firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 91dd975a7b17b2922dd23c0e49314e40
57a2ece1e3cee7c4ebf927f2ba92f52cac395fe2
09966873bbf317f8910c59544cfde2a6d46e8acd2905797cc7c85c6b4d18ea8a
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Content-Type, Alert, Backoff, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Thu, 15 Sep 2022 23:10:40 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 50584ad285d5f627ddebae74efdd0770.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: -qi_IG_UaWZpxzoT8w0ofNiNjRcdbwrtGB8KIPNLhxgLBPXWRY6aZA==
Age: 1944
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 96daaf84cd2c07756756caf7a2724a29
d24d47c68eec98d44bf341dab9d893df97103e1a
fef9ce9f75ec19e7ae2ccbffb6654db2473a2b4acc94c1b4303e5ec24149465f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FEF9CE9F75EC19E7AE2CCBFFB6654DB2473A2B4ACC94C1B4303E5EC24149465F"
Last-Modified: Thu, 15 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12697
Expires: Fri, 16 Sep 2022 03:14:41 GMT
Date: Thu, 15 Sep 2022 23:43:04 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Thu, 15 Sep 2022 04:35:16 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: _NTAalQbCGVKqk919TBQrIVTiLfAEYj0HIsKHE-m4Vtgx9I_VM685Q==
age: 68869
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 15 Sep 2022 23:43:04 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Thu, 15 Sep 2022 23:03:22 GMT
Cache-Control: max-age=3600
Expires: Thu, 15 Sep 2022 23:35:04 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 277d0e3af1ffdcb1ee40b7dc9f040146.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: P3h4TgllD9YeoNzbkA7B9YspfPn6PNC4ZNEoaWeRAg_e9UOf3EHQxw==
Age: 2383
rrunua.xyz/
200 OK 500 B IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 17ee13918c3b7fcef81f27bb0d0debc2
ff374813141048780a922b1aee8a1c273cf3ea3f
0b763ba0e7e75b7f826659530ca263540fb49fbb598769593232f5da98dadbae
Analyzer Verdict Alert fortinet Phishing
GET / HTTP/1.1
Host: rrunua.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Thu, 15 Sep 2022 23:43:04 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.3.8
Set-Cookie: session=f605d171332048376d9e2053b285ee6f; expires=Fri, 16-Sep-2022 00:13:04 GMT; path=/
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Expires: Mon, 31 Dec 2001 7:32:00 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
P3P: CP="CAO PSA OUR"
Pragma: no-cache
Content-Length: 500
Connection: close
Content-Type: text/html; charset=UTF-8
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 7975b33417f675d21a178b997288d616
1d2e957c46d45d6cb2f44389f3dcc66c880b6065
daffff63daade8bb0c2fd63570229df8502c563dd079b4da4103f6ee89fa67e1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 15 Sep 2022 23:43:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js
200 OK 34 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js
IP
File type ASCII text, with very long lines (65483)
Hash a54a444f20643b131117dc2112cca05f
074964746b12ff1d30f7656310d6154ae1cc98b5
aa3ca8485dd777d4d880b38c1cf3bc2fc290d28a79ba3e3e43cba1f653132830
GET /ajax/libs/jquery/1.8.3/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rrunua.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33593
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 10 Sep 2022 09:37:50 GMT
expires: Sun, 10 Sep 2023 09:37:50 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 482715
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash d597af1ab2f21a983bf0f0d105b94209
9d5dd938777abde094c89066b539141a02106b88
a614eb7f969544c8040642be7c852625341e2441e757d063d2af1ff465c8c3f4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 957
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 15 Sep 2022 23:43:05 GMT
Last-Modified: Thu, 15 Sep 2022 23:27:08 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 7975b33417f675d21a178b997288d616
1d2e957c46d45d6cb2f44389f3dcc66c880b6065
daffff63daade8bb0c2fd63570229df8502c563dd079b4da4103f6ee89fa67e1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 15 Sep 2022 23:43:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: FVEgFUmK6yJxATXViTFIlA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: UPDesJxrysmiQ3IHnYK7KlfEQmo=
rrunua.xyz/bh.php?dm=rrunua.xyz&kw=&tt=f605d171332048376d9e2053b285ee6f&ty=false
200 OK 315 B URL HTTP/1.1 rrunua.xyz/bh.php?dm=rrunua.xyz&kw=&tt=f605d171332048376d9e2053b285ee6f&ty=false
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 05e8639ddfd778c9a0541bba360797eb
7c22fa657d62a00b156c0dc044ac2b9aa82dfa1c
2e9e705e31564cf0c4e1da88c9eb033094d4a080c4ef6a48d98156eafda88d78
GET /bh.php?dm=rrunua.xyz&kw=&tt=f605d171332048376d9e2053b285ee6f&ty=false HTTP/1.1
Host: rrunua.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rrunua.xyz/
Cookie: session=f605d171332048376d9e2053b285ee6f
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Thu, 15 Sep 2022 23:43:05 GMT
Server: Apache
X-Powered-By: PHP/5.3.8
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Expires: Mon, 31 Dec 2001 7:32:00 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
P3P: CP="CAO PSA OUR"
Pragma: no-cache
Content-Length: 315
Connection: close
Content-Type: text/html; charset=UTF-8
rrunua.xyz/favicon.ico
200 OK 356 B IP
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash ed968d3582f43c1c0cd0b48a2287db8d
6dea034f724c7877365c03fb9f26ba7c56d1f99f
9a1195edbd318280e3a97d9994abb118df533a67434ce68b19f3d8990bea62ac
GET /favicon.ico HTTP/1.1
Host: rrunua.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rrunua.xyz/
Cookie: session=f605d171332048376d9e2053b285ee6f
HTTP/1.1 200 OK
Date: Thu, 15 Sep 2022 23:43:05 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 03 Jul 2019 18:59:02 GMT
ETag: "47e-58ccb745c2980"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
P3P: CP="CAO PSA OUR"
Content-Length: 356
Connection: close
Content-Type: text/plain; charset=UTF-8
rrunua.xyz/cf.php
200 OK 2.2 kB IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (672)
Hash 8a92890cf1d7fcca3d045f792d0035c4
cc00f87e4bc510be4b7208fed810b4f5fee20601
8b1514c795fb42da302b03f9ce08fef840bd2eaa06d6bd883a23036392e8d6ab
Analyzer Verdict Alert fortinet Phishing
GET /cf.php HTTP/1.1
Host: rrunua.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rrunua.xyz/
Cookie: session=f605d171332048376d9e2053b285ee6f
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Thu, 15 Sep 2022 23:43:05 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.3.8
Set-Cookie: session=f605d171332048376d9e2053b285ee6f; expires=Fri, 16-Sep-2022 00:13:05 GMT; path=/
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Expires: Mon, 31 Dec 2001 7:32:00 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
P3P: CP="CAO PSA OUR"
Pragma: no-cache
Content-Length: 2152
Connection: close
Content-Type: text/html; charset=UTF-8
ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js
200 OK 34 kB URL HTTP/1.1 ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js
IP
File type HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (32769)
Hash d989f35706c62ce4a5c561586c55566e
d32e7958e5765609bf08dcdefd0b2c2a8714ce34
375dfe942a03ee024b5cc827b3efda5550d13df7530281f50862ce3b33fcb716
GET /ajax/libs/jquery/1.7.2/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rrunua.xyz/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="hosted-libraries-pushers"
Report-To: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
Timing-Allow-Origin: *
Content-Length: 33845
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Thu, 15 Sep 2022 17:47:33 GMT
Expires: Fri, 15 Sep 2023 17:47:33 GMT
Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
Age: 21332
Last-Modified: Tue, 03 Mar 2020 19:15:00 GMT
Content-Type: text/javascript; charset=UTF-8
www.google.com/adsense/domains/caf.js
200 OK 53 kB URL HTTP/1.1 www.google.com/adsense/domains/caf.js
IP
File type ASCII text, with very long lines (1885)
Hash 281778f18ad6007c37de5bb766e7b0f2
903f055afdde04652bbee71414c5048f7b5ab3ce
5e60a31f8ef6921edc4df793fc86bb0ca342440412d0e6e03db5cc231b1c1afb
GET /adsense/domains/caf.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rrunua.xyz/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Type: text/javascript; charset=UTF-8
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="ads-afs-ui"
Report-To: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
Date: Thu, 15 Sep 2022 23:43:05 GMT
Expires: Thu, 15 Sep 2022 23:43:05 GMT
Cache-Control: private, max-age=3600
ETag: "14166313325219047958"
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: sffe
X-XSS-Protection: 0
rrunua.xyz/js/coza-banner.js
200 OK 675 B URL HTTP/1.1 rrunua.xyz/js/coza-banner.js
IP
Hash a56c7279200906bac46672855a3b9036
132de8c49ba8409838cae874cb926e53dd91a7ca
a223be35e81d35a6d7875aa69fe742a3be1d6040d6bf8efec9086304918047a5
Analyzer Verdict Alert fortinet Phishing
GET /js/coza-banner.js HTTP/1.1
Host: rrunua.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rrunua.xyz/cf.php
Cookie: session=f605d171332048376d9e2053b285ee6f
HTTP/1.1 200 OK
Date: Thu, 15 Sep 2022 23:43:05 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.3.8
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
P3P: CP="CAO PSA OUR"
Content-Length: 675
Connection: close
Content-Type: text/html; charset=UTF-8
rrunua.xyz/style/master.css
200 OK 1.4 kB URL HTTP/1.1 rrunua.xyz/style/master.css
IP
Hash bd89b7f89176d4c65f83923c0b0b99b9
556f3a43275b73b959337651ee258a8434c6d82f
37808f7d3175111a33705adefe262cd7d8bcec2998d5c86eab3e4587e0be2db9
GET /style/master.css HTTP/1.1
Host: rrunua.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rrunua.xyz/cf.php
Cookie: session=f605d171332048376d9e2053b285ee6f
HTTP/1.1 200 OK
Date: Thu, 15 Sep 2022 23:43:05 GMT
Server: Apache
X-Powered-By: PHP/5.3.8
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
P3P: CP="CAO PSA OUR"
Content-Length: 1413
Connection: close
Content-Type: text/css
rrunua.xyz/style/960.css
200 OK 893 B IP
Hash 346d6aca736954ff788a959994b17538
a49a2a023cf3adf5ae3dfd57ce30612e6a1a1d5b
67e610e390ea004ad5d363f00ace0cd1af6aaf27dd937b6854bd5c17c152a4ca
GET /style/960.css HTTP/1.1
Host: rrunua.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rrunua.xyz/cf.php
Cookie: session=f605d171332048376d9e2053b285ee6f
HTTP/1.1 200 OK
Date: Thu, 15 Sep 2022 23:43:05 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.3.8
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
P3P: CP="CAO PSA OUR"
Content-Length: 893
Connection: close
Content-Type: text/css
rrunua.xyz/min/?b=css&f=v2_style_1.css
200 OK 4.0 kB URL HTTP/1.1 rrunua.xyz/min/?b=css&f=v2_style_1.css
IP
File type ASCII text, with very long lines (1981)
Hash 393e28948cab28549aa1f5fd89ab5630
66ab74fa60c1d2e988e019861b6063d4e33c5fda
85b3854e22afa6a2be53e0df18127577a6c5e7be4ac1a39999029b1191aff47a
GET /min/?b=css&f=v2_style_1.css HTTP/1.1
Host: rrunua.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rrunua.xyz/cf.php
Cookie: session=f605d171332048376d9e2053b285ee6f
HTTP/1.1 200 OK
Date: Thu, 15 Sep 2022 23:43:05 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.3.8
Expires: Mon, 31 Dec 2001 7:32:00 GMT
Vary: Accept-Encoding,User-Agent
Last-Modified: Wed, 03 Jul 2019 18:59:02 GMT
ETag: "pub1562180342;gz"
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Content-Length: 3954
Content-Encoding: gzip
P3P: CP="CAO PSA OUR"
Pragma: no-cache
Connection: close
Content-Type: text/css; charset=utf-8
rrunua.xyz/js/caf.js
200 OK 2.5 kB IP
File type ASCII text, with very long lines (390)
Hash ce7bc6f83cf88ebd335559b06fb57cb2
d4798a6dd0641788c6d74bf26ced526a4024f359
002da0bcf2d07e07651107f65a306545939cc68d0024a9e33864224c1659f4dd
Analyzer Verdict Alert fortinet Phishing
GET /js/caf.js HTTP/1.1
Host: rrunua.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rrunua.xyz/cf.php
Cookie: session=f605d171332048376d9e2053b285ee6f
HTTP/1.1 200 OK
Date: Thu, 15 Sep 2022 23:43:05 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.3.8
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
P3P: CP="CAO PSA OUR"
Content-Length: 2533
Connection: close
Content-Type: text/html; charset=UTF-8
rrunua.xyz/style/reset.css
200 OK 403 B URL HTTP/1.1 rrunua.xyz/style/reset.css
IP
File type ASCII text, with very long lines (368)
Hash 12a447ecb12d9820586e1ba1ff049caa
4dbc0ac1cb24dac51bac08a23b967c69ad6f1dea
91b9fd5f2b675cbf07aec75181f14b010eabab61194c923431c2753786dc9034
GET /style/reset.css HTTP/1.1
Host: rrunua.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rrunua.xyz/style/master.css
Cookie: session=f605d171332048376d9e2053b285ee6f
HTTP/1.1 200 OK
Date: Thu, 15 Sep 2022 23:43:06 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.3.8
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
P3P: CP="CAO PSA OUR"
Content-Length: 403
Connection: close
Content-Type: text/css
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 91dad4479f7dcb623266cf0dcfef5875
9fcf1f0e16c17a43021ab8fb01089d2d9c9f1d3a
0dc4f9c3ecdccb7e1b7a651c72ee63acc06482b362f060547534c3196e561412
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 15 Sep 2022 23:43:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 91dad4479f7dcb623266cf0dcfef5875
9fcf1f0e16c17a43021ab8fb01089d2d9c9f1d3a
0dc4f9c3ecdccb7e1b7a651c72ee63acc06482b362f060547534c3196e561412
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 15 Sep 2022 23:43:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/afs/ads/i/iframe.html
200 OK 729 B URL HTTP/2 www.google.com/afs/ads/i/iframe.html
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1559)
Hash 284d9b057e298b1d62ddd8107c387e88
522d72187b605b632d9e11e25b48644a5c396a07
ab2e09451026b653d959488b3a3d410272cb53241055ec05e60b9d6755263a6b
GET /afs/ads/i/iframe.html HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rrunua.xyz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
content-security-policy: script-src 'nonce-FJ4aoeDuDwYzWXY0N9YD3Q' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui; base-uri 'none'
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
content-length: 729
date: Thu, 15 Sep 2022 23:43:06 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
last-modified: Mon, 18 Oct 2021 14:30:00 GMT
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 8ff1c0d8a380ce4a561609526d995bf5
135ecd7e71ea2823d39f8c1efcb2121618ed8167
f7228281af8d6de222aa47b3a78a627f85315244e65a8956fa2c0c7dff1bb7ad
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 15 Sep 2022 23:43:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/afs/ads?adtest=off&channel=001003&domain_name=rrunua.xyz&client=dp-voodoo02&r=m&hl=no&max_radlink_len=32&type=3&uiopt=false&swp=as-drid-oo-1789003080427502&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17300953%2C17300956%2C17301094%2C17301097&format=r5%7Cr5&nocache=1871663285370838&num=0&output=afd_ads&v=3&bsl=8&pac=2&u_his=1&u_tz=0&dt=1663285370860&u_w=1280&u_h=1024&biw=1280&bih=939&isw=1280&ish=939&psw=1280&psh=939&frm=1&uio=--&cont=related-1%7Crelated-2&jsid=caf&jsv=473734947&rurl=http%3A%2F%2Frrunua.xyz%2Fcf.php&referer=http%3A%2F%2Frrunua.xyz%2F&adbw=slave-1-1%3A480%2Cmaster-1%3A480
200 OK 1.5 kB URL HTTP/2 www.google.com/afs/ads?adtest=off&channel=001003&domain_name=rrunua.xyz&client=dp-voodoo02&r=m&hl=no&max_radlink_len=32&type=3&uiopt=false&swp=as-drid-oo-1789003080427502&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17300953%2C17300956%2C17301094%2C17301097&format=r5%7Cr5&nocache=1871663285370838&num=0&output=afd_ads&v=3&bsl=8&pac=2&u_his=1&u_tz=0&dt=1663285370860&u_w=1280&u_h=1024&biw=1280&bih=939&isw=1280&ish=939&psw=1280&psh=939&frm=1&uio=--&cont=related-1%7Crelated-2&jsid=caf&jsv=473734947&rurl=http%3A%2F%2Frrunua.xyz%2Fcf.php&referer=http%3A%2F%2Frrunua.xyz%2F&adbw=slave-1-1%3A480%2Cmaster-1%3A480
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (3407)
Hash ec787e1e963a058e6ac12f0433dc6cf0
6de446a1833c55278e83ccc2875e2618cb86a9ff
73a249dbcbf9a02c36ba00439f5786a34f02e30d9440f2cca533522a9a9ae768
GET /afs/ads?adtest=off&channel=001003&domain_name=rrunua.xyz&client=dp-voodoo02&r=m&hl=no&max_radlink_len=32&type=3&uiopt=false&swp=as-drid-oo-1789003080427502&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17300953%2C17300956%2C17301094%2C17301097&format=r5%7Cr5&nocache=1871663285370838&num=0&output=afd_ads&v=3&bsl=8&pac=2&u_his=1&u_tz=0&dt=1663285370860&u_w=1280&u_h=1024&biw=1280&bih=939&isw=1280&ish=939&psw=1280&psh=939&frm=1&uio=--&cont=related-1%7Crelated-2&jsid=caf&jsv=473734947&rurl=http%3A%2F%2Frrunua.xyz%2Fcf.php&referer=http%3A%2F%2Frrunua.xyz%2F&adbw=slave-1-1%3A480%2Cmaster-1%3A480 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rrunua.xyz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
content-disposition: inline
date: Thu, 15 Sep 2022 23:43:06 GMT
expires: Thu, 15 Sep 2022 23:43:06 GMT
cache-control: private, max-age=3600
content-encoding: br
server: gws
content-length: 1539
x-xss-protection: 0
set-cookie: CONSENT=PENDING+777; expires=Sat, 14-Sep-2024 23:43:06 GMT; path=/; domain=.google.com; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 20ae50d0df52817906a88b07b3c08138
0f999020f07959636477be4178d238d4dd460464
26eb9c5ac69c9144425fb15a481336487c1923bb141685aea110b0e3dfc20171
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 15 Sep 2022 23:43:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
afs.googleusercontent.com/dp-voodoo/bullet_doublearrow_orange.png
200 OK 896 B URL HTTP/2 afs.googleusercontent.com/dp-voodoo/bullet_doublearrow_orange.png
IP
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash e92477c9562eb277fc583be65482872c
31d7013b359d20bdb459220f0b2eeab93c9d34a1
f51944cc7f8309ad0b375720813c3f17969701741b6315583b1d3faddedf482c
GET /dp-voodoo/bullet_doublearrow_orange.png HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
content-length: 896
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 15 Sep 2022 00:51:49 GMT
expires: Thu, 15 Sep 2022 23:51:49 GMT
cache-control: public, max-age=82800
age: 82277
last-modified: Wed, 10 Apr 2013 22:28:15 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
rrunua.xyz/images/rightcap_springmorning_01.png
200 OK 1.3 kB URL HTTP/1.1 rrunua.xyz/images/rightcap_springmorning_01.png
IP
File type PNG image data, 225 x 150, 8-bit/color RGBA, non-interlaced\012- data
Hash b35ccb04db6693c14ac837746268c4f3
e4384880780abdaa6a5e96908204eab4e70154d5
c333e024cc6959c5182ea935d17df6a8186152e0270f024b1f20eb4a8f758968
GET /images/rightcap_springmorning_01.png HTTP/1.1
Host: rrunua.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rrunua.xyz/min/?b=css&f=v2_style_1.css
Cookie: session=f605d171332048376d9e2053b285ee6f
HTTP/1.1 200 OK
Date: Thu, 15 Sep 2022 23:43:06 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 03 Jul 2019 18:58:59 GMT
ETag: "4f2-58ccb742e62c0"
Accept-Ranges: bytes
Content-Length: 1266
Cache-Control: max-age=2592000, public
Expires: Sat, 15 Oct 2022 23:43:06 GMT
P3P: CP="CAO PSA OUR"
Connection: close
Content-Type: image/png
rrunua.xyz/images/footer_slice_gradient.png
200 OK 221 B URL HTTP/1.1 rrunua.xyz/images/footer_slice_gradient.png
IP
File type PNG image data, 17 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash 4257f88a35d8650d4debafd3d2761a4b
3e8b2105c630407eaada05f290676f6fcaa5830c
e0ea43a448c963c42f1dd0bc3b2a79149bd7f91c27d525d9e250c28b11130b4f
GET /images/footer_slice_gradient.png HTTP/1.1
Host: rrunua.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rrunua.xyz/min/?b=css&f=v2_style_1.css
Cookie: session=f605d171332048376d9e2053b285ee6f
HTTP/1.1 200 OK
Date: Thu, 15 Sep 2022 23:43:06 GMT
Server: Apache
Last-Modified: Wed, 03 Jul 2019 18:58:59 GMT
ETag: "dd-58ccb742e62c0"
Accept-Ranges: bytes
Content-Length: 221
Cache-Control: max-age=2592000, public
Expires: Sat, 15 Oct 2022 23:43:06 GMT
P3P: CP="CAO PSA OUR"
Connection: close
Content-Type: image/png
rrunua.xyz/images/bg_springmorning_01.png
200 OK 266 B URL HTTP/1.1 rrunua.xyz/images/bg_springmorning_01.png
IP
File type PNG image data, 31 x 150, 8-bit/color RGBA, non-interlaced\012- data
Hash f86977b7c2448a5aa4f1677c07fd2ebe
f38b629fa7078a5489feb8927bea29b63d63b7e8
a1ae809a918fdea575225aee27bf10e06f5cc67e6c407c51715a9cf68b565bec
GET /images/bg_springmorning_01.png HTTP/1.1
Host: rrunua.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rrunua.xyz/min/?b=css&f=v2_style_1.css
Cookie: session=f605d171332048376d9e2053b285ee6f
HTTP/1.1 200 OK
Date: Thu, 15 Sep 2022 23:43:06 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 03 Jul 2019 18:58:59 GMT
ETag: "10a-58ccb742e62c0"
Accept-Ranges: bytes
Content-Length: 266
Cache-Control: max-age=2592000, public
Expires: Sat, 15 Oct 2022 23:43:06 GMT
P3P: CP="CAO PSA OUR"
Connection: close
Content-Type: image/png
rrunua.xyz/images/leftcap_springmorning_01.png
200 OK 1.2 kB URL HTTP/1.1 rrunua.xyz/images/leftcap_springmorning_01.png
IP
File type PNG image data, 225 x 150, 8-bit/color RGBA, non-interlaced\012- data
Hash 01512b64e57a9e8e4b403bb47de6c1f1
5bd1475107e272d814c8342cbc97e6ca0161a57a
da0e73c09f0684527231269ab3606667838e0769e209a0e49e2f79de265dcbb2
GET /images/leftcap_springmorning_01.png HTTP/1.1
Host: rrunua.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rrunua.xyz/min/?b=css&f=v2_style_1.css
Cookie: session=f605d171332048376d9e2053b285ee6f
HTTP/1.1 200 OK
Date: Thu, 15 Sep 2022 23:43:06 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 03 Jul 2019 18:58:59 GMT
ETag: "4b7-58ccb742e62c0"
Accept-Ranges: bytes
Content-Length: 1207
Cache-Control: max-age=2592000, public
Expires: Sat, 15 Oct 2022 23:43:06 GMT
P3P: CP="CAO PSA OUR"
Connection: close
Content-Type: image/png
rrunua.xyz/photos/750_150/cats.jpg
200 OK 19 kB URL HTTP/1.1 rrunua.xyz/photos/750_150/cats.jpg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90", baseline, precision 8, 750x150, components 3\012- data
Hash 078b7e0aee281cf92ff1420a63c6a6c3
83dfa5c413b2a6a3e9d31ccaf9f6f0433cf80b23
074994de2536b52111929c376a14439c6fbbb64be623b26ee1ea2dd30e892aa8
GET /photos/750_150/cats.jpg HTTP/1.1
Host: rrunua.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rrunua.xyz/cf.php
Cookie: session=f605d171332048376d9e2053b285ee6f
HTTP/1.1 200 OK
Date: Thu, 15 Sep 2022 23:43:06 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.3.8
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Expires: Mon, 31 Dec 2001 7:32:00 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
P3P: CP="CAO PSA OUR"
Pragma: no-cache
Content-Length: 19297
Connection: close
Content-Type: image/jpeg
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 20ae50d0df52817906a88b07b3c08138
0f999020f07959636477be4178d238d4dd460464
26eb9c5ac69c9144425fb15a481336487c1923bb141685aea110b0e3dfc20171
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 15 Sep 2022 23:43:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash edc3fd16211643f33475ab54eac21a38
2971ab3faf279849c6c89c2e557b361b09010a9b
eeea21b2ec81e44dc5caabf4c8be119c12c8566098253f5da2c45d45a517f0dc
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 15 Sep 2022 23:43:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
partner.googleadservices.com/gampad/cookie.js?domain=rrunua.xyz&client=dp-voodoo02&product=SAS&callback=__sasCookie
200 OK 181 B URL HTTP/2 partner.googleadservices.com/gampad/cookie.js?domain=rrunua.xyz&client=dp-voodoo02&product=SAS&callback=__sasCookie
IP
File type ASCII text, with no line terminators
Hash ca7a9279751abcfdcc2da1a8069669dc
53ee29ac3c82e9eb282d342287694156187909a8
828b8da639dd2bc38db8b89ea0ecb421e24499a1d0254ee3321dea91969d57a1
GET /gampad/cookie.js?domain=rrunua.xyz&client=dp-voodoo02&product=SAS&callback=__sasCookie HTTP/1.1
Host: partner.googleadservices.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rrunua.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Thu, 15 Sep 2022 23:43:06 GMT
server: cafe
cache-control: private
content-length: 181
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash edc3fd16211643f33475ab54eac21a38
2971ab3faf279849c6c89c2e557b361b09010a9b
eeea21b2ec81e44dc5caabf4c8be119c12c8566098253f5da2c45d45a517f0dc
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 15 Sep 2022 23:43:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 4abe181b1d086cd7e122d7de32f63fb6
e3482d4df0d59c247109ff7fb97f20ec6f142c4d
63c277b85854c244e38f5b3e60a073eb15962a0784ba1b726353e3ec0c3e9e02
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "63C277B85854C244E38F5B3E60A073EB15962A0784BA1B726353E3EC0C3E9E02"
Last-Modified: Thu, 15 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15985
Expires: Fri, 16 Sep 2022 04:09:31 GMT
Date: Thu, 15 Sep 2022 23:43:06 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 4abe181b1d086cd7e122d7de32f63fb6
e3482d4df0d59c247109ff7fb97f20ec6f142c4d
63c277b85854c244e38f5b3e60a073eb15962a0784ba1b726353e3ec0c3e9e02
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "63C277B85854C244E38F5B3E60A073EB15962A0784BA1B726353E3EC0C3E9E02"
Last-Modified: Thu, 15 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15985
Expires: Fri, 16 Sep 2022 04:09:31 GMT
Date: Thu, 15 Sep 2022 23:43:06 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd10bce85-63ee-4a0f-93d7-c5af7cb0a4f3.jpeg
200 OK 2.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd10bce85-63ee-4a0f-93d7-c5af7cb0a4f3.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5a10204c6f1c13d6f6d2a19653e49eac
8193e7ef70c77f11bb698f4973c42444c8362fcc
c230fddf7736fee44f47bf857f67261adfe8099c8d896ef5a21301822bfeaca8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd10bce85-63ee-4a0f-93d7-c5af7cb0a4f3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 2076
x-amzn-requestid: 4d219353-93bd-4f18-8a8c-64142d7be19d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YhVBdHN-oAMFmgw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63239ba2-70dafa722a10c16e5b21de02;Sampled=0
x-amzn-remapped-date: Thu, 15 Sep 2022 21:39:46 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 8-7AUXlRwp2qBjLd-x7QWDKJDEwV_ZLSRxjO5gyVfFXB7obVOH__Sg==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Sep 2022 21:48:48 GMT
age: 6858
etag: "8193e7ef70c77f11bb698f4973c42444c8362fcc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F855bc857-3105-4de6-b3a8-0eb895422ea5.png
200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F855bc857-3105-4de6-b3a8-0eb895422ea5.png
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 512280055633fcce9abc7d11a9816a24
de5c3e010fca76659455a144875a52c25fa72bdd
435eadb36830928b20d4cf8ead62134b75bd0ed3228489d9fdee66450bcbeaed
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F855bc857-3105-4de6-b3a8-0eb895422ea5.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13536
x-amzn-requestid: 5533b257-1558-472b-aeb9-8207a78e1110
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YhVDzFa4IAMF9Rg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63239bb1-05d0dfde7a488ed97d2a40d5;Sampled=0
x-amzn-remapped-date: Thu, 15 Sep 2022 21:40:01 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: JAzbRqinDuqQuQoESEsL26c1Y1UTQ5tO1thL3ugE6LPQtNTWGaGTLg==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 5397b304713f6301c7c94ac084b6ed08.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Sep 2022 21:48:32 GMT
age: 6874
etag: "de5c3e010fca76659455a144875a52c25fa72bdd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3eb4aa92-edbe-4eb2-a1a4-0526bce5b13f.jpeg
200 OK 6.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3eb4aa92-edbe-4eb2-a1a4-0526bce5b13f.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2e990e4086570a10e2b3ec85aace1b82
742c33d879e3d0a21ff90b090960870a5cd0bb04
dd01ff5d019e5017ad49330f28dc0e09c768c8e66c2cc6b387d553642dc365fe
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3eb4aa92-edbe-4eb2-a1a4-0526bce5b13f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6300
x-amzn-requestid: c7bbe10c-76da-4cb4-a34c-2a0319d3b7a4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YhUkXGpPIAMF1kA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63239ae8-51191d655852f60d5cf280fc;Sampled=0
x-amzn-remapped-date: Thu, 15 Sep 2022 21:36:40 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 8y9suBepMTTS0MOqnZd7zzSHFLdKVnjIjoeZ2xmkIuMMZ15m5tbwqw==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 02d90bf99fd6253b329a53c82f19e224.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Sep 2022 21:50:35 GMT
etag: "742c33d879e3d0a21ff90b090960870a5cd0bb04"
content-type: image/jpeg
age: 6751
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdbd68450-8c97-4e9a-a798-8484ec30f381.jpeg
200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdbd68450-8c97-4e9a-a798-8484ec30f381.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e4f3e6b013d785036c9b9c16aef3404f
28bf10400e47ad48eee5db04829b88340e021840
98596627e914528b177b8a3d2be8766bdf210c62415961ab99afefa465440819
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdbd68450-8c97-4e9a-a798-8484ec30f381.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8854
x-amzn-requestid: ae78dca7-cd78-40ad-8ef3-5b287d99b0e5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YO1suGFuoAMFptg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631c3651-12f3fedb07f856af06e8b1e5;Sampled=0
x-amzn-remapped-date: Sat, 10 Sep 2022 07:01:37 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: h1Q93ahPFyzjb40UxQcoDZPKkpLtrkcj1vE_mB4AW2Gn9CAibFnd6A==
via: 1.1 1f6e68152880a39d72e6bf2996cd6a60.cloudfront.net (CloudFront), 1.1 02d90bf99fd6253b329a53c82f19e224.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Sep 2022 22:03:47 GMT
age: 5959
etag: "28bf10400e47ad48eee5db04829b88340e021840"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F032fbd06-806d-41e6-9160-3fdf480555ac.webp
200 OK 9.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F032fbd06-806d-41e6-9160-3fdf480555ac.webp
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d242ded8ac40a1eb617303256d5f34eb
afbe7dae2d65763a004b5bddc697131762da7bf2
b4b08292f36acfca7df3710c29c184c5ff18592e6383eddc5582d302184fce59
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F032fbd06-806d-41e6-9160-3fdf480555ac.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9256
x-amzn-requestid: 19e81e48-6501-4938-906c-60aa7acdb33a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YhUj5EE5oAMFvwA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63239ae5-3031e84f158e1ad94da4875b;Sampled=0
x-amzn-remapped-date: Thu, 15 Sep 2022 21:36:37 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 7sWzfcxt9YWCOnMbanWOiZhhv5DXzHDq8vBqd1AhMfxewBBS0ZtidA==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 1481cc55c02c3a782ad420b6bac2cb32.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Sep 2022 21:45:48 GMT
age: 7038
etag: "afbe7dae2d65763a004b5bddc697131762da7bf2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9f324c1-b260-459e-99b9-15f07eb8a371.jpeg
200 OK 9.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9f324c1-b260-459e-99b9-15f07eb8a371.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6df61daeab506e87fcf2705cd27551c1
e7a56868fe8a8d8bf2dc370c25da434a94d5382e
747c2d9c7e12ffd3e47e32860614cb678d1595971caca1caecb8b17b7156d545
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9f324c1-b260-459e-99b9-15f07eb8a371.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9101
x-amzn-requestid: d4785813-3308-423a-bfab-26f810acc8ff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YhU0qE_yIAMFhGQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63239b50-1fb25e9171579b5e070d1009;Sampled=0
x-amzn-remapped-date: Thu, 15 Sep 2022 21:38:24 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: I2WF4L8TNoAlpuGMmQmTewovWgyg9M0RuXJxpzSsKWGmeaXcGZJFMw==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Sep 2022 21:50:35 GMT
age: 6751
etag: "e7a56868fe8a8d8bf2dc370c25da434a94d5382e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
rrunua.xyz/status.php?domain=rrunua.xyz&trackingtoken=f605d171332048376d9e2053b285ee6f&status=caf&u_his=1&u_h=1024&u_w=1280&d_h=939&d_w=1280&u_top=0&u_left=0&http_referrer=
200 OK 54 kB URL HTTP/1.1 rrunua.xyz/status.php?domain=rrunua.xyz&trackingtoken=f605d171332048376d9e2053b285ee6f&status=caf&u_his=1&u_h=1024&u_w=1280&d_h=939&d_w=1280&u_top=0&u_left=0&http_referrer=
IP
File type ASCII text, with very long lines (1885)
Hash b5d157959bf74cefcb65d7a9b1a9c65b
d3d1bf61f2cda0732011c769d302a981c67d5902
4fee2ba19ccf613643ed4381f3fab1eb221a33910f7aff6305e6a169e80705a0
GET /status.php?domain=rrunua.xyz&trackingtoken=f605d171332048376d9e2053b285ee6f&status=caf&u_his=1&u_h=1024&u_w=1280&d_h=939&d_w=1280&u_top=0&u_left=0&http_referrer= HTTP/1.1
Host: rrunua.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rrunua.xyz/cf.php
Cookie: session=f605d171332048376d9e2053b285ee6f
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Thu, 15 Sep 2022 23:43:06 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.3.8
Set-Cookie: session=f605d171332048376d9e2053b285ee6f; expires=Fri, 16-Sep-2022 00:13:06 GMT; path=/
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Expires: Mon, 31 Dec 2001 7:32:00 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
P3P: CP="CAO PSA OUR"
Pragma: no-cache
Content-Length: 20
Connection: close
Content-Type: text/html; charset=UTF-8
192.64.147.150
23.36.76.226
93.184.220.29