lacewithhold.top/CairoAmman-v2w/tb.php?wx=sw1675554442517
104.21.17.243200 OK 608 B URL HTTP/1.1 lacewithhold.top/CairoAmman-v2w/tb.php?wx=sw1675554442517
IP 104.21.17.243:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (560), with CRLF line terminators
Hash ff4ee75d20219d919bf3763f6a85dbd4
a251b9501ed343d0bcecacf5907ee18a0c94669b
a70ac8896fff9712863514e3b214787e45e590e18d464179d9e66d361677e03c
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.top domain
GET /CairoAmman-v2w/tb.php?wx=sw1675554442517 HTTP/1.1
Host: lacewithhold.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 23:50:53 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iT28jnmRA7MYEcdBZkfoBT%2Fcp%2FOIjoARyiyCGzHVQVH4fBsY6eG0G6iy1fIKIXgnqjWezrU24ioph4%2Bkw8rrgDPhYvZZMdRku4lGNFALR88Azg7KTiD7NCEyMoRQIF%2BxxZ6j"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 79474fa93f7a0b65-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 1cdc095521e9ee2606059be447d1fdd5
02b5d0a5b5823e2338daf7e144700babe2a213af
8bda3aabcf331c2bfcc4c7023cd797c760fd301dc353641bb95048e072f66c66
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8BDA3AABCF331C2BFCC4C7023CD797C760FD301DC353641BB95048E072F66C66"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12127
Expires: Sun, 05 Feb 2023 03:13:00 GMT
Date: Sat, 04 Feb 2023 23:50:53 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash c21ba65e44ac95470c314e068e49a9eb
17a13b13738993d889d4afa3d848dc63bf6eba64
9bd0795b30e84ce63b6e2a365ca91bbffc395dd955e112152066c31e63a4ab66
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9BD0795B30E84CE63B6E2A365CA91BBFFC395DD955E112152066C31E63A4AB66"
Last-Modified: Sat, 04 Feb 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15670
Expires: Sun, 05 Feb 2023 04:12:03 GMT
Date: Sat, 04 Feb 2023 23:50:53 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Backoff, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 04 Feb 2023 23:43:39 GMT
content-type: application/json
age: 434
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash fb7b6b46e708ad73eaaa3c21e74569ae
950663c025acad81556af5aa3022ecc9d55097fe
763f58b9fb838378c92033b59907b036f4c33081f5103d9bcc2ca2a8de500d64
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "763F58B9FB838378C92033B59907B036F4C33081F5103D9BCC2CA2A8DE500D64"
Last-Modified: Sat, 04 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3880
Expires: Sun, 05 Feb 2023 00:55:33 GMT
Date: Sat, 04 Feb 2023 23:50:53 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: /bp4kPE1bmthtSeF56tylShjLdcFJWn3z48G7oZA9lZHHtdLdqnOtFcRNOnv7XUEljyKgWL2sOE=
x-amz-request-id: BEHJ0KZPCMHJY5CD
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 04 Feb 2023 22:53:01 GMT
age: 3472
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 23:50:53 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
lacewithhold.top/favicon.ico
104.21.17.243200 OK 455 B URL HTTP/1.1 lacewithhold.top/favicon.ico
IP 104.21.17.243:0
File type PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash 3c5d244b8b6b192c76a2c4331450c235
7e53f5ad871fcd67705eaf77f1ca9ff247143e1e
e0f26b6349453a86cd1f0f87cfd80559ef7edb6d88ff0af9ced7d7e413c548e3
GET /favicon.ico HTTP/1.1
Host: lacewithhold.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lacewithhold.top/CairoAmman-v2w/tb.php?wx=sw1675554442517
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 23:50:54 GMT
Content-Type: image/x-icon
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 27 Dec 2016 03:54:11 GMT
ETag: W/"5861e5e3-1b0"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=toVKnOjOpGDwrjvOZX7Czwy7tilc0ij0FuCSjmgTLVLpmSetwUu7Bbll7F3XfiyXtE9Nux7UGrVGc3iP3hjRieSDclMx0XH49Lg0vNQBAhEJQNakWEtjl4hyi3Jkbp%2F2Njyq"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79474fab6ded0b49-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
lacewithhold.top/j/og2.js?_t=1675554691786
104.21.17.243200 OK 942 B URL HTTP/1.1 lacewithhold.top/j/og2.js?_t=1675554691786
IP 104.21.17.243:0
File type ASCII text, with CRLF line terminators
Hash bad1af26351d2e87c035596233940ab0
9ac0e34dcbfd29ca3070c506c200777a8016b161
bc734ed6fc97cbcbaa0ed5236ce8aa46754596a9a79eef96684242d231d0644e
GET /j/og2.js?_t=1675554691786 HTTP/1.1
Host: lacewithhold.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lacewithhold.top/CairoAmman-v2w/tb.php?wx=sw1675554442517
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 23:50:54 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 20 Oct 2022 16:09:56 GMT
Vary: Accept-Encoding
ETag: W/"635172d4-850"
Expires: Sun, 05 Feb 2023 11:50:54 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9c2i9kpODsl2gVrRKcS53EezP93imyl62FDc7hsl%2BAzmkplji68kssvFaXgzGpnSVy6lTHYIn%2BIz3B6Kdya4Rc%2B%2BGHv8q1GJ96EhmY6aApBBa2kD%2BczqPGUSIzH0P2x98njx"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 79474fabd8f00b65-OSL
alt-svc: h2=":443"; ma=60
lacewithhold.top/j/og2.php?_t=1675554691911
104.21.17.243200 OK 104 B URL HTTP/1.1 lacewithhold.top/j/og2.php?_t=1675554691911
IP 104.21.17.243:0
File type JSON data\012- , ASCII text, with no line terminators
Hash b2d3903a513deab3ffe51bf33956aa7b
8dead806294523025a517b0c1c099ce4a2f62998
695336d0239e02ddccf47d00787a635b514a71ce6967c8b3f2b7559f723fe741
POST /j/og2.php?_t=1675554691911 HTTP/1.1
Host: lacewithhold.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-type: application/x-www-form-urlencoded
Content-Length: 53
Origin: http://lacewithhold.top
Connection: keep-alive
Referer: http://lacewithhold.top/CairoAmman-v2w/tb.php?wx=sw1675554442517
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 23:50:54 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p5NX1DovzCIDtrqS%2FcIsixrGte6QtQof3uNrIP8fM4reVW4SJ7BL49UmDzpDdLiUJrB6t7SXYmJpCDvc1j89JgBCycfgoE9iy2t3cUXDXkpiiDZHGHUPXHD4%2BWrm498qqC3L"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 79474fac9eb80b49-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
ocsp.pki.goog/s/gts1p5/lUBhjpg2Mlo
142.250.74.163200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/lUBhjpg2Mlo
IP 142.250.74.163:0
Hash 46424ca91352c3a84a00268a8d096f38
e351e422d51beb81147823db6071ee05e37e21a4
fac227acebcbde1e3c5f4d1d1b95958b2658e3afba23d8c9ed0a52d05ee1975c
POST /s/gts1p5/lUBhjpg2Mlo HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 23:50:54 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Pragma, Backoff, Retry-After, Content-Length, Last-Modified, Expires, Cache-Control, ETag, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 04 Feb 2023 23:07:19 GMT
age: 2615
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/lUBhjpg2Mlo
142.250.74.163200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/lUBhjpg2Mlo
IP 142.250.74.163:0
Hash 46424ca91352c3a84a00268a8d096f38
e351e422d51beb81147823db6071ee05e37e21a4
fac227acebcbde1e3c5f4d1d1b95958b2658e3afba23d8c9ed0a52d05ee1975c
POST /s/gts1p5/lUBhjpg2Mlo HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 23:50:54 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash dedf9c519ac38c4bece9c5bc895787d7
4911175c3f8a435978c5301c33c7a99a5e00a1d5
bddd7e3a4939f863642a7c5348c1c8b9bc569b35c10a27f4cf5ec71f7e6b9698
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BDDD7E3A4939F863642A7C5348C1C8B9BC569B35C10A27F4CF5EC71F7E6B9698"
Last-Modified: Fri, 03 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12679
Expires: Sun, 05 Feb 2023 03:22:13 GMT
Date: Sat, 04 Feb 2023 23:50:54 GMT
Connection: keep-alive
cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@6.1.1/css/all.min.css
151.101.1.229200 OK 21 kB URL HTTP/2 cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@6.1.1/css/all.min.css
IP 151.101.1.229:0
File type ASCII text, with very long lines (65317)
Hash b5ae87c0e4dd241b533e67053b0b719d
6b7b568694a95d81a94dea9ef7a85d1317d448dc
5bae5997fbca925ac6e52be8163ca897e751fcc9331552e0f77a22dd35b64521
GET /npm/@fortawesome/fontawesome-free@6.1.1/css/all.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hakivz.cyou/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 6.1.1
x-jsd-version-type: version
etag: W/"189ae-CRAs/GDvtDCiXul87ppqNd9t/Fk"
content-encoding: gzip
accept-ranges: bytes
date: Sat, 04 Feb 2023 23:50:54 GMT
age: 8210767
x-served-by: cache-fra-eddf8230116-FRA, cache-bma1658-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 20556
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/select2@4.1.0-rc.0/dist/css/select2.min.css
151.101.1.229200 OK 2.2 kB URL HTTP/2 cdn.jsdelivr.net/npm/select2@4.1.0-rc.0/dist/css/select2.min.css
IP 151.101.1.229:0
File type ASCII text, with very long lines (16263)
Hash bd3ea59ca12635e32402ec20cb196249
b1bfdaba4a00c2932245ff9eabea38016f9c9069
b99f8f79de257275fdbf6a8e0eb4652b0d69429552234b1f444c08ae85000341
GET /npm/select2@4.1.0-rc.0/dist/css/select2.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hakivz.cyou/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 4.1.0-rc.0
x-jsd-version-type: version
etag: W/"3f88-kT+fe5U1rseQyjzp1uNaz682mZM"
content-encoding: gzip
accept-ranges: bytes
date: Sat, 04 Feb 2023 23:50:54 GMT
age: 26975159
x-served-by: cache-fra19146-FRA, cache-bma1658-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 2162
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 472 B IP 142.250.74.163:0
Hash 153d0de36959c722c00df71ba86daca2
305f56a3134879ebf0828e169e903e560540c070
0cf533a798d42d1e97fb6619a411afadf9a68c92302ba852869b0c0555a47987
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 23:50:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 472 B IP 142.250.74.163:0
Hash 153d0de36959c722c00df71ba86daca2
305f56a3134879ebf0828e169e903e560540c070
0cf533a798d42d1e97fb6619a411afadf9a68c92302ba852869b0c0555a47987
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 23:50:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4
104.18.21.226200 OK 1.5 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4
IP 104.18.21.226:0
Hash 92677b7c9f44a960f6f31c962400e07e
9e4bf813033f5ecd08277415ad3e71af37eb1998
ba593925664d74c7239d4a51f9e0db440419ace959b2541b3dde80c0b9704df1
POST /ca/gsatlasr3dvtlsca2022q4 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 23:50:54 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "2920EA9856823EB8543A271447647116540769B9"
Expires: Sun, 05 Feb 2023 10:00:00 GMT
Last-Modified: Sat, 04 Feb 2023 22:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 2780
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79474fb03d9eb509-OSL
www.googletagmanager.com/gtag/js?id=G-0C230YDF7G
142.250.74.168200 OK 77 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=G-0C230YDF7G
IP 142.250.74.168:0
File type ASCII text, with very long lines (19467)
Hash 27f81eaf7d5f2c6c0bf32460f904af99
121df3638bc30fe8b481690a9ef32831636499fb
5948e753cd7ac1a0bcb6c0983dbd2a56654a8ff04d86c56a7d4c20857b517cff
GET /gtag/js?id=G-0C230YDF7G HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hakivz.cyou/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 04 Feb 2023 23:50:54 GMT
expires: Sat, 04 Feb 2023 23:50:54 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 77089
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=G-LW7434MYMN
142.250.74.168200 OK 77 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=G-LW7434MYMN
IP 142.250.74.168:0
File type ASCII text, with very long lines (19467)
Hash a0b8838304b5570dd24612418cfd2a9c
e202f7621c11d29a15f6d4808e6716a29f22cc96
02bc04bafbbad9ad2283c5285f305c9672d93d732812bb847cc2f49ccc927932
GET /gtag/js?id=G-LW7434MYMN HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hakivz.cyou/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 04 Feb 2023 23:50:54 GMT
expires: Sat, 04 Feb 2023 23:50:54 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 77090
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash b433cd70638f52b0ba5a4072b7b9322c
939e736c688f92344ebfb509775a640777116a71
ac031b99a1df616504192c7213ec32e3d15c5b91c19369dad4eb36cba483eb57
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AC031B99A1DF616504192C7213EC32E3D15C5B91C19369DAD4EB36CBA483EB57"
Last-Modified: Thu, 02 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6873
Expires: Sun, 05 Feb 2023 01:45:27 GMT
Date: Sat, 04 Feb 2023 23:50:54 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 472 B IP 142.250.74.163:0
Hash 153d0de36959c722c00df71ba86daca2
305f56a3134879ebf0828e169e903e560540c070
0cf533a798d42d1e97fb6619a411afadf9a68c92302ba852869b0c0555a47987
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 23:50:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.jsdelivr.cc/npm/bootstrap@4.6.0/dist/js/bootstrap.min.js
104.21.2.47200 OK 16 kB URL HTTP/2 cdn.jsdelivr.cc/npm/bootstrap@4.6.0/dist/js/bootstrap.min.js
IP 104.21.2.47:0
File type ASCII text, with very long lines (63188), with CRLF line terminators
Hash 0dc40bf13292f2ac567719f8f71ae53a
d33f18f3db7708058c452b76b6737acaabcd6114
1c1a861c44ab7e946359ab80d967ce13f84c50117e6882aace41aa1c39e2015f
GET /npm/bootstrap@4.6.0/dist/js/bootstrap.min.js HTTP/1.1
Host: cdn.jsdelivr.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hakivz.cyou/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 23:50:54 GMT
content-type: text/javascript
x-guploader-uploadid: ADPycdv0chj5F1Awc6K7Usaiie2qXL87Fxg5kp7mYqQH9s8HWV5Nuv0HuTqJ2hz1F5xUG9MGapUfK4P-pfLXRasYr-w
expires: Sun, 05 Feb 2023 00:26:12 GMT
cache-control: public, max-age=3600
last-modified: Thu, 17 Mar 2022 07:36:54 GMT
etag: W/"c99230d2575380d7f95ff626606d2426"
x-goog-generation: 1647502614200576
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 63473
x-goog-hash: crc32c=x2l+AA==, md5=yZIw0ldTgNf5X/YmYG0kJg==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 980
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5ODhVKdTZ5po2U3SbPEscPHEYc704bOVTuCIi04zaTgiepmusyZB6I3d1x%2FZL5b3gQueoOWyYHmLBNCiX9xajx7hxEwmTIPp1HusH5k3q2Y2RzpW7eDKo7jo4VnxYkR4E5E%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79474fb12828b50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
push.services.mozilla.com/
34.217.224.186101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.217.224.186:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: cn1LmPcuSQZ7Tswmn65u8A==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: mhNvhleplXRxF34j3992bXlKdxA=
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 472 B IP 142.250.74.163:0
Hash 78e6a848b80f008114441eeea30981db
8e71ebc1aa0b43ed2221190e219e05b43e71c665
336471ebc6bfd6bb215e142c41469feaa78cb2ba389bcdb89a52ca7ab385e85f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 23:50:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 91edaa8c73d53cf443edf6b2dce9e74c
0e0bc248df53d7c38f8e2ef5be5d92729a423e1c
d20068f95767e85b32c96286d6ac4cb7eb98766ea0886a8b2fd9ede15251edb6
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "D20068F95767E85B32C96286D6AC4CB7EB98766EA0886A8B2FD9EDE15251EDB6"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17767
Expires: Sun, 05 Feb 2023 04:47:02 GMT
Date: Sat, 04 Feb 2023 23:50:55 GMT
Connection: keep-alive
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 91edaa8c73d53cf443edf6b2dce9e74c
0e0bc248df53d7c38f8e2ef5be5d92729a423e1c
d20068f95767e85b32c96286d6ac4cb7eb98766ea0886a8b2fd9ede15251edb6
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "D20068F95767E85B32C96286D6AC4CB7EB98766EA0886A8B2FD9EDE15251EDB6"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17767
Expires: Sun, 05 Feb 2023 04:47:02 GMT
Date: Sat, 04 Feb 2023 23:50:55 GMT
Connection: keep-alive
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 91edaa8c73d53cf443edf6b2dce9e74c
0e0bc248df53d7c38f8e2ef5be5d92729a423e1c
d20068f95767e85b32c96286d6ac4cb7eb98766ea0886a8b2fd9ede15251edb6
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "D20068F95767E85B32C96286D6AC4CB7EB98766EA0886A8B2FD9EDE15251EDB6"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17767
Expires: Sun, 05 Feb 2023 04:47:02 GMT
Date: Sat, 04 Feb 2023 23:50:55 GMT
Connection: keep-alive
1.bp.blogspot.com/-6OjTtrMq588/YKsjbL-wmoI/AAAAAAAABhs/UuUHtZD40v4QF-PMdm29IuYEYXf1-gCCwCLcBGAsYHQ/s16000/Norway_outbox.png
142.250.74.161200 OK 181 kB URL HTTP/2 1.bp.blogspot.com/-6OjTtrMq588/YKsjbL-wmoI/AAAAAAAABhs/UuUHtZD40v4QF-PMdm29IuYEYXf1-gCCwCLcBGAsYHQ/s16000/Norway_outbox.png
IP 142.250.74.161:0
File type PNG image data, 497 x 308, 8-bit/color RGBA, non-interlaced\012- data
Size 181 kB (180954 bytes)
Hash fd835c1f326d3e7da0d9839550f66723
5004618bc15011d7d0f569f60f900d076b164b3d
b2286c3ed452ee4eeb15d2044a90cfc456d4789b2fdbe42bb9e023c9da18e4a8
GET /-6OjTtrMq588/YKsjbL-wmoI/AAAAAAAABhs/UuUHtZD40v4QF-PMdm29IuYEYXf1-gCCwCLcBGAsYHQ/s16000/Norway_outbox.png HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hakivz.cyou/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-expose-headers: Content-Length
content-disposition: inline;filename="Norway_outbox.png"
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
server: fife
content-length: 180954
x-xss-protection: 0
date: Sat, 04 Feb 2023 22:05:39 GMT
expires: Fri, 27 Jan 2023 22:59:37 GMT
cache-control: public, max-age=86400, no-transform
age: 6316
etag: "v632"
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash ef0279dff171524f7dfa7e77b343eb36
23c5852f7a000b6594f337c0de66c700a593b5a6
b374580463a2089e3121fc9e738baa79807c3f9695ead1e9e65163d5ca14be44
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B374580463A2089E3121FC9E738BAA79807C3F9695EAD1E9E65163D5CA14BE44"
Last-Modified: Thu, 02 Feb 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13944
Expires: Sun, 05 Feb 2023 03:43:19 GMT
Date: Sat, 04 Feb 2023 23:50:55 GMT
Connection: keep-alive
1.bp.blogspot.com/-T_4FPQJDXos/YKsjbNLDpRI/AAAAAAAABho/lE-RXu-La9UZUtmJisWFGBB7Gyzc2-M_QCLcBGAsYHQ/s16000/Norway_inbox.png
142.250.74.161200 OK 14 kB URL HTTP/2 1.bp.blogspot.com/-T_4FPQJDXos/YKsjbNLDpRI/AAAAAAAABho/lE-RXu-La9UZUtmJisWFGBB7Gyzc2-M_QCLcBGAsYHQ/s16000/Norway_inbox.png
IP 142.250.74.161:0
File type PNG image data, 350 x 251, 8-bit colormap, non-interlaced\012- data
Hash ff055162c5d233506eece3fb69a47e74
49812e303ae6674819b6a7a6e0721d555ef64df4
7e46c8bcf219a0d6f0f3d5c5b027ed613678a0c54d637172d6495f428ff80150
GET /-T_4FPQJDXos/YKsjbNLDpRI/AAAAAAAABho/lE-RXu-La9UZUtmJisWFGBB7Gyzc2-M_QCLcBGAsYHQ/s16000/Norway_inbox.png HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hakivz.cyou/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-expose-headers: Content-Length
content-disposition: inline;filename="Norway_inbox.png"
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
server: fife
content-length: 13695
x-xss-protection: 0
date: Sat, 04 Feb 2023 23:40:53 GMT
expires: Mon, 23 Jan 2023 07:16:14 GMT
cache-control: public, max-age=86400, no-transform
age: 602
etag: "v630"
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 91edaa8c73d53cf443edf6b2dce9e74c
0e0bc248df53d7c38f8e2ef5be5d92729a423e1c
d20068f95767e85b32c96286d6ac4cb7eb98766ea0886a8b2fd9ede15251edb6
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "D20068F95767E85B32C96286D6AC4CB7EB98766EA0886A8B2FD9EDE15251EDB6"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17767
Expires: Sun, 05 Feb 2023 04:47:02 GMT
Date: Sat, 04 Feb 2023 23:50:55 GMT
Connection: keep-alive
263cdn.com/upload/Indonesia4.jpg
104.21.235.73200 OK 6.2 kB URL HTTP/2 263cdn.com/upload/Indonesia4.jpg
IP 104.21.235.73:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 290x300, components 3\012- data
Hash e5d81190b9a9d1201c2490a0a1e72de1
fce335ff598ae1792aa92c2b43865f32dec274a9
55b1e8a64608caecb75985b4fd4cee50759ee071b4dacedce2dadaf97ddf0cfa
GET /upload/Indonesia4.jpg HTTP/1.1
Host: 263cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hakivz.cyou/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 23:50:55 GMT
content-type: image/jpeg
content-length: 6222
x-guploader-uploadid: ADPycdtL_0yB0OJ_JBznYZIuBXrd3phkUsaD48XylvIPA8mga09PeKVBIZa8m_hUJdTvGN-jMzN84me9T22qoYvgQ5S2
expires: Sat, 04 Feb 2023 23:31:20 GMT
cache-control: public, max-age=14400
last-modified: Wed, 06 Jul 2022 08:31:48 GMT
etag: "e5d81190b9a9d1201c2490a0a1e72de1"
x-goog-generation: 1657096308216874
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 6222
x-goog-hash: crc32c=EiiJwg==, md5=5dgRkLmp0SAcJJCgoect4Q==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 1640
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xfhyodyK6LQck0IK6w%2BJyKuWDO4a%2BnOXg83olJpzbcVDrEjbZMxO6E7wGHz6f%2FZIsoVBQQsRJ7cb8TF6vyrT2w1ywZbzepKjohN8YP4Cs4a3h8XW4%2FM5KOV46CTM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79474fb24e43dd2f-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
263cdn.com/upload/Indonesia3.jpg
104.21.235.73200 OK 6.2 kB URL HTTP/2 263cdn.com/upload/Indonesia3.jpg
IP 104.21.235.73:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 290x300, components 3\012- data
Hash f94afc98abf1cc88c3c13f29c29fce3f
c9f14d95f4e88e86c77ea29518b116ce08601354
e20701f7382baf1beebb25b6d8c10e90a7ef4a44b62f1a2fe060f8f5297ff624
GET /upload/Indonesia3.jpg HTTP/1.1
Host: 263cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hakivz.cyou/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 23:50:55 GMT
content-type: image/jpeg
content-length: 6182
x-guploader-uploadid: ADPycdvmet1kWrsKKt-hxqpNkqG4sXco49vV6-2srWx4qAsjnFxVJpvlmeMzXlsYuQ8R3CrDpKSORAux7gOOE0scd7aYmFiAmNLZ
expires: Sat, 04 Feb 2023 23:31:16 GMT
cache-control: public, max-age=14400
last-modified: Wed, 06 Jul 2022 08:31:47 GMT
etag: "f94afc98abf1cc88c3c13f29c29fce3f"
x-goog-generation: 1657096307286951
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 6182
x-goog-hash: crc32c=4DXUqw==, md5=+Ur8mKvxzIjDwT8pwp/OPw==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 1640
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OnrJQ3OxwNz3hL%2Fx2b3G%2F3EwZNieTejPJe0jCUwlfw1bAzuFDPscXtl4hjww8lO%2FgjATvuMlPO9iPE%2BPHHQujVYX1RPVoXgYvgOqjeK1oWF9rlwqRnfnWf7nzaIb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79474fb24e45dd2f-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
263cdn.com/upload/Indonesia6.jpg
104.21.235.73200 OK 7.5 kB URL HTTP/2 263cdn.com/upload/Indonesia6.jpg
IP 104.21.235.73:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 290x300, components 3\012- data
Hash ec7a7ffa081880f43a8862f0fd65b507
b85988ed0d72078184eea7e4310c9c2a4e8474db
32ef68c245249b10fc6d7ffb799d3bb433ba11fb55be44eea217cf1d5a60e7e7
GET /upload/Indonesia6.jpg HTTP/1.1
Host: 263cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hakivz.cyou/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 23:50:55 GMT
content-type: image/jpeg
content-length: 7459
x-guploader-uploadid: ADPycdvsvrkSM1iqbNmPhaYrGNj_37tgRWW2C4wEikmiNK20YL6X2y3cD24Tt4DrxXNuKl15WATjswOeLaE1xNnYN63ZKQ
x-goog-generation: 1657096308287626
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 7459
x-goog-hash: crc32c=Qo6nDQ==, md5=7Hp/+ggYgPQ6iGLw/WW1Bw==
x-goog-storage-class: STANDARD
expires: Sat, 04 Feb 2023 23:31:16 GMT
cache-control: public, max-age=14400
last-modified: Wed, 06 Jul 2022 08:31:48 GMT
etag: "ec7a7ffa081880f43a8862f0fd65b507"
cf-cache-status: HIT
age: 1640
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NRKoDkXicymoMNZEp6pAQAogn99Vhzu7W75AzLDLXzTteMC%2FgP5SNg%2FaMEMZD%2Fb3XSYqtvSuofDzfQuCbljG5UYL9XHi26V70PI3LLTtdHZvOTHqV8Gm5%2FUnXBhL"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79474fb24e42dd2f-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
263cdn.com/upload/Indonesia1.jpg
104.21.235.73200 OK 6.6 kB URL HTTP/2 263cdn.com/upload/Indonesia1.jpg
IP 104.21.235.73:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 290x300, components 3\012- data
Hash ab5f2c468d1fa0f257866f909563c9f4
e270376de296bf9b6ae7c0c93050bc7ef9d4b4d4
bf33f5eac98b4716b47df5777412abcc74e2c21247d9e6452e3cc8dc997309db
GET /upload/Indonesia1.jpg HTTP/1.1
Host: 263cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hakivz.cyou/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 23:50:55 GMT
content-type: image/jpeg
content-length: 6589
x-guploader-uploadid: ADPycdvDAUQws2BfECUbHdT4f2xA6Iiq-_GZdSTY_OnFYXauzcuQENd2ovAMHXu_1NQF9G8T2Lk6LBenurC2kmOzBuPOQSaSwWCj
x-goog-generation: 1657096307229997
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 6589
x-goog-hash: crc32c=wJVzOw==, md5=q18sRo0foPJXhm+QlWPJ9A==
x-goog-storage-class: STANDARD
expires: Sat, 04 Feb 2023 23:31:16 GMT
cache-control: public, max-age=14400
last-modified: Wed, 06 Jul 2022 08:31:47 GMT
etag: "ab5f2c468d1fa0f257866f909563c9f4"
cf-cache-status: HIT
age: 1640
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CI%2FYmDdBMb%2BNyPDummOCqgXNEhPc8NBydi8uEdn944nrQJdqaKWCkVTTSQHrHWYNczAWokF1QPH%2FxC0XDVOcMZtadyDyxG0GY%2B2MgngS3m4qGspQyXiSsIYldH91"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79474fb24e47dd2f-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
263cdn.com/upload/Indonesia2.jpg
104.21.235.73200 OK 8.1 kB URL HTTP/2 263cdn.com/upload/Indonesia2.jpg
IP 104.21.235.73:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 290x300, components 3\012- data
Hash 1342b004626e67a279421a9094d53e7c
76834d9fce2770428975d4deb4b193f618c9685f
6182feeabee93997723ea922671924e1ab16553de027b529be2d55452b490fb5
GET /upload/Indonesia2.jpg HTTP/1.1
Host: 263cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hakivz.cyou/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 23:50:55 GMT
content-type: image/jpeg
content-length: 8116
x-guploader-uploadid: ADPycdtC_UWaANLPsEmmFL-mxH8G3s3nsLdpGAk-g98fFH5zTPp93cE-MU_IW3bZWr1LEruLnilwdoOpHNd5zTZxHseFQ5Qapak9
x-goog-generation: 1657096307303907
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 8116
x-goog-hash: crc32c=mdENPQ==, md5=E0KwBGJuZ6J5QhqQlNU+fA==
x-goog-storage-class: STANDARD
expires: Sat, 04 Feb 2023 23:31:16 GMT
cache-control: public, max-age=14400
last-modified: Wed, 06 Jul 2022 08:31:47 GMT
etag: "1342b004626e67a279421a9094d53e7c"
cf-cache-status: HIT
age: 1640
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7f8uSbtceSyUGE8UcaBv%2BdRShNNK4YNCnhWDa6mnYcd2%2FsjCR8D0qDBizIrpFI1UBQN5QZORguOXIiR63GDmJfDGKj%2Fci5gsZr4Ale7QRjo2thgVaH8v3p%2FvUYuG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79474fb24e46dd2f-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
263cdn.com/upload/Indonesia7.jpg
104.21.235.73200 OK 9.1 kB URL HTTP/2 263cdn.com/upload/Indonesia7.jpg
IP 104.21.235.73:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 290x300, components 3\012- data
Hash bc60b929864d67625d52fc2ad60efde0
f53678bb46f19f6102e73202956ed32197ae8c44
f6259d34f434115b92cdc5ac16a865a9f68d1e7202b2a4c40218e5d282e0a662
GET /upload/Indonesia7.jpg HTTP/1.1
Host: 263cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hakivz.cyou/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 23:50:55 GMT
content-type: image/jpeg
content-length: 9135
x-guploader-uploadid: ADPycdun2KtWreiWtxGKYkZzycPbGmUWsm_w67kN2Z98xQ7IIsH9Tc-1iEEMKxw2PnwW89y71R0acj8-Uahb4rjIImSlOam6Ostk
x-goog-generation: 1657096309335305
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 9135
x-goog-hash: crc32c=RgU4fw==, md5=vGC5KYZNZ2JdUvwq1g794A==
x-goog-storage-class: STANDARD
expires: Sat, 04 Feb 2023 23:31:17 GMT
cache-control: public, max-age=14400
last-modified: Wed, 06 Jul 2022 08:31:49 GMT
etag: "bc60b929864d67625d52fc2ad60efde0"
cf-cache-status: HIT
age: 1656
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wYo77DkcfpgVuUwb18ohbPdfmqiD3s4yeP%2BU3LcPezzVNDhQ%2BGcA%2FcqWphwG1%2FEo57VK3dbu7FmDprgVF%2FMy6BYS7jcKN81atVPDhkJxZukh%2FICoH6ptqYbPeLy4"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79474fb26e5add2f-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
263cdn.com/upload/Indonesia8.jpg
104.21.235.73200 OK 5.7 kB URL HTTP/2 263cdn.com/upload/Indonesia8.jpg
IP 104.21.235.73:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 290x300, components 3\012- data
Hash 46bef3f5673f60864f8a0e59856f55b6
c63dd906302f8b9e1416dc74691588822a93c209
1282348fcf7123a05c5edf127c667c3617060490e86a34c20e2ee4f1519736a3
GET /upload/Indonesia8.jpg HTTP/1.1
Host: 263cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hakivz.cyou/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 23:50:55 GMT
content-type: image/jpeg
content-length: 5653
x-guploader-uploadid: ADPycds_XHoe7EQogKwBMjV_-EkQ34DhP2VSYbzKvrwc7YI9nhw5TPAJ_PuPLpK1-DPQGizJfBqDoqmolLpAxnqA3puAeSojLYGF
expires: Sat, 04 Feb 2023 23:31:17 GMT
cache-control: public, max-age=14400
last-modified: Wed, 06 Jul 2022 08:31:49 GMT
etag: "46bef3f5673f60864f8a0e59856f55b6"
x-goog-generation: 1657096309304192
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 5653
x-goog-hash: crc32c=jHXx8g==, md5=Rr7z9Wc/YIZPig5ZhW9Vtg==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 1640
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rAUW6abDDIFgr3crTOrGQLIQkyO76EfuOZyGUbQoRxxGJ1JUHCoEqn0U28LvWGTb7LqXm16bxBOpMiemqohwBMNldoNHeQ3Vy8XgwE6Rxfv%2FeOHvOu3h4iUO155F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79474fb26e5bdd2f-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
263cdn.com/upload/Indonesia9.jpg
104.21.235.73200 OK 12 kB URL HTTP/2 263cdn.com/upload/Indonesia9.jpg
IP 104.21.235.73:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 290x300, components 3\012- data
Hash 83cbedbe445b38b05599671c71a9a267
8417ae98a6a42712a6b88c2671769e14cd0db9b3
d7dc2cc95691fd45345581090f566c617564331694c685976e8f41aad40f8570
GET /upload/Indonesia9.jpg HTTP/1.1
Host: 263cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hakivz.cyou/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 23:50:55 GMT
content-type: image/jpeg
content-length: 11976
x-guploader-uploadid: ADPycduvL0PqC1fxlWWnVsbCMDI5_gdcoK1PnL5IM-kPcr1fwTmM3TuXzez3m_8P7bPNcHRZOogiZS0OjvraLNEeq1HYmzC2ccKU
expires: Sat, 04 Feb 2023 23:31:17 GMT
cache-control: public, max-age=14400
last-modified: Wed, 06 Jul 2022 08:31:49 GMT
etag: "83cbedbe445b38b05599671c71a9a267"
x-goog-generation: 1657096309303847
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 11976
x-goog-hash: crc32c=o5oeyQ==, md5=g8vtvkRbOLBVmWcccamiZw==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 1640
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pD96kuWHg2ysEn4w3qX8ECNjzkgaIGqOBUpq1i6nzx057bgztb0do4QTZ%2FMh3CG%2FETBvt0N6iNni%2FqhQjdCi02IjZoZjcbqTRqY5yyr3pmJF6VsVm6RP4r%2BcSy%2Fd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79474fb26e5cdd2f-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
263cdn.com/upload/Indonesia10.jpg
104.21.235.73200 OK 6.7 kB URL HTTP/2 263cdn.com/upload/Indonesia10.jpg
IP 104.21.235.73:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 290x300, components 3\012- data
Hash faa640c30293f74ae6655d1fbeaedc12
15c43501a436be0b0f4dd858a7fbc0499fbf7104
67cf914abbe305c9710d65db90947cf5ca12db353f5e35435ecaf1c07d804fb3
GET /upload/Indonesia10.jpg HTTP/1.1
Host: 263cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hakivz.cyou/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 23:50:55 GMT
content-type: image/jpeg
content-length: 6725
x-guploader-uploadid: ADPycduZfOIUyg5riDk8qb659VFLdKiajb6e3STb6lC8QsJuZLlAmwgYuIONN07njjdxrxu7oRvQPNgS6-kIpMaXcmhrunJ_nLab
expires: Sun, 05 Feb 2023 00:23:19 GMT
cache-control: public, max-age=14400
last-modified: Wed, 06 Jul 2022 08:31:50 GMT
etag: "faa640c30293f74ae6655d1fbeaedc12"
x-goog-generation: 1657096310364236
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 6725
x-goog-hash: crc32c=6l4llg==, md5=+qZAwwKT90rmZV0fvq7cEg==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 1656
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xJ3WeftZ2tlKjvcYLflODzU2iJbiy1oCNcsP6mnqCEWWxYSpXDMr8r9ma4hMRGaP67E1nCCwU%2FGGOi4gYu0bsSOnkZjz%2B0JeZq0JAqSd7Mxj9b5ZivcV2tuBRiLm"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79474fb26e5edd2f-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 57cf171deeb6af80ba729adda4586df9
0f2d3e544447814ca50059e85e0d25eff4c12f1e
5553331706126a136ca3ea472838e1175c712085cb7d49e9b0a5f4ef73623fee
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "5553331706126A136CA3EA472838E1175C712085CB7D49E9B0A5F4EF73623FEE"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21254
Expires: Sun, 05 Feb 2023 05:45:09 GMT
Date: Sat, 04 Feb 2023 23:50:55 GMT
Connection: keep-alive
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 57cf171deeb6af80ba729adda4586df9
0f2d3e544447814ca50059e85e0d25eff4c12f1e
5553331706126a136ca3ea472838e1175c712085cb7d49e9b0a5f4ef73623fee
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "5553331706126A136CA3EA472838E1175C712085CB7D49E9B0A5F4EF73623FEE"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8151
Expires: Sun, 05 Feb 2023 02:06:46 GMT
Date: Sat, 04 Feb 2023 23:50:55 GMT
Connection: keep-alive
cdnbun.com/upload/kongbai.png
172.64.131.13200 OK 1.1 kB URL HTTP/2 cdnbun.com/upload/kongbai.png
IP 172.64.131.13:0
File type PNG image data, 100 x 84, 8-bit/color RGBA, non-interlaced\012- data
Hash 8ace35a6262109252682e93d648028d0
95f26d04a05d6601429216184c6dc1878aad1b3d
1b5c6ee0d16a0ced714ec437952f472b0551600580732645cb7bbad14b395bb0
GET /upload/kongbai.png HTTP/1.1
Host: cdnbun.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hakivz.cyou/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 23:50:55 GMT
content-type: image/png
content-length: 1051
x-guploader-uploadid: ADPycduFQwKHM9NogixQrSxGheQE3-2k5ICn9Fxm9TKIi-sGh-NqtNc4JlApZXdS5JJc6YZ7UcAIj86nDpOYA0dwBUY_u_6sNqH8
expires: Sat, 04 Feb 2023 21:35:38 GMT
cache-control: public, max-age=14400
last-modified: Sun, 23 Oct 2022 07:12:22 GMT
etag: "8ace35a6262109252682e93d648028d0"
x-goog-generation: 1666509142369041
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 1051
x-goog-hash: crc32c=MniARw==, md5=is41piYhCSUmguk9ZIAo0A==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 1637
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LPHt9yrJ3XISt3cK217r43hVoFXfQQiHGiXmKv9PfB1FKMbZzeilc%2BDGIsBujCkqBIJk0aNQCZlvnCpO5hCGlA9cDLbbm3eUNlrLDZuKUl833Jo8LvhXm1G3nzz9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79474fb2df3123ac-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 1.0 kB IP 142.250.74.163:0
Hash 8eed9c809ba54b0bf3f9f7196d302885
72c47b876494925decebca389b7a16f7ac3b5847
77a4c5b9e142ca579fb32fc5e8f267bd3f96fcbb6e79ce4a9e7c43bc0c6b39b0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 23:50:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdnbun.com/upload/bravo.bix1.png
172.64.131.13200 OK 19 kB URL HTTP/2 cdnbun.com/upload/bravo.bix1.png
IP 172.64.131.13:0
File type PNG image data, 350 x 250, 8-bit/color RGBA, non-interlaced\012- data
Hash 4e6397e4208f23cf9dc127e246a7d427
e1c9ec0085d0886a5066dd00c43aada17c2b63ce
c1c744e4e32105adea3ef3a35344951bfce78f7f1387c22e725831c0affedfcb
GET /upload/bravo.bix1.png HTTP/1.1
Host: cdnbun.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hakivz.cyou/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 23:50:55 GMT
content-type: image/png
content-length: 19113
x-guploader-uploadid: ADPycdvpo6E6q7S4AsdoywwUhgT_-BEVfxpefXQtzww78gyIiMglhMTYaU6HxiRv1hySrji1ajwsXkMaW0MvYBoVb6yqhw
x-goog-generation: 1670239478525469
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 19113
x-goog-hash: crc32c=5F2Ztw==, md5=TmOX5CCPI8+dwSfiRqfUJw==
x-goog-storage-class: STANDARD
expires: Sat, 04 Feb 2023 23:50:02 GMT
cache-control: public, max-age=14400
last-modified: Mon, 05 Dec 2022 11:24:38 GMT
etag: "4e6397e4208f23cf9dc127e246a7d427"
cf-cache-status: HIT
age: 43
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dcEq4oraNxdSs3HRSCzEOehPfA7P9h35L%2BkyWwVQZNVqXDE2VG027y8QpVHBkc7S8bWaOO3lhA8fL1Nl1S38UO%2B2b8h%2FqoWZe7IvFyDFIQK2rQCl1npBQklFsXcG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79474fb2ff4923ac-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 91edaa8c73d53cf443edf6b2dce9e74c
0e0bc248df53d7c38f8e2ef5be5d92729a423e1c
d20068f95767e85b32c96286d6ac4cb7eb98766ea0886a8b2fd9ede15251edb6
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "D20068F95767E85B32C96286D6AC4CB7EB98766EA0886A8B2FD9EDE15251EDB6"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17767
Expires: Sun, 05 Feb 2023 04:47:02 GMT
Date: Sat, 04 Feb 2023 23:50:55 GMT
Connection: keep-alive
263cdn.com/upload/Indonesia5.jpg
104.21.235.73200 OK 9.9 kB URL HTTP/2 263cdn.com/upload/Indonesia5.jpg
IP 104.21.235.73:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 290x300, components 3\012- data
Hash fd3e780dbef9b321ec2675fc3e5a1f06
7d66fb220f43c84a65547b9670f69a42cf68bfb7
11f987f8ba2577488e3d24cd9e43233c77ad0e00eb9d980f0f8a7a17ef89b917
GET /upload/Indonesia5.jpg HTTP/1.1
Host: 263cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hakivz.cyou/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 23:50:55 GMT
content-type: image/jpeg
content-length: 9863
x-guploader-uploadid: ADPycduZ1huhjRNSdSuiGUVP71g4np7ZD5ifpY6PmFsQM6XIPCSbQ_rJKpgz1r6pYLFKd1w7zd8pqeMuvywsikC6mEJL1A
expires: Sat, 04 Feb 2023 23:31:16 GMT
cache-control: public, max-age=14400
last-modified: Wed, 06 Jul 2022 08:31:48 GMT
etag: "fd3e780dbef9b321ec2675fc3e5a1f06"
x-goog-generation: 1657096308281088
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 9863
x-goog-hash: crc32c=TOJlNA==, md5=/T54Db75syHsJnX8PlofBg==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 1688
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k5fOsE%2BRCWTQAAxvMfz0pTntmXAf4V8f1K27LdPWmkJt6adGC5l1GDIcR%2F98SbNcKWaENSNV6kDXnG0zNxjP%2FuQUb8idFjj%2BWxsBC%2FDqRuMH1heHp6qmdo0%2FeAWe"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79474fb30ecfdd2f-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdnbun.com/upload/ydyh-zhong.png
172.64.131.13200 OK 13 kB URL HTTP/2 cdnbun.com/upload/ydyh-zhong.png
IP 172.64.131.13:0
File type PNG image data, 267 x 67, 8-bit/color RGBA, non-interlaced\012- data
Hash 35dddf3e45cefd2dddccba3adc487f26
1d523eb66bca52e544d4738cce8668168538e580
5e3b47b03eed6e600d025d59f84dbd9cceeb09ad65ff1bf09ff8467c529ebbc4
GET /upload/ydyh-zhong.png HTTP/1.1
Host: cdnbun.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hakivz.cyou/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 23:50:55 GMT
content-type: image/png
content-length: 13026
x-guploader-uploadid: ADPycdt3gHUp6DnmQ9PzlBIKtUniWtBFDd9Cg3H5ZpwRY8LeF8ATL-ct7J-Gzrpwwfc-6lHDEzkrRw_CDuU5bGwYTAzraEx41iwz
expires: Sat, 04 Feb 2023 22:54:44 GMT
cache-control: public, max-age=14400
vary: X-Goog-Allowed-Resources, Accept-Encoding
last-modified: Tue, 31 Jan 2023 11:10:30 GMT
etag: "35dddf3e45cefd2dddccba3adc487f26"
x-goog-generation: 1675163430162593
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 13026
x-goog-hash: crc32c=jQx/Ig==, md5=Nd3fPkXO/S3dzLo63Eh/Jg==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 1333
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6XLj5UaTd3z7Fctyb4u4kzhgSywWBiazZMDY8i%2FUYnTstEp5irVi04hLzlF3ZjjfJXwhVXyVOrNZ%2FfSxKNFpr2XJPQYeChaTrNCkUeP%2FgOErdDKn%2FpZuJh5dskdb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79474fb31f6f23ac-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 57cf171deeb6af80ba729adda4586df9
0f2d3e544447814ca50059e85e0d25eff4c12f1e
5553331706126a136ca3ea472838e1175c712085cb7d49e9b0a5f4ef73623fee
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "5553331706126A136CA3EA472838E1175C712085CB7D49E9B0A5F4EF73623FEE"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14712
Expires: Sun, 05 Feb 2023 03:56:07 GMT
Date: Sat, 04 Feb 2023 23:50:55 GMT
Connection: keep-alive
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 57cf171deeb6af80ba729adda4586df9
0f2d3e544447814ca50059e85e0d25eff4c12f1e
5553331706126a136ca3ea472838e1175c712085cb7d49e9b0a5f4ef73623fee
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "5553331706126A136CA3EA472838E1175C712085CB7D49E9B0A5F4EF73623FEE"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14097
Expires: Sun, 05 Feb 2023 03:45:52 GMT
Date: Sat, 04 Feb 2023 23:50:55 GMT
Connection: keep-alive
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash adce3a081490452d571fd3951347918f
87371b471d8098055cfc08d49f4c6f4599668360
ea5bc3af900d247fa77cf4a63c03d1e16485b782fb3b8612afb908648622d16d
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "EA5BC3AF900D247FA77CF4A63C03D1E16485B782FB3B8612AFB908648622D16D"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3106
Expires: Sun, 05 Feb 2023 00:42:41 GMT
Date: Sat, 04 Feb 2023 23:50:55 GMT
Connection: keep-alive
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash adce3a081490452d571fd3951347918f
87371b471d8098055cfc08d49f4c6f4599668360
ea5bc3af900d247fa77cf4a63c03d1e16485b782fb3b8612afb908648622d16d
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "EA5BC3AF900D247FA77CF4A63C03D1E16485B782FB3B8612AFB908648622D16D"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3106
Expires: Sun, 05 Feb 2023 00:42:41 GMT
Date: Sat, 04 Feb 2023 23:50:55 GMT
Connection: keep-alive
cdnbun.com/upload/bravo.bix3.png
172.64.131.13200 OK 24 kB URL HTTP/2 cdnbun.com/upload/bravo.bix3.png
IP 172.64.131.13:0
File type PNG image data, 350 x 250, 8-bit/color RGBA, non-interlaced\012- data
Hash a25fb1783693650788ada830d37fac41
54a621822990687b7f58b2a261fd60f3d5da217d
d267651f3e37af637584e98c7a11e5d032aa1d1ef64f88e97c53024548405343
GET /upload/bravo.bix3.png HTTP/1.1
Host: cdnbun.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hakivz.cyou/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 23:50:55 GMT
content-type: image/png
content-length: 23695
x-guploader-uploadid: ADPycdsZVjNXQO3vjuIqgWgMfjuhNer2JSsOLKz62FwSiMiHnFN36V91NmsTrBOBIc56H-HIgIrYqO_sjTUjnx1_r_dAng
expires: Sat, 04 Feb 2023 23:04:03 GMT
cache-control: public, max-age=14400
last-modified: Mon, 05 Dec 2022 11:24:38 GMT
etag: "a25fb1783693650788ada830d37fac41"
x-goog-generation: 1670239478555275
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 23695
x-goog-hash: crc32c=qortIQ==, md5=ol+xeDaTZQeIragw03+sQQ==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 43
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B6EcJ6twwwVivsZ9gfSlnvvZfJVy4T54Q5PLymBtFvTeGHW%2BvMZwb3U0y0oQUNBoBbK1Ov12SA3TvxJfZ1a5tXUCDTg1ApfUWanYqG6osqfLiCGJUP08LrN%2B9Sok"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79474fb35fb123ac-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
hakivz.cyou/Wrdh53fn/CairoAmman-v2w/?_t=1675554692011
104.21.59.197200 OK 95 kB URL HTTP/2 hakivz.cyou/Wrdh53fn/CairoAmman-v2w/?_t=1675554692011
IP 104.21.59.197:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (454), with CRLF line terminators
Hash ec20ce876da159105c2d6c396cfaf8b0
5cdd17884df9a65a8cf4f3b059676464abaa571b
50ff89ed89813ee7506dc2063d69de496c308d148723a8c8e7d63eadb6d8094a
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /Wrdh53fn/CairoAmman-v2w/?_t=1675554692011 HTTP/1.1
Host: hakivz.cyou
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://lacewithhold.top/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 23:50:54 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: pType=mo; expires=Sun, 05-Feb-2023 00:02:54 GMT; Max-Age=720; path=/; domain=hakivz.cyou
CairoAmman-v2w-tthh1=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.hakivz.cyou
CairoAmman-v2w-tthh2=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.hakivz.cyou
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mCHZHF0tLiJqk0foN9rGgdmWs3s9AWUC5MamlAtUx7CnFMSuIeawQ6CaBExHjO4l3U%2F7Bxtpjw%2BrO54vdVIS4H1MJNEqs%2B7yg1%2Fk%2F8msRuPCJ3pNlQ2Wgpb9YimFxg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79474fae5b85b517-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
region1.google-analytics.com/g/collect?v=2&tid=G-LW7434MYMN>m=45je3210&_p=1744720138&cid=1399797458.1675554693&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675554693&sct=1&seg=0&dl=https%3A%2F%2Fhakivz.cyou%2FWrdh53fn%2FCairoAmman-v2w%2F%3F_t%3D1675554692011&dr=http%3A%2F%2Flacewithhold.top%2F&dt=&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
216.239.34.36204 No Content 437 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-LW7434MYMN>m=45je3210&_p=1744720138&cid=1399797458.1675554693&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675554693&sct=1&seg=0&dl=https%3A%2F%2Fhakivz.cyou%2FWrdh53fn%2FCairoAmman-v2w%2F%3F_t%3D1675554692011&dr=http%3A%2F%2Flacewithhold.top%2F&dt=&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
IP 216.239.34.36:0
Hash ccf6c537e0d5bbd86ab6f8bea85dd080
20d44a5e75552d5bcb0659b2f8c3a38f956f2109
7e154a6ae001ab94bb00aec5b004ebdb9431b6d29b0b2be253c16702589a4dde
POST /g/collect?v=2&tid=G-LW7434MYMN>m=45je3210&_p=1744720138&cid=1399797458.1675554693&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675554693&sct=1&seg=0&dl=https%3A%2F%2Fhakivz.cyou%2FWrdh53fn%2FCairoAmman-v2w%2F%3F_t%3D1675554692011&dr=http%3A%2F%2Flacewithhold.top%2F&dt=&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hakivz.cyou
Connection: keep-alive
Referer: https://hakivz.cyou/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://hakivz.cyou
date: Sat, 04 Feb 2023 23:50:55 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.globalsign.com/gsrsaovsslca2018
104.18.21.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP 104.18.21.226:0
Hash 651c8c20610bfc6c135b88049d71df4e
8523c7bb2d54eb15fb31a5eb2a450ec8e79e7d12
0abf94fa61c83a7c2476eb673f790fc1d05db6fc6ee745427738cba5b0226c36
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 23:50:55 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Wed, 08 Feb 2023 21:18:53 GMT
ETag: "8523c7bb2d54eb15fb31a5eb2a450ec8e79e7d12"
Last-Modified: Sat, 04 Feb 2023 21:18:54 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1989
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79474fb7dcc5b509-OSL
ocsp.globalsign.com/gsrsaovsslca2018
104.18.21.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP 104.18.21.226:0
Hash 651c8c20610bfc6c135b88049d71df4e
8523c7bb2d54eb15fb31a5eb2a450ec8e79e7d12
0abf94fa61c83a7c2476eb673f790fc1d05db6fc6ee745427738cba5b0226c36
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 23:50:55 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Wed, 08 Feb 2023 21:18:53 GMT
ETag: "8523c7bb2d54eb15fb31a5eb2a450ec8e79e7d12"
Last-Modified: Sat, 04 Feb 2023 21:18:54 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1989
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79474fb7dd4db518-OSL
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11588
Expires: Sun, 05 Feb 2023 03:04:04 GMT
Date: Sat, 04 Feb 2023 23:50:56 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11588
Expires: Sun, 05 Feb 2023 03:04:04 GMT
Date: Sat, 04 Feb 2023 23:50:56 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11588
Expires: Sun, 05 Feb 2023 03:04:04 GMT
Date: Sat, 04 Feb 2023 23:50:56 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11588
Expires: Sun, 05 Feb 2023 03:04:04 GMT
Date: Sat, 04 Feb 2023 23:50:56 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F685cff1e-52eb-4db3-b937-986385529f6d.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F685cff1e-52eb-4db3-b937-986385529f6d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a118e823631b0566a87aaa72123af893
286a0ef82fe504a7721b98a726bd6ef28198393d
57cd7640cfaa81f2dd7deddefccfbf024064d92ce5cadafae27bfa9e9136dbcf
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F685cff1e-52eb-4db3-b937-986385529f6d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10109
x-amzn-requestid: 5fc8bfc5-459e-476a-b74e-51de6fe31cea
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fjbUrHEiIAMFxSg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d7a5b7-739df0b602e9d9001495a8a7;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 11:10:47 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: oBpZZX_SomiK5SD6fU2Od07F1rdZwjk1Y6uPNIev9JUDs5lujnjwPA==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 03:40:53 GMT
age: 72603
etag: "286a0ef82fe504a7721b98a726bd6ef28198393d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F88b593b5-5093-4504-8ab7-492c62b14ca7.jpeg
34.120.237.76200 OK 5.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F88b593b5-5093-4504-8ab7-492c62b14ca7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c1f3df5bbad5048923e29c0767d703d3
48c408d37a7bd7f96653174359178eed46ddf298
c8bae041c3d64334964b2aa771a07bc2709ced4c497e1795f864d9416fed728f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F88b593b5-5093-4504-8ab7-492c62b14ca7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5801
x-amzn-requestid: 441284a8-923a-4b22-b39f-95dec713c292
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fjj9jHu_IAMFZ-w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d7b389-788174a773fcd695540cc95e;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 12:09:45 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: DgvqiQwdytO2caPNzg2OhGcv8ly9N_YeQTzpuf6iwAVt8AQZEXRLqw==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 21:44:03 GMT
age: 7613
etag: "48c408d37a7bd7f96653174359178eed46ddf298"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ad60ff0-69ec-4be2-9334-41be71ca4b7f.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ad60ff0-69ec-4be2-9334-41be71ca4b7f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1a4eed23b240d04a3cd6b085cfa93375
f29b9dc3f6bbd2ba76a5a4570ce044d5f240fd00
93e8371f80c12d3753842e36001dbb8d3dc2223b10a594639752cd816c492d4e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ad60ff0-69ec-4be2-9334-41be71ca4b7f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10905
x-amzn-requestid: 093778fc-231c-452f-a6fc-15f4eb41ade0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fmNJCEDzIAMFmxA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d8c239-7f56d6e56392f373541db219;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 07:24:41 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: WVfpilnwhnRXBhJkHBWjxxoP09f7SqlRk8CdWRWOubIIwe0CX89bUA==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 22:09:58 GMT
age: 6058
etag: "f29b9dc3f6bbd2ba76a5a4570ce044d5f240fd00"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F94063a59-0665-4d1d-89f4-785b4ab501d8.jpeg
34.120.237.76200 OK 6.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F94063a59-0665-4d1d-89f4-785b4ab501d8.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash bee08788da5b88dde69aeb1d4de005c9
537c7a19a9395a60452b6b0b3ae08d47f4705181
02365d88ae9ff3ace3f29509df0e436ab0838d44714ef0f25dea463d665f794a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F94063a59-0665-4d1d-89f4-785b4ab501d8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6486
x-amzn-requestid: 544d13b9-8d45-4029-88e0-280f27cc0fa3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fi4-SHN1IAMFSkw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d76ec1-3f1ee84f53fe45cc01439a28;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 07:16:17 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: TtyPO9j12ZpU3XdElRgCrqB4XNERrppavwJZJn5As8mqjjDLyZBmsw==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 21:43:26 GMT
age: 7650
etag: "537c7a19a9395a60452b6b0b3ae08d47f4705181"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4a38348b-ed70-4e2f-80ce-d13e44fefcfc.webp
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4a38348b-ed70-4e2f-80ce-d13e44fefcfc.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7b596a8e984911df703e15c72d25d513
a1fa1355f4de6f246d35bed9f128e13fc9dc4e72
aba708124199ec6b0ce86ac14c6c18d233ff405071a7f22522217c2fcb0aa9b7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4a38348b-ed70-4e2f-80ce-d13e44fefcfc.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13557
x-amzn-requestid: 981a0f31-e874-4392-a81d-12d667020700
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fH8-JGEsoAMFhZA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cca85a-7398031f2676734c65447e5b;Sampled=0
x-amzn-remapped-date: Sun, 22 Jan 2023 03:07:06 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: dDjAyq5pSck1A4V9vIFxwjPfUfo4B23FmPmq9AJwxGLqy6m99zEH-Q==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 22:09:58 GMT
age: 6058
etag: "a1fa1355f4de6f246d35bed9f128e13fc9dc4e72"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fed9dd21c-6496-4f6e-b306-570e4802aba4.jpeg
34.120.237.76200 OK 6.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fed9dd21c-6496-4f6e-b306-570e4802aba4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 251f1a5d671fb797fb98e9a71754c341
335425603d9eec146a3c03422dbca91134272e53
74932f07561287e33302aabcf9c639e9df7ae0fbc4bf71f5467310aabafea208
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fed9dd21c-6496-4f6e-b306-570e4802aba4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6202
x-amzn-requestid: 01b85fcd-69a0-49da-8640-32a3ef19378a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fi3bUFEJoAMFapg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d76c48-14817e717361e09170714e9d;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 07:05:44 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 1_1mEN4j5cciWEiimz4PRjx3PNGnrSRib9oEJAdYLrrtyjqnz_zvcQ==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 11:30:27 GMT
age: 44429
etag: "335425603d9eec146a3c03422dbca91134272e53"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
hm.baidu.com/hm.js?8b68846a3ac1709b0ec7199084ee5ea8
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?8b68846a3ac1709b0ec7199084ee5ea8
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (620)
Hash c7aa4bbbdd7b67d6eff10c0578a47c9e
22e0284747e1cac3662bfe9e77bf1caabab1f121
c362c8279b4d3c98d70c4760cd0a1230f58623d34ae7e4e78967a584da62bcb2
GET /hm.js?8b68846a3ac1709b0ec7199084ee5ea8 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hakivz.cyou/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11258
Content-Type: application/javascript
Date: Sat, 04 Feb 2023 23:50:56 GMT
Etag: ae51e39b36c2806bd12d893b37c974bc
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=F51428A7B5AAD594; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.js?9e84975b629767c58a8becc81600bb23
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?9e84975b629767c58a8becc81600bb23
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (669)
Hash e079d8632e565e331846505f7af6387e
5c23e2c86f2a96bed96db459235978fcffb23589
09e2b2baeefb5856984dae8b7cee7aeed65b121d98b0e5a61aa157ee26d1d364
GET /hm.js?9e84975b629767c58a8becc81600bb23 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hakivz.cyou/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11307
Content-Type: application/javascript
Date: Sat, 04 Feb 2023 23:50:56 GMT
Etag: 6098ee1c355084761fa455d29fc8bd62
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=B28BE907BE9FDF2B; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.js?ba99808308e7272d58c43367a11d1204
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?ba99808308e7272d58c43367a11d1204
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (629)
Hash 64aa851a9dfbf3885492987084545ee3
09deab9a428bb0ae82fea5e5633bc1f77767faaa
e9619604f69e178bafd50f5e6bccbb3f99280cc3249dad591bca1c8efe29ef8d
GET /hm.js?ba99808308e7272d58c43367a11d1204 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hakivz.cyou/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11267
Content-Type: application/javascript
Date: Sat, 04 Feb 2023 23:50:56 GMT
Etag: b238584fdda429c8d59016e7b6741979
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=791A97E363225E3B; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.js?70b45bd7e0d5c029facd3b7392328343
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?70b45bd7e0d5c029facd3b7392328343
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (628)
Hash 9c87f955da324b72ed33149f47e4f55b
38bee03673655423d7cf24813af8c0d102a461a0
a04025b9e3aa0b921f26a7b6d17681f5358c7883e75de1535da48519bab7313f
GET /hm.js?70b45bd7e0d5c029facd3b7392328343 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hakivz.cyou/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11266
Content-Type: application/javascript
Date: Sat, 04 Feb 2023 23:50:56 GMT
Etag: 40b52e003ee0b2728635b8dcae4f3e9d
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=052D3340C96C2AD9; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=518142675&si=8b68846a3ac1709b0ec7199084ee5ea8&su=http%3A%2F%2Flacewithhold.top%2F&v=1.3.0&lv=1&sn=21350&r=0&ww=1280&u=https%3A%2F%2Fhakivz.cyou%2FWrdh53fn%2FCairoAmman-v2w%2F%3F_t%3D1675554692011%231675554693285
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=518142675&si=8b68846a3ac1709b0ec7199084ee5ea8&su=http%3A%2F%2Flacewithhold.top%2F&v=1.3.0&lv=1&sn=21350&r=0&ww=1280&u=https%3A%2F%2Fhakivz.cyou%2FWrdh53fn%2FCairoAmman-v2w%2F%3F_t%3D1675554692011%231675554693285
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=518142675&si=8b68846a3ac1709b0ec7199084ee5ea8&su=http%3A%2F%2Flacewithhold.top%2F&v=1.3.0&lv=1&sn=21350&r=0&ww=1280&u=https%3A%2F%2Fhakivz.cyou%2FWrdh53fn%2FCairoAmman-v2w%2F%3F_t%3D1675554692011%231675554693285 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hakivz.cyou/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Sat, 04 Feb 2023 23:50:57 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=D4916D79EBAB77F4; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=875734353&si=9e84975b629767c58a8becc81600bb23&su=http%3A%2F%2Flacewithhold.top%2F&v=1.3.0&lv=1&sn=21350&r=0&ww=1280&u=https%3A%2F%2Fhakivz.cyou%2FWrdh53fn%2FCairoAmman-v2w%2F%3F_t%3D1675554692011%231675554693285
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=875734353&si=9e84975b629767c58a8becc81600bb23&su=http%3A%2F%2Flacewithhold.top%2F&v=1.3.0&lv=1&sn=21350&r=0&ww=1280&u=https%3A%2F%2Fhakivz.cyou%2FWrdh53fn%2FCairoAmman-v2w%2F%3F_t%3D1675554692011%231675554693285
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=875734353&si=9e84975b629767c58a8becc81600bb23&su=http%3A%2F%2Flacewithhold.top%2F&v=1.3.0&lv=1&sn=21350&r=0&ww=1280&u=https%3A%2F%2Fhakivz.cyou%2FWrdh53fn%2FCairoAmman-v2w%2F%3F_t%3D1675554692011%231675554693285 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hakivz.cyou/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Sat, 04 Feb 2023 23:50:57 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=37F092A31B9D9EDF; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=950680535&si=ba99808308e7272d58c43367a11d1204&su=http%3A%2F%2Flacewithhold.top%2F&v=1.3.0&lv=1&sn=21350&r=0&ww=1280&u=https%3A%2F%2Fhakivz.cyou%2FWrdh53fn%2FCairoAmman-v2w%2F%3F_t%3D1675554692011%231675554693285
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=950680535&si=ba99808308e7272d58c43367a11d1204&su=http%3A%2F%2Flacewithhold.top%2F&v=1.3.0&lv=1&sn=21350&r=0&ww=1280&u=https%3A%2F%2Fhakivz.cyou%2FWrdh53fn%2FCairoAmman-v2w%2F%3F_t%3D1675554692011%231675554693285
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=950680535&si=ba99808308e7272d58c43367a11d1204&su=http%3A%2F%2Flacewithhold.top%2F&v=1.3.0&lv=1&sn=21350&r=0&ww=1280&u=https%3A%2F%2Fhakivz.cyou%2FWrdh53fn%2FCairoAmman-v2w%2F%3F_t%3D1675554692011%231675554693285 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hakivz.cyou/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Sat, 04 Feb 2023 23:50:57 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=4E476707812BEE52; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=908133562&si=70b45bd7e0d5c029facd3b7392328343&su=http%3A%2F%2Flacewithhold.top%2F&v=1.3.0&lv=1&sn=21350&r=0&ww=1280&u=https%3A%2F%2Fhakivz.cyou%2FWrdh53fn%2FCairoAmman-v2w%2F%3F_t%3D1675554692011%231675554693285
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=908133562&si=70b45bd7e0d5c029facd3b7392328343&su=http%3A%2F%2Flacewithhold.top%2F&v=1.3.0&lv=1&sn=21350&r=0&ww=1280&u=https%3A%2F%2Fhakivz.cyou%2FWrdh53fn%2FCairoAmman-v2w%2F%3F_t%3D1675554692011%231675554693285
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=908133562&si=70b45bd7e0d5c029facd3b7392328343&su=http%3A%2F%2Flacewithhold.top%2F&v=1.3.0&lv=1&sn=21350&r=0&ww=1280&u=https%3A%2F%2Fhakivz.cyou%2FWrdh53fn%2FCairoAmman-v2w%2F%3F_t%3D1675554692011%231675554693285 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hakivz.cyou/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Sat, 04 Feb 2023 23:50:57 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=E789FF63C36D279F; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 4fefb52adf570fc6e07d3b77378e0e91
3edceb06c7ddfbacef139fa01b54ac9fe35756a9
2a9ec2e44a623ab7b168d60fa9847136c8c195a74f90e29a241cd7b0ea92d3cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A9EC2E44A623AB7B168D60FA9847136C8C195A74F90E29A241CD7B0EA92D3CB"
Last-Modified: Sat, 04 Feb 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6010
Expires: Sun, 05 Feb 2023 01:31:08 GMT
Date: Sat, 04 Feb 2023 23:50:58 GMT
Connection: keep-alive
bonepa.com/4fe48aebd6/4f59451604/?placementName=Banner&is_first=true&randomA=0_7397&maxw=0
185.66.201.42200 OK 9.9 kB URL HTTP/2 bonepa.com/4fe48aebd6/4f59451604/?placementName=Banner&is_first=true&randomA=0_7397&maxw=0
IP 185.66.201.42:0
ASN #201702 skHosting.eu s.r.o.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (14072)
Hash 90f0d022be12f1da07e526776509739a
b0a929cad072f05f51f6c00bbbfa45c262f0e1b6
bbedccd27d754f5cae99fd0f58b6ac1a1570fa291896581bea455b2349a418f0
GET /4fe48aebd6/4f59451604/?placementName=Banner&is_first=true&randomA=0_7397&maxw=0 HTTP/1.1
Host: bonepa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hakivz.cyou/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 23:50:57 GMT
content-type: text/html; charset=UTF-8
set-cookie: shown1=0; expires=Sun, 05-Feb-2023 23:50:57 GMT; Max-Age=86400; secure; SameSite=None
used_ad2823101=1; expires=Sun, 05-Feb-2023 04:59:59 GMT; Max-Age=18542; path=/; secure; SameSite=None
total_impressions=1; expires=Sun, 05-Feb-2023 04:59:59 GMT; Max-Age=18542; secure; SameSite=None
expires: Sun, 01 Jan 2014 00:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
x-robots-tag: noindex,nofollow
access-control-allow-origin: *
content-encoding: br
X-Firefox-Spdy: h2
cdn.jsdelivr.cc/npm/popper.js@1.16.1/dist/umd/popper.min.js
104.21.2.47200 OK 0 B URL HTTP/2 cdn.jsdelivr.cc/npm/popper.js@1.16.1/dist/umd/popper.min.js
IP 104.21.2.47:0
GET /npm/popper.js@1.16.1/dist/umd/popper.min.js HTTP/1.1
Host: cdn.jsdelivr.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hakivz.cyou/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 23:50:54 GMT
content-type: text/javascript
x-guploader-uploadid: ADPycdt8iAiFUD-J6NleyhXb8_vV8-wAPh_5tba_l2ugugXdkSJbrWiN1EsoSHZyahG4iSEJB_zV100HdRQRWXjd72Q
expires: Sat, 04 Feb 2023 22:50:25 GMT
cache-control: public, max-age=3600
last-modified: Thu, 17 Mar 2022 07:44:44 GMT
etag: W/"31c898c6d2ea13c30441657ff1900d81"
x-goog-generation: 1647503084523089
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 21236
x-goog-hash: crc32c=7cW0Gg==, md5=MciYxtLqE8MEQWV/8ZANgQ==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 980
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qbUO5SkSAv2ixz6KPj3GEkTak3MAwPMD0sVSvddx5%2FR%2BEItZJvnBDKdKGYI03CdrA8Nf8if4uIExiYJBh2Iaglm4JrK456sqfl9x%2BP71Q4oJK2%2B%2FJTgNSZYwyoWCvI%2B3LMU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79474fb1283ab50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bonepa.com/js/responsive.js
185.66.201.42200 OK 0 B URL HTTP/2 bonepa.com/js/responsive.js
IP 185.66.201.42:0
ASN #201702 skHosting.eu s.r.o.
Analyzer Verdict Alert fortinet Phishing
GET /js/responsive.js HTTP/1.1
Host: bonepa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hakivz.cyou/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 23:50:55 GMT
content-type: application/javascript
last-modified: Wed, 02 Nov 2022 13:52:39 GMT
etag: W/"63627627-e32"
content-encoding: br
X-Firefox-Spdy: h2
uprimp.com/bnr_xload.php?section=General&pub=593174&format=300x50&ga=g&xt=167555465457757&xtt=7565659
185.66.200.220200 OK 0 B URL HTTP/2 uprimp.com/bnr_xload.php?section=General&pub=593174&format=300x50&ga=g&xt=167555465457757&xtt=7565659
IP 185.66.200.220:0
ASN #201702 skHosting.eu s.r.o.
GET /bnr_xload.php?section=General&pub=593174&format=300x50&ga=g&xt=167555465457757&xtt=7565659 HTTP/1.1
Host: uprimp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hakivz.cyou/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 23:50:55 GMT
content-type: text/html; charset=UTF-8
expires: Sat, 04 Feb 2023 23:50:55 GMT
last-modified: Sat, 04 Feb 2023 23:50:55 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
x-robots-tag: noindex, nofollow, noarchive, nosnippet
X-Firefox-Spdy: h2
cdn.jsdelivr.cc/npm/lazyload@2.0.0-rc.2/lazyload.min.js
104.21.2.47200 OK 0 B URL HTTP/2 cdn.jsdelivr.cc/npm/lazyload@2.0.0-rc.2/lazyload.min.js
IP 104.21.2.47:0
GET /npm/lazyload@2.0.0-rc.2/lazyload.min.js HTTP/1.1
Host: cdn.jsdelivr.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hakivz.cyou/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 23:50:54 GMT
content-type: text/javascript
x-guploader-uploadid: ADPycdsQwI6S5jC2ZwwNbaEnMvjelWJ3GXYdnwkp6yGGRsWcMv2CGKN45430-s2v57JOsXldQJq3rMwQOTmm_DkHtW4
x-goog-generation: 1647502963816044
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 4798
x-goog-hash: crc32c=lted8w==, md5=3G3pgTxxS6mXM8pPtdOh+g==
x-goog-storage-class: STANDARD
expires: Sat, 04 Feb 2023 21:07:11 GMT
cache-control: public, max-age=3600
last-modified: Thu, 17 Mar 2022 07:42:43 GMT
etag: W/"dc6de9813c714ba99733ca4fb5d3a1fa"
cf-cache-status: HIT
age: 980
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s3HpS51558Y7cIUYFFDoQa4KFexXrEBQRdwsulXlBdnhxdivpGh2x4N87BdNOKml8p0atfE9w8nE7BiMimn8fed%2FGCDr1UY%2FjahZRmV9r%2FVKsTRGtgTByqDoahZfU3njxxQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79474fb1283eb50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.jsdelivr.cc/npm/sweetalert2@10.16.0/dist/sweetalert2.all.min.js
104.21.2.47200 OK 0 B URL HTTP/2 cdn.jsdelivr.cc/npm/sweetalert2@10.16.0/dist/sweetalert2.all.min.js
IP 104.21.2.47:0
GET /npm/sweetalert2@10.16.0/dist/sweetalert2.all.min.js HTTP/1.1
Host: cdn.jsdelivr.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hakivz.cyou/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 23:50:54 GMT
content-type: text/javascript
x-guploader-uploadid: ADPycds_5oPtcr3KFpC_u7Lnvdlqz8VeCGxAgHcXFP3zMljDMh6Q0ifyAwrLV7e0dbEbUBwQbF9kY0g0GrHWdqicRh8
expires: Sun, 05 Feb 2023 00:23:26 GMT
cache-control: public, max-age=3600
last-modified: Thu, 17 Mar 2022 07:40:39 GMT
etag: W/"80924b62e5b3ac73aa4849776b439770"
x-goog-generation: 1647502839791727
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 72765
x-goog-hash: crc32c=8ZRUYw==, md5=gJJLYuWzrHOqSEl3a0OXcA==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 980
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rIWLHtjMSDIhfXQaK%2BG4RgypssOSPJHSkU1FhJkA1y75MdNWPANVLXpuAZmlDdBP1cxdRQixNcnupgxSIce45gyLhJmfYFawIgovS8fC1qi%2FZsR2aWMKJg3wdjKI42tTOVU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79474fb1282cb50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
uprimp.com/bnr.php?section=General&pub=593174&format=300x50&ga=g
185.66.200.220200 OK 0 B URL HTTP/2 uprimp.com/bnr.php?section=General&pub=593174&format=300x50&ga=g
IP 185.66.200.220:0
ASN #201702 skHosting.eu s.r.o.
GET /bnr.php?section=General&pub=593174&format=300x50&ga=g HTTP/1.1
Host: uprimp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hakivz.cyou/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 23:50:54 GMT
content-type: application/javascript
expires: Sat, 04 Feb 2023 23:50:54 GMT
last-modified: Sat, 04 Feb 2023 23:50:54 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
x-robots-tag: noindex, nofollow, noarchive, nosnippet
X-Firefox-Spdy: h2
cdn.jsdelivr.cc/npm/jquery@3.6.0/dist/jquery.min.js
104.21.2.47200 OK 0 B URL HTTP/2 cdn.jsdelivr.cc/npm/jquery@3.6.0/dist/jquery.min.js
IP 104.21.2.47:0
GET /npm/jquery@3.6.0/dist/jquery.min.js HTTP/1.1
Host: cdn.jsdelivr.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hakivz.cyou/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 23:50:54 GMT
content-type: text/javascript
x-guploader-uploadid: ADPycdujKqP4OmsICcw4by2ej4M3gF2bmp67KcND5Yd7ZkChGu92L3U7j930k4J7s5KmD98KzStiLKDZt_7_8jjTVv4
expires: Sat, 04 Feb 2023 23:15:42 GMT
cache-control: public, max-age=3600
last-modified: Thu, 17 Mar 2022 07:30:17 GMT
etag: W/"3e4bb227fb55271bfe9c9d4a09147bd8"
x-goog-generation: 1647502217775195
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 89501
x-goog-hash: crc32c=JnXAUA==, md5=PkuyJ/tVJxv+nJ1KCRR72A==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 980
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F1h5q63259f01s2IytkZ0YtnAF67UWtOACwsxCraAeZBVP2JuZ0d6raPJlCyNkrWNmbD0jm7xbKYvB9q3exKwfAzsEVufcGNPwsFhVVGmVIu0Tub2kTP0kIBNUyr79rK208%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79474fb12826b50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.jsdelivr.cc/npm/bootstrap@4.6.0/dist/css/bootstrap.min.css
104.21.2.47200 OK 0 B URL HTTP/2 cdn.jsdelivr.cc/npm/bootstrap@4.6.0/dist/css/bootstrap.min.css
IP 104.21.2.47:0
GET /npm/bootstrap@4.6.0/dist/css/bootstrap.min.css HTTP/1.1
Host: cdn.jsdelivr.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hakivz.cyou/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 23:50:54 GMT
content-type: text/css
x-guploader-uploadid: ADPycduCHwg6n53VPzNb_-57qJzhoPJbEBdMgpsWgTX19t4NIh3Tdte6MCXenDGQTAuiJrpSRG3G9WDZErClLNvZVXhXccOSWw
expires: Sat, 04 Feb 2023 23:23:17 GMT
cache-control: public, max-age=3600
last-modified: Thu, 17 Mar 2022 07:38:12 GMT
etag: W/"feba0d0760607b9e21393156949afcd9"
x-goog-generation: 1647502692716912
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 161415
x-goog-hash: crc32c=Sb/HMQ==, md5=/roNB2Bge54hOTFWlJr82Q==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 980
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4ncBlJoVsUpId11t3BV7ojRXpbEFhbJTG4dOCTo6YzK9l27VY77nNJRwrfHTV21e8Fk7Vdv5Ufot9h6skuo%2FxXpwLojXt%2FBrQwMvYVjnf9VV40bIcr7h7PSqF2CmCmq8E8s%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79474fb12825b50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2