ww1.cuevana3.to/?s=rick+y+morty
188.114.97.1301 Moved Permanently 0 B URL HTTP/1.1 ww1.cuevana3.to/?s=rick+y+morty
IP 188.114.97.1:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?s=rick+y+morty HTTP/1.1
Host: ww1.cuevana3.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sun, 29 Jan 2023 20:57:43 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sun, 29 Jan 2023 21:57:43 GMT
Location: https://ww1.cuevana3.to/?s=rick+y+morty
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Fu%2FCkmubCJ1Ef1NDLUQTS%2BNOhnvRZkykSfd02Pfqj3W2abcfUtqB5sDo8psxUz9AnqblY%2FVV278FbmS1PX7WB8IL4pYuw%2Fn1jj6zXoVB%2FK%2FHLOLk7mW9lw8EDyuM%2BfEpkO4%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7914e1c06a720b39-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a2104f935c638b4767ca5ae0d738ef23
85c6af15af749be0ceeae6de17c36925b750f166
5d4789a3696bd7faa9916768cb627bbc89bf70a756d80e53860cbac13c2bc8b1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5D4789A3696BD7FAA9916768CB627BBC89BF70A756D80E53860CBAC13C2BC8B1"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3788
Expires: Sun, 29 Jan 2023 22:00:52 GMT
Date: Sun, 29 Jan 2023 20:57:44 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3eb88dea4fe00db1182370e72683c3ab
ca520abf1e91bfd2aef40c6a1270a911071e8922
d8083ee567c7b3023111dc30f32c94237df7db30d4d2daaea0a569e8a3069ad7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D8083EE567C7B3023111DC30F32C94237DF7DB30D4D2DAAEA0A569E8A3069AD7"
Last-Modified: Sat, 28 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17852
Expires: Mon, 30 Jan 2023 01:55:16 GMT
Date: Sun, 29 Jan 2023 20:57:44 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Backoff, Content-Length, Alert, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 29 Jan 2023 20:43:09 GMT
content-type: application/json
age: 875
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 03092d1a1bc7ac91ee342a1a7ab2a562
52db06ce1fd2c74ddd36b6a0a7aee1b5c891600a
03b8ff2629abac9fc30ebec059c2e2018fcbc41646ad5f71c965ff630fbf1ffd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "03B8FF2629ABAC9FC30EBEC059C2E2018FCBC41646AD5F71C965FF630FBF1FFD"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16706
Expires: Mon, 30 Jan 2023 01:36:10 GMT
Date: Sun, 29 Jan 2023 20:57:44 GMT
Connection: keep-alive
ocsp.pki.goog/s/gts1p5/qJtpk6yxqQc
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/qJtpk6yxqQc
IP 142.250.74.131:0
Hash c1dd32a1b75b0116d3a40ad97671e183
ced33fed0621c1dba951025e886878b09ac330b9
f72ac7fae2a547e6681016a14c8af8c8ed0994bf764f354fe478fe74fabd22a6
POST /s/gts1p5/qJtpk6yxqQc HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 20:57:44 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 7nwNT3pjyeDFWnwAaV4RcMikWJVCOfa49x/NTW2m4Em/E7atbMyL3etdda99ph40Ln2LcO+So5SsHeT3pT4b/A==
x-amz-request-id: 549QVXRT3VMFQZYP
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 29 Jan 2023 20:50:28 GMT
age: 436
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 20:57:44 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ww1.cuevana3.to/static/wp-content/themes/cuevana3/public/img/cnt/cuevana-logo.png
188.114.96.1200 OK 5.8 kB URL HTTP/2 ww1.cuevana3.to/static/wp-content/themes/cuevana3/public/img/cnt/cuevana-logo.png
IP 188.114.96.1:0
File type PNG image data, 240 x 60, 8-bit/color RGBA, non-interlaced\012- data
Hash a60e73427dd677b3a22ff75d7a989317
69d9c3b34502c3455ef4a70480a5eb78bb185be8
bb8b54eb1859167182f80670354003360d5380d3ac9315a5c7be2bf3e250df07
GET /static/wp-content/themes/cuevana3/public/img/cnt/cuevana-logo.png HTTP/1.1
Host: ww1.cuevana3.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ww1.cuevana3.to/?s=rick+y+morty
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 20:57:44 GMT
content-type: image/png
content-length: 5783
last-modified: Fri, 24 Jun 2022 06:47:12 GMT
etag: "62b55df0-1697"
expires: Thu, 23 Feb 2023 16:44:40 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 446423
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ooBgV6zRlPG0boCasXBObJin6qYVZWWZdttVDvsg30wZp7xhhGY4ENss7OHUHul7gxNNO6M%2BiYo%2BR6YR5b3POyveMrpxtKxybGa3%2Bgcw8bdb3qeirAkeL%2FoWzTyAzO7WMu8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7914e1c5ff88b518-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ww1.cuevana3.to/?s=rick+y+morty
188.114.96.1200 OK 4.7 kB URL HTTP/2 ww1.cuevana3.to/?s=rick+y+morty
IP 188.114.96.1:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (2475), with CRLF, LF line terminators
Hash 58320bb85adaa3b3d6f09fbb399e5cb0
69c25bc9ca92aa6b89078565ca9543ddbcbda398
0d457164bd657b84f69ab52477c0d20d7387c7f27173258638c3c9c7a4f4dad4
GET /?s=rick+y+morty HTTP/1.1
Host: ww1.cuevana3.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Sun, 29 Jan 2023 20:57:44 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/5.6.40
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=igL%2FCO1iEutoxipUKCC9exlrPUBHqXA2EOur3Pe6F2fC3U7kFS6gPX3GBpS05S6sc3rNEQwVzKgOUe2W7NiA4Dj6oZV2dYp%2B2kIrVxtiMH22%2FRWTnl3yEq0GZGS0nWAu%2Bts%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7914e1c2eb0eb518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ww1.cuevana3.to/static/wp-content/themes/cuevana3/public/img/loading.gif
188.114.96.1200 OK 14 kB URL HTTP/2 ww1.cuevana3.to/static/wp-content/themes/cuevana3/public/img/loading.gif
IP 188.114.96.1:0
File type GIF image data, version 89a, 250 x 250\012- data
Hash 34cc62d1df1c8328f56ae7a7acf2e83a
afb49cf3ebd59e0a02b33ef8f0c1f4ea2cefe1fc
c4492147e1e36bd65d7237c1961a3dc3505852b195bd9fd0ca042b3e7427bb65
GET /static/wp-content/themes/cuevana3/public/img/loading.gif HTTP/1.1
Host: ww1.cuevana3.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ww1.cuevana3.to/?s=rick+y+morty
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 20:57:44 GMT
content-type: image/gif
content-length: 13952
last-modified: Fri, 24 Jun 2022 06:48:34 GMT
etag: "62b55e42-3680"
expires: Thu, 23 Feb 2023 16:44:40 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 446423
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=toHMARp6wXZtPvMby6nmttaQM4Dhb8fmeYCQBeSsnkYLRWy0H4uZkJevFaDEaKPEmmG5lFk4%2BZtQfo%2BXXEkPCAI8hd%2BUioljYdPbQJPTvH5Wo%2F2hnpGAtVAK2q4m%2FvCxKmo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7914e1c5ff87b518-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ww1.cuevana3.to/static/wp-content/themes/cuevana3/public/img/cnt/cuevana3.png
188.114.96.1200 OK 4.7 kB URL HTTP/2 ww1.cuevana3.to/static/wp-content/themes/cuevana3/public/img/cnt/cuevana3.png
IP 188.114.96.1:0
File type PNG image data, 240 x 60, 8-bit/color RGBA, non-interlaced\012- data
Hash 30ecf26d81b4d18a7a568d42e674705e
c846ca657d113edcdb68ae7e53b8ecede50a15cb
f856cb85a867ba1f60a337dbbb095142c0590b426b30c5d35dcbbbd158b79927
GET /static/wp-content/themes/cuevana3/public/img/cnt/cuevana3.png HTTP/1.1
Host: ww1.cuevana3.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ww1.cuevana3.to/?s=rick+y+morty
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 20:57:44 GMT
content-type: image/png
content-length: 4675
last-modified: Fri, 24 Jun 2022 06:48:32 GMT
etag: "62b55e40-1243"
expires: Thu, 23 Feb 2023 16:44:40 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 446423
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e%2FEgIGbWefdP1RWrTCt%2Fai6jAOlm%2Ber%2Fx8eWTsGpz2arWEKevt6WF08HhS6lfbk%2BTXD%2BxT2uAjKHr2dRInFKZ%2BYGd4hyqe0l%2FJYXk3bgPH1n71CrLoVVdvKKRdyRbORGngU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7914e1c5ff84b518-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/qJtpk6yxqQc
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/qJtpk6yxqQc
IP 142.250.74.131:0
Hash c1dd32a1b75b0116d3a40ad97671e183
ced33fed0621c1dba951025e886878b09ac330b9
f72ac7fae2a547e6681016a14c8af8c8ed0994bf764f354fe478fe74fabd22a6
POST /s/gts1p5/qJtpk6yxqQc HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 20:57:44 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
s7.addthis.com/js/300/addthis_widget.js
23.38.200.123200 OK 116 kB URL HTTP/2 s7.addthis.com/js/300/addthis_widget.js
IP 23.38.200.123:0
File type ASCII text, with very long lines (54602)
Size 116 kB (116423 bytes)
Hash d5b9b7a3accd3b7b7de639c072ae3ee2
9583b5c046d78af5c6379d844219f828aa2222d0
648dad6716bb917c7d981e7772fca499d9583717fd83ffef47b0534cb9132b60
GET /js/300/addthis_widget.js HTTP/1.1
Host: s7.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ww1.cuevana3.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.15.8
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
etag: "5f971164-5834c"
cache-control: public, max-age=600
strict-transport-security: max-age=15724800; includeSubDomains
content-type: application/javascript
content-encoding: gzip
content-length: 116423
date: Sun, 29 Jan 2023 20:57:44 GMT
vary: Accept-Encoding
x-distribution: 99
x-host: s7.addthis.com
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 16a7b6a7128312e2f985d30df18c4487
6017bff79ffb525d9c7f9f32b999b74b5dc69602
663fd12209627f08e759c2ed1c76278a5da79dae1e0b46082dd1bb44775f7a16
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "663FD12209627F08E759C2ED1C76278A5DA79DAE1E0B46082DD1BB44775F7A16"
Last-Modified: Fri, 27 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16395
Expires: Mon, 30 Jan 2023 01:30:59 GMT
Date: Sun, 29 Jan 2023 20:57:44 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash b042b7f57812777b3726c1474f8164a3
d2a0d1213aa7b5c15a9d1d90a16f50567f78877e
175088c024dbc02cc15755733ae5756b0321025d0c1cd93f00bf706e25159f1f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6526
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 20:57:44 GMT
Last-Modified: Sun, 29 Jan 2023 19:08:59 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 278
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash b042b7f57812777b3726c1474f8164a3
d2a0d1213aa7b5c15a9d1d90a16f50567f78877e
175088c024dbc02cc15755733ae5756b0321025d0c1cd93f00bf706e25159f1f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6400
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 20:57:44 GMT
Last-Modified: Sun, 29 Jan 2023 19:11:04 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 278
use.fontawesome.com/releases/v5.6.3/webfonts/fa-solid-900.woff2
172.64.132.15200 OK 79 kB URL HTTP/2 use.fontawesome.com/releases/v5.6.3/webfonts/fa-solid-900.woff2
IP 172.64.132.15:0
File type Web Open Font Format (Version 2), TrueType, length 79100, version 1.0\012- data
Hash 5dc01cfcd5336f696cb85da7ce53fa9b
28a1f2fadc35c5343e0280389fe7955e3d1be607
f419ad7a4477f36ce73c74a23dce784150ca38fa5075a8e06109709cbb716903
GET /releases/v5.6.3/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ww1.cuevana3.to
Connection: keep-alive
Referer: https://ww1.cuevana3.to/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 20:57:44 GMT
content-type: font/woff2
content-length: 79100
x-amz-id-2: cYJNFJPrZ6s0flpQXezQRG9k/UeQ8rM4j6UyggJEfzowKWZMH70Gy1w9ErwDy3qoHiPZQmFPmmE=
x-amz-request-id: N60SKH1024ZTR2N6
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Wed, 30 Jun 2021 15:44:54 GMT
etag: "5dc01cfcd5336f696cb85da7ce53fa9b"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 449852
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OqCq53MmJXdAIAhNoGnna%2Btx7%2BsO8SviQBO7oraFQUwyw6W04Yjzmx5fwMXj071kyRwG2NqjxjGezDPbRqkQDxnNeNS0SplP3k3cl18r6Q13%2BUYFSYYCUfT2s62LUWsIQLLaOzOH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7914e1c7787876e4-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash b042b7f57812777b3726c1474f8164a3
d2a0d1213aa7b5c15a9d1d90a16f50567f78877e
175088c024dbc02cc15755733ae5756b0321025d0c1cd93f00bf706e25159f1f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6526
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 20:57:44 GMT
Last-Modified: Sun, 29 Jan 2023 19:08:59 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 278
use.fontawesome.com/releases/v5.6.3/webfonts/fa-brands-400.woff2
172.64.132.15200 OK 74 kB URL HTTP/2 use.fontawesome.com/releases/v5.6.3/webfonts/fa-brands-400.woff2
IP 172.64.132.15:0
File type Web Open Font Format (Version 2), TrueType, length 74288, version 1.0\012- data
Hash eac60e8a656781e13d2a674b4d9051c0
0039be9d8a99d1e5cf200ca3e08757692020460e
eed474a49bdbf745c19e463f070e67977c1ab27835603eb749d9e5c249cf81f8
GET /releases/v5.6.3/webfonts/fa-brands-400.woff2 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ww1.cuevana3.to
Connection: keep-alive
Referer: https://ww1.cuevana3.to/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 20:57:44 GMT
content-type: font/woff2
content-length: 74288
x-amz-id-2: unWy+2DClS72cy0oGL/5KfRQEVwVmcBFXA2r8EhzL8XiC/7xK1rTxYzATDgLVpGodBv/3UXDz0Y=
x-amz-request-id: N60XM0FWWV0MSGM5
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Wed, 30 Jun 2021 15:44:54 GMT
etag: "eac60e8a656781e13d2a674b4d9051c0"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 449852
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=so0Jr4YHm%2BuanaHC10xy%2F3vdr7watkpkbcEwJdtPwpXjcUWiKSXgRyLzzp3j45Pqsp05D3LDc9yNaYdEJvFjl2QK2LROuIrxIn9ZCsBcPCgrrcYAabY4ynDopTio1CVgVOUOCIjv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7914e1c7787e76e4-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
push.services.mozilla.com/
52.33.66.202101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.33.66.202:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: xXat7r5cl/c3CcH9Gt94Cg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Jeh8wrYZc0RxvR7rlYaOhW/FVaU=
ww1.cuevana3.to/static/wp-content/themes/cuevana3/public/js/owl.js
188.114.96.1200 OK 12 kB URL HTTP/2 ww1.cuevana3.to/static/wp-content/themes/cuevana3/public/js/owl.js
IP 188.114.96.1:0
File type ASCII text, with very long lines (31997)
Hash 96411ee5d22114078e4bd49f9edee935
158aa3a00dfb6eda9563a45d6fdbb763170f8e91
f89d1a3878541630345ba0fbe12ecb1fad0240a647e65781f403c36a07731ba5
GET /static/wp-content/themes/cuevana3/public/js/owl.js HTTP/1.1
Host: ww1.cuevana3.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ww1.cuevana3.to/?s=rick+y+morty
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 20:57:44 GMT
content-type: application/javascript
last-modified: Fri, 24 Jun 2022 06:51:50 GMT
vary: Accept-Encoding
etag: W/"62b55f06-ad36"
expires: Sun, 29 Jan 2023 21:40:22 GMT
cache-control: max-age=43200
cf-cache-status: HIT
age: 39873
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=de1gGRyO0Ml2Il6S7AIhfAAZ9t1gtwmr8aJ7AFDEcKcPe%2FJ%2FB6e9qvCgrD5F93yW3JbP9vE0mw6RsN4CWY2eexP1axgKKY3FNt%2BP8XkVD%2BlR1n0GdJ78EQcsyq0V7eLqzDY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7914e1c60f99b518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1c393286d896124f17c88a9b1be36272
af340cd7544bb4c6f4986200bc555669edd66fe7
9a56b88f765e4a25d5fe91cb2c7f8ed43e85ed467223f8ee1f5df4b8e2977d2c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9A56B88F765E4A25D5FE91CB2C7F8ED43E85ED467223F8EE1F5DF4B8E2977D2C"
Last-Modified: Sun, 29 Jan 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16353
Expires: Mon, 30 Jan 2023 01:30:18 GMT
Date: Sun, 29 Jan 2023 20:57:45 GMT
Connection: keep-alive
uniformyeah.com/a1/44/c9/a144c9e3813266b579399dd6fa80e049.js
173.233.137.52200 OK 21 kB URL HTTP/1.1 uniformyeah.com/a1/44/c9/a144c9e3813266b579399dd6fa80e049.js
IP 173.233.137.52:0
File type HTML document, ASCII text, with very long lines (60178), with no line terminators
Hash beb9e8ddd825c4134996dd3a416cb404
8a0fafe8f49f5a9b9cf63e46397f6210f2ecae4e
4150819dddfd5a035b5eb47a3be32ac3fb7dbab4bcd054f5731c02d5233757c7
Analyzer Verdict Alert quad9 Sinkholed
GET /a1/44/c9/a144c9e3813266b579399dd6fa80e049.js HTTP/1.1
Host: uniformyeah.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ww1.cuevana3.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 29 Jan 2023 20:57:45 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a39a49d0b66dec3cae574d205425778c
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
uniformyeah.com/34/98/5c/34985ca06dab7fe2d7ae9a26a7797c3e.js
173.233.137.52200 OK 13 kB URL HTTP/1.1 uniformyeah.com/34/98/5c/34985ca06dab7fe2d7ae9a26a7797c3e.js
IP 173.233.137.52:0
File type ASCII text, with very long lines (37121), with no line terminators
Hash 123ac530b15c7ba0bf54123d83ebc74f
355ec221c0e09dda5a9da4f802620e2dc38ec32e
4cb7ce3a7544a89fb52690fb07348ab6ac4080058f5976d9381380dee50bd6c6
Analyzer Verdict Alert quad9 Sinkholed
GET /34/98/5c/34985ca06dab7fe2d7ae9a26a7797c3e.js HTTP/1.1
Host: uniformyeah.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ww1.cuevana3.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 29 Jan 2023 20:57:45 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c81320c1783f238d40b4038c6d40bf25
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
23.38.200.123200 OK 26 kB URL HTTP/2 s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
IP 23.38.200.123:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (63757)
Hash 707317ccaabe08d32d1bd781754e6871
bb82dcd3e044c960e0861c2ce878f5504e628f78
d0a164ece41c61aec26517fb645646f5ba91f72ea5448eff1ee6c393b7c53051
GET /static/sh.f48a1a04fe8dbf021b4cda1d.html HTTP/1.1
Host: s7.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ww1.cuevana3.to/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.15.8
content-type: text/html
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
etag: W/"5f971164-11adc"
timing-allow-origin: *
cache-control: public, max-age=86313600
p3p: CP="NON ADM OUR DEV IND COM STA"
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
content-length: 26421
date: Sun, 29 Jan 2023 20:57:45 GMT
vary: Accept-Encoding
x-host: s7.addthis.com
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 89231e8fe1afd89090e6a09d61430e11
11b471e4821cade1ea075b8835c892d455bfdaa2
8c78cce8f98a69e9c1c2bf45d12879b40c784288b4e79dabb296c24f94025c12
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "8C78CCE8F98A69E9C1C2BF45D12879B40C784288B4E79DABB296C24F94025C12"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13731
Expires: Mon, 30 Jan 2023 00:46:36 GMT
Date: Sun, 29 Jan 2023 20:57:45 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7cbe935014bf273caf7a25de8734dcfd
4ed11324709feb9cee39c53082039cfdadd9078c
8c52f15bed473733d4ca98b470d5ec2c33fef24410d05d45e97614e76c1f1eaf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8C52F15BED473733D4CA98B470D5EC2C33FEF24410D05D45E97614E76C1F1EAF"
Last-Modified: Sat, 28 Jan 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5491
Expires: Sun, 29 Jan 2023 22:29:16 GMT
Date: Sun, 29 Jan 2023 20:57:45 GMT
Connection: keep-alive
ocsp.sca1b.amazontrust.com/
54.230.245.110200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.110:0
Hash 0e90c9d5521358d2754bbad686a2e9c1
013349b8f38535bae1e197d5d96d86d17d5a1ef0
47bb6aa901220aeab3800d1ea88eb456cfe3ea337f12c059d9549fa6bd8064ab
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sun, 29 Jan 2023 20:57:45 GMT
Last-Modified: Sun, 29 Jan 2023 19:23:34 GMT
Server: ECS (dcb/7FA8)
X-Cache: Miss from cloudfront
Via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: U_au64op7dmu0ylAhM4zU4HXfky-5Un5bCsm0_8YL9Pf13RNsq0dYA==
Age: 5651
ocsp.sca1b.amazontrust.com/
54.230.245.110200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.110:0
Hash 0e90c9d5521358d2754bbad686a2e9c1
013349b8f38535bae1e197d5d96d86d17d5a1ef0
47bb6aa901220aeab3800d1ea88eb456cfe3ea337f12c059d9549fa6bd8064ab
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=151804
Date: Sun, 29 Jan 2023 20:57:45 GMT
Etag: "63d67516-1d7"
Expires: Tue, 31 Jan 2023 15:07:49 GMT
Last-Modified: Sun, 29 Jan 2023 13:31:02 GMT
Server: ECS (bsa/EB12)
X-Cache: Miss from cloudfront
Via: 1.1 60929bddfcfe8b3a510a9502ad6d8742.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: e9vSpc86ml91han2iehgA2AYlq_-ao2hedp0n0vQgpzAKP34l_0pOg==
Age: 5807
simplewebanalysis.com/stats
35.156.167.37200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 35.156.167.37:0
File type ASCII text, with no line terminators
Hash 40c9c003c4aa656a24f43dcbc6291cfe
3797cd3390c619fb8538855f38637e4f085c3daa
965a11ed723ae129228c526de2aeb68f1fb47de44dc8587ecccf3768340cf1fe
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ww1.cuevana3.to
Connection: keep-alive
Referer: https://ww1.cuevana3.to/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 20:57:45 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://ww1.cuevana3.to
access-control-allow-credentials: true
set-cookie: uid_id2=b376ab6a-c6cc-4f7b-b683-813493cc8b8c:2:1; expires=Wed, 26 Jan 2033 20:57:45 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
ww1.cuevana3.to/static/wp-content/themes/cuevana3/public/js/jquery.js
188.114.96.1200 OK 31 kB URL HTTP/2 ww1.cuevana3.to/static/wp-content/themes/cuevana3/public/js/jquery.js
IP 188.114.96.1:0
File type ASCII text, with very long lines (65451)
Hash 494d81ebc7952e533fc105d2068f9e78
82d5fb4847db26036a7d924051e7ab1b58677712
98f4730a5265c486c69dbd758d0edd7cfd029bbe7aae0706ec10a87b204f12cb
GET /static/wp-content/themes/cuevana3/public/js/jquery.js HTTP/1.1
Host: ww1.cuevana3.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ww1.cuevana3.to/?s=rick+y+morty
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 20:57:44 GMT
content-type: application/javascript
last-modified: Fri, 24 Jun 2022 06:51:50 GMT
vary: Accept-Encoding
etag: W/"62b55f06-1538f"
expires: Sun, 29 Jan 2023 21:40:22 GMT
cache-control: max-age=43200
cf-cache-status: HIT
age: 39873
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l%2F9ilhk9z4GP51rfPI%2FG5Y5CQb46f2U7TGj19i%2B7aKmsXoUhyck9JRHwstH9k2DZncJl%2FEq%2BzNTfm4bmiELay5ahDes9B4QSO%2BQOtHxSw03NZMbfrR98HqPW8PziBrpwhSU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7914e1c60f91b518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 89231e8fe1afd89090e6a09d61430e11
11b471e4821cade1ea075b8835c892d455bfdaa2
8c78cce8f98a69e9c1c2bf45d12879b40c784288b4e79dabb296c24f94025c12
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "8C78CCE8F98A69E9C1C2BF45D12879B40C784288B4E79DABB296C24F94025C12"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13731
Expires: Mon, 30 Jan 2023 00:46:36 GMT
Date: Sun, 29 Jan 2023 20:57:45 GMT
Connection: keep-alive
experimentalconcerningsuck.com/pixel/purst?dl=0&th=0&sc=0&rs=1787&rd=1787&fd=917&bv=22.10.v.9&tmpl=70
192.243.59.13200 OK 0 B URL HTTP/1.1 experimentalconcerningsuck.com/pixel/purst?dl=0&th=0&sc=0&rs=1787&rd=1787&fd=917&bv=22.10.v.9&tmpl=70
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=1787&rd=1787&fd=917&bv=22.10.v.9&tmpl=70 HTTP/1.1
Host: experimentalconcerningsuck.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ww1.cuevana3.to/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sun, 29 Jan 2023 20:57:45 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b9ca371a18b1afacc82e035f41dc2b86
8b4a87be43183e4f89e19ecac344915d60574950
8ac3da2f8ce052a3d27fee0dccc5712a55e917f9de8daff8db891d50249aba90
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8AC3DA2F8CE052A3D27FEE0DCCC5712A55E917F9DE8DAFF8DB891D50249ABA90"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13100
Expires: Mon, 30 Jan 2023 00:36:05 GMT
Date: Sun, 29 Jan 2023 20:57:45 GMT
Connection: keep-alive
banquetunarmedgrater.com/advertisers.js
173.233.139.164200 OK 0 B URL HTTP/1.1 banquetunarmedgrater.com/advertisers.js
IP 173.233.139.164:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /advertisers.js HTTP/1.1
Host: banquetunarmedgrater.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ww1.cuevana3.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 29 Jan 2023 20:57:46 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b5a46d12cfed62d6c48952cc2b4103d3
Strict-Transport-Security: max-age=0; includeSubdomains
s7.addthis.com/l10n/client.es.min.json
23.38.200.123200 OK 1.8 kB URL HTTP/2 s7.addthis.com/l10n/client.es.min.json
IP 23.38.200.123:0
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (3700), with no line terminators
Hash 0b1cc7df4240eae80c16b0cf2b73c3e6
5f886e4a6d6accb00f5197707f0fda440962d9d7
7ea940fc0e7d3db81bff9c2f2796f3688a60917e77725a1631fa44edfeecef0b
GET /l10n/client.es.min.json HTTP/1.1
Host: s7.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ww1.cuevana3.to
Connection: keep-alive
Referer: https://ww1.cuevana3.to/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.15.8
content-type: application/json
last-modified: Tue, 10 Sep 2019 15:15:17 GMT
etag: W/"5d77be05-e9d"
cache-control: public, s-maxage=604800
access-control-allow-origin: *
timing-allow-origin: *
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
content-length: 1753
date: Sun, 29 Jan 2023 20:57:46 GMT
vary: Accept-Encoding
x-host: s7.addthis.com
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f8c63fa451de9b91fdd5654d02681757
e65cb3b5ab2ab137a4cd4df64a7b7ec6ff3b8a7e
06f62bdb1d3bd2a9ee1cd45fafa79ab1ee4eb8039a0693b1e34706c24ee86fc7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "06F62BDB1D3BD2A9EE1CD45FAFA79AB1EE4EB8039A0693B1E34706C24EE86FC7"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7760
Expires: Sun, 29 Jan 2023 23:07:06 GMT
Date: Sun, 29 Jan 2023 20:57:46 GMT
Connection: keep-alive
z.moatads.com/addthismoatframe568911941483/moatframe.js
23.38.201.146200 OK 948 B URL HTTP/2 z.moatads.com/addthismoatframe568911941483/moatframe.js
IP 23.38.201.146:0
File type ASCII text, with very long lines (523)
Hash f14b4e1f799b14f798a195f43cf58376
b6fd3b3d407fb4c0a00fb8a31862235e2a6e0a86
92ed3e9fda5fa4d738ff4d9023846b56633617363dda6a750cacb4fba53241ac
GET /addthismoatframe568911941483/moatframe.js HTTP/1.1
Host: z.moatads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ww1.cuevana3.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: e0HboiVQpjIDEK8WTxqU5+8G8wOtu9bNCFY72alTHLP0/Yb+qoiTOxu6fad89ebRofzHxENxOOg=
x-amz-request-id: 61EC92F13BB22DD4
last-modified: Fri, 08 Nov 2019 20:13:52 GMT
etag: "f14b4e1f799b14f798a195f43cf58376"
content-encoding: gzip
accept-ranges: bytes
content-type: application/x-javascript
content-length: 948
server: AmazonS3
vary: Accept-Encoding
cache-control: max-age=46039
date: Sun, 29 Jan 2023 20:57:46 GMT
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 92408803e3a56bf9c29d241a60bc07ce
d68b404d7b51432a8fdca70a6ecfcfaea841b1b9
64edeb4de4110c283651d99e6fe1ecc057acb83af12b3788e227111bd14441ac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "64EDEB4DE4110C283651D99E6FE1ECC057ACB83AF12B3788E227111BD14441AC"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12473
Expires: Mon, 30 Jan 2023 00:25:39 GMT
Date: Sun, 29 Jan 2023 20:57:46 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2423
Expires: Sun, 29 Jan 2023 21:38:09 GMT
Date: Sun, 29 Jan 2023 20:57:46 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2423
Expires: Sun, 29 Jan 2023 21:38:09 GMT
Date: Sun, 29 Jan 2023 20:57:46 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2423
Expires: Sun, 29 Jan 2023 21:38:09 GMT
Date: Sun, 29 Jan 2023 20:57:46 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2423
Expires: Sun, 29 Jan 2023 21:38:09 GMT
Date: Sun, 29 Jan 2023 20:57:46 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2423
Expires: Sun, 29 Jan 2023 21:38:09 GMT
Date: Sun, 29 Jan 2023 20:57:46 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdf6aeac1-fd74-4724-86b5-f0e86d98c915.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdf6aeac1-fd74-4724-86b5-f0e86d98c915.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 43c4a8e963936a8064dbd2bd3c67b905
8508727c97127c98b886833af28b3470306216c2
070c29fe7c0a227029483d675eac863904ab6b291467acdf62167f4845699c21
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdf6aeac1-fd74-4724-86b5-f0e86d98c915.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8652
x-amzn-requestid: 21c734f0-cd73-4691-812e-7cd3908f8f89
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fRbH4HtPIAMFUGA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d07232-291e20fb41c53db7664d04b2;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 00:05:06 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: j2zDtHz3pZLHJKG3-PaITyUzHOQBEELzuDIt7sbB8X_B10OxG394tg==
via: 1.1 23206a1c229d8877bdd053c4b05f9d12.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 06:49:29 GMT
age: 50897
etag: "8508727c97127c98b886833af28b3470306216c2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdd9499d0-2a81-41ee-b328-0d82ea64b349.jpeg
34.120.237.76200 OK 5.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdd9499d0-2a81-41ee-b328-0d82ea64b349.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 57ff6665d99a17d06b75c8fe64c90ab3
05648eed6830a794aa7e30ba4da526ed4c45b0ca
728b809756a0faff1a55bb03f13f33e31518f321e50dd944a0267d585c09264c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdd9499d0-2a81-41ee-b328-0d82ea64b349.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5198
x-amzn-requestid: 8117f45b-926a-4cbe-b152-dae983bc3526
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fOYdlG6XIAMF_vA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cf3abd-7ce531f65f66ac3a73970841;Sampled=0
x-amzn-remapped-date: Tue, 24 Jan 2023 01:56:13 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: naZHCCrUSwrLi2eWi3LOrir9zOGQcNUBJ1iS9wUewWoV3WM2E0kE2w==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 28 Jan 2023 21:47:00 GMT
age: 83446
etag: "05648eed6830a794aa7e30ba4da526ed4c45b0ca"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg
34.120.237.76200 OK 4.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4205d8106659e00fff1cbe9262918b8c
ab4f6528594a1725934727dc7d834c028a79c609
31f1a28602a194bd0856495d4d81d5c72cd7ff4e5bad6bdd1a31ec3041f4a2cc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4475
x-amzn-requestid: b7b272d6-3089-4f33-89b5-5cb388640e10
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_e6HsaIAMF5Lg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d445f8-1789f7f4264270916da323db;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:45:28 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hAzO-IMqc1CFpiBAlRl8seIYL9UonyrBMATibovyFq5kEuaweY_VyA==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 28 Jan 2023 21:56:46 GMT
age: 82860
etag: "ab4f6528594a1725934727dc7d834c028a79c609"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8d4cfe7c-2bbe-4efd-b73a-59ea603c332f.jpeg
34.120.237.76200 OK 5.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8d4cfe7c-2bbe-4efd-b73a-59ea603c332f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4c77437e3a7361861aed8bfecbfe6bd6
fefd238c13c0fdfb7d964c90fcc8a8cbbf953034
282d15c443cb6232ae0a30046a0dc24360617355a4651cdba59b11e6f7313d8a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8d4cfe7c-2bbe-4efd-b73a-59ea603c332f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5594
x-amzn-requestid: a13a8181-5783-42c1-9fda-1fcf8db4f0f9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fVpetFv-oAMF_Kg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d222c4-68165b34525ca2a054f0b505;Sampled=0
x-amzn-remapped-date: Thu, 26 Jan 2023 06:50:44 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: rJbdYq3bZDatEVvC83VR5WiWOFwNwVZEB16ez21KdnQJJrgJ-yKPCg==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 14:55:48 GMT
age: 21718
etag: "fefd238c13c0fdfb7d964c90fcc8a8cbbf953034"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
s10.histats.com/js15_as.js
46.105.201.240200 OK 4.4 kB URL HTTP/2 s10.histats.com/js15_as.js
IP 46.105.201.240:0
File type HTML document, ASCII text, with very long lines (11440), with no line terminators
Hash ed192092c129db6123a3397855f42619
067e9b8e26cf6246eb84c6b9cf3da0c192ce7b3e
998fff486a7fb38b6ed445edc36c9b317b70950cd39efcf4012ca641312fcee1
GET /js15_as.js HTTP/1.1
Host: s10.histats.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ww1.cuevana3.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 20:52:54 GMT
etag: "-375139978"
last-modified: Thu, 16 Apr 2020 10:44:16 GMT
x-request-id: 1026588804
content-type: text/javascript
content-encoding: br
x-cdn-pop: sbg
x-cdn-pop-ip: 137.74.120.0/27
x-cacheable: Matched cache
accept-ranges: bytes
content-length: 4364
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fce27f1aa-8d31-4110-a47f-73de0b95926d.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fce27f1aa-8d31-4110-a47f-73de0b95926d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 10a6491e2c1dfde68c7cd7297e70700f
d0f195319825a6d3e5e50ad15b2fcab27cb65896
4d9353d5874e5ea03c25e1562db5f479c222a48db526fdd10ede7c2e6a4dd874
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fce27f1aa-8d31-4110-a47f-73de0b95926d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11470
x-amzn-requestid: 62d61967-9380-4ca9-b11a-531425dbd2ae
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fIf6WFgAIAMF6gw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cce042-6d9fe51029094b7f37c0a648;Sampled=0
x-amzn-remapped-date: Sun, 22 Jan 2023 07:05:38 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: rUIvvkZQ028ey3klplI-x9oZFugon5HsAWT-SN2GQo5hBeBJWqoMAg==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 04:01:15 GMT
age: 60991
etag: "d0f195319825a6d3e5e50ad15b2fcab27cb65896"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9a423a9-16ee-4e3f-b9b4-34f6a469aba9.jpeg
34.120.237.76200 OK 9.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9a423a9-16ee-4e3f-b9b4-34f6a469aba9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3be81f83687ddb6c93d3ff3c09a9dba2
50a48e737310d3f31840db4301b25927fbcc12c5
e78c909e2381898e7f546183784a05dff47c31734c95358aaada8c2777ad47be
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9a423a9-16ee-4e3f-b9b4-34f6a469aba9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9167
x-amzn-requestid: f644ca78-a07a-43d1-96e4-95bcdecff7fb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fPGLfFtOIAMFp7w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cf83e2-202ca7160544acd24259bd5d;Sampled=0
x-amzn-remapped-date: Tue, 24 Jan 2023 07:08:18 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: xRwqrWS66l4qJfg2HnGphN1dbrIUod9XKW3zTk_-Km9AQRPyV2UqWg==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 20:46:17 GMT
age: 689
etag: "50a48e737310d3f31840db4301b25927fbcc12c5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
v1.addthisedge.com/live/boost/ra-5c9df29d09625432/_ate.track.config_resp
23.38.200.123200 OK 554 B URL HTTP/2 v1.addthisedge.com/live/boost/ra-5c9df29d09625432/_ate.track.config_resp
IP 23.38.200.123:0
File type ASCII text, with very long lines (1563), with no line terminators
Hash dc7cd011020c9ce7f88a9ec8b3801859
9b81d45c0725b8f599228993946b9dc9f878bb96
bc0fb7cd426a881952c1ef5c95c52163e87c8a3640525f20d71066077f654426
GET /live/boost/ra-5c9df29d09625432/_ate.track.config_resp HTTP/1.1
Host: v1.addthisedge.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ww1.cuevana3.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript;charset=utf-8
content-length: 554
etag: 645180221--gzip
content-disposition: attachment; filename=1.txt
content-encoding: gzip
cache-control: public, max-age=10, s-maxage=86400
date: Sun, 29 Jan 2023 20:57:46 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2
m.addthis.com/live/red_lojson/300lo.json?si=63d6ddd12b66bc7f&bkl=0&bl=1&pdt=870&sid=63d6ddd12b66bc7f&pub=ra-5c9df29d09625432&rev=v8.28.8-wp&ln=es&pc=men&cb=0&ab=-&dp=ww1.cuevana3.to&fp=%3Fs%3Drick%2By%2Bmorty&fr=&of=0&pd=0&irt=0&vcl=0&md=0&ct=1&tct=0&abt=0&cdn=0&pi=1&rb=0&gen=100&chr=UTF-8&colc=1675025874461&jsl=1&uvs=63d6ddd16c0478e8000&skipb=1&callback=addthis.cbs.jsonp__35066899992645130
23.38.200.123200 OK 89 B URL HTTP/2 m.addthis.com/live/red_lojson/300lo.json?si=63d6ddd12b66bc7f&bkl=0&bl=1&pdt=870&sid=63d6ddd12b66bc7f&pub=ra-5c9df29d09625432&rev=v8.28.8-wp&ln=es&pc=men&cb=0&ab=-&dp=ww1.cuevana3.to&fp=%3Fs%3Drick%2By%2Bmorty&fr=&of=0&pd=0&irt=0&vcl=0&md=0&ct=1&tct=0&abt=0&cdn=0&pi=1&rb=0&gen=100&chr=UTF-8&colc=1675025874461&jsl=1&uvs=63d6ddd16c0478e8000&skipb=1&callback=addthis.cbs.jsonp__35066899992645130
IP 23.38.200.123:0
File type ASCII text, with no line terminators
Hash ef6f6117a504a3daabbeb66a3028a511
f4d93d7292a2eeefff4bc02a0b43fe4aef705279
afb2cfd00b0b1e1f1d5471f0fdd4271c7e55fdd05385824dd2fca75511ae672d
GET /live/red_lojson/300lo.json?si=63d6ddd12b66bc7f&bkl=0&bl=1&pdt=870&sid=63d6ddd12b66bc7f&pub=ra-5c9df29d09625432&rev=v8.28.8-wp&ln=es&pc=men&cb=0&ab=-&dp=ww1.cuevana3.to&fp=%3Fs%3Drick%2By%2Bmorty&fr=&of=0&pd=0&irt=0&vcl=0&md=0&ct=1&tct=0&abt=0&cdn=0&pi=1&rb=0&gen=100&chr=UTF-8&colc=1675025874461&jsl=1&uvs=63d6ddd16c0478e8000&skipb=1&callback=addthis.cbs.jsonp__35066899992645130 HTTP/1.1
Host: m.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ww1.cuevana3.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript;charset=utf-8
content-length: 89
cache-control: max-age=0, no-cache, no-store, no-transform
pragma: no-cache
content-disposition: attachment; filename=1.txt
date: Sun, 29 Jan 2023 20:57:46 GMT
X-Firefox-Spdy: h2
s7.addthis.com/static/layers.fa6cd1947ce26e890d3d.js
23.38.200.123200 OK 78 kB URL HTTP/2 s7.addthis.com/static/layers.fa6cd1947ce26e890d3d.js
IP 23.38.200.123:0
File type Unicode text, UTF-8 text, with very long lines (65533), with no line terminators
Hash 9a77dff666eebb6cf4bbc4c67c7b563b
9e98d7824a7b4e34665c2690d6f52caddad1fe4b
6cdf8e597f3cbe759531153fd926d51aeaebd836a1c9bc1436e079645bfd3ad7
GET /static/layers.fa6cd1947ce26e890d3d.js HTTP/1.1
Host: s7.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ww1.cuevana3.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.15.8
content-type: application/javascript
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
etag: W/"5f971164-41cf5"
timing-allow-origin: *
cache-control: public, max-age=86313600
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
content-length: 77672
date: Sun, 29 Jan 2023 20:57:46 GMT
vary: Accept-Encoding
x-host: s7.addthis.com
X-Firefox-Spdy: h2
s10.histats.com/counters/cc_511.js
46.105.201.240200 OK 6.0 kB URL HTTP/2 s10.histats.com/counters/cc_511.js
IP 46.105.201.240:0
File type HTML document, ASCII text, with very long lines (14926), with no line terminators
Hash e0963faf9f8d4dd4683c649033bfe3e6
8b8365dac8c2d50836e19456f025370ee782598f
80ac8877a54d16e397e9518ce7221d0abad87a39ffd0221a99227540eeb8b2a8
GET /counters/cc_511.js HTTP/1.1
Host: s10.histats.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ww1.cuevana3.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 20:56:41 GMT
etag: "1364484781"
last-modified: Thu, 16 Apr 2020 10:45:32 GMT
x-request-id: 650777008
content-type: text/javascript
content-encoding: br
x-cdn-pop: sbg
x-cdn-pop-ip: 137.74.120.0/27
x-cacheable: Matched cache
accept-ranges: bytes
content-length: 5984
X-Firefox-Spdy: h2
s7.addthis.com/static/195.461912c47007775093ae.js
23.38.200.123200 OK 298 B URL HTTP/2 s7.addthis.com/static/195.461912c47007775093ae.js
IP 23.38.200.123:0
File type ASCII text, with very long lines (384), with no line terminators
Hash b3a09bfb320e3798865e9543432f891f
1b852bdc37086072c734acec0af4d1971e6ec320
62048a133b36399f6990ddbf705fc3a2cd9a8a9d010e1fb89ed8bdd25d56fca3
GET /static/195.461912c47007775093ae.js HTTP/1.1
Host: s7.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ww1.cuevana3.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.15.8
content-type: application/javascript
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
etag: W/"5f971164-180"
timing-allow-origin: *
cache-control: public, max-age=86313600
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
content-length: 298
date: Sun, 29 Jan 2023 20:57:46 GMT
vary: Accept-Encoding
x-host: s7.addthis.com
X-Firefox-Spdy: h2
excretekings.com/sbar.json?key=34985ca06dab7fe2d7ae9a26a7797c3e&uuid=b376ab6a-c6cc-4f7b-b683-813493cc8b8c%3A2%3A1
192.243.61.227200 OK 4.4 kB URL HTTP/1.1 excretekings.com/sbar.json?key=34985ca06dab7fe2d7ae9a26a7797c3e&uuid=b376ab6a-c6cc-4f7b-b683-813493cc8b8c%3A2%3A1
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , ASCII text, with very long lines (6206), with no line terminators
Hash dbcd2b0a782c075d25363ae6dcb8b000
73f2b352396386c4b6d3673d8d42c88964599d60
dc61321c06eb0fcf7d29fcdc76ae8ea89391e93cffcf0237c59faae30cb9a3be
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=34985ca06dab7fe2d7ae9a26a7797c3e&uuid=b376ab6a-c6cc-4f7b-b683-813493cc8b8c%3A2%3A1 HTTP/1.1
Host: excretekings.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ww1.cuevana3.to
Connection: keep-alive
Referer: https://ww1.cuevana3.to/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 29 Jan 2023 20:57:46 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://ww1.cuevana3.to
Access-Control-Allow-Origin: https://ww1.cuevana3.to
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=18186656; expires=Mon, 30 Jan 2023 20:57:46 GMT; secure; SameSite=None
uid_id2=b376ab6a-c6cc-4f7b-b683-813493cc8b8c:2:1; expires=Sun, 05 Feb 2023 20:57:46 GMT; secure; SameSite=None
pdhtkv=true; expires=Mon, 30 Jan 2023 20:57:46 GMT; secure; SameSite=None
uncs=1; expires=Mon, 30 Jan 2023 20:57:46 GMT; secure; SameSite=None
pdhtkv29=true; expires=Mon, 30 Jan 2023 20:57:46 GMT; secure; SameSite=None
uncs29=1; expires=Mon, 30 Jan 2023 20:57:46 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 28f3a65f0800a54e7e0383b7ef34e3e2
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
api-public.addthis.com/url/shares.json?url=http%3A%2F%2Fww1.cuevana3.to%2F%3Fs%3Drick%2By%2Bmorty&callback=_ate.cbs.rcb_hzx10
23.38.200.123200 OK 148 B URL HTTP/2 api-public.addthis.com/url/shares.json?url=http%3A%2F%2Fww1.cuevana3.to%2F%3Fs%3Drick%2By%2Bmorty&callback=_ate.cbs.rcb_hzx10
IP 23.38.200.123:0
Hash 12a94aa23a6b50bf452364588dd0c898
05d1158c24dbff934a1e1575e56ed541fe4ca3f3
e6a2832a7aaa3d418d3346517b6389ed6ff0733d5bb3b1d99659e8d0951bcb53
GET /url/shares.json?url=http%3A%2F%2Fww1.cuevana3.to%2F%3Fs%3Drick%2By%2Bmorty&callback=_ate.cbs.rcb_hzx10 HTTP/1.1
Host: api-public.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ww1.cuevana3.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.15.8
content-type: application/json
cache-control: no-transform, must-revalidate, max-age=0, s-maxage=3600
surrogate-key: ww1.cuevana3.to/?s=rick+y+morty
last-modified: Sun, 29 Jan 2023 20:57:46 GMT
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
content-length: 53
date: Sun, 29 Jan 2023 20:57:46 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2
api-public.addthis.com/url/serviceapi/shares-post.json?services=sFbt&url=https%3A%2F%2Fww1.cuevana3.to%2F%3Fs%3Drick%2By%2Bmorty
23.38.200.123200 OK 2 B URL HTTP/2 api-public.addthis.com/url/serviceapi/shares-post.json?services=sFbt&url=https%3A%2F%2Fww1.cuevana3.to%2F%3Fs%3Drick%2By%2Bmorty
IP 23.38.200.123:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
POST /url/serviceapi/shares-post.json?services=sFbt&url=https%3A%2F%2Fww1.cuevana3.to%2F%3Fs%3Drick%2By%2Bmorty HTTP/1.1
Host: api-public.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: text/plain
Origin: https://ww1.cuevana3.to
Connection: keep-alive
Referer: https://ww1.cuevana3.to/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 200 OK
server: nginx/1.15.8
content-type: application/json
content-length: 2
cache-control: no-transform, max-age=0, s-maxage=14400
surrogate-key: sFbt=https://ww1.cuevana3.to/?s=rick+y+morty
last-modified: Sun, 29 Jan 2023 20:00:00 GMT
access-control-allow-origin: https://ww1.cuevana3.to
access-control-allow-credentials: true
strict-transport-security: max-age=15724800; includeSubDomains
date: Sun, 29 Jan 2023 20:57:46 GMT
X-Firefox-Spdy: h2
api-public.addthis.com/url/shares.json?url=https%3A%2F%2Fww1.cuevana3.to%2F%3Fs%3Drick%2By%2Bmorty&callback=_ate.cbs.rcb_l2k50
23.38.200.123200 OK 53 B URL HTTP/2 api-public.addthis.com/url/shares.json?url=https%3A%2F%2Fww1.cuevana3.to%2F%3Fs%3Drick%2By%2Bmorty&callback=_ate.cbs.rcb_l2k50
IP 23.38.200.123:0
File type ASCII text, with no line terminators
Hash 1e695fb59f55af61d5ab19223c1fd651
73b333334309936c5bd41baab28f7d7fdd075510
372c681cca2b042aed0958bef9e7e539ff9a2f78f54083c071b7d1575c2605b1
GET /url/shares.json?url=https%3A%2F%2Fww1.cuevana3.to%2F%3Fs%3Drick%2By%2Bmorty&callback=_ate.cbs.rcb_l2k50 HTTP/1.1
Host: api-public.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ww1.cuevana3.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.15.8
content-type: application/json
cache-control: no-transform, must-revalidate, max-age=0, s-maxage=3600
surrogate-key: ww1.cuevana3.to/?s=rick+y+morty
last-modified: Sun, 29 Jan 2023 20:57:46 GMT
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
content-length: 53
date: Sun, 29 Jan 2023 20:57:46 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2
s4.histats.com/stats/0.php?4675661&@f16&@g1&@h1&@i1&@j1675025875317&@k0&@l1&@mrick%20y%20morty%20-%20Cuevana%203%20%7C%20Todas%20las%20Peliculas%20de%20Cuevana&@n0&@o1000&@q0&@r0&@s511&@ten-US&@u1280&@b1:-68203700&@b3:1675025875&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fww1.cuevana3.to%2F%3Fs%3Drick%2By%2Bmorty&@w
54.39.156.32200 OK 47 B URL HTTP/1.1 s4.histats.com/stats/0.php?4675661&@f16&@g1&@h1&@i1&@j1675025875317&@k0&@l1&@mrick%20y%20morty%20-%20Cuevana%203%20%7C%20Todas%20las%20Peliculas%20de%20Cuevana&@n0&@o1000&@q0&@r0&@s511&@ten-US&@u1280&@b1:-68203700&@b3:1675025875&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fww1.cuevana3.to%2F%3Fs%3Drick%2By%2Bmorty&@w
IP 54.39.156.32:0
File type ASCII text, with no line terminators
Hash 06b05ae9614bafae9b0b09cfbeed559e
9b087683529b7b89a117b2d5cbb35a93e7dcbaca
a60692031ce09be66be89784e8b0214c0f8b6f52cd8fd6a36129a635ffe41ad2
GET /stats/0.php?4675661&@f16&@g1&@h1&@i1&@j1675025875317&@k0&@l1&@mrick%20y%20morty%20-%20Cuevana%203%20%7C%20Todas%20las%20Peliculas%20de%20Cuevana&@n0&@o1000&@q0&@r0&@s511&@ten-US&@u1280&@b1:-68203700&@b3:1675025875&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fww1.cuevana3.to%2F%3Fs%3Drick%2By%2Bmorty&@w HTTP/1.1
Host: s4.histats.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ww1.cuevana3.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 20:57:46 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 47
Connection: close
excretekings.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSvW8c1Rd9k4%2Fml%2BqHoKAAtqAACa9ndvZrSBERQlCUYFtJwBLd%2B5r1Y9%2FOG703s7O2KAxBKA1ooQnl%2BKwdCxIQ%2BQMioTUNuPIigVzEdIg%2BEiVCu15p4Rbv3vPOLc499366k58QHzk9XnvHbCmt6XKj6ldeWVeJMIWrrNyuBH7Vv1hZV0mzfrEymD62%2F3rgN6r%2Bq5W3Je%2Ba5Zof%2BH7gB5WrysrYDJZnLFT6MAqqkV%2Bt16pBo46B%2FS92uQdHPYj%2BCXkGSkzOb%2Fz0CIqPkfS%2BvyJdNzPpa2%2F1ck0zY9EX%2B%2B8m3cQUCXqLMrYe4mR%2F3g3jJoR8dQYm2Z9PANPfnU4ApibE%2By0AS%2FbnMsH6e6dKmYZMwMQFFP0xpB5D0TG4uQMljgjABVZWkfTurxhb0M1Tlk7ZCTn311OoYkLOPXkWSe%2B7y1oNKreMzjNlEodBXEINxlCdMdL8ANmWB1UcgGcfQwmCpFdCieOXWdhqUtakS7zJ%2BVI9brEl1myHS%2B0grEch523W5jNrlBpDxWNoOQR1Z5A7D7nykMce8tRDTxxXaCOKfb8VszgM23XOeRhy3mg3RUOE9XbsI%2BdT7UNk6RBcD8HtNlK7ja76ckLI08dHy9%2FC5j%2FAbZRwwoPLCPqiRCEJCkdQUIJCERQZQdEv94R2NVfeF9rlLJjn2jyH5chknR26Z7KOTMhOekL%2BPzXOe%2B6jEl15XAnrUbvBqd8UlLViWRMtKiNaa9JWK2rxUMKpEsqdAXUettSEvPTJ50jVhJy%2F9zcYPYDTB%2BDKA81fAC1GrZoPujGqt31sJQ94Lvs0oWE1MxCmRJqdQ7bp7egT8vxsf9EfFyD54aV7n63%2BflG8D25LpLbEB%2BpHgo6%2BO7ppCrJ70xSOPFpNM9VTW3S621sZzeTZb67LzcJYce2KG379Bp8S0%2FLhbemyGzQRKuk48uCyEkLaq8ZySR5fc%2BuSreVu43Jukzy9sfbm1Wu91ErnlEnGoOrovQ%2FB1YT8z3ZnV%2Fvin9eh7Bg2L9HLD8k8oMwYPN2GSxfqnSGwetHDUg9FXo5sjS0%2BtSLQcoEpK%2BH%2Bhdmi3nF30bEeaHZndqt9W6KvS1A9hMvPjrLUHl76JZwFmPZGTFtvl2mrvzi11qnjimzEfiz9mmRxxOIW9UUU1yNGo0C2WIMGyNyE%2F%2Frk538AAAD%2F%2FwEAAP%2F%2FbaVQpY0EAAA%3D
192.243.61.227200 OK 7 B URL HTTP/1.1 excretekings.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSvW8c1Rd9k4%2Fml%2BqHoKAAtqAACa9ndvZrSBERQlCUYFtJwBLd%2B5r1Y9%2FOG703s7O2KAxBKA1ooQnl%2BKwdCxIQ%2BQMioTUNuPIigVzEdIg%2BEiVCu15p4Rbv3vPOLc499366k58QHzk9XnvHbCmt6XKj6ldeWVeJMIWrrNyuBH7Vv1hZV0mzfrEymD62%2F3rgN6r%2Bq5W3Je%2Ba5Zof%2BH7gB5WrysrYDJZnLFT6MAqqkV%2Bt16pBo46B%2FS92uQdHPYj%2BCXkGSkzOb%2Fz0CIqPkfS%2BvyJdNzPpa2%2F1ck0zY9EX%2B%2B8m3cQUCXqLMrYe4mR%2F3g3jJoR8dQYm2Z9PANPfnU4ApibE%2By0AS%2FbnMsH6e6dKmYZMwMQFFP0xpB5D0TG4uQMljgjABVZWkfTurxhb0M1Tlk7ZCTn311OoYkLOPXkWSe%2B7y1oNKreMzjNlEodBXEINxlCdMdL8ANmWB1UcgGcfQwmCpFdCieOXWdhqUtakS7zJ%2BVI9brEl1myHS%2B0grEch523W5jNrlBpDxWNoOQR1Z5A7D7nykMce8tRDTxxXaCOKfb8VszgM23XOeRhy3mg3RUOE9XbsI%2BdT7UNk6RBcD8HtNlK7ja76ckLI08dHy9%2FC5j%2FAbZRwwoPLCPqiRCEJCkdQUIJCERQZQdEv94R2NVfeF9rlLJjn2jyH5chknR26Z7KOTMhOekL%2BPzXOe%2B6jEl15XAnrUbvBqd8UlLViWRMtKiNaa9JWK2rxUMKpEsqdAXUettSEvPTJ50jVhJy%2F9zcYPYDTB%2BDKA81fAC1GrZoPujGqt31sJQ94Lvs0oWE1MxCmRJqdQ7bp7egT8vxsf9EfFyD54aV7n63%2BflG8D25LpLbEB%2BpHgo6%2BO7ppCrJ70xSOPFpNM9VTW3S621sZzeTZb67LzcJYce2KG379Bp8S0%2FLhbemyGzQRKuk48uCyEkLaq8ZySR5fc%2BuSreVu43Jukzy9sfbm1Wu91ErnlEnGoOrovQ%2FB1YT8z3ZnV%2Fvin9eh7Bg2L9HLD8k8oMwYPN2GSxfqnSGwetHDUg9FXo5sjS0%2BtSLQcoEpK%2BH%2Bhdmi3nF30bEeaHZndqt9W6KvS1A9hMvPjrLUHl76JZwFmPZGTFtvl2mrvzi11qnjimzEfiz9mmRxxOIW9UUU1yNGo0C2WIMGyNyE%2F%2Frk538AAAD%2F%2FwEAAP%2F%2FbaVQpY0EAAA%3D
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSvW8c1Rd9k4%2Fml%2BqHoKAAtqAACa9ndvZrSBERQlCUYFtJwBLd%2B5r1Y9%2FOG703s7O2KAxBKA1ooQnl%2BKwdCxIQ%2BQMioTUNuPIigVzEdIg%2BEiVCu15p4Rbv3vPOLc499366k58QHzk9XnvHbCmt6XKj6ldeWVeJMIWrrNyuBH7Vv1hZV0mzfrEymD62%2F3rgN6r%2Bq5W3Je%2Ba5Zof%2BH7gB5WrysrYDJZnLFT6MAqqkV%2Bt16pBo46B%2FS92uQdHPYj%2BCXkGSkzOb%2Fz0CIqPkfS%2BvyJdNzPpa2%2F1ck0zY9EX%2B%2B8m3cQUCXqLMrYe4mR%2F3g3jJoR8dQYm2Z9PANPfnU4ApibE%2By0AS%2FbnMsH6e6dKmYZMwMQFFP0xpB5D0TG4uQMljgjABVZWkfTurxhb0M1Tlk7ZCTn311OoYkLOPXkWSe%2B7y1oNKreMzjNlEodBXEINxlCdMdL8ANmWB1UcgGcfQwmCpFdCieOXWdhqUtakS7zJ%2BVI9brEl1myHS%2B0grEch523W5jNrlBpDxWNoOQR1Z5A7D7nykMce8tRDTxxXaCOKfb8VszgM23XOeRhy3mg3RUOE9XbsI%2BdT7UNk6RBcD8HtNlK7ja76ckLI08dHy9%2FC5j%2FAbZRwwoPLCPqiRCEJCkdQUIJCERQZQdEv94R2NVfeF9rlLJjn2jyH5chknR26Z7KOTMhOekL%2BPzXOe%2B6jEl15XAnrUbvBqd8UlLViWRMtKiNaa9JWK2rxUMKpEsqdAXUettSEvPTJ50jVhJy%2F9zcYPYDTB%2BDKA81fAC1GrZoPujGqt31sJQ94Lvs0oWE1MxCmRJqdQ7bp7egT8vxsf9EfFyD54aV7n63%2BflG8D25LpLbEB%2BpHgo6%2BO7ppCrJ70xSOPFpNM9VTW3S621sZzeTZb67LzcJYce2KG379Bp8S0%2FLhbemyGzQRKuk48uCyEkLaq8ZySR5fc%2BuSreVu43Jukzy9sfbm1Wu91ErnlEnGoOrovQ%2FB1YT8z3ZnV%2Fvin9eh7Bg2L9HLD8k8oMwYPN2GSxfqnSGwetHDUg9FXo5sjS0%2BtSLQcoEpK%2BH%2Bhdmi3nF30bEeaHZndqt9W6KvS1A9hMvPjrLUHl76JZwFmPZGTFtvl2mrvzi11qnjimzEfiz9mmRxxOIW9UUU1yNGo0C2WIMGyNyE%2F%2Frk538AAAD%2F%2FwEAAP%2F%2FbaVQpY0EAAA%3D HTTP/1.1
Host: excretekings.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ww1.cuevana3.to/
Cookie: u_pl=18186656; uid_id2=b376ab6a-c6cc-4f7b-b683-813493cc8b8c:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 29 Jan 2023 20:57:47 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: afeaa4ea541cd62cddd40badcb3e86cf
Strict-Transport-Security: max-age=0; includeSubdomains
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e34c204daf6f65e512d7168b01268c76
793aacf3316ca30d6bef3acaaf097e42e2013e49
a748e66ab50d8c910a381a0e653c9b3e95c15043c5c52e91fbaeb20282b9fd49
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A748E66AB50D8C910A381A0E653C9B3E95C15043C5C52E91FBAEB20282B9FD49"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14110
Expires: Mon, 30 Jan 2023 00:52:57 GMT
Date: Sun, 29 Jan 2023 20:57:47 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e3b8a8bc98172e8a530326f7d16570cd
4555b6600b5d18b4e5850a756fb47ead0e5c486e
12061f433c479a860c65363d2243aba95ad34ac6664e84c5c5ed9a2d8c343f8c
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "12061F433C479A860C65363D2243ABA95AD34AC6664E84C5C5ED9A2D8C343F8C"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5662
Expires: Sun, 29 Jan 2023 22:32:09 GMT
Date: Sun, 29 Jan 2023 20:57:47 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 75bf326700e29b1b06e57fb96ee2b064
4f979f28905b65637a058cd44be6c25bb51a42e4
385f7a9c4112c4d674264d02229719e7f82e7039e681db8aaa6685ebab2be0c1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 20:57:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.creative-bars1.com/sb/ssp/sweep/social-box/white-small/img/close.png
172.64.167.9200 OK 6.0 kB URL HTTP/2 cdn.creative-bars1.com/sb/ssp/sweep/social-box/white-small/img/close.png
IP 172.64.167.9:0
File type PNG image data, 522 x 391, 8-bit/color RGBA, non-interlaced\012- data
Hash c489ce2c491a22ee37a55e26a92dfd73
2fa588ab09e94dd902e5bd24b48f98ad1949c9d6
1eed147c7d5de6291c25fbc5274830c12d5549262fb144271576d4e15966e5bd
GET /sb/ssp/sweep/social-box/white-small/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 20:57:47 GMT
content-type: image/png
content-length: 5982
last-modified: Tue, 21 Sep 2021 12:02:03 GMT
etag: "6149c9bb-175e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 279200
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LjKmkq%2Fpi7AThGOS6uAJFJBignRjFJRzkAZZXijmI7oP6y1koZWd4Lh2k1asnqVK5UyGW1cUjVXwMTz4iJviKnGGTaymGrlCjwZ3YjlFqZ6wWZjrF7UY2dIWblPmizLVjppb7fP71RjF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7914e1d6c88d7200-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
142.250.74.106200 OK 1.0 kB URL HTTP/2 fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
IP 142.250.74.106:0
Hash 98ec54e11391306513a36a577ca2efc9
531f26bb584c29aa89af4e7e93b96f38534b09fb
d7be2d7f3b8b2886b42d84900e5cd7052f8e286010ac18e6ddfae6d6c7017cd1
GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 29 Jan 2023 20:57:47 GMT
date: Sun, 29 Jan 2023 20:57:47 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ba712b809d1107138674cd304e041068
cb7ed5692720084e2b66e724712685d1d56dbe94
1624708856cbcf339b6acc2d31268b693af742aa1b0c699391dddbb09c493347
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1624708856CBCF339B6ACC2D31268B693AF742AA1B0C699391DDDBB09C493347"
Last-Modified: Sat, 28 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4370
Expires: Sun, 29 Jan 2023 22:10:37 GMT
Date: Sun, 29 Jan 2023 20:57:47 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 62452129bb8dec065bf82af1cd2325a0
9b32f067ac26364f2cd578bcdd40c50d18fd03d7
0d2f762553a22b9679301179d107a4a8f2e01efd82c6f432a806d4810481a08c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0D2F762553A22B9679301179D107A4A8F2E01EFD82C6F432A806D4810481A08C"
Last-Modified: Sun, 29 Jan 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8331
Expires: Sun, 29 Jan 2023 23:16:38 GMT
Date: Sun, 29 Jan 2023 20:57:47 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 75bf326700e29b1b06e57fb96ee2b064
4f979f28905b65637a058cd44be6c25bb51a42e4
385f7a9c4112c4d674264d02229719e7f82e7039e681db8aaa6685ebab2be0c1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 20:57:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.cloudimagesb.com/si/97/1b/94/971b94f609762e18222a7efa0ac567cc/1667590869.png
45.133.44.10200 OK 33 kB URL HTTP/2 cdn.cloudimagesb.com/si/97/1b/94/971b94f609762e18222a7efa0ac567cc/1667590869.png
IP 45.133.44.10:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash 99620d5e4f1ae93546c6dd31a58b5dd2
9dbe4c1e192890c3ddf47e7d1b7ba083b6c81aa6
8bb431af545d60f16b55862430b4876b8443d4d2969eaa49be045d414864b3f2
GET /si/97/1b/94/971b94f609762e18222a7efa0ac567cc/1667590869.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 20:57:47 GMT
content-type: image/png
content-length: 32558
server: nginx/1.17.6
last-modified: Fri, 04 Nov 2022 19:41:17 GMT
etag: "63656add-7f2e"
expires: Tue, 31 Jan 2023 20:57:47 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
ww1.cuevana3.to/static/wp-content/plugins/wp-postratings/css/postratings-css.css
188.114.96.1200 OK 386 B URL HTTP/2 ww1.cuevana3.to/static/wp-content/plugins/wp-postratings/css/postratings-css.css
IP 188.114.96.1:0
Hash 0ccc7120a2387aa567b442491edc58fa
7630234274667fd9f6e44b9a09cc06be964aaec6
1025baf42dcf06c2233dd1dd2ae810428c838637fe28e21c0b32c276428b60dc
GET /static/wp-content/plugins/wp-postratings/css/postratings-css.css HTTP/1.1
Host: ww1.cuevana3.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ww1.cuevana3.to/?s=rick+y+morty
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 20:57:44 GMT
content-type: text/css
last-modified: Fri, 24 Jun 2022 06:52:14 GMT
vary: Accept-Encoding
etag: W/"62b55f1e-549"
expires: Sun, 29 Jan 2023 21:40:21 GMT
cache-control: max-age=43200
cf-cache-status: HIT
age: 39873
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jrjxtTgEKxxOZMYyGlL1WDv4xrh2yJYe6PgFWZpyqWzH05zsmw2Idq3fsG%2FyZO5FJTic7biGPqfl0pp9paeAMtbPirM3Rez3MR1Lu%2Btcm1ylmI3TXeWCHYJvaZsbiF%2FH8qM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7914e1c5ff77b518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
friendshipmale.com/sfp.js
172.64.202.23200 OK 27 kB URL HTTP/2 friendshipmale.com/sfp.js
IP 172.64.202.23:0
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash 7d08e108469ec4f191e487612733570d
2266c4c3096af8f69a10bc37510286c32b473ba3
a59c526f279e496457e39c08b2db1db6a7bdaca08af2d514f0a761b93246a46c
Analyzer Verdict Alert fortinet Malware
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ww1.cuevana3.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 20:57:45 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: fa04565c2886e0a0bf6675f4ca8f0bcf
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sun, 29 Jan 2023 20:57:45 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Jl4RcCBiTdwAVjQnOreATTSuUxcxeKlm5CtMHue3U3ObxXh5UcKGip7p1u7z3KllDDaGQ3vgffnqgOI3u%2BULgny41z29Ll3Vbk2itVW6fCWxPMgKlPx6S87Kq%2BEf847A6zvZEQ8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7914e1cc28228e0c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash db3290a85d0ba4da27406ae9636aa618
4c69da45eddd66a1e26fce5562fc45eda7005309
19db4d0cc84bff9586883a5fa69c426af0b5fc1c2760ee7c259b0307c8afa6b2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 20:57:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash db3290a85d0ba4da27406ae9636aa618
4c69da45eddd66a1e26fce5562fc45eda7005309
19db4d0cc84bff9586883a5fa69c426af0b5fc1c2760ee7c259b0307c8afa6b2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 20:57:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ww1.cuevana3.to
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 29 Jan 2023 20:52:23 GMT
expires: Mon, 29 Jan 2024 20:52:23 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
age: 324
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ww1.cuevana3.to
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 24 Jan 2023 13:09:06 GMT
expires: Wed, 24 Jan 2024 13:09:06 GMT
cache-control: public, max-age=31536000
age: 460121
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
excretekings.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSvW8j1Rd9sx%2FNb6sfgoICcEEBEnFmPLZnTIoVYQmKdkmi3YVIdO9rnIfH80bvzXiciCKwCG0DMjRLOTlONoJdEPsHrIQcGkgVI4FSbOgQ%2FUqUCNmxZLjFu%2Fe8c4tzz72f7uVnxEVOTzfe0Tsqjulio%2BpWXtlUidCFrazdrnhu1V2qbKqkWV%2Bq9CeP6b3uuY2q%2B2rlbck7erHmeq7ruV5lRRkZ6f7ilIVKH7a8asut1mtVr1FH3%2FwX29yBpQ5E74w8AyXGl7d%2BegTFR0i631%2BTtpPp9LW3unlMM23QE4fvJp1EFwm68zIyDqLkcNYNbceEfHUBOjmcTQDd259MAKbGxPnNA0sOZzLBegfnSlkMmYCJKyh6I8h4BEVH4PoOlDghABdYW0fSvb%2BmTUG3z1k6Ycfk0l9PoYoxufTkWSTd75Zj1a%2Fc0nGeKZ1Y9KMSqj%2BCao%2BQ5kfIdhyo4gg8%2BxhKECTdEkqcvsz8oElZky7wJucL9ShgC6wZ%2Bguh59dbPuchC%2FnUGqVGUNEIsRyA2gvIrYNcOcgjB3nqoCtOK7TRilw3iFjk%2B2Gdc%2B77nDfCpmgIvx5GLnI%2B0T5Alg7A4wG42UVqdtFRX44Jefr4ZPFbmPwH2K0SVjiwGUFPlCgkQWEJCkpQKIIiIyh65YGIbc2W90Vsc%2BbNcm2W%2FXKos%2FYePdBZWyZkLz0j%2F58Y5zz3UYmOPK349VbY4NRtCsqCSNZEQGWL1po0CFoB9yWsKqHsBVDrYEeNyUuffI5Ujcnle3%2BD0SPY%2BAhcOaD5C6DFMKi5oFvDeuhiJ3nAc9mjCfWrmYbQJdLsErJtZy8%2BI89P99f64wokP75677P135fE%2B%2BCmRGpKfKB%2BJGjHd4c3dUH2b%2BrCkkfraaa6aodOdnsro5m8%2BM11uV1oI1av2cHXb%2FAJMSkf3pY2u0EToZK2JQ%2BWlRDSrGjDJXm8ajcl28jt1nJukjy9sfHmymo3NdJapZMRqDp570NwNSb%2FM53p1b7453UoM4LJS3TzYzILKD0CT3dh07l6qwlMPO9hqYMiL4emxuafsSKI5RxTVsL%2BC7N5vWfvom0c0OzO9FZ7pkQvLkHjAWx%2BcZil5vjqL%2F40wGJnyGLj7LPYxF%2BcW2vVaaXh1WXIwoALwSQXXlDzQ991a0LUg5b0WsjsmP%2F65Od%2FAAAA%2F%2F8BAAD%2F%2F3mt3kONBAAA
192.243.61.227200 OK 7 B URL HTTP/1.1 excretekings.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSvW8j1Rd9sx%2FNb6sfgoICcEEBEnFmPLZnTIoVYQmKdkmi3YVIdO9rnIfH80bvzXiciCKwCG0DMjRLOTlONoJdEPsHrIQcGkgVI4FSbOgQ%2FUqUCNmxZLjFu%2Fe8c4tzz72f7uVnxEVOTzfe0Tsqjulio%2BpWXtlUidCFrazdrnhu1V2qbKqkWV%2Bq9CeP6b3uuY2q%2B2rlbck7erHmeq7ruV5lRRkZ6f7ilIVKH7a8asut1mtVr1FH3%2FwX29yBpQ5E74w8AyXGl7d%2BegTFR0i631%2BTtpPp9LW3unlMM23QE4fvJp1EFwm68zIyDqLkcNYNbceEfHUBOjmcTQDd259MAKbGxPnNA0sOZzLBegfnSlkMmYCJKyh6I8h4BEVH4PoOlDghABdYW0fSvb%2BmTUG3z1k6Ycfk0l9PoYoxufTkWSTd75Zj1a%2Fc0nGeKZ1Y9KMSqj%2BCao%2BQ5kfIdhyo4gg8%2BxhKECTdEkqcvsz8oElZky7wJucL9ShgC6wZ%2Bguh59dbPuchC%2FnUGqVGUNEIsRyA2gvIrYNcOcgjB3nqoCtOK7TRilw3iFjk%2B2Gdc%2B77nDfCpmgIvx5GLnI%2B0T5Alg7A4wG42UVqdtFRX44Jefr4ZPFbmPwH2K0SVjiwGUFPlCgkQWEJCkpQKIIiIyh65YGIbc2W90Vsc%2BbNcm2W%2FXKos%2FYePdBZWyZkLz0j%2F58Y5zz3UYmOPK349VbY4NRtCsqCSNZEQGWL1po0CFoB9yWsKqHsBVDrYEeNyUuffI5Ujcnle3%2BD0SPY%2BAhcOaD5C6DFMKi5oFvDeuhiJ3nAc9mjCfWrmYbQJdLsErJtZy8%2BI89P99f64wokP75677P135fE%2B%2BCmRGpKfKB%2BJGjHd4c3dUH2b%2BrCkkfraaa6aodOdnsro5m8%2BM11uV1oI1av2cHXb%2FAJMSkf3pY2u0EToZK2JQ%2BWlRDSrGjDJXm8ajcl28jt1nJukjy9sfHmymo3NdJapZMRqDp570NwNSb%2FM53p1b7453UoM4LJS3TzYzILKD0CT3dh07l6qwlMPO9hqYMiL4emxuafsSKI5RxTVsL%2BC7N5vWfvom0c0OzO9FZ7pkQvLkHjAWx%2BcZil5vjqL%2F40wGJnyGLj7LPYxF%2BcW2vVaaXh1WXIwoALwSQXXlDzQ991a0LUg5b0WsjsmP%2F65Od%2FAAAA%2F%2F8BAAD%2F%2F3mt3kONBAAA
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSvW8j1Rd9sx%2FNb6sfgoICcEEBEnFmPLZnTIoVYQmKdkmi3YVIdO9rnIfH80bvzXiciCKwCG0DMjRLOTlONoJdEPsHrIQcGkgVI4FSbOgQ%2FUqUCNmxZLjFu%2Fe8c4tzz72f7uVnxEVOTzfe0Tsqjulio%2BpWXtlUidCFrazdrnhu1V2qbKqkWV%2Bq9CeP6b3uuY2q%2B2rlbck7erHmeq7ruV5lRRkZ6f7ilIVKH7a8asut1mtVr1FH3%2FwX29yBpQ5E74w8AyXGl7d%2BegTFR0i631%2BTtpPp9LW3unlMM23QE4fvJp1EFwm68zIyDqLkcNYNbceEfHUBOjmcTQDd259MAKbGxPnNA0sOZzLBegfnSlkMmYCJKyh6I8h4BEVH4PoOlDghABdYW0fSvb%2BmTUG3z1k6Ycfk0l9PoYoxufTkWSTd75Zj1a%2Fc0nGeKZ1Y9KMSqj%2BCao%2BQ5kfIdhyo4gg8%2BxhKECTdEkqcvsz8oElZky7wJucL9ShgC6wZ%2Bguh59dbPuchC%2FnUGqVGUNEIsRyA2gvIrYNcOcgjB3nqoCtOK7TRilw3iFjk%2B2Gdc%2B77nDfCpmgIvx5GLnI%2B0T5Alg7A4wG42UVqdtFRX44Jefr4ZPFbmPwH2K0SVjiwGUFPlCgkQWEJCkpQKIIiIyh65YGIbc2W90Vsc%2BbNcm2W%2FXKos%2FYePdBZWyZkLz0j%2F58Y5zz3UYmOPK349VbY4NRtCsqCSNZEQGWL1po0CFoB9yWsKqHsBVDrYEeNyUuffI5Ujcnle3%2BD0SPY%2BAhcOaD5C6DFMKi5oFvDeuhiJ3nAc9mjCfWrmYbQJdLsErJtZy8%2BI89P99f64wokP75677P135fE%2B%2BCmRGpKfKB%2BJGjHd4c3dUH2b%2BrCkkfraaa6aodOdnsro5m8%2BM11uV1oI1av2cHXb%2FAJMSkf3pY2u0EToZK2JQ%2BWlRDSrGjDJXm8ajcl28jt1nJukjy9sfHmymo3NdJapZMRqDp570NwNSb%2FM53p1b7453UoM4LJS3TzYzILKD0CT3dh07l6qwlMPO9hqYMiL4emxuafsSKI5RxTVsL%2BC7N5vWfvom0c0OzO9FZ7pkQvLkHjAWx%2BcZil5vjqL%2F40wGJnyGLj7LPYxF%2BcW2vVaaXh1WXIwoALwSQXXlDzQ991a0LUg5b0WsjsmP%2F65Od%2FAAAA%2F%2F8BAAD%2F%2F3mt3kONBAAA HTTP/1.1
Host: excretekings.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ww1.cuevana3.to/
Cookie: u_pl=18186656; uid_id2=b376ab6a-c6cc-4f7b-b683-813493cc8b8c:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 29 Jan 2023 20:57:47 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 3869ea0371e595ef1c0bfbe917bd9edd
Strict-Transport-Security: max-age=0; includeSubdomains
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash db3290a85d0ba4da27406ae9636aa618
4c69da45eddd66a1e26fce5562fc45eda7005309
19db4d0cc84bff9586883a5fa69c426af0b5fc1c2760ee7c259b0307c8afa6b2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 20:57:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
excretekings.com/pixel/sbs?c=1
192.243.61.227200 OK 0 B URL HTTP/1.1 excretekings.com/pixel/sbs?c=1
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: excretekings.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ww1.cuevana3.to/
Cookie: u_pl=18186656; uid_id2=b376ab6a-c6cc-4f7b-b683-813493cc8b8c:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 29 Jan 2023 20:57:47 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
ww1.cuevana3.to/static/wp-includes/css/global.styles.inline.css
188.114.96.1200 OK 0 B URL HTTP/2 ww1.cuevana3.to/static/wp-includes/css/global.styles.inline.css
IP 188.114.96.1:0
GET /static/wp-includes/css/global.styles.inline.css HTTP/1.1
Host: ww1.cuevana3.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ww1.cuevana3.to/?s=rick+y+morty
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 20:57:44 GMT
content-type: text/css
last-modified: Fri, 24 Jun 2022 08:04:50 GMT
vary: Accept-Encoding
etag: W/"62b57022-212e"
expires: Sun, 29 Jan 2023 21:40:21 GMT
cache-control: max-age=43200
cf-cache-status: HIT
age: 39873
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WVe%2FIBCgBhgCVR%2B2xqYu1wFU2E%2BQdUtoYh%2BkBJs6jxh9IC8oWVJ1t33LBYnau3BbO05jLug6QUt1uo4CRX%2BH1SUFP3o%2FiNV00iyFjitumnTlERMqTWK0jElFwlQk%2B%2Flm%2BCc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7914e1c5ff73b518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/ssp/sweep/social-box/white-small/css/animate.css
172.64.167.9200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/ssp/sweep/social-box/white-small/css/animate.css
IP 172.64.167.9:0
GET /sb/ssp/sweep/social-box/white-small/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ww1.cuevana3.to
Connection: keep-alive
Referer: https://ww1.cuevana3.to/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 20:57:47 GMT
content-type: text/css
last-modified: Tue, 21 Sep 2021 12:02:02 GMT
etag: W/"6149c9ba-13591"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 4579
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0GOyh049JilzQcDtqpFpPdv1S1uHDaf5aTv5X9E4Sieft2dl4OrerzxXxKFIEh8qgyHajMo4dRkM8M5Nq8V1oCF26RNA0njDj14l0MeoDvmCMx2OJJgMS8GG5Z4guIvCpt97RcT%2Buxi2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7914e1d66bc323dc-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ww1.cuevana3.to/static/wp-includes/css/dashicons.min.css
188.114.96.1200 OK 0 B URL HTTP/2 ww1.cuevana3.to/static/wp-includes/css/dashicons.min.css
IP 188.114.96.1:0
GET /static/wp-includes/css/dashicons.min.css HTTP/1.1
Host: ww1.cuevana3.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ww1.cuevana3.to/?s=rick+y+morty
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 20:57:44 GMT
content-type: text/css
last-modified: Fri, 24 Jun 2022 06:52:14 GMT
vary: Accept-Encoding
etag: W/"62b55f1e-e688"
expires: Sun, 29 Jan 2023 21:40:21 GMT
cache-control: max-age=43200
cf-cache-status: HIT
age: 39873
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xXYy%2FAT0rkxQrECqOk1ykmnZEYuIFViLnd3c3BlA3rLi54CrFgjKC3%2F96Y83CbqQ%2Fl6s9uxy4%2Bm1%2BT%2Bkyenc2y9R0GS7aV0XOVtEB7wjTeuJkKPM1l%2BxCA2mMkC5b%2B%2BNbls%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7914e1c5ff74b518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ww1.cuevana3.to/static/wp-content/themes/cuevana3/public/css/peli-public.css?v=1.0.1
188.114.96.1200 OK 0 B URL HTTP/2 ww1.cuevana3.to/static/wp-content/themes/cuevana3/public/css/peli-public.css?v=1.0.1
IP 188.114.96.1:0
GET /static/wp-content/themes/cuevana3/public/css/peli-public.css?v=1.0.1 HTTP/1.1
Host: ww1.cuevana3.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ww1.cuevana3.to/?s=rick+y+morty
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 20:57:44 GMT
content-type: text/css
last-modified: Mon, 04 Jul 2022 07:04:36 GMT
vary: Accept-Encoding
etag: W/"62c29104-18d6f"
expires: Sun, 29 Jan 2023 21:40:21 GMT
cache-control: max-age=43200
cf-cache-status: HIT
age: 39873
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6VhhUXvsKsCnTWOB8kOQlG1An%2Fv2DSqWkqPAPQWZQ8kaPslSPKeYg1yRsNMuJ%2Fn%2BiHs0OquiwvnI7vOz%2BlJJua2YB5ps4N105vhumzG0nr40iHjOex8Z4cJwOkk%2F2gEOufM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7914e1c5ff7bb518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ww1.cuevana3.to/static/wp-content/themes/cuevana3/helpers/loadmore/js/loadMoreResults.js
188.114.96.1200 OK 0 B URL HTTP/2 ww1.cuevana3.to/static/wp-content/themes/cuevana3/helpers/loadmore/js/loadMoreResults.js
IP 188.114.96.1:0
GET /static/wp-content/themes/cuevana3/helpers/loadmore/js/loadMoreResults.js HTTP/1.1
Host: ww1.cuevana3.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ww1.cuevana3.to/?s=rick+y+morty
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 20:57:44 GMT
content-type: application/javascript
last-modified: Fri, 24 Jun 2022 06:51:50 GMT
vary: Accept-Encoding
etag: W/"62b55f06-9b7"
expires: Sun, 29 Jan 2023 21:40:22 GMT
cache-control: max-age=43200
cf-cache-status: HIT
age: 39873
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4%2FtKksrUeQhcIaZagsmHU55nSTXha0A5KroKCUpLcmfnA0magSyhtxl97Tsh2a6QC12iSTBVOnPDzeCY%2BLnNfr00vb8PJRqJUfoPgKgouB6M%2B55CYHqXVCMWyyvd%2BkswOis%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7914e1c60f9bb518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ww1.cuevana3.to/static/wp-content/themes/cuevana3/public/js/bct-public.js?v=1.0.3
188.114.96.1200 OK 0 B URL HTTP/2 ww1.cuevana3.to/static/wp-content/themes/cuevana3/public/js/bct-public.js?v=1.0.3
IP 188.114.96.1:0
GET /static/wp-content/themes/cuevana3/public/js/bct-public.js?v=1.0.3 HTTP/1.1
Host: ww1.cuevana3.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ww1.cuevana3.to/?s=rick+y+morty
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 20:57:44 GMT
content-type: application/javascript
last-modified: Thu, 30 Jun 2022 02:46:17 GMT
vary: Accept-Encoding
etag: W/"62bd0e79-13d2a"
expires: Sun, 29 Jan 2023 21:40:22 GMT
cache-control: max-age=43200
cf-cache-status: HIT
age: 39873
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7TYlG7rm2pH9CK4GMvOLJE4AqI7eeEq4sLfLzgzHDpk7R6A7DHFb9pHCmL%2FFBvY25X8ZZhsn1FDWpE9FIwry3iFX%2BHqDVH64NX1IhPFHYfb5dAgHq2HYB6XZYtRJPo%2FB%2BVk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7914e1c60fa2b518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/ssp/sweep/social-box/white-small/css/style.css
172.64.167.9200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/ssp/sweep/social-box/white-small/css/style.css
IP 172.64.167.9:0
GET /sb/ssp/sweep/social-box/white-small/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ww1.cuevana3.to
Connection: keep-alive
Referer: https://ww1.cuevana3.to/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 20:57:47 GMT
content-type: text/css
last-modified: Mon, 24 Jan 2022 10:39:40 GMT
etag: W/"61ee81ec-123b"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 4579
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PV8FGHdBH2QUoan3m5DzwoCj9le6pcly8ZTdUT3dkCALXyM%2FcvvocFdYlJ6zPuzVhLR8jQBpG1NK71zKmlZrGgZabNw1Kv90snPl5ZnYrwfjqSUVtlWoCkcs%2BePOdsy4WXTYvco6K%2Fii"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7914e1d67be523dc-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/ssp/sweep/social-box/white-small/js/jquery.min.js
172.64.167.9200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/ssp/sweep/social-box/white-small/js/jquery.min.js
IP 172.64.167.9:0
GET /sb/ssp/sweep/social-box/white-small/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 20:57:47 GMT
content-type: application/javascript
last-modified: Tue, 21 Sep 2021 12:02:04 GMT
etag: W/"6149c9bc-1499c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 6505577
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lu4V3OXLSDgX1O7CZvvd6ICbbv6T%2FTANgVnToJz6XLwi7m3GnaE0rXyo3lHnWMTTrG%2FblbVAbc8bGc38LkwEDJafNW5p08%2FulD%2FEvWigLIh1QbhXpf%2Bc4e%2BCYI5N0Mho9Bmo1%2FT5ht%2B7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7914e1d6b8867200-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ww1.cuevana3.to/static/wp-includes/css/fa.css
188.114.96.1200 OK 0 B URL HTTP/2 ww1.cuevana3.to/static/wp-includes/css/fa.css
IP 188.114.96.1:0
GET /static/wp-includes/css/fa.css HTTP/1.1
Host: ww1.cuevana3.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ww1.cuevana3.to/?s=rick+y+morty
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 20:57:44 GMT
content-type: text/css
last-modified: Fri, 24 Jun 2022 08:07:44 GMT
vary: Accept-Encoding
etag: W/"62b570d0-d470"
expires: Sun, 29 Jan 2023 21:40:22 GMT
cache-control: max-age=43200
cf-cache-status: HIT
age: 39873
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eVHn0muoBbkgFFUtOe35hYjCv3fXQyHU7FBCzVSNk%2BIYJ7WGbBOmz%2BuPm2f55wdj8GH9locTN4gwStidn8qoilsvbkMRKDBAbwP0ChizTfvLDxAqkkegsRUrJpVJMm0eL04%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7914e1c60f8cb518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ww1.cuevana3.to/static/wp-content/themes/cuevana3/helpers/sweetalert/sweetalert2.all.js
188.114.96.1200 OK 0 B URL HTTP/2 ww1.cuevana3.to/static/wp-content/themes/cuevana3/helpers/sweetalert/sweetalert2.all.js
IP 188.114.96.1:0
GET /static/wp-content/themes/cuevana3/helpers/sweetalert/sweetalert2.all.js HTTP/1.1
Host: ww1.cuevana3.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ww1.cuevana3.to/?s=rick+y+morty
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 20:57:44 GMT
content-type: application/javascript
last-modified: Fri, 24 Jun 2022 06:51:50 GMT
vary: Accept-Encoding
etag: W/"62b55f06-196e9"
expires: Sun, 29 Jan 2023 21:40:22 GMT
cache-control: max-age=43200
cf-cache-status: HIT
age: 39873
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CU2hTsm8WSIr%2BPr%2BEe4p3ppSH1wFQC8awdVNnYu0U3w23Xz3b2jsSHGdfcqQR8Q7KgSx%2Fd8wiEC%2FV4XnTULttBEiGzpk5pbxvkn9Dk%2F7S66P02zaLlqGqHDqVQ4iXrSZ9e0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7914e1c60fa1b518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/ssp/sweep/social-box/white-small/js/script.js
172.64.167.9200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/ssp/sweep/social-box/white-small/js/script.js
IP 172.64.167.9:0
GET /sb/ssp/sweep/social-box/white-small/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ww1.cuevana3.to
Connection: keep-alive
Referer: https://ww1.cuevana3.to/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 20:57:47 GMT
content-type: application/javascript
last-modified: Tue, 21 Sep 2021 12:02:04 GMT
etag: W/"6149c9bc-306"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 4579
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ld8Pe1zoNIq%2BNFPn4flEMipMKCUP%2BMMS1xbFG4oD1yD9RP8QsvGlCcBLwfdKytvmccQpSh7QhrReYffsSzqJujZ8A%2FGOhmUQUP5YUWJPEbJW46ZJdYZX8tW2v%2BAKMyvH8MpnwvHU8pjo"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7914e1d72ce823dc-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.barscreative1.com/sb/au/29/a4/96/29a4965e1015f036b834d9da1d4a5e6c/1632399618.html
45.133.44.3200 OK 0 B URL HTTP/2 cdn.barscreative1.com/sb/au/29/a4/96/29a4965e1015f036b834d9da1d4a5e6c/1632399618.html
IP 45.133.44.3:0
ASN #39572 DataWeb Global Group B.V.
Analyzer Verdict Alert fortinet Phishing
GET /sb/au/29/a4/96/29a4965e1015f036b834d9da1d4a5e6c/1632399618.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ww1.cuevana3.to
Connection: keep-alive
Referer: https://ww1.cuevana3.to/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 20:57:47 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Thu, 23 Sep 2021 12:20:22 GMT
etag: W/"614c7106-563"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Sun, 29 Jan 2023 21:57:47 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
ww1.cuevana3.to/static/wp-includes/js/jquery/jquery.min.js
188.114.96.1200 OK 0 B URL HTTP/2 ww1.cuevana3.to/static/wp-includes/js/jquery/jquery.min.js
IP 188.114.96.1:0
GET /static/wp-includes/js/jquery/jquery.min.js HTTP/1.1
Host: ww1.cuevana3.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ww1.cuevana3.to/?s=rick+y+morty
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 20:57:44 GMT
content-type: application/javascript
last-modified: Fri, 24 Jun 2022 06:51:48 GMT
vary: Accept-Encoding
etag: W/"62b55f04-15db1"
expires: Sun, 29 Jan 2023 21:40:21 GMT
cache-control: max-age=43200
cf-cache-status: HIT
age: 39873
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O8o9MhmjrlPjkTIz%2F%2BQ1Ljai2luPTGnsrp3G1oycafOJDtXjualWX2I%2BAnxVl6pL%2BfJoefyauNRCc%2B9UtK%2FQQqebZi%2BznorD8bw3I%2BhB4C%2BKDtIeehCiU%2Ba7OXIt0KIU8fw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7914e1c5ff81b518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2