wp-pl.eu/
185.203.117.169301 Moved Permanently 162 B IP 185.203.117.169:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET / HTTP/1.1
Host: wp-pl.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Tue, 04 Oct 2022 10:25:34 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://wp-pl.eu/
firefox.settings.services.mozilla.com/v1/
143.204.55.36200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.36:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Alert, Backoff, Retry-After, Content-Length
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 04 Oct 2022 09:47:04 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 1d8cf7c8865ed1078c19a98771ad34ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 7-egYnCFjQlzfxoUKUyfqSHq3_ILAUcbD3-hAya7v3zTqtKzPV2W9A==
Age: 2310
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9955bda9c9ef64bc5700a14af0bae25e
8de7b7469e905af0374bdfcc3006bbb844f13e94
1f611155394fac39439b8ec8217d8cd493d6b588d372d264e0d66c03129c50c6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1F611155394FAC39439B8EC8217D8CD493D6B588D372D264E0D66C03129C50C6"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5860
Expires: Tue, 04 Oct 2022 12:03:14 GMT
Date: Tue, 04 Oct 2022 10:25:34 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a1073a68ed38c8e3575e889224db944c
ee2a7a3e2da77a8540131f9ffaa0a20d4dd486bd
a9fb1f7ade7c8a79d2ee83e9b7215e66dc89ac733b11079297a8f4b9aceae1f5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A9FB1F7ADE7C8A79D2EE83E9B7215E66DC89AC733B11079297A8F4B9ACEAE1F5"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7706
Expires: Tue, 04 Oct 2022 12:34:00 GMT
Date: Tue, 04 Oct 2022 10:25:34 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: GWpwa6dWHPnJynQiE83lgKUXtKIZFQGoVbHX6DeQv3RdwU8pgGGTvCKaWJrehcVVGEsmp47eL88=
x-amz-request-id: T5T4RQ44RCT22H3J
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 04 Oct 2022 09:51:16 GMT
age: 2058
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
etag: "6113f8408c59aebe188d6af273b90743"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 10:25:34 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e65405a1432765cea12e856429d005ba
31f018f2fb464d4025c9b00c3d5eea8a47a8b3dd
0a679c9aa75e26963b408b61342f4042f268dfcc66ccde672edadffebf2f103a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0A679C9AA75E26963B408B61342F4042F268DFCC66CCDE672EDADFFEBF2F103A"
Last-Modified: Sun, 02 Oct 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21542
Expires: Tue, 04 Oct 2022 16:24:37 GMT
Date: Tue, 04 Oct 2022 10:25:35 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.36200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.36:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Tue, 04 Oct 2022 09:29:33 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Tue, 04 Oct 2022 10:27:25 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 185768229530368be94556dcab1c486a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: t3aj_aMZwiO29CWj0DzZPTElc-HV3-Fk5m1WobBKJ9LQhcvWzkr4uw==
Age: 3362
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 16ebfb2aa621547ecf581e26fc828a7d
f78993331f6f5b8af6409a9ad2fc50b77070f68a
0f81fd1d6be9ccc04b74f0348aafe642c7b9ab7dffb7e8a679b5d67cc2e5fac3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6227
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 10:25:35 GMT
Last-Modified: Tue, 04 Oct 2022 08:41:48 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 5ba23234dfb31276cc3bf9a347508595
a225d0a9ecf5d7f0032816c6f3d4a5ae1f3b27a3
33558bed4856ac3f2a7267965521b316ccd3ccc669877994c6c590e2d2a1b559
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 10:25:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 9e40b2c69615f45f2bc898334ab3e343
6a569648ed10564e126d3bbf3f91352e6b3f6d4f
4f1d0982c58b9bbeaa266b99292baa1a00c9e39280f73d5a525722c851e15981
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 10:25:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=G-7NC6Z8FLS8
142.250.74.168200 OK 76 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=G-7NC6Z8FLS8
IP 142.250.74.168:0
File type ASCII text, with very long lines (21683)
Hash bf76ce62e0bc15f57c47fbf35017506e
53b717fbfa1acfcb0455fc8606b6f8cd4b386f4e
b4958cff268b59f2fe8153f2d47415f3368297a48e4506a0da407da434480f7a
GET /gtag/js?id=G-7NC6Z8FLS8 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 04 Oct 2022 10:25:35 GMT
expires: Tue, 04 Oct 2022 10:25:35 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 75879
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
wp-pl.eu/index_files/NjgxNi5wYQsGGjhaGgxsHkVCbABcVWJIElp0Sxo4YRJUS2EaUwA-RBAILQ1.webp
185.203.117.169200 OK 780 B URL HTTP/2 wp-pl.eu/index_files/NjgxNi5wYQsGGjhaGgxsHkVCbABcVWJIElp0Sxo4YRJUS2EaUwA-RBAILQ1.webp
IP 185.203.117.169:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 33x33, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 371265ad942a6bce2911b523c70e3494
9f86f360d0eaf8e390946d56e7a1df55b675e7f3
f6f85a36d74b69b90df16da689111c3906219a4713a2254bc042771e692e589b
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /index_files/NjgxNi5wYQsGGjhaGgxsHkVCbABcVWJIElp0Sxo4YRJUS2EaUwA-RBAILQ1.webp HTTP/1.1
Host: wp-pl.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 10:25:35 GMT
content-type: image/webp
content-length: 780
x-accel-version: 0.01
last-modified: Tue, 09 Aug 2022 02:31:44 GMT
etag: "30c-5e5c5bbb3e400"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2
wp-pl.eu/index_files/MDIyOS5wYiUoGzlgGgxvMGtDbTpcVWFmPFt1cRo4Yjx6SmAgUwA9aj4JLDd.webp
185.203.117.169200 OK 1.1 kB URL HTTP/2 wp-pl.eu/index_files/MDIyOS5wYiUoGzlgGgxvMGtDbTpcVWFmPFt1cRo4Yjx6SmAgUwA9aj4JLDd.webp
IP 185.203.117.169:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash d0e258f860e748472bdf5101958014bb
b232ef086b7323f17dc61d21592712a531c08440
dad7f4780a51768a4ca1cd76209dfb70a68906ca030448f2c5e1b2f5cc7a293e
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /index_files/MDIyOS5wYiUoGzlgGgxvMGtDbTpcVWFmPFt1cRo4Yjx6SmAgUwA9aj4JLDd.webp HTTP/1.1
Host: wp-pl.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 10:25:35 GMT
content-type: image/webp
content-length: 1054
last-modified: Tue, 09 Aug 2022 02:31:44 GMT
etag: "62f1c710-41e"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
wp-pl.eu/index_files/OTI3NC5wYDUoUThwGgxtIGsJbCpcVWN2PBF0YRo4YCx6AGEwUwA_ej5DLSd.webp
185.203.117.169200 OK 966 B URL HTTP/2 wp-pl.eu/index_files/OTI3NC5wYDUoUThwGgxtIGsJbCpcVWN2PBF0YRo4YCx6AGEwUwA_ej5DLSd.webp
IP 185.203.117.169:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 198623638f3c297973330e4f962dc69c
9097cf9f84377ace3e0470dc92b3815ad002d9d2
88e0c0084c93db6db54f160c7d95a08bcfd20f6505513dfbfe22410fb5dce9f7
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /index_files/OTI3NC5wYDUoUThwGgxtIGsJbCpcVWN2PBF0YRo4YCx6AGEwUwA_ej5DLSd.webp HTTP/1.1
Host: wp-pl.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 10:25:35 GMT
content-type: image/webp
content-length: 966
x-accel-version: 0.01
last-modified: Tue, 09 Aug 2022 02:31:44 GMT
etag: "3c6-5e5c5bbb3e400"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2
wp-pl.eu/index_files/MjczNDEuYgsCGDh3ag5vHkFAbC0sV2FIFlh0ZmpEf1pTAnhzcFo-DE4bKik.webp
185.203.117.169200 OK 44 kB URL HTTP/2 wp-pl.eu/index_files/MjczNDEuYgsCGDh3ag5vHkFAbC0sV2FIFlh0ZmpEf1pTAnhzcFo-DE4bKik.webp
IP 185.203.117.169:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1200x675, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 1a5f5b16c7225a0ae4405c0e95f2e4e9
a1ccc6e033ae3e4f3261ab5cb246d45862d89846
41cca1cf0eb4dcd6f1957a5fc8a1bef7fa27488ecef36c9085b4eb297d678911
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /index_files/MjczNDEuYgsCGDh3ag5vHkFAbC0sV2FIFlh0ZmpEf1pTAnhzcFo-DE4bKik.webp HTTP/1.1
Host: wp-pl.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 10:25:35 GMT
content-type: image/webp
content-length: 43756
last-modified: Tue, 09 Aug 2022 02:31:44 GMT
etag: "62f1c710-aaec"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
wp-pl.eu/index_files/L2hpZ2hjY1MJEiwBRxFuRkpKeFMJCChRSlx4R0pQbh0AGT1aCxohHVcAO0AJ_002
185.203.117.169200 OK 3.6 kB URL HTTP/2 wp-pl.eu/index_files/L2hpZ2hjY1MJEiwBRxFuRkpKeFMJCChRSlx4R0pQbh0AGT1aCxohHVcAO0AJ_002
IP 185.203.117.169:0
File type Unicode text, UTF-8 text, with very long lines (3584), with no line terminators
Hash 487522eb04fa144b91be131dfda21cf9
716ada1f351bacddf24fe5f198fe902b6a1f7737
20f7e440283e5757daebf154913ff2bc509c863c6979a1f67e68430b87450754
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /index_files/L2hpZ2hjY1MJEiwBRxFuRkpKeFMJCChRSlx4R0pQbh0AGT1aCxohHVcAO0AJ_002 HTTP/1.1
Host: wp-pl.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 10:25:35 GMT
content-type: application/octet-stream
content-length: 3594
last-modified: Tue, 09 Aug 2022 02:31:44 GMT
etag: "62f1c710-e0a"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
wp-pl.eu/index_files/MDk1MS5wYiUKUztgGgxvMEkLbzpcVWFmHhN3cRo4YjxYAmIgUwA9ahxBLjd.webp
185.203.117.169200 OK 1.1 kB URL HTTP/2 wp-pl.eu/index_files/MDk1MS5wYiUKUztgGgxvMEkLbzpcVWFmHhN3cRo4YjxYAmIgUwA9ahxBLjd.webp
IP 185.203.117.169:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 720832d352f9db735fadad50e4e54673
7b730221dfe9d0d7c16b56034c6bb446a6247c9b
9b1dc712bf41e8e2b90fc94163a132c823d15ae95f2d50b178b234f4505c4653
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /index_files/MDk1MS5wYiUKUztgGgxvMEkLbzpcVWFmHhN3cRo4YjxYAmIgUwA9ahxBLjd.webp HTTP/1.1
Host: wp-pl.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 10:25:35 GMT
content-type: image/webp
content-length: 1082
last-modified: Tue, 09 Aug 2022 02:31:44 GMT
etag: "62f1c710-43a"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
wp-pl.eu/index_files/MDE0Ni5wYiUkUjhaGgxvMGcKbABcVWFmMBJ0Sxo4Yjx2A2EaUwA9ajJALQ1.webp
185.203.117.169200 OK 762 B URL HTTP/2 wp-pl.eu/index_files/MDE0Ni5wYiUkUjhaGgxvMGcKbABcVWFmMBJ0Sxo4Yjx2A2EaUwA9ajJALQ1.webp
IP 185.203.117.169:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 3a9f1b734df332bc404bb9f94e376227
059ba7884343aef0fa79928e9024fc6f5f9b01a5
46d793cdf8e1bbc927c5780be1d3306423d5495c79864c20dfda2b7740a7ee81
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /index_files/MDE0Ni5wYiUkUjhaGgxvMGcKbABcVWFmMBJ0Sxo4Yjx2A2EaUwA9ajJALQ1.webp HTTP/1.1
Host: wp-pl.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 10:25:35 GMT
content-type: image/webp
content-length: 762
x-accel-version: 0.01
last-modified: Tue, 09 Aug 2022 02:31:44 GMT
etag: "2fa-5e5c5bbb3e400"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2
wp-pl.eu/index_files/MjUwLmpwYgs0FTpeXwxvHndNbgwUVWFIIFV2T18lAEUXGDRCQkd_W3hHdUIv.jpg
185.203.117.169200 OK 24 kB URL HTTP/2 wp-pl.eu/index_files/MjUwLmpwYgs0FTpeXwxvHndNbgwUVWFIIFV2T18lAEUXGDRCQkd_W3hHdUIv.jpg
IP 185.203.117.169:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x250, components 3\012- data
Hash 79422fc05b806c22d4df6da34f14673f
b99d4d41927ec99c605a4ba8a3a1d0884a55ab25
860e2c3712507531000ac0176711041806c9c1ac3c66ec2a6b10d383dcd7fbac
Analyzer Verdict Alert quad9 Sinkholed
GET /index_files/MjUwLmpwYgs0FTpeXwxvHndNbgwUVWFIIFV2T18lAEUXGDRCQkd_W3hHdUIv.jpg HTTP/1.1
Host: wp-pl.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 10:25:35 GMT
content-type: image/jpeg
content-length: 23979
last-modified: Tue, 09 Aug 2022 02:31:44 GMT
etag: "62f1c710-5dab"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
wp-pl.eu/index_files/MjUwLmpzYgs0FTpeXwFvHndNbgwUWGFIIFV2T18oAEUXGDRCE1UsHjMTYwscHzU-
185.203.117.169200 OK 3.5 kB URL HTTP/2 wp-pl.eu/index_files/MjUwLmpzYgs0FTpeXwFvHndNbgwUWGFIIFV2T18oAEUXGDRCE1UsHjMTYwscHzU-
IP 185.203.117.169:0
File type Unicode text, UTF-8 text, with very long lines (2746), with CRLF line terminators
Hash a38841e673d591275b23dc1e2ac77a5b
ea6197794309a34e98e9e9248582e6b8c70d50e4
541560ee84a058265dad8b7337a4598c1f67e57bcd44b5bb6174daf9a3e876f6
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /index_files/MjUwLmpzYgs0FTpeXwFvHndNbgwUWGFIIFV2T18oAEUXGDRCE1UsHjMTYwscHzU- HTTP/1.1
Host: wp-pl.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 10:25:35 GMT
content-type: application/octet-stream
content-length: 3521
last-modified: Tue, 09 Aug 2022 02:31:44 GMT
etag: "62f1c710-dc1"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
wp-pl.eu/index_files/noop_004.js
185.203.117.169200 OK 503 B URL HTTP/2 wp-pl.eu/index_files/noop_004.js
IP 185.203.117.169:0
Hash 7b56f2880bee9c0ff83f97f8372d2bd1
b3d5277273fcbf90f772bb76a31ad51d13b7367d
03047e00b5e304656c3c4cae1d03759c9ea455174acc670e9a65e9f60aaced75
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /index_files/noop_004.js HTTP/1.1
Host: wp-pl.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 10:25:35 GMT
content-type: application/javascript
x-accel-version: 0.01
last-modified: Tue, 09 Aug 2022 02:31:44 GMT
etag: W/"26-5e5c5bbb3e400"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
wp-pl.eu/index_files/NjY2MC5wYQs4UDtwGgxsHnsIbypcVWJILBB3YRo4YRJqAWIwUwA-RC5CLid.webp
185.203.117.169200 OK 1.1 kB URL HTTP/2 wp-pl.eu/index_files/NjY2MC5wYQs4UDtwGgxsHnsIbypcVWJILBB3YRo4YRJqAWIwUwA-RC5CLid.webp
IP 185.203.117.169:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash e5950fd6596c05329b347b0984281f0b
1ec13a783a9585fae252ebd70a2447e9814e8b4e
5fb1438c0ed5e3f7423aaf9cb3435831367a5c137d42d30f3f2ef94fcc5e0ea7
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /index_files/NjY2MC5wYQs4UDtwGgxsHnsIbypcVWJILBB3YRo4YRJqAWIwUwA-RC5CLid.webp HTTP/1.1
Host: wp-pl.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 10:25:35 GMT
content-type: image/webp
content-length: 1078
last-modified: Tue, 09 Aug 2022 02:31:44 GMT
etag: "62f1c710-436"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 5ba23234dfb31276cc3bf9a347508595
a225d0a9ecf5d7f0032816c6f3d4a5ae1f3b27a3
33558bed4856ac3f2a7267965521b316ccd3ccc669877994c6c590e2d2a1b559
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 10:25:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
wp-pl.eu/index_files/NDIxNS5wYSUoGjhgGgxsMGtCbDpcVWJmPFp0cRo4YTx6S2EgUwA-aj4ILTd.webp
185.203.117.169200 OK 1.1 kB URL HTTP/2 wp-pl.eu/index_files/NDIxNS5wYSUoGjhgGgxsMGtCbDpcVWJmPFp0cRo4YTx6S2EgUwA-aj4ILTd.webp
IP 185.203.117.169:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash cb75430588217e19a2e0c6b663bac481
e23b811f6c944c9107ea83f935a27ac7d01e11c5
19ccb4bb9a12cc70228c8901e1150781b354a254ddf2726c139768158ec6a686
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /index_files/NDIxNS5wYSUoGjhgGgxsMGtCbDpcVWJmPFp0cRo4YTx6S2EgUwA-aj4ILTd.webp HTTP/1.1
Host: wp-pl.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 10:25:35 GMT
content-type: image/webp
content-length: 1116
last-modified: Tue, 09 Aug 2022 02:31:44 GMT
etag: "62f1c710-45c"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
wp-pl.eu/index_files/OTk2Mi5wYDUKUDtaGgxtIEkIbwBcVWN2HhB3Sxo4YCxYAWIaUwA_ehxCLg1.webp
185.203.117.169200 OK 1.1 kB URL HTTP/2 wp-pl.eu/index_files/OTk2Mi5wYDUKUDtaGgxtIEkIbwBcVWN2HhB3Sxo4YCxYAWIaUwA_ehxCLg1.webp
IP 185.203.117.169:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash ae4f1c30a78899a62086555fee494a71
690550b65bbe93cc4b09c0a8257dc17073c7a410
bc5915c6f31c863aa656272e041bb2b05938c65ee1bba689b29b04359b753583
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /index_files/OTk2Mi5wYDUKUDtaGgxtIEkIbwBcVWN2HhB3Sxo4YCxYAWIaUwA_ehxCLg1.webp HTTP/1.1
Host: wp-pl.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 10:25:35 GMT
content-type: image/webp
content-length: 1086
last-modified: Tue, 09 Aug 2022 02:31:44 GMT
etag: "62f1c710-43e"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
wp-pl.eu/index_files/NjE4Mi5wYQskVjtaGgxsHmcObwBcVWJIMBZ3Sxo4YRJ2B2IaUwA-RDJELg1.webp
185.203.117.169200 OK 966 B URL HTTP/2 wp-pl.eu/index_files/NjE4Mi5wYQskVjtaGgxsHmcObwBcVWJIMBZ3Sxo4YRJ2B2IaUwA-RDJELg1.webp
IP 185.203.117.169:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash dc07a0d95659494599dc1f9736e39816
8cc5cce951815b9afb8668b52375c59964331ecb
daf6d3c58aa1c8460f47592c1f4877013f6ef0f66e403ee4d0b977f66dc709b8
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /index_files/NjE4Mi5wYQskVjtaGgxsHmcObwBcVWJIMBZ3Sxo4YRJ2B2IaUwA-RDJELg1.webp HTTP/1.1
Host: wp-pl.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 10:25:35 GMT
content-type: image/webp
content-length: 966
x-accel-version: 0.01
last-modified: Tue, 09 Aug 2022 02:31:44 GMT
etag: "3c6-5e5c5bbb3e400"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2
wp-pl.eu/index_files/L2hpZ2hjY1MJEiwBRxFuRkpKeFMJCChRSlx4R0pQbh0AGT1aCxohHVcAO0AJ_003
185.203.117.169200 OK 3.5 kB URL HTTP/2 wp-pl.eu/index_files/L2hpZ2hjY1MJEiwBRxFuRkpKeFMJCChRSlx4R0pQbh0AGT1aCxohHVcAO0AJ_003
IP 185.203.117.169:0
File type Unicode text, UTF-8 text, with very long lines (3466), with no line terminators
Hash 8d93eff9ab0ebaa4d58e018a7f0e2e08
24f16f909c5c1061ce1b44733527de2762ac5515
58b56ec241d30e2d71c6c20bdb796e5522e690c77bf4755bde4e5dcdce34ae1a
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /index_files/L2hpZ2hjY1MJEiwBRxFuRkpKeFMJCChRSlx4R0pQbh0AGT1aCxohHVcAO0AJ_003 HTTP/1.1
Host: wp-pl.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 10:25:35 GMT
content-type: application/octet-stream
content-length: 3474
last-modified: Tue, 09 Aug 2022 02:31:44 GMT
etag: "62f1c710-d92"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
wp-pl.eu/index_files/NTg0MS5wYTUGUjtgGgxsIEUKbzpcVWJ2EhJ3cRo4YSxUA2IgUwA-ehBALjd.webp
185.203.117.169200 OK 634 B URL HTTP/2 wp-pl.eu/index_files/NTg0MS5wYTUGUjtgGgxsIEUKbzpcVWJ2EhJ3cRo4YSxUA2IgUwA-ehBALjd.webp
IP 185.203.117.169:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 5a56c0338687474298476af378fb36b1
d7edd3ec45e64eec9015f4832aa3653a9e80c8e6
6d62e7286ef660c7412a2fdcc6269770ccb8d4c64b2710dcffdcea1a9b438df6
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /index_files/NTg0MS5wYTUGUjtgGgxsIEUKbzpcVWJ2EhJ3cRo4YSxUA2IgUwA-ehBALjd.webp HTTP/1.1
Host: wp-pl.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 10:25:35 GMT
content-type: image/webp
content-length: 634
x-accel-version: 0.01
last-modified: Tue, 09 Aug 2022 02:31:44 GMT
etag: "27a-5e5c5bbb3e400"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2
wp-pl.eu/index_files/MTM2OS5wYjUsUDlgGgxvIG8IbTpcVWF2OBB1cRo4Yix-AWAgUwA9ejpCLDd.webp
185.203.117.169200 OK 688 B URL HTTP/2 wp-pl.eu/index_files/MTM2OS5wYjUsUDlgGgxvIG8IbTpcVWF2OBB1cRo4Yix-AWAgUwA9ejpCLDd.webp
IP 185.203.117.169:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash cb8bad45b2d3a77d3347c80bbe6d3d4b
1407e3d579263b5887c2beae2c9afb2ad7d847bc
8cd9a755dd962f4b0f16ea3bb21a6f3cce58cb0658d89ae15f322da6c93788e1
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /index_files/MTM2OS5wYjUsUDlgGgxvIG8IbTpcVWF2OBB1cRo4Yix-AWAgUwA9ejpCLDd.webp HTTP/1.1
Host: wp-pl.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 10:25:35 GMT
content-type: image/webp
content-length: 688
x-accel-version: 0.01
last-modified: Tue, 09 Aug 2022 02:31:44 GMT
etag: "2b0-5e5c5bbb3e400"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2
wp-pl.eu/index_files/NjMwMi5wYQssFTtaGgxsHm9NbwBcVWJIOFV3Sxo4YRJ-RGIaUwA-RDoHLg1.webp
185.203.117.169200 OK 756 B URL HTTP/2 wp-pl.eu/index_files/NjMwMi5wYQssFTtaGgxsHm9NbwBcVWJIOFV3Sxo4YRJ-RGIaUwA-RDoHLg1.webp
IP 185.203.117.169:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash a4600672c7791e4c0dea982554233399
f1ee979c7b50bc9cec8d6459ef828d7d1c888565
ec35078f48a863bf62cee16f50f58186ac747d3a5522d41031bc5b3ed2befc6c
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /index_files/NjMwMi5wYQssFTtaGgxsHm9NbwBcVWJIOFV3Sxo4YRJ-RGIaUwA-RDoHLg1.webp HTTP/1.1
Host: wp-pl.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 10:25:35 GMT
content-type: image/webp
content-length: 756
x-accel-version: 0.01
last-modified: Tue, 09 Aug 2022 02:31:44 GMT
etag: "2f4-5e5c5bbb3e400"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2
v.wpimg.pl/dWx0LnBuSzYZUjpdbQ5GI1oKbgcrV0h1DRJ2TG06S2RPSGMdJAIUeQ9ALwosWxQ7V1khCW0UEjYMUT4xJhACNg1cOEAyGwN1BQ
212.77.99.26200 OK 420 B URL HTTP/2 v.wpimg.pl/dWx0LnBuSzYZUjpdbQ5GI1oKbgcrV0h1DRJ2TG06S2RPSGMdJAIUeQ9ALwosWxQ7V1khCW0UEjYMUT4xJhACNg1cOEAyGwN1BQ
IP 212.77.99.26:0
ASN #12827 Wirtualna Polska Media S.A.
File type RIFF (little-endian) data, Web/P image\012- data
Hash 4803e9320aba47ccf3d0bc95b269ff53
770837811858f9048f0d57ab67629a4c078f88f1
844b1fcba21b9d19cec33ae3bdcc1cb1f095ad5a2cfe8be3d6d13d195c6ec624
GET /dWx0LnBuSzYZUjpdbQ5GI1oKbgcrV0h1DRJ2TG06S2RPSGMdJAIUeQ9ALwosWxQ7V1khCW0UEjYMUT4xJhACNg1cOEAyGwN1BQ HTTP/1.1
Host: v.wpimg.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 10:25:35 GMT
content-type: image/webp
content-length: 420
access-control-allow-origin: *
vary: accept
cache-control: max-age=2592000
etag: "fd-2274e31cd700b868"
X-Firefox-Spdy: h2
v.wpimg.pl/ODYwMy5wYCU4FTtKGgxtMHtNbxBcVWNmLFV3Wxo4YHduD2IKUwA_ai4HLh1bWT8odhY7GEEWPTd2Qi8dBE8pcGAVLE8FR3obbUZ9Tg1Bf3d3ByMeFwo
212.77.99.26200 OK 634 B URL HTTP/2 v.wpimg.pl/ODYwMy5wYCU4FTtKGgxtMHtNbxBcVWNmLFV3Wxo4YHduD2IKUwA_ai4HLh1bWT8odhY7GEEWPTd2Qi8dBE8pcGAVLE8FR3obbUZ9Tg1Bf3d3ByMeFwo
IP 212.77.99.26:0
ASN #12827 Wirtualna Polska Media S.A.
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 37x37, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 74c0ad0656759f84b72d26f2104c508e
e5eaacd2027321d6b86c8f413b052d58e6e2acb0
8b87e3803b0ee7c45f48e759c6a4971c94993b5005374822b73366309cc2757a
GET /ODYwMy5wYCU4FTtKGgxtMHtNbxBcVWNmLFV3Wxo4YHduD2IKUwA_ai4HLh1bWT8odhY7GEEWPTd2Qi8dBE8pcGAVLE8FR3obbUZ9Tg1Bf3d3ByMeFwo HTTP/1.1
Host: v.wpimg.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 10:25:35 GMT
content-type: image/webp
content-length: 634
vary: accept
cache-control: max-age=2592000
etag: "fd-1781d90e15b0a442"
access-control-allow-origin: *
timing-allow-origin: *
X-Firefox-Spdy: h2
wp-pl.eu/index_files/ODQzMDUuYCUwGDt3eg5tMHNAby08V2NmJFh3ZnpGeDx-CSszJVs4NDIeI2o.webp
185.203.117.169200 OK 514 B URL HTTP/2 wp-pl.eu/index_files/ODQzMDUuYCUwGDt3eg5tMHNAby08V2NmJFh3ZnpGeDx-CSszJVs4NDIeI2o.webp
IP 185.203.117.169:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 37x37, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash a35e10dc01302680bd8cee747251ecb6
0e2edb10cf0de5d78746496b1eae6d15ec8610f3
a78fe0628d60d7ce1d8fc223833732665ab06bd8b6e42515a0584f0fdf7f744a
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /index_files/ODQzMDUuYCUwGDt3eg5tMHNAby08V2NmJFh3ZnpGeDx-CSszJVs4NDIeI2o.webp HTTP/1.1
Host: wp-pl.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 10:25:35 GMT
content-type: image/webp
content-length: 514
x-accel-version: 0.01
last-modified: Tue, 09 Aug 2022 02:31:44 GMT
etag: "202-5e5c5bbb3e400"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2
wp-pl.eu/index_files/MDE5MC5wYiUkVztwGgxvMGcPbypcVWFmMBd3YRo4Yjx2BmIwUwA9ajJFLid.webp
185.203.117.169200 OK 814 B URL HTTP/2 wp-pl.eu/index_files/MDE5MC5wYiUkVztwGgxvMGcPbypcVWFmMBd3YRo4Yjx2BmIwUwA9ajJFLid.webp
IP 185.203.117.169:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 393b46c35e069613f8c3dc63e9bde0be
758f4e581d8bb942f20d8097e4f620fd823a1dea
760346f1a73426ae996a5033474e682871c9b50382bdd7be57cd3b9b1c60ee45
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /index_files/MDE5MC5wYiUkVztwGgxvMGcPbypcVWFmMBd3YRo4Yjx2BmIwUwA9ajJFLid.webp HTTP/1.1
Host: wp-pl.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 10:25:35 GMT
content-type: image/webp
content-length: 814
x-accel-version: 0.01
last-modified: Tue, 09 Aug 2022 02:31:44 GMT
etag: "32e-5e5c5bbb3e400"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2
wp-pl.eu/index_files/MTg2MC5wYjUGUDtwGgxvIEUIbypcVWF2EhB3YRo4YixUAWIwUwA9ehBCLid.webp
185.203.117.169200 OK 806 B URL HTTP/2 wp-pl.eu/index_files/MTg2MC5wYjUGUDtwGgxvIEUIbypcVWF2EhB3YRo4YixUAWIwUwA9ehBCLid.webp
IP 185.203.117.169:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 33x33, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash eda30443f54a113d6a3adb33478f61e2
f2441a0fd7c836cfadc7696fa8477348e48274ac
d2c2d177658913c72ddffc304f313d460d68f04e62f31d16e0011b9774f345b2
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /index_files/MTg2MC5wYjUGUDtwGgxvIEUIbypcVWF2EhB3YRo4YixUAWIwUwA9ehBCLid.webp HTTP/1.1
Host: wp-pl.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 10:25:35 GMT
content-type: image/webp
content-length: 806
x-accel-version: 0.01
last-modified: Tue, 09 Aug 2022 02:31:44 GMT
etag: "326-5e5c5bbb3e400"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2
wp-pl.eu/index_files/L2hpZ2hjY1MJEiwBRxFuRkpKeFMJCChRSlx4R0pQbh0AGT1aCxohHVcAO0AJBz8P
185.203.117.169200 OK 2.8 kB URL HTTP/2 wp-pl.eu/index_files/L2hpZ2hjY1MJEiwBRxFuRkpKeFMJCChRSlx4R0pQbh0AGT1aCxohHVcAO0AJBz8P
IP 185.203.117.169:0
File type Unicode text, UTF-8 text, with very long lines (2798), with no line terminators
Hash 15b5dde6825811da2caee5f34c1254e0
7684dbeac3ca6a9e3092f1afa0cd34ce1bf1bd98
0365ab589305d5677ce02686de37ef620eade6bc67853a5ce2c6ec59cbab467b
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /index_files/L2hpZ2hjY1MJEiwBRxFuRkpKeFMJCChRSlx4R0pQbh0AGT1aCxohHVcAO0AJBz8P HTTP/1.1
Host: wp-pl.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 10:25:35 GMT
content-type: application/octet-stream
content-length: 2804
last-modified: Tue, 09 Aug 2022 02:31:44 GMT
etag: "62f1c710-af4"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
wp-pl.eu/index_files/NjAwMi5wYQsgFTtaGgxsHmNNbwBcVWJINFV3Sxo4YRJyRGIaUwA-RDYHLg1.webp
185.203.117.169200 OK 788 B URL HTTP/2 wp-pl.eu/index_files/NjAwMi5wYQsgFTtaGgxsHmNNbwBcVWJINFV3Sxo4YRJyRGIaUwA-RDYHLg1.webp
IP 185.203.117.169:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 578d617f6280c4d6233480312e893be9
c9b66db37d930355d520e1d8c14959a48a394863
5348742668d56e38a90c8efabf24c6fdd7bc61da599421a0418a9910b150768c
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /index_files/NjAwMi5wYQsgFTtaGgxsHmNNbwBcVWJINFV3Sxo4YRJyRGIaUwA-RDYHLg1.webp HTTP/1.1
Host: wp-pl.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 10:25:35 GMT
content-type: image/webp
content-length: 788
x-accel-version: 0.01
last-modified: Tue, 09 Aug 2022 02:31:44 GMT
etag: "314-5e5c5bbb3e400"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2
wp-pl.eu/index_files/NTAuanNvYTUgFxddYQ1sIGNPQw8qVGJ2NFdbTGEkA3sDGhlBLVkvICcRTggiEzYA
185.203.117.169200 OK 2.4 kB URL HTTP/2 wp-pl.eu/index_files/NTAuanNvYTUgFxddYQ1sIGNPQw8qVGJ2NFdbTGEkA3sDGhlBLVkvICcRTggiEzYA
IP 185.203.117.169:0
File type Unicode text, UTF-8 text, with very long lines (1780), with CRLF line terminators
Hash 585d6a178d54b2e93d6b9f5808be58cb
5fe3885d60203e6fedb338b477952e064b59fa7c
a3bcfd4a2e3c4a790e4ccfbb2d0547d3a1666ec7f2af750c68762ea93210aae3
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /index_files/NTAuanNvYTUgFxddYQ1sIGNPQw8qVGJ2NFdbTGEkA3sDGhlBLVkvICcRTggiEzYA HTTP/1.1
Host: wp-pl.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 10:25:35 GMT
content-type: application/octet-stream
content-length: 2412
last-modified: Tue, 09 Aug 2022 02:31:44 GMT
etag: "62f1c710-96c"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
wp-pl.eu/index_files/MDI0MS5wYiUoUjtgGgxvMGsKbzpcVWFmPBJ3cRo4Yjx6A2IgUwA9aj5ALjd.webp
185.203.117.169200 OK 580 B URL HTTP/2 wp-pl.eu/index_files/MDI0MS5wYiUoUjtgGgxvMGsKbzpcVWFmPBJ3cRo4Yjx6A2IgUwA9aj5ALjd.webp
IP 185.203.117.169:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 56077ac86131d43a0321437e7bc67936
0f7e7b99892d8ac39f6394b16bd5a34329a638d5
8ed18bd67d5b07791fbbde950f7a1ca1832a3bd06c3e8d96476e6f99d9af37e6
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /index_files/MDI0MS5wYiUoUjtgGgxvMGsKbzpcVWFmPBJ3cRo4Yjx6A2IgUwA9aj5ALjd.webp HTTP/1.1
Host: wp-pl.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 10:25:35 GMT
content-type: image/webp
content-length: 580
x-accel-version: 0.01
last-modified: Tue, 09 Aug 2022 02:31:44 GMT
etag: "244-5e5c5bbb3e400"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2
wp-pl.eu/index_files/MDc2Ni5wYiUCUDhaGgxvMEEIbABcVWFmFhB0Sxo4YjxQAWEaUwA9ahRCLQ1.webp
185.203.117.169200 OK 1.2 kB URL HTTP/2 wp-pl.eu/index_files/MDc2Ni5wYiUCUDhaGgxvMEEIbABcVWFmFhB0Sxo4YjxQAWEaUwA9ahRCLQ1.webp
IP 185.203.117.169:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash c8e317e4d903bee8b9217ac6e27c2534
456c0b63f366a9caf90f121f7c77e32528f5148b
63fcb3b49a9e7fb9e6206f4fb3cd17bbe7da944a8d6d71df1e582f507ecca077
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /index_files/MDc2Ni5wYiUCUDhaGgxvMEEIbABcVWFmFhB0Sxo4YjxQAWEaUwA9ahRCLQ1.webp HTTP/1.1
Host: wp-pl.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 10:25:35 GMT
content-type: image/webp
content-length: 1206
last-modified: Tue, 09 Aug 2022 02:31:44 GMT
etag: "62f1c710-4b6"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
wp-pl.eu/index_files/NzU2Ni5wYRs0UDhaGgxsDncIbABcVWJYIBB0Sxo4YQJmAWEaUwA-VCJCLQ1.webp
185.203.117.169200 OK 712 B URL HTTP/2 wp-pl.eu/index_files/NzU2Ni5wYRs0UDhaGgxsDncIbABcVWJYIBB0Sxo4YQJmAWEaUwA-VCJCLQ1.webp
IP 185.203.117.169:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 33x33, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 0496cb2d5d30c819ba2d0e08501a9194
802635a1f0f84e2f1e6eba4fd5b9aee127bbd0a5
3aa98e4234b1015030c331cdefd191c5baeacca43516c08845deb57b7fd1e0b9
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /index_files/NzU2Ni5wYRs0UDhaGgxsDncIbABcVWJYIBB0Sxo4YQJmAWEaUwA-VCJCLQ1.webp HTTP/1.1
Host: wp-pl.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 10:25:35 GMT
content-type: image/webp
content-length: 712
x-accel-version: 0.01
last-modified: Tue, 09 Aug 2022 02:31:44 GMT
etag: "2c8-5e5c5bbb3e400"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2
wp-pl.eu/index_files/MTY1Ny5wYjU4UzhKGgxvIHsLbBBcVWF2LBN0Wxo4YixqAmEKUwA9ei5BLR1.webp
185.203.117.169200 OK 686 B URL HTTP/2 wp-pl.eu/index_files/MTY1Ny5wYjU4UzhKGgxvIHsLbBBcVWF2LBN0Wxo4YixqAmEKUwA9ei5BLR1.webp
IP 185.203.117.169:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 33x33, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash dae0d02a28b49e56660962a807f7e5ed
e0f1ca862a5f4ac32a49c8b5ca265bf4e3a55081
13910a02bf58d997258e5ea8b8f1c96ce11e10ba56c129a6892955ed9ca9c40c
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /index_files/MTY1Ny5wYjU4UzhKGgxvIHsLbBBcVWF2LBN0Wxo4YixqAmEKUwA9ei5BLR1.webp HTTP/1.1
Host: wp-pl.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 10:25:35 GMT
content-type: image/webp
content-length: 686
x-accel-version: 0.01
last-modified: Tue, 09 Aug 2022 02:31:44 GMT
etag: "2ae-5e5c5bbb3e400"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2
wp-pl.eu/index_files/MjU0NC5wYgs0UjhwGgxvHncKbCpcVWFIIBJ0YRo4YhJmA2EwUwA9RCJALSd.webp
185.203.117.169200 OK 794 B URL HTTP/2 wp-pl.eu/index_files/MjU0NC5wYgs0UjhwGgxvHncKbCpcVWFIIBJ0YRo4YhJmA2EwUwA9RCJALSd.webp
IP 185.203.117.169:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash d737f1621aff7b8c3cba30f411fd496a
87720a1200cefe0d8b01acaece176657b3008868
19e4fc3ed32f6ac4722651f74409c762b41a7b7541864fe105a806d30642fcba
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /index_files/MjU0NC5wYgs0UjhwGgxvHncKbCpcVWFIIBJ0YRo4YhJmA2EwUwA9RCJALSd.webp HTTP/1.1
Host: wp-pl.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 10:25:35 GMT
content-type: image/webp
content-length: 794
x-accel-version: 0.01
last-modified: Tue, 09 Aug 2022 02:31:44 GMT
etag: "31a-5e5c5bbb3e400"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2
wp-pl.eu/index_files/ODE5OC5wYCUkVzlwGgxtMGcPbSpcVWNmMBd1YRo4YDx2BmAwUwA_ajJFLCd.webp
185.203.117.169200 OK 1.9 kB URL HTTP/2 wp-pl.eu/index_files/ODE5OC5wYCUkVzlwGgxtMGcPbSpcVWNmMBd1YRo4YDx2BmAwUwA_ajJFLCd.webp
IP 185.203.117.169:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 3966bc6c27b5e100b2fd3c1f9ceb7203
449cb4795e8a93071782febd254bb8a9eeb2720e
198bec64b935ec80917795a848bac7d0744a9ba75db9171c07f1e41142c827ee
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /index_files/ODE5OC5wYCUkVzlwGgxtMGcPbSpcVWNmMBd1YRo4YDx2BmAwUwA_ajJFLCd.webp HTTP/1.1
Host: wp-pl.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 10:25:35 GMT
content-type: image/webp
content-length: 1876
last-modified: Tue, 09 Aug 2022 02:31:44 GMT
etag: "62f1c710-754"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
v.wpimg.pl/MC1taW4uYiJQFhdkGw5vNxNOQzREHRIuUBkCdRhXOGELVk5hAkN8dB5FV2INQXl6A0BRZQZFYnABRBllAUVgLlgaTz1EEm8-
212.77.99.26200 OK 18 kB URL HTTP/2 v.wpimg.pl/MC1taW4uYiJQFhdkGw5vNxNOQzREHRIuUBkCdRhXOGELVk5hAkN8dB5FV2INQXl6A0BRZQZFYnABRBllAUVgLlgaTz1EEm8-
IP 212.77.99.26:0
ASN #12827 Wirtualna Polska Media S.A.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 300x250, components 3\012- data
Hash 2afee280d297d665f3c9da69ba0f5c41
a81ec055c3df4044ace59cc2c283244e924df5b3
fc41b52d7e62d0c1b3a501ae399dc0b84f591f90e06bb0a08447f9e452f2552b
GET /MC1taW4uYiJQFhdkGw5vNxNOQzREHRIuUBkCdRhXOGELVk5hAkN8dB5FV2INQXl6A0BRZQZFYnABRBllAUVgLlgaTz1EEm8- HTTP/1.1
Host: v.wpimg.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 10:25:35 GMT
content-type: image/jpeg
content-length: 17501
last-modified: Tue, 02 Aug 2022 14:07:20 GMT
x-rgw-object-type: Normal
etag: "2afee280d297d665f3c9da69ba0f5c41"
cache-control: max-age=9000
x-cache-status: HIT
timing-allow-origin: *
accept-ranges: bytes
x-robots-tag: noindex,nofollow
access-control-allow-origin: *
X-Firefox-Spdy: h2
i.wpimg.pl/O/37x/v.wpimg.pl/YXVsdC5wdjk3ERJwGgx7LHRJRiBFHwYrMAQUYRlVLHpsUUsqWBB2OSASECJHKD09MBIRL0FZKTYxURk
212.77.100.137200 OK 420 B URL HTTP/2 i.wpimg.pl/O/37x/v.wpimg.pl/YXVsdC5wdjk3ERJwGgx7LHRJRiBFHwYrMAQUYRlVLHpsUUsqWBB2OSASECJHKD09MBIRL0FZKTYxURk
IP 212.77.100.137:0
ASN #12827 Wirtualna Polska Media S.A.
File type RIFF (little-endian) data, Web/P image\012- data
Hash 4803e9320aba47ccf3d0bc95b269ff53
770837811858f9048f0d57ab67629a4c078f88f1
844b1fcba21b9d19cec33ae3bdcc1cb1f095ad5a2cfe8be3d6d13d195c6ec624
GET /O/37x/v.wpimg.pl/YXVsdC5wdjk3ERJwGgx7LHRJRiBFHwYrMAQUYRlVLHpsUUsqWBB2OSASECJHKD09MBIRL0FZKTYxURk HTTP/1.1
Host: i.wpimg.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 10:25:35 GMT
content-type: image/webp
content-length: 420
access-control-allow-origin: *
vary: accept
cache-control: max-age=2592000
etag: "fd-0e54b9ed0b615abd"
timing-allow-origin: *
X-Firefox-Spdy: h2
push.services.mozilla.com/
35.165.143.157101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.165.143.157:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: aQbd2wLljnE+puo+NSKIPg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 1beLjQSNWxG95ghIwrEO7ZoHMr0=
ads.pubmatic.com/AdServer/js/user_sync.html?p=62652&predirect=https%3A%2F%2Fssp.wp.pl%2Fbidder%2Fusersync%2Fsetuid%3Fgdpr%3D1%26gdpr_consent%3DCPdYzQAPdYzQABIACCPLCbCgAP_AAH_AAB5YI8Nd_X__bW9j-_5_aft0eY1P9_r37uQzDhfNk-8F3L_W_LwX52E7NF36pq4KmR4Eu1LBIQNlHMHUDUmwaokVrzHsak2cpyNKJ7JEknMZO2dYGF9Pn1tjuYKY7_5_9_bx2D-t_9_-39T378Xf3_dp_2_-_vCfV599jfn9fV_789KP9_79v-_8__________3_7BHYAkw1biALsSxwJtAwihRAjCsJCqBQAQUAwtEFgA4OCnZWAT6whYAIBQBGBECHEFGDAIABAIAkIgAkCLBAIgCIBAACABEAhAARMAgsALAwCAAEA0LFAKAAQJCDIgIjlMCAiBIKCWysQSgr0NMIA6ywAoNEbFQAIkAAFICAkLBwDBEgJeLJAkxRvkAIwQoBRKgAAAAA.YAAAAAAAAAAA%26inver%3D%26host%3Dsportowefakty.wp.pl%26bidder%3Dpubmatic%26uid%3D
23.38.200.201200 OK 5.5 kB URL HTTP/2 ads.pubmatic.com/AdServer/js/user_sync.html?p=62652&predirect=https%3A%2F%2Fssp.wp.pl%2Fbidder%2Fusersync%2Fsetuid%3Fgdpr%3D1%26gdpr_consent%3DCPdYzQAPdYzQABIACCPLCbCgAP_AAH_AAB5YI8Nd_X__bW9j-_5_aft0eY1P9_r37uQzDhfNk-8F3L_W_LwX52E7NF36pq4KmR4Eu1LBIQNlHMHUDUmwaokVrzHsak2cpyNKJ7JEknMZO2dYGF9Pn1tjuYKY7_5_9_bx2D-t_9_-39T378Xf3_dp_2_-_vCfV599jfn9fV_789KP9_79v-_8__________3_7BHYAkw1biALsSxwJtAwihRAjCsJCqBQAQUAwtEFgA4OCnZWAT6whYAIBQBGBECHEFGDAIABAIAkIgAkCLBAIgCIBAACABEAhAARMAgsALAwCAAEA0LFAKAAQJCDIgIjlMCAiBIKCWysQSgr0NMIA6ywAoNEbFQAIkAAFICAkLBwDBEgJeLJAkxRvkAIwQoBRKgAAAAA.YAAAAAAAAAAA%26inver%3D%26host%3Dsportowefakty.wp.pl%26bidder%3Dpubmatic%26uid%3D
IP 23.38.200.201:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (15844), with no line terminators
Hash 7725e8e949141c8ded449d86975d4c04
8cd8c314a2002cc26f821d331ab9512f52a551a2
a0c49aacf6f552bce544eb8516404f696918253cd934a6404ebeafd71f8780ae
GET /AdServer/js/user_sync.html?p=62652&predirect=https%3A%2F%2Fssp.wp.pl%2Fbidder%2Fusersync%2Fsetuid%3Fgdpr%3D1%26gdpr_consent%3DCPdYzQAPdYzQABIACCPLCbCgAP_AAH_AAB5YI8Nd_X__bW9j-_5_aft0eY1P9_r37uQzDhfNk-8F3L_W_LwX52E7NF36pq4KmR4Eu1LBIQNlHMHUDUmwaokVrzHsak2cpyNKJ7JEknMZO2dYGF9Pn1tjuYKY7_5_9_bx2D-t_9_-39T378Xf3_dp_2_-_vCfV599jfn9fV_789KP9_79v-_8__________3_7BHYAkw1biALsSxwJtAwihRAjCsJCqBQAQUAwtEFgA4OCnZWAT6whYAIBQBGBECHEFGDAIABAIAkIgAkCLBAIgCIBAACABEAhAARMAgsALAwCAAEA0LFAKAAQJCDIgIjlMCAiBIKCWysQSgr0NMIA6ywAoNEbFQAIkAAFICAkLBwDBEgJeLJAkxRvkAIwQoBRKgAAAAA.YAAAAAAAAAAA%26inver%3D%26host%3Dsportowefakty.wp.pl%26bidder%3Dpubmatic%26uid%3D HTTP/1.1
Host: ads.pubmatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Tue, 01 Feb 2022 06:38:00 GMT
etag: "1300708-3de4-5d6ef246ef4cf"
server: Apache
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 5549
content-type: text/html; charset=UTF-8
cache-control: max-age=56470
expires: Wed, 05 Oct 2022 02:06:45 GMT
date: Tue, 04 Oct 2022 10:25:35 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2
v.wpimg.pl/MjUwLnBuYgs0FTpdbQ5vHndNbg0yHRIHNBovTG5XOEhvVWNYdEN-WHpGelt7QHxbZ0N6VntBYlhmWXxWHQUsBDAbf15yDX9fZVk8ACVXMA
212.77.99.26200 OK 89 kB URL HTTP/2 v.wpimg.pl/MjUwLnBuYgs0FTpdbQ5vHndNbg0yHRIHNBovTG5XOEhvVWNYdEN-WHpGelt7QHxbZ0N6VntBYlhmWXxWHQUsBDAbf15yDX9fZVk8ACVXMA
IP 212.77.99.26:0
ASN #12827 Wirtualna Polska Media S.A.
File type PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced\012- data
Hash e563970b2665d20a6340814487a24eea
7f2c4a1619ffd5f983dd826ead1b134b70ab9bf4
67413bfa88aa7b88d413bba5f58c98b6fbc0b0d660939a55222dda2a40a6a775
GET /MjUwLnBuYgs0FTpdbQ5vHndNbg0yHRIHNBovTG5XOEhvVWNYdEN-WHpGelt7QHxbZ0N6VntBYlhmWXxWHQUsBDAbf15yDX9fZVk8ACVXMA HTTP/1.1
Host: v.wpimg.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 10:25:35 GMT
content-type: image/png
content-length: 89170
last-modified: Wed, 03 Aug 2022 07:20:47 GMT
x-rgw-object-type: Normal
etag: "e563970b2665d20a6340814487a24eea"
cache-control: max-age=9000
x-cache-status: STALE
timing-allow-origin: *
x-robots-tag: noindex,nofollow
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=62652&gdpr=1&gdpr_consent=CPdYzQAPdYzQABIACCPLCbCgAP_AAH_AAB5YI8Nd_X__bW9j-_5_aft0eY1P9_r37uQzDhfNk-8F3L_W_LwX52E7NF36pq4KmR4Eu1LBIQNlHMHUDUmwaokVrzHsak2cpyNKJ7JEknMZO2dYGF9Pn1tjuYKY7_5_9_bx2D-t_9_-39T378Xf3_dp_2_-_vCfV599jfn9fV_789KP9_79v-_8__________3_7BHYAkw1biALsSxwJtAwihRAjCsJCqBQAQUAwtEFgA4OCnZWAT6whYAIBQBGBECHEFGDAIABAIAkIgAkCLBAIgCIBAACABEAhAARMAgsALAwCAAEA0LFAKAAQJCDIgIjlMCAiBIKCWysQSgr0NMIA6ywAoNEbFQAIkAAFICAkLBwDBEgJeLJAkxRvkAIwQoBRKgAAAAA.YAAAAAAAAAAA
23.38.200.201200 OK 5.5 kB URL HTTP/2 ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=62652&gdpr=1&gdpr_consent=CPdYzQAPdYzQABIACCPLCbCgAP_AAH_AAB5YI8Nd_X__bW9j-_5_aft0eY1P9_r37uQzDhfNk-8F3L_W_LwX52E7NF36pq4KmR4Eu1LBIQNlHMHUDUmwaokVrzHsak2cpyNKJ7JEknMZO2dYGF9Pn1tjuYKY7_5_9_bx2D-t_9_-39T378Xf3_dp_2_-_vCfV599jfn9fV_789KP9_79v-_8__________3_7BHYAkw1biALsSxwJtAwihRAjCsJCqBQAQUAwtEFgA4OCnZWAT6whYAIBQBGBECHEFGDAIABAIAkIgAkCLBAIgCIBAACABEAhAARMAgsALAwCAAEA0LFAKAAQJCDIgIjlMCAiBIKCWysQSgr0NMIA6ywAoNEbFQAIkAAFICAkLBwDBEgJeLJAkxRvkAIwQoBRKgAAAAA.YAAAAAAAAAAA
IP 23.38.200.201:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (15844), with no line terminators
Hash 7725e8e949141c8ded449d86975d4c04
8cd8c314a2002cc26f821d331ab9512f52a551a2
a0c49aacf6f552bce544eb8516404f696918253cd934a6404ebeafd71f8780ae
GET /AdServer/js/user_sync.html?kdntuid=1&p=62652&gdpr=1&gdpr_consent=CPdYzQAPdYzQABIACCPLCbCgAP_AAH_AAB5YI8Nd_X__bW9j-_5_aft0eY1P9_r37uQzDhfNk-8F3L_W_LwX52E7NF36pq4KmR4Eu1LBIQNlHMHUDUmwaokVrzHsak2cpyNKJ7JEknMZO2dYGF9Pn1tjuYKY7_5_9_bx2D-t_9_-39T378Xf3_dp_2_-_vCfV599jfn9fV_789KP9_79v-_8__________3_7BHYAkw1biALsSxwJtAwihRAjCsJCqBQAQUAwtEFgA4OCnZWAT6whYAIBQBGBECHEFGDAIABAIAkIgAkCLBAIgCIBAACABEAhAARMAgsALAwCAAEA0LFAKAAQJCDIgIjlMCAiBIKCWysQSgr0NMIA6ywAoNEbFQAIkAAFICAkLBwDBEgJeLJAkxRvkAIwQoBRKgAAAAA.YAAAAAAAAAAA HTTP/1.1
Host: ads.pubmatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Tue, 01 Feb 2022 06:38:00 GMT
etag: "1300708-3de4-5d6ef246ef4cf"
server: Apache
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 5549
content-type: text/html; charset=UTF-8
cache-control: max-age=56470
expires: Wed, 05 Oct 2022 02:06:45 GMT
date: Tue, 04 Oct 2022 10:25:35 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2
v.wpimg.pl/eDI1MC5qSiUoUztwGgpHMGsLbyBFGTopKFwuYRlTEGZzE2J1A0FQfGYAe3YMQV13fwR7dgFASnd5ATVxAEFLLjlWbz4
212.77.99.26200 OK 28 kB URL HTTP/2 v.wpimg.pl/eDI1MC5qSiUoUztwGgpHMGsLbyBFGTopKFwuYRlTEGZzE2J1A0FQfGYAe3YMQV13fwR7dgFASnd5ATVxAEFLLjlWbz4
IP 212.77.99.26:0
ASN #12827 Wirtualna Polska Media S.A.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 300x250, components 3\012- data
Hash 9c43c70925dab1cd244e7d56c7afb2ed
c51fa70b3d5672046e5eedfa432aa2adee07907b
aaebbc9d58129b794f0e79076cb5dfbd673f8a99e5a2c88c4bd7ba48bbf3ac2c
GET /eDI1MC5qSiUoUztwGgpHMGsLbyBFGTopKFwuYRlTEGZzE2J1A0FQfGYAe3YMQV13fwR7dgFASnd5ATVxAEFLLjlWbz4 HTTP/1.1
Host: v.wpimg.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 10:25:35 GMT
content-type: image/jpeg
content-length: 28228
accept-ranges: bytes
last-modified: Fri, 29 Jul 2022 08:34:16 GMT
x-rgw-object-type: Normal
etag: "9c43c70925dab1cd244e7d56c7afb2ed"
cache-control: max-age=9000
x-cache-status: MISS
timing-allow-origin: *
x-robots-tag: noindex,nofollow
access-control-allow-origin: *
X-Firefox-Spdy: h2
ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=62652&gdpr=1&gdpr_consent=CPdYzQAPdYzQABIACCPLCbCgAP_AAH_AAB5YI8Nd_X__bW9j-_5_aft0eY1P9_r37uQzDhfNk-8F3L_W_LwX52E7NF36pq4KmR4Eu1LBIQNlHMHUDUmwaokVrzHsak2cpyNKJ7JEknMZO2dYGF9Pn1tjuYKY7_5_9_bx2D-t_9_-39T378Xf3_dp_2_-_vCfV599jfn9fV_789KP9_79v-_8__________3_7BHYAkw1biALsSxwJtAwihRAjCsJCqBQAQUAwtEFgA4OCnZWAT6whYAIBQBGBECHEFGDAIABAIAkIgAkCLBAIgCIBAACABEAhAARMAgsALAwCAAEA0LFAKAAQJCDIgIjlMCAiBIKCWysQSgr0NMIA6ywAoNEbFQAIkAAFICAkLBwDBEgJeLJAkxRvkAIwQoBRKgAAAAA.YAAAAAAAAAAA
23.38.200.201200 OK 5.5 kB URL HTTP/2 ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=62652&gdpr=1&gdpr_consent=CPdYzQAPdYzQABIACCPLCbCgAP_AAH_AAB5YI8Nd_X__bW9j-_5_aft0eY1P9_r37uQzDhfNk-8F3L_W_LwX52E7NF36pq4KmR4Eu1LBIQNlHMHUDUmwaokVrzHsak2cpyNKJ7JEknMZO2dYGF9Pn1tjuYKY7_5_9_bx2D-t_9_-39T378Xf3_dp_2_-_vCfV599jfn9fV_789KP9_79v-_8__________3_7BHYAkw1biALsSxwJtAwihRAjCsJCqBQAQUAwtEFgA4OCnZWAT6whYAIBQBGBECHEFGDAIABAIAkIgAkCLBAIgCIBAACABEAhAARMAgsALAwCAAEA0LFAKAAQJCDIgIjlMCAiBIKCWysQSgr0NMIA6ywAoNEbFQAIkAAFICAkLBwDBEgJeLJAkxRvkAIwQoBRKgAAAAA.YAAAAAAAAAAA
IP 23.38.200.201:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (15844), with no line terminators
Hash 7725e8e949141c8ded449d86975d4c04
8cd8c314a2002cc26f821d331ab9512f52a551a2
a0c49aacf6f552bce544eb8516404f696918253cd934a6404ebeafd71f8780ae
GET /AdServer/js/user_sync.html?kdntuid=1&p=62652&gdpr=1&gdpr_consent=CPdYzQAPdYzQABIACCPLCbCgAP_AAH_AAB5YI8Nd_X__bW9j-_5_aft0eY1P9_r37uQzDhfNk-8F3L_W_LwX52E7NF36pq4KmR4Eu1LBIQNlHMHUDUmwaokVrzHsak2cpyNKJ7JEknMZO2dYGF9Pn1tjuYKY7_5_9_bx2D-t_9_-39T378Xf3_dp_2_-_vCfV599jfn9fV_789KP9_79v-_8__________3_7BHYAkw1biALsSxwJtAwihRAjCsJCqBQAQUAwtEFgA4OCnZWAT6whYAIBQBGBECHEFGDAIABAIAkIgAkCLBAIgCIBAACABEAhAARMAgsALAwCAAEA0LFAKAAQJCDIgIjlMCAiBIKCWysQSgr0NMIA6ywAoNEbFQAIkAAFICAkLBwDBEgJeLJAkxRvkAIwQoBRKgAAAAA.YAAAAAAAAAAA HTTP/1.1
Host: ads.pubmatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 01 Feb 2022 06:38:00 GMT
etag: "1300708-3de4-5d6ef246ef4cf"
server: Apache
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 5549
content-type: text/html; charset=UTF-8
cache-control: max-age=56470
expires: Wed, 05 Oct 2022 02:06:45 GMT
date: Tue, 04 Oct 2022 10:25:35 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2
v.wpimg.pl/eDI1MC5qSiUoUztwGgpHMGsLbyBFGTopKFwuYRlTEGZzE2J1A0dWdmYAe3YMRFR1fQR4dQBESnV8H317ahcKMCxdEnAFQR12fAFjKUUWRzk
212.77.99.26200 OK 43 kB URL HTTP/2 v.wpimg.pl/eDI1MC5qSiUoUztwGgpHMGsLbyBFGTopKFwuYRlTEGZzE2J1A0dWdmYAe3YMRFR1fQR4dQBESnV8H317ahcKMCxdEnAFQR12fAFjKUUWRzk
IP 212.77.99.26:0
ASN #12827 Wirtualna Polska Media S.A.
File type JPEG image data, progressive, precision 8, 300x250, components 3\012- data
Hash ff1f14e732a08851404d735c43445e09
680aeee970df3a7d432f3ba4820525f767559a68
5ff20ea5a50bf522dcbbdf6a0bd81e4b1032e62b18f92c935831857bf604abff
GET /eDI1MC5qSiUoUztwGgpHMGsLbyBFGTopKFwuYRlTEGZzE2J1A0dWdmYAe3YMRFR1fQR4dQBESnV8H317ahcKMCxdEnAFQR12fAFjKUUWRzk HTTP/1.1
Host: v.wpimg.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 10:25:35 GMT
content-type: image/jpeg
content-length: 42688
last-modified: Wed, 03 Aug 2022 07:24:15 GMT
x-rgw-object-type: Normal
etag: "ff1f14e732a08851404d735c43445e09"
cache-control: max-age=9000
x-cache-status: STALE
timing-allow-origin: *
accept-ranges: bytes
x-robots-tag: noindex,nofollow
access-control-allow-origin: *
X-Firefox-Spdy: h2
v.wpimg.pl/MHgyNTAuYikGGzhnbg5vPEVDbDcxHRIlBhQtdm1XOGpdW2Fid0V0fUhIeGF1Q315U055ZHhAYhgrTRFncUU1elJJYCQvEm81
212.77.99.26200 OK 22 kB URL HTTP/2 v.wpimg.pl/MHgyNTAuYikGGzhnbg5vPEVDbDcxHRIlBhQtdm1XOGpdW2Fid0V0fUhIeGF1Q315U055ZHhAYhgrTRFncUU1elJJYCQvEm81
IP 212.77.99.26:0
ASN #12827 Wirtualna Polska Media S.A.
File type PNG image data, 300 x 250, 8-bit/color RGB, non-interlaced\012- data
Hash f75785d24f7e8d5e2a549c274464bcc4
a959e00ca61c8e0221f62ad8c82d49f8ff3c35b3
0e10284404e1762d2b401c2bfe6b29f3da32cbee7433ec84f5703a38577ec3c3
GET /MHgyNTAuYikGGzhnbg5vPEVDbDcxHRIlBhQtdm1XOGpdW2Fid0V0fUhIeGF1Q315U055ZHhAYhgrTRFncUU1elJJYCQvEm81 HTTP/1.1
Host: v.wpimg.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 10:25:35 GMT
content-type: image/png
content-length: 22113
accept-ranges: bytes
last-modified: Thu, 28 Jul 2022 10:32:02 GMT
x-rgw-object-type: Normal
etag: "f75785d24f7e8d5e2a549c274464bcc4"
cache-control: max-age=9000
x-cache-status: MISS
timing-allow-origin: *
x-robots-tag: noindex,nofollow
access-control-allow-origin: *
X-Firefox-Spdy: h2
ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=62652&gdpr=1&gdpr_consent=CPdYzQAPdYzQABIACCPLCbCgAP_AAH_AAB5YI8Nd_X__bW9j-_5_aft0eY1P9_r37uQzDhfNk-8F3L_W_LwX52E7NF36pq4KmR4Eu1LBIQNlHMHUDUmwaokVrzHsak2cpyNKJ7JEknMZO2dYGF9Pn1tjuYKY7_5_9_bx2D-t_9_-39T378Xf3_dp_2_-_vCfV599jfn9fV_789KP9_79v-_8__________3_7BHYAkw1biALsSxwJtAwihRAjCsJCqBQAQUAwtEFgA4OCnZWAT6whYAIBQBGBECHEFGDAIABAIAkIgAkCLBAIgCIBAACABEAhAARMAgsALAwCAAEA0LFAKAAQJCDIgIjlMCAiBIKCWysQSgr0NMIA6ywAoNEbFQAIkAAFICAkLBwDBEgJeLJAkxRvkAIwQoBRKgAAAAA.YAAAAAAAAAAA
23.38.200.201200 OK 5.5 kB URL HTTP/2 ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=62652&gdpr=1&gdpr_consent=CPdYzQAPdYzQABIACCPLCbCgAP_AAH_AAB5YI8Nd_X__bW9j-_5_aft0eY1P9_r37uQzDhfNk-8F3L_W_LwX52E7NF36pq4KmR4Eu1LBIQNlHMHUDUmwaokVrzHsak2cpyNKJ7JEknMZO2dYGF9Pn1tjuYKY7_5_9_bx2D-t_9_-39T378Xf3_dp_2_-_vCfV599jfn9fV_789KP9_79v-_8__________3_7BHYAkw1biALsSxwJtAwihRAjCsJCqBQAQUAwtEFgA4OCnZWAT6whYAIBQBGBECHEFGDAIABAIAkIgAkCLBAIgCIBAACABEAhAARMAgsALAwCAAEA0LFAKAAQJCDIgIjlMCAiBIKCWysQSgr0NMIA6ywAoNEbFQAIkAAFICAkLBwDBEgJeLJAkxRvkAIwQoBRKgAAAAA.YAAAAAAAAAAA
IP 23.38.200.201:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (15844), with no line terminators
Hash 7725e8e949141c8ded449d86975d4c04
8cd8c314a2002cc26f821d331ab9512f52a551a2
a0c49aacf6f552bce544eb8516404f696918253cd934a6404ebeafd71f8780ae
GET /AdServer/js/user_sync.html?kdntuid=1&p=62652&gdpr=1&gdpr_consent=CPdYzQAPdYzQABIACCPLCbCgAP_AAH_AAB5YI8Nd_X__bW9j-_5_aft0eY1P9_r37uQzDhfNk-8F3L_W_LwX52E7NF36pq4KmR4Eu1LBIQNlHMHUDUmwaokVrzHsak2cpyNKJ7JEknMZO2dYGF9Pn1tjuYKY7_5_9_bx2D-t_9_-39T378Xf3_dp_2_-_vCfV599jfn9fV_789KP9_79v-_8__________3_7BHYAkw1biALsSxwJtAwihRAjCsJCqBQAQUAwtEFgA4OCnZWAT6whYAIBQBGBECHEFGDAIABAIAkIgAkCLBAIgCIBAACABEAhAARMAgsALAwCAAEA0LFAKAAQJCDIgIjlMCAiBIKCWysQSgr0NMIA6ywAoNEbFQAIkAAFICAkLBwDBEgJeLJAkxRvkAIwQoBRKgAAAAA.YAAAAAAAAAAA HTTP/1.1
Host: ads.pubmatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 01 Feb 2022 06:38:00 GMT
etag: "1300708-3de4-5d6ef246ef4cf"
server: Apache
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 5549
content-type: text/html; charset=UTF-8
cache-control: max-age=56470
expires: Wed, 05 Oct 2022 02:06:45 GMT
date: Tue, 04 Oct 2022 10:25:35 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2
ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=62652&gdpr=1&gdpr_consent=CPdYzQAPdYzQABIACCPLCbCgAP_AAH_AAB5YI8Nd_X__bW9j-_5_aft0eY1P9_r37uQzDhfNk-8F3L_W_LwX52E7NF36pq4KmR4Eu1LBIQNlHMHUDUmwaokVrzHsak2cpyNKJ7JEknMZO2dYGF9Pn1tjuYKY7_5_9_bx2D-t_9_-39T378Xf3_dp_2_-_vCfV599jfn9fV_789KP9_79v-_8__________3_7BHYAkw1biALsSxwJtAwihRAjCsJCqBQAQUAwtEFgA4OCnZWAT6whYAIBQBGBECHEFGDAIABAIAkIgAkCLBAIgCIBAACABEAhAARMAgsALAwCAAEA0LFAKAAQJCDIgIjlMCAiBIKCWysQSgr0NMIA6ywAoNEbFQAIkAAFICAkLBwDBEgJeLJAkxRvkAIwQoBRKgAAAAA.YAAAAAAAAAAA
23.38.200.201200 OK 5.5 kB URL HTTP/2 ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=62652&gdpr=1&gdpr_consent=CPdYzQAPdYzQABIACCPLCbCgAP_AAH_AAB5YI8Nd_X__bW9j-_5_aft0eY1P9_r37uQzDhfNk-8F3L_W_LwX52E7NF36pq4KmR4Eu1LBIQNlHMHUDUmwaokVrzHsak2cpyNKJ7JEknMZO2dYGF9Pn1tjuYKY7_5_9_bx2D-t_9_-39T378Xf3_dp_2_-_vCfV599jfn9fV_789KP9_79v-_8__________3_7BHYAkw1biALsSxwJtAwihRAjCsJCqBQAQUAwtEFgA4OCnZWAT6whYAIBQBGBECHEFGDAIABAIAkIgAkCLBAIgCIBAACABEAhAARMAgsALAwCAAEA0LFAKAAQJCDIgIjlMCAiBIKCWysQSgr0NMIA6ywAoNEbFQAIkAAFICAkLBwDBEgJeLJAkxRvkAIwQoBRKgAAAAA.YAAAAAAAAAAA
IP 23.38.200.201:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (15844), with no line terminators
Hash 7725e8e949141c8ded449d86975d4c04
8cd8c314a2002cc26f821d331ab9512f52a551a2
a0c49aacf6f552bce544eb8516404f696918253cd934a6404ebeafd71f8780ae
GET /AdServer/js/user_sync.html?kdntuid=1&p=62652&gdpr=1&gdpr_consent=CPdYzQAPdYzQABIACCPLCbCgAP_AAH_AAB5YI8Nd_X__bW9j-_5_aft0eY1P9_r37uQzDhfNk-8F3L_W_LwX52E7NF36pq4KmR4Eu1LBIQNlHMHUDUmwaokVrzHsak2cpyNKJ7JEknMZO2dYGF9Pn1tjuYKY7_5_9_bx2D-t_9_-39T378Xf3_dp_2_-_vCfV599jfn9fV_789KP9_79v-_8__________3_7BHYAkw1biALsSxwJtAwihRAjCsJCqBQAQUAwtEFgA4OCnZWAT6whYAIBQBGBECHEFGDAIABAIAkIgAkCLBAIgCIBAACABEAhAARMAgsALAwCAAEA0LFAKAAQJCDIgIjlMCAiBIKCWysQSgr0NMIA6ywAoNEbFQAIkAAFICAkLBwDBEgJeLJAkxRvkAIwQoBRKgAAAAA.YAAAAAAAAAAA HTTP/1.1
Host: ads.pubmatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 01 Feb 2022 06:38:00 GMT
etag: "1300708-3de4-5d6ef246ef4cf"
server: Apache
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 5549
content-type: text/html; charset=UTF-8
cache-control: max-age=56470
expires: Wed, 05 Oct 2022 02:06:45 GMT
date: Tue, 04 Oct 2022 10:25:35 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2
wp-pl.eu/static/fonts/icomoon.woff2
185.203.117.169404 Not Found 808 B URL HTTP/2 wp-pl.eu/static/fonts/icomoon.woff2
IP 185.203.117.169:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a943672a32297727bab01c3e76977550
3a667c4b7a457ef6c586cc581d533c128737bf53
b9347f234dc3c8d56e015e86d88a1400415db8f7a5ad91f02b6a2323c10a4187
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /static/fonts/icomoon.woff2 HTTP/1.1
Host: wp-pl.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://wp-pl.eu/index_files/bWluLmNzTTYNFzpeYQFACE5PbjIRJT0IMyoTMhElPQgzKhMyESU9CDMqEzIR.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Tue, 04 Oct 2022 10:25:35 GMT
content-type: text/html
content-length: 808
last-modified: Tue, 09 Aug 2022 12:32:30 GMT
etag: "328-5e5ce2043ba15"
accept-ranges: bytes
X-Firefox-Spdy: h2
js-sec.indexww.com/um/ixmatch.html
23.38.200.248200 OK 1.4 kB URL HTTP/1.1 js-sec.indexww.com/um/ixmatch.html
IP 23.38.200.248:0
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2920), with no line terminators
Hash d41805aed22c3b9731d56a19244e6b8a
7e5da0bdf4db3f38f1590b5020750a93d1a174b5
46aa57bbee28a5fa9e4352e856a1d3a0485613234232d0b3de27adc74d8fac26
GET /um/ixmatch.html HTTP/1.1
Host: js-sec.indexww.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Apache
Last-Modified: Mon, 25 Jul 2022 19:18:30 GMT
ETag: "e20015-b68-5e4a60c97afb7"
Accept-Ranges: bytes
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1387
Date: Tue, 04 Oct 2022 10:25:35 GMT
Connection: keep-alive
acdn.adnxs.com/dmp/async_usersync.html
23.38.200.189200 OK 17 kB URL HTTP/1.1 acdn.adnxs.com/dmp/async_usersync.html
IP 23.38.200.189:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (52990)
Hash 9c6b5ce6b3452e98573e6409c34dd73c
de607fadef62e36945a409a838eb8fc36d819b42
cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc
GET /dmp/async_usersync.html HTTP/1.1
Host: acdn.adnxs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
ETag: "623de86a-cf34"
Server: nginx/1.18.0 (Ubuntu)
Access-Control-Allow-Origin: *
Content-Type: text/html
Content-Encoding: gzip
Content-Length: 17053
Cache-Control: max-age=86402
Expires: Wed, 05 Oct 2022 10:25:37 GMT
Date: Tue, 04 Oct 2022 10:25:35 GMT
Connection: keep-alive
Vary: Accept-Encoding
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 0ac04f7c449093fff4f846a7ae56cd4f
50aeb5664545a0dec4173920a274e906bcbcdf6f
18eff2566317aba7b70ee558e8cba42231eb4eae31e903501dc122c751d6993b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 10:25:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
js-sec.indexww.com/um/ixmatch.html
23.38.200.248200 OK 1.4 kB URL HTTP/1.1 js-sec.indexww.com/um/ixmatch.html
IP 23.38.200.248:0
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2920), with no line terminators
Hash d41805aed22c3b9731d56a19244e6b8a
7e5da0bdf4db3f38f1590b5020750a93d1a174b5
46aa57bbee28a5fa9e4352e856a1d3a0485613234232d0b3de27adc74d8fac26
GET /um/ixmatch.html HTTP/1.1
Host: js-sec.indexww.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Apache
Last-Modified: Mon, 25 Jul 2022 19:18:30 GMT
ETag: "e20015-b68-5e4a60c97afb7"
Accept-Ranges: bytes
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1387
Date: Tue, 04 Oct 2022 10:25:35 GMT
Connection: keep-alive
eus.rubiconproject.com/usync.html?gdpr=1&gdpr_consent=CPdYzQAPdYzQABIACCPLCbCgAP_AAH_AAB5YI8Nd_X__bW9j-_5_aft0eY1P9_r37uQzDhfNk-8F3L_W_LwX52E7NF36pq4KmR4Eu1LBIQNlHMHUDUmwaokVrzHsak2cpyNKJ7JEknMZO2dYGF9Pn1tjuYKY7_5_9_bx2D-t_9_-39T378Xf3_dp_2_-_vCfV599jfn9fV_789KP9_79v-_8__________3_7BHYAkw1biALsSxwJtAwihRAjCsJCqBQAQUAwtEFgA4OCnZWAT6whYAIBQBGBECHEFGDAIABAIAkIgAkCLBAIgCIBAACABEAhAARMAgsALAwCAAEA0LFAKAAQJCDIgIjlMCAiBIKCWysQSgr0NMIA6ywAoNEbFQAIkAAFICAkLBwDBEgJeLJAkxRvkAIwQoBRKgAAAAA.YAAAAAAAAAAA
104.88.9.101200 OK 233 B URL HTTP/1.1 eus.rubiconproject.com/usync.html?gdpr=1&gdpr_consent=CPdYzQAPdYzQABIACCPLCbCgAP_AAH_AAB5YI8Nd_X__bW9j-_5_aft0eY1P9_r37uQzDhfNk-8F3L_W_LwX52E7NF36pq4KmR4Eu1LBIQNlHMHUDUmwaokVrzHsak2cpyNKJ7JEknMZO2dYGF9Pn1tjuYKY7_5_9_bx2D-t_9_-39T378Xf3_dp_2_-_vCfV599jfn9fV_789KP9_79v-_8__________3_7BHYAkw1biALsSxwJtAwihRAjCsJCqBQAQUAwtEFgA4OCnZWAT6whYAIBQBGBECHEFGDAIABAIAkIgAkCLBAIgCIBAACABEAhAARMAgsALAwCAAEA0LFAKAAQJCDIgIjlMCAiBIKCWysQSgr0NMIA6ywAoNEbFQAIkAAFICAkLBwDBEgJeLJAkxRvkAIwQoBRKgAAAAA.YAAAAAAAAAAA
IP 104.88.9.101:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Hash 6220919f0a2b24a12a281ea8b891ecf6
759111c360edc6df73ed10aaaa212cb22c47ce0d
030c6e199782fb1908f6f89d3cd41950fd3ae0830c5020ba9ed617111bacd180
GET /usync.html?gdpr=1&gdpr_consent=CPdYzQAPdYzQABIACCPLCbCgAP_AAH_AAB5YI8Nd_X__bW9j-_5_aft0eY1P9_r37uQzDhfNk-8F3L_W_LwX52E7NF36pq4KmR4Eu1LBIQNlHMHUDUmwaokVrzHsak2cpyNKJ7JEknMZO2dYGF9Pn1tjuYKY7_5_9_bx2D-t_9_-39T378Xf3_dp_2_-_vCfV599jfn9fV_789KP9_79v-_8__________3_7BHYAkw1biALsSxwJtAwihRAjCsJCqBQAQUAwtEFgA4OCnZWAT6whYAIBQBGBECHEFGDAIABAIAkIgAkCLBAIgCIBAACABEAhAARMAgsALAwCAAEA0LFAKAAQJCDIgIjlMCAiBIKCWysQSgr0NMIA6ywAoNEbFQAIkAAFICAkLBwDBEgJeLJAkxRvkAIwQoBRKgAAAAA.YAAAAAAAAAAA HTTP/1.1
Host: eus.rubiconproject.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 14 Dec 2021 23:07:59 GMT
ETag: "40014-119-5d32342a551c0"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Tue, 04 Oct 2022 10:25:35 GMT
Connection: keep-alive
Vary: Accept-Encoding
wp-pl.eu/index_files/MTAwLmpzYjUgFTpeXwFvIGNNbgwUWGF2NFV2T18oAHsDGDRCE1UsICcTYwscHzUA
185.203.117.169200 OK 17 kB URL HTTP/2 wp-pl.eu/index_files/MTAwLmpzYjUgFTpeXwFvIGNNbgwUWGF2NFV2T18oAHsDGDRCE1UsICcTYwscHzUA
IP 185.203.117.169:0
File type gzip compressed data, from Unix\012- data
Hash 9c6b5ce6b3452e98573e6409c34dd73c
de607fadef62e36945a409a838eb8fc36d819b42
cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /index_files/MTAwLmpzYjUgFTpeXwFvIGNNbgwUWGF2NFV2T18oAHsDGDRCE1UsICcTYwscHzUA HTTP/1.1
Host: wp-pl.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 10:25:35 GMT
content-type: application/octet-stream
content-length: 2576
last-modified: Tue, 09 Aug 2022 02:31:44 GMT
etag: "62f1c710-a10"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
js-sec.indexww.com/um/ixmatch.html
23.38.200.248200 OK 1.4 kB URL HTTP/1.1 js-sec.indexww.com/um/ixmatch.html
IP 23.38.200.248:0
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2920), with no line terminators
Hash d41805aed22c3b9731d56a19244e6b8a
7e5da0bdf4db3f38f1590b5020750a93d1a174b5
46aa57bbee28a5fa9e4352e856a1d3a0485613234232d0b3de27adc74d8fac26
GET /um/ixmatch.html HTTP/1.1
Host: js-sec.indexww.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Apache
Last-Modified: Mon, 25 Jul 2022 19:18:30 GMT
ETag: "e20015-b68-5e4a60c97afb7"
Accept-Ranges: bytes
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1387
Date: Tue, 04 Oct 2022 10:25:35 GMT
Connection: keep-alive
acdn.adnxs.com/dmp/async_usersync.html
23.38.200.189200 OK 17 kB URL HTTP/1.1 acdn.adnxs.com/dmp/async_usersync.html
IP 23.38.200.189:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (52990)
Hash 9c6b5ce6b3452e98573e6409c34dd73c
de607fadef62e36945a409a838eb8fc36d819b42
cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc
GET /dmp/async_usersync.html HTTP/1.1
Host: acdn.adnxs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
ETag: "623de86a-cf34"
Server: nginx/1.18.0 (Ubuntu)
Access-Control-Allow-Origin: *
Content-Type: text/html
Content-Encoding: gzip
Content-Length: 17053
Cache-Control: max-age=86402
Expires: Wed, 05 Oct 2022 10:25:37 GMT
Date: Tue, 04 Oct 2022 10:25:35 GMT
Connection: keep-alive
Vary: Accept-Encoding
js-sec.indexww.com/um/ixmatch.html
23.38.200.248200 OK 1.4 kB URL HTTP/1.1 js-sec.indexww.com/um/ixmatch.html
IP 23.38.200.248:0
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2920), with no line terminators
Hash d41805aed22c3b9731d56a19244e6b8a
7e5da0bdf4db3f38f1590b5020750a93d1a174b5
46aa57bbee28a5fa9e4352e856a1d3a0485613234232d0b3de27adc74d8fac26
GET /um/ixmatch.html HTTP/1.1
Host: js-sec.indexww.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Apache
Last-Modified: Mon, 25 Jul 2022 19:18:30 GMT
ETag: "e20015-b68-5e4a60c97afb7"
Accept-Ranges: bytes
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1387
Date: Tue, 04 Oct 2022 10:25:35 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 0ac04f7c449093fff4f846a7ae56cd4f
50aeb5664545a0dec4173920a274e906bcbcdf6f
18eff2566317aba7b70ee558e8cba42231eb4eae31e903501dc122c751d6993b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 10:25:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
acdn.adnxs.com/dmp/async_usersync.html
23.38.200.189200 OK 17 kB URL HTTP/1.1 acdn.adnxs.com/dmp/async_usersync.html
IP 23.38.200.189:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (52990)
Hash 9c6b5ce6b3452e98573e6409c34dd73c
de607fadef62e36945a409a838eb8fc36d819b42
cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc
GET /dmp/async_usersync.html HTTP/1.1
Host: acdn.adnxs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
ETag: "623de86a-cf34"
Server: nginx/1.18.0 (Ubuntu)
Access-Control-Allow-Origin: *
Content-Type: text/html
Content-Encoding: gzip
Content-Length: 17053
Cache-Control: max-age=86402
Expires: Wed, 05 Oct 2022 10:25:37 GMT
Date: Tue, 04 Oct 2022 10:25:35 GMT
Connection: keep-alive
Vary: Accept-Encoding
status.geotrust.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash a5358101ee9b2c2034556a787bbcd975
9c3a82dc6dff651d19513fc15861b96f124fe86c
c1ab7a663829eb3e1d98fb6748fb672996ce9b46b0af05d81d178b01c94adf47
POST / HTTP/1.1
Host: status.geotrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6033
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 10:25:35 GMT
Last-Modified: Tue, 04 Oct 2022 08:45:02 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://wp-pl.eu
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 28 Sep 2022 19:34:08 GMT
expires: Thu, 28 Sep 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 485487
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 0ac04f7c449093fff4f846a7ae56cd4f
50aeb5664545a0dec4173920a274e906bcbcdf6f
18eff2566317aba7b70ee558e8cba42231eb4eae31e903501dc122c751d6993b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 10:25:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 0ac04f7c449093fff4f846a7ae56cd4f
50aeb5664545a0dec4173920a274e906bcbcdf6f
18eff2566317aba7b70ee558e8cba42231eb4eae31e903501dc122c751d6993b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 10:25:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu7GxKOzY.woff2
216.58.207.195200 OK 12 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu7GxKOzY.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 11872, version 1.0\012- data
Hash 87ace20058325aa069320aa4af875dff
b743548770c46d905ae1ba06310bc001c587fe8e
3c23eb02de6b34e30f18cfb7167abd81a2cedfd1da60dfcb71989517ab3fb431
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu7GxKOzY.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://wp-pl.eu
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 11872
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 28 Sep 2022 19:35:48 GMT
expires: Thu, 28 Sep 2023 19:35:48 GMT
cache-control: public, max-age=31536000
age: 485387
last-modified: Wed, 11 May 2022 19:25:01 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
wp-pl.eu/index_files/NTI1NDg3YTUoUzh3SEhsIGsLbCcXWxEnPVVsaEVsbG5rbhEbOGwRCxZuERs4bBEL
185.203.117.169200 OK 39 kB URL HTTP/2 wp-pl.eu/index_files/NTI1NDg3YTUoUzh3SEhsIGsLbCcXWxEnPVVsaEVsbG5rbhEbOGwRCxZuERs4bBEL
IP 185.203.117.169:0
File type Unicode text, UTF-8 text, with very long lines (65532), with no line terminators
Hash 831c317061bbd71d883045449360a306
9819c8c05433279757be7d95ed7fe23940d14106
8ba0235d964da74f458fe19b37c6dc2b79de7088cf8cb8e2dede457824732465
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /index_files/NTI1NDg3YTUoUzh3SEhsIGsLbCcXWxEnPVVsaEVsbG5rbhEbOGwRCxZuERs4bBEL HTTP/1.1
Host: wp-pl.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 10:25:35 GMT
content-type: text/plain
last-modified: Tue, 09 Aug 2022 02:31:44 GMT
etag: W/"62f1c710-16354"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://wp-pl.eu
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 28 Sep 2022 19:34:08 GMT
expires: Thu, 28 Sep 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 485488
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
wp-pl.eu/index_files/gplayer.js
185.203.117.169404 Not Found 370 B URL HTTP/2 wp-pl.eu/index_files/gplayer.js
IP 185.203.117.169:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 5710ebe5474c1caf7df70c82051e4d4f
d0eafde5f6d43bd42aa20c17ac660710f2e4a524
ccf1580400f4ef832fa3887447ed29d77d37977efdfb8128591622e5bd3b74ba
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /index_files/gplayer.js HTTP/1.1
Host: wp-pl.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Tue, 04 Oct 2022 10:25:35 GMT
content-type: text/html
last-modified: Tue, 09 Aug 2022 12:32:30 GMT
etag: W/"328-5e5ce2043ba15"
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 0ac04f7c449093fff4f846a7ae56cd4f
50aeb5664545a0dec4173920a274e906bcbcdf6f
18eff2566317aba7b70ee558e8cba42231eb4eae31e903501dc122c751d6993b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 10:25:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
sportowefakty.wp.pl/ZGVyLnBudSY3GzpdbQ54M3RDbg0yHQU0MA48TG5XBWVsWxMxHSoFGAkmEzEdKgUYCSYTMR0qBRgJJhMxHSoFGAkmEzEdKgUYCSYTMR0qBRgJJhMxHSoFGAkmEzEdKgUYCSYTMR0qBRgJJhMxHSoFGAkmEzEdKgUYCSYTMR0qBRgJJhMxHSoFGAkmEzEdKgUYCSYTMR0qBRgJJhMxHSoFGAkmEzEdKgUYCSYTMR0qBRgJJhMxHSoFGAkmEzEdKgUYCSYTMR0qBRgJJhMxHSoFGAkmEzEdKgUYCSYTMR0qBRgJJhMxHSoFGAkmEzEdKgUYCSYTMR0qBRgJJhMxHSoFGAkmEzEdKgUYCSYTMR0qBRgJJhMxHSoFGAkmEzEdKgUYCSYTMR0qBRgJJhMxHSoFGAkmEzEdKgUYCSYTMR0qBRgJJhMxHSoFGAkmEzEdKgUYCSYTMR0qBRgJJhMxHSoFGAkmEzEdKgUYCSYTMR0qBRgJJhMxHSoFGAkmEzEdKgUYCSYTMR0qBRgJJhMxHSoFGAkmEzEdKgUYCSYTMR0qBRgJJhMxHSoFGAkmEzEdKgUYCSYTMR0qBRgJJhMxHSoFGAkmEzEdKgUYCSYTMR0qBRgJJhMxHSoFGAkmEzEdKgUYCSYTMR0qBRgJJhMxHSoFGAkmEzEdKgUYCSYTMR0qBRgJJhMxHSoFGAkmEzEdKgUYCSYTMR0qBRgJJhMxHSoFGAkmEzEdKgUYCSYTMR0qBRgJJhMxHSoFGAkmEzEdKgUYCSYTMR0qBRgJJhMxHSoFGAkmEzEdKgUYCSYTMR0qBRgJJhMxHSoFGAkmEzEdKgUYCSYTMR0qBRgJJhMxHSoFGAkmEzEdKgUYCSYTMR1XdmUjW3ZMbRw3IHkKPAshHDsrCQkgDyEQMig6HSkcbAU0IHQE
212.77.100.9200 OK 8.1 kB URL HTTP/2 sportowefakty.wp.pl/ZGVyLnBudSY3GzpdbQ54M3RDbg0yHQU0MA48TG5XBWVsWxMxHSoFGAkmEzEdKgUYCSYTMR0qBRgJJhMxHSoFGAkmEzEdKgUYCSYTMR0qBRgJJhMxHSoFGAkmEzEdKgUYCSYTMR0qBRgJJhMxHSoFGAkmEzEdKgUYCSYTMR0qBRgJJhMxHSoFGAkmEzEdKgUYCSYTMR0qBRgJJhMxHSoFGAkmEzEdKgUYCSYTMR0qBRgJJhMxHSoFGAkmEzEdKgUYCSYTMR0qBRgJJhMxHSoFGAkmEzEdKgUYCSYTMR0qBRgJJhMxHSoFGAkmEzEdKgUYCSYTMR0qBRgJJhMxHSoFGAkmEzEdKgUYCSYTMR0qBRgJJhMxHSoFGAkmEzEdKgUYCSYTMR0qBRgJJhMxHSoFGAkmEzEdKgUYCSYTMR0qBRgJJhMxHSoFGAkmEzEdKgUYCSYTMR0qBRgJJhMxHSoFGAkmEzEdKgUYCSYTMR0qBRgJJhMxHSoFGAkmEzEdKgUYCSYTMR0qBRgJJhMxHSoFGAkmEzEdKgUYCSYTMR0qBRgJJhMxHSoFGAkmEzEdKgUYCSYTMR0qBRgJJhMxHSoFGAkmEzEdKgUYCSYTMR0qBRgJJhMxHSoFGAkmEzEdKgUYCSYTMR0qBRgJJhMxHSoFGAkmEzEdKgUYCSYTMR0qBRgJJhMxHSoFGAkmEzEdKgUYCSYTMR0qBRgJJhMxHSoFGAkmEzEdKgUYCSYTMR0qBRgJJhMxHSoFGAkmEzEdKgUYCSYTMR0qBRgJJhMxHSoFGAkmEzEdKgUYCSYTMR0qBRgJJhMxHSoFGAkmEzEdKgUYCSYTMR0qBRgJJhMxHSoFGAkmEzEdKgUYCSYTMR1XdmUjW3ZMbRw3IHkKPAshHDsrCQkgDyEQMig6HSkcbAU0IHQE
IP 212.77.100.9:0
ASN #12827 Wirtualna Polska Media S.A.
File type PNG image data, 720 x 100, 8-bit colormap, non-interlaced\012- data
Hash e4fe950a53b59a0ef52fd79d5ed16a3d
7687d0612500d4ef0f15ef97f990e0892805e637
89b15285139281e32388ec612b4fe9a3d6481d2871d8578b320a9b15de285d31
GET /ZGVyLnBudSY3GzpdbQ54M3RDbg0yHQU0MA48TG5XBWVsWxMxHSoFGAkmEzEdKgUYCSYTMR0qBRgJJhMxHSoFGAkmEzEdKgUYCSYTMR0qBRgJJhMxHSoFGAkmEzEdKgUYCSYTMR0qBRgJJhMxHSoFGAkmEzEdKgUYCSYTMR0qBRgJJhMxHSoFGAkmEzEdKgUYCSYTMR0qBRgJJhMxHSoFGAkmEzEdKgUYCSYTMR0qBRgJJhMxHSoFGAkmEzEdKgUYCSYTMR0qBRgJJhMxHSoFGAkmEzEdKgUYCSYTMR0qBRgJJhMxHSoFGAkmEzEdKgUYCSYTMR0qBRgJJhMxHSoFGAkmEzEdKgUYCSYTMR0qBRgJJhMxHSoFGAkmEzEdKgUYCSYTMR0qBRgJJhMxHSoFGAkmEzEdKgUYCSYTMR0qBRgJJhMxHSoFGAkmEzEdKgUYCSYTMR0qBRgJJhMxHSoFGAkmEzEdKgUYCSYTMR0qBRgJJhMxHSoFGAkmEzEdKgUYCSYTMR0qBRgJJhMxHSoFGAkmEzEdKgUYCSYTMR0qBRgJJhMxHSoFGAkmEzEdKgUYCSYTMR0qBRgJJhMxHSoFGAkmEzEdKgUYCSYTMR0qBRgJJhMxHSoFGAkmEzEdKgUYCSYTMR0qBRgJJhMxHSoFGAkmEzEdKgUYCSYTMR0qBRgJJhMxHSoFGAkmEzEdKgUYCSYTMR0qBRgJJhMxHSoFGAkmEzEdKgUYCSYTMR0qBRgJJhMxHSoFGAkmEzEdKgUYCSYTMR0qBRgJJhMxHSoFGAkmEzEdKgUYCSYTMR0qBRgJJhMxHSoFGAkmEzEdKgUYCSYTMR0qBRgJJhMxHSoFGAkmEzEdKgUYCSYTMR1XdmUjW3ZMbRw3IHkKPAshHDsrCQkgDyEQMig6HSkcbAU0IHQE HTTP/1.1
Host: sportowefakty.wp.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 10:25:36 GMT
content-type: image/png
content-length: 8105
last-modified: Thu, 17 Jun 2021 11:57:29 GMT
x-rgw-object-type: Normal
etag: "e4fe950a53b59a0ef52fd79d5ed16a3d"
timing-allow-origin: *
accept-ranges: bytes
x-robots-tag: noindex,nofollow
accept-ch: device-memory, dpr, width, viewport-width, rtt, downlink, ect, sec-ch-ua, sec-ch-ua-platform, sec-ch-ua-mobile, sec-ch-ua-full-version-list, sec-ch-ua-platform-version, sec-ch-ua-arch, sec-ch-ua-bitness, sec-ch-ua-model
accept-ch-lifetime: 604800
X-Firefox-Spdy: h2
u.openx.net/w/1.0/pd?gdpr=1&gdpr_consent=CPdYzQAPdYzQABIACCPLCbCgAP_AAH_AAB5YI8Nd_X__bW9j-_5_aft0eY1P9_r37uQzDhfNk-8F3L_W_LwX52E7NF36pq4KmR4Eu1LBIQNlHMHUDUmwaokVrzHsak2cpyNKJ7JEknMZO2dYGF9Pn1tjuYKY7_5_9_bx2D-t_9_-39T378Xf3_dp_2_-_vCfV599jfn9fV_789KP9_79v-_8__________3_7BHYAkw1biALsSxwJtAwihRAjCsJCqBQAQUAwtEFgA4OCnZWAT6whYAIBQBGBECHEFGDAIABAIAkIgAkCLBAIgCIBAACABEAhAARMAgsALAwCAAEA0LFAKAAQJCDIgIjlMCAiBIKCWysQSgr0NMIA6ywAoNEbFQAIkAAFICAkLBwDBEgJeLJAkxRvkAIwQoBRKgAAAAA.YAAAAAAAAAAA
35.244.159.8302 Found 0 B URL HTTP/2 u.openx.net/w/1.0/pd?gdpr=1&gdpr_consent=CPdYzQAPdYzQABIACCPLCbCgAP_AAH_AAB5YI8Nd_X__bW9j-_5_aft0eY1P9_r37uQzDhfNk-8F3L_W_LwX52E7NF36pq4KmR4Eu1LBIQNlHMHUDUmwaokVrzHsak2cpyNKJ7JEknMZO2dYGF9Pn1tjuYKY7_5_9_bx2D-t_9_-39T378Xf3_dp_2_-_vCfV599jfn9fV_789KP9_79v-_8__________3_7BHYAkw1biALsSxwJtAwihRAjCsJCqBQAQUAwtEFgA4OCnZWAT6whYAIBQBGBECHEFGDAIABAIAkIgAkCLBAIgCIBAACABEAhAARMAgsALAwCAAEA0LFAKAAQJCDIgIjlMCAiBIKCWysQSgr0NMIA6ywAoNEbFQAIkAAFICAkLBwDBEgJeLJAkxRvkAIwQoBRKgAAAAA.YAAAAAAAAAAA
IP 35.244.159.8:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /w/1.0/pd?gdpr=1&gdpr_consent=CPdYzQAPdYzQABIACCPLCbCgAP_AAH_AAB5YI8Nd_X__bW9j-_5_aft0eY1P9_r37uQzDhfNk-8F3L_W_LwX52E7NF36pq4KmR4Eu1LBIQNlHMHUDUmwaokVrzHsak2cpyNKJ7JEknMZO2dYGF9Pn1tjuYKY7_5_9_bx2D-t_9_-39T378Xf3_dp_2_-_vCfV599jfn9fV_789KP9_79v-_8__________3_7BHYAkw1biALsSxwJtAwihRAjCsJCqBQAQUAwtEFgA4OCnZWAT6whYAIBQBGBECHEFGDAIABAIAkIgAkCLBAIgCIBAACABEAhAARMAgsALAwCAAEA0LFAKAAQJCDIgIjlMCAiBIKCWysQSgr0NMIA6ywAoNEbFQAIkAAFICAkLBwDBEgJeLJAkxRvkAIwQoBRKgAAAAA.YAAAAAAAAAAA HTTP/1.1
Host: u.openx.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
set-cookie: i=ec13b86f-5396-4a7b-b729-8600ad75fc48|1664879136; Version=1; Expires=Wed, 04-Oct-2023 10:25:36 GMT; Max-Age=31536000; Domain=.openx.net; Path=/
server: OXGW/0.0.0
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://u.openx.net/w/1.0/pd?cc=1&gdpr=1&gdpr_consent=CPdYzQAPdYzQABIACCPLCbCgAP_AAH_AAB5YI8Nd_X__bW9j-_5_aft0eY1P9_r37uQzDhfNk-8F3L_W_LwX52E7NF36pq4KmR4Eu1LBIQNlHMHUDUmwaokVrzHsak2cpyNKJ7JEknMZO2dYGF9Pn1tjuYKY7_5_9_bx2D-t_9_-39T378Xf3_dp_2_-_vCfV599jfn9fV_789KP9_79v-_8__________3_7BHYAkw1biALsSxwJtAwihRAjCsJCqBQAQUAwtEFgA4OCnZWAT6whYAIBQBGBECHEFGDAIABAIAkIgAkCLBAIgCIBAACABEAhAARMAgsALAwCAAEA0LFAKAAQJCDIgIjlMCAiBIKCWysQSgr0NMIA6ywAoNEbFQAIkAAFICAkLBwDBEgJeLJAkxRvkAIwQoBRKgAAAAA.YAAAAAAAAAAA
date: Tue, 04 Oct 2022 10:25:36 GMT
content-length: 0
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
status.geotrust.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash a5358101ee9b2c2034556a787bbcd975
9c3a82dc6dff651d19513fc15861b96f124fe86c
c1ab7a663829eb3e1d98fb6748fb672996ce9b46b0af05d81d178b01c94adf47
POST / HTTP/1.1
Host: status.geotrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3030
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 10:25:36 GMT
Last-Modified: Tue, 04 Oct 2022 09:35:06 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471
u.openx.net/w/1.0/pd?gdpr=1&gdpr_consent=CPdYzQAPdYzQABIACCPLCbCgAP_AAH_AAB5YI8Nd_X__bW9j-_5_aft0eY1P9_r37uQzDhfNk-8F3L_W_LwX52E7NF36pq4KmR4Eu1LBIQNlHMHUDUmwaokVrzHsak2cpyNKJ7JEknMZO2dYGF9Pn1tjuYKY7_5_9_bx2D-t_9_-39T378Xf3_dp_2_-_vCfV599jfn9fV_789KP9_79v-_8__________3_7BHYAkw1biALsSxwJtAwihRAjCsJCqBQAQUAwtEFgA4OCnZWAT6whYAIBQBGBECHEFGDAIABAIAkIgAkCLBAIgCIBAACABEAhAARMAgsALAwCAAEA0LFAKAAQJCDIgIjlMCAiBIKCWysQSgr0NMIA6ywAoNEbFQAIkAAFICAkLBwDBEgJeLJAkxRvkAIwQoBRKgAAAAA.YAAAAAAAAAAA
35.244.159.8302 Found 0 B URL HTTP/2 u.openx.net/w/1.0/pd?gdpr=1&gdpr_consent=CPdYzQAPdYzQABIACCPLCbCgAP_AAH_AAB5YI8Nd_X__bW9j-_5_aft0eY1P9_r37uQzDhfNk-8F3L_W_LwX52E7NF36pq4KmR4Eu1LBIQNlHMHUDUmwaokVrzHsak2cpyNKJ7JEknMZO2dYGF9Pn1tjuYKY7_5_9_bx2D-t_9_-39T378Xf3_dp_2_-_vCfV599jfn9fV_789KP9_79v-_8__________3_7BHYAkw1biALsSxwJtAwihRAjCsJCqBQAQUAwtEFgA4OCnZWAT6whYAIBQBGBECHEFGDAIABAIAkIgAkCLBAIgCIBAACABEAhAARMAgsALAwCAAEA0LFAKAAQJCDIgIjlMCAiBIKCWysQSgr0NMIA6ywAoNEbFQAIkAAFICAkLBwDBEgJeLJAkxRvkAIwQoBRKgAAAAA.YAAAAAAAAAAA
IP 35.244.159.8:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /w/1.0/pd?gdpr=1&gdpr_consent=CPdYzQAPdYzQABIACCPLCbCgAP_AAH_AAB5YI8Nd_X__bW9j-_5_aft0eY1P9_r37uQzDhfNk-8F3L_W_LwX52E7NF36pq4KmR4Eu1LBIQNlHMHUDUmwaokVrzHsak2cpyNKJ7JEknMZO2dYGF9Pn1tjuYKY7_5_9_bx2D-t_9_-39T378Xf3_dp_2_-_vCfV599jfn9fV_789KP9_79v-_8__________3_7BHYAkw1biALsSxwJtAwihRAjCsJCqBQAQUAwtEFgA4OCnZWAT6whYAIBQBGBECHEFGDAIABAIAkIgAkCLBAIgCIBAACABEAhAARMAgsALAwCAAEA0LFAKAAQJCDIgIjlMCAiBIKCWysQSgr0NMIA6ywAoNEbFQAIkAAFICAkLBwDBEgJeLJAkxRvkAIwQoBRKgAAAAA.YAAAAAAAAAAA HTTP/1.1
Host: u.openx.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
set-cookie: i=c4a97a0b-d3e8-4811-a40f-0dfbaaf91ca7|1664879136; Version=1; Expires=Wed, 04-Oct-2023 10:25:36 GMT; Max-Age=31536000; Domain=.openx.net; Path=/
server: OXGW/0.0.0
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://u.openx.net/w/1.0/pd?cc=1&gdpr=1&gdpr_consent=CPdYzQAPdYzQABIACCPLCbCgAP_AAH_AAB5YI8Nd_X__bW9j-_5_aft0eY1P9_r37uQzDhfNk-8F3L_W_LwX52E7NF36pq4KmR4Eu1LBIQNlHMHUDUmwaokVrzHsak2cpyNKJ7JEknMZO2dYGF9Pn1tjuYKY7_5_9_bx2D-t_9_-39T378Xf3_dp_2_-_vCfV599jfn9fV_789KP9_79v-_8__________3_7BHYAkw1biALsSxwJtAwihRAjCsJCqBQAQUAwtEFgA4OCnZWAT6whYAIBQBGBECHEFGDAIABAIAkIgAkCLBAIgCIBAACABEAhAARMAgsALAwCAAEA0LFAKAAQJCDIgIjlMCAiBIKCWysQSgr0NMIA6ywAoNEbFQAIkAAFICAkLBwDBEgJeLJAkxRvkAIwQoBRKgAAAAA.YAAAAAAAAAAA
date: Tue, 04 Oct 2022 10:25:36 GMT
content-length: 0
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
eus.rubiconproject.com/usync.js
104.88.9.101200 OK 9.4 kB URL HTTP/1.1 eus.rubiconproject.com/usync.js
IP 104.88.9.101:0
File type ASCII text, with very long lines (17962)
Hash 2a312d66a9a931c16d5fcd4814ff8735
cd907367e52483996f8e21de2c7c6c93dca2a22e
367e4a2c9d6825dc173319212a33327d444f1e25ba2e40b3875753fd52f918dd
GET /usync.js HTTP/1.1
Host: eus.rubiconproject.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/usync.html?gdpr=1&gdpr_consent=CPdYzQAPdYzQABIACCPLCbCgAP_AAH_AAB5YI8Nd_X__bW9j-_5_aft0eY1P9_r37uQzDhfNk-8F3L_W_LwX52E7NF36pq4KmR4Eu1LBIQNlHMHUDUmwaokVrzHsak2cpyNKJ7JEknMZO2dYGF9Pn1tjuYKY7_5_9_bx2D-t_9_-39T378Xf3_dp_2_-_vCfV599jfn9fV_789KP9_79v-_8__________3_7BHYAkw1biALsSxwJtAwihRAjCsJCqBQAQUAwtEFgA4OCnZWAT6whYAIBQBGBECHEFGDAIABAIAkIgAkCLBAIgCIBAACABEAhAARMAgsALAwCAAEA0LFAKAAQJCDIgIjlMCAiBIKCWysQSgr0NMIA6ywAoNEbFQAIkAAFICAkLBwDBEgJeLJAkxRvkAIwQoBRKgAAAAA.YAAAAAAAAAAA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Last-Modified: Thu, 15 Sep 2022 22:38:47 GMT
Content-Encoding: gzip
Content-Length: 9423
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=31895
Expires: Tue, 04 Oct 2022 19:17:11 GMT
Date: Tue, 04 Oct 2022 10:25:36 GMT
Connection: keep-alive
Vary: Accept-Encoding
u.openx.net/w/1.0/pd?cc=1&gdpr=1&gdpr_consent=CPdYzQAPdYzQABIACCPLCbCgAP_AAH_AAB5YI8Nd_X__bW9j-_5_aft0eY1P9_r37uQzDhfNk-8F3L_W_LwX52E7NF36pq4KmR4Eu1LBIQNlHMHUDUmwaokVrzHsak2cpyNKJ7JEknMZO2dYGF9Pn1tjuYKY7_5_9_bx2D-t_9_-39T378Xf3_dp_2_-_vCfV599jfn9fV_789KP9_79v-_8__________3_7BHYAkw1biALsSxwJtAwihRAjCsJCqBQAQUAwtEFgA4OCnZWAT6whYAIBQBGBECHEFGDAIABAIAkIgAkCLBAIgCIBAACABEAhAARMAgsALAwCAAEA0LFAKAAQJCDIgIjlMCAiBIKCWysQSgr0NMIA6ywAoNEbFQAIkAAFICAkLBwDBEgJeLJAkxRvkAIwQoBRKgAAAAA.YAAAAAAAAAAA
35.244.159.8200 OK 70 B URL HTTP/2 u.openx.net/w/1.0/pd?cc=1&gdpr=1&gdpr_consent=CPdYzQAPdYzQABIACCPLCbCgAP_AAH_AAB5YI8Nd_X__bW9j-_5_aft0eY1P9_r37uQzDhfNk-8F3L_W_LwX52E7NF36pq4KmR4Eu1LBIQNlHMHUDUmwaokVrzHsak2cpyNKJ7JEknMZO2dYGF9Pn1tjuYKY7_5_9_bx2D-t_9_-39T378Xf3_dp_2_-_vCfV599jfn9fV_789KP9_79v-_8__________3_7BHYAkw1biALsSxwJtAwihRAjCsJCqBQAQUAwtEFgA4OCnZWAT6whYAIBQBGBECHEFGDAIABAIAkIgAkCLBAIgCIBAACABEAhAARMAgsALAwCAAEA0LFAKAAQJCDIgIjlMCAiBIKCWysQSgr0NMIA6ywAoNEbFQAIkAAFICAkLBwDBEgJeLJAkxRvkAIwQoBRKgAAAAA.YAAAAAAAAAAA
IP 35.244.159.8:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 55539b4bd74de326b7788021dc27716a
e51cbb48f20aebe9d5052e165e3fff36d9db3dac
33b1cd5ba05ecd1eda18181467e8f48940d5a435ae91fca88c8cd7c4aed6d283
GET /w/1.0/pd?cc=1&gdpr=1&gdpr_consent=CPdYzQAPdYzQABIACCPLCbCgAP_AAH_AAB5YI8Nd_X__bW9j-_5_aft0eY1P9_r37uQzDhfNk-8F3L_W_LwX52E7NF36pq4KmR4Eu1LBIQNlHMHUDUmwaokVrzHsak2cpyNKJ7JEknMZO2dYGF9Pn1tjuYKY7_5_9_bx2D-t_9_-39T378Xf3_dp_2_-_vCfV599jfn9fV_789KP9_79v-_8__________3_7BHYAkw1biALsSxwJtAwihRAjCsJCqBQAQUAwtEFgA4OCnZWAT6whYAIBQBGBECHEFGDAIABAIAkIgAkCLBAIgCIBAACABEAhAARMAgsALAwCAAEA0LFAKAAQJCDIgIjlMCAiBIKCWysQSgr0NMIA6ywAoNEbFQAIkAAFICAkLBwDBEgJeLJAkxRvkAIwQoBRKgAAAAA.YAAAAAAAAAAA HTTP/1.1
Host: u.openx.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wp-pl.eu/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
vary: Accept, Accept-Encoding
server: OXGW/0.0.0
date: Tue, 04 Oct 2022 10:25:36 GMT
content-type: text/html
content-length: 70
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.wpcdn.pl/roboto/woff2/RobotoCondensed-Regular.woff2
212.77.98.32200 OK 18 kB URL HTTP/2 fonts.wpcdn.pl/roboto/woff2/RobotoCondensed-Regular.woff2
IP 212.77.98.32:0
ASN #12827 Wirtualna Polska Media S.A.
File type Web Open Font Format (Version 2), TrueType, length 18452, version 2.0\012- data
Hash 4b7772fba3bc5418c2ea8eac76a1b1c4
95d8002342eb58e6ef7dc5a62cd58c0b5304e026
7134987e37934d17a5b351e3f0af4a2b500061ed3e5da234c74e5f83aa7375fa
GET /roboto/woff2/RobotoCondensed-Regular.woff2 HTTP/1.1
Host: fonts.wpcdn.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://wp-pl.eu
Connection: keep-alive
Referer: https://wp-pl.eu/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 10:25:36 GMT
content-type: application/octet-stream
content-length: 18452
last-modified: Thu, 09 Aug 2018 08:18:17 GMT
x-rgw-object-type: Normal
etag: "4b7772fba3bc5418c2ea8eac76a1b1c4"
cache-control: max-age=31536000
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET
access-control-max-age: 300
timing-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fwp-pl.eu%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
104.18.19.126302 Found 0 B URL HTTP/2 ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fwp-pl.eu%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
IP 104.18.19.126:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /usermatch?d=https%3A%2F%2Fwp-pl.eu%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F HTTP/1.1
Host: ssum-sec.casalemedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://js-sec.indexww.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Tue, 04 Oct 2022 10:25:36 GMT
content-length: 0
location: /usermatch?d=https%3A%2F%2Fwp-pl.eu%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
cf-ray: 754d36e8ce50b51d-OSL
cache-control: no-cache
expires: 0
cf-cache-status: DYNAMIC
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma: no-cache
set-cookie: CMID=YzwKIGnjowsbEWPGG4iNBAAA; Path=/; Domain=casalemedia.com; Expires=Wed, 04 Oct 2023 10:25:36 GMT; Max-Age=31536000; Secure; SameSite=None
CMPS=4384; Path=/; Domain=casalemedia.com; Expires=Mon, 02 Jan 2023 10:25:36 GMT; Max-Age=7776000; Secure; SameSite=None
CMPRO=4384; Path=/; Domain=casalemedia.com; Expires=Mon, 02 Jan 2023 10:25:36 GMT; Max-Age=7776000; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M5KFr99ioTv%2Bt2r9FbToTkaIHAi4um4F8hP%2FEQKHhQREwV0N%2FPGhDe9fwAIvhkUrjoumvIBKHq8IZ%2F1GiBIiMPGKnzrtomjJpfrUu8Rx7MK860nsravKq98jTLKiaEuxePcvQBptS9sWPg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.wpcdn.pl/roboto/woff2/RobotoCondensed-Bold.woff2
212.77.98.32200 OK 18 kB URL HTTP/2 fonts.wpcdn.pl/roboto/woff2/RobotoCondensed-Bold.woff2
IP 212.77.98.32:0
ASN #12827 Wirtualna Polska Media S.A.
File type Web Open Font Format (Version 2), TrueType, length 18228, version 2.0\012- data
Hash 052485ad2a68e98ea225dc9280dbdcd6
4036fa4eedb6cd9509f8f00d74c484b537e1a2b3
200cc35f2a32c2c915db346c9363d68e2d45001fb4073151a4a7850d8fb130f0
GET /roboto/woff2/RobotoCondensed-Bold.woff2 HTTP/1.1
Host: fonts.wpcdn.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://wp-pl.eu
Connection: keep-alive
Referer: https://wp-pl.eu/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 10:25:36 GMT
content-type: application/octet-stream
content-length: 18228
last-modified: Thu, 09 Aug 2018 08:18:08 GMT
x-rgw-object-type: Normal
etag: "052485ad2a68e98ea225dc9280dbdcd6"
cache-control: max-age=31536000
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET
access-control-max-age: 300
timing-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 123c2efbf06cb624b76690d8bb59f94d
76c1a7b36c78c6b8d53b54073111004da6891fe8
e69513023b03f7bc982ede0b8b4d255ea087bed95cb97d3a46aadef19f627897
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4405
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 10:25:36 GMT
Last-Modified: Tue, 04 Oct 2022 09:12:11 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 471
ads.pubmatic.com/AdServer/js/user_sync.html?p=156077&gdpr=1&gdpr_consent=CPdYzQAPdYzQABIACCPLCbCgAP_AAH_AAB5YI8Nd_X__bW9j-_5_aft0eY1P9_r37uQzDhfNk-8F3L_W_LwX52E7NF36pq4KmR4Eu1LBIQNlHMHUDUmwaokVrzHsak2cpyNKJ7JEknMZO2dYGF9Pn1tjuYKY7_5_9_bx2D-t_9_-39T378Xf3_dp_2_-_vCfV599jfn9fV_789KP9_79v-_8__________3_7BHYAkw1biALsSxwJtAwihRAjCsJCqBQAQUAwtEFgA4OCnZWAT6whYAIBQBGBECHEFGDAIABAIAkIgAkCLBAIgCIBAACABEAhAARMAgsALAwCAAEA0LFAKAAQJCDIgIjlMCAiBIKCWysQSgr0NMIA6ywAoNEbFQAIkAAFICAkLBwDBEgJeLJAkxRvkAIwQoBRKgAAAAA.YAAAAAAAAAAA&predirect=https%3A%2F%2Fsync.connectad.io%2Fumatch%2F1%3Fdataid%3Ddata1%26uuid%3D
23.38.200.201200 OK 5.5 kB URL HTTP/2 ads.pubmatic.com/AdServer/js/user_sync.html?p=156077&gdpr=1&gdpr_consent=CPdYzQAPdYzQABIACCPLCbCgAP_AAH_AAB5YI8Nd_X__bW9j-_5_aft0eY1P9_r37uQzDhfNk-8F3L_W_LwX52E7NF36pq4KmR4Eu1LBIQNlHMHUDUmwaokVrzHsak2cpyNKJ7JEknMZO2dYGF9Pn1tjuYKY7_5_9_bx2D-t_9_-39T378Xf3_dp_2_-_vCfV599jfn9fV_789KP9_79v-_8__________3_7BHYAkw1biALsSxwJtAwihRAjCsJCqBQAQUAwtEFgA4OCnZWAT6whYAIBQBGBECHEFGDAIABAIAkIgAkCLBAIgCIBAACABEAhAARMAgsALAwCAAEA0LFAKAAQJCDIgIjlMCAiBIKCWysQSgr0NMIA6ywAoNEbFQAIkAAFICAkLBwDBEgJeLJAkxRvkAIwQoBRKgAAAAA.YAAAAAAAAAAA&predirect=https%3A%2F%2Fsync.connectad.io%2Fumatch%2F1%3Fdataid%3Ddata1%26uuid%3D
IP 23.38.200.201:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (15844), with no line terminators
Hash 7725e8e949141c8ded449d86975d4c04
8cd8c314a2002cc26f821d331ab9512f52a551a2
a0c49aacf6f552bce544eb8516404f696918253cd934a6404ebeafd71f8780ae
GET /AdServer/js/user_sync.html?p=156077&gdpr=1&gdpr_consent=CPdYzQAPdYzQABIACCPLCbCgAP_AAH_AAB5YI8Nd_X__bW9j-_5_aft0eY1P9_r37uQzDhfNk-8F3L_W_LwX52E7NF36pq4KmR4Eu1LBIQNlHMHUDUmwaokVrzHsak2cpyNKJ7JEknMZO2dYGF9Pn1tjuYKY7_5_9_bx2D-t_9_-39T378Xf3_dp_2_-_vCfV599jfn9fV_789KP9_79v-_8__________3_7BHYAkw1biALsSxwJtAwihRAjCsJCqBQAQUAwtEFgA4OCnZWAT6whYAIBQBGBECHEFGDAIABAIAkIgAkCLBAIgCIBAACABEAhAARMAgsALAwCAAEA0LFAKAAQJCDIgIjlMCAiBIKCWysQSgr0NMIA6ywAoNEbFQAIkAAFICAkLBwDBEgJeLJAkxRvkAIwQoBRKgAAAAA.YAAAAAAAAAAA&predirect=https%3A%2F%2Fsync.connectad.io%2Fumatch%2F1%3Fdataid%3Ddata1%26uuid%3D HTTP/1.1
Host: ads.pubmatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sync-eu.connectad.io/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 01 Feb 2022 06:38:00 GMT
etag: "1300708-3de4-5d6ef246ef4cf"
server: Apache
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 5549
content-type: text/html; charset=UTF-8
cache-control: max-age=56469
expires: Wed, 05 Oct 2022 02:06:45 GMT
date: Tue, 04 Oct 2022 10:25:36 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2
sfwp.wpcdn.pl/fonts/icomoon.ttf?-nexwq6&ver=1
212.77.98.32200 OK 44 kB URL HTTP/2 sfwp.wpcdn.pl/fonts/icomoon.ttf?-nexwq6&ver=1
IP 212.77.98.32:0
ASN #12827 Wirtualna Polska Media S.A.
File type TrueType Font data, 11 tables, 1st "OS/2", 14 names, Macintosh, type 1 string, icomoon \012- data
Hash 30c02fba886b2e222d7a50a21c25309c
f25d14f639f8b46bb4d4042fbea92e0ca4bfc95d
e9330ef6800936534b68d9a088618526547205914e83ed8d637492e4d43de862
GET /fonts/icomoon.ttf?-nexwq6&ver=1 HTTP/1.1
Host: sfwp.wpcdn.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://wp-pl.eu
Connection: keep-alive
Referer: https://wp-pl.eu/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 10:25:36 GMT
content-type: application/octet-stream
content-length: 44424
last-modified: Tue, 07 Aug 2018 06:02:32 GMT
x-rgw-object-type: Normal
etag: "30c02fba886b2e222d7a50a21c25309c"
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET
access-control-max-age: 300
timing-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fwp-pl.eu%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
104.18.19.126302 Found 0 B URL HTTP/2 ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fwp-pl.eu%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
IP 104.18.19.126:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /usermatch?d=https%3A%2F%2Fwp-pl.eu%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F HTTP/1.1
Host: ssum-sec.casalemedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://js-sec.indexww.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Tue, 04 Oct 2022 10:25:36 GMT
content-length: 0
location: /usermatch?d=https%3A%2F%2Fwp-pl.eu%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
cf-ray: 754d36e93f19b51d-OSL
cache-control: no-cache
expires: 0
cf-cache-status: DYNAMIC
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma: no-cache
set-cookie: CMID=YzwKIIJWDm8sQeAylJ-eZQAA; Path=/; Domain=casalemedia.com; Expires=Wed, 04 Oct 2023 10:25:36 GMT; Max-Age=31536000; Secure; SameSite=None
CMPS=4531; Path=/; Domain=casalemedia.com; Expires=Mon, 02 Jan 2023 10:25:36 GMT; Max-Age=7776000; Secure; SameSite=None
CMPRO=4531; Path=/; Domain=casalemedia.com; Expires=Mon, 02 Jan 2023 10:25:36 GMT; Max-Age=7776000; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NzmhY%2BJWhkCa1XG8aNCH%2FDUFU%2BEtLkUMN9apQjFDNXbVkFYUn6C9ujDd4cKLPbC1g12v9xsPE3VqyEo1cN2sNiTW61SJNrTtNth3V2Faf3cBRBuwCGQ3hQ5R2SCMJDJhzmJ5xeNnR33Trg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fwp-pl.eu%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
104.18.19.126302 Found 0 B URL HTTP/2 ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fwp-pl.eu%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
IP 104.18.19.126:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /usermatch?d=https%3A%2F%2Fwp-pl.eu%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F HTTP/1.1
Host: ssum-sec.casalemedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://js-sec.indexww.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Tue, 04 Oct 2022 10:25:36 GMT
content-length: 0
location: /usermatch?d=https%3A%2F%2Fwp-pl.eu%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
cf-ray: 754d36e94f1bb51d-OSL
cache-control: no-cache
expires: 0
cf-cache-status: DYNAMIC
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma: no-cache
set-cookie: CMID=YzwKILNYoEaHa-oSOhvNaAAA; Path=/; Domain=casalemedia.com; Expires=Wed, 04 Oct 2023 10:25:36 GMT; Max-Age=31536000; Secure; SameSite=None
CMPS=4413; Path=/; Domain=casalemedia.com; Expires=Mon, 02 Jan 2023 10:25:36 GMT; Max-Age=7776000; Secure; SameSite=None
CMPRO=4413; Path=/; Domain=casalemedia.com; Expires=Mon, 02 Jan 2023 10:25:36 GMT; Max-Age=7776000; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ERHctTyzvPf58mzmg1hsWYVXCOHzNS6OK4YGz1QSFXWu8Ndymhu2fT%2BitEeZdukJKS3ISFwHJBi0CvpfmqStAbGRn6FxAs7tKmxyvBNz8%2F5jMxzdymcc5K2eJ66Tu9YPmz6uo5jNac2BUA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fwp-pl.eu%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
104.18.19.126302 Found 0 B URL HTTP/2 ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fwp-pl.eu%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
IP 104.18.19.126:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /usermatch?d=https%3A%2F%2Fwp-pl.eu%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F HTTP/1.1
Host: ssum-sec.casalemedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://js-sec.indexww.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Tue, 04 Oct 2022 10:25:36 GMT
content-length: 0
location: /usermatch?d=https%3A%2F%2Fwp-pl.eu%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
cf-ray: 754d36e94f1db51d-OSL
cache-control: no-cache
expires: 0
cf-cache-status: DYNAMIC
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma: no-cache
set-cookie: CMID=YzwKIN2R9sjhkFIbMd6DDwAA; Path=/; Domain=casalemedia.com; Expires=Wed, 04 Oct 2023 10:25:36 GMT; Max-Age=31536000; Secure; SameSite=None
CMPS=4408; Path=/; Domain=casalemedia.com; Expires=Mon, 02 Jan 2023 10:25:36 GMT; Max-Age=7776000; Secure; SameSite=None
CMPRO=4408; Path=/; Domain=casalemedia.com; Expires=Mon, 02 Jan 2023 10:25:36 GMT; Max-Age=7776000; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4A4beSBhSvQpsc45LsLhhbiFFo9MNhJNaBuytuNy7ISjsoDT3bTD38VjkTxF2xEBJE4hp2fa%2BZOp4y%2FzDBPMVGE3EicIBwLQuoiRdhgCAOS81LFYaPgzLtJArHArOiUNk6chIvQeYBrmcA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
image6.pubmatic.com/AdServer/UCookieSetPug?oid=2&cb=PubMatic._uidCB
185.64.190.78200 OK 60 B URL HTTP/2 image6.pubmatic.com/AdServer/UCookieSetPug?oid=2&cb=PubMatic._uidCB
IP 185.64.190.78:0
File type ASCII text, with no line terminators
Hash d1a99ccdba210697ac569eb52ebe869d
856ea3c21c25db4d83733ef0982dd59c4505cd45
dec2ffadf50c71e70ce6d3987a2050ae54d6fbd79a0f2b786e03874de22f48b6
GET /AdServer/UCookieSetPug?oid=2&cb=PubMatic._uidCB HTTP/1.1
Host: image6.pubmatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.pubmatic.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
cache-control: private
content-type: text/html; charset=UTF-8
expires: Mon, 2 Jan 2023 01:51:58 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date: Tue, 04 Oct 2022 10:25:35 GMT
content-length: 60
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto:300,400,500,700,900;subset=latin-ext
142.250.74.10200 OK 1.4 kB URL HTTP/2 fonts.googleapis.com/css?family=Roboto:300,400,500,700,900;subset=latin-ext
IP 142.250.74.10:0
File type ASCII text, with very long lines (1179)
Hash ea2940436e5b3560262197918594af77
89e0219875586c20d87bae812e833c95dd4c39ea
cbfcd330cf3ad06fb7cab22d75a558b179b03c1a84da2d3c796d862abf3d3c4a
GET /css?family=Roboto:300,400,500,700,900;subset=latin-ext HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 04 Oct 2022 10:25:35 GMT
date: Tue, 04 Oct 2022 10:25:35 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 20dd3ab6f6bc52a8ea8a1ce544b9d7e7
e96cef0aff3d5dac87fa3a22d50414120aef4ebd
bb9257bee878bbcff510e1781dd55bda4147b6a033c3dbae30e8448a60a2ef3c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5024
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 10:25:36 GMT
Last-Modified: Tue, 04 Oct 2022 09:01:52 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 471
sportowefakty.wp.pl/static/img/favicon.png
212.77.100.9200 OK 6.1 kB URL HTTP/2 sportowefakty.wp.pl/static/img/favicon.png
IP 212.77.100.9:0
ASN #12827 Wirtualna Polska Media S.A.
File type PNG image data, 144 x 144, 8-bit colormap, non-interlaced\012- data
Hash c07b308ac97eae94e909df821d33e756
068ff704a69f876f6cfdc5fbe282d932154ae5d6
d92c3371fce11b51a48dd81f51dc3066d45545b44994f4ceb58e27c9d57537f8
GET /static/img/favicon.png HTTP/1.1
Host: sportowefakty.wp.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 10:25:36 GMT
content-type: image/png
content-length: 6131
last-modified: Mon, 03 Oct 2022 10:22:38 GMT
etag: "633ab7ee-17f3"
cache-control: public, max-age=900
vary: Accept-Encoding,Origin
x-cache-status: HIT
access-control-allow-credentials: true
set-cookie: STabid=ca1a28c74d720ab664a32e4180f20270:1664879136.271:v1; path=/; Max-Age=31536000
STabnoid=1; path=/
accept-ranges: bytes
accept-ch: device-memory, dpr, width, viewport-width, rtt, downlink, ect, sec-ch-ua, sec-ch-ua-platform, sec-ch-ua-mobile, sec-ch-ua-full-version-list, sec-ch-ua-platform-version, sec-ch-ua-arch, sec-ch-ua-bitness, sec-ch-ua-model
accept-ch-lifetime: 604800
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 38ea1e4d24ca95b2f1da26f24df03559
bd5d4ca979822e0bc5b3e8d5e4a4617f276057e0
82123bf409adc45c0a830654ad76d954f44e4a8aae01ecebbfe769259096cdf3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5416
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 10:25:36 GMT
Last-Modified: Tue, 04 Oct 2022 08:55:21 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 471
cm.adform.net/cookie?redirect_url=https%3A%2F%2Fsync.connectad.io%2Fumatch%2F1%3Fbidder%3Dadform%26dataid%3Ddata4%26uuid%3D%24UID
37.157.6.247200 OK 43 B URL HTTP/2 cm.adform.net/cookie?redirect_url=https%3A%2F%2Fsync.connectad.io%2Fumatch%2F1%3Fbidder%3Dadform%26dataid%3Ddata4%26uuid%3D%24UID
IP 37.157.6.247:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
GET /cookie?redirect_url=https%3A%2F%2Fsync.connectad.io%2Fumatch%2F1%3Fbidder%3Dadform%26dataid%3Ddata4%26uuid%3D%24UID HTTP/1.1
Host: cm.adform.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sync-eu.connectad.io/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 10:25:36 GMT
content-type: image/gif
content-length: 43
X-Firefox-Spdy: h2
ssum.casalemedia.com/usermatch?s=190906&gdpr=1&gdpr_consent=CPdYzQAPdYzQABIACCPLCbCgAP_AAH_AAB5YI8Nd_X__bW9j-_5_aft0eY1P9_r37uQzDhfNk-8F3L_W_LwX52E7NF36pq4KmR4Eu1LBIQNlHMHUDUmwaokVrzHsak2cpyNKJ7JEknMZO2dYGF9Pn1tjuYKY7_5_9_bx2D-t_9_-39T378Xf3_dp_2_-_vCfV599jfn9fV_789KP9_79v-_8__________3_7BHYAkw1biALsSxwJtAwihRAjCsJCqBQAQUAwtEFgA4OCnZWAT6whYAIBQBGBECHEFGDAIABAIAkIgAkCLBAIgCIBAACABEAhAARMAgsALAwCAAEA0LFAKAAQJCDIgIjlMCAiBIKCWysQSgr0NMIA6ywAoNEbFQAIkAAFICAkLBwDBEgJeLJAkxRvkAIwQoBRKgAAAAA.YAAAAAAAAAAA&cb=https%3A%2F%2Fsync.connectad.io%2Fumatch%2F1%3Fbidder%3Didx%26dataid%3Ddata13%26uuid%3D
104.18.19.126302 Found 0 B URL HTTP/2 ssum.casalemedia.com/usermatch?s=190906&gdpr=1&gdpr_consent=CPdYzQAPdYzQABIACCPLCbCgAP_AAH_AAB5YI8Nd_X__bW9j-_5_aft0eY1P9_r37uQzDhfNk-8F3L_W_LwX52E7NF36pq4KmR4Eu1LBIQNlHMHUDUmwaokVrzHsak2cpyNKJ7JEknMZO2dYGF9Pn1tjuYKY7_5_9_bx2D-t_9_-39T378Xf3_dp_2_-_vCfV599jfn9fV_789KP9_79v-_8__________3_7BHYAkw1biALsSxwJtAwihRAjCsJCqBQAQUAwtEFgA4OCnZWAT6whYAIBQBGBECHEFGDAIABAIAkIgAkCLBAIgCIBAACABEAhAARMAgsALAwCAAEA0LFAKAAQJCDIgIjlMCAiBIKCWysQSgr0NMIA6ywAoNEbFQAIkAAFICAkLBwDBEgJeLJAkxRvkAIwQoBRKgAAAAA.YAAAAAAAAAAA&cb=https%3A%2F%2Fsync.connectad.io%2Fumatch%2F1%3Fbidder%3Didx%26dataid%3Ddata13%26uuid%3D
IP 104.18.19.126:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /usermatch?s=190906&gdpr=1&gdpr_consent=CPdYzQAPdYzQABIACCPLCbCgAP_AAH_AAB5YI8Nd_X__bW9j-_5_aft0eY1P9_r37uQzDhfNk-8F3L_W_LwX52E7NF36pq4KmR4Eu1LBIQNlHMHUDUmwaokVrzHsak2cpyNKJ7JEknMZO2dYGF9Pn1tjuYKY7_5_9_bx2D-t_9_-39T378Xf3_dp_2_-_vCfV599jfn9fV_789KP9_79v-_8__________3_7BHYAkw1biALsSxwJtAwihRAjCsJCqBQAQUAwtEFgA4OCnZWAT6whYAIBQBGBECHEFGDAIABAIAkIgAkCLBAIgCIBAACABEAhAARMAgsALAwCAAEA0LFAKAAQJCDIgIjlMCAiBIKCWysQSgr0NMIA6ywAoNEbFQAIkAAFICAkLBwDBEgJeLJAkxRvkAIwQoBRKgAAAAA.YAAAAAAAAAAA&cb=https%3A%2F%2Fsync.connectad.io%2Fumatch%2F1%3Fbidder%3Didx%26dataid%3Ddata13%26uuid%3D HTTP/1.1
Host: ssum.casalemedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sync-eu.connectad.io/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Tue, 04 Oct 2022 10:25:36 GMT
content-length: 0
location: /usermatch?cb=https%3A%2F%2Fsync.connectad.io%2Fumatch%2F1%3Fgdpr%3D1%26gdpr_consent%3DCPdYzQAPdYzQABIACCPLCbCgAP_AAH_AAB5YI8Nd_X__bW9j-_5_aft0eY1P9_r37uQzDhfNk-8F3L_W_LwX52E7NF36pq4KmR4Eu1LBIQNlHMHUDUmwaokVrzHsak2cpyNKJ7JEknMZO2dYGF9Pn1tjuYKY7_5_9_bx2D-t_9_-39T378Xf3_dp_2_-_vCfV599jfn9fV_789KP9_79v-_8__________3_7BHYAkw1biALsSxwJtAwihRAjCsJCqBQAQUAwtEFgA4OCnZWAT6whYAIBQBGBECHEFGDAIABAIAkIgAkCLBAIgCIBAACABEAhAARMAgsALAwCAAEA0LFAKAAQJCDIgIjlMCAiBIKCWysQSgr0NMIA6ywAoNEbFQAIkAAFICAkLBwDBEgJeLJAkxRvkAIwQoBRKgAAAAA.YAAAAAAAAAAA%26bidder%3Didx%26dataid%3Ddata13%26uuid%3D&gdpr=1&gdpr_consent=CPdYzQAPdYzQABIACCPLCbCgAP_AAH_AAB5YI8Nd_X__bW9j-_5_aft0eY1P9_r37uQzDhfNk-8F3L_W_LwX52E7NF36pq4KmR4Eu1LBIQNlHMHUDUmwaokVrzHsak2cpyNKJ7JEknMZO2dYGF9Pn1tjuYKY7_5_9_bx2D-t_9_-39T378Xf3_dp_2_-_vCfV599jfn9fV_789KP9_79v-_8__________3_7BHYAkw1biALsSxwJtAwihRAjCsJCqBQAQUAwtEFgA4OCnZWAT6whYAIBQBGBECHEFGDAIABAIAkIgAkCLBAIgCIBAACABEAhAARMAgsALAwCAAEA0LFAKAAQJCDIgIjlMCAiBIKCWysQSgr0NMIA6ywAoNEbFQAIkAAFICAkLBwDBEgJeLJAkxRvkAIwQoBRKgAAAAA.YAAAAAAAAAAA&s=190906&C=1
cf-ray: 754d36e9d805fabc-OSL
cache-control: no-cache
expires: 0
cf-cache-status: DYNAMIC
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma: no-cache
set-cookie: CMID=YzwKIDy5BXFMi14Kog-3KwAA; Path=/; Domain=casalemedia.com; Expires=Wed, 04 Oct 2023 10:25:36 GMT; Max-Age=31536000; Secure; SameSite=None
CMPS=4498; Path=/; Domain=casalemedia.com; Expires=Mon, 02 Jan 2023 10:25:36 GMT; Max-Age=7776000; Secure; SameSite=None
CMPRO=4498; Path=/; Domain=casalemedia.com; Expires=Mon, 02 Jan 2023 10:25:36 GMT; Max-Age=7776000; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cNDbNLZHYuFNu997oNi14h2b5cHYZaT7jcXwl1%2BtQgLIR1ywHD%2By30Y%2FZVpgHM7g5DDuGuZYN9EN6pD2D%2FLsGcBTzpAm4b0r6HwWNrOsqUpxTME%2FwQfcSMCFmkUG1o7VUddJ7Yip"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
creativecdn.com/cm-notify?pi=connectad
185.184.8.90302 Found 1.1 kB URL HTTP/2 creativecdn.com/cm-notify?pi=connectad
IP 185.184.8.90:0
ASN #204995 Rtb House S.A.
File type gzip compressed data, from Unix\012- data
Hash 526a0c7b5d879383851bf3b17bd3435d
4970e0ff24ab8138ded3952b2eb65eb0739c571b
8dc7e59ca3d17fa60047b558067002be77a7ce066a6bfc21b72f2eb88db9d1eb
GET /cm-notify?pi=connectad HTTP/1.1
Host: creativecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sync-eu.connectad.io/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Tue, 04 Oct 2022 10:25:36 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
set-cookie: u=JpfHySFND6AmjfbZcHOY;Path=/;Domain=.creativecdn.com;Expires=Wed, 04-Oct-2023 10:25:36 GMT;Max-Age=31536000;Secure;SameSite=None
ts=1664879136;Path=/;Domain=.creativecdn.com;Expires=Wed, 04-Oct-2023 10:25:36 GMT;Max-Age=31536000;Secure;SameSite=None
location: https://creativecdn.com/cm-notify?pi=connectad&tc=1
content-length: 0
X-Firefox-Spdy: h2
ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
185.89.210.141200 OK 0 B URL HTTP/1.1 ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
IP 185.89.210.141:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://acdn.adnxs.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Tue, 04 Oct 2022 10:25:36 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
AN-X-Request-Uuid: 705de774-8aea-4d08-a63f-c30e0a7015a6
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
ib.adnxs.com/async_usersync?cbfn=queuePixels
185.89.210.141307 Redirection 0 B URL HTTP/1.1 ib.adnxs.com/async_usersync?cbfn=queuePixels
IP 185.89.210.141:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /async_usersync?cbfn=queuePixels HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://acdn.adnxs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Tue, 04 Oct 2022 10:25:36 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Location: https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
AN-X-Request-Uuid: 7f15c610-e84a-4ded-9a7e-24061d2bb16d
Set-Cookie: uuid2=766389641322005516; SameSite=None; Path=/; Max-Age=7776000; Expires=Mon, 02-Jan-2023 10:25:36 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
cdn.connectad.io/connectmyusers.php?gdpr=1&gdpr_consent=CPdYzQAPdYzQABIACCPLCbCgAP_AAH_AAB5YI8Nd_X__bW9j-_5_aft0eY1P9_r37uQzDhfNk-8F3L_W_LwX52E7NF36pq4KmR4Eu1LBIQNlHMHUDUmwaokVrzHsak2cpyNKJ7JEknMZO2dYGF9Pn1tjuYKY7_5_9_bx2D-t_9_-39T378Xf3_dp_2_-_vCfV599jfn9fV_789KP9_79v-_8__________3_7BHYAkw1biALsSxwJtAwihRAjCsJCqBQAQUAwtEFgA4OCnZWAT6whYAIBQBGBECHEFGDAIABAIAkIgAkCLBAIgCIBAACABEAhAARMAgsALAwCAAEA0LFAKAAQJCDIgIjlMCAiBIKCWysQSgr0NMIA6ywAoNEbFQAIkAAFICAkLBwDBEgJeLJAkxRvkAIwQoBRKgAAAAA.YAAAAAAAAAAA&
104.22.54.206200 OK 650 B URL HTTP/2 cdn.connectad.io/connectmyusers.php?gdpr=1&gdpr_consent=CPdYzQAPdYzQABIACCPLCbCgAP_AAH_AAB5YI8Nd_X__bW9j-_5_aft0eY1P9_r37uQzDhfNk-8F3L_W_LwX52E7NF36pq4KmR4Eu1LBIQNlHMHUDUmwaokVrzHsak2cpyNKJ7JEknMZO2dYGF9Pn1tjuYKY7_5_9_bx2D-t_9_-39T378Xf3_dp_2_-_vCfV599jfn9fV_789KP9_79v-_8__________3_7BHYAkw1biALsSxwJtAwihRAjCsJCqBQAQUAwtEFgA4OCnZWAT6whYAIBQBGBECHEFGDAIABAIAkIgAkCLBAIgCIBAACABEAhAARMAgsALAwCAAEA0LFAKAAQJCDIgIjlMCAiBIKCWysQSgr0NMIA6ywAoNEbFQAIkAAFICAkLBwDBEgJeLJAkxRvkAIwQoBRKgAAAAA.YAAAAAAAAAAA&
IP 104.22.54.206:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (1179), with no line terminators
Hash d8a97449880933bb894845bbd5291bca
1a675af6566b5ce4191185586f74e27935e6a9f7
4c2dacd603354841d25cf635473afdc94d49e5e69aa2defd5633009d8b63f554
GET /connectmyusers.php?gdpr=1&gdpr_consent=CPdYzQAPdYzQABIACCPLCbCgAP_AAH_AAB5YI8Nd_X__bW9j-_5_aft0eY1P9_r37uQzDhfNk-8F3L_W_LwX52E7NF36pq4KmR4Eu1LBIQNlHMHUDUmwaokVrzHsak2cpyNKJ7JEknMZO2dYGF9Pn1tjuYKY7_5_9_bx2D-t_9_-39T378Xf3_dp_2_-_vCfV599jfn9fV_789KP9_79v-_8__________3_7BHYAkw1biALsSxwJtAwihRAjCsJCqBQAQUAwtEFgA4OCnZWAT6whYAIBQBGBECHEFGDAIABAIAkIgAkCLBAIgCIBAACABEAhAARMAgsALAwCAAEA0LFAKAAQJCDIgIjlMCAiBIKCWysQSgr0NMIA6ywAoNEbFQAIkAAFICAkLBwDBEgJeLJAkxRvkAIwQoBRKgAAAAA.YAAAAAAAAAAA& HTTP/1.1
Host: cdn.connectad.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 04 Oct 2022 10:25:35 GMT
content-type: text/html; charset=UTF-8
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 754d36e78a4d0af6-OSL
content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ib.adnxs.com/async_usersync?cbfn=queuePixels
185.89.210.141307 Redirection 0 B URL HTTP/1.1 ib.adnxs.com/async_usersync?cbfn=queuePixels
IP 185.89.210.141:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /async_usersync?cbfn=queuePixels HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://acdn.adnxs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Tue, 04 Oct 2022 10:25:36 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Location: https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
AN-X-Request-Uuid: ca8ce2dd-2dbd-4992-9240-590426cfa0ad
Set-Cookie: uuid2=1242676732305984576; SameSite=None; Path=/; Max-Age=7776000; Expires=Mon, 02-Jan-2023 10:25:36 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
creativecdn.com/cm-notify?pi=connectad&tc=1
185.184.8.90200 OK 42 B URL HTTP/2 creativecdn.com/cm-notify?pi=connectad&tc=1
IP 185.184.8.90:0
ASN #204995 Rtb House S.A.
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /cm-notify?pi=connectad&tc=1 HTTP/1.1
Host: creativecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sync-eu.connectad.io/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 04 Oct 2022 10:25:36 GMT
content-type: image/gif
content-length: 42
X-Firefox-Spdy: h2
script.hotjar.com/modules.61e17720cf639c3e96a7.js
143.204.55.96200 OK 66 kB URL HTTP/2 script.hotjar.com/modules.61e17720cf639c3e96a7.js
IP 143.204.55.96:0
File type Unicode text, UTF-8 text, with very long lines (48714)
Hash ca82760cd662a268a9b556ae44a96740
7d7e28b6029ab3449f2183a73b8f0dbb93dd9386
0e98f16bb4945f08b2f0e9be3108864e2f2db7ed792bc9049404cac6038d75d3
GET /modules.61e17720cf639c3e96a7.js HTTP/1.1
Host: script.hotjar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
content-length: 66156
date: Tue, 04 Oct 2022 09:20:29 GMT
accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=31536000
content-encoding: br
cross-origin-resource-policy: cross-origin
etag: "ca82760cd662a268a9b556ae44a96740"
last-modified: Tue, 04 Oct 2022 07:09:34 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 aa34a836095df9de9d246a53dd63f1d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Pn_RYUAvpS1bNC5eS4V5VOnueZVvHWB1ebV1nH-y4JX7M1Iko7gR6w==
age: 3907
X-Firefox-Spdy: h2
ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
185.89.210.141200 OK 0 B URL HTTP/1.1 ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
IP 185.89.210.141:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://acdn.adnxs.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Tue, 04 Oct 2022 10:25:36 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
AN-X-Request-Uuid: 2ec0e619-d97e-43a6-a8c2-11a283d7586d
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
185.89.210.141200 OK 0 B URL HTTP/1.1 ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
IP 185.89.210.141:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://acdn.adnxs.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Tue, 04 Oct 2022 10:25:36 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
AN-X-Request-Uuid: 81619fe8-3f82-4840-8c47-5c52d70504d6
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
cdn.indexww.com/ht/htw-pixel.gif?0
104.18.13.76200 OK 43 B URL HTTP/2 cdn.indexww.com/ht/htw-pixel.gif?0
IP 104.18.13.76:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
GET /ht/htw-pixel.gif?0 HTTP/1.1
Host: cdn.indexww.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ssum-sec.casalemedia.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 04 Oct 2022 10:25:36 GMT
content-type: image/gif
content-length: 43
last-modified: Tue, 24 Jan 2017 19:36:04 GMT
etag: "761e21-2b-546dc3a097100"
cache-control: public, max-age=14400
expires: Tue, 04 Oct 2022 14:25:36 GMT
edge-control: cache-maxage=1h
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cf-cache-status: HIT
age: 12
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 754d36eaae011c0a-OSL
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash b8469fcdf1f9936ba7e6d68d202de04e
581d3a5d1979b2c2374e0bba3231ef46868ef55f
fe333565928984049e3f12a239341030d6e651e8fd0c6193f59e2ef744ff8abe
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 10:25:36 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 01 Oct 2022 01:56:50 GMT
Expires: Sat, 08 Oct 2022 01:56:49 GMT
Etag: "581d3a5d1979b2c2374e0bba3231ef46868ef55f"
Cache-Control: max-age=314472,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 754d36ea7bb81c16-OSL
ocsp.godaddy.com/
192.124.249.41200 OK 1.8 kB IP 192.124.249.41:0
Hash e1864a4b36e5395c23ec15af047d92b2
6089fc57803cdeb3fbca3cc01c3aeb7392b19878
0492f8fbcfca2a0c604c1766ce5f61cad89421af6c9112a59849ac422e9b9522
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Tue, 04 Oct 2022 10:25:36 GMT
Content-Type: application/ocsp-response
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19041
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Mon, 03 Oct 2022 22:22:25 GMT
Expires: Tue, 04 Oct 2022 22:22:25 GMT
ETag: "6089fc57803cdeb3fbca3cc01c3aeb7392b19878"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
185.89.210.141200 OK 0 B URL HTTP/1.1 ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
IP 185.89.210.141:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://acdn.adnxs.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Tue, 04 Oct 2022 10:25:36 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
AN-X-Request-Uuid: 444f9c38-7017-442a-ace3-954e3ec2bb45
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
x.bidswitch.net/sync?ssp=rtaplus&user_id=n9ApWFkO50sIve8iq0ZjoMyprnhwoT0IPJegCCBD&gdpr=1&gdpr_consent=CPdYzQAPdYzQABIACCPLCbCgAP_AAH_AAB5YI8Nd_X__bW9j-_5_aft0eY1P9_r37uQzDhfNk-8F3L_W_LwX52E7NF36pq4KmR4Eu1LBIQNlHMHUDUmwaokVrzHsak2cpyNKJ7JEknMZO2dYGF9Pn1tjuYKY7_5_9_bx2D-t_9_-39T378Xf3_dp_2_-_vCfV599jfn9fV_789KP9_79v-_8__________3_7BHYAkw1biALsSxwJtAwihRAjCsJCqBQAQUAwtEFgA4OCnZWAT6whYAIBQBGBECHEFGDAIABAIAkIgAkCLBAIgCIBAACABEAhAARMAgsALAwCAAEA0LFAKAAQJCDIgIjlMCAiBIKCWysQSgr0NMIA6ywAoNEbFQAIkAAFICAkLBwDBEgJeLJAkxRvkAIwQoBRKgAAAAA.YAAAAAAAAAAA
18.194.190.42302 Moved Temporarily 0 B URL HTTP/1.1 x.bidswitch.net/sync?ssp=rtaplus&user_id=n9ApWFkO50sIve8iq0ZjoMyprnhwoT0IPJegCCBD&gdpr=1&gdpr_consent=CPdYzQAPdYzQABIACCPLCbCgAP_AAH_AAB5YI8Nd_X__bW9j-_5_aft0eY1P9_r37uQzDhfNk-8F3L_W_LwX52E7NF36pq4KmR4Eu1LBIQNlHMHUDUmwaokVrzHsak2cpyNKJ7JEknMZO2dYGF9Pn1tjuYKY7_5_9_bx2D-t_9_-39T378Xf3_dp_2_-_vCfV599jfn9fV_789KP9_79v-_8__________3_7BHYAkw1biALsSxwJtAwihRAjCsJCqBQAQUAwtEFgA4OCnZWAT6whYAIBQBGBECHEFGDAIABAIAkIgAkCLBAIgCIBAACABEAhAARMAgsALAwCAAEA0LFAKAAQJCDIgIjlMCAiBIKCWysQSgr0NMIA6ywAoNEbFQAIkAAFICAkLBwDBEgJeLJAkxRvkAIwQoBRKgAAAAA.YAAAAAAAAAAA
IP 18.194.190.42:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sync?ssp=rtaplus&user_id=n9ApWFkO50sIve8iq0ZjoMyprnhwoT0IPJegCCBD&gdpr=1&gdpr_consent=CPdYzQAPdYzQABIACCPLCbCgAP_AAH_AAB5YI8Nd_X__bW9j-_5_aft0eY1P9_r37uQzDhfNk-8F3L_W_LwX52E7NF36pq4KmR4Eu1LBIQNlHMHUDUmwaokVrzHsak2cpyNKJ7JEknMZO2dYGF9Pn1tjuYKY7_5_9_bx2D-t_9_-39T378Xf3_dp_2_-_vCfV599jfn9fV_789KP9_79v-_8__________3_7BHYAkw1biALsSxwJtAwihRAjCsJCqBQAQUAwtEFgA4OCnZWAT6whYAIBQBGBECHEFGDAIABAIAkIgAkCLBAIgCIBAACABEAhAARMAgsALAwCAAEA0LFAKAAQJCDIgIjlMCAiBIKCWysQSgr0NMIA6ywAoNEbFQAIkAAFICAkLBwDBEgJeLJAkxRvkAIwQoBRKgAAAAA.YAAAAAAAAAAA HTTP/1.1
Host: x.bidswitch.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sync-eu.connectad.io/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
Cache-Control: no-cache, no-store, must-revalidate
Date: Tue, 04 Oct 2022 10:25:36 GMT
Location: https://x.bidswitch.net/ul_cb/sync?ssp=rtaplus&user_id=n9ApWFkO50sIve8iq0ZjoMyprnhwoT0IPJegCCBD&gdpr=1&gdpr_consent=CPdYzQAPdYzQABIACCPLCbCgAP_AAH_AAB5YI8Nd_X__bW9j-_5_aft0eY1P9_r37uQzDhfNk-8F3L_W_LwX52E7NF36pq4KmR4Eu1LBIQNlHMHUDUmwaokVrzHsak2cpyNKJ7JEknMZO2dYGF9Pn1tjuYKY7_5_9_bx2D-t_9_-39T378Xf3_dp_2_-_vCfV599jfn9fV_789KP9_79v-_8__________3_7BHYAkw1biALsSxwJtAwihRAjCsJCqBQAQUAwtEFgA4OCnZWAT6whYAIBQBGBECHEFGDAIABAIAkIgAkCLBAIgCIBAACABEAhAARMAgsALAwCAAEA0LFAKAAQJCDIgIjlMCAiBIKCWysQSgr0NMIA6ywAoNEbFQAIkAAFICAkLBwDBEgJeLJAkxRvkAIwQoBRKgAAAAA.YAAAAAAAAAAA
Set-Cookie: tuuid=87a0bac6-569d-4413-8360-b793bbf455c8; path=/; expires=Wed, 04-Oct-2023 10:25:36 GMT; domain=.bidswitch.net; samesite=none; secure
c=1664879136; path=/; expires=Wed, 04-Oct-2023 10:25:36 GMT; domain=.bidswitch.net; samesite=none; secure
tuuid_lu=1664879136; path=/; expires=Wed, 04-Oct-2023 10:25:36 GMT; domain=.bidswitch.net; samesite=none; secure
c=1664879136; path=/; expires=Wed, 04-Oct-2023 10:25:36 GMT; domain=.bidswitch.net; samesite=none; secure
Content-Length: 0
Connection: keep-alive
vars.hotjar.com/box-69edcc3187336f9b0a3fbb4c73be9fe6.html
143.204.55.118200 OK 1.0 kB URL HTTP/2 vars.hotjar.com/box-69edcc3187336f9b0a3fbb4c73be9fe6.html
IP 143.204.55.118:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2431), with no line terminators
Hash f6a9ca04b0687ea3c0d98e8430c8c77b
35503b2deb23091a9a9c6c68d4020dbdf879588e
8e4328ecb6b395499567369e3c227231dbdaf361f43ce315934d7a2a3abbed41
GET /box-69edcc3187336f9b0a3fbb4c73be9fe6.html HTTP/1.1
Host: vars.hotjar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1044
date: Tue, 04 Oct 2022 09:28:08 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
etag: "f6a9ca04b0687ea3c0d98e8430c8c77b"
last-modified: Tue, 04 Oct 2022 07:09:34 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a9120cc3ff449047c990e82a4d5566ba.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: ZKi6FfpqKWMoRJ8aZq3RaKgES7pXJA5WHiE4vVAH6fpYnr0CZJm7Ag==
age: 3448
X-Firefox-Spdy: h2
x.bidswitch.net/ul_cb/sync?ssp=rtaplus&user_id=n9ApWFkO50sIve8iq0ZjoMyprnhwoT0IPJegCCBD&gdpr=1&gdpr_consent=CPdYzQAPdYzQABIACCPLCbCgAP_AAH_AAB5YI8Nd_X__bW9j-_5_aft0eY1P9_r37uQzDhfNk-8F3L_W_LwX52E7NF36pq4KmR4Eu1LBIQNlHMHUDUmwaokVrzHsak2cpyNKJ7JEknMZO2dYGF9Pn1tjuYKY7_5_9_bx2D-t_9_-39T378Xf3_dp_2_-_vCfV599jfn9fV_789KP9_79v-_8__________3_7BHYAkw1biALsSxwJtAwihRAjCsJCqBQAQUAwtEFgA4OCnZWAT6whYAIBQBGBECHEFGDAIABAIAkIgAkCLBAIgCIBAACABEAhAARMAgsALAwCAAEA0LFAKAAQJCDIgIjlMCAiBIKCWysQSgr0NMIA6ywAoNEbFQAIkAAFICAkLBwDBEgJeLJAkxRvkAIwQoBRKgAAAAA.YAAAAAAAAAAA
18.194.190.42200 OK 43 B URL HTTP/1.1 x.bidswitch.net/ul_cb/sync?ssp=rtaplus&user_id=n9ApWFkO50sIve8iq0ZjoMyprnhwoT0IPJegCCBD&gdpr=1&gdpr_consent=CPdYzQAPdYzQABIACCPLCbCgAP_AAH_AAB5YI8Nd_X__bW9j-_5_aft0eY1P9_r37uQzDhfNk-8F3L_W_LwX52E7NF36pq4KmR4Eu1LBIQNlHMHUDUmwaokVrzHsak2cpyNKJ7JEknMZO2dYGF9Pn1tjuYKY7_5_9_bx2D-t_9_-39T378Xf3_dp_2_-_vCfV599jfn9fV_789KP9_79v-_8__________3_7BHYAkw1biALsSxwJtAwihRAjCsJCqBQAQUAwtEFgA4OCnZWAT6whYAIBQBGBECHEFGDAIABAIAkIgAkCLBAIgCIBAACABEAhAARMAgsALAwCAAEA0LFAKAAQJCDIgIjlMCAiBIKCWysQSgr0NMIA6ywAoNEbFQAIkAAFICAkLBwDBEgJeLJAkxRvkAIwQoBRKgAAAAA.YAAAAAAAAAAA
IP 18.194.190.42:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /ul_cb/sync?ssp=rtaplus&user_id=n9ApWFkO50sIve8iq0ZjoMyprnhwoT0IPJegCCBD&gdpr=1&gdpr_consent=CPdYzQAPdYzQABIACCPLCbCgAP_AAH_AAB5YI8Nd_X__bW9j-_5_aft0eY1P9_r37uQzDhfNk-8F3L_W_LwX52E7NF36pq4KmR4Eu1LBIQNlHMHUDUmwaokVrzHsak2cpyNKJ7JEknMZO2dYGF9Pn1tjuYKY7_5_9_bx2D-t_9_-39T378Xf3_dp_2_-_vCfV599jfn9fV_789KP9_79v-_8__________3_7BHYAkw1biALsSxwJtAwihRAjCsJCqBQAQUAwtEFgA4OCnZWAT6whYAIBQBGBECHEFGDAIABAIAkIgAkCLBAIgCIBAACABEAhAARMAgsALAwCAAEA0LFAKAAQJCDIgIjlMCAiBIKCWysQSgr0NMIA6ywAoNEbFQAIkAAFICAkLBwDBEgJeLJAkxRvkAIwQoBRKgAAAAA.YAAAAAAAAAAA HTTP/1.1
Host: x.bidswitch.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sync-eu.connectad.io/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Tue, 04 Oct 2022 10:25:36 GMT
Content-Length: 43
Connection: keep-alive
ap.lijit.com/pixel?redir=https%3A%2F%2Fsync.connectad.io%2Fumatch%2F1%3Fbidder%3Dsovrn%26dataid%3Ddata12%26uuid%3D%24UID
72.251.249.13204 No Content 0 B URL HTTP/1.1 ap.lijit.com/pixel?redir=https%3A%2F%2Fsync.connectad.io%2Fumatch%2F1%3Fbidder%3Dsovrn%26dataid%3Ddata12%26uuid%3D%24UID
IP 72.251.249.13:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pixel?redir=https%3A%2F%2Fsync.connectad.io%2Fumatch%2F1%3Fbidder%3Dsovrn%26dataid%3Ddata12%26uuid%3D%24UID HTTP/1.1
Host: ap.lijit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sync-eu.connectad.io/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Date: Tue, 04 Oct 2022 10:25:36 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type
X-Sovrn-Pod: ad_ap2ams1
vc.hotjar.io/sessions/3102034?s=0.25&r=0.10756569961819717
54.230.111.70204 No Content 0 B URL HTTP/2 vc.hotjar.io/sessions/3102034?s=0.25&r=0.10756569961819717
IP 54.230.111.70:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sessions/3102034?s=0.25&r=0.10756569961819717 HTTP/1.1
Host: vc.hotjar.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://wp-pl.eu
Connection: keep-alive
Referer: https://wp-pl.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
access-control-allow-origin: *
cache-control: no-store
date: Tue, 04 Oct 2022 10:25:36 GMT
server: Python/3.7 aiohttp/3.5.4
x-cache: Miss from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: sEYb_UfdS16fOnpxk4QxkMM5jfHK3ZnGEIXI0Cghu8HaYrsNm8i6iw==
X-Firefox-Spdy: h2
script.hotjar.com/preact-incoming-feedback.57abc3782b6aa30a609f.js
143.204.55.96200 OK 33 kB URL HTTP/2 script.hotjar.com/preact-incoming-feedback.57abc3782b6aa30a609f.js
IP 143.204.55.96:0
Hash 01b0d6d805066fac1071a51d0abdea0d
8f3f6e92c6f98b2c7b799ffa53fec9afafd82cf0
9609884df62b5a0cde42eaec6c0fad3c1cfdfc7c2c98f81cff9aac22fc02c886
GET /preact-incoming-feedback.57abc3782b6aa30a609f.js HTTP/1.1
Host: script.hotjar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 33084
date: Tue, 04 Oct 2022 09:16:01 GMT
accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=31536000
content-encoding: br
cross-origin-resource-policy: cross-origin
etag: "01b0d6d805066fac1071a51d0abdea0d"
last-modified: Tue, 04 Oct 2022 07:09:34 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 aa34a836095df9de9d246a53dd63f1d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: R2IeGaPvEtC79xVUPrww11-x7mR2XBn-TBY8oL0Y8HndVyRkYFueNw==
age: 4175
X-Firefox-Spdy: h2
script.hotjar.com/font-hotjar_5.65042d.woff2
143.204.55.96200 OK 2.2 kB URL HTTP/2 script.hotjar.com/font-hotjar_5.65042d.woff2
IP 143.204.55.96:0
File type Web Open Font Format (Version 2), TrueType, length 2188, version 1.0\012- data
Hash c9fb9163f8b7be37023ebe649688bebf
8a045f40cc0f0035d41679c522334277f9f2de59
fab4fef6bbfa8d6464403a14be7de1be5e3e63637a96d994fab10266e1eaf6da
GET /font-hotjar_5.65042d.woff2 HTTP/1.1
Host: script.hotjar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://wp-pl.eu
Connection: keep-alive
Referer: https://wp-pl.eu/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: font/woff2
content-length: 2188
date: Tue, 04 Oct 2022 09:16:02 GMT
accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=31536000
cross-origin-resource-policy: cross-origin
etag: "c9fb9163f8b7be37023ebe649688bebf"
last-modified: Tue, 04 Oct 2022 07:09:34 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 aa34a836095df9de9d246a53dd63f1d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: bfuNXDvBOdRzbxVUz-aMwa7oID09WrKNuox-jJDXcqF7iLDdJt71Jw==
age: 4174
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.165200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.165:0
Hash 1e661f69596ae8f4c9bb890b9b03576b
3140da34d5bd6c319bff5ab5b0685f4c881b5d9a
2969b941f6e6f984f563f606d11728734cd5f7f0e3a5da7614d59bf0ec91e116
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Tue, 04 Oct 2022 10:25:36 GMT
Last-Modified: Tue, 04 Oct 2022 08:59:28 GMT
Server: ECS (nyb/1D33)
X-Cache: Miss from cloudfront
Via: 1.1 50584ad285d5f627ddebae74efdd0770.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 3Vbg0tXZ8A9fQc75G-vBQLMckjEQQbIWTyI8ki1ZSk9GLMOMQNbh1g==
Age: 5168
in.hotjar.com/api/v2/client/sites/3102034/visit-data?sv=6
52.30.245.126200 OK 92 B URL HTTP/2 in.hotjar.com/api/v2/client/sites/3102034/visit-data?sv=6
IP 52.30.245.126:0
File type JSON data\012- , ASCII text, with no line terminators
Hash e03464b4f14a1d296cb59883ae134e96
67e8cfe5f193093e715f15ed21b071dc13c8ee3d
51f23e4ba6b1a83ad7e297301a89147870b4c73952c3ae44d9ca7babb77d9955
POST /api/v2/client/sites/3102034/visit-data?sv=6 HTTP/1.1
Host: in.hotjar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain; charset=UTF-8
Content-Length: 112
Origin: https://wp-pl.eu
Connection: keep-alive
Referer: https://wp-pl.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 04 Oct 2022 10:25:36 GMT
content-type: application/json
vary: Accept-Encoding
cache-control: no-cache, no-store
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
content-encoding: br
X-Firefox-Spdy: h2
ws7.hotjar.com/api/v2/client/ws
52.214.2.161101 Switching Protocols 0 B URL HTTP/1.1 ws7.hotjar.com/api/v2/client/ws
IP 52.214.2.161:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/v2/client/ws HTTP/1.1
Host: ws7.hotjar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://wp-pl.eu
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: KLUQ0SsabP8ndrK9hyfATQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Date: Tue, 04 Oct 2022 10:25:37 GMT
Content-Type: application/octet-stream
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: PjaqVkr9MF3LWbbEP7Hw7UXIqcw=
Sec-WebSocket-Extensions: permessage-deflate
ib.adnxs.com/async_usersync?cbfn=queuePixels
185.89.210.141307 Redirection 0 B URL HTTP/1.1 ib.adnxs.com/async_usersync?cbfn=queuePixels
IP 185.89.210.141:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /async_usersync?cbfn=queuePixels HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://acdn.adnxs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Tue, 04 Oct 2022 10:25:37 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Location: https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
AN-X-Request-Uuid: 9197c0ae-1e9e-413d-bfdf-13198ffcf2fa
Set-Cookie: uuid2=8703886535125521069; SameSite=None; Path=/; Max-Age=7776000; Expires=Mon, 02-Jan-2023 10:25:37 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
ib.adnxs.com/async_usersync?cbfn=queuePixels
185.89.210.141307 Redirection 0 B URL HTTP/1.1 ib.adnxs.com/async_usersync?cbfn=queuePixels
IP 185.89.210.141:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /async_usersync?cbfn=queuePixels HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://acdn.adnxs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Tue, 04 Oct 2022 10:25:37 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Location: https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
AN-X-Request-Uuid: 82ca2b3d-fc20-4012-b06d-3cf8717fad8d
Set-Cookie: uuid2=3058782596819612161; SameSite=None; Path=/; Max-Age=7776000; Expires=Mon, 02-Jan-2023 10:25:37 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ff433c9569a3557d806b1480aeafece9
20bbd46383b85326837f45290ff87df708b3b310
e8e5212b8d90257f23bdb0d1d643b5e7d7528d964056c3a4a269b5e09f409f2d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E8E5212B8D90257F23BDB0D1D643B5E7D7528D964056C3A4A269B5E09F409F2D"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12229
Expires: Tue, 04 Oct 2022 13:49:26 GMT
Date: Tue, 04 Oct 2022 10:25:37 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ff433c9569a3557d806b1480aeafece9
20bbd46383b85326837f45290ff87df708b3b310
e8e5212b8d90257f23bdb0d1d643b5e7d7528d964056c3a4a269b5e09f409f2d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E8E5212B8D90257F23BDB0D1D643B5E7D7528D964056C3A4A269B5E09F409F2D"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12229
Expires: Tue, 04 Oct 2022 13:49:26 GMT
Date: Tue, 04 Oct 2022 10:25:37 GMT
Connection: keep-alive
ib.adnxs.com/async_usersync?cbfn=queuePixels
185.89.210.141307 Redirection 0 B URL HTTP/1.1 ib.adnxs.com/async_usersync?cbfn=queuePixels
IP 185.89.210.141:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /async_usersync?cbfn=queuePixels HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://acdn.adnxs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Tue, 04 Oct 2022 10:25:37 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Location: https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
AN-X-Request-Uuid: c65f9c79-f954-4722-9caa-5f204b88a4e9
Set-Cookie: uuid2=7712623803164847774; SameSite=None; Path=/; Max-Age=7776000; Expires=Mon, 02-Jan-2023 10:25:37 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
185.89.210.141200 OK 0 B URL HTTP/1.1 ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
IP 185.89.210.141:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://acdn.adnxs.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Tue, 04 Oct 2022 10:25:37 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
AN-X-Request-Uuid: 2ac3abe8-5d47-415e-a3bf-0873a2cec16b
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ff433c9569a3557d806b1480aeafece9
20bbd46383b85326837f45290ff87df708b3b310
e8e5212b8d90257f23bdb0d1d643b5e7d7528d964056c3a4a269b5e09f409f2d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E8E5212B8D90257F23BDB0D1D643B5E7D7528D964056C3A4A269B5E09F409F2D"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12229
Expires: Tue, 04 Oct 2022 13:49:26 GMT
Date: Tue, 04 Oct 2022 10:25:37 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4f5624b4-8e2a-461e-a32a-38d6b5a3a8d2.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4f5624b4-8e2a-461e-a32a-38d6b5a3a8d2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ae824db4a95391149198a4b6b8556c70
db07d58d8feff4ea01866d095e5264ee5c8e1ca3
19e96d204813247697e1858daf9e07d6c4cafd9ab1175a3bf39a7f07f6991521
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4f5624b4-8e2a-461e-a32a-38d6b5a3a8d2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11101
x-amzn-requestid: f98e84d9-1e66-4436-b793-219a777f2ba0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcqcvE8JoAMFQ2g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b5784-25bd2b234c1093de70074c92;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:43:32 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: becOxfqUowywFrxzDSeK7F1lFdDVTSHIF1TLC5k5aSlLPpsR6F8gjw==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 22:42:37 GMT
age: 42180
etag: "db07d58d8feff4ea01866d095e5264ee5c8e1ca3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0c459c91-b5cc-492c-9573-3101e5df6b51.jpeg
34.120.237.76200 OK 5.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0c459c91-b5cc-492c-9573-3101e5df6b51.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 34f2dfb2faff276db1d4a57739db2450
f5ce815082043a4efce28fc790ae7d8b3a8531f8
e02ea92f0be524ccfe26eee61a77e39a13d852d1ba3696f729e0f61812028667
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0c459c91-b5cc-492c-9573-3101e5df6b51.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5083
x-amzn-requestid: ed99df03-5d15-4e09-9aea-bbf77a705323
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcpI0HT0IAMFxvQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b556b-422197147d76caac6e910664;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:34:35 GMT
x-amz-cf-pop: SFO5-P2, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: ZFVTt0eV3kpIaS4KAIZlgaTJxHb2hPxyP4BBRAZCE-cCAWJM44fZxw==
via: 1.1 946b9edb2009c5508a0fbbd636f95014.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 22:38:28 GMT
age: 42429
etag: "f5ce815082043a4efce28fc790ae7d8b3a8531f8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
185.89.210.141200 OK 0 B URL HTTP/1.1 ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
IP 185.89.210.141:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://acdn.adnxs.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Tue, 04 Oct 2022 10:25:37 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
AN-X-Request-Uuid: 26c710c2-ebd4-42dc-bf3a-5ab99076ab2d
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a61745f-0c9b-404a-ba22-0a69cf2f0383.jpeg
34.120.237.76200 OK 4.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a61745f-0c9b-404a-ba22-0a69cf2f0383.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6779181f9c06975f2a662da743893939
585e7146fd24cdc2496b05baafea04091dc541e2
8e9a9f92fd89b7cdce77884ccd76b83ab82d28f125ebfc1cb0d371d4046b7985
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a61745f-0c9b-404a-ba22-0a69cf2f0383.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4858
x-amzn-requestid: fb21c414-2994-444a-a838-e643fd05b171
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcpvTEfPoAMFfeQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b5661-593dd8043b0490e7301cac0d;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:38:41 GMT
x-amz-cf-pop: SFO5-P2, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: SGeDEPoXxsTV5UwkZnn3MJPbjhHhrKSsueHPxVapV_7Icl6daFk3oA==
via: 1.1 773ca14e6bd4bf9244988cb69fc9dca8.cloudfront.net (CloudFront), 1.1 89791e6b21b9a30cc51cac1bc51cf098.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 21:44:20 GMT
age: 45677
etag: "585e7146fd24cdc2496b05baafea04091dc541e2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ib.adnxs.com/async_usersync?cbfn=queuePixels
185.89.210.141307 Redirection 0 B URL HTTP/1.1 ib.adnxs.com/async_usersync?cbfn=queuePixels
IP 185.89.210.141:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /async_usersync?cbfn=queuePixels HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://acdn.adnxs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Tue, 04 Oct 2022 10:25:37 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Location: https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
AN-X-Request-Uuid: c41d405e-39ca-44fe-8d2d-3411098ada5f
Set-Cookie: uuid2=6680346547978780471; SameSite=None; Path=/; Max-Age=7776000; Expires=Mon, 02-Jan-2023 10:25:37 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0bec66cf-b911-4eb8-95d6-27e5f2afb6c7.jpeg
34.120.237.76200 OK 8.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0bec66cf-b911-4eb8-95d6-27e5f2afb6c7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash de29d0d95d22e4e246a90feed644baf0
4ac6c5691df804078d5da54233cf4d8e7012f9ca
8e34ad07e098df14f7001d1ee538479de11afa4c255006cb6e8e2207c0e50a47
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0bec66cf-b911-4eb8-95d6-27e5f2afb6c7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8308
x-amzn-requestid: 3348b2e8-915a-492b-8241-89c13a21232c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcqFlFyyoAMFz_A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b56f0-2baf7ac2213c31fc384e8317;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:41:04 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 50AX7dGWRTOAi1Z4dP9cROGeKlz-g0oXDncFUYmuPOSwpZRWWcNo4g==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 21:44:32 GMT
age: 45665
etag: "4ac6c5691df804078d5da54233cf4d8e7012f9ca"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb3178d2f-9a52-4d0e-a26b-5a90ef8578f2.jpeg
34.120.237.76200 OK 3.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb3178d2f-9a52-4d0e-a26b-5a90ef8578f2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 488ec5b4267ccb1cdc4e6e08556f7f3b
42dd7ec0c606dbd3ccc0074f61d3b4b12f2e3c88
d9b05fe92962a58b9a8e8dbd4757969aa361be12018107ae649ffcdb8a0f8d84
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb3178d2f-9a52-4d0e-a26b-5a90ef8578f2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3430
x-amzn-requestid: 22a0e400-1567-4c9c-aca9-782f3f81a8ef
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZKLCrEn4IAMFZWw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6333f210-11fa888c78719c44160accf8;Sampled=0
x-amzn-remapped-date: Wed, 28 Sep 2022 07:04:49 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: czAJIO54qhc57-FC2v3o_6iUysen6MFHxo4KWJL7Uhs3ZBmRalqgMw==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Oct 2022 09:44:26 GMT
age: 2471
etag: "42dd7ec0c606dbd3ccc0074f61d3b4b12f2e3c88"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8641c47a-9aff-4f73-bb07-6770cbbcc8d6.jpeg
34.120.237.76200 OK 5.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8641c47a-9aff-4f73-bb07-6770cbbcc8d6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6c6882c60d7ca6f918c77104e3ad1d52
20ef861be49c652a938e0145e4ca3a60159367e2
861f5870990fbd2939d151ae18384cf311e87067ca9a50818efe0c2d51b83088
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8641c47a-9aff-4f73-bb07-6770cbbcc8d6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5504
x-amzn-requestid: 37405eb0-5c75-46a9-84c0-e8ed726995d8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcpHvHPvoAMF3mg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b5564-77fd550b58af612525e74761;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:34:28 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: O1yNc4H21kixhUEE7099oNqs7a5ZnJBBjlZbsbmLvaXyzXzrK0dL3w==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 21:44:33 GMT
age: 45664
etag: "20ef861be49c652a938e0145e4ca3a60159367e2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
185.89.210.141200 OK 0 B URL HTTP/1.1 ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
IP 185.89.210.141:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://acdn.adnxs.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Tue, 04 Oct 2022 10:25:37 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
AN-X-Request-Uuid: 583e7583-2e6a-4ebd-b946-5200c39c1ef3
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
185.89.210.141200 OK 0 B URL HTTP/1.1 ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
IP 185.89.210.141:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://acdn.adnxs.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Tue, 04 Oct 2022 10:25:37 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
AN-X-Request-Uuid: 654bc65b-2de1-4024-84da-505500f96849
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
wp-pl.eu/index_files/googletagservices_gpt.js
185.203.117.169200 OK 0 B URL HTTP/2 wp-pl.eu/index_files/googletagservices_gpt.js
IP 185.203.117.169:0
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /index_files/googletagservices_gpt.js HTTP/1.1
Host: wp-pl.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 10:25:35 GMT
content-type: application/javascript
last-modified: Tue, 09 Aug 2022 02:31:44 GMT
etag: W/"62f1c710-1371"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
wp-pl.eu/index_files/NTI1NDg3YTUoUzh3SEhsIGsLbCcXWxEnPVVsaEVsbG5rbhEbOGwRCxZuERs4_005
185.203.117.169200 OK 0 B URL HTTP/2 wp-pl.eu/index_files/NTI1NDg3YTUoUzh3SEhsIGsLbCcXWxEnPVVsaEVsbG5rbhEbOGwRCxZuERs4_005
IP 185.203.117.169:0
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /index_files/NTI1NDg3YTUoUzh3SEhsIGsLbCcXWxEnPVVsaEVsbG5rbhEbOGwRCxZuERs4_005 HTTP/1.1
Host: wp-pl.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 10:25:35 GMT
content-type: text/plain
last-modified: Tue, 09 Aug 2022 02:31:44 GMT
etag: W/"62f1c710-6d2f4"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
wp-pl.eu/index_files/gplayer.js
185.203.117.169404 Not Found 0 B URL HTTP/2 wp-pl.eu/index_files/gplayer.js
IP 185.203.117.169:0
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /index_files/gplayer.js HTTP/1.1
Host: wp-pl.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Tue, 04 Oct 2022 10:25:35 GMT
content-type: text/html
last-modified: Tue, 09 Aug 2022 12:32:30 GMT
etag: W/"328-5e5ce2043ba15"
content-encoding: br
X-Firefox-Spdy: h2
wp-pl.eu/index_files/google-analytics_analytics.js
185.203.117.169200 OK 0 B URL HTTP/2 wp-pl.eu/index_files/google-analytics_analytics.js
IP 185.203.117.169:0
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /index_files/google-analytics_analytics.js HTTP/1.1
Host: wp-pl.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 10:25:35 GMT
content-type: application/javascript
last-modified: Tue, 09 Aug 2022 02:31:44 GMT
etag: W/"62f1c710-e6f"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
wp-pl.eu/index_files/noop_003.js
185.203.117.169200 OK 0 B URL HTTP/2 wp-pl.eu/index_files/noop_003.js
IP 185.203.117.169:0
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /index_files/noop_003.js HTTP/1.1
Host: wp-pl.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 10:25:35 GMT
content-type: application/javascript
x-accel-version: 0.01
last-modified: Tue, 09 Aug 2022 02:31:44 GMT
etag: W/"26-5e5c5bbb3e400"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
wp-pl.eu/
185.203.117.169200 OK 0 B IP 185.203.117.169:0
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET / HTTP/1.1
Host: wp-pl.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 10:25:35 GMT
content-type: text/html
last-modified: Wed, 10 Aug 2022 13:11:00 GMT
etag: W/"62f3ae64-26f1d"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
cdn.connectad.io/connectmyusers.php?gdpr=1&gdpr_consent=CPdYzQAPdYzQABIACCPLCbCgAP_AAH_AAB5YI8Nd_X__bW9j-_5_aft0eY1P9_r37uQzDhfNk-8F3L_W_LwX52E7NF36pq4KmR4Eu1LBIQNlHMHUDUmwaokVrzHsak2cpyNKJ7JEknMZO2dYGF9Pn1tjuYKY7_5_9_bx2D-t_9_-39T378Xf3_dp_2_-_vCfV599jfn9fV_789KP9_79v-_8__________3_7BHYAkw1biALsSxwJtAwihRAjCsJCqBQAQUAwtEFgA4OCnZWAT6whYAIBQBGBECHEFGDAIABAIAkIgAkCLBAIgCIBAACABEAhAARMAgsALAwCAAEA0LFAKAAQJCDIgIjlMCAiBIKCWysQSgr0NMIA6ywAoNEbFQAIkAAFICAkLBwDBEgJeLJAkxRvkAIwQoBRKgAAAAA.YAAAAAAAAAAA&
104.22.54.206200 OK 0 B URL HTTP/2 cdn.connectad.io/connectmyusers.php?gdpr=1&gdpr_consent=CPdYzQAPdYzQABIACCPLCbCgAP_AAH_AAB5YI8Nd_X__bW9j-_5_aft0eY1P9_r37uQzDhfNk-8F3L_W_LwX52E7NF36pq4KmR4Eu1LBIQNlHMHUDUmwaokVrzHsak2cpyNKJ7JEknMZO2dYGF9Pn1tjuYKY7_5_9_bx2D-t_9_-39T378Xf3_dp_2_-_vCfV599jfn9fV_789KP9_79v-_8__________3_7BHYAkw1biALsSxwJtAwihRAjCsJCqBQAQUAwtEFgA4OCnZWAT6whYAIBQBGBECHEFGDAIABAIAkIgAkCLBAIgCIBAACABEAhAARMAgsALAwCAAEA0LFAKAAQJCDIgIjlMCAiBIKCWysQSgr0NMIA6ywAoNEbFQAIkAAFICAkLBwDBEgJeLJAkxRvkAIwQoBRKgAAAAA.YAAAAAAAAAAA&
IP 104.22.54.206:0
GET /connectmyusers.php?gdpr=1&gdpr_consent=CPdYzQAPdYzQABIACCPLCbCgAP_AAH_AAB5YI8Nd_X__bW9j-_5_aft0eY1P9_r37uQzDhfNk-8F3L_W_LwX52E7NF36pq4KmR4Eu1LBIQNlHMHUDUmwaokVrzHsak2cpyNKJ7JEknMZO2dYGF9Pn1tjuYKY7_5_9_bx2D-t_9_-39T378Xf3_dp_2_-_vCfV599jfn9fV_789KP9_79v-_8__________3_7BHYAkw1biALsSxwJtAwihRAjCsJCqBQAQUAwtEFgA4OCnZWAT6whYAIBQBGBECHEFGDAIABAIAkIgAkCLBAIgCIBAACABEAhAARMAgsALAwCAAEA0LFAKAAQJCDIgIjlMCAiBIKCWysQSgr0NMIA6ywAoNEbFQAIkAAFICAkLBwDBEgJeLJAkxRvkAIwQoBRKgAAAAA.YAAAAAAAAAAA& HTTP/1.1
Host: cdn.connectad.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 04 Oct 2022 10:25:35 GMT
content-type: text/html; charset=UTF-8
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 754d36e78a490af6-OSL
content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
wp-pl.eu/index_files/NTI1NDg3YTUoUzh3SEhsIGsLbCcXWxEnPVVsaEVsbG5rbhEbOGwRCxZuERs4_004
185.203.117.169200 OK 0 B URL HTTP/2 wp-pl.eu/index_files/NTI1NDg3YTUoUzh3SEhsIGsLbCcXWxEnPVVsaEVsbG5rbhEbOGwRCxZuERs4_004
IP 185.203.117.169:0
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /index_files/NTI1NDg3YTUoUzh3SEhsIGsLbCcXWxEnPVVsaEVsbG5rbhEbOGwRCxZuERs4_004 HTTP/1.1
Host: wp-pl.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 10:25:35 GMT
content-type: application/octet-stream
content-length: 80569
last-modified: Tue, 09 Aug 2022 02:31:44 GMT
etag: "62f1c710-13ab9"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
ws7.hotjar.com/api/v2/sites/3102034/recordings/content
52.214.2.161200 OK 0 B URL HTTP/2 ws7.hotjar.com/api/v2/sites/3102034/recordings/content
IP 52.214.2.161:0
POST /api/v2/sites/3102034/recordings/content HTTP/1.1
Host: ws7.hotjar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain; charset=UTF-8
Content-Length: 302620
Origin: https://wp-pl.eu
Connection: keep-alive
Referer: https://wp-pl.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 04 Oct 2022 10:25:37 GMT
content-type: application/json
vary: Accept-Encoding
cache-control: no-cache, no-store
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
content-encoding: br
X-Firefox-Spdy: h2
cdn.connectad.io/connectmyusers.php?gdpr=1&gdpr_consent=CPdYzQAPdYzQABIACCPLCbCgAP_AAH_AAB5YI8Nd_X__bW9j-_5_aft0eY1P9_r37uQzDhfNk-8F3L_W_LwX52E7NF36pq4KmR4Eu1LBIQNlHMHUDUmwaokVrzHsak2cpyNKJ7JEknMZO2dYGF9Pn1tjuYKY7_5_9_bx2D-t_9_-39T378Xf3_dp_2_-_vCfV599jfn9fV_789KP9_79v-_8__________3_7BHYAkw1biALsSxwJtAwihRAjCsJCqBQAQUAwtEFgA4OCnZWAT6whYAIBQBGBECHEFGDAIABAIAkIgAkCLBAIgCIBAACABEAhAARMAgsALAwCAAEA0LFAKAAQJCDIgIjlMCAiBIKCWysQSgr0NMIA6ywAoNEbFQAIkAAFICAkLBwDBEgJeLJAkxRvkAIwQoBRKgAAAAA.YAAAAAAAAAAA&
104.22.54.206200 OK 0 B URL HTTP/2 cdn.connectad.io/connectmyusers.php?gdpr=1&gdpr_consent=CPdYzQAPdYzQABIACCPLCbCgAP_AAH_AAB5YI8Nd_X__bW9j-_5_aft0eY1P9_r37uQzDhfNk-8F3L_W_LwX52E7NF36pq4KmR4Eu1LBIQNlHMHUDUmwaokVrzHsak2cpyNKJ7JEknMZO2dYGF9Pn1tjuYKY7_5_9_bx2D-t_9_-39T378Xf3_dp_2_-_vCfV599jfn9fV_789KP9_79v-_8__________3_7BHYAkw1biALsSxwJtAwihRAjCsJCqBQAQUAwtEFgA4OCnZWAT6whYAIBQBGBECHEFGDAIABAIAkIgAkCLBAIgCIBAACABEAhAARMAgsALAwCAAEA0LFAKAAQJCDIgIjlMCAiBIKCWysQSgr0NMIA6ywAoNEbFQAIkAAFICAkLBwDBEgJeLJAkxRvkAIwQoBRKgAAAAA.YAAAAAAAAAAA&
IP 104.22.54.206:0
GET /connectmyusers.php?gdpr=1&gdpr_consent=CPdYzQAPdYzQABIACCPLCbCgAP_AAH_AAB5YI8Nd_X__bW9j-_5_aft0eY1P9_r37uQzDhfNk-8F3L_W_LwX52E7NF36pq4KmR4Eu1LBIQNlHMHUDUmwaokVrzHsak2cpyNKJ7JEknMZO2dYGF9Pn1tjuYKY7_5_9_bx2D-t_9_-39T378Xf3_dp_2_-_vCfV599jfn9fV_789KP9_79v-_8__________3_7BHYAkw1biALsSxwJtAwihRAjCsJCqBQAQUAwtEFgA4OCnZWAT6whYAIBQBGBECHEFGDAIABAIAkIgAkCLBAIgCIBAACABEAhAARMAgsALAwCAAEA0LFAKAAQJCDIgIjlMCAiBIKCWysQSgr0NMIA6ywAoNEbFQAIkAAFICAkLBwDBEgJeLJAkxRvkAIwQoBRKgAAAAA.YAAAAAAAAAAA& HTTP/1.1
Host: cdn.connectad.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 04 Oct 2022 10:25:35 GMT
content-type: text/html; charset=UTF-8
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 754d36e78a440af6-OSL
content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
wp-pl.eu/index_files/noop_005.js
185.203.117.169200 OK 0 B URL HTTP/2 wp-pl.eu/index_files/noop_005.js
IP 185.203.117.169:0
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /index_files/noop_005.js HTTP/1.1
Host: wp-pl.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 10:25:35 GMT
content-type: application/javascript
x-accel-version: 0.01
last-modified: Tue, 09 Aug 2022 02:31:44 GMT
etag: W/"26-5e5c5bbb3e400"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
wp-pl.eu/index_files/index.js
185.203.117.169200 OK 0 B URL HTTP/2 wp-pl.eu/index_files/index.js
IP 185.203.117.169:0
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /index_files/index.js HTTP/1.1
Host: wp-pl.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 10:25:35 GMT
content-type: application/javascript
last-modified: Tue, 09 Aug 2022 02:31:44 GMT
etag: W/"62f1c710-22e9"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
wp-pl.eu/index_files/bWluLmNzTTYNFzpeYQFACE5PbjIRJT0IMyoTMhElPQgzKhMyESU9CDMqEzIR.css
185.203.117.169200 OK 0 B URL HTTP/2 wp-pl.eu/index_files/bWluLmNzTTYNFzpeYQFACE5PbjIRJT0IMyoTMhElPQgzKhMyESU9CDMqEzIR.css
IP 185.203.117.169:0
Analyzer Verdict Alert quad9 Sinkholed
GET /index_files/bWluLmNzTTYNFzpeYQFACE5PbjIRJT0IMyoTMhElPQgzKhMyESU9CDMqEzIR.css HTTP/1.1
Host: wp-pl.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 10:25:35 GMT
content-type: text/css
last-modified: Tue, 09 Aug 2022 02:31:44 GMT
etag: W/"62f1c710-758bb"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fwp-pl.eu%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
104.18.19.126200 OK 0 B URL HTTP/2 ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fwp-pl.eu%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
IP 104.18.19.126:0
GET /usermatch?d=https%3A%2F%2Fwp-pl.eu%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1 HTTP/1.1
Host: ssum-sec.casalemedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://js-sec.indexww.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 04 Oct 2022 10:25:36 GMT
content-type: text/html
cf-ray: 754d36e95f33b51d-OSL
cache-control: no-cache
expires: 0
cf-cache-status: DYNAMIC
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BaX4sYoIVlgwxH9TGNUpc3HcYMxetkrZh7Bl1lhRTr1qXe6fDtELthWET0NY9iubFKWn2RWxRV6VldHne5lLh64WLWPPIpC0idgdGltH3K5JXRnLrQCtNb3q1gcVSUSUeKMOtMqQJGqw9A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
wp-pl.eu/index_files/widgets.js
185.203.117.169404 Not Found 0 B URL HTTP/2 wp-pl.eu/index_files/widgets.js
IP 185.203.117.169:0
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /index_files/widgets.js HTTP/1.1
Host: wp-pl.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Tue, 04 Oct 2022 10:25:35 GMT
content-type: text/html
last-modified: Tue, 09 Aug 2022 12:32:30 GMT
etag: W/"328-5e5ce2043ba15"
content-encoding: br
X-Firefox-Spdy: h2
static.hotjar.com/c/hotjar-3102034.js?sv=6
143.204.55.84200 OK 0 B URL HTTP/2 static.hotjar.com/c/hotjar-3102034.js?sv=6
IP 143.204.55.84:0
GET /c/hotjar-3102034.js?sv=6 HTTP/1.1
Host: static.hotjar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
date: Tue, 04 Oct 2022 10:25:36 GMT
access-control-allow-origin: *
cache-control: max-age=60
content-encoding: br
cross-origin-resource-policy: cross-origin
etag: W/8727a986d171bca9655b985a57346cac
strict-transport-security: max-age=2592000; includeSubDomains
x-cache-hit: 1
x-content-type-options: nosniff
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 814e8c24454087e83cd261a6cf477166.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: X5scmWiDCMLrPtfnFkPA2q0h0pYQdEHjJMlsxacAiXEF8qQ-04NIEg==
X-Firefox-Spdy: h2
ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fsync.connectad.io%2Fumatch%2F1%3Fgdpr%3D1%26gdpr_consent%3DCPdYzQAPdYzQABIACCPLCbCgAP_AAH_AAB5YI8Nd_X__bW9j-_5_aft0eY1P9_r37uQzDhfNk-8F3L_W_LwX52E7NF36pq4KmR4Eu1LBIQNlHMHUDUmwaokVrzHsak2cpyNKJ7JEknMZO2dYGF9Pn1tjuYKY7_5_9_bx2D-t_9_-39T378Xf3_dp_2_-_vCfV599jfn9fV_789KP9_79v-_8__________3_7BHYAkw1biALsSxwJtAwihRAjCsJCqBQAQUAwtEFgA4OCnZWAT6whYAIBQBGBECHEFGDAIABAIAkIgAkCLBAIgCIBAACABEAhAARMAgsALAwCAAEA0LFAKAAQJCDIgIjlMCAiBIKCWysQSgr0NMIA6ywAoNEbFQAIkAAFICAkLBwDBEgJeLJAkxRvkAIwQoBRKgAAAAA.YAAAAAAAAAAA%26bidder%3Didx%26dataid%3Ddata13%26uuid%3D&gdpr=1&gdpr_consent=CPdYzQAPdYzQABIACCPLCbCgAP_AAH_AAB5YI8Nd_X__bW9j-_5_aft0eY1P9_r37uQzDhfNk-8F3L_W_LwX52E7NF36pq4KmR4Eu1LBIQNlHMHUDUmwaokVrzHsak2cpyNKJ7JEknMZO2dYGF9Pn1tjuYKY7_5_9_bx2D-t_9_-39T378Xf3_dp_2_-_vCfV599jfn9fV_789KP9_79v-_8__________3_7BHYAkw1biALsSxwJtAwihRAjCsJCqBQAQUAwtEFgA4OCnZWAT6whYAIBQBGBECHEFGDAIABAIAkIgAkCLBAIgCIBAACABEAhAARMAgsALAwCAAEA0LFAKAAQJCDIgIjlMCAiBIKCWysQSgr0NMIA6ywAoNEbFQAIkAAFICAkLBwDBEgJeLJAkxRvkAIwQoBRKgAAAAA.YAAAAAAAAAAA&s=190906&C=1
104.18.19.126200 OK 0 B URL HTTP/2 ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fsync.connectad.io%2Fumatch%2F1%3Fgdpr%3D1%26gdpr_consent%3DCPdYzQAPdYzQABIACCPLCbCgAP_AAH_AAB5YI8Nd_X__bW9j-_5_aft0eY1P9_r37uQzDhfNk-8F3L_W_LwX52E7NF36pq4KmR4Eu1LBIQNlHMHUDUmwaokVrzHsak2cpyNKJ7JEknMZO2dYGF9Pn1tjuYKY7_5_9_bx2D-t_9_-39T378Xf3_dp_2_-_vCfV599jfn9fV_789KP9_79v-_8__________3_7BHYAkw1biALsSxwJtAwihRAjCsJCqBQAQUAwtEFgA4OCnZWAT6whYAIBQBGBECHEFGDAIABAIAkIgAkCLBAIgCIBAACABEAhAARMAgsALAwCAAEA0LFAKAAQJCDIgIjlMCAiBIKCWysQSgr0NMIA6ywAoNEbFQAIkAAFICAkLBwDBEgJeLJAkxRvkAIwQoBRKgAAAAA.YAAAAAAAAAAA%26bidder%3Didx%26dataid%3Ddata13%26uuid%3D&gdpr=1&gdpr_consent=CPdYzQAPdYzQABIACCPLCbCgAP_AAH_AAB5YI8Nd_X__bW9j-_5_aft0eY1P9_r37uQzDhfNk-8F3L_W_LwX52E7NF36pq4KmR4Eu1LBIQNlHMHUDUmwaokVrzHsak2cpyNKJ7JEknMZO2dYGF9Pn1tjuYKY7_5_9_bx2D-t_9_-39T378Xf3_dp_2_-_vCfV599jfn9fV_789KP9_79v-_8__________3_7BHYAkw1biALsSxwJtAwihRAjCsJCqBQAQUAwtEFgA4OCnZWAT6whYAIBQBGBECHEFGDAIABAIAkIgAkCLBAIgCIBAACABEAhAARMAgsALAwCAAEA0LFAKAAQJCDIgIjlMCAiBIKCWysQSgr0NMIA6ywAoNEbFQAIkAAFICAkLBwDBEgJeLJAkxRvkAIwQoBRKgAAAAA.YAAAAAAAAAAA&s=190906&C=1
IP 104.18.19.126:0
GET /usermatch?cb=https%3A%2F%2Fsync.connectad.io%2Fumatch%2F1%3Fgdpr%3D1%26gdpr_consent%3DCPdYzQAPdYzQABIACCPLCbCgAP_AAH_AAB5YI8Nd_X__bW9j-_5_aft0eY1P9_r37uQzDhfNk-8F3L_W_LwX52E7NF36pq4KmR4Eu1LBIQNlHMHUDUmwaokVrzHsak2cpyNKJ7JEknMZO2dYGF9Pn1tjuYKY7_5_9_bx2D-t_9_-39T378Xf3_dp_2_-_vCfV599jfn9fV_789KP9_79v-_8__________3_7BHYAkw1biALsSxwJtAwihRAjCsJCqBQAQUAwtEFgA4OCnZWAT6whYAIBQBGBECHEFGDAIABAIAkIgAkCLBAIgCIBAACABEAhAARMAgsALAwCAAEA0LFAKAAQJCDIgIjlMCAiBIKCWysQSgr0NMIA6ywAoNEbFQAIkAAFICAkLBwDBEgJeLJAkxRvkAIwQoBRKgAAAAA.YAAAAAAAAAAA%26bidder%3Didx%26dataid%3Ddata13%26uuid%3D&gdpr=1&gdpr_consent=CPdYzQAPdYzQABIACCPLCbCgAP_AAH_AAB5YI8Nd_X__bW9j-_5_aft0eY1P9_r37uQzDhfNk-8F3L_W_LwX52E7NF36pq4KmR4Eu1LBIQNlHMHUDUmwaokVrzHsak2cpyNKJ7JEknMZO2dYGF9Pn1tjuYKY7_5_9_bx2D-t_9_-39T378Xf3_dp_2_-_vCfV599jfn9fV_789KP9_79v-_8__________3_7BHYAkw1biALsSxwJtAwihRAjCsJCqBQAQUAwtEFgA4OCnZWAT6whYAIBQBGBECHEFGDAIABAIAkIgAkCLBAIgCIBAACABEAhAARMAgsALAwCAAEA0LFAKAAQJCDIgIjlMCAiBIKCWysQSgr0NMIA6ywAoNEbFQAIkAAFICAkLBwDBEgJeLJAkxRvkAIwQoBRKgAAAAA.YAAAAAAAAAAA&s=190906&C=1 HTTP/1.1
Host: ssum.casalemedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sync-eu.connectad.io/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 04 Oct 2022 10:25:36 GMT
content-type: text/html
cf-ray: 754d36ea384bfabc-OSL
cache-control: no-cache
expires: 0
cf-cache-status: DYNAMIC
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zbtkOzHIq6TBqgjh8VoI3mAq5sObIBvGBtwTxg433hGTFHmPgfvhY1TMPuRk96kwm3JRMZ%2BwzdY9JK4bWeGJkRqzf1wCDiUEWGDtq67KRqi5gajvs%2Bt%2Bs0VVXdXyA7oJ2eYd75v8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
simage4.pubmatic.com/AdServer/SPug?o=1&p=62652&sc=1&pr=https%3A%2F%2Fssp.wp.pl%2Fbidder%2Fusersync%2Fsetuid%3Fgdpr%3D1%26gdpr_consent%3DCPdYzQAPdYzQABIACCPLCbCgAP_AAH_AAB5YI8Nd_X__bW9j-_5_aft0eY1P9_r37uQzDhfNk-8F3L_W_LwX52E7NF36pq4KmR4Eu1LBIQNlHMHUDUmwaokVrzHsak2cpyNKJ7JEknMZO2dYGF9Pn1tjuYKY7_5_9_bx2D-t_9_-39T378Xf3_dp_2_-_vCfV599jfn9fV_789KP9_79v-_8__________3_7BHYAkw1biALsSxwJtAwihRAjCsJCqBQAQUAwtEFgA4OCnZWAT6whYAIBQBGBECHEFGDAIABAIAkIgAkCLBAIgCIBAACABEAhAARMAgsALAwCAAEA0LFAKAAQJCDIgIjlMCAiBIKCWysQSgr0NMIA6ywAoNEbFQAIkAAFICAkLBwDBEgJeLJAkxRvkAIwQoBRKgAAAAA.YAAAAAAAAAAA%26inver%3D%26host%3Dsportowefakty.wp.pl%26bidder%3Dpubmatic%26uid%3D&u=613D33C0-7F81-4F58-86EE-0B0C37F8B781&rs=3&gdpr=0&gdpr_consent=&us_privacy=
198.47.127.20302 Found 0 B URL HTTP/2 simage4.pubmatic.com/AdServer/SPug?o=1&p=62652&sc=1&pr=https%3A%2F%2Fssp.wp.pl%2Fbidder%2Fusersync%2Fsetuid%3Fgdpr%3D1%26gdpr_consent%3DCPdYzQAPdYzQABIACCPLCbCgAP_AAH_AAB5YI8Nd_X__bW9j-_5_aft0eY1P9_r37uQzDhfNk-8F3L_W_LwX52E7NF36pq4KmR4Eu1LBIQNlHMHUDUmwaokVrzHsak2cpyNKJ7JEknMZO2dYGF9Pn1tjuYKY7_5_9_bx2D-t_9_-39T378Xf3_dp_2_-_vCfV599jfn9fV_789KP9_79v-_8__________3_7BHYAkw1biALsSxwJtAwihRAjCsJCqBQAQUAwtEFgA4OCnZWAT6whYAIBQBGBECHEFGDAIABAIAkIgAkCLBAIgCIBAACABEAhAARMAgsALAwCAAEA0LFAKAAQJCDIgIjlMCAiBIKCWysQSgr0NMIA6ywAoNEbFQAIkAAFICAkLBwDBEgJeLJAkxRvkAIwQoBRKgAAAAA.YAAAAAAAAAAA%26inver%3D%26host%3Dsportowefakty.wp.pl%26bidder%3Dpubmatic%26uid%3D&u=613D33C0-7F81-4F58-86EE-0B0C37F8B781&rs=3&gdpr=0&gdpr_consent=&us_privacy=
IP 198.47.127.20:0
GET /AdServer/SPug?o=1&p=62652&sc=1&pr=https%3A%2F%2Fssp.wp.pl%2Fbidder%2Fusersync%2Fsetuid%3Fgdpr%3D1%26gdpr_consent%3DCPdYzQAPdYzQABIACCPLCbCgAP_AAH_AAB5YI8Nd_X__bW9j-_5_aft0eY1P9_r37uQzDhfNk-8F3L_W_LwX52E7NF36pq4KmR4Eu1LBIQNlHMHUDUmwaokVrzHsak2cpyNKJ7JEknMZO2dYGF9Pn1tjuYKY7_5_9_bx2D-t_9_-39T378Xf3_dp_2_-_vCfV599jfn9fV_789KP9_79v-_8__________3_7BHYAkw1biALsSxwJtAwihRAjCsJCqBQAQUAwtEFgA4OCnZWAT6whYAIBQBGBECHEFGDAIABAIAkIgAkCLBAIgCIBAACABEAhAARMAgsALAwCAAEA0LFAKAAQJCDIgIjlMCAiBIKCWysQSgr0NMIA6ywAoNEbFQAIkAAFICAkLBwDBEgJeLJAkxRvkAIwQoBRKgAAAAA.YAAAAAAAAAAA%26inver%3D%26host%3Dsportowefakty.wp.pl%26bidder%3Dpubmatic%26uid%3D&u=613D33C0-7F81-4F58-86EE-0B0C37F8B781&rs=3&gdpr=0&gdpr_consent=&us_privacy= HTTP/1.1
Host: simage4.pubmatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
HTTP/2 302 Found
server: nginx
date: Tue, 04 Oct 2022 10:25:36 GMT
location: https://ssp.wp.pl/bidder/usersync/setuid?gdpr=1&gdpr_consent=CPdYzQAPdYzQABIACCPLCbCgAP_AAH_AAB5YI8Nd_X__bW9j-_5_aft0eY1P9_r37uQzDhfNk-8F3L_W_LwX52E7NF36pq4KmR4Eu1LBIQNlHMHUDUmwaokVrzHsak2cpyNKJ7JEknMZO2dYGF9Pn1tjuYKY7_5_9_bx2D-t_9_-39T378Xf3_dp_2_-_vCfV599jfn9fV_789KP9_79v-_8__________3_7BHYAkw1biALsSxwJtAwihRAjCsJCqBQAQUAwtEFgA4OCnZWAT6whYAIBQBGBECHEFGDAIABAIAkIgAkCLBAIgCIBAACABEAhAARMAgsALAwCAAEA0LFAKAAQJCDIgIjlMCAiBIKCWysQSgr0NMIA6ywAoNEbFQAIkAAFICAkLBwDBEgJeLJAkxRvkAIwQoBRKgAAAAA.YAAAAAAAAAAA&inver=&host=sportowefakty.wp.pl&bidder=pubmatic&uid=
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private
X-Firefox-Spdy: h2
wp-pl.eu/index_files/noop.js
185.203.117.169200 OK 0 B URL HTTP/2 wp-pl.eu/index_files/noop.js
IP 185.203.117.169:0
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /index_files/noop.js HTTP/1.1
Host: wp-pl.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 10:25:35 GMT
content-type: application/javascript
x-accel-version: 0.01
last-modified: Tue, 09 Aug 2022 02:31:44 GMT
etag: W/"26-5e5c5bbb3e400"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
wp-pl.eu/index_files/NTI1NDg3YTUoUzh3SEhsIGsLbCcXWxEnPVVsaEVsbG5rbhEbOGwRCxZuERs4_003
185.203.117.169200 OK 0 B URL HTTP/2 wp-pl.eu/index_files/NTI1NDg3YTUoUzh3SEhsIGsLbCcXWxEnPVVsaEVsbG5rbhEbOGwRCxZuERs4_003
IP 185.203.117.169:0
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /index_files/NTI1NDg3YTUoUzh3SEhsIGsLbCcXWxEnPVVsaEVsbG5rbhEbOGwRCxZuERs4_003 HTTP/1.1
Host: wp-pl.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 10:25:35 GMT
content-type: text/plain
last-modified: Tue, 09 Aug 2022 02:31:44 GMT
etag: W/"62f1c710-df25"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
wp-pl.eu/index_files/noop_002.js
185.203.117.169200 OK 0 B URL HTTP/2 wp-pl.eu/index_files/noop_002.js
IP 185.203.117.169:0
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /index_files/noop_002.js HTTP/1.1
Host: wp-pl.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 10:25:35 GMT
content-type: application/javascript
x-accel-version: 0.01
last-modified: Tue, 09 Aug 2022 02:31:44 GMT
etag: W/"26-5e5c5bbb3e400"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
wp-pl.eu/index_files/noop_006.js
185.203.117.169200 OK 0 B URL HTTP/2 wp-pl.eu/index_files/noop_006.js
IP 185.203.117.169:0
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /index_files/noop_006.js HTTP/1.1
Host: wp-pl.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 10:25:35 GMT
content-type: application/javascript
x-accel-version: 0.01
last-modified: Tue, 09 Aug 2022 02:31:44 GMT
etag: W/"26-5e5c5bbb3e400"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
wp-pl.eu/index_files/noop_007.js
185.203.117.169200 OK 0 B URL HTTP/2 wp-pl.eu/index_files/noop_007.js
IP 185.203.117.169:0
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /index_files/noop_007.js HTTP/1.1
Host: wp-pl.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 10:25:35 GMT
content-type: application/javascript
x-accel-version: 0.01
last-modified: Tue, 09 Aug 2022 02:31:44 GMT
etag: W/"26-5e5c5bbb3e400"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
wp-pl.eu/index_files/NTI1NDg3YTUoUzh3SEhsIGsLbCcXWxEnPVVsaEVsbG5rbhEbOGwRCxZuERs4_002
185.203.117.169200 OK 0 B URL HTTP/2 wp-pl.eu/index_files/NTI1NDg3YTUoUzh3SEhsIGsLbCcXWxEnPVVsaEVsbG5rbhEbOGwRCxZuERs4_002
IP 185.203.117.169:0
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /index_files/NTI1NDg3YTUoUzh3SEhsIGsLbCcXWxEnPVVsaEVsbG5rbhEbOGwRCxZuERs4_002 HTTP/1.1
Host: wp-pl.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 10:25:35 GMT
content-type: text/plain
last-modified: Tue, 09 Aug 2022 02:31:44 GMT
etag: W/"62f1c710-582ed"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
wp-pl.eu/index_files/NTI1NDg3YTUoUzh3SEhsIGsLbCcXWxEnPVVsaEVsbG5rbhEbOGwRCxZuE_002.js
185.203.117.169200 OK 0 B URL HTTP/2 wp-pl.eu/index_files/NTI1NDg3YTUoUzh3SEhsIGsLbCcXWxEnPVVsaEVsbG5rbhEbOGwRCxZuE_002.js
IP 185.203.117.169:0
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /index_files/NTI1NDg3YTUoUzh3SEhsIGsLbCcXWxEnPVVsaEVsbG5rbhEbOGwRCxZuE_002.js HTTP/1.1
Host: wp-pl.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wp-pl.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 10:25:35 GMT
content-type: application/javascript
last-modified: Tue, 09 Aug 2022 02:31:44 GMT
etag: W/"62f1c710-43884"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2