lesmeilleursmomentsdusport.afterlivre.com/livre-francais-le-plus-vendu.html
200 OK 535 B URL HTTP/1.1 lesmeilleursmomentsdusport.afterlivre.com/livre-francais-le-plus-vendu.html
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (535), with no line terminators
Hash b818a8d55eddda8a450b5527cc8a223b
6566b7e6ad1905410682dad9ebca1d5002ee6dd4
90b8971aa2d1cb8f66ca8069614d2f0c5741ccb620e10090a47441f6b05e3b43
Analyzer Verdict Alert fortinet Phishing
GET /livre-francais-le-plus-vendu.html HTTP/1.1
Host: lesmeilleursmomentsdusport.afterlivre.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 535
content-type: text/html; charset=utf-8
date: Wed, 14 Dec 2022 02:36:19 GMT
server: nginx
set-cookie: sid=17393da0-7b58-11ed-a953-b6964b4e976e; path=/; domain=.afterlivre.com; expires=Mon, 01 Jan 2091 05:50:26 GMT; max-age=2147483647; HttpOnly
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 3c0c53379f331e934f61070074d41035
420f6e542cbf741838566f22e475a80e2f600d21
4b7213ec107cdf1c2cd61a124453fb682ec291af0004d071105c87e2fe7528f5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4B7213EC107CDF1C2CD61A124453FB682EC291AF0004D071105C87E2FE7528F5"
Last-Modified: Mon, 12 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11368
Expires: Wed, 14 Dec 2022 05:45:47 GMT
Date: Wed, 14 Dec 2022 02:36:19 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 555d8608594803d49eeb9581c6b70702
d01e0201e0ba0cf751ef97226620338a853bc635
2885cdac311a30161a8ac9ef8e54c788afafd4f86ed197a651fc6d8bda077908
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2885CDAC311A30161A8AC9EF8E54C788AFAFD4F86ED197A651FC6D8BDA077908"
Last-Modified: Mon, 12 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3094
Expires: Wed, 14 Dec 2022 03:27:53 GMT
Date: Wed, 14 Dec 2022 02:36:19 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Backoff, Content-Length, Content-Type, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 14 Dec 2022 02:33:47 GMT
content-type: application/json
age: 152
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash d29881eeb0456eff8cf415ad2ce64ba0
e3cfdd5f56ff88066257ec8f4726f53e3a733bd3
2cd90072f113163f976ddb8bc7017884efd3f764e7e8961b04e3ba5ec0a17d85
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2CD90072F113163F976DDB8BC7017884EFD3F764E7E8961B04E3BA5EC0A17D85"
Last-Modified: Mon, 12 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7067
Expires: Wed, 14 Dec 2022 04:34:06 GMT
Date: Wed, 14 Dec 2022 02:36:19 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: RROsb6Jl71SFG5MFJ/1Fbw1Y0F6+BbdXKrEJ14Cfu36aLpx4b11uKEFcWG4mL6sgJlpcCiNO+MA=
x-amz-request-id: DGPSN0KKC4N49TTV
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 14 Dec 2022 01:52:09 GMT
age: 2650
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 14 Dec 2022 02:36:19 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
lesmeilleursmomentsdusport.afterlivre.com/favicon.ico
404 Not Found 9 B URL HTTP/1.1 lesmeilleursmomentsdusport.afterlivre.com/favicon.ico
IP
File type ASCII text, with no line terminators
Hash d8f4a1993546cc4b850cde3599e27aec
094b763b4cfcc0b05e5d040581cd513c3ca08067
907ba78b4545338d3539683e63ecb51cf51c10adc9dabd86e92bd52339f298b9
GET /favicon.ico HTTP/1.1
Host: lesmeilleursmomentsdusport.afterlivre.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lesmeilleursmomentsdusport.afterlivre.com/livre-francais-le-plus-vendu.html
Cookie: sid=17393da0-7b58-11ed-a953-b6964b4e976e
HTTP/1.1 404 Not Found
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 9
date: Wed, 14 Dec 2022 02:36:19 GMT
server: nginx
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Last-Modified, ETag, Cache-Control, Alert, Content-Length, Pragma, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 14 Dec 2022 02:33:19 GMT
age: 181
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
lesmeilleursmomentsdusport.afterlivre.com/livre-francais-le-plus-vendu.html?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY3MDk5MjU3OSwiaWF0IjoxNjcwOTg1Mzc5LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIyc284Z21iazl2cmI0YTBiZjAwN2VtaWQiLCJuYmYiOjE2NzA5ODUzNzksInRzIjoxNjcwOTg1Mzc5NTM5MjU1fQ.YgXvQr8J_JjFjOR_AOLSaJMAlYUZQ0EgTRtsknA1DbM&sid=17393da0-7b58-11ed-a953-b6964b4e976e
302 Found 11 B URL HTTP/1.1 lesmeilleursmomentsdusport.afterlivre.com/livre-francais-le-plus-vendu.html?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY3MDk5MjU3OSwiaWF0IjoxNjcwOTg1Mzc5LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIyc284Z21iazl2cmI0YTBiZjAwN2VtaWQiLCJuYmYiOjE2NzA5ODUzNzksInRzIjoxNjcwOTg1Mzc5NTM5MjU1fQ.YgXvQr8J_JjFjOR_AOLSaJMAlYUZQ0EgTRtsknA1DbM&sid=17393da0-7b58-11ed-a953-b6964b4e976e
IP
File type ASCII text, with no line terminators
Hash 32682312d17c7cbf18e73594f5570319
60e22121bdd0bc71cdb2bae2a3aa577006b2eae9
e55fb1a1d731153e943b68844af12dcce8bfac917c98ffdea64c80da0607dd47
GET /livre-francais-le-plus-vendu.html?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY3MDk5MjU3OSwiaWF0IjoxNjcwOTg1Mzc5LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIyc284Z21iazl2cmI0YTBiZjAwN2VtaWQiLCJuYmYiOjE2NzA5ODUzNzksInRzIjoxNjcwOTg1Mzc5NTM5MjU1fQ.YgXvQr8J_JjFjOR_AOLSaJMAlYUZQ0EgTRtsknA1DbM&sid=17393da0-7b58-11ed-a953-b6964b4e976e HTTP/1.1
Host: lesmeilleursmomentsdusport.afterlivre.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lesmeilleursmomentsdusport.afterlivre.com/livre-francais-le-plus-vendu.html
Cookie: sid=17393da0-7b58-11ed-a953-b6964b4e976e
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 11
date: Wed, 14 Dec 2022 02:36:20 GMT
location: http://ciar-kep.com/zcvisitor/1783de53-7b58-11ed-ab6a-0a57b47492e7/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=3333e050-2de2-11ed-8859-0a918cbcbb97
server: nginx
set-cookie: sid=17393da0-7b58-11ed-a953-b6964b4e976e; path=/; domain=.afterlivre.com; expires=Mon, 01 Jan 2091 05:50:27 GMT; max-age=2147483647; HttpOnly
ocsp.digicert.com/
200 OK 471 B IP
Hash de9e80c3bbe25e8623562110be8b8c9c
013f87db47c4ce3daf3380bc5e0ac3b1b496fe6f
792d587777c03d661a39a0593b71b3ec7611cb6e9d7a834bc79f28e6ace19692
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2019
Cache-Control: max-age=111851
Content-Type: application/ocsp-response
Date: Wed, 14 Dec 2022 02:36:20 GMT
Etag: "639840ac-1d7"
Expires: Thu, 15 Dec 2022 09:40:31 GMT
Last-Modified: Tue, 13 Dec 2022 09:06:52 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 471
ciar-kep.com/zcvisitor/1783de53-7b58-11ed-ab6a-0a57b47492e7/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=3333e050-2de2-11ed-8859-0a918cbcbb97
200 1.1 kB URL HTTP/1.1 ciar-kep.com/zcvisitor/1783de53-7b58-11ed-ab6a-0a57b47492e7/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=3333e050-2de2-11ed-8859-0a918cbcbb97
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 645e70f488a70977abe657846f110221
7ec9d7d5a35f798f808ba5ea7f6870c95158cece
1963da616bb986067d853e89fe558a7d25d918658bf9b08d5a920aabcb950513
Analyzer Verdict Alert quad9 Sinkholed
GET /zcvisitor/1783de53-7b58-11ed-ab6a-0a57b47492e7/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=3333e050-2de2-11ed-8859-0a918cbcbb97 HTTP/1.1
Host: ciar-kep.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://lesmeilleursmomentsdusport.afterlivre.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200
Date: Wed, 14 Dec 2022 02:36:20 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Server: YNWbqjCv
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: mcp/mxRyTHZ8A2x50sa99w==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 1q++WDcwVs9lpz92t5F/fExBGEM=
ciar-kep.com/zcredirect?visitid=1783de53-7b58-11ed-ab6a-0a57b47492e7&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false
200 794 B URL HTTP/1.1 ciar-kep.com/zcredirect?visitid=1783de53-7b58-11ed-ab6a-0a57b47492e7&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (354)
Hash af2d50c5e9f27534f0e7d891a3e8d358
9dec0ef511af189fafac1afeecf1c479516f0e4f
f76dc8ef26f716cae35375965f65c9ad0352b224cf6df2472903402987b45f49
Analyzer Verdict Alert quad9 Sinkholed
GET /zcredirect?visitid=1783de53-7b58-11ed-ab6a-0a57b47492e7&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false HTTP/1.1
Host: ciar-kep.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ciar-kep.com/zcvisitor/1783de53-7b58-11ed-ab6a-0a57b47492e7/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=3333e050-2de2-11ed-8859-0a918cbcbb97
Upgrade-Insecure-Requests: 1
HTTP/1.1 200
Date: Wed, 14 Dec 2022 02:36:20 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
redirected: JS
Server: tDuudDsJ
ciar-kep.com/favicon.ico
404 653 B IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (649), with no line terminators
Hash ba2732b1b2fa2626ffaa15f62f9e7d66
203d4e7fbb1d80449d6e4e1f3ae7a9bf8625debe
879861cb72fe9fbb476dab246021c4c83b4066327de2529e05ec54d3afb0a1c8
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: ciar-kep.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ciar-kep.com/zcredirect?visitid=1783de53-7b58-11ed-ab6a-0a57b47492e7&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false
HTTP/1.1 404
Date: Wed, 14 Dec 2022 02:36:21 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 653
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Content-Language: en
Server: WkgwsVRR
cartining-specute.com/zp-redirect?target=https%3A%2F%2Fflirtyhoookup.com%2F%3Futm_source%3Dn19ck4pSWjZsA%26s1%3D719fbd40-273d-47b8-882f-683d1074b172%26s2%3Dwbuuba78job09i5l28r2g8bm&caid=2deaef68-c870-4247-a076-22d7e7f8e3ba&zpid=1783de53-7b58-11ed-ab6a-0a57b47492e7&cid=wbuuba78job09i5l28r2g8bm&rt=R
302 Found 0 B URL HTTP/2 cartining-specute.com/zp-redirect?target=https%3A%2F%2Fflirtyhoookup.com%2F%3Futm_source%3Dn19ck4pSWjZsA%26s1%3D719fbd40-273d-47b8-882f-683d1074b172%26s2%3Dwbuuba78job09i5l28r2g8bm&caid=2deaef68-c870-4247-a076-22d7e7f8e3ba&zpid=1783de53-7b58-11ed-ab6a-0a57b47492e7&cid=wbuuba78job09i5l28r2g8bm&rt=R
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /zp-redirect?target=https%3A%2F%2Fflirtyhoookup.com%2F%3Futm_source%3Dn19ck4pSWjZsA%26s1%3D719fbd40-273d-47b8-882f-683d1074b172%26s2%3Dwbuuba78job09i5l28r2g8bm&caid=2deaef68-c870-4247-a076-22d7e7f8e3ba&zpid=1783de53-7b58-11ed-ab6a-0a57b47492e7&cid=wbuuba78job09i5l28r2g8bm&rt=R HTTP/1.1
Host: cartining-specute.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ciar-kep.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Wed, 14 Dec 2022 02:36:21 GMT
content-length: 0
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://flirtyhoookup.com/?utm_source=n19ck4pSWjZsA&s1=719fbd40-273d-47b8-882f-683d1074b172&s2=wbuuba78job09i5l28r2g8bm
pragma: no-cache
set-cookie: cc-v4=VHSSHTuX28EEl%2BkQ59cdrkKep6EKsTH1JDyJpklrRdKaL4rGgJTj%2FISDEcej2a%2Fle9Q5FepjaLn2z%2BsjX7se95oWlFru78CXGaBKwCZMGUd2BoyMUCG6rLOsvZDc1V5MWtqhT68LXI9uXMEF%2BHHT%2BA%3D%3D; Max-Age=31536000; Expires=Thu, 14-Dec-2023 02:36:21 GMT; Domain=cartining-specute.com; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2
ocsp.starfieldtech.com/
200 OK 1.8 kB IP
Hash 0d0fad8a16a838eaf7edf9da45c7d391
4904b204d40d72552987e67a66d38d9855896509
ed4c2e80b276a034ad179866e4cf95a712bf9fe0baa15e95edc15e3ee79a6cdc
POST / HTTP/1.1
Host: ocsp.starfieldtech.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Wed, 14 Dec 2022 02:36:21 GMT
Content-Type: application/ocsp-response
Content-Length: 1845
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Tue, 13 Dec 2022 20:01:30 GMT
Expires: Wed, 14 Dec 2022 20:01:30 GMT
ETag: "4904b204d40d72552987e67a66d38d9855896509"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
flirtyhoookup.com/?utm_source=n19ck4pSWjZsA&s1=719fbd40-273d-47b8-882f-683d1074b172&s2=wbuuba78job09i5l28r2g8bm
302 Found 329 B URL HTTP/2 flirtyhoookup.com/?utm_source=n19ck4pSWjZsA&s1=719fbd40-273d-47b8-882f-683d1074b172&s2=wbuuba78job09i5l28r2g8bm
IP
File type HTML document text\012- HTML document, ASCII text, with very long lines (327)
Hash d70ed74523e3f4a0d5d2239691dcc7c0
2146b2c54225a3ba60213a88970cac9bba66a1ce
130ba1c573933dac466382debcff26af0ba3638e66a01ec59d97fbb869f1f1c9
GET /?utm_source=n19ck4pSWjZsA&s1=719fbd40-273d-47b8-882f-683d1074b172&s2=wbuuba78job09i5l28r2g8bm HTTP/1.1
Host: flirtyhoookup.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ciar-kep.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Wed, 14 Dec 2022 02:36:21 GMT
content-type: text/html; charset=utf-8
location: https://www.arkdcz.com/MSJ7L4/HX6G2NF/?sub1=418543&sub2=EkUpsgqjcEAXIvTxkodXeGlmPQvCWgzcjO
cache-control: max-age=0, private, must-revalidate
cross-origin-window-policy: deny
set-cookie: k=SFMyNTY.g3QAAAAEbQAAAARhdW5xdAAAAAFtAAAABTMxNTQ4bQAAAApwZ1BnZFFxZ21SbQAAAANoaWRtAAAAIkVrVXBzZ3FqY0VBWEl2VHhrb2RYZUdsbVBRdkNXZ3pjak9tAAAAAmhsZAADbmlsbQAAAAN1bnFtAAAADEJRaGp4enlHeERzeA.Fv7_3qVEi8jouFo34q8WqaDbXG2RaGgKQHWKHjNTtZw; path=/; expires=Thu, 14 Dec 2023 02:36:21 GMT; max-age=31536000
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gve8wtyPvzICTmu9TpUR1yfMsyYmWrtdV9aqxphbjzfkuDAv1F7qnDKPUMU13ubvBn3YWaTDuGNF7g4C9lJohwX4m5L51jcqpwPTJ7FRMnYdmva5dRTUvwIN2eQpUqo2eot%2FcA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77938d296bcdb4fd-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.starfieldtech.com/
200 OK 1.8 kB IP
Hash 0d0fad8a16a838eaf7edf9da45c7d391
4904b204d40d72552987e67a66d38d9855896509
ed4c2e80b276a034ad179866e4cf95a712bf9fe0baa15e95edc15e3ee79a6cdc
POST / HTTP/1.1
Host: ocsp.starfieldtech.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Wed, 14 Dec 2022 02:36:21 GMT
Content-Type: application/ocsp-response
Content-Length: 1845
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Tue, 13 Dec 2022 20:01:30 GMT
Expires: Wed, 14 Dec 2022 20:01:30 GMT
ETag: "4904b204d40d72552987e67a66d38d9855896509"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 26c6025b12d33a0674edeef8c1491ff6
084f3e27246d3f10c36f8251034a32f71e4905be
a3b48719537321a85667771544ce54728ebdb8d3145a8db154997b6376dba12f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A3B48719537321A85667771544CE54728EBDB8D3145A8DB154997B6376DBA12F"
Last-Modified: Mon, 12 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3223
Expires: Wed, 14 Dec 2022 03:30:04 GMT
Date: Wed, 14 Dec 2022 02:36:21 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 26c6025b12d33a0674edeef8c1491ff6
084f3e27246d3f10c36f8251034a32f71e4905be
a3b48719537321a85667771544ce54728ebdb8d3145a8db154997b6376dba12f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A3B48719537321A85667771544CE54728EBDB8D3145A8DB154997B6376DBA12F"
Last-Modified: Mon, 12 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3223
Expires: Wed, 14 Dec 2022 03:30:04 GMT
Date: Wed, 14 Dec 2022 02:36:21 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 26c6025b12d33a0674edeef8c1491ff6
084f3e27246d3f10c36f8251034a32f71e4905be
a3b48719537321a85667771544ce54728ebdb8d3145a8db154997b6376dba12f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A3B48719537321A85667771544CE54728EBDB8D3145A8DB154997B6376DBA12F"
Last-Modified: Mon, 12 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3223
Expires: Wed, 14 Dec 2022 03:30:04 GMT
Date: Wed, 14 Dec 2022 02:36:21 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 26c6025b12d33a0674edeef8c1491ff6
084f3e27246d3f10c36f8251034a32f71e4905be
a3b48719537321a85667771544ce54728ebdb8d3145a8db154997b6376dba12f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A3B48719537321A85667771544CE54728EBDB8D3145A8DB154997B6376DBA12F"
Last-Modified: Mon, 12 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3223
Expires: Wed, 14 Dec 2022 03:30:04 GMT
Date: Wed, 14 Dec 2022 02:36:21 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa0ca3741-7de7-489c-9d32-963748da31ce.jpeg
200 OK 7.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa0ca3741-7de7-489c-9d32-963748da31ce.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8a1cf68fc0b78db85fd7e6f08cb74233
7374f9065239670ef563fee52f973cc23dd19833
e4493b517b402d9ea4f239d2913cbd9f316ae3f1e0c5e79c62c457c060f18b27
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa0ca3741-7de7-489c-9d32-963748da31ce.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7250
x-amzn-requestid: 8211d14a-d8fa-4f4c-a14f-60e830199a47
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dGpKqHw7IAMFiwg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6398ef10-392d8f374cafe054471d1ff6;Sampled=0
x-amzn-remapped-date: Tue, 13 Dec 2022 21:30:56 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: KYCgE-S3-r07iBLHTszhvvyRK3pxJbbQD7vve9ycPbZ54RtYrQgk4Q==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Tue, 13 Dec 2022 21:47:13 GMT
age: 17348
etag: "7374f9065239670ef563fee52f973cc23dd19833"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff5d9c5ff-aaa2-4c2a-ab2b-661f84126bf7.jpeg
200 OK 7.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff5d9c5ff-aaa2-4c2a-ab2b-661f84126bf7.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 86bce3d677c0dd541440ebf38920020d
f11e21b6ad97e07b1d7103ad40a2e158e06fda73
9e23bc16cd1402d9124ebb9e625a5580f677ca9e008d3e04dc95080072fd1df4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff5d9c5ff-aaa2-4c2a-ab2b-661f84126bf7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7104
x-amzn-requestid: b1117224-be51-4e21-8b3b-01e5485f0af0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dAD2yH4loAMFuWQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63964cf8-1382e1a6710239ec629eedb8;Sampled=0
x-amzn-remapped-date: Sun, 11 Dec 2022 21:34:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: zvjsiwP6d9Uxm19Ce7HzzCKJPnFZjMyOGHBNQ_ChwKDBlX_n-E4UEQ==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Wed, 14 Dec 2022 00:46:31 GMT
age: 6590
etag: "f11e21b6ad97e07b1d7103ad40a2e158e06fda73"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7bc4ff2a-b394-4d5e-b82e-4d1694be9750.jpeg
200 OK 9.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7bc4ff2a-b394-4d5e-b82e-4d1694be9750.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 93cb79f5ffbade1f22774ed3f361e77b
f3363bd8a3584d0307943c4b6d2b97cf1f5560c7
568328e7d8c93e378e18c6d0cf6a2d2ea306815f0c07f75ea8042e918f3b9f81
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7bc4ff2a-b394-4d5e-b82e-4d1694be9750.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9519
x-amzn-requestid: 1a47ee43-6b5e-4eda-a047-fd852b978248
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dGpKnGUgIAMFWmQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6398ef10-4f7825ea052953e7264bf156;Sampled=0
x-amzn-remapped-date: Tue, 13 Dec 2022 21:30:56 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: GpsVv8_1nOSMpIptuGZqqJtRHrBGSWfg7fC5M3XCVxSoPL2ZmAyCsg==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 3cd7af07832481c336aa1c93c9b4a6fe.cloudfront.net (CloudFront), 1.1 google
date: Tue, 13 Dec 2022 21:48:42 GMT
age: 17259
etag: "f3363bd8a3584d0307943c4b6d2b97cf1f5560c7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F023edee7-5d7d-47e7-92b8-683d148af2c3.jpeg
200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F023edee7-5d7d-47e7-92b8-683d148af2c3.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7ddc3d83eb035ebea572c2ece0063bc6
87c03854898adf16935ed628732792cb25c99c57
5e8b8703e45d6331672607f95bdae458c4beb547c4de78b2c82b7968c05a50c6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F023edee7-5d7d-47e7-92b8-683d148af2c3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 14192
x-amzn-requestid: be590bdc-ea8f-4b00-8480-023744b1f858
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dGqNTGqpoAMFiSQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6398f0bb-72b9ef944cd279dd1a496823;Sampled=0
x-amzn-remapped-date: Tue, 13 Dec 2022 21:38:03 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: oeGliqUl2P0MEKAaFnPphjyEf4-g4Iio0pJPfiyZc8fYMqaIAm7EFg==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Tue, 13 Dec 2022 22:25:41 GMT
etag: "87c03854898adf16935ed628732792cb25c99c57"
content-type: image/jpeg
age: 15040
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c71d244-7c6d-4318-96c7-9d3870bdb107.jpeg
200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c71d244-7c6d-4318-96c7-9d3870bdb107.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 903afb72719c0c84e376f6e54ef26c7c
56b6accaa1f7139d849fa1da3b9b80bb884c117b
56436a6c18a432b4cfd5aa3457242dc926d085474df97eb22254eaff7e0da2a2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c71d244-7c6d-4318-96c7-9d3870bdb107.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7566
x-amzn-requestid: 7d25c770-474b-494b-90d8-755ea60b125d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dEqL9GUEIAMFt3w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639823e5-4bb95eb1742d50cb41628d5c;Sampled=0
x-amzn-remapped-date: Tue, 13 Dec 2022 07:04:05 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: dsPbCOGmmbzGJKHkLfUQfU6Od4kgTA0mDBjwIyNLWrlHphaXgd_gRw==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Tue, 13 Dec 2022 07:21:44 GMT
age: 69277
etag: "56b6accaa1f7139d849fa1da3b9b80bb884c117b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F654e7722-a3eb-46c4-b652-ed202ea6f8d1.webp
200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F654e7722-a3eb-46c4-b652-ed202ea6f8d1.webp
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 25e5932a6449b859223367ce1e67e59c
5d2ea71d4f0d952d665586bdf32ed0e88c605af6
160021eb4b65b4720d90337bf46bfc3c5b317b2ec406ba377c9368a11c56f629
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F654e7722-a3eb-46c4-b652-ed202ea6f8d1.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12046
x-amzn-requestid: 53e890e7-eaa7-434d-bcde-4a1e60b5b6b4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dGqNWEhooAMFZxQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6398f0bb-0282299f7b644bbd2b65c079;Sampled=0
x-amzn-remapped-date: Tue, 13 Dec 2022 21:38:03 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 3c5gC6S1vwZ6q--L1Xy-o9sDVS5NJUE34ClzLpnJRNXwFEo9yA6sCg==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Tue, 13 Dec 2022 21:57:41 GMT
age: 16720
etag: "5d2ea71d4f0d952d665586bdf32ed0e88c605af6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash c6ed7440a40e395bf9f87e1bf97d0352
9e09882b1dc8222382d984c798f3f83b5970f7fa
bf88ff469199d5efc66c55710f129666bc888ba0d0e12b71cac0800ba93f446f
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=135396
Date: Wed, 14 Dec 2022 02:36:22 GMT
Etag: "6398a48a-1d7"
Expires: Thu, 15 Dec 2022 16:12:58 GMT
Last-Modified: Tue, 13 Dec 2022 16:12:58 GMT
Server: nginx
X-Cache: Miss from cloudfront
Via: 1.1 501ad2910f631f0520a6d389d6f053e8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 5UjqjADqKlZjVrNwrPpNndcJ5ycvvP9tDsAfqgmM2jDyrNZGycqc_Q==
go.cyberslut2069.com/vrfttcyber/assets/images/themes/cyber/logo/logo.png
200 OK 16 kB URL HTTP/2 go.cyberslut2069.com/vrfttcyber/assets/images/themes/cyber/logo/logo.png
IP
File type PNG image data, 637 x 156, 8-bit/color RGBA, non-interlaced\012- data
Hash 4673cfc8d2708f4ebe2f821483548ccc
815322d33fb4298771be6a43e14b821d365766d7
f2cd404c754d24e0721a08f4b203d5b9853c4bd229c62f339edf1f46195b2154
GET /vrfttcyber/assets/images/themes/cyber/logo/logo.png HTTP/1.1
Host: go.cyberslut2069.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.cyberslut2069.com/vrfttcyber/?bi=pw&sd=1&fk=cyber&ai=68088&ca=415&ci=035fcac8475b45f8a715eeab7702bcc3&tk=MSJ7L4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 16420
last-modified: Thu, 02 Dec 2021 15:26:11 GMT
server: AmazonS3
date: Tue, 13 Dec 2022 04:42:40 GMT
etag: "4673cfc8d2708f4ebe2f821483548ccc"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 04c4f064943f75498361739eb063cb7a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: rvCLhoAnguEd-lNSz6mph_geS_jPNbZQK1t0igruWo5ktNpmD_k5cw==
age: 78823
X-Firefox-Spdy: h2
go.cyberslut2069.com/vrfttcyber/assets/images/girls/hair01_tits01_tattoo01.png
200 OK 331 kB URL HTTP/2 go.cyberslut2069.com/vrfttcyber/assets/images/girls/hair01_tits01_tattoo01.png
IP
File type PNG image data, 790 x 1600, 8-bit colormap, non-interlaced\012- data
Size 331 kB (330574 bytes)
Hash 8d7069ee14a82c9f9139a5d08882497a
0310dd9990c5888f8d51b4defa3ca78ce820b3e2
933adcdf66e29312523119f0f868488a25e92a5b05e0443c961ca80aaeb42a9f
GET /vrfttcyber/assets/images/girls/hair01_tits01_tattoo01.png HTTP/1.1
Host: go.cyberslut2069.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.cyberslut2069.com/vrfttcyber/?bi=pw&sd=1&fk=cyber&ai=68088&ca=415&ci=035fcac8475b45f8a715eeab7702bcc3&tk=MSJ7L4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 330574
last-modified: Thu, 02 Dec 2021 15:25:53 GMT
server: AmazonS3
date: Tue, 13 Dec 2022 04:13:36 GMT
etag: "8d7069ee14a82c9f9139a5d08882497a"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 04c4f064943f75498361739eb063cb7a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: -6ZM28ZusLLkGabFsl_VQLTlIr2o-GzgM3CXu2Aoq9UVCSHV4VLkxg==
age: 80567
X-Firefox-Spdy: h2
go.cyberslut2069.com/vrfttcyber/assets/images/flags/us.png
200 OK 2.4 kB URL HTTP/2 go.cyberslut2069.com/vrfttcyber/assets/images/flags/us.png
IP
File type PNG image data, 250 x 132, 8-bit colormap, non-interlaced\012- data
Hash a2080b2d193dbbd3cb34b32ad919da62
f822886642e0388d79c8f5917b41f27efbdec94b
5b38ab13f52bc95184012a4b6afafa3eca7a6ac03c762515b4550b4337548ca7
GET /vrfttcyber/assets/images/flags/us.png HTTP/1.1
Host: go.cyberslut2069.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.cyberslut2069.com/vrfttcyber/?bi=pw&sd=1&fk=cyber&ai=68088&ca=415&ci=035fcac8475b45f8a715eeab7702bcc3&tk=MSJ7L4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 2375
date: Tue, 13 Dec 2022 04:13:40 GMT
last-modified: Thu, 02 Dec 2021 15:25:52 GMT
etag: "a2080b2d193dbbd3cb34b32ad919da62"
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 04c4f064943f75498361739eb063cb7a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 9JqvpsEMvx5RLlimmErJBdQ-qv-m-VQDf69C70hvvrroTkMXyQxUiA==
age: 80563
X-Firefox-Spdy: h2
go.cyberslut2069.com/vrfttcyber/assets/images/beyblade.gif
200 OK 36 kB URL HTTP/2 go.cyberslut2069.com/vrfttcyber/assets/images/beyblade.gif
IP
File type GIF image data, version 89a, 200 x 200\012- data
Hash 93a41ee339dd621452c6aa4054e8eca8
a1f75cc251cbe7291cefd06fd91b4c35b6c93612
0ea3f03b9e168629659c281ec66fd5a82d36d7b6fd644381c18ecad41e62a5a3
GET /vrfttcyber/assets/images/beyblade.gif HTTP/1.1
Host: go.cyberslut2069.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.cyberslut2069.com/vrfttcyber/?bi=pw&sd=1&fk=cyber&ai=68088&ca=415&ci=035fcac8475b45f8a715eeab7702bcc3&tk=MSJ7L4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/gif
content-length: 36298
last-modified: Thu, 02 Dec 2021 15:25:35 GMT
server: AmazonS3
date: Tue, 13 Dec 2022 04:44:21 GMT
etag: "93a41ee339dd621452c6aa4054e8eca8"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 04c4f064943f75498361739eb063cb7a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Z8LA4b86gJj25MV4d0SL0a7yWfpSdziABlO7_5tC15UGrWwFrXfnrw==
age: 78722
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 278 B IP
Hash 0f89a90d558a1926a6c7b29d4d40189a
bd42b6a410cb6cf9fc0acaac62fe2cbd0ac22949
2de74840181b269928d9c8d55005b5cf272fa9b50d9f4a743ff18ff6a01ed74b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5505
Cache-Control: max-age=163212
Content-Type: application/ocsp-response
Date: Wed, 14 Dec 2022 02:36:22 GMT
Etag: "6398fbb1-116"
Expires: Thu, 15 Dec 2022 23:56:34 GMT
Last-Modified: Tue, 13 Dec 2022 22:24:49 GMT
Server: ECS (amb/6B98)
X-Cache: HIT
Content-Length: 278
ocsp.digicert.com/
200 OK 278 B IP
Hash 0f89a90d558a1926a6c7b29d4d40189a
bd42b6a410cb6cf9fc0acaac62fe2cbd0ac22949
2de74840181b269928d9c8d55005b5cf272fa9b50d9f4a743ff18ff6a01ed74b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5505
Cache-Control: max-age=163212
Content-Type: application/ocsp-response
Date: Wed, 14 Dec 2022 02:36:22 GMT
Etag: "6398fbb1-116"
Expires: Thu, 15 Dec 2022 23:56:34 GMT
Last-Modified: Tue, 13 Dec 2022 22:24:49 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 278
go.cyberslut2069.com/vrfttcyber/?bi=pw&sd=1&fk=cyber&ai=68088&ca=415&ci=035fcac8475b45f8a715eeab7702bcc3&tk=MSJ7L4
200 OK 15 kB URL HTTP/2 go.cyberslut2069.com/vrfttcyber/?bi=pw&sd=1&fk=cyber&ai=68088&ca=415&ci=035fcac8475b45f8a715eeab7702bcc3&tk=MSJ7L4
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (53562), with no line terminators
Hash 17486794344ea9447d312f4cb2db9373
db36c63d1cdd5d5356c9325ee8928b51624b6bed
08c713db25e552dfd5007f4336493cfc6c36ee1ba0d682051b7333ddc3eee147
GET /vrfttcyber/?bi=pw&sd=1&fk=cyber&ai=68088&ca=415&ci=035fcac8475b45f8a715eeab7702bcc3&tk=MSJ7L4 HTTP/1.1
Host: go.cyberslut2069.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ciar-kep.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
date: Tue, 13 Dec 2022 04:29:04 GMT
last-modified: Thu, 23 Dec 2021 16:52:18 GMT
etag: W/"0d1c30819e500f4f596aa3421773d64f"
server: AmazonS3
content-encoding: br
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 04c4f064943f75498361739eb063cb7a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: GpDGsxD88BlA__JA652mymBfoGBycBMxs0tg_0NOAhSFapl9-tNtRA==
age: 79639
X-Firefox-Spdy: h2
go.cyberslut2069.com/vrfttcyber/assets/images/themes/cyber/background/bkg.jpg
200 OK 14 kB URL HTTP/2 go.cyberslut2069.com/vrfttcyber/assets/images/themes/cyber/background/bkg.jpg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "Compressed by jpeg-recompress", progressive, precision 8, 1920x1081, components 3\012- data
Hash d5dabdf9d18c947ea72fe90f8c39e31e
33a5e90f4a59072ab4b3d73204fff01d6a08a0f8
d940cab6f0a1fe6a425596757ac2a10b89fb4311acfd34aba2f075c0e2338f09
GET /vrfttcyber/assets/images/themes/cyber/background/bkg.jpg HTTP/1.1
Host: go.cyberslut2069.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.cyberslut2069.com/vrfttcyber/?bi=pw&sd=1&fk=cyber&ai=68088&ca=415&ci=035fcac8475b45f8a715eeab7702bcc3&tk=MSJ7L4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
content-length: 13989
last-modified: Thu, 02 Dec 2021 15:26:08 GMT
server: AmazonS3
date: Tue, 13 Dec 2022 04:47:08 GMT
etag: "d5dabdf9d18c947ea72fe90f8c39e31e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 04c4f064943f75498361739eb063cb7a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: sbQefJqs4Tu092Nr68-OhS74gUSj3O8sxCvsXYT2iYhCsVx4akmoTA==
age: 78555
X-Firefox-Spdy: h2
go.cyberslut2069.com/vrfttcyber/assets/images/box.png
200 OK 13 kB URL HTTP/2 go.cyberslut2069.com/vrfttcyber/assets/images/box.png
IP
File type PNG image data, 747 x 644, 8-bit/color RGBA, non-interlaced\012- data
Hash 0fcc2772acc897c48dae5c6f52093388
c8a80e850168e1fd7b761327dd460054e7451d8e
e73f3a488ee9e68ff4484df002b38a200aee2170617bb0746e05c7f992135805
GET /vrfttcyber/assets/images/box.png HTTP/1.1
Host: go.cyberslut2069.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.cyberslut2069.com/vrfttcyber/?bi=pw&sd=1&fk=cyber&ai=68088&ca=415&ci=035fcac8475b45f8a715eeab7702bcc3&tk=MSJ7L4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 13243
last-modified: Thu, 02 Dec 2021 15:25:35 GMT
server: AmazonS3
date: Tue, 13 Dec 2022 06:03:27 GMT
etag: "0fcc2772acc897c48dae5c6f52093388"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 04c4f064943f75498361739eb063cb7a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 5UiVsaX183ugmATbeB5cOmtSYaXKyqoA-j8lhsq5gWx1fMqzu2qrIw==
age: 73976
X-Firefox-Spdy: h2
go.cyberslut2069.com/vrfttcyber/assets/images/btn.png
200 OK 2.0 kB URL HTTP/2 go.cyberslut2069.com/vrfttcyber/assets/images/btn.png
IP
File type PNG image data, 343 x 79, 8-bit/color RGBA, non-interlaced\012- data
Hash 08913323d52eadb319526e6fbe2e677b
eff7964b7f5ed2ef285593fab5ed7b89e358b401
f0a7b6d7c1ed46c5056a52e6ab470959a0671cf03b5ae22e97a37591ba14aa03
GET /vrfttcyber/assets/images/btn.png HTTP/1.1
Host: go.cyberslut2069.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.cyberslut2069.com/vrfttcyber/?bi=pw&sd=1&fk=cyber&ai=68088&ca=415&ci=035fcac8475b45f8a715eeab7702bcc3&tk=MSJ7L4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 1968
last-modified: Thu, 02 Dec 2021 15:25:35 GMT
server: AmazonS3
date: Tue, 13 Dec 2022 03:37:10 GMT
etag: "08913323d52eadb319526e6fbe2e677b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 04c4f064943f75498361739eb063cb7a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: oEkU2mJuze-2lv5xvhSfhl-r4Bu4ZdE0MWs9HULasQ1HMFFcMCM9hw==
age: 82753
X-Firefox-Spdy: h2
go.cyberslut2069.com/vrfttcyber/assets/images/themes/cyber/favicon/favicon.png
200 OK 1.4 kB URL HTTP/2 go.cyberslut2069.com/vrfttcyber/assets/images/themes/cyber/favicon/favicon.png
IP
File type PNG image data, 48 x 48, 8-bit colormap, non-interlaced\012- data
Hash 93a7efbb00d5e8f3bd556d7b9efb658e
fd6578509d9557cebe3e37fee5ae16dc25b09711
3274036fdc55ac82651c2146f211e508703e5ae97875c722e8b3694df636cd9d
GET /vrfttcyber/assets/images/themes/cyber/favicon/favicon.png HTTP/1.1
Host: go.cyberslut2069.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.cyberslut2069.com/vrfttcyber/?bi=pw&sd=1&fk=cyber&ai=68088&ca=415&ci=035fcac8475b45f8a715eeab7702bcc3&tk=MSJ7L4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 1421
last-modified: Thu, 02 Dec 2021 15:26:08 GMT
server: AmazonS3
date: Tue, 13 Dec 2022 03:26:29 GMT
etag: "93a7efbb00d5e8f3bd556d7b9efb658e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 04c4f064943f75498361739eb063cb7a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: nHDTYcKWDzQot2cGJpIwE44a5Rz0skri9e3kHo6t7XTfqyG_36KaTQ==
age: 83394
X-Firefox-Spdy: h2
go.cyberslut2069.com/vrfttcyber/assets/sounds/general/click2.mp3
206 Partial Content 16 kB URL HTTP/2 go.cyberslut2069.com/vrfttcyber/assets/sounds/general/click2.mp3
IP
File type Audio file with ID3 version 2.2.0, contains: MPEG ADTS, layer III, v1, 160 kbps, 44.1 kHz, JntStereo\012- data
Hash 2694fd6fc680f77dcf1ae58d9b8ba926
6016e8fb7136ec769fbe6d120c7c97d390922564
4266071bbd14949a438e1d9a958cac2f0b128963b6f6e9fa96b005ed8e718f9e
Analyzer Verdict Alert fortinet Phishing
GET /vrfttcyber/assets/sounds/general/click2.mp3 HTTP/1.1
Host: go.cyberslut2069.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://go.cyberslut2069.com/vrfttcyber/?bi=pw&sd=1&fk=cyber&ai=68088&ca=415&ci=035fcac8475b45f8a715eeab7702bcc3&tk=MSJ7L4
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 206 Partial Content
content-type: application/octet-stream
content-length: 15590
last-modified: Thu, 02 Dec 2021 15:26:03 GMT
server: AmazonS3
date: Tue, 13 Dec 2022 07:43:07 GMT
etag: "2694fd6fc680f77dcf1ae58d9b8ba926"
vary: Accept-Encoding
content-range: bytes 0-15589/15590
x-cache: Hit from cloudfront
via: 1.1 04c4f064943f75498361739eb063cb7a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: JVul25At8TsNQBk20CrNuuAXwu0izAiTxypa1f3N3nEvDXFLKJKUPQ==
age: 67996
X-Firefox-Spdy: h2
go.cyberslut2069.com/vrfttcyber/assets/sounds/general/click1.mp3
206 Partial Content 17 kB URL HTTP/2 go.cyberslut2069.com/vrfttcyber/assets/sounds/general/click1.mp3
IP
File type Audio file with ID3 version 2.2.0, contains: MPEG ADTS, layer III, v1, 160 kbps, 44.1 kHz, JntStereo\012- data
Hash 4838176bcd52d9b69d6d48c1870ca579
5a0892ccae91806a9695c5be1f2752e122608d8e
781bb8d577f6448612e8fa861dfa39d64a2e5961c17a58c79ef4bcdf4131847b
Analyzer Verdict Alert fortinet Phishing
GET /vrfttcyber/assets/sounds/general/click1.mp3 HTTP/1.1
Host: go.cyberslut2069.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://go.cyberslut2069.com/vrfttcyber/?bi=pw&sd=1&fk=cyber&ai=68088&ca=415&ci=035fcac8475b45f8a715eeab7702bcc3&tk=MSJ7L4
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 206 Partial Content
content-type: application/octet-stream
content-length: 16635
last-modified: Thu, 02 Dec 2021 15:26:03 GMT
server: AmazonS3
date: Tue, 13 Dec 2022 05:29:34 GMT
etag: "4838176bcd52d9b69d6d48c1870ca579"
vary: Accept-Encoding
content-range: bytes 0-16634/16635
x-cache: Hit from cloudfront
via: 1.1 04c4f064943f75498361739eb063cb7a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: qI5nP45xzPK10YbygIDHIKI_Uq_HeF0xux5ZfJhTRM9IDXyxQbjgtA==
age: 76009
X-Firefox-Spdy: h2
go.cyberslut2069.com/vrfttcyber/assets/images/browsers/firefox.png
200 OK 128 kB URL HTTP/2 go.cyberslut2069.com/vrfttcyber/assets/images/browsers/firefox.png
IP
File type PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced\012- data
Size 128 kB (127454 bytes)
Hash ff5982c71adc3b6a987a2192b6008949
c2819962300bfa4db9dd7ee6f22e35ea910a3808
612ec2b0a5a9d4b3841189d8c4af98509df5ac48eeea5ab1945dfd0e1eab78b3
GET /vrfttcyber/assets/images/browsers/firefox.png HTTP/1.1
Host: go.cyberslut2069.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.cyberslut2069.com/vrfttcyber/?bi=pw&sd=1&fk=cyber&ai=68088&ca=415&ci=035fcac8475b45f8a715eeab7702bcc3&tk=MSJ7L4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 127454
last-modified: Thu, 02 Dec 2021 15:25:36 GMT
server: AmazonS3
date: Tue, 13 Dec 2022 09:41:37 GMT
etag: "ff5982c71adc3b6a987a2192b6008949"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 04c4f064943f75498361739eb063cb7a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: X35F0Cc2fVm6eUfSDJ2QJjX4_hLeFWpx5lASChGw6T3zpRcecfq5jg==
age: 60886
X-Firefox-Spdy: h2
landers.of-bo.com/bundle.js
200 OK 40 kB URL HTTP/2 landers.of-bo.com/bundle.js
IP
File type Unicode text, UTF-8 text, with very long lines (2014)
Hash 1d949f4760bffe25e4ecc8eabdbd34da
9c249d28847f4e0f5d5a393c973abcfc7d0a8711
8cf2649c3f88a18c939a693b78d46fb2973f94d2dacfe3fd69d7edf7b5ef36b2
GET /bundle.js HTTP/1.1
Host: landers.of-bo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.cyberslut2069.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 14 Dec 2022 02:36:22 GMT
content-type: application/javascript
x-amz-id-2: cSoAZufxui7vGEnJC0Kowr5GPIakYIN0hp9RUJ51IjHSWLBX+oAmMkm92b2TNTwoIWbwrVptHBI=
x-amz-request-id: YY87ZHY2ZTMD8ACW
last-modified: Tue, 13 Dec 2022 16:28:46 GMT
etag: W/"e6054fee8d8269a2f96fc51f24b263fd"
cache-control: max-age=14400
cf-cache-status: HIT
age: 169
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E38EZpNWyqZ2OnhhvUCI4zxoqPyBpTBV1LDtofXYbNlSHE2c6s63MuX9Exz6JmmGGdvFPVLjoNP5Xr5Q0FcfkO%2FEe1U3blRy4gztH%2BT6mtDlLz26M3fUhBhD%2Br0kv5jIECsk8Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77938d2f3b620af6-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
go.cyberslut2069.com/vrfttcyber/assets/sounds/general/music.mp3
206 Partial Content 1.9 MB URL HTTP/2 go.cyberslut2069.com/vrfttcyber/assets/sounds/general/music.mp3
IP
File type Audio file with ID3 version 2.2.0, contains: MPEG ADTS, layer III, v1, 160 kbps, 44.1 kHz, JntStereo\012- data
Size 1.9 MB (1901111 bytes)
Hash 59860e04bafd8cd580189d99745dd167
827d583f983f783c918ef957efb34f2dec25e4e3
15e51325b6c108603083b12111cb2becc928bfd21dd41326514041daabc79ced
Analyzer Verdict Alert fortinet Phishing
GET /vrfttcyber/assets/sounds/general/music.mp3 HTTP/1.1
Host: go.cyberslut2069.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://go.cyberslut2069.com/vrfttcyber/?bi=pw&sd=1&fk=cyber&ai=68088&ca=415&ci=035fcac8475b45f8a715eeab7702bcc3&tk=MSJ7L4
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 206 Partial Content
content-type: application/octet-stream
content-length: 3165435
last-modified: Thu, 02 Dec 2021 15:26:05 GMT
server: AmazonS3
date: Wed, 14 Dec 2022 02:36:22 GMT
etag: "8482f7c1977139c5f5bbb2af66e88e01"
vary: Accept-Encoding
content-range: bytes 0-3165434/3165435
x-cache: Hit from cloudfront
via: 1.1 04c4f064943f75498361739eb063cb7a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: aIFwrJQ44D8V2pntU2dyUJcgQ8yjbUoE0Qu6l9CeJXRVi9chmLNZ-Q==
age: 1528
X-Firefox-Spdy: h2
ocsp2.globalsign.com/gsalphasha2g2
200 OK 1.4 kB URL HTTP/1.1 ocsp2.globalsign.com/gsalphasha2g2
IP
Hash ee70c6636fd137bd63335ad0a9a404e9
43dfe9b32cfc845560baf58f6e0533ce475409c4
179ce8e13509abb4d0676e7a5079c592214bdbeba5c810f842cb85de8c451a21
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 14 Dec 2022 02:36:24 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Sun, 18 Dec 2022 01:54:06 GMT
ETag: "43dfe9b32cfc845560baf58f6e0533ce475409c4"
Last-Modified: Wed, 14 Dec 2022 01:54:07 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: EXPIRED
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77938d375a6eb4f1-OSL
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash ecd7efabe3668c419f9dff8a6c59ad69
eb62934341529a2f29a162e2211d065b53f1f857
53ac1de700e711315de432c29f5b536fbe6a0cbb294a4a013b329f79d5f90888
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "53AC1DE700E711315DE432C29F5B536FBE6A0CBB294A4A013B329F79D5F90888"
Last-Modified: Mon, 12 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3930
Expires: Wed, 14 Dec 2022 03:41:54 GMT
Date: Wed, 14 Dec 2022 02:36:24 GMT
Connection: keep-alive
ocsp.digicert.com/
200 OK 471 B IP
Hash de5c18ec6c4354ce46bb771a8e38d72b
e4747f397d053844d273788fc450ef82545ac230
64de012dd0cbd696f7ed4ee5b1193fb7e4674a260ccd454e79bed396cc5b3ac4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5066
Cache-Control: max-age=125702
Content-Type: application/ocsp-response
Date: Wed, 14 Dec 2022 02:36:25 GMT
Etag: "63986ae5-1d7"
Expires: Thu, 15 Dec 2022 13:31:27 GMT
Last-Modified: Tue, 13 Dec 2022 12:07:01 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash bfb5d3c071cebab21e6ab8647e84b6ba
ebc1553e88dbe512449a31b3cb4c10c659484d7d
cf794ab56bfa29d8e47637d68f5c82e4c60b855a8f6b772f344a72c712da3c4d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 14 Dec 2022 02:36:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 4cfff21eb23d58996d9e27a376974cb5
79c2ffbc0f6594a69eaa643edee1757760fb848e
7916a7a170a38e6b445dadcf83d3fac44305960c6c15f756e0cde0a6a6e90970
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 14 Dec 2022 02:36:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 4cfff21eb23d58996d9e27a376974cb5
79c2ffbc0f6594a69eaa643edee1757760fb848e
7916a7a170a38e6b445dadcf83d3fac44305960c6c15f756e0cde0a6a6e90970
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 14 Dec 2022 02:36:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js
200 OK 31 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js
IP
File type ASCII text, with very long lines (65451)
Hash 81182f4b684635f6bdcbdd907ee66f25
a1f2f151df72ede41397c8131bd47a3ce85575b3
be40946c98d9a78a3c7c9ad097d379ab12549a195bd7a4766919a1d3fd987396
GET /ajax/libs/jquery/3.4.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ywndoa.com
Connection: keep-alive
Referer: https://ywndoa.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30774
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 13 Dec 2022 11:09:21 GMT
expires: Wed, 13 Dec 2023 11:09:21 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 55624
last-modified: Mon, 13 May 2019 14:37:17 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ajax.aspnetcdn.com/ajax/bootstrap/3.3.7/bootstrap.min.js
200 OK 9.8 kB URL HTTP/2 ajax.aspnetcdn.com/ajax/bootstrap/3.3.7/bootstrap.min.js
IP
File type ASCII text, with very long lines (32033)
Hash 432ca07a1a844dbb27f9e0ab0d468be5
7fdaf858d702f84536a515c675b4028ce2eb0cfa
12732099d21835fabf83a93eec52f7cf1847cd64a0572d18917b2e13b06d5cf0
GET /ajax/bootstrap/3.3.7/bootstrap.min.js HTTP/1.1
Host: ajax.aspnetcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ywndoa.com
Connection: keep-alive
Referer: https://ywndoa.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
age: 12617930
cache-control: public,max-age=31536000
content-type: application/javascript
date: Wed, 14 Dec 2022 02:36:25 GMT
etag: "80bdc1e6cb33d21:0"
last-modified: Mon, 31 Oct 2016 23:09:59 GMT
server: ECAcc (ska/F6C5)
timing-allow-origin: *
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 9839
X-Firefox-Spdy: h2
ajax.aspnetcdn.com/ajax/bootstrap/3.3.7/css/bootstrap.min.css
200 OK 20 kB URL HTTP/2 ajax.aspnetcdn.com/ajax/bootstrap/3.3.7/css/bootstrap.min.css
IP
File type ASCII text, with very long lines (65371)
Hash 7e2bb6028f0b19917a1a2d1944fc72b1
e1837fc75ee2ddd24c6e1df6b309ea212b57e681
cc6093bd7162882fd34252fb5d3e8e7d07247e3b70fad894320bf2a960abeda5
GET /ajax/bootstrap/3.3.7/css/bootstrap.min.css HTTP/1.1
Host: ajax.aspnetcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ywndoa.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
age: 15712121
cache-control: public,max-age=31536000
content-type: text/css
date: Wed, 14 Dec 2022 02:36:25 GMT
etag: "0e914f2cb33d21:0"
last-modified: Mon, 31 Oct 2016 23:10:18 GMT
server: ECAcc (ska/F740)
timing-allow-origin: *
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 19629
X-Firefox-Spdy: h2
ywndoa.com/common_tpls/compactML/css/epcjfgacs2.css
200 OK 8.9 kB URL HTTP/2 ywndoa.com/common_tpls/compactML/css/epcjfgacs2.css
IP
Hash ef8e766f1dfe79bb74ec76f86a60a2fc
fe15cdb2e0e53401762b85a58846ef5dedbc4695
91cda8b6560c950b4907d81eda3a09730c2fc892383fed9549337037837cf2fb
GET /common_tpls/compactML/css/epcjfgacs2.css HTTP/1.1
Host: ywndoa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ywndoa.com/acct/epc68088/add/?epcVIP=48.1066.g90&lang=en&email=&password=&ci_qcksub=1&act=epc68088.47367-814118.415.035fcac8475b45f8a715eeab7702bcc3&epcCID=36Kdn4n1eaDdza82S0p4kcb8sfkc1ct6R&rtid=91205206689
Cookie: PHPSESSID=fcafda5e93f618e5186c32a450fe8758
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 14 Dec 2022 02:36:25 GMT
content-type: text/css
content-length: 8861
last-modified: Thu, 15 Jul 2021 14:49:07 GMT
etag: W/"60f04ae3-bac6"
content-encoding: gzip
section-io-cache-id: 241333f938d1181c4caf3dd592dc6613
vary: Accept-Encoding
x-varnish: 15707627 15549475
age: 12660
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
section-io-cache: Hit
section-io-id: 768c903670388cc1f0562791f1067387
X-Firefox-Spdy: h2
ywndoa.com/common_tpls/images/icons/email.png
200 OK 1.3 kB URL HTTP/2 ywndoa.com/common_tpls/images/icons/email.png
IP
File type PNG image data, 26 x 26, 8-bit/color RGB, non-interlaced\012- data
Hash a86d99b9176d82a211cfa29b2f0b353f
62947ddfd87e3a21869818885e4bfa4e55ad0c11
f8e82194c97e2a11a8c77fcd55d1ded51a1943b78eefac8475890f665dc620f1
GET /common_tpls/images/icons/email.png HTTP/1.1
Host: ywndoa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ywndoa.com/acct/epc68088/add/?epcVIP=48.1066.g90&lang=en&email=&password=&ci_qcksub=1&act=epc68088.47367-814118.415.035fcac8475b45f8a715eeab7702bcc3&epcCID=36Kdn4n1eaDdza82S0p4kcb8sfkc1ct6R&rtid=91205206689
Cookie: PHPSESSID=fcafda5e93f618e5186c32a450fe8758
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 14 Dec 2022 02:36:25 GMT
content-type: image/png
content-length: 1254
last-modified: Mon, 21 Aug 2017 19:32:05 GMT
etag: "599b3535-4e6"
section-io-cache-id: aa8b5b9180ca8801ac18c64afd6505d4
x-varnish: 15968702 16028139
age: 6284
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
section-io-cache: Hit
section-io-id: 5efd7deeb52533accb507d43abd14b8b
X-Firefox-Spdy: h2
ywndoa.com/common_tpls/images/icons/password.png
200 OK 1.5 kB URL HTTP/2 ywndoa.com/common_tpls/images/icons/password.png
IP
File type PNG image data, 26 x 26, 8-bit/color RGB, non-interlaced\012- data
Hash 6f100f1cdbdce928118ffa4c9293ca5b
6b1a3593e792d4c00187d60560dd03fb42df1156
8c1a6b9e0c63edc7fa86898148dc6493cd56113fabbf85d901f7af4c180fce74
GET /common_tpls/images/icons/password.png HTTP/1.1
Host: ywndoa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ywndoa.com/acct/epc68088/add/?epcVIP=48.1066.g90&lang=en&email=&password=&ci_qcksub=1&act=epc68088.47367-814118.415.035fcac8475b45f8a715eeab7702bcc3&epcCID=36Kdn4n1eaDdza82S0p4kcb8sfkc1ct6R&rtid=91205206689
Cookie: PHPSESSID=fcafda5e93f618e5186c32a450fe8758
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 14 Dec 2022 02:36:25 GMT
content-type: image/png
content-length: 1452
last-modified: Tue, 22 Aug 2017 16:34:59 GMT
etag: "599c5d33-5ac"
section-io-cache-id: 9250f11a190c9706428525d3479d2c5e
x-varnish: 15707629 15802255
age: 6863
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
section-io-cache: Hit
section-io-id: 070d9766f8b50ff53fcc91f3e11f4b9e
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 4cfff21eb23d58996d9e27a376974cb5
79c2ffbc0f6594a69eaa643edee1757760fb848e
7916a7a170a38e6b445dadcf83d3fac44305960c6c15f756e0cde0a6a6e90970
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 14 Dec 2022 02:36:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 4cfff21eb23d58996d9e27a376974cb5
79c2ffbc0f6594a69eaa643edee1757760fb848e
7916a7a170a38e6b445dadcf83d3fac44305960c6c15f756e0cde0a6a6e90970
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 14 Dec 2022 02:36:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ka-p.fontawesome.com/releases/v5.15.4/css/pro.min.css?token=b314bdf1b3
200 OK 54 kB URL HTTP/2 ka-p.fontawesome.com/releases/v5.15.4/css/pro.min.css?token=b314bdf1b3
IP
File type ASCII text, with very long lines (65397)
Hash dc9270247a97f75913a5d8934c24de03
ed9b0fa01b552571f99d529ed355b2ba91cfc48d
847cc3ab1ea736cbbaac34833596335471fc7a888089b501b3c83a323566f0b8
GET /releases/v5.15.4/css/pro.min.css?token=b314bdf1b3 HTTP/1.1
Host: ka-p.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ywndoa.com/
Origin: https://ywndoa.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 14 Dec 2022 02:36:25 GMT
content-type: text/css
content-length: 54194
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
etag: "610ae215-d3b2"
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
cf-cache-status: HIT
age: 1062983
accept-ranges: bytes
server: cloudflare
cf-ray: 77938d45bfe0b4f3-OSL
X-Firefox-Spdy: h2
ka-p.fontawesome.com/releases/v5.15.4/css/pro-v4-shims.min.css?token=b314bdf1b3
200 OK 4.2 kB URL HTTP/2 ka-p.fontawesome.com/releases/v5.15.4/css/pro-v4-shims.min.css?token=b314bdf1b3
IP
File type ASCII text, with very long lines (26366)
Hash 7fd743485fa194e25e2a207bff6c258a
97c999d752b95ee1ed6271a29aa58109dc17281e
dd939d69a23f003d49287291f0bcb59df58119d60bc5f14a81cbfd957894f6dc
GET /releases/v5.15.4/css/pro-v4-shims.min.css?token=b314bdf1b3 HTTP/1.1
Host: ka-p.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ywndoa.com/
Origin: https://ywndoa.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 14 Dec 2022 02:36:25 GMT
content-type: text/css
content-length: 4194
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
etag: "610ae215-1062"
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
cf-cache-status: HIT
age: 1062983
accept-ranges: bytes
server: cloudflare
cf-ray: 77938d45bfe1b4f3-OSL
X-Firefox-Spdy: h2
ywndoa.com/common_tpls/js/iframeResizer.contentWindow.min.js
200 OK 7.6 kB URL HTTP/2 ywndoa.com/common_tpls/js/iframeResizer.contentWindow.min.js
IP
File type ASCII text, with very long lines (27832)
Hash b32057e2f47af3ab984a34ce704cf9be
774e1e940033362b93a15a0e6820681a431946dd
53e4ab4ffff2f4b75e50619092a10d788957d66c47b3c2851bdf7067f7c888d2
GET /common_tpls/js/iframeResizer.contentWindow.min.js HTTP/1.1
Host: ywndoa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ywndoa.com/acct/epc68088/add/?epcVIP=48.1066.g90&lang=en&email=&password=&ci_qcksub=1&act=epc68088.47367-814118.415.035fcac8475b45f8a715eeab7702bcc3&epcCID=36Kdn4n1eaDdza82S0p4kcb8sfkc1ct6R&rtid=91205206689
Cookie: PHPSESSID=fcafda5e93f618e5186c32a450fe8758
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 14 Dec 2022 02:36:25 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 04 Feb 2016 15:06:03 GMT
etag: W/"56b368db-3445"
section-io-cache-id: 12ed5a0ed232c5196f1fccf2b442d57b
x-varnish: 15968703 15964131
age: 7173
via: 1.1 varnish (Varnish/7.0)
section-io-cache: Hit
content-encoding: gzip
section-io-id: 9a7c24ae4f54446c5ed03a35f9b06473
X-Firefox-Spdy: h2
ocsp2.globalsign.com/gsalphasha2g2
200 OK 1.4 kB URL HTTP/1.1 ocsp2.globalsign.com/gsalphasha2g2
IP
Hash eebc2767c54d3e2e2de243151e542c5d
521db648c4d8e6a2cc7d57c581e03597a8cda539
760a76cce766d05fdcc933b9b7d1899b92c175a9b42ec18a102ff1b640d59118
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 14 Dec 2022 02:36:26 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Sat, 17 Dec 2022 23:49:06 GMT
ETag: "521db648c4d8e6a2cc7d57c581e03597a8cda539"
Last-Modified: Tue, 13 Dec 2022 23:49:07 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: EXPIRED
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77938d44cea0b4f1-OSL
js-agent.newrelic.com/552.2d6a2503-1220.js
200 OK 5.9 kB URL HTTP/2 js-agent.newrelic.com/552.2d6a2503-1220.js
IP
File type ASCII text, with very long lines (21423)
Hash 097ef34c5f5d635a147bca3721bd605b
3b31ef3cfb1d62d9884d631ec2467b9d6b0d46e2
3e05d4e42c1e87b516b525574b20d2570dccc50d1bd1b2956d6421699aa19914
GET /552.2d6a2503-1220.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ywndoa.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: Lx7LUNyC193WWpSv5hW/L7UEeNSlDwufm33KpA2sv5a1ht8efI/6s62/R2OVbNZKkoG/gUHXaFI=
x-amz-request-id: VK0V8BCV38T7WVVS
last-modified: Wed, 05 Oct 2022 14:53:43 GMT
etag: "777ac0df4dba632ad1b2955c88dd51ac"
x-amz-version-id: 7EjqUQ3uiXAFqO0VnIOp2ymSTJq3JZwD
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Wed, 14 Dec 2022 02:36:26 GMT
via: 1.1 varnish
x-served-by: cache-bma1633-BMA
x-cache: HIT
x-cache-hits: 213
x-timer: S1670985387.595519,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 5890
X-Firefox-Spdy: h2
js-agent.newrelic.com/290.2d6a2503-1220.js
200 OK 3.4 kB URL HTTP/2 js-agent.newrelic.com/290.2d6a2503-1220.js
IP
File type ASCII text, with very long lines (8544)
Hash b9baa2cb6a3b1a3d0fda03cd7db51631
42d37467e05182e3cab2fcb54577dc462adcf50b
31a8b4d47298cae24c66e37256a51474ae88a745fdfec79f99b2d43608e6d822
GET /290.2d6a2503-1220.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ywndoa.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: fhmr6WetDM+g2i2QlvVMRpxUR5FtkKdG9L63CCQ3CSWsvtR6j++f9vvc73sttpIYqURa2xyYTRk=
x-amz-request-id: VK0ZFWF8T6343F8V
last-modified: Wed, 05 Oct 2022 14:53:42 GMT
etag: "13898fbb4d7a1f83fc6722c4c12faf40"
x-amz-version-id: C4hj6k9j4I7xXuTBZvcbX78Bf.Ep8KMk
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Wed, 14 Dec 2022 02:36:26 GMT
via: 1.1 varnish
x-served-by: cache-bma1633-BMA
x-cache: HIT
x-cache-hits: 212
x-timer: S1670985387.738725,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 3424
X-Firefox-Spdy: h2
js-agent.newrelic.com/368.2d6a2503-1220.js
200 OK 1.4 kB URL HTTP/2 js-agent.newrelic.com/368.2d6a2503-1220.js
IP
File type ASCII text, with very long lines (3382)
Hash fa50a55750d1d0978fca32be5dbc3988
a7f447621d48b3ecf7fc0192b515d506d3d1ad18
c621038fb07e536af8a1ec6d260853dfe69055dc2fb526700919c53b3b7e5f20
GET /368.2d6a2503-1220.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ywndoa.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: kwoAxcBtx2IMbi3IHVdur3TxF/StXF2YgQ/J5F/J0LqxQRcevbbS10v8PBtCq89jFlCdbzEZt0Y=
x-amz-request-id: VK0S7FDBAB0EX9VY
last-modified: Wed, 05 Oct 2022 14:53:42 GMT
etag: "16b4f3676c3859e1378a2ccdebbad675"
x-amz-version-id: zC.KoTaM7bjdFj.W4KQMilxtjXXSNPks
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Wed, 14 Dec 2022 02:36:26 GMT
via: 1.1 varnish
x-served-by: cache-bma1633-BMA
x-cache: HIT
x-cache-hits: 211
x-timer: S1670985387.739351,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 1443
X-Firefox-Spdy: h2
js-agent.newrelic.com/768.2d6a2503-1220.js
200 OK 2.2 kB URL HTTP/2 js-agent.newrelic.com/768.2d6a2503-1220.js
IP
File type ASCII text, with very long lines (5523)
Hash 98a96a3306b7723c0b8c4bff074cdd9f
e9070da7daa34fa2d8ac2e4ec00e3c499ea37516
a6079d50fa4c72b521fd865e67be080b5b21c336a71dbf7a1800a12ad42384f7
GET /768.2d6a2503-1220.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ywndoa.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: YghQGw//W98CcE+uLEc2bIpyY1zfBy1cvSl3ZbHItGIBbBbjBYrgjjDhKdNnyagoNGaVfLpI2xM=
x-amz-request-id: VK0XNZM280HMN60Q
last-modified: Wed, 05 Oct 2022 14:53:42 GMT
etag: "d6cc8b42eda6fd7734014b03b87b5787"
x-amz-version-id: 0CJw6LdyBdZcjhOiVrtC0pLcOFtA3d5G
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Wed, 14 Dec 2022 02:36:26 GMT
via: 1.1 varnish
x-served-by: cache-bma1633-BMA
x-cache: HIT
x-cache-hits: 212
x-timer: S1670985387.739333,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 2225
X-Firefox-Spdy: h2
js-agent.newrelic.com/571.2d6a2503-1220.js
200 OK 1.1 kB URL HTTP/2 js-agent.newrelic.com/571.2d6a2503-1220.js
IP
File type ASCII text, with very long lines (2412)
Hash d392a55faa7a0a2a43781a495891c9aa
1998ba6f85354606c186fa1a29285676f0b596f0
33b4cb21373961aa88430ff72406d46e95ceddf50afc086598ea5bdc3a311815
GET /571.2d6a2503-1220.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ywndoa.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: Yb3onr5wgE7GyebmH4WnkKwnI2MQKfjQMqMso3BN0Y71/Vtt12keZBjkbAuB5UJTI/GRzVXSccI=
x-amz-request-id: VK0WTM9PM29FXD43
last-modified: Wed, 05 Oct 2022 14:53:42 GMT
etag: "04b00905b32fd8d29459545bc125cff6"
x-amz-version-id: ySPuP7kOqGri8HjzDqW2TYirQNYv9NMF
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Wed, 14 Dec 2022 02:36:26 GMT
via: 1.1 varnish
x-served-by: cache-bma1633-BMA
x-cache: HIT
x-cache-hits: 112
x-timer: S1670985387.739267,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 1108
X-Firefox-Spdy: h2
js-agent.newrelic.com/820.2d6a2503-1220.js
200 OK 3.0 kB URL HTTP/2 js-agent.newrelic.com/820.2d6a2503-1220.js
IP
File type ASCII text, with very long lines (7460)
Hash 7d1295a839190615b34d5a62acceee4f
eef26f5c6d2ae14cb81b3a9b669da224faceacd0
4d59d58f31b6638fbc3792a0b5fddca6e8eafc19a0c9e9aabadb5ad4d9197198
GET /820.2d6a2503-1220.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ywndoa.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: FgITvf3WklEMWkZwakon8gl0N9aTQ94pdNptn966xzqmGm/5HblQmQGcNcywcu4tvf5sbwoyl9E=
x-amz-request-id: VK0ZG74SYEQQ4TER
last-modified: Wed, 05 Oct 2022 14:53:42 GMT
etag: "897a1a72a47e4f4a24c05aec49af638f"
x-amz-version-id: P6j2S.7Iht6lmVHyZ_zkYmp136j6E8IA
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Wed, 14 Dec 2022 02:36:26 GMT
via: 1.1 varnish
x-served-by: cache-bma1633-BMA
x-cache: HIT
x-cache-hits: 114
x-timer: S1670985387.739258,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 2979
X-Firefox-Spdy: h2
js-agent.newrelic.com/0.2d6a2503-1220.js
200 OK 2.3 kB URL HTTP/2 js-agent.newrelic.com/0.2d6a2503-1220.js
IP
File type ASCII text, with very long lines (5198)
Hash 852267b16c136b977ccd94900c6c6308
e013e1b2c6de5b625ebbfe2e7cf3cfb09cee6c16
9bb09a133a1b33e9cecb06aa44e1ea67b3ad4ea74df5c6a89b1580064364cced
GET /0.2d6a2503-1220.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ywndoa.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: yaLgSlI/o1YgPR64REKW7tJGngFFiymXOCq3qvC8FibvMh/NPjIov1s2Y43sA3Nk7dOb/Jeu8n0=
x-amz-request-id: VK0HGZZCMTDZKH5X
last-modified: Wed, 05 Oct 2022 14:53:42 GMT
etag: "cc9b3d207e9ea2c79974f46bf474e6dd"
x-amz-version-id: 5C7ygpPS6JvoVHQoGDIm5lCTgaPcqmFc
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Wed, 14 Dec 2022 02:36:26 GMT
via: 1.1 varnish
x-served-by: cache-bma1633-BMA
x-cache: HIT
x-cache-hits: 112
x-timer: S1670985387.739286,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 2349
X-Firefox-Spdy: h2
js-agent.newrelic.com/39.2d6a2503-1220.js
200 OK 2.8 kB URL HTTP/2 js-agent.newrelic.com/39.2d6a2503-1220.js
IP
File type ASCII text, with very long lines (7169)
Hash a0a406e7bdf3e14f047e46bcea27640c
c1fbc88d260f16a092c1b7b0e58e4291401478e8
2309d4e82574d5402ec3454a76051987336fe3b4e4d546f6565a3a443c6d4049
GET /39.2d6a2503-1220.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ywndoa.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: YVIhZ0s+kfqfyw3/OOPaabzaoXb/XwD4VELrgCLiMtI8cGCxgyDD6Y3bdLzWtK9lY7b2Y9dtVwM=
x-amz-request-id: VK0GJZ5NDAT42H61
last-modified: Wed, 05 Oct 2022 14:53:42 GMT
etag: "0448380a8f2cd0426bbdf04dd45b5408"
x-amz-version-id: rKoZQfJFmGD6aC9Xn3l7.fk4j9L96MM_
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Wed, 14 Dec 2022 02:36:26 GMT
via: 1.1 varnish
x-served-by: cache-bma1633-BMA
x-cache: HIT
x-cache-hits: 112
x-timer: S1670985387.739300,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 2755
X-Firefox-Spdy: h2
js-agent.newrelic.com/790.2d6a2503-1220.js
200 OK 6.1 kB URL HTTP/2 js-agent.newrelic.com/790.2d6a2503-1220.js
IP
File type ASCII text, with very long lines (17591)
Hash b3193d37837e2f200e10db13deff83a9
d8577b8a972583e81cfd8e31436dcd039aa049b2
5ba2e421fa78af3094294f4f8e30ba63225537da3ad68e35fbab63b2d22a0288
GET /790.2d6a2503-1220.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ywndoa.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: veWtlyFq4FXZZ3C91QZ1ydEfJVdBNkWk12lPeQHXsOtJd4oL/94W2O+vIrequr5Q4TsFmN49oJA=
x-amz-request-id: VK0VJC72617ZJQFB
last-modified: Wed, 05 Oct 2022 14:53:43 GMT
etag: "af8c077a247e90dff929d7af81c94f57"
x-amz-version-id: TFyNie.wEelbO4xbna5bJ14MRDIkKCak
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Wed, 14 Dec 2022 02:36:26 GMT
via: 1.1 varnish
x-served-by: cache-bma1633-BMA
x-cache: HIT
x-cache-hits: 92
x-timer: S1670985387.739530,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 6064
X-Firefox-Spdy: h2
js-agent.newrelic.com/775.2d6a2503-1220.js
200 OK 632 B URL HTTP/2 js-agent.newrelic.com/775.2d6a2503-1220.js
IP
File type ASCII text, with very long lines (1169)
Hash 661520fd0dfebb919d68a69b60ca426f
b85ef80a0e0d95bf4904f9ce4fad56c49ae035be
ecd489671c6255fee8370fc1f8f4e99519ef8d4c4c0ab06640b0c021642e1db7
GET /775.2d6a2503-1220.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ywndoa.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: n5W3M8HU3EdwDhPARC2iiAf1as95kdLfrN2+qdL0W35SMVzIqjIlMR9W7ck8oTAzeIw6lrJi5fM=
x-amz-request-id: VK0MRM6MJ78HXF3Y
last-modified: Wed, 05 Oct 2022 14:53:42 GMT
etag: "1dfdb74c0491489bf04c6deadb56add2"
x-amz-version-id: y1AQ2bnjUbwuFOuSS5MP1vew1dGw.1iz
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Wed, 14 Dec 2022 02:36:26 GMT
via: 1.1 varnish
x-served-by: cache-bma1633-BMA
x-cache: HIT
x-cache-hits: 214
x-timer: S1670985387.739316,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 632
X-Firefox-Spdy: h2
secadmt.com/signup/?epcVIP=48.1066.g90&lang=en&email=&password=&ci_qcksub=1&act=epc68088.47367-814118.415.035fcac8475b45f8a715eeab7702bcc3
302 Found 26 kB URL HTTP/2 secadmt.com/signup/?epcVIP=48.1066.g90&lang=en&email=&password=&ci_qcksub=1&act=epc68088.47367-814118.415.035fcac8475b45f8a715eeab7702bcc3
IP
ASN #54994 QUANTILNETWORKS
File type gzip compressed data, from Unix\012- data
Hash 59b967fc48e951cfa0d63428ef46c1b9
67e9aafeae39b524743cece678c30f5294ba5c5c
1b69a3d280af48e04e7df80870de60506764b0df834241a53198671a1db1bca9
GET /signup/?epcVIP=48.1066.g90&lang=en&email=&password=&ci_qcksub=1&act=epc68088.47367-814118.415.035fcac8475b45f8a715eeab7702bcc3 HTTP/1.1
Host: secadmt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://go.cyberslut2069.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Wed, 14 Dec 2022 02:36:24 GMT
content-type: text/html; charset=UTF-8
server: PWS/8.3.1.0.8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
location: https://ywndoa.com/acct/epc68088/add/?epcVIP=48.1066.g90&lang=en&email=&password=&ci_qcksub=1&act=epc68088.47367-814118.415.035fcac8475b45f8a715eeab7702bcc3&epcCID=36Kdn4n1eaDdza82S0p4kcb8sfkc1ct6R&rtid=91205206689
via: 1.1 PSmglsjLAX2hu177:8 (W), 1.1 PSdgflkfFRA1vg90:11 (W)
x-px: ms PSdgflkfFRA1vg90FRA,ms PSmglsjLAX2hu177LAX(origin)
x-ws-request-id: 639936a8_PSdgflkfFRA1je97_46637-23684
set-cookie: PHPSESSID=0c107c67f64d05c0240901652a0876de; path=/; secure; SameSite=None
HMF_CI=1d4b0b71c1ae7d707f013e7305a7dea9d0cf57681b8c36968d69feea32c45038d3797cfa0997049e076ed12289b59b84c6709cbe738ed53dca30bcee2a73848c0c; Expires=Fri, 13-Jan-23 02:36:24 GMT; Path=/
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash e2b84878cafeb2dc6037d2e5b219cb11
37fecff69305ede82a0066fba7daa419a12db341
3bc6eebc80ef5e8acb4127fe0015238d1e40dab7accebafd81d64a8febb72395
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6160
Cache-Control: max-age=164243
Content-Type: application/ocsp-response
Date: Wed, 14 Dec 2022 02:36:26 GMT
Etag: "6398fd2d-1d7"
Expires: Fri, 16 Dec 2022 00:13:49 GMT
Last-Modified: Tue, 13 Dec 2022 22:31:09 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 471
bam.nr-data.net/1/NRJS-53a3e8e5a523894a2ee?a=936088839&v=1220.PROD&to=M1JTNkMACEoAVRcNDAoYZBBYTg9XBVMbShMMRw%3D%3D&rst=4409&ck=0&s=93f30ad9c3f97d32&ref=https://ywndoa.com/acct/epc68088/add/&ap=89&be=3222&fe=948&dc=944&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1670985380092,%22n%22:0,%22f%22:2026,%22dn%22:2028,%22dne%22:2059,%22c%22:2059,%22s%22:2430,%22ce%22:2563,%22rq%22:2563,%22rp%22:3090,%22rpe%22:3090,%22dl%22:3094,%22di%22:4157,%22ds%22:4166,%22de%22:4169,%22dc%22:4169,%22l%22:4169,%22le%22:4173%7D,%22navigation%22:%7B%7D%7D&at=HxVQQAsaG0Q%3D&jsonp=NREUM.setToken
200 OK 77 B URL HTTP/1.1 bam.nr-data.net/1/NRJS-53a3e8e5a523894a2ee?a=936088839&v=1220.PROD&to=M1JTNkMACEoAVRcNDAoYZBBYTg9XBVMbShMMRw%3D%3D&rst=4409&ck=0&s=93f30ad9c3f97d32&ref=https://ywndoa.com/acct/epc68088/add/&ap=89&be=3222&fe=948&dc=944&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1670985380092,%22n%22:0,%22f%22:2026,%22dn%22:2028,%22dne%22:2059,%22c%22:2059,%22s%22:2430,%22ce%22:2563,%22rq%22:2563,%22rp%22:3090,%22rpe%22:3090,%22dl%22:3094,%22di%22:4157,%22ds%22:4166,%22de%22:4169,%22dc%22:4169,%22l%22:4169,%22le%22:4173%7D,%22navigation%22:%7B%7D%7D&at=HxVQQAsaG0Q%3D&jsonp=NREUM.setToken
IP
File type ASCII text, with no line terminators
Hash f1442f5831dbbe0210da2d7a4180d6b8
2ade23c6c7a001c66f0c0a9a101ec152747b434e
c6acf9fb2ecc1b144c51bd0337bbf1c26db3df2f649ac2da5c56db20d93eb3ef
GET /1/NRJS-53a3e8e5a523894a2ee?a=936088839&v=1220.PROD&to=M1JTNkMACEoAVRcNDAoYZBBYTg9XBVMbShMMRw%3D%3D&rst=4409&ck=0&s=93f30ad9c3f97d32&ref=https://ywndoa.com/acct/epc68088/add/&ap=89&be=3222&fe=948&dc=944&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1670985380092,%22n%22:0,%22f%22:2026,%22dn%22:2028,%22dne%22:2059,%22c%22:2059,%22s%22:2430,%22ce%22:2563,%22rq%22:2563,%22rp%22:3090,%22rpe%22:3090,%22dl%22:3094,%22di%22:4157,%22ds%22:4166,%22de%22:4169,%22dc%22:4169,%22l%22:4169,%22le%22:4173%7D,%22navigation%22:%7B%7D%7D&at=HxVQQAsaG0Q%3D&jsonp=NREUM.setToken HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ywndoa.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 14 Dec 2022 02:36:27 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 77938d4bbfb6b521-OSL
Access-Control-Allow-Origin: *
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
Server: cloudflare
Content-Encoding: gzip
bam.nr-data.net/events/1/NRJS-53a3e8e5a523894a2ee?a=936088839&v=1220.PROD&to=M1JTNkMACEoAVRcNDAoYZBBYTg9XBVMbShMMRw%3D%3D&rst=4825&ck=0&s=93f30ad9c3f97d32&ref=https://ywndoa.com/acct/epc68088/add/
200 OK 24 B URL HTTP/1.1 bam.nr-data.net/events/1/NRJS-53a3e8e5a523894a2ee?a=936088839&v=1220.PROD&to=M1JTNkMACEoAVRcNDAoYZBBYTg9XBVMbShMMRw%3D%3D&rst=4825&ck=0&s=93f30ad9c3f97d32&ref=https://ywndoa.com/acct/epc68088/add/
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash bc32ed98d624acb4008f986349a20d26
2d3df8c11d2168ce2c27e0937421d11d85016361
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
POST /events/1/NRJS-53a3e8e5a523894a2ee?a=936088839&v=1220.PROD&to=M1JTNkMACEoAVRcNDAoYZBBYTg9XBVMbShMMRw%3D%3D&rst=4825&ck=0&s=93f30ad9c3f97d32&ref=https://ywndoa.com/acct/epc68088/add/ HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: text/plain
Content-Length: 668
Origin: https://ywndoa.com
Connection: keep-alive
Referer: https://ywndoa.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 14 Dec 2022 02:36:27 GMT
Content-Type: image/gif
Content-Length: 24
Connection: keep-alive
CF-Ray: 77938d4df85db521-OSL
Access-Control-Allow-Origin: https://ywndoa.com
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Vary: Accept-Encoding
Server: cloudflare
fonts.googleapis.com/icon?family=Material+Icons
200 OK 0 B URL HTTP/2 fonts.googleapis.com/icon?family=Material+Icons
IP
GET /icon?family=Material+Icons HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ywndoa.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 14 Dec 2022 02:36:25 GMT
date: Wed, 14 Dec 2022 02:36:25 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ywndoa.com/common_tpls/js/form_support.js?v=1101202201
200 OK 0 B URL HTTP/2 ywndoa.com/common_tpls/js/form_support.js?v=1101202201
IP
GET /common_tpls/js/form_support.js?v=1101202201 HTTP/1.1
Host: ywndoa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ywndoa.com/acct/epc68088/add/?epcVIP=48.1066.g90&lang=en&email=&password=&ci_qcksub=1&act=epc68088.47367-814118.415.035fcac8475b45f8a715eeab7702bcc3&epcCID=36Kdn4n1eaDdza82S0p4kcb8sfkc1ct6R&rtid=91205206689
Cookie: PHPSESSID=fcafda5e93f618e5186c32a450fe8758
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 14 Dec 2022 02:36:25 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Fri, 18 Nov 2022 21:23:38 GMT
etag: W/"6377f7da-ed7"
section-io-cache-id: fd9f87569e6ad1a29a659ba1ade76003
x-varnish: 15968701 15801800
age: 7373
via: 1.1 varnish (Varnish/7.0)
section-io-cache: Hit
content-encoding: gzip
section-io-id: b5bc99b13751cff4314ef770e679b95b
X-Firefox-Spdy: h2
ywndoa.com/common_tpls/js/validate_form_v2.js?jsv=29
200 OK 0 B URL HTTP/2 ywndoa.com/common_tpls/js/validate_form_v2.js?jsv=29
IP
GET /common_tpls/js/validate_form_v2.js?jsv=29 HTTP/1.1
Host: ywndoa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ywndoa.com/acct/epc68088/add/?epcVIP=48.1066.g90&lang=en&email=&password=&ci_qcksub=1&act=epc68088.47367-814118.415.035fcac8475b45f8a715eeab7702bcc3&epcCID=36Kdn4n1eaDdza82S0p4kcb8sfkc1ct6R&rtid=91205206689
Cookie: PHPSESSID=fcafda5e93f618e5186c32a450fe8758
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 14 Dec 2022 02:36:25 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Tue, 01 Nov 2022 21:07:07 GMT
etag: W/"63618a7b-614a"
section-io-cache-id: 24aa11056945704971bb61f322712e4c
x-varnish: 15707628 15129698
age: 6863
via: 1.1 varnish (Varnish/7.0)
section-io-cache: Hit
content-encoding: gzip
section-io-id: 789a600362e037bffe6db8f1c31fc1f3
X-Firefox-Spdy: h2
www.fst-ent-lnk.com/ep.php/prmagms:71475/68088:415.035fcac8475b45f8a715eeab7702bcc3
302 Found 0 B URL HTTP/2 www.fst-ent-lnk.com/ep.php/prmagms:71475/68088:415.035fcac8475b45f8a715eeab7702bcc3
IP
GET /ep.php/prmagms:71475/68088:415.035fcac8475b45f8a715eeab7702bcc3 HTTP/1.1
Host: www.fst-ent-lnk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.cyberslut2069.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Wed, 14 Dec 2022 02:36:23 GMT
content-type: text/html; charset=UTF-8
location: https://secadmt.com/signup/?epcVIP=48.1066.g90&lang=en&email=&password=&ci_qcksub=1&act=epc68088.47367-814118.415.035fcac8475b45f8a715eeab7702bcc3
set-cookie: AWSALB=vY5oPyYv3QBcP3daw6I5UTCKtD3C97Tyt6wEB05t3HiEL5op25BdL44g5CZyx65asVTl1YbbszUg7PipYeu1pbT5dYqaHjjXCqGUZSQXoIebVNCmrylTNjbCDw5+; Expires=Wed, 21 Dec 2022 02:36:23 GMT; Path=/
AWSALBCORS=vY5oPyYv3QBcP3daw6I5UTCKtD3C97Tyt6wEB05t3HiEL5op25BdL44g5CZyx65asVTl1YbbszUg7PipYeu1pbT5dYqaHjjXCqGUZSQXoIebVNCmrylTNjbCDw5+; Expires=Wed, 21 Dec 2022 02:36:23 GMT; Path=/; SameSite=None; Secure
vip_id=68088.47367-814118; expires=Sat, 17-Dec-2022 02:36:23 GMT; Max-Age=259200; path=/
server: Apache
X-Firefox-Spdy: h2
country.gameops.tech/geoip/country?callback=window.gapwn.get_country
200 OK 0 B URL HTTP/2 country.gameops.tech/geoip/country?callback=window.gapwn.get_country
IP
GET /geoip/country?callback=window.gapwn.get_country HTTP/1.1
Host: country.gameops.tech
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.cyberslut2069.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 14 Dec 2022 02:36:22 GMT
content-type: text/javascript; charset=utf-8
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With
x-content-type-options: nosniff
etag: W/"20d-sKpKw8KGhimKVxiVkhkJPWK187k"
via: 1.1 varnish
age: 56
x-served-by: cache-bma1637-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1670985383.511987,VS0,VE1
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PV7IOwur5lwgf8EYnVYbyIRQdikeVJIdTrbs%2BGOg%2FUDQwfnLRqiTOJD2gWCcbLuub9u2h8%2FjkvypHHPlGvsdIwW00qs31IIK9YZWhYkigZeptz1eHgpkLV3oCUuTtl2ri0QkVLvbFQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77938d308a91b524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
geoip.enlistsecureup.com/?v=1
200 OK 0 B URL HTTP/2 geoip.enlistsecureup.com/?v=1
IP
ASN #54994 QUANTILNETWORKS
GET /?v=1 HTTP/1.1
Host: geoip.enlistsecureup.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ywndoa.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 14 Dec 2022 02:36:26 GMT
content-type: application/javascript
server: waf/4.32.3-0.el6
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
x-via: 1.1 PS-DFW-01gGZ147:5 (Cdn Cache Server V2.0), 1.1 PSdgflkfFRA1bc200:14 (Cdn Cache Server V2.0), 1.1 PSdgflkfFRA1je97:15 (Cdn Cache Server V2.0)
x-ws-request-id: 639936aa_PSdgflkfFRA1je97_47556-26035
set-cookie: HMF_CI=e78e5ba8432b95cd4d4bbf72d179e7e11206a677107078d3a2edb3f13880c638ea3def872b8231fcf7e2674294867cc591b38744c6135dbeaff5a607c2ddc4cdab; Expires=Fri, 13-Jan-23 02:36:26 GMT; Path=/
X-Firefox-Spdy: h2
fonts.googleapis.com/css2?family=Poppins:wght@300;400;600&display=swap
200 OK 0 B URL HTTP/2 fonts.googleapis.com/css2?family=Poppins:wght@300;400;600&display=swap
IP
GET /css2?family=Poppins:wght@300;400;600&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ywndoa.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 14 Dec 2022 02:36:25 GMT
date: Wed, 14 Dec 2022 02:36:25 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
kit.fontawesome.com/b314bdf1b3.js
200 OK 0 B URL HTTP/2 kit.fontawesome.com/b314bdf1b3.js
IP
GET /b314bdf1b3.js HTTP/1.1
Host: kit.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ywndoa.com
Connection: keep-alive
Referer: https://ywndoa.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 14 Dec 2022 02:36:25 GMT
content-type: text/javascript
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=60, public, must-revalidate
strict-transport-security: max-age=31536000; preload
vary: origin, accept-encoding, access-control-request-headers, access-control-request-method
x-request-id: FyzAivMVs4keZNOYTp4i
cf-cache-status: REVALIDATED
server: cloudflare
cf-ray: 77938d444f03b4f3-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
78.41.204.29
192.124.249.24
188.114.97.1
23.36.77.32
93.184.220.29
104.18.23.52
163.171.128.172