2hfnCHVdpOC7hM_Pp8XbHoYsOFYw6gk61X2d-DZ30A HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/jpeg
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
access-control-expose-headers: Content-Length
expires: Thu, 04 May 2023 16:33:37 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
x-content-type-options: nosniff
date: Wed, 03 May 2023 16:33:37 GMT
server: fife
content-length: 45324
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
472 B IP
Hash 3a72067351b347eb5c7a7deaca3594ad
b6ed79f64b05083485f0840e97535c1afb2b472b
84f7bf729eef3c67bc9595c52bc7ff4c86e45dea8b4cee26abc7a10418be2a0d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 03 May 2023 16:33:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
lh3.googleusercontent.com/blogger_img_proxy/AByxGDTOUng6TjNvSbZTvTRhT6iZFr2DelpEqp9AdynDppEMy0javApx4sF1n2DWM8qGmoxY7-68tq3gyCtoCryRDafjGlMMDHvNWLOsIkESf3AS5EjFYw
200 OK 53 kB URL GET HTTP/2 lh3.googleusercontent.com/blogger_img_proxy/AByxGDTOUng6TjNvSbZTvTRhT6iZFr2DelpEqp9AdynDppEMy0javApx4sF1n2DWM8qGmoxY7-68tq3gyCtoCryRDafjGlMMDHvNWLOsIkESf3AS5EjFYw
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
Fingerprint2A:20:E3:7B:7F:8B:64:5C:E0:A1:6B:F4:DE:4C:76:6D:B9:10:D8:67
ValidityMon, 03 Apr 2023 08:24:22 GMT - Mon, 26 Jun 2023 08:24:21 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 480x360, components 3\012- data
Hash a92de5817f6abf60b6c0e18260e32539
d67a1ebdf3de10ada1005f4039abaef7f90cf8d7
5a1c027d2323f10bb23658fd36da7819b7ab83df20acea43fb2f8e556dd00129
GET /blogger_img_proxy/AByxGDTOUng6TjNvSbZTvTRhT6iZFr2DelpEqp9AdynDppEMy0javApx4sF1n2DWM8qGmoxY7-68tq3gyCtoCryRDafjGlMMDHvNWLOsIkESf3AS5EjFYw HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/jpeg
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
access-control-expose-headers: Content-Length
expires: Thu, 04 May 2023 16:33:37 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
x-content-type-options: nosniff
date: Wed, 03 May 2023 16:33:37 GMT
server: fife
content-length: 52756
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
lh3.googleusercontent.com/blogger_img_proxy/AByxGDS14PARhNSvCkq_A98vczoE8Gtb_2dFNvYEL2s_sseyLXbaNiljLgAyap78iOxfLsNRAIzTX7EE8NjSq3OwlTn72wVJF12BLP9QdQM5fqZX96xwPA
200 OK 45 kB URL GET HTTP/2 lh3.googleusercontent.com/blogger_img_proxy/AByxGDS14PARhNSvCkq_A98vczoE8Gtb_2dFNvYEL2s_sseyLXbaNiljLgAyap78iOxfLsNRAIzTX7EE8NjSq3OwlTn72wVJF12BLP9QdQM5fqZX96xwPA
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
Fingerprint2A:20:E3:7B:7F:8B:64:5C:E0:A1:6B:F4:DE:4C:76:6D:B9:10:D8:67
ValidityMon, 03 Apr 2023 08:24:22 GMT - Mon, 26 Jun 2023 08:24:21 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 480x360, components 3\012- data
Hash a9c00c2933dae9c5ed39f9f9aeeaada0
3c74a5c439a08b128539b0ac9f4e88a689b1736d
37ac1daeb9b6fd4df83fd93fda234aff4ad7592b12231d007dc4504bf24d116f
GET /blogger_img_proxy/AByxGDS14PARhNSvCkq_A98vczoE8Gtb_2dFNvYEL2s_sseyLXbaNiljLgAyap78iOxfLsNRAIzTX7EE8NjSq3OwlTn72wVJF12BLP9QdQM5fqZX96xwPA HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/jpeg
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
access-control-expose-headers: Content-Length
expires: Thu, 04 May 2023 16:33:37 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
x-content-type-options: nosniff
date: Wed, 03 May 2023 16:33:37 GMT
server: fife
content-length: 44763
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
lh3.googleusercontent.com/blogger_img_proxy/AByxGDSNhBA9F3c50xu8YyJzSPGPpWUOXzYTjo4oSPFrGY9LkyVuUHWIn9K6FekdEoBYvsTm_s9vBIyVdXYYzARW_BAQX9CBFhPlapfJuPoZbJrza3Y1Rw
200 OK 44 kB URL GET HTTP/2 lh3.googleusercontent.com/blogger_img_proxy/AByxGDSNhBA9F3c50xu8YyJzSPGPpWUOXzYTjo4oSPFrGY9LkyVuUHWIn9K6FekdEoBYvsTm_s9vBIyVdXYYzARW_BAQX9CBFhPlapfJuPoZbJrza3Y1Rw
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
Fingerprint2A:20:E3:7B:7F:8B:64:5C:E0:A1:6B:F4:DE:4C:76:6D:B9:10:D8:67
ValidityMon, 03 Apr 2023 08:24:22 GMT - Mon, 26 Jun 2023 08:24:21 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 480x360, components 3\012- data
Hash 44ec22acb6270098389715ac4fb52559
f39d1c99e4b7e99034005c85cd481ede36245701
7898073a4e4bd2f766b61ac364983d67c39b94f122993ea4e25472a062636570
GET /blogger_img_proxy/AByxGDSNhBA9F3c50xu8YyJzSPGPpWUOXzYTjo4oSPFrGY9LkyVuUHWIn9K6FekdEoBYvsTm_s9vBIyVdXYYzARW_BAQX9CBFhPlapfJuPoZbJrza3Y1Rw HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
access-control-expose-headers: Content-Length
expires: Thu, 04 May 2023 16:33:38 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
x-content-type-options: nosniff
date: Wed, 03 May 2023 16:33:38 GMT
server: fife
content-length: 44485
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
472 B IP
Hash 3a72067351b347eb5c7a7deaca3594ad
b6ed79f64b05083485f0840e97535c1afb2b472b
84f7bf729eef3c67bc9595c52bc7ff4c86e45dea8b4cee26abc7a10418be2a0d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 03 May 2023 16:33:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
lh3.googleusercontent.com/blogger_img_proxy/AByxGDSbRR6xGVj3btYWnSpEvrRaJO0J6e31ZypHD7T-cwFIpkwAXE1yHIY2HzsYgcgT9ypdpKydfHAfgi1TFJJ0ENAuEiTpgASVHcOZqXqeOLNLTKjH5A
200 OK 52 kB URL GET HTTP/2 lh3.googleusercontent.com/blogger_img_proxy/AByxGDSbRR6xGVj3btYWnSpEvrRaJO0J6e31ZypHD7T-cwFIpkwAXE1yHIY2HzsYgcgT9ypdpKydfHAfgi1TFJJ0ENAuEiTpgASVHcOZqXqeOLNLTKjH5A
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
Fingerprint2A:20:E3:7B:7F:8B:64:5C:E0:A1:6B:F4:DE:4C:76:6D:B9:10:D8:67
ValidityMon, 03 Apr 2023 08:24:22 GMT - Mon, 26 Jun 2023 08:24:21 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 480x360, components 3\012- data
Hash 6b2bc6945907116b5bb2526cf38570cc
6d6f549c33404873dad187b2aaec08fa63f45a5c
83714bfd3f4566ca09b22c10509fad30b5f219f6fe53ef80a226b90f7eb2d79e
GET /blogger_img_proxy/AByxGDSbRR6xGVj3btYWnSpEvrRaJO0J6e31ZypHD7T-cwFIpkwAXE1yHIY2HzsYgcgT9ypdpKydfHAfgi1TFJJ0ENAuEiTpgASVHcOZqXqeOLNLTKjH5A HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/jpeg
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
access-control-expose-headers: Content-Length
expires: Thu, 04 May 2023 16:33:38 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
x-content-type-options: nosniff
date: Wed, 03 May 2023 16:33:38 GMT
server: fife
content-length: 51905
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
472 B IP
Hash 23b244110c9e48121c6f9e0188310d28
1f93e8aad3e8f335181bde10a961b9b6a09e9e11
fec1cb52107775931e77fec5b69d23ce494337e239bd08c9d995aa22c59cb7f7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 03 May 2023 16:33:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.barscreative1.com/sb/au/29/a4/96/29a4965e1015f036b834d9da1d4a5e6c/1632399618.html
200 OK 15 kB URL GET HTTP/2 cdn.barscreative1.com/sb/au/29/a4/96/29a4965e1015f036b834d9da1d4a5e6c/1632399618.html
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://www.wedirectpass.com/
Certificate IssuerLet's Encrypt
Subjectcdn.barscreative1.com
FingerprintD7:F2:D3:47:0C:43:94:F7:D3:3B:42:E5:1A:61:6E:85:4E:72:C0:25
ValidityThu, 16 Mar 2023 00:04:28 GMT - Wed, 14 Jun 2023 00:04:27 GMT
Hash a1d5a99faf61f86dc0a2de04c10915b8
ba00518e0a6c790081bec78af278f84669ca3afa
667e7735b99901356352d6434a2a15a5e7779f79e80bc23a31183b2ca75b0aaa
GET /sb/au/29/a4/96/29a4965e1015f036b834d9da1d4a5e6c/1632399618.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.wedirectpass.com
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 03 May 2023 16:33:37 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Thu, 23 Sep 2021 12:20:22 GMT
etag: W/"614c7106-563"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Wed, 03 May 2023 17:33:37 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
img.youtube.com/vi/ytHYNHhVbQk/0.jpg
200 OK 29 kB URL GET HTTP/2 img.youtube.com/vi/ytHYNHhVbQk/0.jpg
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
FingerprintD5:3A:80:A6:03:B0:E4:36:0E:46:7B:36:45:CB:50:4C:D6:98:CE:59
ValidityMon, 03 Apr 2023 08:17:58 GMT - Mon, 26 Jun 2023 08:17:57 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 480x360, components 3\012- data
Hash 12e160a7d3421b16febe32faef874f8f
6c2eddebf1234fa36a8e40d81cfeac010a2033bb
8561fd0b388e919af2ee5b30308affca1e4027e78dec0bfd35ded0cf6c6c8b19
GET /vi/ytHYNHhVbQk/0.jpg HTTP/1.1
Host: img.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
timing-allow-origin: *
content-length: 28702
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 03 May 2023 15:25:27 GMT
expires: Wed, 03 May 2023 17:25:27 GMT
cache-control: public, max-age=7200
age: 4091
etag: "1662002728"
content-type: image/jpeg
vary: Origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
img.youtube.com/vi/CC7fEKfNE98/0.jpg
200 OK 24 kB URL GET HTTP/2 img.youtube.com/vi/CC7fEKfNE98/0.jpg
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
FingerprintD5:3A:80:A6:03:B0:E4:36:0E:46:7B:36:45:CB:50:4C:D6:98:CE:59
ValidityMon, 03 Apr 2023 08:17:58 GMT - Mon, 26 Jun 2023 08:17:57 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 480x360, components 3\012- data
Hash f22c8d7ef844dcb2e6033a272506c1ce
364ffc203b1497c9bff9c1664172028599973f27
d5264ebad691a91d89a9f7a9e4ba1b57b238860d89c568cd484ae1ba760d421f
GET /vi/CC7fEKfNE98/0.jpg HTTP/1.1
Host: img.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
timing-allow-origin: *
content-length: 23754
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 03 May 2023 15:25:27 GMT
expires: Wed, 03 May 2023 17:25:27 GMT
cache-control: public, max-age=7200
age: 4091
etag: "1662002729"
content-type: image/jpeg
vary: Origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
img.youtube.com/vi/tyvyQiCfFzw/0.jpg
200 OK 34 kB URL GET HTTP/2 img.youtube.com/vi/tyvyQiCfFzw/0.jpg
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
FingerprintD5:3A:80:A6:03:B0:E4:36:0E:46:7B:36:45:CB:50:4C:D6:98:CE:59
ValidityMon, 03 Apr 2023 08:17:58 GMT - Mon, 26 Jun 2023 08:17:57 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 480x360, components 3\012- data
Hash c7e2ba1d8b9b1131c7a0cd47328e796b
2cd50de708a3d639e5c6ba124d1d3fe8361b2492
611d4ae63806d927467c2cd520867a6d44c45ca3e58caa56ca120b9e04058c3a
GET /vi/tyvyQiCfFzw/0.jpg HTTP/1.1
Host: img.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
timing-allow-origin: *
content-length: 34362
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 03 May 2023 16:33:38 GMT
expires: Wed, 03 May 2023 18:33:38 GMT
cache-control: public, max-age=7200
etag: "1681814254"
content-type: image/jpeg
vary: Origin
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
img.youtube.com/vi/yIUSMir-ZJ4/0.jpg
200 OK 23 kB URL GET HTTP/2 img.youtube.com/vi/yIUSMir-ZJ4/0.jpg
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
FingerprintD5:3A:80:A6:03:B0:E4:36:0E:46:7B:36:45:CB:50:4C:D6:98:CE:59
ValidityMon, 03 Apr 2023 08:17:58 GMT - Mon, 26 Jun 2023 08:17:57 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 480x360, components 3\012- data
Hash c1a4be2ccdddb241ec890cbc2b4f3872
3ad345e3ba859e4211919c13f47b0705e7b0e794
7a83ea731dfff560530f201f393dc2cd85d787ae4ac99da08f07b7d8187ca5ef
GET /vi/yIUSMir-ZJ4/0.jpg HTTP/1.1
Host: img.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
timing-allow-origin: *
content-length: 22956
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 03 May 2023 16:33:38 GMT
expires: Wed, 03 May 2023 18:33:38 GMT
cache-control: public, max-age=7200
etag: "1662002730"
content-type: image/jpeg
vary: Origin
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
img.youtube.com/vi/qGJnnTtIorc/0.jpg
200 OK 25 kB URL GET HTTP/2 img.youtube.com/vi/qGJnnTtIorc/0.jpg
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
FingerprintD5:3A:80:A6:03:B0:E4:36:0E:46:7B:36:45:CB:50:4C:D6:98:CE:59
ValidityMon, 03 Apr 2023 08:17:58 GMT - Mon, 26 Jun 2023 08:17:57 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 480x360, components 3\012- data
Hash 60514d740778840f34b234bdd1e8d31c
6c2b1e3af17490b955166630e1c56e12e84d6481
08bbdc103c11b5a8304c15ab07869dfb950a20c3346d85476406bc990dff59c4
GET /vi/qGJnnTtIorc/0.jpg HTTP/1.1
Host: img.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
timing-allow-origin: *
content-length: 24885
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 03 May 2023 16:33:38 GMT
expires: Wed, 03 May 2023 18:33:38 GMT
cache-control: public, max-age=7200
etag: "1682400762"
content-type: image/jpeg
vary: Origin
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
img.youtube.com/vi/V5nTZvnhsYQ/0.jpg
200 OK 42 kB URL GET HTTP/2 img.youtube.com/vi/V5nTZvnhsYQ/0.jpg
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
FingerprintD5:3A:80:A6:03:B0:E4:36:0E:46:7B:36:45:CB:50:4C:D6:98:CE:59
ValidityMon, 03 Apr 2023 08:17:58 GMT - Mon, 26 Jun 2023 08:17:57 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 480x360, components 3\012- data
Hash a935103dbcd71a4f2abc952a65ab0876
ac3f348eb785cafa37d2fdcbdd52cbc6f0277bbd
25f2fa7b7765b66a17f0cb2e6c8beec16c41c055f87b96f3ec37b3b8de6dea9d
GET /vi/V5nTZvnhsYQ/0.jpg HTTP/1.1
Host: img.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
timing-allow-origin: *
content-length: 42196
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 03 May 2023 16:33:38 GMT
expires: Wed, 03 May 2023 18:33:38 GMT
cache-control: public, max-age=7200
etag: "1682674423"
content-type: image/jpeg
vary: Origin
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
img.youtube.com/vi/FK5sdYSz7pg/0.jpg
200 OK 38 kB URL GET HTTP/2 img.youtube.com/vi/FK5sdYSz7pg/0.jpg
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
FingerprintD5:3A:80:A6:03:B0:E4:36:0E:46:7B:36:45:CB:50:4C:D6:98:CE:59
ValidityMon, 03 Apr 2023 08:17:58 GMT - Mon, 26 Jun 2023 08:17:57 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 480x360, components 3\012- data
Hash f227c8e336086522a1f657d57f5ed69c
46bc87e90f9f93e47934b1e369a4f753cb6f72fc
dea801c08d7ee3b6937059ace3e1d067cc5fa4ac4edf25bab7983101a694e360
GET /vi/FK5sdYSz7pg/0.jpg HTTP/1.1
Host: img.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
timing-allow-origin: *
content-length: 37723
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 03 May 2023 16:33:38 GMT
expires: Wed, 03 May 2023 18:33:38 GMT
cache-control: public, max-age=7200
etag: "1682420688"
content-type: image/jpeg
vary: Origin
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
img.youtube.com/vi/8SWEYlzhVIc/0.jpg
200 OK 36 kB URL GET HTTP/2 img.youtube.com/vi/8SWEYlzhVIc/0.jpg
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
FingerprintD5:3A:80:A6:03:B0:E4:36:0E:46:7B:36:45:CB:50:4C:D6:98:CE:59
ValidityMon, 03 Apr 2023 08:17:58 GMT - Mon, 26 Jun 2023 08:17:57 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 480x360, components 3\012- data
Hash dadaf0fa2253afe2bbddbdcee2e8e5c1
dbeb6176f0e197fb565585e3083344c65fc00dfa
a7ce2586b5b44ab2398483c46f0fb01f71b6befd0cfb57d2006a2ea37ff02a4c
GET /vi/8SWEYlzhVIc/0.jpg HTTP/1.1
Host: img.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/jpeg
vary: Origin
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
timing-allow-origin: *
content-length: 36222
date: Wed, 03 May 2023 16:33:38 GMT
expires: Wed, 03 May 2023 16:38:38 GMT
cache-control: public, max-age=300
etag: "1683104981"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
img.youtube.com/vi/2gvVh1uGLOQ/0.jpg
200 OK 24 kB URL GET HTTP/2 img.youtube.com/vi/2gvVh1uGLOQ/0.jpg
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
FingerprintD5:3A:80:A6:03:B0:E4:36:0E:46:7B:36:45:CB:50:4C:D6:98:CE:59
ValidityMon, 03 Apr 2023 08:17:58 GMT - Mon, 26 Jun 2023 08:17:57 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 480x360, components 3\012- data
Hash 6b7d3267f44c5157226761269f5a4d71
0cb046a780fd93f64e69cc8a64a1289453e37fad
12576e778840bce388458e63989be5989b59b19ffb1f867e4dc4b29c0e62035b
GET /vi/2gvVh1uGLOQ/0.jpg HTTP/1.1
Host: img.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
timing-allow-origin: *
content-length: 24344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 03 May 2023 16:33:38 GMT
expires: Wed, 03 May 2023 18:33:38 GMT
cache-control: public, max-age=7200
etag: "1662002729"
content-type: image/jpeg
vary: Origin
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
img.youtube.com/vi/fLEbZJdFGiQ/0.jpg
200 OK 36 kB URL GET HTTP/2 img.youtube.com/vi/fLEbZJdFGiQ/0.jpg
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
FingerprintD5:3A:80:A6:03:B0:E4:36:0E:46:7B:36:45:CB:50:4C:D6:98:CE:59
ValidityMon, 03 Apr 2023 08:17:58 GMT - Mon, 26 Jun 2023 08:17:57 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 480x360, components 3\012- data
Hash 1d382f86f2eddc25af1cbf3e9c6c80c1
5b7f5b012424159432be28b15c0ff2f090afe50b
2ba63ad08665bcc8904e7afb6c9ff1a6743b16da038729fd444e809dfa7b3c57
GET /vi/fLEbZJdFGiQ/0.jpg HTTP/1.1
Host: img.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
timing-allow-origin: *
content-length: 35507
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 03 May 2023 16:33:38 GMT
expires: Wed, 03 May 2023 16:38:38 GMT
cache-control: public, max-age=300
etag: "1683012381"
content-type: image/jpeg
vary: Origin
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
img.youtube.com/vi/uRZgiDPlHmo/0.jpg
200 OK 23 kB URL GET HTTP/2 img.youtube.com/vi/uRZgiDPlHmo/0.jpg
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
FingerprintD5:3A:80:A6:03:B0:E4:36:0E:46:7B:36:45:CB:50:4C:D6:98:CE:59
ValidityMon, 03 Apr 2023 08:17:58 GMT - Mon, 26 Jun 2023 08:17:57 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 480x360, components 3\012- data
Hash 86004a55c1f16ed7ea6983e18c863615
9fe0e8d5c9f4049f6a2562a9f968d408c4b2a222
7c6638dc8b0b54609573a1135f5e148a13c93da8709379a72e2f3313c3a5fcd7
GET /vi/uRZgiDPlHmo/0.jpg HTTP/1.1
Host: img.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
timing-allow-origin: *
content-length: 23236
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 03 May 2023 16:33:38 GMT
expires: Wed, 03 May 2023 18:33:38 GMT
cache-control: public, max-age=7200
etag: "1662002729"
content-type: image/jpeg
vary: Origin
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
img.youtube.com/vi/xrd13SGhPMc/0.jpg
200 OK 31 kB URL GET HTTP/2 img.youtube.com/vi/xrd13SGhPMc/0.jpg
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
FingerprintD5:3A:80:A6:03:B0:E4:36:0E:46:7B:36:45:CB:50:4C:D6:98:CE:59
ValidityMon, 03 Apr 2023 08:17:58 GMT - Mon, 26 Jun 2023 08:17:57 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 480x360, components 3\012- data
Hash 584aa5c9de972a85b0d6ef5c30b0439e
b0a0b09949bae2857115c1e23701b6dcf8483b17
de95dc3cd1abaafc7161defaa1d41fa82a062b3ec2ccd16676b0a427bd1b791e
GET /vi/xrd13SGhPMc/0.jpg HTTP/1.1
Host: img.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
timing-allow-origin: *
content-length: 31097
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 03 May 2023 16:33:38 GMT
expires: Wed, 03 May 2023 16:38:38 GMT
cache-control: public, max-age=300
etag: "1683026507"
content-type: image/jpeg
vary: Origin
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
img.youtube.com/vi/jtB5On7jS1o/0.jpg
200 OK 37 kB URL GET HTTP/2 img.youtube.com/vi/jtB5On7jS1o/0.jpg
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
FingerprintD5:3A:80:A6:03:B0:E4:36:0E:46:7B:36:45:CB:50:4C:D6:98:CE:59
ValidityMon, 03 Apr 2023 08:17:58 GMT - Mon, 26 Jun 2023 08:17:57 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 480x360, components 3\012- data
Hash 7885de46bd13d7db32dfb43316da322a
af5181becb399888db75c192bfc195cf532abfc0
d7f2c4f4ac3037675bdb0909df597a1b1ec454242760d577dd7cfe788a734eee
GET /vi/jtB5On7jS1o/0.jpg HTTP/1.1
Host: img.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
timing-allow-origin: *
content-length: 37408
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 03 May 2023 16:33:38 GMT
expires: Wed, 03 May 2023 16:38:38 GMT
cache-control: public, max-age=300
etag: "1683088298"
content-type: image/jpeg
vary: Origin
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
img.youtube.com/vi/PVjAXRIfXCU/0.jpg
200 OK 40 kB URL GET HTTP/2 img.youtube.com/vi/PVjAXRIfXCU/0.jpg
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
FingerprintD5:3A:80:A6:03:B0:E4:36:0E:46:7B:36:45:CB:50:4C:D6:98:CE:59
ValidityMon, 03 Apr 2023 08:17:58 GMT - Mon, 26 Jun 2023 08:17:57 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 480x360, components 3\012- data
Hash 0d8b542c1bac1ba763f3608db16ec098
f31018cf2cf0a8b018b00c8732a76ea31fb61366
ce1330a44a3ab88ee3ecb05392e4c20bb68fefdbeea7859b640aebee389fb61a
GET /vi/PVjAXRIfXCU/0.jpg HTTP/1.1
Host: img.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
timing-allow-origin: *
content-length: 39773
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 03 May 2023 16:33:38 GMT
expires: Wed, 03 May 2023 18:33:38 GMT
cache-control: public, max-age=7200
etag: "1682766160"
content-type: image/jpeg
vary: Origin
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
img.youtube.com/vi/2zKYeRUBmsE/0.jpg
200 OK 25 kB URL GET HTTP/2 img.youtube.com/vi/2zKYeRUBmsE/0.jpg
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
FingerprintD5:3A:80:A6:03:B0:E4:36:0E:46:7B:36:45:CB:50:4C:D6:98:CE:59
ValidityMon, 03 Apr 2023 08:17:58 GMT - Mon, 26 Jun 2023 08:17:57 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 480x360, components 3\012- data
Hash 82c6f9fe093112f205bbc78182c207a1
f411a2bafed7906502fd30f3fba2cf0fbe0eb304
b36a95697a3119a25e0e154b406762040fa0a41a0b10e1018b92427adf138fec
GET /vi/2zKYeRUBmsE/0.jpg HTTP/1.1
Host: img.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
timing-allow-origin: *
content-length: 24846
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 03 May 2023 16:33:38 GMT
expires: Wed, 03 May 2023 18:33:38 GMT
cache-control: public, max-age=7200
etag: "1662002730"
content-type: image/jpeg
vary: Origin
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/ssp/sweep/social-box/white-small/img/close.png
200 OK 6.0 kB URL GET HTTP/2 cdn.creative-bars1.com/sb/ssp/sweep/social-box/white-small/img/close.png
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint88:10:E4:38:7C:46:CF:44:7C:D0:C8:1F:06:39:9F:7E:A5:2E:27:4A
ValidityThu, 27 Apr 2023 15:05:54 GMT - Wed, 26 Jul 2023 15:05:53 GMT
File type PNG image data, 522 x 391, 8-bit/color RGBA, non-interlaced\012- data
Hash c489ce2c491a22ee37a55e26a92dfd73
2fa588ab09e94dd902e5bd24b48f98ad1949c9d6
1eed147c7d5de6291c25fbc5274830c12d5549262fb144271576d4e15966e5bd
GET /sb/ssp/sweep/social-box/white-small/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 03 May 2023 16:33:38 GMT
content-type: image/png
content-length: 5982
last-modified: Tue, 21 Sep 2021 12:02:03 GMT
etag: "6149c9bb-175e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 14611346
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=631vHsbgq2XvnKUxg9tsOq2Xan02k1ySiPNdQeAhhIlkyQF9tSslYxJD0p8rXnZ7acZhhDyYorLgO0UVVFyl%2FrjXmk%2B8F0%2FKjei35iymu%2FCDcbuVt0WbftomD2UqQ0o3Yns%2BnfbOCxph"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c19e82769a174c1-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img.youtube.com/vi/LbiJeX9Ql3Y/0.jpg
200 OK 22 kB URL GET HTTP/2 img.youtube.com/vi/LbiJeX9Ql3Y/0.jpg
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
FingerprintD5:3A:80:A6:03:B0:E4:36:0E:46:7B:36:45:CB:50:4C:D6:98:CE:59
ValidityMon, 03 Apr 2023 08:17:58 GMT - Mon, 26 Jun 2023 08:17:57 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 480x360, components 3\012- data
Hash c3d345b2bb85e1b15ac0d9aba3d1ec77
43a5f16e0051506300d990e7fcfb18b466931f1a
2d9361f21e85d86679c5b7ce96d50fcf41bf61ab361db348f7b88a37c01ccf41
GET /vi/LbiJeX9Ql3Y/0.jpg HTTP/1.1
Host: img.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
timing-allow-origin: *
content-length: 22134
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 03 May 2023 16:33:38 GMT
expires: Wed, 03 May 2023 18:33:38 GMT
cache-control: public, max-age=7200
etag: "1662002729"
content-type: image/jpeg
vary: Origin
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
img.youtube.com/vi/d3Vc1t2g914/0.jpg
200 OK 21 kB URL GET HTTP/2 img.youtube.com/vi/d3Vc1t2g914/0.jpg
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
FingerprintD5:3A:80:A6:03:B0:E4:36:0E:46:7B:36:45:CB:50:4C:D6:98:CE:59
ValidityMon, 03 Apr 2023 08:17:58 GMT - Mon, 26 Jun 2023 08:17:57 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 480x360, components 3\012- data
Hash 711d355ea50302574123ba14cc6a9e92
1756d5fa08986bd32f64018ced25bac85d28c684
8d9ced7c97c2baf42f861074f6cb65dc68c1092e99bf4fc3c2c9edb51b4bdbbc
GET /vi/d3Vc1t2g914/0.jpg HTTP/1.1
Host: img.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
timing-allow-origin: *
content-length: 21334
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 03 May 2023 16:33:38 GMT
expires: Wed, 03 May 2023 18:33:38 GMT
cache-control: public, max-age=7200
etag: "1662002729"
content-type: image/jpeg
vary: Origin
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
img.youtube.com/vi/HO3GGGsIBHo/0.jpg
200 OK 21 kB URL GET HTTP/2 img.youtube.com/vi/HO3GGGsIBHo/0.jpg
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
FingerprintD5:3A:80:A6:03:B0:E4:36:0E:46:7B:36:45:CB:50:4C:D6:98:CE:59
ValidityMon, 03 Apr 2023 08:17:58 GMT - Mon, 26 Jun 2023 08:17:57 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 480x360, components 3\012- data
Hash 19df6e86de87361798a29529e593a2e9
3770d58a382782c13cb0fb550cdaf1c3098d5233
ebbd19e23b52317fd0a76c3f8e399a99419f91328e3d768efc12f5c43f74cce5
GET /vi/HO3GGGsIBHo/0.jpg HTTP/1.1
Host: img.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
timing-allow-origin: *
content-length: 21391
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 03 May 2023 16:33:38 GMT
expires: Wed, 03 May 2023 16:38:38 GMT
cache-control: public, max-age=300
etag: "1682875509"
content-type: image/jpeg
vary: Origin
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
img.youtube.com/vi/sko_C72F3J4/0.jpg
200 OK 24 kB URL GET HTTP/2 img.youtube.com/vi/sko_C72F3J4/0.jpg
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
FingerprintD5:3A:80:A6:03:B0:E4:36:0E:46:7B:36:45:CB:50:4C:D6:98:CE:59
ValidityMon, 03 Apr 2023 08:17:58 GMT - Mon, 26 Jun 2023 08:17:57 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 480x360, components 3\012- data
Hash 48d1cd79bd1987b2c6182dbe26141f33
5ba927439ef2275128ce6e1ba94f2b5df316508c
d30c4a92affd91796464cc35dc86d6a31368a8b350abc1adf6fce09cd247a4b5
GET /vi/sko_C72F3J4/0.jpg HTTP/1.1
Host: img.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
timing-allow-origin: *
content-length: 23487
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 03 May 2023 16:33:38 GMT
expires: Wed, 03 May 2023 18:33:38 GMT
cache-control: public, max-age=7200
etag: "1662002729"
content-type: image/jpeg
vary: Origin
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
img.youtube.com/vi/s_BnB9LlRgM/0.jpg
200 OK 30 kB URL GET HTTP/2 img.youtube.com/vi/s_BnB9LlRgM/0.jpg
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
FingerprintD5:3A:80:A6:03:B0:E4:36:0E:46:7B:36:45:CB:50:4C:D6:98:CE:59
ValidityMon, 03 Apr 2023 08:17:58 GMT - Mon, 26 Jun 2023 08:17:57 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 480x360, components 3\012- data
Hash b6e2c2e34eb5803882a33e599d74b199
c0ed621b926f4eceba5931d1f83487446224036a
1a0809c2c49c8d9219a102c62a226e439a75dcc58c95951208c944994c99253e
GET /vi/s_BnB9LlRgM/0.jpg HTTP/1.1
Host: img.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
timing-allow-origin: *
content-length: 30279
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 03 May 2023 16:33:38 GMT
expires: Wed, 03 May 2023 18:33:38 GMT
cache-control: public, max-age=7200
etag: "1680983212"
content-type: image/jpeg
vary: Origin
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
blogger.googleusercontent.com/img/a/AVvXsEjSruvtFJB_IUtGWwCST9at1x2F_NFdLl_OX5-7j59hW6Oml8EXa7D0CrICzC1eKKyFg5UXefyWa4izAOXmudEvIUbQoTFX5NuuY9t-bT8bmlfs-Wh6J44L9vJa_IPv6Fae7ZJVWIVq1QXtQwj5JJo-GdKum6FnMQSfKuZ-zJKI5pGRbqs0Ri75G2_c=s368
200 OK 14 kB URL GET HTTP/2 blogger.googleusercontent.com/img/a/AVvXsEjSruvtFJB_IUtGWwCST9at1x2F_NFdLl_OX5-7j59hW6Oml8EXa7D0CrICzC1eKKyFg5UXefyWa4izAOXmudEvIUbQoTFX5NuuY9t-bT8bmlfs-Wh6J44L9vJa_IPv6Fae7ZJVWIVq1QXtQwj5JJo-GdKum6FnMQSfKuZ-zJKI5pGRbqs0Ri75G2_c=s368
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
Fingerprint2A:20:E3:7B:7F:8B:64:5C:E0:A1:6B:F4:DE:4C:76:6D:B9:10:D8:67
ValidityMon, 03 Apr 2023 08:24:22 GMT - Mon, 26 Jun 2023 08:24:21 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 368x137, components 3\012- data
Hash 11bfc7ac45e7f06ca542be69a2a7424f
78d657dac5c10d2ec0e8dfdeffcbfa67d41e5a81
e6e36dcb8bf4f36dc57ffea84419a8709a050d990e6588ba696f3f05025f7b02
GET /img/a/AVvXsEjSruvtFJB_IUtGWwCST9at1x2F_NFdLl_OX5-7j59hW6Oml8EXa7D0CrICzC1eKKyFg5UXefyWa4izAOXmudEvIUbQoTFX5NuuY9t-bT8bmlfs-Wh6J44L9vJa_IPv6Fae7ZJVWIVq1QXtQwj5JJo-GdKum6FnMQSfKuZ-zJKI5pGRbqs0Ri75G2_c=s368 HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/jpeg
vary: Origin
access-control-expose-headers: Content-Length
etag: "vc1"
expires: Thu, 04 May 2023 16:33:38 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="LOGO NIH.jpg"
x-content-type-options: nosniff
date: Wed, 03 May 2023 16:33:38 GMT
server: fife
content-length: 14288
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
img.youtube.com/vi/zeZ8DWuMcC4/0.jpg
200 OK 28 kB URL GET HTTP/2 img.youtube.com/vi/zeZ8DWuMcC4/0.jpg
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
FingerprintD5:3A:80:A6:03:B0:E4:36:0E:46:7B:36:45:CB:50:4C:D6:98:CE:59
ValidityMon, 03 Apr 2023 08:17:58 GMT - Mon, 26 Jun 2023 08:17:57 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 480x360, components 3\012- data
Hash 4313e4a2a0624237a6f980a953a2eed2
05163dae1a051e80128edc954481751c91c1c3b4
1c6a4d45dfe1e9fe2da6a5ae873763abdbfb1f767446650175cc4dc019f05fed
GET /vi/zeZ8DWuMcC4/0.jpg HTTP/1.1
Host: img.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
timing-allow-origin: *
content-length: 28547
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 03 May 2023 16:33:38 GMT
expires: Wed, 03 May 2023 18:33:38 GMT
cache-control: public, max-age=7200
etag: "1681642366"
content-type: image/jpeg
vary: Origin
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
472 B IP
Hash 23b244110c9e48121c6f9e0188310d28
1f93e8aad3e8f335181bde10a961b9b6a09e9e11
fec1cb52107775931e77fec5b69d23ce494337e239bd08c9d995aa22c59cb7f7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 03 May 2023 16:33:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
img.youtube.com/vi/FSI5YbyGTWg/0.jpg
200 OK 35 kB URL GET HTTP/2 img.youtube.com/vi/FSI5YbyGTWg/0.jpg
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
FingerprintD5:3A:80:A6:03:B0:E4:36:0E:46:7B:36:45:CB:50:4C:D6:98:CE:59
ValidityMon, 03 Apr 2023 08:17:58 GMT - Mon, 26 Jun 2023 08:17:57 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 480x360, components 3\012- data
Hash 22b869212822acf93d8da5708fa734bb
3109b8f514e8a72a17ee70d4c89f97ae732312cf
bae9fad55234066b9b0e5b0a842b1a630072dea0d3630d6586cfd1f3a5246c4b
GET /vi/FSI5YbyGTWg/0.jpg HTTP/1.1
Host: img.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
timing-allow-origin: *
content-length: 34891
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 03 May 2023 16:33:38 GMT
expires: Wed, 03 May 2023 18:33:38 GMT
cache-control: public, max-age=7200
etag: "1681735424"
content-type: image/jpeg
vary: Origin
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
img.youtube.com/vi/BWOav86tHbw/0.jpg
200 OK 41 kB URL GET HTTP/2 img.youtube.com/vi/BWOav86tHbw/0.jpg
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
FingerprintD5:3A:80:A6:03:B0:E4:36:0E:46:7B:36:45:CB:50:4C:D6:98:CE:59
ValidityMon, 03 Apr 2023 08:17:58 GMT - Mon, 26 Jun 2023 08:17:57 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 480x360, components 3\012- data
Hash 9771da3eadd7e3f27f95076b3be3568c
9a683bf6b02b9d8ff355801dd4919dd5f102beb8
bff6e3bff2b8e1383729bdf34c7f5b535279fcaba2fe0034c2ef9c8f2a965f9d
GET /vi/BWOav86tHbw/0.jpg HTTP/1.1
Host: img.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
timing-allow-origin: *
content-length: 41447
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 03 May 2023 16:33:38 GMT
expires: Wed, 03 May 2023 18:33:38 GMT
cache-control: public, max-age=7200
etag: "1681118034"
content-type: image/jpeg
vary: Origin
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
200 OK 89 kB URL GET HTTP/3 fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint78:8B:BB:40:DD:1D:5B:E9:7B:AA:CC:94:45:44:7F:FD:56:6E:E4:60
ValidityMon, 03 Apr 2023 08:24:24 GMT - Mon, 26 Jun 2023 08:24:23 GMT
File type ASCII text, with very long lines (18530)
Hash e2bcb5a1bcc3c20ea8eb1f070cb8ee26
a8b9aa1016d843a447d2566674cc3d62351c6dd8
25a0f4291466312063ca947867e8fdf30c844d6a866e65ec7cbd1c8317d89822
GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: fonts.googleapis.com
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 03 May 2023 16:33:37 GMT
date: Wed, 03 May 2023 16:33:37 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
ocsp.pki.goog/gts1c3
472 B IP
Hash 31a67514088879e290f7f3b0d89d24ca
b44848e51569aaa3b48221413073cd9b96dd17a1
9b08ddbccb257597ebfc39f92e8fd7313d79820961520e6eb595592635f49700
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 03 May 2023 16:33:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
img.youtube.com/vi/dm1AzR6CuA0/0.jpg
200 OK 22 kB URL GET HTTP/2 img.youtube.com/vi/dm1AzR6CuA0/0.jpg
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
FingerprintD5:3A:80:A6:03:B0:E4:36:0E:46:7B:36:45:CB:50:4C:D6:98:CE:59
ValidityMon, 03 Apr 2023 08:17:58 GMT - Mon, 26 Jun 2023 08:17:57 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 480x360, components 3\012- data
Hash 56b40e0f73fcccf2de5b8f76e1c01589
a2f66f858402dd746744e742368c8aefb9f6def3
994527232d8c17044c6435d3255972e52c05164faa42e9e8c32fd45e3b5172c4
GET /vi/dm1AzR6CuA0/0.jpg HTTP/1.1
Host: img.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
timing-allow-origin: *
content-length: 22004
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 03 May 2023 16:33:40 GMT
expires: Wed, 03 May 2023 18:33:40 GMT
cache-control: public, max-age=7200
etag: "1680686870"
content-type: image/jpeg
vary: Origin
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/ssp/sweep/social-box/white-small/js/jquery.min.js
200 OK 31 kB URL GET HTTP/2 cdn.creative-bars1.com/sb/ssp/sweep/social-box/white-small/js/jquery.min.js
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint88:10:E4:38:7C:46:CF:44:7C:D0:C8:1F:06:39:9F:7E:A5:2E:27:4A
ValidityThu, 27 Apr 2023 15:05:54 GMT - Wed, 26 Jul 2023 15:05:53 GMT
File type ASCII text, with very long lines (32025)
Hash 63c09bf765222103db5e0d0dedc1c34d
c158fc3a2ab2a2e69daa2549191f1a2d4d34a58d
921b83239a13dcc6a17217f5724f97ae56893cb2d9373c3192883d6af92fbcbc
GET /sb/ssp/sweep/social-box/white-small/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 03 May 2023 16:33:38 GMT
content-type: application/javascript
last-modified: Tue, 21 Sep 2021 12:02:04 GMT
etag: W/"6149c9bc-1499c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 14611346
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y9EftGpIFjlLS31qqARlJWjpMybOEsVyfeynISZhnOAFjIrwu0fP3Trdac7vOLTF%2F%2B1mNf6glop%2BCG5y6ffQQb5k3GTgZ9P0WegpKFkT9SyDY0WDCAcVV6iqhAlEqXJ05GfGmMn3QX8E"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c19e827699a74c1-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
472 B IP
Hash 23b244110c9e48121c6f9e0188310d28
1f93e8aad3e8f335181bde10a961b9b6a09e9e11
fec1cb52107775931e77fec5b69d23ce494337e239bd08c9d995aa22c59cb7f7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 03 May 2023 16:33:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
200 OK 16 kB URL GET HTTP/3 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint34:5A:0A:3B:4F:02:F9:C6:C9:D7:3F:CA:9D:17:0D:40:27:05:05:0A
ValidityMon, 03 Apr 2023 08:24:23 GMT - Mon, 26 Jun 2023 08:24:22 GMT
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.wedirectpass.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 29 Apr 2023 07:44:41 GMT
expires: Sun, 28 Apr 2024 07:44:41 GMT
cache-control: public, max-age=31536000
age: 377340
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
200 OK 16 kB URL GET HTTP/3 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint34:5A:0A:3B:4F:02:F9:C6:C9:D7:3F:CA:9D:17:0D:40:27:05:05:0A
ValidityMon, 03 Apr 2023 08:24:23 GMT - Mon, 26 Jun 2023 08:24:22 GMT
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.wedirectpass.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 29 Apr 2023 03:11:48 GMT
expires: Sun, 28 Apr 2024 03:11:48 GMT
cache-control: public, max-age=31536000
age: 393713
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
s4.histats.com/stats/0.php?4714019&@f16&@g1&@h1&@i1&@j1683131626572&@k0&@l1&@mLIVE%20NEWS%20(24%2F7)&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1280&@b1:36989883&@b3:1683131627&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fwww.wedirectpass.com%2F&@w
200 OK 51 B URL GET HTTP/1.1 s4.histats.com/stats/0.php?4714019&@f16&@g1&@h1&@i1&@j1683131626572&@k0&@l1&@mLIVE%20NEWS%20(24%2F7)&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1280&@b1:36989883&@b3:1683131627&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fwww.wedirectpass.com%2F&@w
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerLet's Encrypt
Subjecthistats.com
FingerprintF3:F6:9F:E3:A0:B3:22:C0:B2:93:4E:22:72:B6:D1:DA:40:BA:AE:9B
ValidityWed, 15 Mar 2023 12:20:28 GMT - Tue, 13 Jun 2023 12:20:27 GMT
File type ASCII text, with no line terminators
Hash 0d9511ec969e4bdf002619ddc27f1b7d
dd57683ea7918f36289f5c68c213dd09936a84c6
4d929c0a157bc387490fb487452e1059f4e0ec9e29a8e78cc85ebd418cd40ac9
GET /stats/0.php?4714019&@f16&@g1&@h1&@i1&@j1683131626572&@k0&@l1&@mLIVE%20NEWS%20(24%2F7)&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1280&@b1:36989883&@b3:1683131627&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fwww.wedirectpass.com%2F&@w HTTP/1.1
Host: s4.histats.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 03 May 2023 16:33:41 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 51
Connection: close
princesinistervirus.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSPWwcRRueTfw1SfVFNClAV1CAhM%2B7ez%2FeI0VECEZRTBwS%2FkSDZmdmz5Ob3VnN7OxeLJAiglAKkJyKdu852%2BEniqBGIHSms4Tko3KBEUggeqR0SMhni4Np3vf5KZ559H44cofEh6MHK6%2FoDakUXeo0%2FcYzbwXBhcaqzNywMYy673TbFxqmfD7we03%2F2cbLgg30UugHvh%2F4QWNFGpHo4VIQBE0fMn%2FYC5o9v9kOm0GnjaH5L7buFCz1wMtDcg6ST888fNSGZBNk6ZeXhR0UOn%2FupdQpWmiDkj94PRtkusqQztfEeEiyByduaLu%2F8i10tj0LDF3%2BY4zllHi%2F%2FYo4e3CSEnG5fRw0VhAZYn4WVTmBUBNIOgHTdyH5PgEYx7U1ZOnONW0qevtYpUfqlCw8%2FhOympKFn55Alj66pOSwcVMrV0idWQyTGnI4gexPkLtdFBunIKtdsOJ9SP4DWXq8iizdWrNKQ%2FKDp0Pa7bKoGyxGXT9ZbEfL4WJPBHyRhe2kE3V7LPDZrCEpJ5DJBEpsgtrTcNaDkx5c4sHlHlJ%2B0Fhm7SjiUYdTwVgYJ0GUtJN2jzI%2FYX6rF8Kxoz9sosg3wdQmmPlgJ%2BfrxaDcKowTWy5jdhR8ekyFrRm5c0SGrVGA3NzBQN7f75yDcd%2FBrtew%2FH%2BwxZR4r76HkteoBEFlCSpKUEmCqiCoynqbKxvaeocr6%2BLgZIYns1WPddEf0W1d9EVGRvkh%2Bf%2Bs6b9u3cVAHDSSDuO82416MQs7UUB7nEZxa7kVxUk3TAIBK2tIewrUetiQU3KerSGXU7LgryGmu7BqF0x6oO5J0Gq8HPqg6%2BN25GMj%2BzqlmaQs1aUUQdhqxkr3ba6LJtMpuK6RFwsobnsjdUjOz2L1fj8LwfYufvLx2s8X%2BNtgpkZuatyS3xP01b3xDV2RrRu6suSrtbyQqdygR8dxs6CFOP35VXG70oZfuWw3P3uBHQlH68PXhC1WacZl1rfki0uSc2FWtGGCfHPFvini686uX3Imc%2Fnq9RdXrqS5EdZKnU1A5f4b74LJKTljBrOzf%2BqPq5BmAuNqpG6PnDxIPQHL78Dm8%2FRWExg198S5h8rVYxPGc1JJAiXmmMY17L9wPN9H9h76xgMt7iJLa5SmRqlqULUJ606Pi9zsXfyxNXuIlTeOlfG2YmXU%2FeNqrTxoMOYLGsTLgRBcdFqMtbssirtJq70sog7voLBTfuOjX%2F4GAAD%2F%2FwEAAP%2F%2FRA5m0cMEAAA%3D
200 OK 7 B URL GET HTTP/1.1 princesinistervirus.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSPWwcRRueTfw1SfVFNClAV1CAhM%2B7ez%2FeI0VECEZRTBwS%2FkSDZmdmz5Ob3VnN7OxeLJAiglAKkJyKdu852%2BEniqBGIHSms4Tko3KBEUggeqR0SMhni4Np3vf5KZ559H44cofEh6MHK6%2FoDakUXeo0%2FcYzbwXBhcaqzNywMYy673TbFxqmfD7we03%2F2cbLgg30UugHvh%2F4QWNFGpHo4VIQBE0fMn%2FYC5o9v9kOm0GnjaH5L7buFCz1wMtDcg6ST888fNSGZBNk6ZeXhR0UOn%2FupdQpWmiDkj94PRtkusqQztfEeEiyByduaLu%2F8i10tj0LDF3%2BY4zllHi%2F%2FYo4e3CSEnG5fRw0VhAZYn4WVTmBUBNIOgHTdyH5PgEYx7U1ZOnONW0qevtYpUfqlCw8%2FhOympKFn55Alj66pOSwcVMrV0idWQyTGnI4gexPkLtdFBunIKtdsOJ9SP4DWXq8iizdWrNKQ%2FKDp0Pa7bKoGyxGXT9ZbEfL4WJPBHyRhe2kE3V7LPDZrCEpJ5DJBEpsgtrTcNaDkx5c4sHlHlJ%2B0Fhm7SjiUYdTwVgYJ0GUtJN2jzI%2FYX6rF8Kxoz9sosg3wdQmmPlgJ%2BfrxaDcKowTWy5jdhR8ekyFrRm5c0SGrVGA3NzBQN7f75yDcd%2FBrtew%2FH%2BwxZR4r76HkteoBEFlCSpKUEmCqiCoynqbKxvaeocr6%2BLgZIYns1WPddEf0W1d9EVGRvkh%2Bf%2Bs6b9u3cVAHDSSDuO82416MQs7UUB7nEZxa7kVxUk3TAIBK2tIewrUetiQU3KerSGXU7LgryGmu7BqF0x6oO5J0Gq8HPqg6%2BN25GMj%2BzqlmaQs1aUUQdhqxkr3ba6LJtMpuK6RFwsobnsjdUjOz2L1fj8LwfYufvLx2s8X%2BNtgpkZuatyS3xP01b3xDV2RrRu6suSrtbyQqdygR8dxs6CFOP35VXG70oZfuWw3P3uBHQlH68PXhC1WacZl1rfki0uSc2FWtGGCfHPFvini686uX3Imc%2Fnq9RdXrqS5EdZKnU1A5f4b74LJKTljBrOzf%2BqPq5BmAuNqpG6PnDxIPQHL78Dm8%2FRWExg198S5h8rVYxPGc1JJAiXmmMY17L9wPN9H9h76xgMt7iJLa5SmRqlqULUJ606Pi9zsXfyxNXuIlTeOlfG2YmXU%2FeNqrTxoMOYLGsTLgRBcdFqMtbssirtJq70sog7voLBTfuOjX%2F4GAAD%2F%2FwEAAP%2F%2FRA5m0cMEAAA%3D
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://www.wedirectpass.com/
Certificate IssuerLet's Encrypt
Subjectprincesinistervirus.com
Fingerprint3F:32:44:B2:F0:11:1E:65:F0:CE:5F:D8:67:23:DD:C4:40:8E:9D:CB
ValidityThu, 27 Apr 2023 02:00:35 GMT - Wed, 26 Jul 2023 02:00:34 GMT
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSPWwcRRueTfw1SfVFNClAV1CAhM%2B7ez%2FeI0VECEZRTBwS%2FkSDZmdmz5Ob3VnN7OxeLJAiglAKkJyKdu852%2BEniqBGIHSms4Tko3KBEUggeqR0SMhni4Np3vf5KZ559H44cofEh6MHK6%2FoDakUXeo0%2FcYzbwXBhcaqzNywMYy673TbFxqmfD7we03%2F2cbLgg30UugHvh%2F4QWNFGpHo4VIQBE0fMn%2FYC5o9v9kOm0GnjaH5L7buFCz1wMtDcg6ST888fNSGZBNk6ZeXhR0UOn%2FupdQpWmiDkj94PRtkusqQztfEeEiyByduaLu%2F8i10tj0LDF3%2BY4zllHi%2F%2FYo4e3CSEnG5fRw0VhAZYn4WVTmBUBNIOgHTdyH5PgEYx7U1ZOnONW0qevtYpUfqlCw8%2FhOympKFn55Alj66pOSwcVMrV0idWQyTGnI4gexPkLtdFBunIKtdsOJ9SP4DWXq8iizdWrNKQ%2FKDp0Pa7bKoGyxGXT9ZbEfL4WJPBHyRhe2kE3V7LPDZrCEpJ5DJBEpsgtrTcNaDkx5c4sHlHlJ%2B0Fhm7SjiUYdTwVgYJ0GUtJN2jzI%2FYX6rF8Kxoz9sosg3wdQmmPlgJ%2BfrxaDcKowTWy5jdhR8ekyFrRm5c0SGrVGA3NzBQN7f75yDcd%2FBrtew%2FH%2BwxZR4r76HkteoBEFlCSpKUEmCqiCoynqbKxvaeocr6%2BLgZIYns1WPddEf0W1d9EVGRvkh%2Bf%2Bs6b9u3cVAHDSSDuO82416MQs7UUB7nEZxa7kVxUk3TAIBK2tIewrUetiQU3KerSGXU7LgryGmu7BqF0x6oO5J0Gq8HPqg6%2BN25GMj%2BzqlmaQs1aUUQdhqxkr3ba6LJtMpuK6RFwsobnsjdUjOz2L1fj8LwfYufvLx2s8X%2BNtgpkZuatyS3xP01b3xDV2RrRu6suSrtbyQqdygR8dxs6CFOP35VXG70oZfuWw3P3uBHQlH68PXhC1WacZl1rfki0uSc2FWtGGCfHPFvini686uX3Imc%2Fnq9RdXrqS5EdZKnU1A5f4b74LJKTljBrOzf%2BqPq5BmAuNqpG6PnDxIPQHL78Dm8%2FRWExg198S5h8rVYxPGc1JJAiXmmMY17L9wPN9H9h76xgMt7iJLa5SmRqlqULUJ606Pi9zsXfyxNXuIlTeOlfG2YmXU%2FeNqrTxoMOYLGsTLgRBcdFqMtbssirtJq70sog7voLBTfuOjX%2F4GAAD%2F%2FwEAAP%2F%2FRA5m0cMEAAA%3D HTTP/1.1
Host: princesinistervirus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Cookie: u_pl=16607872,16607875; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjYwNzg3MiwiayI6IjE1YmM5MTYzMGVjMDk2MzAwOGZmNDg0OTFhYWNlY2JhIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNjYzODIzLCJwaWQiOjI3NDUxMSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxLCJhaWQiOjIzLCJwdCI6NCwicGsiOiJlc3hxeXRkeWgiLCJjcGtzIjp7ICIyOCI6IjM1ZDEyNDdiMzU0ZjU2Njk3MTkwYjBhMWVhYTAyMjM2In0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoxNzkwODg5NDgsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTI0Mzg2LCJibiI6IkZpcmVmb3giLCJidiI6IjExMS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vd3d3LndlZGlyZWN0cGFzcy5jb20vIn19.wzEwUido1LLxb-ZBSBZbkHNMTWnY15uQ0NbLLfxSbqs; uid_id2=2a66c861-860f-4872-9e1d-c24f5869c10c:3:1; pdhtkv=true; uncs=2; pdhtkv23=true; uncs23=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 03 May 2023 16:33:41 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 5679c546c942023e32897d0a4c1be4b0
Strict-Transport-Security: max-age=0; includeSubdomains
princesinistervirus.com/pixel/sbs?c=1
200 OK 0 B URL GET HTTP/1.1 princesinistervirus.com/pixel/sbs?c=1
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://www.wedirectpass.com/
Certificate IssuerLet's Encrypt
Subjectprincesinistervirus.com
Fingerprint3F:32:44:B2:F0:11:1E:65:F0:CE:5F:D8:67:23:DD:C4:40:8E:9D:CB
ValidityThu, 27 Apr 2023 02:00:35 GMT - Wed, 26 Jul 2023 02:00:34 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: princesinistervirus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Cookie: u_pl=16607872,16607875; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjYwNzg3MiwiayI6IjE1YmM5MTYzMGVjMDk2MzAwOGZmNDg0OTFhYWNlY2JhIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNjYzODIzLCJwaWQiOjI3NDUxMSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxLCJhaWQiOjIzLCJwdCI6NCwicGsiOiJlc3hxeXRkeWgiLCJjcGtzIjp7ICIyOCI6IjM1ZDEyNDdiMzU0ZjU2Njk3MTkwYjBhMWVhYTAyMjM2In0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoxNzkwODg5NDgsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTI0Mzg2LCJibiI6IkZpcmVmb3giLCJidiI6IjExMS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vd3d3LndlZGlyZWN0cGFzcy5jb20vIn19.wzEwUido1LLxb-ZBSBZbkHNMTWnY15uQ0NbLLfxSbqs; uid_id2=2a66c861-860f-4872-9e1d-c24f5869c10c:3:1; pdhtkv=true; uncs=2; pdhtkv23=true; uncs23=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 03 May 2023 16:33:41 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
www.facebook.com/v2.3/plugins/page.php?adapt_container_width=true&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df34aa62a7b95e9a%26domain%3Dwww.wedirectpass.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.wedirectpass.com%252Ff3f9ed0e153baa4%26relation%3Dparent.parent&container_width=0&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2Fkhmermovie.dubbed%2F&locale=en_US&sdk=joey&show_facepile=true&small_header=false&width=210
302 Found 0 B URL GET HTTP/2 www.facebook.com/v2.3/plugins/page.php?adapt_container_width=true&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df34aa62a7b95e9a%26domain%3Dwww.wedirectpass.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.wedirectpass.com%252Ff3f9ed0e153baa4%26relation%3Dparent.parent&container_width=0&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2Fkhmermovie.dubbed%2F&locale=en_US&sdk=joey&show_facepile=true&small_header=false&width=210
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerDigiCert Inc
Subject*.facebook.com
FingerprintD7:A7:87:1C:1F:D1:8B:0F:7F:17:0A:0A:19:ED:F8:33:29:43:DC:6C
ValidityFri, 10 Feb 2023 00:00:00 GMT - Thu, 11 May 2023 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v2.3/plugins/page.php?adapt_container_width=true&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df34aa62a7b95e9a%26domain%3Dwww.wedirectpass.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.wedirectpass.com%252Ff3f9ed0e153baa4%26relation%3Dparent.parent&container_width=0&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2Fkhmermovie.dubbed%2F&locale=en_US&sdk=joey&show_facepile=true&small_header=false&width=210 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
location: https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fadapt_container_width%3Dtrue%26app_id%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df34aa62a7b95e9a%2526domain%253Dwww.wedirectpass.com%2526is_canvas%253Dfalse%2526origin%253Dhttps%25253A%25252F%25252Fwww.wedirectpass.com%25252Ff3f9ed0e153baa4%2526relation%253Dparent.parent%26container_width%3D0%26hide_cover%3Dfalse%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252Fkhmermovie.dubbed%252F%26locale%3Den_US%26sdk%3Djoey%26show_facepile%3Dtrue%26small_header%3Dfalse%26width%3D210
x-fb-rlafr: 0
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: unsafe-none
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
facebook-api-version: v10.0
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: aain4NkorqjzCbDGPWMrwlxQm0XmuKq+qm+vwI/ag67+xNUiA4zqbN7tnVHFGZn7ZxsniSxy7tMTjaaH695xVA==
content-length: 0
date: Wed, 03 May 2023 16:33:41 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
unseenreport.com/pxf.gif?uuid=2a66c861-860f-4872-9e1d-c24f5869c10c&eb=1825ffe812838d20280215b5ec6bf9db&te=188e0523b921745c60844a7eb1ad8eb5&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=65aa283021630dfd9030555c4c61a78c&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=16
200 OK 1 B URL GET HTTP/1.1 unseenreport.com/pxf.gif?uuid=2a66c861-860f-4872-9e1d-c24f5869c10c&eb=1825ffe812838d20280215b5ec6bf9db&te=188e0523b921745c60844a7eb1ad8eb5&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=65aa283021630dfd9030555c4c61a78c&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=16
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://www.wedirectpass.com/
Certificate IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint33:54:5C:58:7C:8E:75:EE:DF:A0:8C:41:D3:AC:1B:BF:B6:66:28:EC
ValidityMon, 27 Mar 2023 07:09:08 GMT - Sun, 25 Jun 2023 07:09:07 GMT
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=2a66c861-860f-4872-9e1d-c24f5869c10c&eb=1825ffe812838d20280215b5ec6bf9db&te=188e0523b921745c60844a7eb1ad8eb5&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=65aa283021630dfd9030555c4c61a78c&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=16 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 03 May 2023 16:33:41 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b78278d81b8f9f5f225c7a213ac4f3df
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=2a66c861-860f-4872-9e1d-c24f5869c10c&eb=1825ffe812838d20280215b5ec6bf9db&te=188e0523b921745c60844a7eb1ad8eb5&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=35d1247b354f56697190b0a1eaa02236&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=16
200 OK 1 B URL GET HTTP/1.1 unseenreport.com/pxf.gif?uuid=2a66c861-860f-4872-9e1d-c24f5869c10c&eb=1825ffe812838d20280215b5ec6bf9db&te=188e0523b921745c60844a7eb1ad8eb5&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=35d1247b354f56697190b0a1eaa02236&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=16
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://www.wedirectpass.com/
Certificate IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint33:54:5C:58:7C:8E:75:EE:DF:A0:8C:41:D3:AC:1B:BF:B6:66:28:EC
ValidityMon, 27 Mar 2023 07:09:08 GMT - Sun, 25 Jun 2023 07:09:07 GMT
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=2a66c861-860f-4872-9e1d-c24f5869c10c&eb=1825ffe812838d20280215b5ec6bf9db&te=188e0523b921745c60844a7eb1ad8eb5&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=35d1247b354f56697190b0a1eaa02236&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=16 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 03 May 2023 16:33:41 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 21d7cc9567d4d876cd0c5abff45acf58
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=2a66c861-860f-4872-9e1d-c24f5869c10c&eb=1825ffe812838d20280215b5ec6bf9db&te=188e0523b921745c60844a7eb1ad8eb5&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=f5cdd6689bc2581a9da8b3738bf62f1e&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=16
200 OK 1 B URL GET HTTP/1.1 unseenreport.com/pxf.gif?uuid=2a66c861-860f-4872-9e1d-c24f5869c10c&eb=1825ffe812838d20280215b5ec6bf9db&te=188e0523b921745c60844a7eb1ad8eb5&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=f5cdd6689bc2581a9da8b3738bf62f1e&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=16
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://www.wedirectpass.com/
Certificate IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint33:54:5C:58:7C:8E:75:EE:DF:A0:8C:41:D3:AC:1B:BF:B6:66:28:EC
ValidityMon, 27 Mar 2023 07:09:08 GMT - Sun, 25 Jun 2023 07:09:07 GMT
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=2a66c861-860f-4872-9e1d-c24f5869c10c&eb=1825ffe812838d20280215b5ec6bf9db&te=188e0523b921745c60844a7eb1ad8eb5&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=f5cdd6689bc2581a9da8b3738bf62f1e&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=16 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 03 May 2023 16:33:41 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 6f50080576b6f087ec558c9912ce6420
Strict-Transport-Security: max-age=0; includeSubdomains
cdn.creative-bars1.com/sb/ssp/sweep/social-box/white-small/css/style.css
200 OK 4.7 kB URL GET HTTP/2 cdn.creative-bars1.com/sb/ssp/sweep/social-box/white-small/css/style.css
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint88:10:E4:38:7C:46:CF:44:7C:D0:C8:1F:06:39:9F:7E:A5:2E:27:4A
ValidityThu, 27 Apr 2023 15:05:54 GMT - Wed, 26 Jul 2023 15:05:53 GMT
File type ASCII text, with very long lines (4946), with no line terminators
Hash 0c9820574b198ca562dabca383187b6a
8751a9ab8a4c172a325096fd01d0e995e3bbc5d9
00bad6e2c7ac63a0b72b4ac1352711a51752a3e7c31a5596391f55b39beeb80f
GET /sb/ssp/sweep/social-box/white-small/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.wedirectpass.com
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 03 May 2023 16:33:38 GMT
content-type: text/css
last-modified: Mon, 24 Jan 2022 10:39:40 GMT
etag: W/"61ee81ec-123b"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S9MhFc20BibfA5ILh1mbDeY5hPnW9krNROzO1PCKMpyVHjdIvh0Pw%2BVIToO%2FGIpsCQFJWy0vjr31921C4lWtSv2aOtSIlgHTAw1Hm6lglAuuR%2BWCHW%2B2ubVK4X8pAG9JX%2F%2BZ32qtWQAg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c19e8247df423d7-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/ssp/sweep/social-box/white-small/js/script.js
200 OK 774 B URL GET HTTP/2 cdn.creative-bars1.com/sb/ssp/sweep/social-box/white-small/js/script.js
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint88:10:E4:38:7C:46:CF:44:7C:D0:C8:1F:06:39:9F:7E:A5:2E:27:4A
ValidityThu, 27 Apr 2023 15:05:54 GMT - Wed, 26 Jul 2023 15:05:53 GMT
File type ASCII text, with very long lines (812), with no line terminators
Hash 4ec80506223ecab10ca4aa3f0a23505c
1eee12c2972e49bfc91ca6368890e2d4da8c885f
a32bf5464b886bf5ed62307dc6aa6d5ea573e61534983e6ff081d1336d12837a
GET /sb/ssp/sweep/social-box/white-small/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.wedirectpass.com
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 03 May 2023 16:33:41 GMT
content-type: application/javascript
last-modified: Tue, 21 Sep 2021 12:02:04 GMT
etag: W/"6149c9bc-306"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vPNtIqoHnrN2rmjwnhCNrEp6bX9Hl9udCTHfil5S7P20J%2BlDd7J1PL6Rme18PYEgpIKUL5HEtXJU0VxppzSAinDdIAbGO8Ybr4oNKSJC2DzI0m0MbeK9t1BqhEDY%2B7a7fEro70bGTRc5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c19e835bc2523d7-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
blogger.googleusercontent.com/img/a/AVvXsEi2dsCoBceA9qHiJayoCYF8K7tWp3Sxx_I5eMWi1XG9YtCt1iEMQRFv1O0mX_XrSuh-ub56Lf3sOiKZcObeiuFx5MhIYNqsYiY2C2uSgBMyVGg3BOHk2--FviHZRm4HOpfhkR7n-by-67FuzxKoejeP5tuWIWSPp2g1r2Xbu1ViKeXzRdis09mfuQ3-=s368
200 OK 14 kB URL GET HTTP/2 blogger.googleusercontent.com/img/a/AVvXsEi2dsCoBceA9qHiJayoCYF8K7tWp3Sxx_I5eMWi1XG9YtCt1iEMQRFv1O0mX_XrSuh-ub56Lf3sOiKZcObeiuFx5MhIYNqsYiY2C2uSgBMyVGg3BOHk2--FviHZRm4HOpfhkR7n-by-67FuzxKoejeP5tuWIWSPp2g1r2Xbu1ViKeXzRdis09mfuQ3-=s368
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
Fingerprint2A:20:E3:7B:7F:8B:64:5C:E0:A1:6B:F4:DE:4C:76:6D:B9:10:D8:67
ValidityMon, 03 Apr 2023 08:24:22 GMT - Mon, 26 Jun 2023 08:24:21 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 368x137, components 3\012- data
Hash 11bfc7ac45e7f06ca542be69a2a7424f
78d657dac5c10d2ec0e8dfdeffcbfa67d41e5a81
e6e36dcb8bf4f36dc57ffea84419a8709a050d990e6588ba696f3f05025f7b02
GET /img/a/AVvXsEi2dsCoBceA9qHiJayoCYF8K7tWp3Sxx_I5eMWi1XG9YtCt1iEMQRFv1O0mX_XrSuh-ub56Lf3sOiKZcObeiuFx5MhIYNqsYiY2C2uSgBMyVGg3BOHk2--FviHZRm4HOpfhkR7n-by-67FuzxKoejeP5tuWIWSPp2g1r2Xbu1ViKeXzRdis09mfuQ3-=s368 HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/jpeg
vary: Origin
access-control-expose-headers: Content-Length
etag: "vbf"
expires: Thu, 04 May 2023 16:33:38 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="LOGO NIH.jpg"
x-content-type-options: nosniff
date: Wed, 03 May 2023 16:33:38 GMT
server: fife
content-length: 14288
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
friendshipmale.com/sfp.js
200 OK 86 kB URL GET HTTP/2 friendshipmale.com/sfp.js
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint08:6F:D8:CB:9E:0C:0A:98:2E:C5:CD:21:8E:0B:76:2B:50:6F:B6:37
ValiditySat, 18 Feb 2023 00:00:00 GMT - Sat, 17 Feb 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 03 May 2023 16:33:36 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 2a90bba2b1c6eee2593854b0bb2bdeb0
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Wed, 03 May 2023 16:33:36 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tW3NSl9Wcl6faxw8o%2FHKm1%2FPt3aSKkMbmaxrLNe07N%2Fb29qucMc6bDLjZLuKKeZq76ZU1A21eHNT1hz8bgdskbmYY6C%2FijE4FWohMrmAb9D2NUFKNsTY2mJbs14RBOC4Og6wi5c%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c19e81affef4883-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
addresseepaper.com/sfp.js
0 B URL GET addresseepaper.com/sfp.js
IP
Requested by https://www.wedirectpass.com/
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /sfp.js HTTP/1.1
Host: addresseepaper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
addresseepaper.com/sfp.js
0 B URL GET addresseepaper.com/sfp.js
IP
Requested by https://www.wedirectpass.com/
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /sfp.js HTTP/1.1
Host: addresseepaper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
addresseepaper.com/sfp.js
0 B URL GET addresseepaper.com/sfp.js
IP
Requested by https://www.wedirectpass.com/
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /sfp.js HTTP/1.1
Host: addresseepaper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
addresseepaper.com/sfp.js
0 B URL GET addresseepaper.com/sfp.js
IP
Requested by https://www.wedirectpass.com/
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /sfp.js HTTP/1.1
Host: addresseepaper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
fonts.googleapis.com/css2?family=Hanuman&display=swap
200 OK 719 B URL GET HTTP/2 fonts.googleapis.com/css2?family=Hanuman&display=swap
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint78:8B:BB:40:DD:1D:5B:E9:7B:AA:CC:94:45:44:7F:FD:56:6E:E4:60
ValidityMon, 03 Apr 2023 08:24:24 GMT - Mon, 26 Jun 2023 08:24:23 GMT
File type ASCII text, with very long lines (737), with no line terminators
Hash 6d471c3a4b23d23a4f6beb856565a895
756d60542f02db8d9668dd015b93a5ffb68803ee
251129f7b1cff7e3c588cfc10a16cd4f3c00301e4a5b89686644dc1ad1090ce5
GET /css2?family=Hanuman&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 03 May 2023 16:33:34 GMT
date: Wed, 03 May 2023 16:33:34 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
addresseepaper.com/sfp.js
0 B URL GET addresseepaper.com/sfp.js
IP
Requested by https://www.wedirectpass.com/
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /sfp.js HTTP/1.1
Host: addresseepaper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
addresseepaper.com/sfp.js
0 B URL GET addresseepaper.com/sfp.js
IP
Requested by https://www.wedirectpass.com/
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /sfp.js HTTP/1.1
Host: addresseepaper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fadapt_container_width%3Dtrue%26app_id%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df34aa62a7b95e9a%2526domain%253Dwww.wedirectpass.com%2526is_canvas%253Dfalse%2526origin%253Dhttps%25253A%25252F%25252Fwww.wedirectpass.com%25252Ff3f9ed0e153baa4%2526relation%253Dparent.parent%26container_width%3D0%26hide_cover%3Dfalse%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252Fkhmermovie.dubbed%252F%26locale%3Den_US%26sdk%3Djoey%26show_facepile%3Dtrue%26small_header%3Dfalse%26width%3D210
200 OK 0 B URL GET HTTP/2 www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fadapt_container_width%3Dtrue%26app_id%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df34aa62a7b95e9a%2526domain%253Dwww.wedirectpass.com%2526is_canvas%253Dfalse%2526origin%253Dhttps%25253A%25252F%25252Fwww.wedirectpass.com%25252Ff3f9ed0e153baa4%2526relation%253Dparent.parent%26container_width%3D0%26hide_cover%3Dfalse%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252Fkhmermovie.dubbed%252F%26locale%3Den_US%26sdk%3Djoey%26show_facepile%3Dtrue%26small_header%3Dfalse%26width%3D210
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerDigiCert Inc
Subject*.facebook.com
FingerprintD7:A7:87:1C:1F:D1:8B:0F:7F:17:0A:0A:19:ED:F8:33:29:43:DC:6C
ValidityFri, 10 Feb 2023 00:00:00 GMT - Thu, 11 May 2023 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fadapt_container_width%3Dtrue%26app_id%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df34aa62a7b95e9a%2526domain%253Dwww.wedirectpass.com%2526is_canvas%253Dfalse%2526origin%253Dhttps%25253A%25252F%25252Fwww.wedirectpass.com%25252Ff3f9ed0e153baa4%2526relation%253Dparent.parent%26container_width%3D0%26hide_cover%3Dfalse%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252Fkhmermovie.dubbed%252F%26locale%3Den_US%26sdk%3Djoey%26show_facepile%3Dtrue%26small_header%3Dfalse%26width%3D210 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.wedirectpass.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: K0tQme2WqJps5J5S+V6syOV1XBcGhSQtCa7i8a8RAQHMwy/zAg6K1OBFTQ+EIyXrKiAV4449auXriVjCtLbPGA==
date: Wed, 03 May 2023 16:33:41 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.plyr.io/3.6.2/plyr.js
200 OK 121 kB URL GET HTTP/2 cdn.plyr.io/3.6.2/plyr.js
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerCloudflare, Inc.
Subjectcdn.plyr.io
FingerprintFF:35:46:8D:1D:83:62:00:F8:34:EB:16:F5:68:58:8E:B1:61:55:A9
ValidityWed, 12 Apr 2023 00:00:00 GMT - Wed, 10 Apr 2024 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Size 121 kB (120576 bytes)
Hash 980a43996b2722df19b96a0f033c30b9
d91c57288fbccaad97b16e11d7683205e66c1c9e
e706756c39d710de11023979721f90fb304d7403727972ce8af1e46ff831167e
GET /3.6.2/plyr.js HTTP/1.1
Host: cdn.plyr.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 03 May 2023 16:33:34 GMT
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cf-bgj: minify
cf-polished: origSize=120626
etag: W/"4de20a2610a439b1ffd11ca453105687"
last-modified: Thu, 20 Apr 2023 10:33:43 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 1144736
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RKm4ABS44L5GAzrylI%2B9nANs4jcGK4YjSlqTxFe%2FA30pfVuGl9aJLSbnqLVZVz%2BjRMlfrSWq%2B7SmkjixSkZi99lL3e7ONVlXNZH9E1OUZNBfbs4Od06DS8OZP1Y7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c19e80daec1b500-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
addresseepaper.com/sfp.js
0 B URL GET addresseepaper.com/sfp.js
IP
Requested by https://www.wedirectpass.com/
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /sfp.js HTTP/1.1
Host: addresseepaper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
cdn.creative-bars1.com/sb/ssp/sweep/social-box/white-small/css/animate.css
200 OK 79 kB URL GET HTTP/2 cdn.creative-bars1.com/sb/ssp/sweep/social-box/white-small/css/animate.css
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint88:10:E4:38:7C:46:CF:44:7C:D0:C8:1F:06:39:9F:7E:A5:2E:27:4A
ValidityThu, 27 Apr 2023 15:05:54 GMT - Wed, 26 Jul 2023 15:05:53 GMT
Hash e1d8acd5ee9d1a90ea09313cbd8f2b02
8a8327b115d1356715e63270d1ce6d46124c7b1a
3028c87fc798ac3741f02079034e6c23462afc0c5e6c8d321188ce3716c8472a
GET /sb/ssp/sweep/social-box/white-small/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.wedirectpass.com
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 03 May 2023 16:33:38 GMT
content-type: text/css
last-modified: Tue, 21 Sep 2021 12:02:02 GMT
etag: W/"6149c9ba-13591"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vZCl2iOKM28lC12%2Bq7qFJfm3%2B47V6y3E682GCmMyU40LTauaWDdBP6%2BAB2qSmaXGrcWhfvk19HJwCIXBmLCEGc8NAolXkeBFQ4Ba%2BeGAAScxyxfc86EjI02CmwxE%2BjyYHLyF1VsEvxAo"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c19e8248e0823d7-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
addresseepaper.com/sfp.js
0 B URL GET addresseepaper.com/sfp.js
IP
Requested by https://www.wedirectpass.com/
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /sfp.js HTTP/1.1
Host: addresseepaper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
connect.facebook.net/en_US/sdk.js
200 OK 3.1 kB URL GET HTTP/2 connect.facebook.net/en_US/sdk.js
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerDigiCert Inc
Subject*.facebook.com
FingerprintD7:A7:87:1C:1F:D1:8B:0F:7F:17:0A:0A:19:ED:F8:33:29:43:DC:6C
ValidityFri, 10 Feb 2023 00:00:00 GMT - Thu, 11 May 2023 23:59:59 GMT
File type ASCII text, with very long lines (3220), with no line terminators
Hash 193b3541bfaacc2e09c953ee7d6c013d
ea2b62343ae4b78516aaa3c82a6d50c419866f8e
e7f5504c73d872e8d34bffb90a56875e9b88851f21d22a651f0d1177054bfe6d
GET /en_US/sdk.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: 3cfc931a15363ec6a686fca8ce9bb763
etag: "022d256efed39e7ba47fd876b933f4c5"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Wed, 03 May 2023 16:49:13 GMT
cache-control: public,max-age=1200,stale-while-revalidate=3600
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
document-policy: force-load-at-top
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-fb-rlafr: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: oEHeoQzSYAODCHucgTc/Dw==
x-fb-debug: apDaWChjeZ9Mq8lOELz8ZOQUp8QRRKNn93BSEk/XiAHrXEFpsfJV25FVciO+37FFbjTqcv1P1eNh7ZHuGXFLpQ==
content-length: 1685
x-fb-trip-id: 1679558926
date: Wed, 03 May 2023 16:33:37 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.plyr.io/3.6.2/plyr.css
200 OK 38 kB URL GET HTTP/2 cdn.plyr.io/3.6.2/plyr.css
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerCloudflare, Inc.
Subjectcdn.plyr.io
FingerprintFF:35:46:8D:1D:83:62:00:F8:34:EB:16:F5:68:58:8E:B1:61:55:A9
ValidityWed, 12 Apr 2023 00:00:00 GMT - Wed, 10 Apr 2024 23:59:59 GMT
File type ASCII text, with very long lines (37557), with no line terminators
Hash a9aafe5e7f83d1ddb1dc5fcf188ecb24
aeb9415c3c866df9023e7e17fee27bcc0dc47c68
d9f2838b8db61c8ec0769f8c50670da6f88c6f5042371d41c3a295e6f7d7d3b6
GET /3.6.2/plyr.css HTTP/1.1
Host: cdn.plyr.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 03 May 2023 16:33:34 GMT
content-type: text/css; charset=utf-8
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cf-bgj: minify
cf-polished: origSize=37639
etag: W/"53263754d3ae064edd2ab221ab30a2b4"
last-modified: Thu, 20 Apr 2023 10:33:43 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 1144629
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5dFQAo6poGZ%2B5rik%2BUf9DIthFD6gv4m2Ma9onOHfDeHwMPVcCtPbM8mCLOqT0rKkCr8A8mHuFKazCJUClMTh3YRmMBwalC48VGcle2IZzQwlN0zXOD6dNTEHIuM%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c19e80daec0b500-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.gstatic.com/s/josefinsans/v26/Qw3PZQNVED7rKGKxtqIqX5E-AVSJrOCfjY46_ObXbMZhLw.woff2
200 OK 12 kB URL GET HTTP/2 fonts.gstatic.com/s/josefinsans/v26/Qw3PZQNVED7rKGKxtqIqX5E-AVSJrOCfjY46_ObXbMZhLw.woff2
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint34:5A:0A:3B:4F:02:F9:C6:C9:D7:3F:CA:9D:17:0D:40:27:05:05:0A
ValidityMon, 03 Apr 2023 08:24:23 GMT - Mon, 26 Jun 2023 08:24:22 GMT
File type Web Open Font Format (Version 2), TrueType, length 12316, version 1.0\012- data
Hash fbceb2bfb07bf7b621fcf3b541c17020
3bfb789d55f6bb175f99f19ab8aec083d6f8343e
799d474a1a499635e03de0cea24bc42218d7c38cb6819a53860948e3b79a4c0a
GET /s/josefinsans/v26/Qw3PZQNVED7rKGKxtqIqX5E-AVSJrOCfjY46_ObXbMZhLw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.wedirectpass.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 12316
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 02 May 2023 21:04:39 GMT
expires: Wed, 01 May 2024 21:04:39 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 02 May 2023 15:05:42 GMT
content-type: font/woff2
age: 70135
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
200 OK 31 kB URL GET HTTP/2 stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint5B:F7:8F:50:AD:E5:5B:5E:8C:4A:39:3D:0C:98:E8:8C:18:4B:3D:8A
ValidityFri, 30 Dec 2022 00:00:00 GMT - Sat, 30 Dec 2023 23:59:59 GMT
File type ASCII text, with very long lines (30837)
Hash 269550530cc127b6aa5a35925a7de6ce
512c7d79033e3028a9be61b540cf1a6870c896f8
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
GET /font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1
Host: stackpath.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 03 May 2023 16:33:34 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
last-modified: Mon, 25 Jan 2021 22:04:55 GMT
cdn-cachedat: 11/15/2021 21:49:00
cdn-proxyver: 1.0
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 723
cdn-status: 200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-requestid: 2729ae8f2fc6c761bdc17d91cc795f58
cdn-cache: HIT
cf-cache-status: HIT
age: 28578368
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 7c19e80dbc231c02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
connect.facebook.net/en_US/sdk.js?hash=cbb92815faedc0f279305412a4cedfba
200 OK 314 kB URL GET HTTP/2 connect.facebook.net/en_US/sdk.js?hash=cbb92815faedc0f279305412a4cedfba
IP
Requested by https://www.wedirectpass.com/
Certificate IssuerDigiCert Inc
Subject*.facebook.com
FingerprintD7:A7:87:1C:1F:D1:8B:0F:7F:17:0A:0A:19:ED:F8:33:29:43:DC:6C
ValidityFri, 10 Feb 2023 00:00:00 GMT - Thu, 11 May 2023 23:59:59 GMT
File type ASCII text, with very long lines (18530)
Size 314 kB (313601 bytes)
Hash 6103c9599702188d19902a6a3a5fbba6
c8e3c6dbed1583579b7e744553c2d0be3c5707cd
2774ee0186cb966ac5f057b4a8e93b3ffd6fa035f339dfa10928576d7bf609a0
GET /en_US/sdk.js?hash=cbb92815faedc0f279305412a4cedfba HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.wedirectpass.com
Connection: keep-alive
Referer: https://www.wedirectpass.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: 6103c9599702188d19902a6a3a5fbba6
etag: "0f2b4d437f23dbb63d1b2965f8426642"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Thu, 02 May 2024 12:22:02 GMT
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: Ok/WIUeV9qVXNLg2RRMKPw==
x-fb-debug: UE5qW9xugFOnvFxi7EWJzQcYdcFHjp7Zvnynew2hRMqDE4tOghVUNykxwvmaDHsoczSDtHaWnSxaqv6qgDxH3Q==
content-length: 88639
x-fb-trip-id: 1679558926
date: Wed, 03 May 2023 16:33:38 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
103.160.37.195
31.13.72.36
142.250.74.147
149.56.240.27
0.0.0.0
52.58.93.188
46.105.201.240
0.0.0.0