r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a2104f935c638b4767ca5ae0d738ef23
85c6af15af749be0ceeae6de17c36925b750f166
5d4789a3696bd7faa9916768cb627bbc89bf70a756d80e53860cbac13c2bc8b1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5D4789A3696BD7FAA9916768CB627BBC89BF70A756D80E53860CBAC13C2BC8B1"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13838
Expires: Sun, 29 Jan 2023 19:51:12 GMT
Date: Sun, 29 Jan 2023 16:00:34 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 81dd5c5cc5b3278876cb44dcb520a60f
c0511a59e9eccdcdda98717b87c89c5d59974808
41736c303afdb3d31e48724b107dcb22883cae02f3562308eb52d9164001a2de
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "41736C303AFDB3D31E48724B107DCB22883CAE02F3562308EB52D9164001A2DE"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16220
Expires: Sun, 29 Jan 2023 20:30:54 GMT
Date: Sun, 29 Jan 2023 16:00:34 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bf0c602d32b3c14606f22a86183b5e3c
6eabd8d83475eba731968abe1a05a8bfd272f160
6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 29 Jan 2023 15:35:38 GMT
content-type: application/json
age: 1496
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 302c7548412192add063ad6c8b99cf3b
e5d178931a27db036ce8daae302594d3ff7050b8
fc2bd9091006189e67e8074093805ee5492ce16e1dbfba32e083abeeae34969d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FC2BD9091006189E67E8074093805EE5492CE16E1DBFBA32E083ABEEAE34969D"
Last-Modified: Sat, 28 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18012
Expires: Sun, 29 Jan 2023 21:00:46 GMT
Date: Sun, 29 Jan 2023 16:00:34 GMT
Connection: keep-alive
oonrreward.xyz/
188.114.97.1200 OK 4.2 kB IP 188.114.97.1:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (706)
Hash 4602f964b8dae15afc8d129eae068305
ce10253cc2f7dd869a1a212c443cdab866365cf3
a4b535673d883fb2dc80b2ea0baa4e5d797604cc0d98f26b71a00276880b73ac
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: oonrreward.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 16:00:34 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.1.33-51+ubuntu22.04.1+deb.sury.org+1
Cache-Control: max-age=2592000
Access-Control-Allow-Origin: http://oonrreward.xyz
Vary: Accept-Encoding
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I23ll70CCk8XO9fXtghdlW8%2Fmtc9tpGJZF7rtIiWjPX185WcV3Vqu1tzN%2BSVx053m19eNCFe1is1MWo6BWT9%2F9I61z8bljtlKQenDhDYAHB2Fmo4LYbanfQ4ncgKJ5CF7g%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 79132e74bb100b3d-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: LLriAmC+q4GLeaIpcmATrnm2e+TCGSmpm9Dey21uTo/JMCqdJnuKanxMEjfRZR+da8+wqu+twyrRsfCHBTJT/A==
x-amz-request-id: P3N38YMTCPJRTE60
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 29 Jan 2023 15:21:26 GMT
age: 2348
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 16:00:34 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
oonrreward.xyz/css/bootstrap-custom.min.css
188.114.97.1200 OK 5.2 kB URL HTTP/1.1 oonrreward.xyz/css/bootstrap-custom.min.css
IP 188.114.97.1:0
File type ASCII text, with very long lines (25011), with no line terminators
Hash d06023a3a7739c3b7ba9904f83801a02
6c6d72f90df1ef41b0ec42d4fe0ac778d70ecf89
1334089a055032bbfe82c476f9a47ee9b3b5fcfbc41c7fbe81cf23bdc6a94132
GET /css/bootstrap-custom.min.css HTTP/1.1
Host: oonrreward.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://oonrreward.xyz/
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 16:00:34 GMT
Content-Type: text/css
Content-Length: 5219
Connection: keep-alive
Last-Modified: Thu, 26 Jan 2023 20:20:02 GMT
ETag: "61b3-5f330794fc395-gzip"
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R3EPYx3LqqKYDQ80xcVfVa5akz8j4suV5SA5tQhXvXXM30ZKud4UAU8jJqR1vCr9ENPUUZ7%2F%2FwhAEzFGFTyfDULszXKZP1%2BDxC8lwxQFL6bU2km4Krw4uqXVll0A9PlaRw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 79132e776e5b0b3d-OSL
alt-svc: h2=":443"; ma=60
oonrreward.xyz/css/parking2.min.css?v=6
188.114.97.1200 OK 3.6 kB URL HTTP/1.1 oonrreward.xyz/css/parking2.min.css?v=6
IP 188.114.97.1:0
File type ASCII text, with very long lines (20636), with no line terminators
Hash 5cf2b01f9651658e25089bf3cd23966d
180057cebbc65913dcb36114d2d79641a315a3e8
c18a4ab8c98ff4ce903823e7103783d1e20dfec722f5f2262ec1bb0d8f2354ad
GET /css/parking2.min.css?v=6 HTTP/1.1
Host: oonrreward.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://oonrreward.xyz/
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 16:00:34 GMT
Content-Type: text/css
Content-Length: 3636
Connection: keep-alive
Last-Modified: Thu, 26 Jan 2023 20:20:02 GMT
ETag: "509c-5f330794fc395-gzip"
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fibW1T5YYgHxkfnJjdiwJDksgtEtzEDKu%2FRU3nf8%2FmtjOO02%2F8Z1ylvj3dT0RVf%2BcU8ATn4dhGSN7wQOvWhQ%2BfMFCcKrs283yM4SkjAF1JLeTxnXK8EkoJZJ2KAyabbmeQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 79132e776f5f1c0a-OSL
alt-svc: h2=":443"; ma=60
oonrreward.xyz/js/global.js?v=1
188.114.97.1200 OK 815 B URL HTTP/1.1 oonrreward.xyz/js/global.js?v=1
IP 188.114.97.1:0
Hash b8ffea10ebb902712bcfa786a9cebbb7
8ae6d6f6517ce28302841048640a4414227ec8c2
65489ebee4804ab5870c1e451b13ee9c1677e6175211dc7e107d73b920516ec0
Analyzer Verdict Alert fortinet Malware
GET /js/global.js?v=1 HTTP/1.1
Host: oonrreward.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://oonrreward.xyz/
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 16:00:34 GMT
Content-Type: application/javascript
Content-Length: 815
Connection: keep-alive
Last-Modified: Thu, 26 Jan 2023 20:20:02 GMT
ETag: "7bb-5f330795030f5-gzip"
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7tWEIaxvwsEFZYvox9lebwO3yJTZEkuP7jjAOeSeudzSq6tFamocg5CQdOk4xlnhTLSb5j6J1M7x%2FPk9EgIrwO9g0KTsqHUmx%2BelZ66KXv10Mb9c6LCSwD5XSZR3Hx%2BzcA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 79132e777ab6b523-OSL
alt-svc: h2=":443"; ma=60
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 8c630e9bbc930d1c367efa81b67be3f7
ec536695531d40a813d99a06271c7c2d698d51d3
39ca0a60c3e2e85712757ead0830d0da82beac1e4f44b6e90243e5ca9326bf4b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 16:00:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 8c630e9bbc930d1c367efa81b67be3f7
ec536695531d40a813d99a06271c7c2d698d51d3
39ca0a60c3e2e85712757ead0830d0da82beac1e4f44b6e90243e5ca9326bf4b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 16:00:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
oonrreward.xyz/images/opt/css_sprites.png
188.114.97.1200 OK 15 kB URL HTTP/1.1 oonrreward.xyz/images/opt/css_sprites.png
IP 188.114.97.1:0
File type PNG image data, 180 x 150, 8-bit/color RGBA, non-interlaced\012- data
Hash b0315122446d6025e63cd553c7fe065c
85d8fa7450c94cc70ca28ad07fc31a9b12280199
f9fbc88487b65700e274cd9554e3e270e18b5c0085d75403ca079d4010bbfc29
GET /images/opt/css_sprites.png HTTP/1.1
Host: oonrreward.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://oonrreward.xyz/css/parking2.min.css?v=6
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 16:00:34 GMT
Content-Type: image/png
Content-Length: 14784
Connection: keep-alive
Last-Modified: Thu, 26 Jan 2023 20:20:02 GMT
ETag: "39c0-5f330794ff275"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CKG6CzJ9WRrDSN6d3E%2BD7%2F5jTr3Rfy5TOb1drErc1jZLspgxKzW2XcJvePAldmFQOggC3boQl4gEXksReIJIHHXWvitMnaQEGldybz5qTGk0A51aHyqkeE9XVi6gYAzpDg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79132e781b9ab523-OSL
alt-svc: h2=":443"; ma=60
oonrreward.xyz/images/epik-domain-names-dark.svg
188.114.97.1200 OK 2.0 kB URL HTTP/1.1 oonrreward.xyz/images/epik-domain-names-dark.svg
IP 188.114.97.1:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1280)
Hash aab2da6978bc7571be5d72c6ea25c7c1
164d6da02054a6b0df43046065b2ee37214728a0
7655ac0dc329e0d5144343e1a52ca847747ea171de4416fcf18236d27a687243
Analyzer Verdict Alert fortinet Malware
GET /images/epik-domain-names-dark.svg HTTP/1.1
Host: oonrreward.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://oonrreward.xyz/
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 16:00:34 GMT
Content-Type: image/svg+xml
Content-Length: 2020
Connection: keep-alive
Last-Modified: Thu, 26 Jan 2023 20:20:02 GMT
ETag: "1497-5f330794fd335-gzip"
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bAH6ONSgaY0XjTatMmqQ0yFFgFCEBtlhKjyltNsxXcdAfcZdChs4sdjv92uIhNcMuQMVaL8Eb7kDH0Hyvp7NEAPHduoGyWlRM74zFC%2FLkvu6uM%2BWIoyx4f3TxcCjaOFSXA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 79132e7818141c0a-OSL
alt-svc: h2=":443"; ma=60
oonrreward.xyz/images/parking2/bg/a18.jpg
188.114.97.1200 OK 70 kB URL HTTP/1.1 oonrreward.xyz/images/parking2/bg/a18.jpg
IP 188.114.97.1:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1440x850, components 3\012- data
Hash b42d146949ba703bd24eccfb2fd77952
01c50ae233e5c5a54c4e64b0943f5bac2a0671df
d3c707d2faf0b09856b1868a625bb1f6535f9ababa1d041ada9e25ed2909d2a9
GET /images/parking2/bg/a18.jpg HTTP/1.1
Host: oonrreward.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://oonrreward.xyz/
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 16:00:34 GMT
Content-Type: image/jpeg
Content-Length: 69830
Connection: keep-alive
Last-Modified: Thu, 26 Jan 2023 20:20:02 GMT
ETag: "110c6-5f33079500215"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6RrLaLtuaTtAJHeppvVt2eOknWimM25c289Jh0cQ32HpnSj5s5zg9eAH9ODAfzjK2TjkNZ%2FmmPig6cczDdLsvtuObn14t1Nsw1kFstaFyvfKaVlR70Z6Az069J0Pg2c%2Ffg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79132e781f150b3d-OSL
alt-svc: h2=":443"; ma=60
fonts.googleapis.com/css?display=swap&family=Open+Sans:400,600
142.250.74.138200 OK 1.2 kB URL HTTP/2 fonts.googleapis.com/css?display=swap&family=Open+Sans:400,600
IP 142.250.74.138:0
Hash bd7c968f2f01d87051ed3a4f3464ad93
1c127888420e664f3a7fa2be526d93319df510b9
b71b487337787aa3940833239aba7e1b0247dd4bb92b85a993ada6ec12b2bc90
GET /css?display=swap&family=Open+Sans:400,600 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://oonrreward.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 29 Jan 2023 16:00:34 GMT
date: Sun, 29 Jan 2023 16:00:34 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
oonrreward.xyz/images/opt/domain_pay_left2.jpg
188.114.97.1200 OK 7.2 kB URL HTTP/1.1 oonrreward.xyz/images/opt/domain_pay_left2.jpg
IP 188.114.97.1:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 295x71, components 3\012- data
Hash 243c9a45b6e1b7189f881cd1f4ea4c10
994682a93d63068cdaeda8641e03a2e667354783
b891313c9bdc259c1b5b99361e86fbdf16d1256d481ce21d98cdd56e1074a37e
GET /images/opt/domain_pay_left2.jpg HTTP/1.1
Host: oonrreward.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://oonrreward.xyz/
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 16:00:34 GMT
Content-Type: image/jpeg
Content-Length: 7204
Connection: keep-alive
Last-Modified: Thu, 26 Jan 2023 20:20:02 GMT
ETag: "1c24-5f330794ff275"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VkSqowZHmP3dmzl1i5e3147Mgn6qctodwtePg5yGEMwmOESDxxlB%2F9NMuLIDPFVniQHfBiU%2Fn4eguxpNi00oc%2F7uMdKevs1qZALd1sUS47mAGYpGk%2B82JcPE4aa0UR5%2FOg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79132e781b90b512-OSL
alt-svc: h2=":443"; ma=60
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 8c630e9bbc930d1c367efa81b67be3f7
ec536695531d40a813d99a06271c7c2d698d51d3
39ca0a60c3e2e85712757ead0830d0da82beac1e4f44b6e90243e5ca9326bf4b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 16:00:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cust-api.trustratings.com/api/v1/widget/epik.com?background=white&orientation=horizontal
136.243.10.248200 OK 1.9 kB URL HTTP/1.1 cust-api.trustratings.com/api/v1/widget/epik.com?background=white&orientation=horizontal
IP 136.243.10.248:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4449), with CRLF line terminators
Hash 67f271feb27dabb535d7639a5b7e0ed7
7760ad35d2bc9059b6f672de741a650f9feaff02
235d33780af0a1e8a1d639437d3d348a866330e0d3f8d3ba8a7406b3e41d6bc5
GET /api/v1/widget/epik.com?background=white&orientation=horizontal HTTP/1.1
Host: cust-api.trustratings.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://oonrreward.xyz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sun, 29 Jan 2023 16:00:34 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: X-Requested-With
ETag: W/"2c20-RqAh0cErAln3DLHjBHk0dw2qo+8"
Vary: Accept-Encoding
Content-Encoding: gzip
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3ad9357ec4480429dd939b6ebcbcd3b3
5583182316c23a858d88d459be6aeab1edc61951
fb3588fd6388935fc5fe5fb427a4e413265edafd6ae94c3da7cbe81cf46ba6bc
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "FB3588FD6388935FC5FE5FB427A4E413265EDAFD6AE94C3DA7CBE81CF46BA6BC"
Last-Modified: Sun, 29 Jan 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21551
Expires: Sun, 29 Jan 2023 21:59:45 GMT
Date: Sun, 29 Jan 2023 16:00:34 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 8cf65fcdafa84b63cf7005fe57927fcb
3f7d163a96e7f00eb2de9828624ec46e22b4b40a
dfcf629cc49444f646f3a014014a91e36251b4b43655ce2e2eca55263dd196e3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 16:00:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 8cf65fcdafa84b63cf7005fe57927fcb
3f7d163a96e7f00eb2de9828624ec46e22b4b40a
dfcf629cc49444f646f3a014014a91e36251b4b43655ce2e2eca55263dd196e3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 16:00:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
216.58.207.227200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://oonrreward.xyz
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 23 Jan 2023 18:52:41 GMT
expires: Tue, 23 Jan 2024 18:52:41 GMT
cache-control: public, max-age=31536000
age: 508073
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://oonrreward.xyz
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 25 Jan 2023 19:33:54 GMT
expires: Thu, 25 Jan 2024 19:33:54 GMT
cache-control: public, max-age=31536000
age: 332800
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmYUtfBBc4.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmYUtfBBc4.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15752, version 1.0\012- data
Hash b20371a6daf29d4a1f2e85dbbf40fb20
0355a01c1ccb45cb728e7e07c41c8ebf456f70bb
7e262106f82cc52663e403f5b73795bbeab9ca0630c33c03579354fbcd4fae1e
GET /s/roboto/v30/KFOlCnqEu92Fr1MmYUtfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://oonrreward.xyz
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15752
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 27 Jan 2023 01:49:59 GMT
expires: Sat, 27 Jan 2024 01:49:59 GMT
cache-control: public, max-age=31536000
age: 223835
last-modified: Wed, 11 May 2022 19:24:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 8cf65fcdafa84b63cf7005fe57927fcb
3f7d163a96e7f00eb2de9828624ec46e22b4b40a
dfcf629cc49444f646f3a014014a91e36251b4b43655ce2e2eca55263dd196e3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 16:00:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
oonrreward.xyz/js/lab.min.js
188.114.97.1200 OK 1.7 kB URL HTTP/1.1 oonrreward.xyz/js/lab.min.js
IP 188.114.97.1:0
File type ASCII text, with very long lines (4493), with no line terminators
Hash 8fad69de47e5fc77fca5fa1919633d5d
862db45036d4fa4cc12d1a86108cb2cf67ebfccb
2923bca21647bf9fc2819c28bf2536464f33a3bb76344cdb0740bf86477e917b
Analyzer Verdict Alert fortinet Malware
GET /js/lab.min.js HTTP/1.1
Host: oonrreward.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://oonrreward.xyz/
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 16:00:34 GMT
Content-Type: text/javascript
Content-Length: 1742
Connection: keep-alive
Last-Modified: Thu, 26 Jan 2023 20:20:02 GMT
ETag: "118d-5f33079504095-gzip"
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eJ7DEL9UCESUfN54NMXatPLsKSutcYzYOcBW1ff5cjHwi9wiORJ4xVKAq3bQHJByMNK%2BIVPSTCsqyaXL%2BPpCsygP1zxsJSMGPVNzSTXG9MX8HmUKlD8no1oiDw4wJjBjdw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 79132e777f6d1c0a-OSL
alt-svc: h2=":443"; ma=60
oonrreward.xyz/js/openpixel.min.js?t=1675036800000
188.114.97.1200 OK 2.7 kB URL HTTP/1.1 oonrreward.xyz/js/openpixel.min.js?t=1675036800000
IP 188.114.97.1:0
File type ASCII text, with very long lines (7001)
Hash bd6cf4433c1e0787ff744b738014fc80
a1cf8540bb3f9468877c6a4732a7ab756d4de429
40c9e88b079a2998191a377a9c359000a64dfd26b9f09ba80140f81189003a27
Analyzer Verdict Alert fortinet Malware
GET /js/openpixel.min.js?t=1675036800000 HTTP/1.1
Host: oonrreward.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://oonrreward.xyz/
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 16:00:34 GMT
Content-Type: application/javascript
Content-Length: 2706
Connection: keep-alive
Last-Modified: Thu, 26 Jan 2023 20:20:02 GMT
ETag: "1bb0-5f33079504095-gzip"
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DKHDltdb3auSeFG1lbuq1MtNAljbNhetpLxaVIKRi1fgNU7wUkH5NfcdieobperrT2l4MpiolbffO3bIF%2B%2Fzk7XbAYv4b58pqclYgMm1b%2Fzf%2Bf3tCWAnDB22T5F3zG2pzg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 79132e7988b10b3d-OSL
alt-svc: h2=":443"; ma=60
oonrreward.xyz/images/opt/domain_pay_right2.jpg
188.114.97.1200 OK 8.4 kB URL HTTP/1.1 oonrreward.xyz/images/opt/domain_pay_right2.jpg
IP 188.114.97.1:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 295x71, components 3\012- data
Hash d70c93ec48ac59e0d518fae522712948
beb4793cacc2958842ed1994f4d120ed09127291
16d744b5dc6039026db6e80e61251a3959ff1c098969f21887ffc81884cd908b
GET /images/opt/domain_pay_right2.jpg HTTP/1.1
Host: oonrreward.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://oonrreward.xyz/
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 16:00:34 GMT
Content-Type: image/jpeg
Content-Length: 8427
Connection: keep-alive
Last-Modified: Thu, 26 Jan 2023 20:20:02 GMT
ETag: "20eb-5f330794ff275"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UWv287dqf0ZfpjyS6kJ6MHMtfolcDaT9igAvKdR3Mb0rtgWDDEhlcyHqHMN%2FyZIJbaZ5If1n%2BELgfKAeTT1vs%2B8rNKKKFQFg9kJQtQjF6ZrgnVJuTUt0XkbfGTBA07MpUA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79132e781f0a0b3d-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a90347e5f24097076387e7cf951fcca7
6530153f737697d9778333cbbe4a50ccdb864ef3
e8e4c41e97bf3dfd4ab532448229c53ae406999afde3fd0476ad69d311ee87f6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E8E4C41E97BF3DFD4AB532448229C53AE406999AFDE3FD0476AD69D311EE87F6"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16367
Expires: Sun, 29 Jan 2023 20:33:21 GMT
Date: Sun, 29 Jan 2023 16:00:34 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3ad9357ec4480429dd939b6ebcbcd3b3
5583182316c23a858d88d459be6aeab1edc61951
fb3588fd6388935fc5fe5fb427a4e413265edafd6ae94c3da7cbe81cf46ba6bc
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "FB3588FD6388935FC5FE5FB427A4E413265EDAFD6AE94C3DA7CBE81CF46BA6BC"
Last-Modified: Sun, 29 Jan 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21550
Expires: Sun, 29 Jan 2023 21:59:45 GMT
Date: Sun, 29 Jan 2023 16:00:35 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Last-Modified, ETag, Content-Length, Expires, Cache-Control, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 29 Jan 2023 15:41:41 GMT
age: 1134
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3ad9357ec4480429dd939b6ebcbcd3b3
5583182316c23a858d88d459be6aeab1edc61951
fb3588fd6388935fc5fe5fb427a4e413265edafd6ae94c3da7cbe81cf46ba6bc
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "FB3588FD6388935FC5FE5FB427A4E413265EDAFD6AE94C3DA7CBE81CF46BA6BC"
Last-Modified: Sun, 29 Jan 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21550
Expires: Sun, 29 Jan 2023 21:59:45 GMT
Date: Sun, 29 Jan 2023 16:00:35 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c8851faac4ef564fdb5d1a5504bbe0bc
2576d3ef7fb71cb4f06916de5b08fee8db18391e
ecc5960beec9ae0c2bbcc5eac414e3dd9c9438edf181463b90d2b0792c816c32
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "ECC5960BEEC9AE0C2BBCC5EAC414E3DD9C9438EDF181463B90D2B0792C816C32"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14078
Expires: Sun, 29 Jan 2023 19:55:13 GMT
Date: Sun, 29 Jan 2023 16:00:35 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 16a7b6a7128312e2f985d30df18c4487
6017bff79ffb525d9c7f9f32b999b74b5dc69602
663fd12209627f08e759c2ed1c76278a5da79dae1e0b46082dd1bb44775f7a16
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "663FD12209627F08E759C2ED1C76278A5DA79DAE1E0B46082DD1BB44775F7A16"
Last-Modified: Fri, 27 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14859
Expires: Sun, 29 Jan 2023 20:08:14 GMT
Date: Sun, 29 Jan 2023 16:00:35 GMT
Connection: keep-alive
oonrreward.xyz/
188.114.96.1200 OK 11 kB IP 188.114.96.1:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (706)
Hash 5ea6814aec55fd8ca3243cb638edde70
185ea5aebf3917272b41e7333de98fb7e1dba558
757583e4b2031b8a5ce4e851a3a28f46b1e42c6d69e00b325a1e807ce267adc3
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: oonrreward.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://oonrreward.xyz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 16:00:35 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.1.33-51+ubuntu20.04.1+deb.sury.org+1
cache-control: max-age=2592000
access-control-allow-origin: http://oonrreward.xyz
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D2nkwijSu%2BnPBYxnpNZ1GY9z8TbrjGtxIuPP2QTVN24%2FzVDFKOTz3gIauPv4fFAau5YnGQrazJeZxt5kq0D0ARtPqNOVv6TG0T9Kz2roLlcq25uIMPUArmqCNAGoSaM%2FYQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79132e7ba870b529-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 2.5 kB IP 142.250.74.131:0
Hash 08ba0fd9522c3e826e3e209d9b1e054c
5e55baea2a5bd67df388edaeb3a677231f28ecce
021869aac11ed8fce0c2159c7936640395fe716af899fe9cd7289c23471c5f7c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 16:00:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 5.8 kB IP 142.250.74.131:0
Hash 154b4c01a9aa8836a44fd2af56602a68
c9bc67bfc149f8b84dbbbd21299ac755ebc26d97
d1d36cfefd7a99dbd041204222dfba4415646c03b2489e1d541d3287cd48fe47
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 16:00:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 752fa7590dcbcb0efe805262c9d6d43f
d3a42ac694f425cac9dd9e079c6fe06ed0e68977
7ce3c92b658fe087529f8f332580ee9886cdc2e101afc0e76765a3330e3acba6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7CE3C92B658FE087529F8F332580EE9886CDC2E101AFC0E76765A3330E3ACBA6"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12851
Expires: Sun, 29 Jan 2023 19:34:46 GMT
Date: Sun, 29 Jan 2023 16:00:35 GMT
Connection: keep-alive
cust-api.trustratings.com/api/v1/widget/epik.com?background=white&orientation=horizontal
136.243.10.248200 OK 1.9 kB URL HTTP/1.1 cust-api.trustratings.com/api/v1/widget/epik.com?background=white&orientation=horizontal
IP 136.243.10.248:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4449), with CRLF line terminators
Hash 67f271feb27dabb535d7639a5b7e0ed7
7760ad35d2bc9059b6f672de741a650f9feaff02
235d33780af0a1e8a1d639437d3d348a866330e0d3f8d3ba8a7406b3e41d6bc5
GET /api/v1/widget/epik.com?background=white&orientation=horizontal HTTP/1.1
Host: cust-api.trustratings.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oonrreward.xyz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sun, 29 Jan 2023 16:00:35 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: X-Requested-With
ETag: W/"2c20-RqAh0cErAln3DLHjBHk0dw2qo+8"
Vary: Accept-Encoding
Content-Encoding: gzip
static.zdassets.com/ekr/snippet.js?key=1546ebb5-45e1-49c4-94dc-4b5d44a6d66c
104.18.72.113200 OK 6.7 kB URL HTTP/2 static.zdassets.com/ekr/snippet.js?key=1546ebb5-45e1-49c4-94dc-4b5d44a6d66c
IP 104.18.72.113:0
File type ASCII text, with very long lines (23416), with no line terminators
Hash 5707839b8debbfe7588ace2791e8e930
fc4f8281cd133297ba0b92a7ea54c4553c943726
0770841399343db848c2daf566b95356f15af7b162593b8bc898ee22545d1565
GET /ekr/snippet.js?key=1546ebb5-45e1-49c4-94dc-4b5d44a6d66c HTTP/1.1
Host: static.zdassets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oonrreward.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 16:00:35 GMT
content-type: application/javascript
x-amz-id-2: VYKORFZEK8ncQjbBiiAK6oiTYdRdkzwPfaxRM/jinB20cI8N0LqXAF6x6uRMZJVhRKA1YH5Ltb2qBhbqYLdq5g==
x-amz-request-id: EBZ4ZRD66V3TGNXR
x-amz-replication-status: COMPLETED
last-modified: Thu, 28 Jul 2022 23:44:02 GMT
etag: W/"5cae6ce528dce0c327b2bcbaad459fdb"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=3600, s-maxage=60
x-amz-version-id: TCAqq4sghBBBAAXd3MLZ8Fy8XIds..vO
cf-cache-status: HIT
age: 60
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hd6ygP77prBvzhiXTDbzl1DDWpjoc7sn%2Fr016%2BRuRaDe%2BZtcM9oh2jY28QHCayESPr1i9%2Fs%2BZfHRUK4nmwV%2BqGJgGUEnGk21zBmEMVloyYasfVFa0yVo%2B%2F8iR1JoQhZmC3WW8JA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=0
server: cloudflare
cf-ray: 79132e7d1a1c1c16-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash db3290a85d0ba4da27406ae9636aa618
4c69da45eddd66a1e26fce5562fc45eda7005309
19db4d0cc84bff9586883a5fa69c426af0b5fc1c2760ee7c259b0307c8afa6b2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 16:00:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 8cf65fcdafa84b63cf7005fe57927fcb
3f7d163a96e7f00eb2de9828624ec46e22b4b40a
dfcf629cc49444f646f3a014014a91e36251b4b43655ce2e2eca55263dd196e3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 16:00:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 8cf65fcdafa84b63cf7005fe57927fcb
3f7d163a96e7f00eb2de9828624ec46e22b4b40a
dfcf629cc49444f646f3a014014a91e36251b4b43655ce2e2eca55263dd196e3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 16:00:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
oonrreward.xyz/
188.114.97.1200 OK 20 kB IP 188.114.97.1:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (706)
Hash a9ecf70f448ee6270f27e9aefb810250
0cec35f83d6060f8d9229e8f3ec1c49dceaa9bd7
6bcf4649232ffad79f96e6fdcc4852f711343df4c2b74b36266ecd8db2a93c4e
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: oonrreward.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://oonrreward.xyz
Connection: keep-alive
Referer: http://oonrreward.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 16:00:34 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.1.33-51+ubuntu22.04.1+deb.sury.org+1
cache-control: max-age=2592000
access-control-allow-origin: http://oonrreward.xyz
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9k7XUBmVmRBHd4MhVlx79aoN5a4vMr%2BlL2YzeYQUydHwgkiFaQOADY0mV2s5%2BwrSt1f%2F3qqiPcp1kA2FMPSe48nwQkIl%2FSF7V1fuMVXZFhLexcAUzjlfePi0tUCK6nwshg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79132e78ac1cb505-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pixel.epik.com/pixel.gif?id=parking&uid=1-d7t0uqgv-ldhkjhh9&ev=pageload&ed=oonrreward.xyz&v=1&dl=http%3A%2F%2Foonrreward.xyz%2F&rl=&ts=1675008042776&de=UTF-8&sr=1280x1024&vp=1280x939&cd=24&dt=oonrreward.xyz%20-%20contact%20with%20domain%20owner%20%7C%20Epik.com&bn=Firefox%20105&md=false&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&tz=0&utm_source=&utm_medium=&utm_term=&utm_content=&utm_campaign=
102.223.180.96200 OK 42 B URL HTTP/1.1 pixel.epik.com/pixel.gif?id=parking&uid=1-d7t0uqgv-ldhkjhh9&ev=pageload&ed=oonrreward.xyz&v=1&dl=http%3A%2F%2Foonrreward.xyz%2F&rl=&ts=1675008042776&de=UTF-8&sr=1280x1024&vp=1280x939&cd=24&dt=oonrreward.xyz%20-%20contact%20with%20domain%20owner%20%7C%20Epik.com&bn=Firefox%20105&md=false&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&tz=0&utm_source=&utm_medium=&utm_term=&utm_content=&utm_campaign=
IP 102.223.180.96:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
POST /pixel.gif?id=parking&uid=1-d7t0uqgv-ldhkjhh9&ev=pageload&ed=oonrreward.xyz&v=1&dl=http%3A%2F%2Foonrreward.xyz%2F&rl=&ts=1675008042776&de=UTF-8&sr=1280x1024&vp=1280x939&cd=24&dt=oonrreward.xyz%20-%20contact%20with%20domain%20owner%20%7C%20Epik.com&bn=Firefox%20105&md=false&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&tz=0&utm_source=&utm_medium=&utm_term=&utm_content=&utm_campaign= HTTP/1.1
Host: pixel.epik.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://oonrreward.xyz
Connection: keep-alive
Referer: http://oonrreward.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 Jan 2023 16:00:35 GMT
Content-Type: image/gif
Content-Length: 42
Last-Modified: Mon, 09 Jan 2023 14:22:48 GMT
Connection: keep-alive
ETag: "63bc2338-2a"
Expires: Sun, 29 Jan 2023 17:00:35 GMT
Cache-Control: max-age=3600
Accept-Ranges: bytes
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
216.58.207.227200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://oonrreward.xyz
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 23 Jan 2023 18:52:41 GMT
expires: Tue, 23 Jan 2024 18:52:41 GMT
cache-control: public, max-age=31536000
age: 508074
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmYUtfBBc4.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmYUtfBBc4.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15752, version 1.0\012- data
Hash b20371a6daf29d4a1f2e85dbbf40fb20
0355a01c1ccb45cb728e7e07c41c8ebf456f70bb
7e262106f82cc52663e403f5b73795bbeab9ca0630c33c03579354fbcd4fae1e
GET /s/roboto/v30/KFOlCnqEu92Fr1MmYUtfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://oonrreward.xyz
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15752
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 27 Jan 2023 01:49:59 GMT
expires: Sat, 27 Jan 2024 01:49:59 GMT
cache-control: public, max-age=31536000
age: 223836
last-modified: Wed, 11 May 2022 19:24:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a90347e5f24097076387e7cf951fcca7
6530153f737697d9778333cbbe4a50ccdb864ef3
e8e4c41e97bf3dfd4ab532448229c53ae406999afde3fd0476ad69d311ee87f6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E8E4C41E97BF3DFD4AB532448229C53AE406999AFDE3FD0476AD69D311EE87F6"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16366
Expires: Sun, 29 Jan 2023 20:33:21 GMT
Date: Sun, 29 Jan 2023 16:00:35 GMT
Connection: keep-alive
push.services.mozilla.com/
44.236.232.139101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 44.236.232.139:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: iHKPy7/OtbNsZbqBe2CwOw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: s4KsooBNYroj7+jSwimTFlLEuSk=
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c8851faac4ef564fdb5d1a5504bbe0bc
2576d3ef7fb71cb4f06916de5b08fee8db18391e
ecc5960beec9ae0c2bbcc5eac414e3dd9c9438edf181463b90d2b0792c816c32
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "ECC5960BEEC9AE0C2BBCC5EAC414E3DD9C9438EDF181463B90D2B0792C816C32"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14078
Expires: Sun, 29 Jan 2023 19:55:13 GMT
Date: Sun, 29 Jan 2023 16:00:35 GMT
Connection: keep-alive
serve.targetednetworks.com/delivery/load
45.33.20.235302 Moved Temporarily 167 B URL HTTP/1.1 serve.targetednetworks.com/delivery/load
IP 45.33.20.235:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 1dd977065c1e457e5fe1c16c8c83abdd
6dc6acfc9432bd4f48927f4d3ffe23ca6a2eb504
a2b66bda5d606b25a9a6f90b47113590083c3f2477e319567cbc783412c34f83
Analyzer Verdict Alert fortinet Phishing
GET /delivery/load HTTP/1.1
Host: serve.targetednetworks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oonrreward.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
Server: openresty/1.13.6.1
Date: Sun, 29 Jan 2023 16:00:35 GMT
Content-Type: text/html
Content-Length: 167
Connection: close
Location: http://serve.targetednetworks.com/delivery/load
Set-Cookie: mtmssl=1;Domain=serve.targetednetworks.com;Path=/;Max-Age=120
pixel.epik.com/pixel.gif?id=parking&uid=1-d7t0uqgv-ldhkjhh9&ev=pageclose&ed=&v=1&dl=http%3A%2F%2Foonrreward.xyz%2F&rl=&ts=1675008043154&de=UTF-8&sr=1280x1024&vp=1280x939&cd=24&dt=oonrreward.xyz%20-%20contact%20with%20domain%20owner%20%7C%20Epik.com&bn=Firefox%20105&md=false&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&tz=0&utm_source=&utm_medium=&utm_term=&utm_content=&utm_campaign=
102.223.180.96200 OK 42 B URL HTTP/1.1 pixel.epik.com/pixel.gif?id=parking&uid=1-d7t0uqgv-ldhkjhh9&ev=pageclose&ed=&v=1&dl=http%3A%2F%2Foonrreward.xyz%2F&rl=&ts=1675008043154&de=UTF-8&sr=1280x1024&vp=1280x939&cd=24&dt=oonrreward.xyz%20-%20contact%20with%20domain%20owner%20%7C%20Epik.com&bn=Firefox%20105&md=false&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&tz=0&utm_source=&utm_medium=&utm_term=&utm_content=&utm_campaign=
IP 102.223.180.96:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
POST /pixel.gif?id=parking&uid=1-d7t0uqgv-ldhkjhh9&ev=pageclose&ed=&v=1&dl=http%3A%2F%2Foonrreward.xyz%2F&rl=&ts=1675008043154&de=UTF-8&sr=1280x1024&vp=1280x939&cd=24&dt=oonrreward.xyz%20-%20contact%20with%20domain%20owner%20%7C%20Epik.com&bn=Firefox%20105&md=false&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&tz=0&utm_source=&utm_medium=&utm_term=&utm_content=&utm_campaign= HTTP/1.1
Host: pixel.epik.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://oonrreward.xyz
Connection: keep-alive
Referer: http://oonrreward.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 Jan 2023 16:00:35 GMT
Content-Type: image/gif
Content-Length: 42
Last-Modified: Mon, 09 Jan 2023 14:22:48 GMT
Connection: keep-alive
ETag: "63bc2338-2a"
Expires: Sun, 29 Jan 2023 17:00:35 GMT
Cache-Control: max-age=3600
Accept-Ranges: bytes
pixel.epik.com/pixel.gif?id=parking&uid=1-wq9h3pcp-ldhkjhvv&ev=pageload&ed=oonrreward.xyz&v=1&dl=https%3A%2F%2Foonrreward.xyz%2F&rl=http%3A%2F%2Foonrreward.xyz%2F&ts=1675008043294&de=UTF-8&sr=1280x1024&vp=1280x939&cd=24&dt=oonrreward.xyz%20-%20contact%20with%20domain%20owner%20%7C%20Epik.com&bn=Firefox%20105&md=false&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&tz=0&utm_source=&utm_medium=&utm_term=&utm_content=&utm_campaign=
102.223.180.96200 OK 1.8 kB URL HTTP/1.1 pixel.epik.com/pixel.gif?id=parking&uid=1-wq9h3pcp-ldhkjhvv&ev=pageload&ed=oonrreward.xyz&v=1&dl=https%3A%2F%2Foonrreward.xyz%2F&rl=http%3A%2F%2Foonrreward.xyz%2F&ts=1675008043294&de=UTF-8&sr=1280x1024&vp=1280x939&cd=24&dt=oonrreward.xyz%20-%20contact%20with%20domain%20owner%20%7C%20Epik.com&bn=Firefox%20105&md=false&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&tz=0&utm_source=&utm_medium=&utm_term=&utm_content=&utm_campaign=
IP 102.223.180.96:0
Hash cd026140b17116057ff36e7514db0038
cdb482a12ee3e12cbd3d92dd3f402714af1be029
b6650466da5c62a5bb8ecc95689ce46dce40c2f9cb0acc799bc02a60d7663dfd
POST /pixel.gif?id=parking&uid=1-wq9h3pcp-ldhkjhvv&ev=pageload&ed=oonrreward.xyz&v=1&dl=https%3A%2F%2Foonrreward.xyz%2F&rl=http%3A%2F%2Foonrreward.xyz%2F&ts=1675008043294&de=UTF-8&sr=1280x1024&vp=1280x939&cd=24&dt=oonrreward.xyz%20-%20contact%20with%20domain%20owner%20%7C%20Epik.com&bn=Firefox%20105&md=false&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&tz=0&utm_source=&utm_medium=&utm_term=&utm_content=&utm_campaign= HTTP/1.1
Host: pixel.epik.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://oonrreward.xyz
Connection: keep-alive
Referer: https://oonrreward.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 Jan 2023 16:00:35 GMT
Content-Type: image/gif
Content-Length: 42
Last-Modified: Mon, 09 Jan 2023 14:22:48 GMT
Connection: keep-alive
ETag: "63bc2338-2a"
Expires: Sun, 29 Jan 2023 17:00:35 GMT
Cache-Control: max-age=3600
Accept-Ranges: bytes
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4765
Expires: Sun, 29 Jan 2023 17:20:01 GMT
Date: Sun, 29 Jan 2023 16:00:36 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4765
Expires: Sun, 29 Jan 2023 17:20:01 GMT
Date: Sun, 29 Jan 2023 16:00:36 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4765
Expires: Sun, 29 Jan 2023 17:20:01 GMT
Date: Sun, 29 Jan 2023 16:00:36 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdf6aeac1-fd74-4724-86b5-f0e86d98c915.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdf6aeac1-fd74-4724-86b5-f0e86d98c915.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 43c4a8e963936a8064dbd2bd3c67b905
8508727c97127c98b886833af28b3470306216c2
070c29fe7c0a227029483d675eac863904ab6b291467acdf62167f4845699c21
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdf6aeac1-fd74-4724-86b5-f0e86d98c915.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8652
x-amzn-requestid: 5a5a883e-d7d4-4fc5-925a-3a95830c504e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fVguyG7BIAMFm8g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d214c4-390b59a32060e41203533c58;Sampled=0
x-amzn-remapped-date: Thu, 26 Jan 2023 05:51:00 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ewSsCY4u9DwRtaj00U9JCim9tYeCgHRuIQFpdHm4ttI6L02-e44iDQ==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Sat, 28 Jan 2023 23:11:24 GMT
age: 60552
etag: "8508727c97127c98b886833af28b3470306216c2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9a423a9-16ee-4e3f-b9b4-34f6a469aba9.jpeg
34.120.237.76200 OK 9.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9a423a9-16ee-4e3f-b9b4-34f6a469aba9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3be81f83687ddb6c93d3ff3c09a9dba2
50a48e737310d3f31840db4301b25927fbcc12c5
e78c909e2381898e7f546183784a05dff47c31734c95358aaada8c2777ad47be
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9a423a9-16ee-4e3f-b9b4-34f6a469aba9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9167
x-amzn-requestid: e6e0789c-a4a9-4ffa-a0ae-691770d1035b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fPF9YEBmIAMF0kQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cf8388-01d2093432d3959903671a69;Sampled=0
x-amzn-remapped-date: Tue, 24 Jan 2023 07:06:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: awfNeaKbFw2bjiTGwUrwUTxU-qbVS2eTjn948H8kn1hy7pi_DwLMlQ==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 28 Jan 2023 17:35:56 GMT
age: 80680
etag: "50a48e737310d3f31840db4301b25927fbcc12c5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8d4cfe7c-2bbe-4efd-b73a-59ea603c332f.jpeg
34.120.237.76200 OK 5.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8d4cfe7c-2bbe-4efd-b73a-59ea603c332f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4c77437e3a7361861aed8bfecbfe6bd6
fefd238c13c0fdfb7d964c90fcc8a8cbbf953034
282d15c443cb6232ae0a30046a0dc24360617355a4651cdba59b11e6f7313d8a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8d4cfe7c-2bbe-4efd-b73a-59ea603c332f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5594
x-amzn-requestid: d56c9b84-dc1f-4d5c-91bf-7db55058bf67
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fLyeEGOloAMFpzA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ce3126-5013a6b971d6800c5c85a4eb;Sampled=0
x-amzn-remapped-date: Mon, 23 Jan 2023 07:03:02 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: D2ZAelkDgsd0wjoOSoPRwTzhozs84_aIcgwU-QmbDrTnHztVD0VL_A==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 05:26:16 GMT
age: 38060
etag: "fefd238c13c0fdfb7d964c90fcc8a8cbbf953034"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fce27f1aa-8d31-4110-a47f-73de0b95926d.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fce27f1aa-8d31-4110-a47f-73de0b95926d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 10a6491e2c1dfde68c7cd7297e70700f
d0f195319825a6d3e5e50ad15b2fcab27cb65896
4d9353d5874e5ea03c25e1562db5f479c222a48db526fdd10ede7c2e6a4dd874
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fce27f1aa-8d31-4110-a47f-73de0b95926d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11470
x-amzn-requestid: 62d61967-9380-4ca9-b11a-531425dbd2ae
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fIf6WFgAIAMF6gw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cce042-6d9fe51029094b7f37c0a648;Sampled=0
x-amzn-remapped-date: Sun, 22 Jan 2023 07:05:38 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: rUIvvkZQ028ey3klplI-x9oZFugon5HsAWT-SN2GQo5hBeBJWqoMAg==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Sat, 28 Jan 2023 23:12:28 GMT
age: 60488
etag: "d0f195319825a6d3e5e50ad15b2fcab27cb65896"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg
34.120.237.76200 OK 4.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4205d8106659e00fff1cbe9262918b8c
ab4f6528594a1725934727dc7d834c028a79c609
31f1a28602a194bd0856495d4d81d5c72cd7ff4e5bad6bdd1a31ec3041f4a2cc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4475
x-amzn-requestid: b7b272d6-3089-4f33-89b5-5cb388640e10
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_e6HsaIAMF5Lg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d445f8-1789f7f4264270916da323db;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:45:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 4jPbm4WufkUKm7ljLvpHrJUFhr-JQ_nl3iYfI5S8nTqEszFdUtz9EQ==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 05:24:09 GMT
etag: "ab4f6528594a1725934727dc7d834c028a79c609"
content-type: image/jpeg
age: 38187
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5dcfee7f-f43c-4828-8113-8ba8eb26f727.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5dcfee7f-f43c-4828-8113-8ba8eb26f727.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d5ed99a9aed6f367efc5c9498ce87ff1
3123eb6f550c51fe17fc62eff943b3739e239a9b
536f45bf2eb41f7056df8b34964538005d6a0a4c6157def3fbdd9487f8c79027
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5dcfee7f-f43c-4828-8113-8ba8eb26f727.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10168
x-amzn-requestid: fe58fe3c-dd23-4614-b5a2-e91ef68c2ab7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fFOD7H-NIAMFcxw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cb907f-687fc51741d7ff97182d1955;Sampled=0
x-amzn-remapped-date: Sat, 21 Jan 2023 07:13:03 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: GEghrk0LlbdfqVAHey-W84Zk9XHT2PD268Vfxf85HEvil0Ra27YgPA==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 03:43:37 GMT
age: 44219
etag: "3123eb6f550c51fe17fc62eff943b3739e239a9b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ekr.zdassets.com/compose/1546ebb5-45e1-49c4-94dc-4b5d44a6d66c
104.18.70.113200 OK 211 B URL HTTP/2 ekr.zdassets.com/compose/1546ebb5-45e1-49c4-94dc-4b5d44a6d66c
IP 104.18.70.113:0
File type JSON data\012- , ASCII text, with very long lines (316), with no line terminators
Hash 6fad716ffa0db736209b78eb6d51e6ee
aca17540f324eeecf5e6d404177cfb09b0899f91
dd3362b46effa33302e409c486f9b0def7cab3cd637542f858b477d7b611732c
GET /compose/1546ebb5-45e1-49c4-94dc-4b5d44a6d66c HTTP/1.1
Host: ekr.zdassets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://oonrreward.xyz
Connection: keep-alive
Referer: https://oonrreward.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 16:00:36 GMT
content-type: application/json; charset=utf-8
status: 200 OK
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-expose-headers:
access-control-max-age: 7200
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
cdn-cache-control: max-age=60
cache-control: max-age=600, public, stale-while-revalidate=600, stale-if-error=21600
etag: W/"9b5ac84363436987b01e977fb61177c2"
x-request-id: 79132e7dcc79b4f1-SEA, 79132e7dcc79b4f1-SEA
x-runtime: 0.002707
vary: Origin, Accept-Encoding
x-zendesk-zorg: yes
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZqnFBV69FjIBWMXvZIKZa42iKYEqDXEdFBuhwwzyraP%2Bibm7S%2FIZxvcPAgmB5OcNb%2FoLGOzF7UmDCHMrdn0Tu73enMQj5uWeBGc%2Fq%2Fcv0Uqb9ISQdsWfzRtAI7PrNd%2FaFBc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
server: cloudflare
cf-ray: 79132e7dcc79b4f1-OSL
content-encoding: br
X-Firefox-Spdy: h2
epikcs.zendesk.com/frontendevents/pv?client=1B752747-577B-429A-A0E0-83861AF69088
104.16.53.111200 OK 0 B URL HTTP/2 epikcs.zendesk.com/frontendevents/pv?client=1B752747-577B-429A-A0E0-83861AF69088
IP 104.16.53.111:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /frontendevents/pv?client=1B752747-577B-429A-A0E0-83861AF69088 HTTP/1.1
Host: epikcs.zendesk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oonrreward.xyz/
Content-Type: application/json
Origin: https://oonrreward.xyz
Content-Length: 489
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 16:00:37 GMT
content-length: 0
access-control-allow-origin: *
vary: Origin
x-zendesk-zorg: yes
x-request-id: 79132e88780bb4f4-IAD
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PP0yB8tb%2F%2Fsly9gZeN7YyGlVu2%2FAr9rnQqdAE9v8C2QA0YXWW3LiXE%2F%2FsuzlGxKt4%2B%2Fg9NkZRlRVtrRVRooKXaCRKvB%2BpZxU7sGG2BYClAcyoL3BhG4PPIEUL6Wy7NVzSZQVnA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
set-cookie: __cfruid=7e4a17abafac3bc64b0a040f75d6572edfbfb425-1675008037; path=/; domain=.epikcs.zendesk.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 79132e88780bb4f4-OSL
X-Firefox-Spdy: h2
static.zdassets.com/web_widget/latest/messenger/web-widget-1663-3789e01.js
104.18.72.113200 OK 0 B URL HTTP/2 static.zdassets.com/web_widget/latest/messenger/web-widget-1663-3789e01.js
IP 104.18.72.113:0
GET /web_widget/latest/messenger/web-widget-1663-3789e01.js HTTP/1.1
Host: static.zdassets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 16:00:36 GMT
content-type: application/javascript; charset=utf-8
x-amz-id-2: rrICUt+iJhP+O2ay9uduAcz70Wi2K33w6UcjtJD7J7xeLaq0avbZsrw4menYtWdDh15XbaEfSZk=
x-amz-request-id: XZJJMN8WDCGXH41J
x-amz-replication-status: COMPLETED
last-modified: Tue, 24 Jan 2023 07:08:38 GMT
etag: W/"49256045b2d1fa7d640add6f4ec34272"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=31536000
expires: Wed, 24 Jan 2024 07:08:37 GMT
x-amz-version-id: HTvNzsf1jkxWPpD.YTbVv8yFV0JcCWun
cf-cache-status: HIT
age: 232053
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hqN9DKa8ruDUU4sARrRMrI2r99JIFZKlOaXqW29SdMY1iYbz0o1q4KLY9o3Ik5%2FiNeZsKzrcB6sqwEhFUI%2FwQ0f3v5U0kN%2BSJjxkkH%2FSQ1QJKK9Zc12rLpk1RQPiS8i97l%2Fk%2BfY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=0
server: cloudflare
cf-ray: 79132e861b251c16-OSL
content-encoding: br
X-Firefox-Spdy: h2
static.zdassets.com/web_widget/latest/messenger/web-widget-281-3789e01.js
104.18.72.113200 OK 0 B URL HTTP/2 static.zdassets.com/web_widget/latest/messenger/web-widget-281-3789e01.js
IP 104.18.72.113:0
GET /web_widget/latest/messenger/web-widget-281-3789e01.js HTTP/1.1
Host: static.zdassets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 16:00:36 GMT
content-type: application/javascript; charset=utf-8
x-amz-id-2: a9/4wAm4BMsr6AwKLS0E4UITO2M+qqNRhCnfWZxaB9Yl0usTklZ183H+5UtObNtC1h1nnLJbA7g=
x-amz-request-id: XZJPC1HQJK2FSXG0
x-amz-replication-status: COMPLETED
last-modified: Tue, 24 Jan 2023 07:08:38 GMT
etag: W/"c39460394752e650bbd875d6f242e099"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=31536000
expires: Wed, 24 Jan 2024 07:08:37 GMT
x-amz-version-id: kfs2KgWwH4.m.asQZ7_FEJ7XbR2wMvlU
cf-cache-status: HIT
age: 232053
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C4hfBcnnw3LEqvpngnhcpVLZx%2BhYeNsw4Jt7Himi1iDG%2BoxXEbFatq8DUJyaa4gbZLkVZihvKKIiJcc8oMZEKrgQH9pxR1cQKxVv0PtHYJPC%2BNiDi%2Bj4N%2Fj6Ih9YZELiIZTax6g%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=0
server: cloudflare
cf-ray: 79132e861b221c16-OSL
content-encoding: br
X-Firefox-Spdy: h2
static.zdassets.com/web_widget/latest/messenger/web-widget-9865-3789e01.js
104.18.72.113200 OK 0 B URL HTTP/2 static.zdassets.com/web_widget/latest/messenger/web-widget-9865-3789e01.js
IP 104.18.72.113:0
GET /web_widget/latest/messenger/web-widget-9865-3789e01.js HTTP/1.1
Host: static.zdassets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 16:00:37 GMT
content-type: application/javascript; charset=utf-8
x-amz-id-2: jkOJ8wlVQ5lZ+CK5YgrtnrHVEdSVvw6lh5sFpRmB3rTYlNUTnAIWILxe46S6B8yONQUBeGOWUwzPic6EDPqXlA==
x-amz-request-id: SG7DBG9SK2E4YR4Z
x-amz-replication-status: COMPLETED
last-modified: Tue, 24 Jan 2023 07:08:38 GMT
etag: W/"6825954fa6a452cbc50034ed21755927"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=31536000
expires: Wed, 24 Jan 2024 07:08:37 GMT
x-amz-version-id: wdVJ01gKI3ZR5JjGvZNeyb9Ss687Op4o
cf-cache-status: HIT
age: 232052
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zf0iKTnKus0Np%2BBPnG2PJ6xspjwJtXEQHcxh0MOaCAGRrBJrTpVMbKSJb9Mct1zstgyOaFgAk%2B%2FESGhVIMpO5et%2F3YkQiY3Q%2FXoYTm49MxmHbcBQ28xff3QCuPhVA5bomlFRY20%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=0
server: cloudflare
cf-ray: 79132e877cce1c16-OSL
content-encoding: br
X-Firefox-Spdy: h2
static.zdassets.com/web_widget/latest/messenger/web-widget-5614-3789e01.js
104.18.72.113200 OK 0 B URL HTTP/2 static.zdassets.com/web_widget/latest/messenger/web-widget-5614-3789e01.js
IP 104.18.72.113:0
GET /web_widget/latest/messenger/web-widget-5614-3789e01.js HTTP/1.1
Host: static.zdassets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 16:00:37 GMT
content-type: application/javascript; charset=utf-8
x-amz-id-2: LVS6ufu+pWYJjmqpY0Nb+jv2f+rtxdfr+jpHW9dmoibB46TIJynmO6vbpuEeglI0haQba/w6v15fqCc9Hhc65A==
x-amz-request-id: SG7EPPFPFNTFTNQG
x-amz-replication-status: COMPLETED
last-modified: Tue, 24 Jan 2023 07:08:38 GMT
etag: W/"719f990fafee92dfdd57b3143a3b0a43"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=31536000
expires: Wed, 24 Jan 2024 07:08:37 GMT
x-amz-version-id: gR_ml7aQQ_I1o13rUX0UHSAUm7EJcat6
cf-cache-status: HIT
age: 232052
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mPwTc0mWeOzTrJ%2B3O%2BbIT5NgLnxKtyu7hOWXy2V%2BPdn0dj9Oy8TbCn%2BUg1I74TqKdJf9TYohf%2BnmaIpHY28rzU3MH829ryCSe9mdhIgttkHmHh3K3oPigV%2BEOc6xH4mNy43RHqM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=0
server: cloudflare
cf-ray: 79132e878cd11c16-OSL
content-encoding: br
X-Firefox-Spdy: h2
fonts.googleapis.com/css?display=swap&family=Roboto:400,900
142.250.74.138200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?display=swap&family=Roboto:400,900
IP 142.250.74.138:0
GET /css?display=swap&family=Roboto:400,900 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oonrreward.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 29 Jan 2023 16:00:35 GMT
date: Sun, 29 Jan 2023 16:00:35 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
static.zdassets.com/web_widget/latest/messenger/web-widget-messenger-3789e01.js
104.18.72.113200 OK 0 B URL HTTP/2 static.zdassets.com/web_widget/latest/messenger/web-widget-messenger-3789e01.js
IP 104.18.72.113:0
GET /web_widget/latest/messenger/web-widget-messenger-3789e01.js HTTP/1.1
Host: static.zdassets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 16:00:36 GMT
content-type: application/javascript; charset=utf-8
x-amz-id-2: Jq4vCDF/B12rxnaZ+KN7hEmqYje5kY+di+RTNvSBXnUq3TtmirrEyExMI50KWmNdVT4sNJaltU0=
x-amz-request-id: XZJJ3MZSSVJYAYY2
x-amz-replication-status: COMPLETED
last-modified: Tue, 24 Jan 2023 07:08:37 GMT
etag: W/"6a6471f202adc5d1ebe6746a629e56ef"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=31536000
expires: Wed, 24 Jan 2024 07:08:36 GMT
x-amz-version-id: aJqAuMgKZByUX2igZ.krTv3zMReqJn9j
cf-cache-status: HIT
age: 232053
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k8PGN5RblpSZJWeiabwVK51RxX488EHc7iygc8DA83aCdtcmFOxvF2MCb6IvWWPyx7HVFyx%2FSfdPXC7OJCT0iBqqBX9kV0q69FZDibBsYjoF%2FbeQqO3myb4AF%2B5sgPLzmmsMwME%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=0
server: cloudflare
cf-ray: 79132e85eaf51c16-OSL
content-encoding: br
X-Firefox-Spdy: h2
fonts.googleapis.com/css?display=swap&family=Roboto:400,900
142.250.74.138200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?display=swap&family=Roboto:400,900
IP 142.250.74.138:0
GET /css?display=swap&family=Roboto:400,900 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://oonrreward.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 29 Jan 2023 16:00:34 GMT
date: Sun, 29 Jan 2023 16:00:34 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
static.zdassets.com/web_widget/latest/messenger/web-widget-9948-3789e01.js
104.18.72.113200 OK 0 B URL HTTP/2 static.zdassets.com/web_widget/latest/messenger/web-widget-9948-3789e01.js
IP 104.18.72.113:0
GET /web_widget/latest/messenger/web-widget-9948-3789e01.js HTTP/1.1
Host: static.zdassets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 16:00:36 GMT
content-type: application/javascript; charset=utf-8
x-amz-id-2: vF21IJmIBb7ZgcvDWNF0YDKfEPwCKiMu8rPBxKsSo79CJ0IWdU6pYf2ud//TtRQMFtDnPAagHLA=
x-amz-request-id: XZJKB78W2KSDBFZJ
x-amz-replication-status: COMPLETED
last-modified: Tue, 24 Jan 2023 07:08:38 GMT
etag: W/"a432cca8f92f351c91bfa3d18713dc76"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=31536000
expires: Wed, 24 Jan 2024 07:08:37 GMT
x-amz-version-id: Q2_gyJqXly_yUOixuD6pcZEgrgc3KktA
cf-cache-status: HIT
age: 232053
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2CnMUMmiKpNBosVvQ2sPYE3kzV8WhGJYVR5D9cej8SUp%2BpaMeRp1b82T%2FOEv0tjYyoAx7aSfF%2FRB7kyfbneB%2FGyU7mh0AXvS%2BUZ4wyV%2FqcWdGpLq7wIsH6CWtiCIutM9EXNzt8A%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=0
server: cloudflare
cf-ray: 79132e861b181c16-OSL
content-encoding: br
X-Firefox-Spdy: h2
static.zdassets.com/web_widget/latest/messenger/web-widget-9524-3789e01.js
104.18.72.113200 OK 0 B URL HTTP/2 static.zdassets.com/web_widget/latest/messenger/web-widget-9524-3789e01.js
IP 104.18.72.113:0
GET /web_widget/latest/messenger/web-widget-9524-3789e01.js HTTP/1.1
Host: static.zdassets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 16:00:36 GMT
content-type: application/javascript; charset=utf-8
x-amz-id-2: 0FPYhEMcwDXPosfofnQNl3jgh4r72dhJlwKf5lDO8keH+y1OwiD14/y5uv0PyhsYLWvyhDdyksU=
x-amz-request-id: XZJGBEDTMBD3G4BE
x-amz-replication-status: COMPLETED
last-modified: Tue, 24 Jan 2023 07:08:38 GMT
etag: W/"8368a7ac9bda15d64ba1686611ee7347"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=31536000
expires: Wed, 24 Jan 2024 07:08:37 GMT
x-amz-version-id: h7akTrrjE.R8rLAIS3L62l0tHcVZ0dUj
cf-cache-status: HIT
age: 232052
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KEXhzyFAknnEHN0PKdYvjdxzTJYaqKZSvQ0vUFNYyNnrO9EipCGyh9jX7gSkepy3LdFhep7cnmwhp4RjCqYroe%2BUsCp1cdY%2FE8VDLqwJFjqlDjVI7YHxPTVLUVFf%2Fn6vtRnhouM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=0
server: cloudflare
cf-ray: 79132e861b1f1c16-OSL
content-encoding: br
X-Firefox-Spdy: h2
static.zdassets.com/web_widget/latest/messenger/web-widget-3646-3789e01.js
104.18.72.113200 OK 0 B URL HTTP/2 static.zdassets.com/web_widget/latest/messenger/web-widget-3646-3789e01.js
IP 104.18.72.113:0
GET /web_widget/latest/messenger/web-widget-3646-3789e01.js HTTP/1.1
Host: static.zdassets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 16:00:36 GMT
content-type: application/javascript; charset=utf-8
x-amz-id-2: 250Y2tuCMnIGJq+P/ZWpmqF0iK33F2FwS2IUnt/SBNJPqV4yHbHvQOKIWGEKKgrsz1vdyHNMvgARakQxdZk1WA==
x-amz-request-id: XZJZDA518Z29VVVP
x-amz-replication-status: COMPLETED
last-modified: Tue, 24 Jan 2023 07:08:37 GMT
etag: W/"b32d022ca418993db063c7ad80c035b2"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=31536000
expires: Wed, 24 Jan 2024 07:08:36 GMT
x-amz-version-id: IXnSe_M8l5La_whKQ2YTKSwzHhsOrLdv
cf-cache-status: HIT
age: 232053
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EYieB%2BirmunjejAcfhErdZ12KW43BS67QasbyAbnnglwdCQK5zgJkQFhiDh0yWCBiyI%2FGgFDny0awFbf2uf8lOqerzn66DX%2BAjIK7JAhHNX4aBZeOQ%2FC1iIpyMEDzsgpOsl35MA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=0
server: cloudflare
cf-ray: 79132e862b291c16-OSL
content-encoding: br
X-Firefox-Spdy: h2
static.zdassets.com/ekr/snippet.js?key=1546ebb5-45e1-49c4-94dc-4b5d44a6d66c
104.18.72.113200 OK 0 B URL HTTP/2 static.zdassets.com/ekr/snippet.js?key=1546ebb5-45e1-49c4-94dc-4b5d44a6d66c
IP 104.18.72.113:0
GET /ekr/snippet.js?key=1546ebb5-45e1-49c4-94dc-4b5d44a6d66c HTTP/1.1
Host: static.zdassets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://oonrreward.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 16:00:34 GMT
content-type: application/javascript
x-amz-id-2: VYKORFZEK8ncQjbBiiAK6oiTYdRdkzwPfaxRM/jinB20cI8N0LqXAF6x6uRMZJVhRKA1YH5Ltb2qBhbqYLdq5g==
x-amz-request-id: EBZ4ZRD66V3TGNXR
x-amz-replication-status: COMPLETED
last-modified: Thu, 28 Jul 2022 23:44:02 GMT
etag: W/"5cae6ce528dce0c327b2bcbaad459fdb"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=3600, s-maxage=60
x-amz-version-id: TCAqq4sghBBBAAXd3MLZ8Fy8XIds..vO
cf-cache-status: HIT
age: 59
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uUnm4dXxoeyH1PnUk3IESQVG%2BRdrZU1FHtzriycTm%2B7Nx7zuJ0GTuzP8pAS12V5Jr1RW9vAm6VfB%2Bu2iehC05NybmdmcBtr2Oub745YooY4F%2Fp6avsZFxjHLHi%2FP8Ngzi5AIQ%2Fc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=0
server: cloudflare
cf-ray: 79132e79eccb0b06-OSL
content-encoding: br
X-Firefox-Spdy: h2
static.zdassets.com/web_widget/latest/web-widget-framework-59b8a859ce8a473d961c.js
104.18.72.113200 OK 0 B URL HTTP/2 static.zdassets.com/web_widget/latest/web-widget-framework-59b8a859ce8a473d961c.js
IP 104.18.72.113:0
GET /web_widget/latest/web-widget-framework-59b8a859ce8a473d961c.js HTTP/1.1
Host: static.zdassets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 16:00:36 GMT
content-type: application/javascript; charset=utf-8
x-amz-id-2: eqi5IJQsZltOEPYX18LZfa9yHAtGFvEXQO7zmTiGIn0VvD4F0CwBVgdFmBuHSbbKdhbjAWDPQGE=
x-amz-request-id: JT3WC3ZCPKE9H3EG
x-amz-replication-status: COMPLETED
last-modified: Tue, 24 Jan 2023 07:03:21 GMT
etag: W/"6337d08bfec6eec8c5e9f218e1ca6471"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=31536000
expires: Wed, 24 Jan 2024 07:03:19 GMT
x-amz-version-id: .eV5Z5rLMQLzZziY1JqjOEi.7xRQkb6M
cf-cache-status: HIT
age: 232063
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2FQrvenu2VlODEjHthlgqWdifvh%2B02jp7Z6gGhtABazQQHZZdaEjdaSs9Wz9h%2FdUHQQWqyuGbTpwke1I%2FSYRce%2F4%2BRuMFW4W%2FONkyf%2B5nu4eP1SlqjI%2F%2BE30VWzZFyYnfNY5tx8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=0
server: cloudflare
cf-ray: 79132e82f8251c16-OSL
content-encoding: br
X-Firefox-Spdy: h2
static.zdassets.com/web_widget/latest/messenger/web-widget-9352-3789e01.js
104.18.72.113200 OK 0 B URL HTTP/2 static.zdassets.com/web_widget/latest/messenger/web-widget-9352-3789e01.js
IP 104.18.72.113:0
GET /web_widget/latest/messenger/web-widget-9352-3789e01.js HTTP/1.1
Host: static.zdassets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 16:00:36 GMT
content-type: application/javascript; charset=utf-8
x-amz-id-2: BPfrqW2otZVhq7Zt29lmj74+JvapuT6iAUGvzq43i8pWUa8sLcWseN43vbjECmkQZ6M83NMwXzjiYJz3yJIhew==
x-amz-request-id: XZJX9SFKTYCY94PP
x-amz-replication-status: COMPLETED
last-modified: Tue, 24 Jan 2023 07:08:38 GMT
etag: W/"75cbe5d2f9523420cd75ea3f672b4a58"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=31536000
expires: Wed, 24 Jan 2024 07:08:37 GMT
x-amz-version-id: FGUn3K_J10E7K2EKkgWA0m54uandzL0l
cf-cache-status: HIT
age: 232053
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=InB%2FlR5YoaesgjCdSytSHYKsMCBGq5lMcNF1ti5F2Xg75EDgtVo%2Bk1UyTVdkxQlZZT5y3%2B4vrjAyrEoo6QJIiRzKMHh0OO4py4qV%2BOGcvGTgDAPSoOYKrFuUkTjAgCiQG6EFND4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=0
server: cloudflare
cf-ray: 79132e861b1b1c16-OSL
content-encoding: br
X-Firefox-Spdy: h2
fonts.googleapis.com/css?display=swap&family=Open+Sans:400,600
142.250.74.138200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?display=swap&family=Open+Sans:400,600
IP 142.250.74.138:0
GET /css?display=swap&family=Open+Sans:400,600 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oonrreward.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 29 Jan 2023 16:00:35 GMT
date: Sun, 29 Jan 2023 16:00:35 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
static.zdassets.com/web_widget/latest/messenger/web-widget-locales/messenger/en-us-json-3789e01.js
104.18.72.113200 OK 0 B URL HTTP/2 static.zdassets.com/web_widget/latest/messenger/web-widget-locales/messenger/en-us-json-3789e01.js
IP 104.18.72.113:0
GET /web_widget/latest/messenger/web-widget-locales/messenger/en-us-json-3789e01.js HTTP/1.1
Host: static.zdassets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 16:00:36 GMT
content-type: application/javascript; charset=utf-8
x-amz-id-2: oIRQZdY6f8u3SM0ELwIdGLTa5E3s/24z+RZwJogomYfAg724iVYkQi/eUZ7ZnlBXEIyywzCt1Hk=
x-amz-request-id: T0FTXCNP38FAZ1PW
x-amz-replication-status: COMPLETED
last-modified: Tue, 24 Jan 2023 07:08:39 GMT
etag: W/"26333fafb7c631e6a7c8a92a9a3d0049"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=31536000
expires: Wed, 24 Jan 2024 07:08:38 GMT
x-amz-version-id: Z2TE_JC_fvm1gMyTfbmx2OxKbqXnT__B
cf-cache-status: HIT
age: 232009
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SWV63A58SE%2Bu79ol6H6T9%2BfgVUy8F7pmN9dLNxBPm9Whue%2Ff1o8Xk8sDcNR89y18nJtw95TRhaMHekKy1UNxyNysDK1BpYCT5ZbDeh9pMhXkkkwJSp4XSUo4ziCQ18jk%2BNeCot8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=0
server: cloudflare
cf-ray: 79132e871c4f1c16-OSL
content-encoding: br
X-Firefox-Spdy: h2