Overview

URL nummerstomars3.ga/250800/a/b/index6134.html
IP165.22.195.53
ASNDIGITALOCEAN-ASN
Location Netherlands
Report completed2022-08-31 10:13:24 UTC
StatusLoading report..
urlquery Alerts Scam / Fake AntiVirus


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter  No alerts detected
mnemonic secure dns  No alerts detected
Quad9 DNS  No alerts detected


Files

No files detected



Passive DNS (15)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS firefox.settings.services.mozilla.com (1) 867 2016-03-17 08:25:01 UTC 2022-08-31 05:00:35 UTC 143.204.55.115
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-08-31 05:05:27 UTC 143.204.55.110
mnemonic passive DNS ocsp.globalsign.com (1) 2075 2012-05-25 06:20:55 UTC 2022-08-31 05:00:55 UTC 104.18.20.226
mnemonic passive DNS www.googletagmanager.com (1) 75 2012-10-04 01:07:32 UTC 2022-08-31 05:05:18 UTC 142.250.74.72
mnemonic passive DNS va.tawk.to (2) 8297 2017-01-30 04:20:46 UTC 2022-08-31 07:04:48 UTC 104.22.24.131
mnemonic passive DNS img-getpocket.cdn.mozilla.net (5) 1631 2017-09-01 03:40:57 UTC 2022-08-31 02:24:51 UTC 34.120.237.76
mnemonic passive DNS maxcdn.bootstrapcdn.com (1) 724 2014-06-18 00:37:31 UTC 2022-08-31 07:29:14 UTC 104.18.11.207
mnemonic passive DNS nummerstomars3.ga (26) 0 2022-08-31 09:40:32 UTC 2022-08-31 09:40:32 UTC 165.22.195.53 Unknown ranking
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-08-31 04:57:20 UTC 34.117.237.239
mnemonic passive DNS ocsp.pki.goog (3) 175 2017-06-14 07:23:31 UTC 2022-08-31 05:05:03 UTC 142.250.74.3
mnemonic passive DNS ocsp.digicert.com (1) 86 2012-05-21 07:02:23 UTC 2022-08-31 04:56:59 UTC 93.184.220.29
mnemonic passive DNS r3.o.lencr.org (5) 344 2020-12-02 08:52:13 UTC 2022-08-31 04:58:05 UTC 23.36.76.226
mnemonic passive DNS push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2022-08-31 05:14:10 UTC 34.209.200.8
mnemonic passive DNS embed.tawk.to (12) 8650 2014-03-19 21:03:49 UTC 2022-08-31 05:20:59 UTC 104.22.24.131
mnemonic passive DNS region1.google-analytics.com (1) 0 2022-03-17 11:26:33 UTC 2022-08-31 05:10:15 UTC 216.239.32.36 Domain (google-analytics.com) ranked at: 8401


Recent reports on same IP/ASN/Domain/Screenshot

Last 1 reports on IP: 165.22.195.53

Date UQ / IDS / BL URL IP
2022-08-31 10:13:24 +0000
19 - 0 - 0 nummerstomars3.ga/250800/a/b/index6134.html 165.22.195.53

Last 5 reports on ASN: DIGITALOCEAN-ASN

Date UQ / IDS / BL URL IP
2022-12-06 01:16:17 +0000
0 - 0 - 3 161.35.228.239/ 161.35.228.239
2022-12-06 01:16:09 +0000
0 - 0 - 1 178.62.216.178/ 178.62.216.178
2022-12-06 01:15:31 +0000
13 - 0 - 7 schoenat.dz4i6dmjgn-ez94ddnyz4mr.p.temp-site. (...) 206.189.36.156
2022-12-06 01:15:09 +0000
7 - 0 - 8 schoenat.dz4i6dmjgn-ez94ddnyz4mr.p.temp-site.link/ 206.189.36.156
2022-12-06 01:14:42 +0000
0 - 0 - 31 167.71.46.139/ 167.71.46.139

Last 1 reports on domain: nummerstomars3.ga

Date UQ / IDS / BL URL IP
2022-08-31 10:13:24 +0000
19 - 0 - 0 nummerstomars3.ga/250800/a/b/index6134.html 165.22.195.53

Last 5 reports with similar screenshot

Date UQ / IDS / BL URL IP
2022-11-28 21:11:38 +0000
15 - 0 - 0 lemon-moss-0133e7210.2.azurestaticapps.net/Se (...) 20.82.22.191
2022-10-17 08:56:34 +0000
20 - 0 - 0 onlineforesanmer.ml/12121/itsuppoeres-topben- (...) 167.71.64.223
2022-10-16 11:29:03 +0000
20 - 0 - 0 jabkabhjiutarawernm.cf/Trostper/itsuppoeres-t (...) 188.166.62.73
2022-09-27 09:41:52 +0000
16 - 0 - 0 jabkgajourab.ml/2709ATruebrl/pomnsjercher/und (...) 188.166.97.93
2022-09-27 09:26:08 +0000
15 - 0 - 0 statueofbarash.cf/2709DEruebrl/ostereaicnht/u (...) 157.245.79.53


JavaScript

Executed Scripts (37)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (62)


Request Response
                                        
                                            GET /250800/a/b/index6134.html HTTP/1.1 
Host: nummerstomars3.ga
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         165.22.195.53
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=iso-8859-1
                                        
Date: Wed, 31 Aug 2022 10:13:13 GMT
Server: Apache/2.4.41 (Ubuntu)
Location: https://nummerstomars3.ga/250800/a/b/index6134.html
Content-Length: 342
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   342
Md5:    ad52d95f9abf7c7f9ec5b67ce62abfd2
Sha1:   31e4fbd9db8fdfed9b0652ba22c869f36ca290e9
Sha256: 0a5fef6d901c4d08dede3e3e61dc038a65587db9c8310c928dc4a583b35abb56
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.115
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Alert, Content-Length, Content-Type, Backoff
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 31 Aug 2022 09:26:23 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 b9f0050ca4d212d7c855e005be54b1ac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: lltUw6fFnmuWQHRqL6vrOssLkawSsGb94VUd7hcOgXO-g7pm1LKiew==
Age: 2810


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    b593eb39329cfe060d55be5e4a5405e2
Sha1:   78e46c1028e9f94f8569303ad2d90d7df13a059a
Sha256: 08a810103557efe55ca4425ff0cf82593f1f54633df899127eaec9bee05d4d04
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "ECE269E8B9BE8A5839D75C1343823D68B96930C593C2E3E8D522999176EE3149"
Last-Modified: Mon, 29 Aug 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7034
Expires: Wed, 31 Aug 2022 12:10:27 GMT
Date: Wed, 31 Aug 2022 10:13:13 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.110
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Wed, 31 Aug 2022 02:27:05 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Q_hCqWxKwLOOYxBLPOFiFAiXNjW7w1zJS7XjvXAtvvMB_OWp4ZnKIw==
age: 27969
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    742edb4038f38bc533514982f3d2e861
Sha1:   cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
Sha256: b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Wed, 31 Aug 2022 10:13:14 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "4D1B7518DA6F8365BDD683F763DD65807D95E108620F3048266D44E4876945CE"
Last-Modified: Wed, 31 Aug 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20501
Expires: Wed, 31 Aug 2022 15:54:55 GMT
Date: Wed, 31 Aug 2022 10:13:14 GMT
Connection: keep-alive

                                        
                                            GET /250800/a/b/index6134.html HTTP/1.1 
Host: nummerstomars3.ga
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                         
                                         165.22.195.53
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Wed, 31 Aug 2022 10:13:14 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Wed, 31 Aug 2022 10:11:58 GMT
ETag: "9526-5e786ba261697-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 7706
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (312), with CRLF line terminators
Size:   7706
Md5:    5f2fc477a00e13e6fc85a6461fe570eb
Sha1:   99aa90f5263db36c87e07bc70ffc9ed1102cf914
Sha256: d5feb9fc66b7ff100420629eb423d80c144af507cd6b1715dbbd3e7ded31bf7b
                                        
                                            GET /250800/cdn.jsdelivr.net/npm/bootstrap%404.6.0/dist/css/bootstrap.min.css HTTP/1.1 
Host: nummerstomars3.ga
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nummerstomars3.ga/250800/a/b/index6134.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

                                         
                                         165.22.195.53
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Wed, 31 Aug 2022 10:13:14 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Wed, 31 Aug 2022 10:12:05 GMT
ETag: "27681-5e786ba8e0ab6-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 24110
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (65326)
Size:   24110
Md5:    2c24cdf72824eafdf0869112250fbcb7
Sha1:   6393bb4bd9d2c406471c3db6a86c250034885d5c
Sha256: 2f9fef610e18d81e5b22fe6a3c7f514501d1bb3678a40b0fce6197e1568f0912
                                        
                                            GET /250800/a/b/fullscreen.js HTTP/1.1 
Host: nummerstomars3.ga
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nummerstomars3.ga/250800/a/b/index6134.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         165.22.195.53
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Wed, 31 Aug 2022 10:13:14 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Wed, 31 Aug 2022 10:11:57 GMT
ETag: "f5-5e786ba204a1f-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 157
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   157
Md5:    779a2131ae70af8531c81e03cc7cf254
Sha1:   efaebac82c3a02672072745b5924939669b74fbe
Sha256: 661b56b7b9faf475f4a110cb242cf49cc294f6cf46a1e7b16baf6806da494b84

Alerts:
  urlquery:
    - Scam / Fake AntiVirus
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 31 Aug 2022 10:13:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /250800/a/b/main.css HTTP/1.1 
Host: nummerstomars3.ga
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nummerstomars3.ga/250800/a/b/index6134.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         165.22.195.53
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Wed, 31 Aug 2022 10:13:14 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Wed, 31 Aug 2022 10:11:59 GMT
ETag: "2f41-5e786ba31af89-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2587
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   2587
Md5:    8fb6f1e0b45db8311502ada9f9cd7563
Sha1:   b136299d681be642862c6900f51e293fede35e28
Sha256: 8458c8354539109b875f37373d178cd5a7dbb8d87ee889ffb1247e121a529919

Alerts:
  urlquery:
    - Scam / Fake AntiVirus
                                        
                                            GET /250800/maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css HTTP/1.1 
Host: nummerstomars3.ga
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nummerstomars3.ga/250800/a/b/index6134.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         165.22.195.53
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Wed, 31 Aug 2022 10:13:14 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Wed, 31 Aug 2022 10:12:04 GMT
ETag: "6c6a-5e786ba8271a4-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 6271
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (27591)
Size:   6271
Md5:    bf4be4df64253a7d44d8fe3d6e11f2b4
Sha1:   cc6f46cb5ffa27fd1367f2b359000336391bcde1
Sha256: 6c7d2218d059fcfc263ee202cae2076ef39e1fe69707b54a29b4135964940f62

Alerts:
  urlquery:
    - Scam / Fake AntiVirus
                                        
                                            GET /250800/cdnjs.cloudflare.com/ajax/libs/modernizr/2.8.3/modernizr.min.js HTTP/1.1 
Host: nummerstomars3.ga
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nummerstomars3.ga/250800/a/b/index6134.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         165.22.195.53
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Wed, 31 Aug 2022 10:13:14 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Wed, 31 Aug 2022 10:12:08 GMT
ETag: "2b4c-5e786bac87572-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4511
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document, ASCII text, with very long lines (11084), with no line terminators
Size:   4511
Md5:    6716e06cf1f37f84f0c8d3914bb44f7d
Sha1:   8b5eca583880639d2e83b68c9a02c2ba472bd422
Sha256: 323b945928e870330abb8a5046568f56d767d232d6a02cb1e6ecefa725ec879c
                                        
                                            GET /250800/a/b/before.js HTTP/1.1 
Host: nummerstomars3.ga
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nummerstomars3.ga/250800/a/b/index6134.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         165.22.195.53
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Wed, 31 Aug 2022 10:13:14 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Wed, 31 Aug 2022 10:11:56 GMT
ETag: "16e-5e786ba059d94-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 218
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   218
Md5:    54d8f5c9c3561450c0069e73e9827bea
Sha1:   691bfeba5625d45b20046525108cbb77024e8cee
Sha256: 1fb72d2e756121119360fee096951bd269496b2dde615604dade39010a9b562b

Alerts:
  urlquery:
    - Scam / Fake AntiVirus
                                        
                                            GET /250800/a/b/main.js HTTP/1.1 
Host: nummerstomars3.ga
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nummerstomars3.ga/250800/a/b/index6134.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         165.22.195.53
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Wed, 31 Aug 2022 10:13:14 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Wed, 31 Aug 2022 10:11:59 GMT
ETag: "50a-5e786ba376c72-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 414
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   414
Md5:    b422842850b554c56c664fa141fd0943
Sha1:   7a20f93081a059e6b12e49803edfb13d5574be4f
Sha256: 0dd7e335fa881224bea371115dc81d97cd08c23577a8afa5b5ecd74434bafa23

Alerts:
  urlquery:
    - Scam / Fake AntiVirus
                                        
                                            GET /250800/cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js HTTP/1.1 
Host: nummerstomars3.ga
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nummerstomars3.ga/250800/a/b/index6134.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         165.22.195.53
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Wed, 31 Aug 2022 10:13:14 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Wed, 31 Aug 2022 10:12:07 GMT
ETag: "14983-5e786bab087c9-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 29547
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (32180)
Size:   29547
Md5:    19bb042b362be9d52a6a4afc1c79f0e1
Sha1:   2c27f676226825381f7a830e65b4d17c02c0c949
Sha256: bca4f1d8bfca3a6b297d78b33fa24bf8fe780e8aa6ecaff9d116c3f6abeb2ed8
                                        
                                            GET /gtag/js?id=UA-72791200-1 HTTP/1.1 
Host: www.googletagmanager.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nummerstomars3.ga/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.72
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 31 Aug 2022 10:13:14 GMT
expires: Wed, 31 Aug 2022 10:13:14 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 42921
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1615)
Size:   42921
Md5:    9e83180b90a8dc92a2f4edcd5f7c06de
Sha1:   c4d2220723473b396cf4daf62b153371b9e72f9e
Sha256: 099d1b378397ef56b50ce14f1d19bc0f644bb80382561197d0aa7ae0d762fe01
                                        
                                            GET /250800/a/b/light.js HTTP/1.1 
Host: nummerstomars3.ga
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nummerstomars3.ga/250800/a/b/index6134.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         165.22.195.53
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Wed, 31 Aug 2022 10:13:14 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Wed, 31 Aug 2022 10:11:58 GMT
ETag: "1f7-5e786ba2bc3cf-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 248
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   248
Md5:    ab5616b234fd9225c1437ddf8e50cfc7
Sha1:   8ca041d927e6de218fc4bea84785841b0ad6620c
Sha256: 037b4e9b6531e6d7c02bbd36ab1a93cc3f84362f19b0225b5524ce9dcea5f962

Alerts:
  urlquery:
    - Scam / Fake AntiVirus
                                        
                                            GET /250800/a/b/def.png HTTP/1.1 
Host: nummerstomars3.ga
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nummerstomars3.ga/250800/a/b/index6134.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         165.22.195.53
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Wed, 31 Aug 2022 10:13:14 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Wed, 31 Aug 2022 10:11:57 GMT
ETag: "efa-5e786ba1a2f86"
Accept-Ranges: bytes
Content-Length: 3834
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Size:   3834
Md5:    77a2ffc5545f87551d74781201de9b3b
Sha1:   c9c3798afd2ae95aa3bba3c428335d49c8255b06
Sha256: 316e6a6737bd296ab30aca2ef7fa36f119d15786a2432d01e31fdc130272f15c

Alerts:
  urlquery:
    - Scam / Fake AntiVirus
                                        
                                            GET /250800/a/b/virus-images.jpg HTTP/1.1 
Host: nummerstomars3.ga
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nummerstomars3.ga/250800/a/b/index6134.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         165.22.195.53
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Wed, 31 Aug 2022 10:13:14 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Wed, 31 Aug 2022 10:12:01 GMT
ETag: "2004-5e786ba5a08c7"
Accept-Ranges: bytes
Content-Length: 8196
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 254x71, components 3\012- data
Size:   8196
Md5:    5fc559a242f0ea0a023f10830887d2af
Sha1:   9d744c2f3a6bf5b715496350c8de7124cdd7ddc8
Sha256: 3b531d403dc8ce7cbb0efb1a0c307cfb2bbaaf21feaff9f3546f13bebda71887

Alerts:
  urlquery:
    - Scam / Fake AntiVirus
                                        
                                            GET /250800/a/b/minimize.jpg HTTP/1.1 
Host: nummerstomars3.ga
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nummerstomars3.ga/250800/a/b/index6134.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         165.22.195.53
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Wed, 31 Aug 2022 10:13:14 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Wed, 31 Aug 2022 10:12:00 GMT
ETag: "8c7-5e786ba431524"
Accept-Ranges: bytes
Content-Length: 2247
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 180x39, components 3\012- data
Size:   2247
Md5:    1ba392dce74f8987dca48bf65d817c8f
Sha1:   db0b8444c46125105b52f272bd422a7f52da1f72
Sha256: a05245b6f7fd752af4a7b0131bbdfdf3eaee6c5a25a81cb498e0f0759189473c

Alerts:
  urlquery:
    - Scam / Fake AntiVirus
                                        
                                            GET /250800/a/b/microsoft.png HTTP/1.1 
Host: nummerstomars3.ga
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nummerstomars3.ga/250800/a/b/index6134.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         165.22.195.53
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Wed, 31 Aug 2022 10:13:14 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Wed, 31 Aug 2022 10:11:59 GMT
ETag: "415-5e786ba3d583c"
Accept-Ranges: bytes
Content-Length: 1045
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image data, 47 x 46, 8-bit/color RGBA, non-interlaced\012- data
Size:   1045
Md5:    bf2b460590fbb9d8e9611a6e9006b816
Sha1:   561e1dab259d61e798b3ce380527b71b61074ff3
Sha256: ee4bc5fe81fa7c1e8497d79c9c8a96485df217092d334e9b48fa8840fed11d03

Alerts:
  urlquery:
    - Scam / Fake AntiVirus
                                        
                                            GET /250800/a/b/cross.png HTTP/1.1 
Host: nummerstomars3.ga
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nummerstomars3.ga/250800/a/b/index6134.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         165.22.195.53
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Wed, 31 Aug 2022 10:13:14 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Wed, 31 Aug 2022 10:11:57 GMT
ETag: "ac42-5e786ba148250"
Accept-Ranges: bytes
Content-Length: 44098
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image data, 2080 x 2080, 8-bit/color RGBA, non-interlaced\012- data
Size:   44098
Md5:    4487a588bf2a07e3d1936d705c5ceefd
Sha1:   db193b3e2ab9fbee6eae99ced2366b1ef5f16971
Sha256: 3821ef20f5904fdb993e34d87ff8fb9c5786a382efb0eeee8b4f00c91428b701

Alerts:
  urlquery:
    - Scam / Fake AntiVirus
                                        
                                            GET /250800/a/b/setting.png HTTP/1.1 
Host: nummerstomars3.ga
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nummerstomars3.ga/250800/a/b/index6134.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         165.22.195.53
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Wed, 31 Aug 2022 10:13:14 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Wed, 31 Aug 2022 10:12:01 GMT
ETag: "16c-5e786ba548a60"
Accept-Ranges: bytes
Content-Length: 364
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image data, 12 x 12, 8-bit/color RGB, non-interlaced\012- data
Size:   364
Md5:    e144c3378090087c8ce129a30cb6cb4e
Sha1:   59da5466551de941d0215e45c54aa2ceaf436be1
Sha256: b13a03e0db893734298cbe203bf264407636ffe5dab0a141f83c492d0034dd6a

Alerts:
  urlquery:
    - Scam / Fake AntiVirus
                                        
                                            GET /250800/a/b/que.png HTTP/1.1 
Host: nummerstomars3.ga
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nummerstomars3.ga/250800/a/b/index6134.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         165.22.195.53
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Wed, 31 Aug 2022 10:13:14 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Wed, 31 Aug 2022 10:12:00 GMT
ETag: "15d-5e786ba4e7f55"
Accept-Ranges: bytes
Content-Length: 349
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image data, 13 x 13, 8-bit/color RGB, non-interlaced\012- data
Size:   349
Md5:    7454c652e0733d92de6c920c2d646ae0
Sha1:   34a5bd8c7401f95e346895b0e5ccffbf0e9ad638
Sha256: 44f752b0bd2e48052d538bc6aca5379f3630ca64da945f794690ddf47e8eaef7

Alerts:
  urlquery:
    - Scam / Fake AntiVirus
                                        
                                            GET /250800/a/b/pc.png HTTP/1.1 
Host: nummerstomars3.ga
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nummerstomars3.ga/250800/a/b/index6134.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         165.22.195.53
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Wed, 31 Aug 2022 10:13:14 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Wed, 31 Aug 2022 10:12:00 GMT
ETag: "1355-5e786ba48d20d"
Accept-Ranges: bytes
Content-Length: 4949
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image data, 166 x 92, 8-bit/color RGBA, non-interlaced\012- data
Size:   4949
Md5:    cc5132b56ba46b03dd998aa1fe220106
Sha1:   403e007a0b17d76a9945fa5ec46a9d01733b3040
Sha256: 598699133be5eef63e3b9b5540609ec0dc91d7af9c7f70a3b890e57491a70ae0

Alerts:
  urlquery:
    - Scam / Fake AntiVirus
                                        
                                            GET /250800/a/b/bell.png HTTP/1.1 
Host: nummerstomars3.ga
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nummerstomars3.ga/250800/a/b/index6134.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         165.22.195.53
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Wed, 31 Aug 2022 10:13:14 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Wed, 31 Aug 2022 10:11:56 GMT
ETag: "454-5e786ba0e5817"
Accept-Ranges: bytes
Content-Length: 1108
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image data, 13 x 13, 8-bit/color RGBA, non-interlaced\012- data
Size:   1108
Md5:    a3555871399f1f67bfacaf437974b03a
Sha1:   b6337de87cd7a75a73cd804774651d14c83fe76a
Sha256: 2e48fef820929c21295e13444901f60e3aed61ba6f8c773ff1466e6843e76b49

Alerts:
  urlquery:
    - Scam / Fake AntiVirus
                                        
                                            GET /250800/a/b/virus-scan.png HTTP/1.1 
Host: nummerstomars3.ga
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nummerstomars3.ga/250800/a/b/index6134.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         165.22.195.53
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Wed, 31 Aug 2022 10:13:14 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Wed, 31 Aug 2022 10:12:02 GMT
ETag: "650f-5e786ba6042b3"
Accept-Ranges: bytes
Content-Length: 25871
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced\012- data
Size:   25871
Md5:    2c497dfff84bd8c5af9254c9d6278ce1
Sha1:   667e72e7ba6f00a54629e28133317022d4b59af6
Sha256: b2dc4153ee7019c70a1095d5d1304d540e3bba045d99e141f63e5b13362e5a4e

Alerts:
  urlquery:
    - Scam / Fake AntiVirus
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 31 Aug 2022 10:13:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /250800/a/b/background.png HTTP/1.1 
Host: nummerstomars3.ga
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nummerstomars3.ga/250800/a/b/index6134.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         165.22.195.53
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Wed, 31 Aug 2022 10:13:14 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Wed, 31 Aug 2022 10:11:55 GMT
ETag: "93db5-5e786ba029fe8"
Accept-Ranges: bytes
Content-Length: 605621
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image data, 1920 x 1080, 8-bit/color RGB, non-interlaced\012- data
Size:   605621
Md5:    b5e4f6810697e4324b909bc88945473f
Sha1:   78388667f9b3b7a50bbdc4d07c5ab06c22b53c29
Sha256: 1b3c01ab939e1b2429802fdd7350780229c73c72d57a2846e6b00afdc1108d7b

Alerts:
  urlquery:
    - Scam / Fake AntiVirus
                                        
                                            GET /250800/a/b/0wa0rni0ng0.mp3 HTTP/1.1 
Host: nummerstomars3.ga
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://nummerstomars3.ga/250800/a/b/index6134.html
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         165.22.195.53
HTTP/1.1 206 Partial Content
Content-Type: audio/mpeg
                                        
Date: Wed, 31 Aug 2022 10:13:14 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Wed, 31 Aug 2022 10:11:55 GMT
ETag: "20d5-5e786b9f9c625"
Accept-Ranges: bytes
Content-Length: 8405
Content-Range: bytes 0-8404/8405
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive


--- Additional Info ---
Magic:  Audio file with ID3 version 2.4.0, contains: MPEG ADTS, layer III, v1, 56 kbps, 44.1 kHz, Monaural\012- data
Size:   8405
Md5:    8618fbb0911e3b8fc96725dee8bfd81f
Sha1:   1bbcb78922946d0cf18fbf3a9e092e36453eb767
Sha256: 0589be7715d2320e559eae6bd26f3528e97450c70293da2e1e8ce45f77f99ab1

Alerts:
  urlquery:
    - Scam / Fake AntiVirus
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5023
Cache-Control: 'max-age=158059'
Date: Wed, 31 Aug 2022 10:13:14 GMT
Last-Modified: Wed, 31 Aug 2022 08:49:31 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /favicon.ico HTTP/1.1 
Host: nummerstomars3.ga
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nummerstomars3.ga/250800/a/b/index6134.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         165.22.195.53
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=iso-8859-1
                                        
Date: Wed, 31 Aug 2022 10:13:14 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 280
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   280
Md5:    bda8a8c304bc000bed30cdc4e7705999
Sha1:   da1cea37c7267c2855b63bee8eda4fdb6a5028a4
Sha256: 5423d4373d77b0a0b3dae4e92f2cbfb156a5ab0a479fb4edff72d310f7b54a42
                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: eCmVqvbo1GpYsdiDRlTGDA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         34.209.200.8
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: NNFkr/vinff4YYg5TW/mEQeJCm8=

                                        
                                            GET /_s/v4/app/630c16bea60/js/twk-chunk-vendors.js HTTP/1.1 
Host: embed.tawk.to
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nummerstomars3.ga
Connection: keep-alive
Referer: https://nummerstomars3.ga/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         104.22.24.131
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Wed, 31 Aug 2022 10:13:15 GMT
last-modified: Mon, 29 Aug 2022 01:31:16 GMT
etag: W/"81c2642aac0b88b6b237d279f5f8ce67"
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: HIT
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: MISS
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7434fe100b961c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (65464)
Size:   82517
Md5:    48eafafcabdbd6079b1b8f487aef07ac
Sha1:   93f11d319aaadc2cd9b9c412487a2a92c5f2f350
Sha256: a08b26c33fdd10e32d38172c945c127f1f97ddce791f4d3c9446a1e2d57bc376
                                        
                                            GET /_s/v4/app/630c16bea60/js/twk-chunk-common.js HTTP/1.1 
Host: embed.tawk.to
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nummerstomars3.ga
Connection: keep-alive
Referer: https://nummerstomars3.ga/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         104.22.24.131
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Wed, 31 Aug 2022 10:13:15 GMT
last-modified: Mon, 29 Aug 2022 01:31:16 GMT
etag: W/"a60e52c6e06e37e6cb034be34513f89a"
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: HIT
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: MISS
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7434fe100b981c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65466)
Size:   40692
Md5:    cfd48522085a2b847da5514d34f108f8
Sha1:   7c68f71a1b6fd18da0e33ab467666bb7de8530eb
Sha256: ebf3a693234f0328ccd1b4930a1f521d667f166db807b2db529d7ff0bcc1dabe
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 31 Aug 2022 10:13:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /g/collect?v=2&tid=G-VQPRN2PLLM&gtm=2oe8t0&_p=51746894&cid=685454065.1661940795&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1661940795&sct=1&seg=0&dl=https%3A%2F%2Fnummerstomars3.ga%2F250800%2Fa%2Fb%2Findex6134.html&dt=Sicherheitscenter%20Code0x268d3%20Er0007ff97%20Services&en=page_view&_fv=1&_nsi=1&_ss=1 HTTP/1.1 
Host: region1.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nummerstomars3.ga
Connection: keep-alive
Referer: https://nummerstomars3.ga/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

                                         
                                         216.239.32.36
HTTP/2 204 No Content
content-type: text/plain
                                        
access-control-allow-origin: https://nummerstomars3.ga
date: Wed, 31 Aug 2022 10:13:15 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

                                        
                                            GET /_s/v4/app/630c16bea60/js/twk-vendor.js HTTP/1.1 
Host: embed.tawk.to
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nummerstomars3.ga
Connection: keep-alive
Referer: https://nummerstomars3.ga/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         104.22.24.131
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Wed, 31 Aug 2022 10:13:15 GMT
last-modified: Mon, 29 Aug 2022 01:31:16 GMT
etag: W/"7dcb496e4882926f93f2e73fa87062c0"
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: HIT
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: MISS
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7434fe100b921c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65472)
Size:   100688
Md5:    f53ea4caf2bf935a880c6f9eb3ab2429
Sha1:   6c18606bf413f719bcff8a8c0f2ae959127e8e22
Sha256: 3807cee4b2a2af515fdb38d891200628a0ba78d6daab82f4b37694a0fe86078c
                                        
                                            POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1 
Host: ocsp.globalsign.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.20.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 31 Aug 2022 10:13:16 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "238C80046A101F7F76D0B246B98B3568D81ED7DE"
Expires: Wed, 31 Aug 2022 21:00:00 GMT
Last-Modified: Wed, 31 Aug 2022 09:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 2199
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7434fe18089c0b06-OSL


--- Additional Info ---
Magic:  data
Size:   1462
Md5:    21381ea53181836d788bd2bb1771590c
Sha1:   bbbd7828d13f284551de3dabaae9f4798261b64e
Sha256: 3961d31f466848887d243a521a2cf622621acf870366690c8542beb03da53553
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "5E07E7BBF5DD7A48F9330DBC0248B7A1AA69DFF7A9A913F493A384D2EC332F74"
Last-Modified: Sun, 28 Aug 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12565
Expires: Wed, 31 Aug 2022 13:42:41 GMT
Date: Wed, 31 Aug 2022 10:13:16 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "5E07E7BBF5DD7A48F9330DBC0248B7A1AA69DFF7A9A913F493A384D2EC332F74"
Last-Modified: Sun, 28 Aug 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12565
Expires: Wed, 31 Aug 2022 13:42:41 GMT
Date: Wed, 31 Aug 2022 10:13:16 GMT
Connection: keep-alive

                                        
                                            GET /v1/widget-settings?propertyId=62fbba0037898912e96358df&widgetId=1gajkt5c9&sv=undefined HTTP/1.1 
Host: va.tawk.to
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nummerstomars3.ga/
Origin: https://nummerstomars3.ga
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         104.22.24.131
HTTP/2 200 OK
content-type: application/json
                                        
date: Wed, 31 Aug 2022 10:13:15 GMT
x-served-by: visitor-application-preemptive-3f7v
access-control-allow-origin: *
access-control-allow-methods: GET,OPTIONS
access-control-allow-headers: content-type,x-tawk-token
cache-control: public, max-age=7200, s-maxage=1800
etag: W/"2-5-0"
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: MISS
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7434fe133e801c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , Unicode text, UTF-8 text, with very long lines (2684), with no line terminators
Size:   22832
Md5:    381d8b074521e422336245a95acfee9b
Sha1:   caa238c5d136ffe617d0f625b01b973e9ecf6fb2
Sha256: 6ab55749bb00c0dccada4c95e8bbdde2d8e15adbdb7cd4d437da8106c8567987
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "5E07E7BBF5DD7A48F9330DBC0248B7A1AA69DFF7A9A913F493A384D2EC332F74"
Last-Modified: Sun, 28 Aug 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12565
Expires: Wed, 31 Aug 2022 13:42:41 GMT
Date: Wed, 31 Aug 2022 10:13:16 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa4a0e321-c414-4af7-9075-ed1965872194.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5911
x-amzn-requestid: ff3b12df-1798-40bb-bf02-ad198710da96
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XdcGHFGYoAMFw_g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630873c0-00cd86e97d0687c702a49ecb;Sampled=0
x-amzn-remapped-date: Fri, 26 Aug 2022 07:18:24 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Cye1gqpeY74FmJV8LaYt9HN_CHH0l-OhkdHM35WydK61gQm50CrMVw==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 31119c39c5a6dc62dfa1fe940afd7be2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 30 Aug 2022 18:11:33 GMT
age: 57703
etag: "18d7ffa17365f5f43f3ed702ef2ba80d9a7a12cb"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5911
Md5:    084c7b9f1244ec72236ab517787af1e2
Sha1:   18d7ffa17365f5f43f3ed702ef2ba80d9a7a12cb
Sha256: 2ea7697ebc332bec201ffeaed54a738869b6c64784916574db2c7e6a7990fb3f
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F141f656b-9191-4cf5-a05b-891ed5c9656f.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5079
x-amzn-requestid: 3b19c77a-2e9b-499f-890b-36fc4ee72ba7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XslOVEtZIAMFv1w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630e825b-01b7b71617b59f7414a0e5e5;Sampled=0
x-amzn-remapped-date: Tue, 30 Aug 2022 21:34:19 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: zYT0vF7Bxa5m84D12jI2w_A-MzR3wIMBOb0ubTEdNMlpYUes5aYdlQ==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 30 Aug 2022 21:48:04 GMT
age: 44712
etag: "288b82ad8f924eb9570ae1c55da84d041f862366"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5079
Md5:    5c3b7580a37e6eb7e5bd18491f1d4dd6
Sha1:   288b82ad8f924eb9570ae1c55da84d041f862366
Sha256: 046d1ef76448c53446068ef5f8315b7299484996cdebfd9d1e749b4ded9c7d3c
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe9551c30-d090-4465-bc2a-10ab11908481.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7878
x-amzn-requestid: b7dd5cd0-da71-4d3b-92d6-2e2d154ffa24
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XslO_GkpoAMFU4w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630e825f-484871e9771f18a2127724eb;Sampled=0
x-amzn-remapped-date: Tue, 30 Aug 2022 21:34:23 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 3xpKEY0NjCfFzwUA4snDIuswFul-vUMJiageR55gmsnDzmDEZXLomQ==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 e80693c02cfdfd081110512210d57840.cloudfront.net (CloudFront), 1.1 google
date: Tue, 30 Aug 2022 21:48:21 GMT
age: 44695
etag: "90810a5992bfb6e6706b5c8e3e90f81b5cb95d62"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7878
Md5:    64210c7890c4bffddca12e968ca8aeab
Sha1:   90810a5992bfb6e6706b5c8e3e90f81b5cb95d62
Sha256: 75f4ac933160807d3a459e734263d2c39414134c1a3d0d1982dc4a790e1f338c
                                        
                                            GET /_s/v4/app/630c16bea60/js/twk-main.js HTTP/1.1 
Host: embed.tawk.to
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nummerstomars3.ga
Connection: keep-alive
Referer: https://nummerstomars3.ga/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         104.22.24.131
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Wed, 31 Aug 2022 10:13:15 GMT
last-modified: Mon, 29 Aug 2022 01:31:16 GMT
etag: W/"da5bb1dc647470204df0e49f5afac2de"
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: HIT
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: MISS
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7434fe0ffb8f1c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   6360
Md5:    6975757ce19519925c2899d4690bbffe
Sha1:   97d5c145c9ba68620d59b9461c3e7c1909e0a6e1
Sha256: 500959ec8dd92d6f5593801ce76899125936f5caf342fabd38ab0678fe9e199c
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffe5b5a9a-050c-4a84-9e0d-dfa84795640f.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8009
x-amzn-requestid: 6d716dae-efa3-449a-a505-fb5f3d99c2df
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XsvlaFEaoAMFwDw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630e92ef-708228ce7e1fb3cb770cb490;Sampled=0
x-amzn-remapped-date: Tue, 30 Aug 2022 22:45:03 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 03y3JoF38R7gjBYS3gHyOsivob68ykKlwvAIFEwiat2FjYfKWh-afA==
via: 1.1 95b0ac620fa3a80ee590ecf1cda1c698.cloudfront.net (CloudFront), 1.1 02d90bf99fd6253b329a53c82f19e224.cloudfront.net (CloudFront), 1.1 google
date: Wed, 31 Aug 2022 00:33:08 GMT
age: 34808
etag: "98e27f0dafd7b1b49e159ee038b41a811096a2d0"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8009
Md5:    6b2c036e67f8c39c136f6c69b0922eb1
Sha1:   98e27f0dafd7b1b49e159ee038b41a811096a2d0
Sha256: 9dc9e00e6f63a22dd85f54ba26326a9733f6c1d7a19c7b1636f14fca2722e6eb
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8d294083-a431-468c-a1ef-4df4295be72a.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6173
x-amzn-requestid: d5d519c7-88e2-4faa-8cbd-c828d40a0698
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XelESE0MoAMFptQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6308e881-0f2a5fe86a7bc81610835e6c;Sampled=0
x-amzn-remapped-date: Fri, 26 Aug 2022 15:36:33 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: hAYsuuAnParaODBY0scpZ9hounVraQbSL7JnTeqSpkKJWm421xPm4A==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Tue, 30 Aug 2022 21:47:34 GMT
age: 44742
etag: "8609a382648785901de3ab9f474b7319601921ba"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6173
Md5:    5c96a8515aca08228b53a33becf0f79b
Sha1:   8609a382648785901de3ab9f474b7319601921ba
Sha256: 2b9307cfcacfc4c15ecdc67b8045d7f4ecafd6a94d710e040a7e0d6911548caf
                                        
                                            GET /_s/v4/app/630c16bea60/languages/en.js HTTP/1.1 
Host: embed.tawk.to
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nummerstomars3.ga/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         104.22.24.131
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Wed, 31 Aug 2022 10:13:15 GMT
last-modified: Mon, 29 Aug 2022 01:31:17 GMT
etag: W/"585ba00b2c167b90c210161454f843b5"
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: HIT
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: HIT
age: 204027
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7434fe16da2e1c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with CRLF, LF line terminators
Size:   6299
Md5:    cc57b087dbbd8acc63bce18f43315de1
Sha1:   d412c57c8c5d1f041057b7a68337266069c689ab
Sha256: 7a24c831aa1d1a5b4c45f69ab9d38371441a150d423e92c4e0b4ad903ba79f19
                                        
                                            GET /font-awesome/4.5.0/fonts/fontawesome-webfont.woff2?v=4.5.0 HTTP/1.1 
Host: maxcdn.bootstrapcdn.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://nummerstomars3.ga
Connection: keep-alive
Referer: https://nummerstomars3.ga/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         104.18.11.207
HTTP/2 200 OK
content-type: font/woff2
                                        
date: Wed, 31 Aug 2022 10:13:17 GMT
content-length: 66624
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: "db812d8a70a4e88e888744c1c9a27e89"
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
cdn-cachedat: 03/12/2022 09:03:31
cdn-proxyver: 1.02
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 864
cdn-status: 200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-requestid: e6549328bed7a27683982758d0ed2f3a
cdn-cache: HIT
cf-cache-status: HIT
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 7434fe1f1ba5b503-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 66624, version 4.262\012- data
Size:   66624
Md5:    db812d8a70a4e88e888744c1c9a27e89
Sha1:   638c652d623280a58144f93e7b552c66d1667a11
Sha256: ff82aeed6b9bb6701696c84d1b223d2e682eb78c89117a438ce6cfea8c498995
                                        
                                            GET /_s/v4/app/630c16bea60/js/twk-runtime.js HTTP/1.1 
Host: embed.tawk.to
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nummerstomars3.ga
Connection: keep-alive
Referer: https://nummerstomars3.ga/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         104.22.24.131
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Wed, 31 Aug 2022 10:13:15 GMT
last-modified: Mon, 29 Aug 2022 01:31:16 GMT
etag: W/"c5ac9b5bce70724c3422e4824abf1613"
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: HIT
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: MISS
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7434fe100b9a1c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            OPTIONS /log-performance/v3 HTTP/1.1 
Host: va.tawk.to
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://nummerstomars3.ga/
Origin: https://nummerstomars3.ga
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         104.22.24.131
HTTP/2 200 OK
                                        
date: Wed, 31 Aug 2022 10:13:16 GMT
x-served-by: visitor-application-preemptive-n8fj
access-control-allow-origin: https://nummerstomars3.ga
access-control-allow-credentials: true
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: content-type,x-tawk-token
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7434fe1b3eaa1c0e-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /250800/a/b/wa0lDErtm0s.mp3 HTTP/1.1 
Host: nummerstomars3.ga
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://nummerstomars3.ga/250800/a/b/index6134.html
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         165.22.195.53
HTTP/1.1 206 Partial Content
Content-Type: audio/mpeg
                                        
Date: Wed, 31 Aug 2022 10:13:14 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Wed, 31 Aug 2022 10:12:02 GMT
ETag: "387a7-5e786ba6bbc84"
Accept-Ranges: bytes
Content-Length: 231335
Content-Range: bytes 0-231334/231335
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive


--- Additional Info ---
                                        
                                            GET /250800/cdn.jsdelivr.net/npm/bootstrap%404.6.0/dist/js/bootstrap.bundle.min.js HTTP/1.1 
Host: nummerstomars3.ga
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nummerstomars3.ga/250800/a/b/index6134.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

                                         
                                         165.22.195.53
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Wed, 31 Aug 2022 10:13:14 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Wed, 31 Aug 2022 10:12:06 GMT
ETag: "1499a-5e786baa4fe58-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 21848
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
                                        
                                            GET /_s/v4/app/630c16bea60/js/twk-chunk-48f46bef.js HTTP/1.1 
Host: embed.tawk.to
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nummerstomars3.ga/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         104.22.24.131
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Wed, 31 Aug 2022 10:13:16 GMT
last-modified: Mon, 29 Aug 2022 01:31:16 GMT
etag: W/"a59c9d2459b36a5949234182761d31c5"
age: 204028
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: HIT
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: HIT
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7434fe16fa571c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /_s/v4/app/630c16bea60/js/twk-chunk-2d0b9454.js HTTP/1.1 
Host: embed.tawk.to
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nummerstomars3.ga/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         104.22.24.131
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Wed, 31 Aug 2022 10:13:16 GMT
last-modified: Mon, 29 Aug 2022 01:31:16 GMT
etag: W/"09c3819d373bd4178a620d721429fada"
age: 204027
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: HIT
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: HIT
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7434fe170a661c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /_s/v4/app/630c16bea60/js/twk-chunk-f163fcd0.js HTTP/1.1 
Host: embed.tawk.to
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nummerstomars3.ga/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         104.22.24.131
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Wed, 31 Aug 2022 10:13:16 GMT
last-modified: Mon, 29 Aug 2022 01:31:16 GMT
etag: W/"a92075fd9ac5ba130387a80453676099"
age: 204027
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: HIT
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: HIT
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7434fe170a691c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /_s/v4/app/630c16bea60/css/message-preview.css HTTP/1.1 
Host: embed.tawk.to
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         104.22.24.131
HTTP/2 200 OK
content-type: text/css
                                        
date: Wed, 31 Aug 2022 10:13:16 GMT
cache-control: public, max-age=2592000, immutable
cf-bgj: minify
cf-polished: origSize=38191
access-control-allow-origin: *
age: 204027
etag: W/"2046fb5e102278ee0298200a824032b1"
last-modified: Mon, 29 Aug 2022 01:31:16 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-cache-status: HIT
cf-cache-status: HIT
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7434fe174ab91c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /62fbba0037898912e96358df/1gajkt5c9 HTTP/1.1 
Host: embed.tawk.to
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nummerstomars3.ga
Connection: keep-alive
Referer: https://nummerstomars3.ga/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         104.22.24.131
HTTP/2 200 OK
content-type: application/x-javascript
                                        
date: Wed, 31 Aug 2022 10:13:14 GMT
access-control-allow-origin: *
cache-control: public, max-age=7200, s-maxage=3600
etag: W/"stable-v4-630c16bea60"
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: MISS
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7434fe0d49381c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /_s/v4/app/630c16bea60/js/twk-app.js HTTP/1.1 
Host: embed.tawk.to
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nummerstomars3.ga
Connection: keep-alive
Referer: https://nummerstomars3.ga/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         104.22.24.131
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Wed, 31 Aug 2022 10:13:15 GMT
last-modified: Mon, 29 Aug 2022 01:31:16 GMT
etag: W/"e736e189edb5d0d9d5b8e7f23dd9114a"
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: HIT
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: MISS
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7434fe100b9c1c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---