| za.gl/aQ532Y |  104.26.4.66 | 301 Moved Permanently | 0 B |
IP104.26.4.66:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /aQ532Y HTTP/1.1
Host: za.gl
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Fri, 02 Dec 2022 20:33:00 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Fri, 02 Dec 2022 21:33:00 GMT
Location: https://za.gl/aQ532Y
Server-Timing: cf-q-config;dur=6.9999996412662e-06
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Crmx18Fgg0YNlyIQPyZ1K%2BNjLn7v0pz56E5nQYSk7T6xi9vZxG8XsNP1Va%2BooYCamB7pMARFeByNbdV7bKR7c%2BkJTfPEirUtjykxRjaN5G%2BQVJShbfoq"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7736d5c8bfbb1c12-OSL
alt-svc: h2=":443"; ma=60
|
|
| r3.o.lencr.org/ |  23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash3bbb845b153026fc5332dd4506585b57 3cad200fac28fd00f34ce6ef79373e661e188743 6035871c0de6ff2d120921461207cfa32bc286e1fe78849ce74815ffbb9ff950
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6035871C0DE6FF2D120921461207CFA32BC286E1FE78849CE74815FFBB9FF950"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14765
Expires: Sat, 03 Dec 2022 00:39:05 GMT
Date: Fri, 02 Dec 2022 20:33:00 GMT
Connection: keep-alive
|
|
| ocsp.digicert.com/ |  93.184.220.29 | 200 OK | 471 B |
IP93.184.220.29:0
Hash7439fb99a444b66db1e68ffbfaa38451 4b7742d7956485906f1c392c478515ff89a46184 636327ce88f733e5a1d39af212f97242717a39ce20edaef330fafea238e3a309
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 77
Cache-Control: max-age=136772
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 20:33:00 GMT
Etag: "6389d3f3-1d7"
Expires: Sun, 04 Dec 2022 10:32:32 GMT
Last-Modified: Fri, 02 Dec 2022 10:31:15 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471
|
|
| firefox.settings.services.mozilla.com/v1/ | 34.102.187.140 | 200 OK | 939 B |
URL HTTP/2firefox.settings.services.mozilla.com/v1/ IP34.102.187.140:0
File typeJSON data\012- , ASCII text, with very long lines (939), with no line terminators Hash14cd9a0afb6ba9a763651d5112760d1e 75d7b104ab9ab11fbb73c3f348b43b0119b5adfa 4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 02 Dec 2022 20:19:57 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 783
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash55b4c61a1e99001307750e3647fe1102 7559f9f6770b7d3f45b723167062096312641e08 39f6bb64420bcfc8f0b010168fd35b67732984cd0698409f04d5ae40410422aa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39F6BB64420BCFC8F0B010168FD35B67732984CD0698409F04D5AE40410422AA"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12389
Expires: Fri, 02 Dec 2022 23:59:29 GMT
Date: Fri, 02 Dec 2022 20:33:00 GMT
Connection: keep-alive
|
|
| content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain | 34.160.144.191 | 200 OK | 5.3 kB |
URL HTTP/2content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain IP34.160.144.191:0
File typePEM certificate\012- , ASCII text Hash9ebddc2b260d081ebbefee47c037cb28 492bad62a7ca6a74738921ef5ae6f0be5edebf39 74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 24gwbHJqLxPsZU2AYL6YTVZjyg43gIT1VTJUekS+19eE71DVHcqWbuWe1L9ZJQNWNftE81nGypk=
x-amz-request-id: GBQF7J819V1CFX01
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 02 Dec 2022 19:46:14 GMT
age: 2806
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| contile.services.mozilla.com/v1/tiles | 34.117.237.239 | 200 OK | 12 B |
URL HTTP/2contile.services.mozilla.com/v1/tiles IP34.117.237.239:0
File typeJSON data\012- , ASCII text, with no line terminators Hash23e88fb7b99543fb33315b29b1fad9d6 a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 20:33:00 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.2/rollups/aes.js |  104.17.24.14 | 200 OK | 4.3 kB |
URL HTTP/2cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.2/rollups/aes.js IP104.17.24.14:0
File typeASCII text, with very long lines (548) Hash4dc1890d39b14772f9579894d823296e ae5c8609bcf332695e4669f817c91a20a81e3208 e8280ea3c6c000fb1d319cc116e7ebe934818e2091fcf87dd6cc450b62d00b48
GET /ajax/libs/crypto-js/3.1.2/rollups/aes.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://za.gl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 20:33:00 GMT
content-type: application/javascript; charset=utf-8
content-length: 4256
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e2d-3430"
last-modified: Mon, 04 May 2020 16:09:17 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 98636
expires: Wed, 22 Nov 2023 20:33:00 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hkgEU%2FY3Nbl%2B0cw77ixgAnMUBOSMI4L%2FnJmPXMgR4M7WmndIhhUad3pZMxGzD5%2B%2B0Vl63D2BjBdciA1J36GfVigKRE65zID0PpBGjEwgQZoD0qoLYabQpK842omgX6%2Fe1VeZBJ3U"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7736d5cd1880b503-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.6.0/slick.js | 104.17.24.14 | 200 OK | 12 kB |
URL HTTP/2cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.6.0/slick.js IP104.17.24.14:0
Hashfab824518fd82853ed2698f39d8ec43e df19bf45131085a88eb2cd4c07e2bda44cef0e98 d55908906f498a577e0f9cc6ffeac157765acb67643c23d22c0d51b352e208c4
GET /ajax/libs/slick-carousel/1.6.0/slick.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://za.gl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 20:33:00 GMT
content-type: application/javascript; charset=utf-8
content-length: 12032
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03fd5-14929"
last-modified: Mon, 04 May 2020 16:16:21 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 5634296
expires: Wed, 22 Nov 2023 20:33:00 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TY5U7MbAa%2BxOyFZuVneoBN7lG0tFZx5UP0YnUtVIoCgklN%2BtNYHWNCJkDhRSkC%2Fqq3s%2BbwlX%2Bmb6I0W40KERKWFuf50AAKgiSMVEeuWDQSxIMGip0AGGg1dkeXF2ORTZQvo7Ta26"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7736d5cd1882b503-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| ocsp.digicert.com/ | 93.184.220.29 | 200 OK | 279 B |
IP93.184.220.29:0
Hashce9bb4656de0fb3edc54136d631bf5e1 95680f8722fba6e609b77df13566cf572de0183d 9a770b0fe4765e62e69c85565ccd057952fb54d078fb9ddb7732d2199f241bb6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6492
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 20:33:01 GMT
Etag: "63899e60-117"
Last-Modified: Fri, 02 Dec 2022 18:44:50 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 279
|
|
| ocsp.pki.goog/gts1c3 | 216.58.211.3 | 200 OK | 472 B |
IP216.58.211.3:0
Hash8cd876589951719c94a6d49d1494bdbd 01600c8bb95fac543696e509b3e452b90d844572 e03942321526a2303220b1abd51f82f1d4cf80e0dd22a2582cf809b8bd729521
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 20:33:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| polyfill.io/v3/polyfill.js?features=Intl%2Cfetch | 151.101.129.26 | 200 OK | 142 B |
URL HTTP/2polyfill.io/v3/polyfill.js?features=Intl%2Cfetch IP151.101.129.26:0
Hash0029422a03c75d739c3591816bdefde0 bf4af2e7c626fa715e179d4a726c6afb30e29e90 290c315adf54b46aa291ed06a69cd4d9111c08a83b265fbd57897cef29f003f0
GET /v3/polyfill.js?features=Intl%2Cfetch HTTP/1.1
Host: polyfill.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://za.gl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-allow-methods: GET,HEAD,OPTIONS
cache-control: public, s-maxage=31536000, max-age=604800, stale-while-revalidate=604800, stale-if-error=604800
content-type: text/javascript; charset=utf-8
last-modified: Sat, 19 Nov 2022 11:32:20 GMT
content-encoding: br
age: 0
accept-ranges: bytes
useragent_normaliser: firefox/105.0.0
date: Fri, 02 Dec 2022 20:33:01 GMT
vary: User-Agent, Accept-Encoding
server-timing: cache-bma1681, PASS, fastly;desc="Edge time";dur=15
content-length: 142
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/gts1c3 | 216.58.211.3 | 200 OK | 472 B |
IP216.58.211.3:0
Hash315873c315af2be891e63f8b421bae65 5277bb0c4fea2b036c6faf28d66395c96166ffd2 3f6657d352a42f8257409f2ed365a3fb928ac3eb74a34a2c74a433290182cc92
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 20:33:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| ocsp.pki.goog/gts1c3 | 216.58.211.3 | 200 OK | 472 B |
IP216.58.211.3:0
Hash8cd876589951719c94a6d49d1494bdbd 01600c8bb95fac543696e509b3e452b90d844572 e03942321526a2303220b1abd51f82f1d4cf80e0dd22a2582cf809b8bd729521
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 20:33:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| ocsp.pki.goog/gts1c3 | 216.58.211.3 | 200 OK | 472 B |
IP216.58.211.3:0
Hash05917f7542a781275c12d43562be1507 1ea730e7e2b5a84fb0341ef9a64b141a4dd469b3 2f24492a077b583bd9dfe049c16c60b219d950712879f187ff2160214df9bd0e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 20:33:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| ocsp.pki.goog/gts1c3 | 216.58.211.3 | 200 OK | 472 B |
IP216.58.211.3:0
Hash05917f7542a781275c12d43562be1507 1ea730e7e2b5a84fb0341ef9a64b141a4dd469b3 2f24492a077b583bd9dfe049c16c60b219d950712879f187ff2160214df9bd0e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 20:33:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 4.6 kB |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash0bb48b81a70c1b89aadb966b595bd214 cebf5ffb64b6335d9c87f285913b1dd0ec7ed9bb 8ef375964acf1c57c69343c470db49d444236772b0acdb4042fb2bf16850b3ce
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "90049EE572E158146C750D8BD2F846262C81FB6360CA3C9142B0B918C7376BF5"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16764
Expires: Sat, 03 Dec 2022 01:12:25 GMT
Date: Fri, 02 Dec 2022 20:33:01 GMT
Connection: keep-alive
|
|
| ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js | 142.250.74.106 | 200 OK | 30 kB |
URL HTTP/2ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js IP142.250.74.106:0
File typeASCII text, with very long lines (32058) Hashfc3fc31e5e7c0933dc18e562c1c071bf a44c31323f6bd29e583cc585036e6eb39f7014a6 ddad766fb94b23efeb5574cdedc5e8446d496fb91bd0b08cd80be212e001055d
GET /ajax/libs/jquery/3.2.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://za.gl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30306
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 18:54:48 GMT
expires: Thu, 30 Nov 2023 18:54:48 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 178693
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
|
|
| www.google.com/recaptcha/api.js?onload=onloadRecaptchaCallback&render=explicit | 142.250.74.132 | 200 OK | 580 B |
URL HTTP/2www.google.com/recaptcha/api.js?onload=onloadRecaptchaCallback&render=explicit IP142.250.74.132:0
File typeASCII text, with very long lines (918), with no line terminators Hashdbf518f97165d213611f9e6f762bf876 a8529116d76204a0420a8c244723466310787f79 bc0692ecebd5884ea21d4bd3cd0ef1aa05f8a8439ea5f8ea7ebfe8110b603082
GET /recaptcha/api.js?onload=onloadRecaptchaCallback&render=explicit HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://za.gl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Fri, 02 Dec 2022 20:33:01 GMT
date: Fri, 02 Dec 2022 20:33:01 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 580
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtag/js?id=UA-120643151-1 | 142.250.74.168 | 200 OK | 44 kB |
URL HTTP/2www.googletagmanager.com/gtag/js?id=UA-120643151-1 IP142.250.74.168:0
File typeASCII text, with very long lines (1921) Hasha1cc529c6878faa8a74c3c0f919daeab 0d9deaa123ff8a5a6a61d7257e20453add635c35 8e45bcdd9ac4777abeee9a42e1becc161935c3af4ae9501c81146396964df578
GET /gtag/js?id=UA-120643151-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://za.gl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 02 Dec 2022 20:33:01 GMT
expires: Fri, 02 Dec 2022 20:33:01 GMT
cache-control: private, max-age=900
last-modified: Fri, 02 Dec 2022 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43574
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtag/js?id=G-6QVVMFTPT3 | 142.250.74.168 | 200 OK | 76 kB |
URL HTTP/2www.googletagmanager.com/gtag/js?id=G-6QVVMFTPT3 IP142.250.74.168:0
File typeASCII text, with very long lines (20080) Hash9a23841ae51f4abe9ae035d08cef9cd5 161cff027677e230ac0b1483164ad6206aa7b7a5 5231ec3e76372745874a05e2a6956c6464a0e41112cf06ae5cc73a2f83a30f78
GET /gtag/js?id=G-6QVVMFTPT3 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://za.gl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 02 Dec 2022 20:33:01 GMT
expires: Fri, 02 Dec 2022 20:33:01 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 76257
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
|
|
| opticlygremio.com/1clkn/14927 |  23.109.248.169 | 200 OK | 26 B |
URL HTTP/1.1opticlygremio.com/1clkn/14927 IP23.109.248.169:0
File typeASCII text, with no line terminators Hash414a242a6fee8464282857e475d3ef61 f669890350347f53aa9bd19c1a355692e8d17d2f d4914e81dd0b4c1d8ee8e789f6b369d107b93ac886f862930e1a98580e79aafa
| Analyzer | Verdict | Alert |
|---|
| quad9 | Sinkholed | |
GET /1clkn/14927 HTTP/1.1
Host: opticlygremio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://za.gl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 02 Dec 2022 20:33:01 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Set-Cookie: GL_UI4=eJw9jd1OhDAYRIHy42aFOAkPsI9QVBAvvfEVvCSl%2FcC60G5KXfTtbUz07mTmTCaKoqSuEF9zBvYpWpzU1HSS9428bx9417WPgtM09s9j%2F9Q1gvc46G3wYlzIp7idyZDTcpBWUYm7UP0lZ2N3kyIbnTCqRLYGYylRjM7uG7maITViJRSv2tFkv4IhPqwDa3gbWJvAMUdit5pVBxRv2qiwrI5IGl6VeYTjZRF%2Bsm4dtMpjZLMTihC%2F4EYKT7N13ygUbWdvL4Bd1PDv%2Fx6zveHIFV21JGTWv5P7AaoaStk%3D; expires=Sat, 03-Dec-2022 20:33:01 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJxNjM0KgkAYRW0qSwrjQg%2FQC2T%2Fi7bVMnThAwxmXzFg84kz%2FdjTpwbR5nI4cK7jOGLsQ6gcw%2B0i2M6D9TJYbNZoX4khwgjDlO%2FaFqXUyY3ghlw8kxJuQVfFGmK%2BwuDLMuUzoRtG0z%2FXRIPIZDzZ1z8lOqmqt1bwav52vaprXFuZHP4uU69JzNndVi8GniYrTU50hrdPThnNDvER%2Fs82H24LfWVkXvCrrHhk1Y3erEny5WLIVqr1cMUHDLFHVQ%3D%3D; expires=Sat, 03-Dec-2022 20:33:01 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
|
|
| ocsp.pki.goog/gts1c3 | 216.58.211.3 | 200 OK | 472 B |
IP216.58.211.3:0
Hash05917f7542a781275c12d43562be1507 1ea730e7e2b5a84fb0341ef9a64b141a4dd469b3 2f24492a077b583bd9dfe049c16c60b219d950712879f187ff2160214df9bd0e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 20:33:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| ocsp.pki.goog/gts1c3 | 216.58.211.3 | 200 OK | 10 kB |
IP216.58.211.3:0
Hash253302d12ea6f6c407f25dee2dd41534 239aa837c4bfd840f39f515a95f3dd09b18bb68a 539746a6e1fec97dc174fad9fd9f569caeaa8b9d260a6601f02b3e21e45e8456
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 20:33:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| ocsp.pki.goog/gts1c3 | 216.58.211.3 | 200 OK | 472 B |
IP216.58.211.3:0
Hash05917f7542a781275c12d43562be1507 1ea730e7e2b5a84fb0341ef9a64b141a4dd469b3 2f24492a077b583bd9dfe049c16c60b219d950712879f187ff2160214df9bd0e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 20:33:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| ocsp.pki.goog/gts1c3 | 216.58.211.3 | 200 OK | 743 B |
IP216.58.211.3:0
Hashd484f8f60f48d20767b6195a82171d23 083be5f035e7ec369a908458e3e3722d7307ff8f b4be98132a3161ba793ff3dc4f595da7fddc329045e0f3301e2a2b633ced0bb1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 20:33:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US | 34.102.187.140 | 200 OK | 329 B |
URL HTTP/2firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US IP34.102.187.140:0
File typeJSON data\012- , ASCII text, with very long lines (329), with no line terminators Hash0333b0655111aa68de771adfcc4db243 63f295a144ac87a7c8e23417626724eeca68a7eb 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Pragma, Last-Modified, ETag, Alert, Expires, Retry-After, Cache-Control, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 02 Dec 2022 20:08:57 GMT
cache-control: public,max-age=3600
age: 1444
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/gts1c3 | 216.58.211.3 | 200 OK | 472 B |
IP216.58.211.3:0
Hash27002fde234e78c7bde340bc621e933f 1bdbe4f1861601b9300101a1e6b3c143ce077e03 48d453fd9ded729e4775519885c13140e44421fe5a8c07fc464c9a354a04ef8f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 20:33:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| fonts.googleapis.com/css2?family=DM+Sans:wght@400;700&display=swap | 142.250.74.106 | 200 OK | 857 B |
URL HTTP/2fonts.googleapis.com/css2?family=DM+Sans:wght@400;700&display=swap IP142.250.74.106:0
Hashb594ae5a7ff1d5e6471c6bf988aa140f dd1bd2cb34dbb629f59358815728adbb59076f50 8b07a9b3d2b66f2481639cdc12528f5d5e06b728608c6e4c161277626756e965
GET /css2?family=DM+Sans:wght@400;700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://za.gl/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 02 Dec 2022 20:33:01 GMT
date: Fri, 02 Dec 2022 20:33:01 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/dmsans/v11/rP2Hp2ywxg089UriCZOIHQ.woff2 | 142.250.74.35 | 200 OK | 18 kB |
URL HTTP/2fonts.gstatic.com/s/dmsans/v11/rP2Hp2ywxg089UriCZOIHQ.woff2 IP142.250.74.35:0
File typeWeb Open Font Format (Version 2), TrueType, length 18096, version 1.0\012- data Hashf29503a1895affee5ed85d0246238af8 f474c6e8a3e4e28fb68cf7fb29bd448cdfeb0278 7164a212fb4df27bf1e006342d1686badcba58f5a5d301772c14cc7adf1d4821
GET /s/dmsans/v11/rP2Hp2ywxg089UriCZOIHQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://za.gl
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 18096
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 01 Dec 2022 22:11:26 GMT
expires: Fri, 01 Dec 2023 22:11:26 GMT
cache-control: public, max-age=31536000
age: 80495
last-modified: Thu, 21 Apr 2022 16:54:12 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/dmsans/v11/rP2Cp2ywxg089UriASitCBimCw.woff2 | 142.250.74.35 | 200 OK | 18 kB |
URL HTTP/2fonts.gstatic.com/s/dmsans/v11/rP2Cp2ywxg089UriASitCBimCw.woff2 IP142.250.74.35:0
File typeWeb Open Font Format (Version 2), TrueType, length 18212, version 1.0\012- data Hashca72fb4e277e59be50b8850190822581 159b97b22006fe2a483da0a13d33cfb3cc5aa031 f3c0fa2cd71bb91d0e3acf5d77b93c49a184e9ad941532ca8c07c82eb0bd6a6c
GET /s/dmsans/v11/rP2Cp2ywxg089UriASitCBimCw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://za.gl
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 18212
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 01 Dec 2022 22:11:50 GMT
expires: Fri, 01 Dec 2023 22:11:50 GMT
cache-control: public, max-age=31536000
age: 80471
last-modified: Thu, 21 Apr 2022 16:54:14 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
|
|
| openfpcdn.io/fingerprintjs/v3 | 54.230.111.116 | 200 OK | 90 kB |
URL HTTP/2openfpcdn.io/fingerprintjs/v3 IP54.230.111.116:0
File typeUnicode text, UTF-8 text, with very long lines (33018) Hashb7766e94090a85021721236e27541bef 303c1f42d420441a2cca9d96e870803ff0af3398 80437867be62628c5ef5af932bc84d6b3a0fc9aa2c113091af3a1dc5a04f8c63
GET /fingerprintjs/v3 HTTP/1.1
Host: openfpcdn.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://za.gl
Connection: keep-alive
Referer: https://za.gl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
server: CloudFront
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
content-encoding: br
date: Fri, 02 Dec 2022 18:35:04 GMT
cache-control: public, max-age=595608, s-maxage=11209
etag: W/"iGPd/qM5rvpVhWvx3vVSNedX/OA"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 8ac66e1d6983a0f44cf391b1ec3b1cce.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: 6PlyZnl5J9DPg4Vuj9VyTwhJVwV_akTuAnWSSuc2VDmX7vs4uWp1dA==
age: 7082
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/gts1c3 | 216.58.211.3 | 200 OK | 472 B |
IP216.58.211.3:0
Hash27002fde234e78c7bde340bc621e933f 1bdbe4f1861601b9300101a1e6b3c143ce077e03 48d453fd9ded729e4775519885c13140e44421fe5a8c07fc464c9a354a04ef8f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 20:33:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| ocsp.digicert.com/ | 93.184.220.29 | 200 OK | 471 B |
IP93.184.220.29:0
Hash7f1f8fc556d1f7e0aea3e1208ee2fd1c 09c341a56ff876479cfc8a0505a5fef4a5d110f1 65adcf58887bcc23f73379f74ab19a61cfbb93285c95c64b44a6716eeacc1482
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 59
Cache-Control: max-age=131692
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 20:33:01 GMT
Etag: "6389c02e-1d7"
Expires: Sun, 04 Dec 2022 09:07:53 GMT
Last-Modified: Fri, 02 Dec 2022 09:06:54 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471
|
|
| ocsp.sca1b.amazontrust.com/ | 108.157.217.75 | 200 OK | 471 B |
URL HTTP/1.1ocsp.sca1b.amazontrust.com/ IP108.157.217.75:0
Hashda5d3c47cccd2c7c09cffaef0595d1f8 821ae22d1ee7b0deb9966fa531515dcbedd0b5f8 3e3a8ebfbb42b90fe331268c2c30b5631580faa6f2a76c7f28df01cef614a111
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Fri, 02 Dec 2022 20:33:01 GMT
Last-Modified: Fri, 02 Dec 2022 20:10:03 GMT
Server: ECS (bsa/EB11)
X-Cache: Miss from cloudfront
Via: 1.1 30a448a0dbd4a52ea118d2e64f0535c8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN56-P1
X-Amz-Cf-Id: CtkFU0uWvC6EGXOgPfkNOMUe2XH0A7S9Ncas1z6UUfBOZ6Nu97XCqg==
Age: 1378
|
|
| www.google-analytics.com/analytics.js | 142.250.74.110 | 200 OK | 20 kB |
URL HTTP/2www.google-analytics.com/analytics.js IP142.250.74.110:0
File typeASCII text, with very long lines (1325) Hash47e6f374ca946fddd5b59871b325736c baa9282efc8785e84d247c3bff518eaa45f101c4 16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://za.gl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Fri, 02 Dec 2022 18:41:08 GMT
expires: Fri, 02 Dec 2022 20:41:08 GMT
cache-control: public, max-age=7200
age: 6713
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
|
|
| push.services.mozilla.com/ | 54.187.31.159 | 101 Switching Protocols | 0 B |
URL HTTP/1.1push.services.mozilla.com/ IP54.187.31.159:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: gFFiB9TYe5nmIO7dBkJ1SA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: VLTvJy59LYNOA2Y1ds0ePAcibYU=
|
|
| www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js | 142.250.74.3 | 200 OK | 163 kB |
URL HTTP/2www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js IP142.250.74.3:0
File typeASCII text, with very long lines (730) Size163 kB (162976 bytes) Hash79d18cf4265108d7cecca1bf4ada6109 e51d0285a545381d4c39e9e0292a650ffeeecbb9 59ce7253f371df0833c3f72d4748ef812002b90a49413c56d0ca7c40bb5a0ab6
GET /recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://za.gl
Connection: keep-alive
Referer: https://za.gl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 162976
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 28 Nov 2022 19:09:57 GMT
expires: Tue, 28 Nov 2023 19:09:57 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 14 Nov 2022 03:01:59 GMT
content-type: text/javascript
age: 350584
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash1f558ed1c50df2253456e7257e472377 7936dcdb5b4ab65f354bde508341b5fef19201f2 f48da06949a05f1dcb0fb7bb29900c424296abb89c5d29db98484dc327381db0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F48DA06949A05F1DCB0FB7BB29900C424296ABB89C5D29DB98484DC327381DB0"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2488
Expires: Fri, 02 Dec 2022 21:14:29 GMT
Date: Fri, 02 Dec 2022 20:33:01 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash1f558ed1c50df2253456e7257e472377 7936dcdb5b4ab65f354bde508341b5fef19201f2 f48da06949a05f1dcb0fb7bb29900c424296abb89c5d29db98484dc327381db0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F48DA06949A05F1DCB0FB7BB29900C424296ABB89C5D29DB98484DC327381DB0"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2447
Expires: Fri, 02 Dec 2022 21:13:49 GMT
Date: Fri, 02 Dec 2022 20:33:02 GMT
Connection: keep-alive
|
|
| region1.google-analytics.com/g/collect?v=2&tid=G-6QVVMFTPT3>m=2oebu0&_p=918397323&cid=842528380.1670013180&ul=en-us&sr=1280x1024&_s=1&sid=1670013179&sct=1&seg=0&dl=https%3A%2F%2Fza.gl%2FaQ532Y&dt=za.gl&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1 | 216.239.32.36 | 204 No Content | 0 B |
URL HTTP/2region1.google-analytics.com/g/collect?v=2&tid=G-6QVVMFTPT3>m=2oebu0&_p=918397323&cid=842528380.1670013180&ul=en-us&sr=1280x1024&_s=1&sid=1670013179&sct=1&seg=0&dl=https%3A%2F%2Fza.gl%2FaQ532Y&dt=za.gl&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1 IP216.239.32.36:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-6QVVMFTPT3>m=2oebu0&_p=918397323&cid=842528380.1670013180&ul=en-us&sr=1280x1024&_s=1&sid=1670013179&sct=1&seg=0&dl=https%3A%2F%2Fza.gl%2FaQ532Y&dt=za.gl&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://za.gl
Connection: keep-alive
Referer: https://za.gl/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://za.gl
date: Fri, 02 Dec 2022 20:33:02 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
|
|
| fishermanslush.com/3e/c0/90/3ec0905094195898e97f189a6f59b52b.js | 192.243.59.13 | 200 OK | 13 kB |
URL HTTP/1.1fishermanslush.com/3e/c0/90/3ec0905094195898e97f189a6f59b52b.js IP192.243.59.13:0 ASN#39572 DataWeb Global Group B.V.
File typeASCII text, with very long lines (37163), with no line terminators Hash674c0658120ed5ffccb7fef8ccbdbff3 5a011029eaa982979023371ea771c2b355b727f3 42a143dfb6c8d8c0806f94e280db4ad120fd0c07c43f7d778a2fe34b757a69c2
GET /3e/c0/90/3ec0905094195898e97f189a6f59b52b.js HTTP/1.1
Host: fishermanslush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://za.gl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Fri, 02 Dec 2022 20:33:02 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 29003f5d6b69ad7bf6e6b4a4a6497bf0
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| fishermanslush.com/ae/5b/60/ae5b60e24661bf9ec039fadca57ec6c7.js | 192.243.59.13 | 200 OK | 21 kB |
URL HTTP/1.1fishermanslush.com/ae/5b/60/ae5b60e24661bf9ec039fadca57ec6c7.js IP192.243.59.13:0 ASN#39572 DataWeb Global Group B.V.
File typeHTML document, ASCII text, with very long lines (60149), with no line terminators Hash39a48790efa6a35a7b37c504c615a8d6 9ddaf4a28316a2a29a84a6de77395b272018afdd fb16f502a1940f6067fde858081ecc1330373d5ae66a0399bf1391ec05dd3db8
GET /ae/5b/60/ae5b60e24661bf9ec039fadca57ec6c7.js HTTP/1.1
Host: fishermanslush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://za.gl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Fri, 02 Dec 2022 20:33:02 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0a314103abac6f92527eff38dc0a2a10
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| e1.o.lencr.org/ | 23.36.76.226 | 200 OK | 346 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash1f1beac7928ab3d37cedfb7e9db6de8c dbec1313a709861142ee3b08c1031e4c297435d0 25faaa716072ce2493633a4252fde0606c5da842936e6f4874eb461c180367de
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "25FAAA716072CE2493633A4252FDE0606C5DA842936E6F4874EB461C180367DE"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6433
Expires: Fri, 02 Dec 2022 22:20:15 GMT
Date: Fri, 02 Dec 2022 20:33:02 GMT
Connection: keep-alive
|
|
| ocsp.sca1b.amazontrust.com/ | 108.157.217.75 | 200 OK | 471 B |
URL HTTP/1.1ocsp.sca1b.amazontrust.com/ IP108.157.217.75:0
Hash8be4570a1d9d09c7b793e97ee1f6edaf cb101195afa0dbb473bcd5050ee2ab4a25af825f b69ece6aab66eec92b6b3bd8c8e6febd027c8dac1a86faaed1b217dec8e784b1
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=153790
Date: Fri, 02 Dec 2022 20:33:02 GMT
Etag: "6389fe18-1d7"
Expires: Sun, 04 Dec 2022 15:16:12 GMT
Last-Modified: Fri, 02 Dec 2022 13:31:04 GMT
Server: ECS (bsa/EB20)
X-Cache: Miss from cloudfront
Via: 1.1 30a448a0dbd4a52ea118d2e64f0535c8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN56-P1
X-Amz-Cf-Id: 9OHnN0zvJEn8CmUXkRNCwjJijOgqa0TwGw2PBvU2z6R659c_qILX-A==
Age: 6309
|
|
| ocsp.sca1b.amazontrust.com/ | 108.157.217.75 | 200 OK | 471 B |
URL HTTP/1.1ocsp.sca1b.amazontrust.com/ IP108.157.217.75:0
Hash8be4570a1d9d09c7b793e97ee1f6edaf cb101195afa0dbb473bcd5050ee2ab4a25af825f b69ece6aab66eec92b6b3bd8c8e6febd027c8dac1a86faaed1b217dec8e784b1
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Fri, 02 Dec 2022 20:33:02 GMT
Last-Modified: Fri, 02 Dec 2022 18:47:31 GMT
Server: ECS (bsa/EB23)
X-Cache: Miss from cloudfront
Via: 1.1 bfeae0ecbffe44ad98e5cd0ae83bdb4a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN56-P1
X-Amz-Cf-Id: clL2O22-3L84w1mjswLjPi_YuDSZxjTAnmlhDWAaxk7TppG8FfmX_A==
Age: 6331
|
|
| simplewebanalysis.com/stats |  52.28.211.11 | 200 OK | 40 B |
URL HTTP/2simplewebanalysis.com/stats IP52.28.211.11:0
File typeASCII text, with no line terminators Hash08d8113d3515e01ec15d096edc3f4df3 f05ce87c2ebcd006e912914464186d8ce11b5db1 f78aef5c9a093aa488bd62796bba1b46d154b1f666d70ad0a27b319652de8157
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://za.gl
Connection: keep-alive
Referer: https://za.gl/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 20:33:02 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://za.gl
access-control-allow-credentials: true
set-cookie: uid_id2=77094a98-9bf6-46bf-965a-10a60544c6f6:3:1; expires=Mon, 29 Nov 2032 20:33:02 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
|
|
| simplewebanalysis.com/stats | 52.28.211.11 | 200 OK | 40 B |
URL HTTP/2simplewebanalysis.com/stats IP52.28.211.11:0
File typeASCII text, with no line terminators Hashbe65dc7cb0ac9a8574052383c755ab68 91e7c4bd9d0b293867ed5e98def3d58588704f67 1443dd7c3e3c00e715d5cdb1fc58a14ea6246228d4dfc8989d7df1a27dd9bb56
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://za.gl
Connection: keep-alive
Referer: https://za.gl/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 20:33:02 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://za.gl
access-control-allow-credentials: true
set-cookie: uid_id2=698ba803-7bcc-4c2a-990e-b3f7d0d4328b:2:1; expires=Mon, 29 Nov 2032 20:33:02 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
|
|
| e1.o.lencr.org/ | 23.36.76.226 | 200 OK | 346 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash1f1beac7928ab3d37cedfb7e9db6de8c dbec1313a709861142ee3b08c1031e4c297435d0 25faaa716072ce2493633a4252fde0606c5da842936e6f4874eb461c180367de
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "25FAAA716072CE2493633A4252FDE0606C5DA842936E6F4874EB461C180367DE"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6433
Expires: Fri, 02 Dec 2022 22:20:15 GMT
Date: Fri, 02 Dec 2022 20:33:02 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash976ec0477aa30cbf00f53b05c49663ff 0d333f4aab7f1286c2e68480ba986915f0188b8d e6eb3a90890b38211a9cfad8c78fd23978e2f855829c4e0cde29feccf1d8950a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E6EB3A90890B38211A9CFAD8C78FD23978E2F855829C4E0CDE29FECCF1D8950A"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13920
Expires: Sat, 03 Dec 2022 00:25:02 GMT
Date: Fri, 02 Dec 2022 20:33:02 GMT
Connection: keep-alive
|
|
| tallysaturatesnare.com/pixel/purst?dl=0&th=0&sc=0&rs=2108&rd=2108&fd=1096&bv=22.10.v.9&tmpl=70 | 192.243.59.20 | 200 OK | 0 B |
URL HTTP/1.1tallysaturatesnare.com/pixel/purst?dl=0&th=0&sc=0&rs=2108&rd=2108&fd=1096&bv=22.10.v.9&tmpl=70 IP192.243.59.20:0 ASN#39572 DataWeb Global Group B.V.
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| quad9 | Sinkholed | |
GET /pixel/purst?dl=0&th=0&sc=0&rs=2108&rd=2108&fd=1096&bv=22.10.v.9&tmpl=70 HTTP/1.1
Host: tallysaturatesnare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://za.gl/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Fri, 02 Dec 2022 20:33:02 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hashecab83d593cc540b02689be5be7abc8a 81cda579b7b9b22332b85266b0126585f3d3f73f d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9566
Expires: Fri, 02 Dec 2022 23:12:29 GMT
Date: Fri, 02 Dec 2022 20:33:03 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hashecab83d593cc540b02689be5be7abc8a 81cda579b7b9b22332b85266b0126585f3d3f73f d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9566
Expires: Fri, 02 Dec 2022 23:12:29 GMT
Date: Fri, 02 Dec 2022 20:33:03 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hashecab83d593cc540b02689be5be7abc8a 81cda579b7b9b22332b85266b0126585f3d3f73f d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9566
Expires: Fri, 02 Dec 2022 23:12:29 GMT
Date: Fri, 02 Dec 2022 20:33:03 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hashecab83d593cc540b02689be5be7abc8a 81cda579b7b9b22332b85266b0126585f3d3f73f d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9566
Expires: Fri, 02 Dec 2022 23:12:29 GMT
Date: Fri, 02 Dec 2022 20:33:03 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hashecab83d593cc540b02689be5be7abc8a 81cda579b7b9b22332b85266b0126585f3d3f73f d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9566
Expires: Fri, 02 Dec 2022 23:12:29 GMT
Date: Fri, 02 Dec 2022 20:33:03 GMT
Connection: keep-alive
|
|
| friendshipmale.com/sfp.js | 172.64.140.24 | 200 OK | 33 kB |
URL HTTP/2friendshipmale.com/sfp.js IP172.64.140.24:0
File typeUnicode text, UTF-8 text, with very long lines (65529), with no line terminators Hash4e011bc55d1f33b59e054074094e0ce2 2a01db6ed7ea754af012d33fcb892f619d0e9b28 6e1e27dfcc7bd61d6a78648c87dfcef0edcc66baa0fc8d08670104923513f8cf
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://za.gl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 20:33:02 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 270fa4432faced286374584b8e2a1494
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Fri, 02 Dec 2022 20:33:02 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jAvHoIO70IYGFRq%2B%2FQJFPoW%2BrQcpBNrw%2B1ILYmv0cLCbwXUXdDeNHOC8ipaw%2Fay%2FQJFYKYp%2FoISgapZTUwMjAshkTQkgRIhDYATd1SeB4xTR9cxXqC3iMU5JpklWvpu0%2FNGXWJQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7736d5d5c8567519-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff41bace1-a7a5-42ae-b255-862c9cbac9de.jpeg | 34.120.237.76 | 200 OK | 10 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff41bace1-a7a5-42ae-b255-862c9cbac9de.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash291127b670135b42b6e9687aa2a13237 99b5ef2d6a4d1a1251a06d9d9f989b01d089a8d1 49b082a738bcd15a0bb4e9f96a180797ffcfa368977ac1927df882a0343664d3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff41bace1-a7a5-42ae-b255-862c9cbac9de.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10437
x-amzn-requestid: 2a8183c4-47ec-42bb-8e67-3e742dc3750c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cb0YpEeooAMFfvg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387cdd0-2014fd4d49dcd4087bf1db4d;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:40:32 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: wQc8gdA6brp46QVd0ee9cBtnmA9q1j3nUO2ou9MDIhecNINtmphq0Q==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:50:54 GMT
age: 81729
etag: "99b5ef2d6a4d1a1251a06d9d9f989b01d089a8d1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg | 34.120.237.76 | 200 OK | 4.8 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hashcc0a257323f882caff067adb86d906e4 cedf2f21be7cd366bd46055b62b5513db3011dfc c16a9296d5e840a468fef7fb2764b9f7d4b3131d7ade2ce4999de1eead5469e0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4803
x-amzn-requestid: ad2d9243-5e32-4faf-8ff3-b9abd3af1e89
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cb1_hEJJIAMF4Vg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387d063-596f5833509112ee6cbedf54;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:51:31 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: PIC-TIeTFK_Y2AiqowYT4_8tMuzIKO23lAwx18fYepTf4PIWkmLqkQ==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 05:20:15 GMT
age: 54768
etag: "cedf2f21be7cd366bd46055b62b5513db3011dfc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb582f62c-d1ce-4054-b87e-36be40dadfa4.jpeg | 34.120.237.76 | 200 OK | 8.9 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb582f62c-d1ce-4054-b87e-36be40dadfa4.jpeg IP34.120.237.76:0
Hash12f9017a8f50b9ba31a11287da4fea7d 293376f25fb790c24474e20296e60ce98e1c387c a541607deabdf5e30f3730e93f3a601232761c8b1111428eb6ea210f6840f71e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb582f62c-d1ce-4054-b87e-36be40dadfa4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8863
x-amzn-requestid: 798d014b-0f9c-4787-a676-8f5e8fae3d11
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cdG14HBNIAMFdWg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638851bf-7549feac6d476a8512676412;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 07:03:27 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: r_0F64VpyutAOJ9IcTWrs3Sv--fhKiwKsV1FW0fOMSRt1QLLPxvJzg==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 10:51:17 GMT
age: 34906
etag: "fc71ae3cae92ed6011904bb2367f23bf4e69fab4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6edb00ee-3888-4974-ae1a-52ef18e62d0d.jpeg | 34.120.237.76 | 200 OK | 11 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6edb00ee-3888-4974-ae1a-52ef18e62d0d.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash1c80b8025242ddfcc816ec612456b99e aa944d10fe4a44b790b01ef62edc0f85a6d558e3 a9f060bc15738a3fe257e0c81a29e4611a89c273bcbb2765ce856d4e854a5f1f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6edb00ee-3888-4974-ae1a-52ef18e62d0d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11402
x-amzn-requestid: 20c2c359-1e43-40c0-885d-1c90e76ea12b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGzJHu-IAMFbYA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891e7a-1d89722e767daa014b174a39;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:36:58 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: OJBnbjJB_kvPuJcePGnno3zI0CTWAzV-Osb2L1hPZZhlNYhFHWmLsA==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:51:33 GMT
age: 81690
etag: "aa944d10fe4a44b790b01ef62edc0f85a6d558e3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcca8556b-b044-489f-bc74-086aad62b062.webp | 34.120.237.76 | 200 OK | 7.6 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcca8556b-b044-489f-bc74-086aad62b062.webp IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hashd147ccb10bda82b153a596c3c967cd6a ffd0763f997e71a8c1458523fc17cafe8849dfdf 1cfeb90a4ba027195f903d938d4a0aac418a1c2f0b52215ec023263f15905971
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcca8556b-b044-489f-bc74-086aad62b062.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7591
x-amzn-requestid: e179862e-f840-4e50-a9dc-09f325479b9a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGgMFRZIAMFl7g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891e01-676a1571459f2d83488f2765;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:57 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: oB5K_ZCWWwCltMx8FQSjDdXRMzSTSyRLSYSLAooQXuCrUxadLUiWkA==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:48:51 GMT
age: 81852
etag: "ffd0763f997e71a8c1458523fc17cafe8849dfdf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash17f2d0c6990ec49705bcb6ac2c8d0c06 d6c780dafdaa4d5d60e54ba73d7269543758eecf 010ee90a07b0a2d6d4ced95a6607108544b364f3f4dad75fe6cfdffdb2d4b735
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "010EE90A07B0A2D6D4CED95A6607108544B364F3F4DAD75FE6CFDFFDB2D4B735"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2203
Expires: Fri, 02 Dec 2022 21:09:46 GMT
Date: Fri, 02 Dec 2022 20:33:03 GMT
Connection: keep-alive
|
|
| parkingridiculous.com/sbar.json?key=3ec0905094195898e97f189a6f59b52b&uuid=698ba803-7bcc-4c2a-990e-b3f7d0d4328b%3A2%3A1 | 173.233.137.60 | 200 OK | 4.2 kB |
URL HTTP/1.1parkingridiculous.com/sbar.json?key=3ec0905094195898e97f189a6f59b52b&uuid=698ba803-7bcc-4c2a-990e-b3f7d0d4328b%3A2%3A1 IP173.233.137.60:0
File typeJSON data\012- , ASCII text, with very long lines (5789), with no line terminators Hash350a9f370620c8ab7a7c5f3c38c880e7 0cc32bbe53f024fa8396e51703dfcb722e61293c bdb8829bdbbaa648a696e0e13929dd6f7d505f67f8517c840b662ae9789221c9
| Analyzer | Verdict | Alert |
|---|
| quad9 | Sinkholed | |
GET /sbar.json?key=3ec0905094195898e97f189a6f59b52b&uuid=698ba803-7bcc-4c2a-990e-b3f7d0d4328b%3A2%3A1 HTTP/1.1
Host: parkingridiculous.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://za.gl
Connection: keep-alive
Referer: https://za.gl/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 02 Dec 2022 20:33:03 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://za.gl
Access-Control-Allow-Origin: https://za.gl
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=16908321; expires=Sat, 03 Dec 2022 20:33:03 GMT; secure; SameSite=None
uid_id2=698ba803-7bcc-4c2a-990e-b3f7d0d4328b:2:1; expires=Fri, 09 Dec 2022 20:33:03 GMT; secure; SameSite=None
pdhtkv=true; expires=Sat, 03 Dec 2022 20:33:03 GMT; secure; SameSite=None
uncs=1; expires=Sat, 03 Dec 2022 20:33:03 GMT; secure; SameSite=None
pdhtkv29=true; expires=Sat, 03 Dec 2022 20:33:03 GMT; secure; SameSite=None
uncs29=1; expires=Sat, 03 Dec 2022 20:33:03 GMT; secure; SameSite=None
slec3ec0905094195898e97f189a6f59b52b=[3830292]; expires=Fri, 02 Dec 2022 20:33:08 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a3d863ec898d575dbdf3ccd57cfa3a2a
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash77a6b6638e0ee5ec4eeb988d3d3af050 219272781fc7a6ac331496b257c7976daa7b62de d3092d8548c448fab08751eb00cce0ffb883786084d77320da1e0a858b70c5cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D3092D8548C448FAB08751EB00CCE0FFB883786084D77320DA1E0A858B70C5CB"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1865
Expires: Fri, 02 Dec 2022 21:04:08 GMT
Date: Fri, 02 Dec 2022 20:33:03 GMT
Connection: keep-alive
|
|
| parkingridiculous.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSTW8bxR%2Bezb%2F%2FC1wK6oUDwkgcQCLOrO2Nve2horRFFSWJ2qJcmbd1hox3VjO7XseniEqoQkJyD4geN4%2BTRkCF6AdAIIcLioTAHFAOpF8BCalXkBNLFr%2FD%2Fl6ePTwv8%2BlecUooCnay8YEdamPYSlSntTc3dSpt6Wtr92ohrdMrtU2drrau1Aazj%2BtfDmlUp2%2FV3lNi2640aEhpSMPaTe1UYgcrZyh09iQO6zGttxr1MGph4P67%2ByKAZwFk%2F5S8DC2n%2F9%2F6%2BSm0mCDtfXdd%2Be3cZm%2Ff6BWG5dahLw8%2FTLdTW6boLcbEBUjSw%2FnfsH5KyKMl2PRwrgC2vz9TAK6nJPgjBE8P5zTB%2BwfnTLmBSsHliyj7EygzgWYTCHsfWv5GACGxto6093jNupLtnKNshk7Jhed%2FQ5dTcuHPS0h7314zelC7a02Ra5t6DJIKejCB7k6QFUfIhwF0eQSRfwItfyErz28j7e2ve2Oh5ckbq3GHsw5tLre5EMst0WDLcUzVMm8mbUllq9no8DOLtJ5AJxMYNQLzSyh8gEIHKJIARRagJ09qLIoTStsJT5rNTksI0WwKEXVWZSSbrU5CUYiZhhHybARhRhBuF5nbxbYewRU%2Fwm9V8DKAzwn6skKpCEpPUDKCUhOUOUHZrw6k8Q1fPZbGFzyc98a8N6uxzbt77MDmXZWSveyUvDQzLlgir2NbndSaStCYRjRuhXHUiTsqbidhJ2arSRTzqMHhdQXtl8B8gOEsxV8DZLNeXgRnR%2FDmCEJfBCteBSvH7QYF2xq3OhTD9GDI6l0DaStk%2BQXkO8GeOSWvnCV32V2CEsdkXhCuQuYqfKx%2FIuiaB%2BM7tiT7d2zpydP1LNc9PWSzVO%2FmLFfB1%2B%2BrndI6eeu6H331jpgBs%2FHJPeXz2yyVOu168s01LaVyN60Tinx%2Fy28qvlH4rWuFS4vs9sa7N2%2F1Mqe81zadgOkpIQ%2BfQegpeeGL%2BtmLfe3GI2g3gSsq9IoFV22PILJd%2BGxx85bAmcXOswBlUY1dgy%2BORhMYtdgZr%2BDV8dVJ%2BuXn68%2BugKvjH%2F46x%2Fb8A3RdAJbfR9qr0HcV%2BqYCMyP44n%2FjPHPHV39vnhW4CcbcuGCfG2cenpvr9UlNRQlNFG0onsQ8aTMq46QVcxaHqs0jFiL3U%2FHZR%2F%2F8CwAA%2F%2F8BAAD%2F%2F47WlKuJBAAA | 173.233.137.60 | 200 OK | 7 B |
URL HTTP/1.1parkingridiculous.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSTW8bxR%2Bezb%2F%2FC1wK6oUDwkgcQCLOrO2Nve2horRFFSWJ2qJcmbd1hox3VjO7XseniEqoQkJyD4geN4%2BTRkCF6AdAIIcLioTAHFAOpF8BCalXkBNLFr%2FD%2Fl6ePTwv8%2BlecUooCnay8YEdamPYSlSntTc3dSpt6Wtr92ohrdMrtU2drrau1Aazj%2BtfDmlUp2%2FV3lNi2640aEhpSMPaTe1UYgcrZyh09iQO6zGttxr1MGph4P67%2ByKAZwFk%2F5S8DC2n%2F9%2F6%2BSm0mCDtfXdd%2Be3cZm%2Ff6BWG5dahLw8%2FTLdTW6boLcbEBUjSw%2FnfsH5KyKMl2PRwrgC2vz9TAK6nJPgjBE8P5zTB%2BwfnTLmBSsHliyj7EygzgWYTCHsfWv5GACGxto6093jNupLtnKNshk7Jhed%2FQ5dTcuHPS0h7314zelC7a02Ra5t6DJIKejCB7k6QFUfIhwF0eQSRfwItfyErz28j7e2ve2Oh5ckbq3GHsw5tLre5EMst0WDLcUzVMm8mbUllq9no8DOLtJ5AJxMYNQLzSyh8gEIHKJIARRagJ09qLIoTStsJT5rNTksI0WwKEXVWZSSbrU5CUYiZhhHybARhRhBuF5nbxbYewRU%2Fwm9V8DKAzwn6skKpCEpPUDKCUhOUOUHZrw6k8Q1fPZbGFzyc98a8N6uxzbt77MDmXZWSveyUvDQzLlgir2NbndSaStCYRjRuhXHUiTsqbidhJ2arSRTzqMHhdQXtl8B8gOEsxV8DZLNeXgRnR%2FDmCEJfBCteBSvH7QYF2xq3OhTD9GDI6l0DaStk%2BQXkO8GeOSWvnCV32V2CEsdkXhCuQuYqfKx%2FIuiaB%2BM7tiT7d2zpydP1LNc9PWSzVO%2FmLFfB1%2B%2BrndI6eeu6H331jpgBs%2FHJPeXz2yyVOu168s01LaVyN60Tinx%2Fy28qvlH4rWuFS4vs9sa7N2%2F1Mqe81zadgOkpIQ%2BfQegpeeGL%2BtmLfe3GI2g3gSsq9IoFV22PILJd%2BGxx85bAmcXOswBlUY1dgy%2BORhMYtdgZr%2BDV8dVJ%2BuXn68%2BugKvjH%2F46x%2Fb8A3RdAJbfR9qr0HcV%2BqYCMyP44n%2FjPHPHV39vnhW4CcbcuGCfG2cenpvr9UlNRQlNFG0onsQ8aTMq46QVcxaHqs0jFiL3U%2FHZR%2F%2F8CwAA%2F%2F8BAAD%2F%2F47WlKuJBAAA IP173.233.137.60:0
File typeASCII text, with no line terminators Hash132d6af1b46048b45cf86cdee7991d31 eb7007d03d59b65bc6da7e098c4d38fc6dfb6285 ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
| Analyzer | Verdict | Alert |
|---|
| quad9 | Sinkholed | |
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSTW8bxR%2Bezb%2F%2FC1wK6oUDwkgcQCLOrO2Nve2horRFFSWJ2qJcmbd1hox3VjO7XseniEqoQkJyD4geN4%2BTRkCF6AdAIIcLioTAHFAOpF8BCalXkBNLFr%2FD%2Fl6ePTwv8%2BlecUooCnay8YEdamPYSlSntTc3dSpt6Wtr92ohrdMrtU2drrau1Aazj%2BtfDmlUp2%2FV3lNi2640aEhpSMPaTe1UYgcrZyh09iQO6zGttxr1MGph4P67%2ByKAZwFk%2F5S8DC2n%2F9%2F6%2BSm0mCDtfXdd%2Be3cZm%2Ff6BWG5dahLw8%2FTLdTW6boLcbEBUjSw%2FnfsH5KyKMl2PRwrgC2vz9TAK6nJPgjBE8P5zTB%2BwfnTLmBSsHliyj7EygzgWYTCHsfWv5GACGxto6093jNupLtnKNshk7Jhed%2FQ5dTcuHPS0h7314zelC7a02Ra5t6DJIKejCB7k6QFUfIhwF0eQSRfwItfyErz28j7e2ve2Oh5ckbq3GHsw5tLre5EMst0WDLcUzVMm8mbUllq9no8DOLtJ5AJxMYNQLzSyh8gEIHKJIARRagJ09qLIoTStsJT5rNTksI0WwKEXVWZSSbrU5CUYiZhhHybARhRhBuF5nbxbYewRU%2Fwm9V8DKAzwn6skKpCEpPUDKCUhOUOUHZrw6k8Q1fPZbGFzyc98a8N6uxzbt77MDmXZWSveyUvDQzLlgir2NbndSaStCYRjRuhXHUiTsqbidhJ2arSRTzqMHhdQXtl8B8gOEsxV8DZLNeXgRnR%2FDmCEJfBCteBSvH7QYF2xq3OhTD9GDI6l0DaStk%2BQXkO8GeOSWvnCV32V2CEsdkXhCuQuYqfKx%2FIuiaB%2BM7tiT7d2zpydP1LNc9PWSzVO%2FmLFfB1%2B%2BrndI6eeu6H331jpgBs%2FHJPeXz2yyVOu168s01LaVyN60Tinx%2Fy28qvlH4rWuFS4vs9sa7N2%2F1Mqe81zadgOkpIQ%2BfQegpeeGL%2BtmLfe3GI2g3gSsq9IoFV22PILJd%2BGxx85bAmcXOswBlUY1dgy%2BORhMYtdgZr%2BDV8dVJ%2BuXn68%2BugKvjH%2F46x%2Fb8A3RdAJbfR9qr0HcV%2BqYCMyP44n%2FjPHPHV39vnhW4CcbcuGCfG2cenpvr9UlNRQlNFG0onsQ8aTMq46QVcxaHqs0jFiL3U%2FHZR%2F%2F8CwAA%2F%2F8BAAD%2F%2F47WlKuJBAAA HTTP/1.1
Host: parkingridiculous.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://za.gl/
Cookie: u_pl=16908321; uid_id2=698ba803-7bcc-4c2a-990e-b3f7d0d4328b:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec3ec0905094195898e97f189a6f59b52b=[3830292]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 02 Dec 2022 20:33:03 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 539546523bacfac991f813398abba39e
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| unseenreport.com/pxf.gif?uuid=698ba803-7bcc-4c2a-990e-b3f7d0d4328b&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=ae5b60e24661bf9ec039fadca57ec6c7&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=20 | 192.243.59.12 | 200 OK | 1 B |
URL HTTP/1.1unseenreport.com/pxf.gif?uuid=698ba803-7bcc-4c2a-990e-b3f7d0d4328b&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=ae5b60e24661bf9ec039fadca57ec6c7&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=20 IP192.243.59.12:0 ASN#39572 DataWeb Global Group B.V.
File typevery short file (no magic) Hash93b885adfe0da089cdf634904fd59f71 5ba93c9db0cff93f52b521d7420e43f6eda2784f 6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
| Analyzer | Verdict | Alert |
|---|
| quad9 | Sinkholed | |
GET /pxf.gif?uuid=698ba803-7bcc-4c2a-990e-b3f7d0d4328b&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=ae5b60e24661bf9ec039fadca57ec6c7&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=20 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://za.gl/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Fri, 02 Dec 2022 20:33:03 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1e1a9af1326d7a3e3413ac4ce7dc07f2
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hashc770ed8e1043091817cf67c2338116d2 eb799e23dbf7d7fd82d63ec0220007e5b8196e48 addff025294dc6a89ff5f686910eb51ba8791c40f50b1c6b63ddc4c8db5808cf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "ADDFF025294DC6A89FF5F686910EB51BA8791C40F50B1C6B63DDC4C8DB5808CF"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2243
Expires: Fri, 02 Dec 2022 21:10:26 GMT
Date: Fri, 02 Dec 2022 20:33:03 GMT
Connection: keep-alive
|
|
| unseenreport.com/pxf.gif?uuid=698ba803-7bcc-4c2a-990e-b3f7d0d4328b&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=3ec0905094195898e97f189a6f59b52b&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=20 | 192.243.59.12 | 200 OK | 1 B |
URL HTTP/1.1unseenreport.com/pxf.gif?uuid=698ba803-7bcc-4c2a-990e-b3f7d0d4328b&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=3ec0905094195898e97f189a6f59b52b&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=20 IP192.243.59.12:0 ASN#39572 DataWeb Global Group B.V.
File typevery short file (no magic) Hash93b885adfe0da089cdf634904fd59f71 5ba93c9db0cff93f52b521d7420e43f6eda2784f 6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
| Analyzer | Verdict | Alert |
|---|
| quad9 | Sinkholed | |
GET /pxf.gif?uuid=698ba803-7bcc-4c2a-990e-b3f7d0d4328b&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=3ec0905094195898e97f189a6f59b52b&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=20 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://za.gl/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Fri, 02 Dec 2022 20:33:03 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: fcb46b991a033686d48c289385e229e6
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| e1.o.lencr.org/ | 23.36.76.226 | 200 OK | 346 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash0f3fa70c4b85f9af8be81db15f2473b6 e5dadf573bde48707d00993b7a0301f7303f1a73 ede2da5cda82417700a040d95008b37aa7a30c1eeb053993b82c74fabbff65ea
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "EDE2DA5CDA82417700A040D95008B37AA7A30C1EEB053993B82C74FABBFF65EA"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6803
Expires: Fri, 02 Dec 2022 22:26:26 GMT
Date: Fri, 02 Dec 2022 20:33:03 GMT
Connection: keep-alive
|
|
| e1.o.lencr.org/ | 23.36.76.226 | 200 OK | 346 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash0f3fa70c4b85f9af8be81db15f2473b6 e5dadf573bde48707d00993b7a0301f7303f1a73 ede2da5cda82417700a040d95008b37aa7a30c1eeb053993b82c74fabbff65ea
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "EDE2DA5CDA82417700A040D95008B37AA7A30C1EEB053993B82C74FABBFF65EA"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6803
Expires: Fri, 02 Dec 2022 22:26:26 GMT
Date: Fri, 02 Dec 2022 20:33:03 GMT
Connection: keep-alive
|
|
| parkingridiculous.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2Fe6%2Fd7%2F97%2Fe6d797a3a7be0e7ec1877d1b33146dfa%2F1657714258.html&l=1190&fd=334 | 173.233.137.60 | 200 OK | 0 B |
URL HTTP/1.1parkingridiculous.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2Fe6%2Fd7%2F97%2Fe6d797a3a7be0e7ec1877d1b33146dfa%2F1657714258.html&l=1190&fd=334 IP173.233.137.60:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| quad9 | Sinkholed | |
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2Fe6%2Fd7%2F97%2Fe6d797a3a7be0e7ec1877d1b33146dfa%2F1657714258.html&l=1190&fd=334 HTTP/1.1
Host: parkingridiculous.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://za.gl/
Cookie: u_pl=16908321; uid_id2=698ba803-7bcc-4c2a-990e-b3f7d0d4328b:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec3ec0905094195898e97f189a6f59b52b=[3830292]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 02 Dec 2022 20:33:03 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/img/close.png | 172.64.109.13 | 200 OK | 6.0 kB |
URL HTTP/2cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/img/close.png IP172.64.109.13:0
File typePNG image data, 522 x 391, 8-bit/color RGBA, non-interlaced\012- data Hashc489ce2c491a22ee37a55e26a92dfd73 2fa588ab09e94dd902e5bd24b48f98ad1949c9d6 1eed147c7d5de6291c25fbc5274830c12d5549262fb144271576d4e15966e5bd
GET /sb/chat/mob/ssp/v2/new/3/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 20:33:03 GMT
content-type: image/png
content-length: 5982
last-modified: Tue, 05 Jul 2022 10:43:39 GMT
etag: "62c415db-175e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1492903
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g51W4bCXhHO6%2B64%2FVzYAG5iIsdOcgltxpzUW%2Be%2FeeNlIb6vlniZPhVb96qTaBxNIh0XQl%2Fo2FDbaBSR9N%2FIxjEFIdJZSXKCGF%2Bo111jdt0Bg8oaFBUMwDNf3F%2BsZgSpps%2FdLCRSOYsnP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7736d5df3c89744b-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| e1.o.lencr.org/ | 23.36.76.226 | 200 OK | 346 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash0f3fa70c4b85f9af8be81db15f2473b6 e5dadf573bde48707d00993b7a0301f7303f1a73 ede2da5cda82417700a040d95008b37aa7a30c1eeb053993b82c74fabbff65ea
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "EDE2DA5CDA82417700A040D95008B37AA7A30C1EEB053993B82C74FABBFF65EA"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6803
Expires: Fri, 02 Dec 2022 22:26:26 GMT
Date: Fri, 02 Dec 2022 20:33:03 GMT
Connection: keep-alive
|
|
| cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/css/animate.css | 172.64.109.13 | 200 OK | 4.9 kB |
URL HTTP/2cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/css/animate.css IP172.64.109.13:0
Hash3674a1cb86daab116b5846fd66b927bd 67879f775f61d0ee60c4e603e1c26c356e50fa30 110f259337068c4c1543bdf6c90cc8f59f3cd9895a83c3c4171f988af2d3e070
GET /sb/chat/mob/ssp/v2/new/3/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://za.gl
Connection: keep-alive
Referer: https://za.gl/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 20:33:03 GMT
content-type: text/css
last-modified: Wed, 13 Jul 2022 12:13:56 GMT
etag: W/"62ceb704-135d1"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 21824
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w8Fnug%2FhJtx7lzQng9%2Fv%2F7XprMBAGyr0RoOMNLOqbnGK2IxC8vAniBSkdkeeJiAtqY4o8Ebv9eF%2F%2B0mVa1cwRGYwy5KeH8g8dfkZUZIMAJBXc0XVl2fMXnSSF%2BBVDZyDtgPm3BUq%2BKCR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7736d5df2c5e744b-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/js/jquery.min.js | 172.64.109.13 | 200 OK | 32 kB |
URL HTTP/2cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/js/jquery.min.js IP172.64.109.13:0
File typeASCII text, with very long lines (65451) Hash903cd978ce608fb95877b53f572b1ae9 2b6ca60a9048649e9a2be7e8e37d51836886ef5f c8ff76628f57c5d9777942b8bf4ba95f208d3dbf205c3a7d796939c911026f36
GET /sb/chat/mob/ssp/v2/new/3/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 20:33:03 GMT
content-type: application/javascript
last-modified: Wed, 13 Jul 2022 12:13:58 GMT
etag: W/"62ceb706-15d94"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1492903
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FGXWcUHUNUh91EYSpIBBcpWjTMAVUbCUQnU6%2FV7AMkkxB88ZtJqRIqIynkalx3HfP8BFo1aEUdAGvEoFvUWq05fwMhYEjp%2FWLXY80Mr9uFayVUhU6xMLnxHh4xzRdvrrMj2rmYGnAetW"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7736d5df4c93744b-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| cdn.cloudimagesb.com/si/28/d6/a4/28d6a403173def438ad97dc6687ec5eb/1669910284.png | 45.133.44.10 | 200 OK | 78 kB |
URL HTTP/2cdn.cloudimagesb.com/si/28/d6/a4/28d6a403173def438ad97dc6687ec5eb/1669910284.png IP45.133.44.10:0 ASN#39572 DataWeb Global Group B.V.
File typePNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data Hashf073aaf0ef05830f8ac9db84fc0dd661 ef3d1adef699a050c829ae76084cf1ce9ae54cd0 8afdd964d1a19e9177174a08456e129ceda215587326ead6bc10b0557859c541
GET /si/28/d6/a4/28d6a403173def438ad97dc6687ec5eb/1669910284.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 20:33:04 GMT
content-type: image/png
content-length: 77811
server: nginx/1.17.6
last-modified: Thu, 01 Dec 2022 15:58:13 GMT
etag: "6388cf15-12ff3"
expires: Sun, 04 Dec 2022 20:33:04 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/css/style.css | 172.64.109.13 | 200 OK | 1.2 kB |
URL HTTP/2cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/css/style.css IP172.64.109.13:0
Hash7418def3f26eb27797eab740f24234d5 08bbb86a88bf221dde5e394dbe07efbe53460a95 31cd2d9a5c0045a008ebe2f9f5953af2163c40668ab1a62604d2eef104bc12a3
GET /sb/chat/mob/ssp/v2/new/3/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://za.gl
Connection: keep-alive
Referer: https://za.gl/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 20:33:03 GMT
content-type: text/css
last-modified: Wed, 13 Jul 2022 12:13:55 GMT
etag: W/"62ceb703-1229"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 21824
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cQwuxROCCCV1HxmXEYu7kRIIiYMirzS%2FkRFC3v1KjS67RN7mq%2FErLQgo%2FpLw4hAXkeAqwJ9jrDODplsHYCYBl%2FZ7hd3BKv4S5RWJ1HI6pvU%2FxHp8zMDplsYse7dN32kWJWK6ok2fgj34"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7736d5df1c56744b-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| cdn.barscreative1.com/sb/au/e6/d7/97/e6d797a3a7be0e7ec1877d1b33146dfa/1657714258.html | 45.133.44.3 | 200 OK | 1.1 kB |
URL HTTP/2cdn.barscreative1.com/sb/au/e6/d7/97/e6d797a3a7be0e7ec1877d1b33146dfa/1657714258.html IP45.133.44.3:0 ASN#39572 DataWeb Global Group B.V.
File typeHTML document, ASCII text Hashe277f2eb751f132f58f8455c1ae1854f 2295f924b7bb1a281b16a54dd01762c31c21dde9 8d21e1e511493cd15040aca05c43979c9ea3b75dff6543a3c1c5ad4537d35ebf
| Analyzer | Verdict | Alert |
|---|
| fortinet | Phishing | |
GET /sb/au/e6/d7/97/e6d797a3a7be0e7ec1877d1b33146dfa/1657714258.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://za.gl
Connection: keep-alive
Referer: https://za.gl/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 20:33:03 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Wed, 13 Jul 2022 12:11:03 GMT
etag: W/"62ceb657-4a6"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Fri, 02 Dec 2022 21:33:03 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 | 142.250.74.35 | 200 OK | 16 kB |
URL HTTP/2fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 IP142.250.74.35:0
File typeWeb Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data Hash15d9f621c3bd1599f0169dcf0bd5e63e 7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52 f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://za.gl
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 19:33:54 GMT
expires: Thu, 30 Nov 2023 19:33:54 GMT
cache-control: public, max-age=31536000
age: 176350
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 | 142.250.74.35 | 200 OK | 16 kB |
URL HTTP/2fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 IP142.250.74.35:0
File typeWeb Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data Hashe9f5aaf547f165386cd313b995dddd8e acdef5603c2387b0e5bffd744b679a24a8bc1968 f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://za.gl
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 19:34:15 GMT
expires: Thu, 30 Nov 2023 19:34:15 GMT
cache-control: public, max-age=31536000
age: 176329
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
|
|
| parkingridiculous.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSTYscxR%2Bu3n%2F%2BF71EycWDOIIHBXe2enpmpzs5BGMSCcZsSCK5Wm89W25NV1PVPT2Z02JAgiBMDmKOvc%2FsZlGDmA8gyqwXWRAdD7IHN19BEHJVZndg8Hfo38vTh%2BelPt0pjwlFyY5ufmBH2hi21mnSxpt3dSZt5Rs37jRC2qQXGnd1tt6%2B0BjOP25wPqSdJn2r8Z4SW3atRUNKQxo2rmqnUjtcO0Gh8ydJ2Exos91qhp02hu6%2Fuy8DeBZADo7Jy9By9v%2FNn59Ciymy%2FneXld8qbP72lX5pWGEdBnL%2Fw2wrs1WG%2FnJMXYA021%2F8DetnhDxagc32FwpgB7tzBeB6RoI%2FQvBsf0ETfLB3ypQbqAxcvohqMIUyU2g2hbD3oeVvBBASNzaQ9R%2FfsK5i905RNkdn5Mzzv6GrGTnz5zlk%2FW8vGT1s3LamLLTNPIZpDT2cQvemyMsDFKMAujqAKD6Blr%2BQtefXkfV3N7yx0PLojfUk5iym0WqXC7HaFi22miRUrfIo7Uoq21Er5icWaT2FTqcwagzmV1D6AKUOUKYByjxAXx41WCdJKe2mPI2iuC2EiCIhOvG67MioHacUpZhrGKPIxxBmDOG2kbttbOkxXPkj%2FGYNLwP4gmAga1SKoPIEFSOoNEFVEFSDek8a3%2FL1Y2l8ycNFby16VE9s0dthe7boqYzs5MfkpblxwQp5HVvqqBEpQRPaoUk7TDpxEqukm4ZxwtbTTsI7LQ6va2i%2FAuYDjOYp%2Fhogn%2FfqLDg7gDcHEPosWPkqWDXptijY5qQdU4yyvRFr9gykrZEXZ1DcC3bMMXnlJLnz7hyUOCSLgnA1clfjY%2F0TQc88mNyyFdm9ZStPnm7khe7rEZunertghQq%2Bfl%2Fdq6yT1y778VfviDkwH5%2FcUb64zjKps54n31zSUip31TqhyPfX%2FF3Fb5Z%2B81LpsjK%2FfvPdq9f6uVPea5tNwfSMkIfPIPSMvPBF8%2BTFvnblEbSbwpU1%2BuWSq7YHEPk2fL68eUvgzHLneYCqrCeuxZdHowmMWu6M1%2FDq8OI0%2B%2FLzjWcXwNXhD3%2BdYjv%2BAXouACvuI%2BvXGLgaA1ODmTF8%2Bb9JkbvDi79HJwVuggk3LtjlxpmHp%2BZ6fdTohG0V87grpORKyLDbiuKI0paU7W6iwgSFn4nPPvrnXwAAAP%2F%2FAQAA%2F%2F%2Ba3hpNiQQAAA%3D%3D | 173.233.137.60 | 200 OK | 7 B |
URL HTTP/1.1parkingridiculous.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSTYscxR%2Bu3n%2F%2BF71EycWDOIIHBXe2enpmpzs5BGMSCcZsSCK5Wm89W25NV1PVPT2Z02JAgiBMDmKOvc%2FsZlGDmA8gyqwXWRAdD7IHN19BEHJVZndg8Hfo38vTh%2BelPt0pjwlFyY5ufmBH2hi21mnSxpt3dSZt5Rs37jRC2qQXGnd1tt6%2B0BjOP25wPqSdJn2r8Z4SW3atRUNKQxo2rmqnUjtcO0Gh8ydJ2Exos91qhp02hu6%2Fuy8DeBZADo7Jy9By9v%2FNn59Ciymy%2FneXld8qbP72lX5pWGEdBnL%2Fw2wrs1WG%2FnJMXYA021%2F8DetnhDxagc32FwpgB7tzBeB6RoI%2FQvBsf0ETfLB3ypQbqAxcvohqMIUyU2g2hbD3oeVvBBASNzaQ9R%2FfsK5i905RNkdn5Mzzv6GrGTnz5zlk%2FW8vGT1s3LamLLTNPIZpDT2cQvemyMsDFKMAujqAKD6Blr%2BQtefXkfV3N7yx0PLojfUk5iym0WqXC7HaFi22miRUrfIo7Uoq21Er5icWaT2FTqcwagzmV1D6AKUOUKYByjxAXx41WCdJKe2mPI2iuC2EiCIhOvG67MioHacUpZhrGKPIxxBmDOG2kbttbOkxXPkj%2FGYNLwP4gmAga1SKoPIEFSOoNEFVEFSDek8a3%2FL1Y2l8ycNFby16VE9s0dthe7boqYzs5MfkpblxwQp5HVvqqBEpQRPaoUk7TDpxEqukm4ZxwtbTTsI7LQ6va2i%2FAuYDjOYp%2Fhogn%2FfqLDg7gDcHEPosWPkqWDXptijY5qQdU4yyvRFr9gykrZEXZ1DcC3bMMXnlJLnz7hyUOCSLgnA1clfjY%2F0TQc88mNyyFdm9ZStPnm7khe7rEZunertghQq%2Bfl%2Fdq6yT1y778VfviDkwH5%2FcUb64zjKps54n31zSUip31TqhyPfX%2FF3Fb5Z%2B81LpsjK%2FfvPdq9f6uVPea5tNwfSMkIfPIPSMvPBF8%2BTFvnblEbSbwpU1%2BuWSq7YHEPk2fL68eUvgzHLneYCqrCeuxZdHowmMWu6M1%2FDq8OI0%2B%2FLzjWcXwNXhD3%2BdYjv%2BAXouACvuI%2BvXGLgaA1ODmTF8%2Bb9JkbvDi79HJwVuggk3LtjlxpmHp%2BZ6fdTohG0V87grpORKyLDbiuKI0paU7W6iwgSFn4nPPvrnXwAAAP%2F%2FAQAA%2F%2F%2Ba3hpNiQQAAA%3D%3D IP173.233.137.60:0
File typeASCII text, with no line terminators Hash132d6af1b46048b45cf86cdee7991d31 eb7007d03d59b65bc6da7e098c4d38fc6dfb6285 ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
| Analyzer | Verdict | Alert |
|---|
| fortinet | Malware | | | quad9 | Sinkholed | |
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSTYscxR%2Bu3n%2F%2BF71EycWDOIIHBXe2enpmpzs5BGMSCcZsSCK5Wm89W25NV1PVPT2Z02JAgiBMDmKOvc%2FsZlGDmA8gyqwXWRAdD7IHN19BEHJVZndg8Hfo38vTh%2BelPt0pjwlFyY5ufmBH2hi21mnSxpt3dSZt5Rs37jRC2qQXGnd1tt6%2B0BjOP25wPqSdJn2r8Z4SW3atRUNKQxo2rmqnUjtcO0Gh8ydJ2Exos91qhp02hu6%2Fuy8DeBZADo7Jy9By9v%2FNn59Ciymy%2FneXld8qbP72lX5pWGEdBnL%2Fw2wrs1WG%2FnJMXYA021%2F8DetnhDxagc32FwpgB7tzBeB6RoI%2FQvBsf0ETfLB3ypQbqAxcvohqMIUyU2g2hbD3oeVvBBASNzaQ9R%2FfsK5i905RNkdn5Mzzv6GrGTnz5zlk%2FW8vGT1s3LamLLTNPIZpDT2cQvemyMsDFKMAujqAKD6Blr%2BQtefXkfV3N7yx0PLojfUk5iym0WqXC7HaFi22miRUrfIo7Uoq21Er5icWaT2FTqcwagzmV1D6AKUOUKYByjxAXx41WCdJKe2mPI2iuC2EiCIhOvG67MioHacUpZhrGKPIxxBmDOG2kbttbOkxXPkj%2FGYNLwP4gmAga1SKoPIEFSOoNEFVEFSDek8a3%2FL1Y2l8ycNFby16VE9s0dthe7boqYzs5MfkpblxwQp5HVvqqBEpQRPaoUk7TDpxEqukm4ZxwtbTTsI7LQ6va2i%2FAuYDjOYp%2Fhogn%2FfqLDg7gDcHEPosWPkqWDXptijY5qQdU4yyvRFr9gykrZEXZ1DcC3bMMXnlJLnz7hyUOCSLgnA1clfjY%2F0TQc88mNyyFdm9ZStPnm7khe7rEZunertghQq%2Bfl%2Fdq6yT1y778VfviDkwH5%2FcUb64zjKps54n31zSUip31TqhyPfX%2FF3Fb5Z%2B81LpsjK%2FfvPdq9f6uVPea5tNwfSMkIfPIPSMvPBF8%2BTFvnblEbSbwpU1%2BuWSq7YHEPk2fL68eUvgzHLneYCqrCeuxZdHowmMWu6M1%2FDq8OI0%2B%2FLzjWcXwNXhD3%2BdYjv%2BAXouACvuI%2BvXGLgaA1ODmTF8%2Bb9JkbvDi79HJwVuggk3LtjlxpmHp%2BZ6fdTohG0V87grpORKyLDbiuKI0paU7W6iwgSFn4nPPvrnXwAAAP%2F%2FAQAA%2F%2F%2Ba3hpNiQQAAA%3D%3D HTTP/1.1
Host: parkingridiculous.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://za.gl/
Cookie: u_pl=16908321; uid_id2=698ba803-7bcc-4c2a-990e-b3f7d0d4328b:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec3ec0905094195898e97f189a6f59b52b=[3830292]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 02 Dec 2022 20:33:04 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: af202b18563f0d787fbdd675820e919d
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| parkingridiculous.com/pixel/sbs?c=1 | 173.233.137.60 | 200 OK | 0 B |
URL HTTP/1.1parkingridiculous.com/pixel/sbs?c=1 IP173.233.137.60:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| fortinet | Malware | | | quad9 | Sinkholed | |
GET /pixel/sbs?c=1 HTTP/1.1
Host: parkingridiculous.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://za.gl/
Cookie: u_pl=16908321; uid_id2=698ba803-7bcc-4c2a-990e-b3f7d0d4328b:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec3ec0905094195898e97f189a6f59b52b=[3830292]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 02 Dec 2022 20:33:04 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| za.gl/aQ532Y | 104.26.5.66 | 200 OK | 0 B |
IP104.26.5.66:0
GET /aQ532Y HTTP/1.1
Host: za.gl
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Fri, 02 Dec 2022 20:33:00 GMT
content-type: text/html; charset=UTF-8
set-cookie: AppSession=vr29hncjch6tqjfvd6rff5v8e6; path=/; HttpOnly; secure
zagl_publisher=1558511; expires=Fri, 02-Dec-2022 20:34:00 GMT; Max-Age=60; path=/; secure
scr=0.45; expires=Fri, 02-Dec-2022 20:34:00 GMT; Max-Age=60; path=/; secure
zagl_publisher=1558511; expires=Fri, 02-Dec-2022 20:34:00 GMT; Max-Age=60; path=/; secure
scr=0.45; expires=Fri, 02-Dec-2022 20:34:00 GMT; Max-Age=60; path=/; secure
csrfToken=b2100d3ab20171855540081dac01826423bd0ebe6fdfe06fbe8240377dd78acdd70edb7b355c09392e2ce52c9c6aa4ba55eb4ccbacdee5fe4d650f631c6b6cd9; path=/; secure
visitor=Q2FrZQ%3D%3D.MmQwZmI4NjNjMmQ4ZDI0YjI0MTU3OTVlYjE1ZGQyZTY3MjhlZjBlZjgzOWRjYWFiMGM0YTBmYzE5ZTFmM2FiOJEqTxUaoDcg20OFVbxxlVbu55whqIFZeUdZ4pUaIsp%2Bdk2mSj53FzYu%2BTp5VVwHXOxDBD%2F9VuwPQzCsGj2oY%2FBBFLERY9fEKp%2FZrEPsLoHi; expires=Sat, 03-Dec-2022 20:33:00 GMT; Max-Age=86400; path=/; HttpOnly; secure
hash=Q2FrZQ%3D%3D.ODk4MzU0ZDY2NzdhY2M0YWIyMDg0MDczNTExY2EwMjkxYzg4NDk4NmU3ZmFiZWYzZTI0YTRlNGZjN2MyZDY5MKqhQH%2FFNjtU90BH%2BqjjPMJHVfpYoOVqA8oELViDc0Y5UZ4bW%2BaCVwwou9HY3h3ec4PdfMEX96m%2BBXv5AWpxhkU%3D; expires=Mon, 02-Jan-2023 20:33:00 GMT; Max-Age=2678400; path=/; secure
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XG86P0aTv30Re8Rp79unpKEEgE9%2FIX1uR0OVMHJWE4sDqJ3ilP4NrkyAlmtrOMuQdplODc1cUbn%2BM74jsLyk4qAMHWUKtIeM959dOw5SRGUB6qTjHuT1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7736d5ca8b72b4ee-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993 | 104.16.57.101 | 200 OK | 0 B |
URL HTTP/2static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993 IP104.16.57.101:0
GET /beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://za.gl
Connection: keep-alive
Referer: https://za.gl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 20:33:01 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/2022.10.1
last-modified: Fri, 21 Oct 2022 01:56:09 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 7736d5cd8e0d0b3d-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|