repelispluss.me/movies/avatar/
172.67.221.126301 Moved Permanently 0 B URL HTTP/1.1 repelispluss.me/movies/avatar/
IP 172.67.221.126:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /movies/avatar/ HTTP/1.1
Host: repelispluss.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sun, 18 Dec 2022 14:33:52 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sun, 18 Dec 2022 15:33:52 GMT
Location: https://repelispluss.me/movies/avatar/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VSXe%2F6MJBFRiDyrZi%2FCISLAe3xpLpSZCRcmzCDxFEGb%2B20MGvcoGpqHwbjNsRx6eXwcdJzA5VdlaEN15vzP7Tv5lDQBceIvbVIM80Lx2DNqD2yKpDKjcEwWTNr%2Fh9gwJ7X8%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77b89db44fcdb4f9-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 9f3cf7e36f17a535e53e5213c02cf2b4
e65acbc03135ce135b9e91b4f74b3e1439faa6f6
a2317476862acd0a92fe523454c3991752b07ba14e7667f421dd9624e0233758
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A2317476862ACD0A92FE523454C3991752B07BA14E7667F421DD9624E0233758"
Last-Modified: Sat, 17 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3157
Expires: Sun, 18 Dec 2022 15:26:29 GMT
Date: Sun, 18 Dec 2022 14:33:52 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 460af93786e1eaa666f135e6c3fdc634
bc8aeba36225c79718f5de73d79928fe817c5490
471f4e7ae29bcf6ba1f749c0f5d4ab446cebfac5aa80c3e19c6edf21be456eb5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "471F4E7AE29BCF6BA1F749C0F5D4AB446CEBFAC5AA80C3E19C6EDF21BE456EB5"
Last-Modified: Sat, 17 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2850
Expires: Sun, 18 Dec 2022 15:21:22 GMT
Date: Sun, 18 Dec 2022 14:33:52 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bf0c602d32b3c14606f22a86183b5e3c
6eabd8d83475eba731968abe1a05a8bfd272f160
6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Content-Length, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 18 Dec 2022 13:34:18 GMT
content-type: application/json
age: 3574
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash bcade8542361774f13ecd22557ff8fb8
5e67a3753b0856c765f3b17f1742d3ed684ffb6d
647f8d9d3d1170e60a60e15fdfd9b59445feb56a6ce9d9bb2fa4720f0bfc3a14
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "647F8D9D3D1170E60A60E15FDFD9B59445FEB56A6CE9D9BB2FA4720F0BFC3A14"
Last-Modified: Sat, 17 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2631
Expires: Sun, 18 Dec 2022 15:17:43 GMT
Date: Sun, 18 Dec 2022 14:33:52 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: bBYcBkoLpo6sOda6vw7BSjzGnBUo0fGsNk4kHf/8RQG2llDKEd+Qyvq637aQPb9Ahv9UxeYoJO4=
x-amz-request-id: K3CFV1AWVBCNFYF9
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 18 Dec 2022 13:52:13 GMT
age: 2499
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 18 Dec 2022 14:33:52 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 4.8 kB IP 142.250.74.131:0
Hash a942659b1f7fc7a41f6579902687ca86
391c5dae56e5490c6aa7dbb626401bc6af847373
b543bbee3af28deb7889e6d099987b1fd0d7c9dccf43c100dfc65ce2974fb7d9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 18 Dec 2022 14:33:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=G-YWFDWNF08K
142.250.74.168200 OK 79 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=G-YWFDWNF08K
IP 142.250.74.168:0
File type ASCII text, with very long lines (26337)
Hash 20e782e68dad6277c86d2786299fc4d5
0878f588d03e7da94430c766fac7af0924e1eb05
1754c13d1d0ada45ad9960abe9bd9819ec88f55efbfc5ec5ba02ee4f5def52cd
GET /gtag/js?id=G-YWFDWNF08K HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://repelispluss.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 18 Dec 2022 14:33:52 GMT
expires: Sun, 18 Dec 2022 14:33:52 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 78926
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 32 kB IP 142.250.74.131:0
Hash a3e19416bf0f3af03088a1c45252b753
74136707de8e2a7716d5116fc9edfd5e7e95c930
3c74865cc47a89c0537072a75ab410908e6d196520b7c2bba7fa1efed35c7c62
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 18 Dec 2022 14:33:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Cache-Control, Backoff, Content-Length, Pragma, Alert, Expires, Last-Modified, Retry-After, ETag, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 18 Dec 2022 14:08:00 GMT
age: 1552
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
repelispluss.me/movies/avatar/
104.21.38.96200 OK 12 kB URL HTTP/2 repelispluss.me/movies/avatar/
IP 104.21.38.96:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (14141), with CR, LF line terminators
Hash c66b043f7e3006e8914f95e60e08c8c1
bb1b28859d3b24f06f5da1ac55a66efcbef6a7c3
857a094331ac2cf00a5d67f107762e7fa9fe7e8a7d68bc44059347571f9ffe18
GET /movies/avatar/ HTTP/1.1
Host: repelispluss.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Sun, 18 Dec 2022 14:33:52 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.4.33
link: <https://repelispluss.me/wp-json/>; rel="https://api.w.org/", <https://repelispluss.me/?p=2175>; rel=shortlink
x-litespeed-cache: hit
vary: Accept-Encoding,User-Agent
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gIBUaLyoZu8RICP5x%2FxI4aEkbguYlMVVkQ68b6IK7T4v%2FM38B6RLQu3qSq%2BumpgFqnCYrAPhcFOLEvpZmkh%2B7CbYbcF%2BbFTEfOvhWqmA%2Feuowm%2FKEKW8i7R4KOA34UzjHz4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77b89db5fdab1c0a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 0bc27cdcd6c42d7f8eece6c074bc452f
ff1234b58f7381f51f9082c1ef4894b1ac5700ff
672fc3b7ba7ee7a8b376c73a86a5bab00b1a1aead54c3ca64c0bff83d831348e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1266
Cache-Control: max-age=154444
Content-Type: application/ocsp-response
Date: Sun, 18 Dec 2022 14:33:53 GMT
Etag: "639ed82b-1d7"
Expires: Tue, 20 Dec 2022 09:27:57 GMT
Last-Modified: Sun, 18 Dec 2022 09:06:51 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c1bcf5e115d5981e589516b018483ea6
6d321ce068278b60d0f75eefbf8a6bed0ff0818a
6e3aa9148342a9d4069ee56b36a42ab22c673c704c07fbb106fb0df7959f8d97
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6E3AA9148342A9D4069EE56B36A42AB22C673C704C07FBB106FB0DF7959F8D97"
Last-Modified: Sat, 17 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21554
Expires: Sun, 18 Dec 2022 20:33:07 GMT
Date: Sun, 18 Dec 2022 14:33:53 GMT
Connection: keep-alive
push.services.mozilla.com/
44.240.57.100101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 44.240.57.100:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: xi5mr14sIpJC4cbGStXRmA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: ahCDrNGKZazIydC7O9UQTQJeR5I=
region1.google-analytics.com/g/collect?v=2&tid=G-YWFDWNF08K>m=2oebu0&_p=1455407953&cid=637969872.1671374033&ul=en-us&sr=1280x1024&_s=1&sid=1671374032&sct=1&seg=0&dl=https%3A%2F%2Frepelispluss.me%2Fmovies%2Favatar%2F&dt=Avatar%20-%20RepelisPlus&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
216.239.32.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-YWFDWNF08K>m=2oebu0&_p=1455407953&cid=637969872.1671374033&ul=en-us&sr=1280x1024&_s=1&sid=1671374032&sct=1&seg=0&dl=https%3A%2F%2Frepelispluss.me%2Fmovies%2Favatar%2F&dt=Avatar%20-%20RepelisPlus&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
IP 216.239.32.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-YWFDWNF08K>m=2oebu0&_p=1455407953&cid=637969872.1671374033&ul=en-us&sr=1280x1024&_s=1&sid=1671374032&sct=1&seg=0&dl=https%3A%2F%2Frepelispluss.me%2Fmovies%2Favatar%2F&dt=Avatar%20-%20RepelisPlus&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://repelispluss.me
Connection: keep-alive
Referer: https://repelispluss.me/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://repelispluss.me
date: Sun, 18 Dec 2022 14:33:53 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
sunstrokeload.com/a9/fd/7d/a9fd7d4599f3dd6968bebb4d4ec2593c.js
192.243.61.227200 OK 21 kB URL HTTP/1.1 sunstrokeload.com/a9/fd/7d/a9fd7d4599f3dd6968bebb4d4ec2593c.js
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document, ASCII text, with very long lines (60183), with no line terminators
Hash d6cbc04ae47fe7eaccb452c3f4bd2db5
3873c64ca02baed530624fd2506be7151286a69e
c312175b7ff1626ad09d20f8ed9c8c774ffa195492528f6f4d9c92de3f80628d
GET /a9/fd/7d/a9fd7d4599f3dd6968bebb4d4ec2593c.js HTTP/1.1
Host: sunstrokeload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://repelispluss.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 18 Dec 2022 14:33:53 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 03d4e23aa2160a79384de4b4cc875025
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a1dd6afc214df1814ee2f0a07cbd3ca0
a5c9bf59692080361cd396520d2797150dbfa7f7
4aa4dd0e585e082d0156f82e732417b412696aebe1337d792524c295b38c01a6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4AA4DD0E585E082D0156F82E732417B412696AEBE1337D792524C295B38C01A6"
Last-Modified: Fri, 16 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12505
Expires: Sun, 18 Dec 2022 18:02:18 GMT
Date: Sun, 18 Dec 2022 14:33:53 GMT
Connection: keep-alive
ocsp.sca1b.amazontrust.com/
143.204.42.156200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.156:0
Hash 72ffe8a749e5d6ccbf68ef860be57443
97fc678dac39d964b76f67f90f2d01c908936b47
7a925e22599512a4ce693877a1bea4c2ad97915c3ed118fb22b8c0b69464b387
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sun, 18 Dec 2022 14:33:53 GMT
Last-Modified: Sun, 18 Dec 2022 13:16:27 GMT
Server: ECS (nyb/1D28)
X-Cache: Miss from cloudfront
Via: 1.1 b9f0050ca4d212d7c855e005be54b1ac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: liOK0TpP9XTdqhaI27Pj5lByyuJaTcIlzpTcKiHXczMGT4qHar-K5A==
Age: 4646
simplewebanalysis.com/stats
3.71.139.39200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 3.71.139.39:0
File type ASCII text, with no line terminators
Hash 952d9d06ee7a5f43f08607fa58306fae
265516f724a87990f725d2a5dfe61203ec723edc
03d51a1b65cdfdfcbf6540b9fd78c9088980f0315dd2882ed61c8dabb85fd7ce
Analyzer Verdict Alert fortinet Malware
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://repelispluss.me
Connection: keep-alive
Referer: https://repelispluss.me/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 18 Dec 2022 14:33:53 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://repelispluss.me
access-control-allow-credentials: true
set-cookie: uid_id2=b91caa52-1f69-4fa2-ad5b-0ea1a1cfc8c2:1:1; expires=Wed, 15 Dec 2032 14:33:53 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e4e5ef0fcfd1e8511a80114702e58f10
01ad501d104d594cb3622aaae677da570a85cd38
e48fe8092848db614649ea178890c26169b0135abeb63d91b01081dfa01c44fa
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "E48FE8092848DB614649EA178890C26169B0135ABEB63D91B01081DFA01C44FA"
Last-Modified: Sat, 17 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7105
Expires: Sun, 18 Dec 2022 16:32:18 GMT
Date: Sun, 18 Dec 2022 14:33:53 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e4e5ef0fcfd1e8511a80114702e58f10
01ad501d104d594cb3622aaae677da570a85cd38
e48fe8092848db614649ea178890c26169b0135abeb63d91b01081dfa01c44fa
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "E48FE8092848DB614649EA178890C26169B0135ABEB63D91B01081DFA01C44FA"
Last-Modified: Sat, 17 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7105
Expires: Sun, 18 Dec 2022 16:32:18 GMT
Date: Sun, 18 Dec 2022 14:33:53 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b5a2a5311252b65079a6c5e8c6a5b645
a3ca8d9aeb691330e53fdb504e34e0ecb5397e53
6685cc503c6ee79470e0c0203fdf64e26b54179dd0a357380139f09849f76091
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6685CC503C6EE79470E0C0203FDF64E26B54179DD0A357380139F09849F76091"
Last-Modified: Sat, 17 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5354
Expires: Sun, 18 Dec 2022 16:03:08 GMT
Date: Sun, 18 Dec 2022 14:33:54 GMT
Connection: keep-alive
preoccupycommittee.com/62/9a/79/629a79c4048fd9a1098471b0b9664f60.js
192.243.61.225200 OK 13 kB URL HTTP/1.1 preoccupycommittee.com/62/9a/79/629a79c4048fd9a1098471b0b9664f60.js
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (37139), with no line terminators
Hash 0c7b287e59bbf934be05bd6c352d5934
5cad625a7045c53ed9cb508c5ca7dbe97c50af8c
c1fe226809fabdc31135abc5fc48761a98e9ea54c2ca2e08a3df2160a9a8f7c0
Analyzer Verdict Alert quad9 Sinkholed
GET /62/9a/79/629a79c4048fd9a1098471b0b9664f60.js HTTP/1.1
Host: preoccupycommittee.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://repelispluss.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 18 Dec 2022 14:33:54 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e9082f8420ca72d011aa7f2e91e728a8
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
preoccupycommittee.com/pixel/purst?dl=0&th=0&sc=0&rs=1610&rd=1610&fd=1000&bv=22.10.v.9&tmpl=70
192.243.61.225200 OK 0 B URL HTTP/1.1 preoccupycommittee.com/pixel/purst?dl=0&th=0&sc=0&rs=1610&rd=1610&fd=1000&bv=22.10.v.9&tmpl=70
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=1610&rd=1610&fd=1000&bv=22.10.v.9&tmpl=70 HTTP/1.1
Host: preoccupycommittee.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://repelispluss.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 18 Dec 2022 14:33:54 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f7b12d8e99d28f720a1709bef7f237d7
bfe6205cf0d1d8c09c8aaa486a50f770c6f17d09
d9c0ac1042565430b3cee6238b76d644f946062f3307f13ddbb4cea28903c4ea
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "D9C0AC1042565430B3CEE6238B76D644F946062F3307F13DDBB4CEA28903C4EA"
Last-Modified: Sat, 17 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3823
Expires: Sun, 18 Dec 2022 15:37:37 GMT
Date: Sun, 18 Dec 2022 14:33:54 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a5b4d2abaf3d2bc15620538a0c5ac64a
207ac3fac58ec776d6a2f16bb7c4dce1748c3f3b
eb87ef7369334039684e076200095e3316eacf28cf7fb4ec6a14d47a32b9221d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EB87EF7369334039684E076200095E3316EACF28CF7FB4EC6A14D47A32B9221D"
Last-Modified: Sat, 17 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6434
Expires: Sun, 18 Dec 2022 16:21:08 GMT
Date: Sun, 18 Dec 2022 14:33:54 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 512 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 97da173d03bcd8ea6670d5aac12f467f
c19c9ad2d2b16edaf78a4682d98b1b5bef9ba0fa
755e0563d7b66cdb5a2dedc63e88ae28eec82bd8563d491ffde9243d079e8ef1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C38201FABF9121916B9645EA3036F3EB70013005CD86D8AEA13848D61FBEE22F"
Last-Modified: Sat, 17 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4133
Expires: Sun, 18 Dec 2022 15:42:47 GMT
Date: Sun, 18 Dec 2022 14:33:54 GMT
Connection: keep-alive
waaw.tv/f/zdGkp7Dl2lEp
190.115.19.71302 Found 5.2 kB IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
Hash 19502182d89aa8ece7da5e545edf9011
36008426322e9e1e6b0cb68130d52a5d2c243d1c
38f658dc75ac0896918d509f37ffed54b7d8bc8dc699ac59e0400d766d255d52
GET /f/zdGkp7Dl2lEp HTTP/1.1
Host: waaw.tv
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://repelispluss.me/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: ddos-guard
set-cookie: __ddg1_=oW41MEJ2aDolFn5UQ4OE; Domain=.waaw.tv; HttpOnly; Path=/; Expires=Mon, 18-Dec-2023 14:33:54 GMT
date: Sun, 18 Dec 2022 14:33:53 GMT
content-type: text/html; charset=UTF-8
x-robots-tag: 'none, noindex, nofollow, noarchive, nosnippet, noodp, notranslate, noimageindex'
x-content-type-options: nosniff
x-xss-protection: 1; mode=block;
expires: Sun, 18 Dec 2022 14:34:54 GMT
x-cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
location: https://waaw.to/watch_video.php?v=zdGkp7Dl2lEp&http_referer=https%3A%2F%2Frepelispluss.me%2F
x-origin-location: player
cache-control: public, stale-if-error=30, max-age=30
x-cache-status-inferno: EXPIRED
x-inferno-location: player
x-inferno-limit-req: PASSED
content-encoding: br
vary: Accept-Encoding
X-Firefox-Spdy: h2
banquetunarmedgrater.com/advertisers.js
192.243.61.227200 OK 0 B URL HTTP/1.1 banquetunarmedgrater.com/advertisers.js
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /advertisers.js HTTP/1.1
Host: banquetunarmedgrater.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://repelispluss.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 18 Dec 2022 14:33:54 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: adba674417f790bb09b73b1d5653654c
Strict-Transport-Security: max-age=0; includeSubdomains
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 74619c8a7d32d46fc91cc86f793f107c
3f2b1390ef4f7cd385f513d57297fa482f7dd43c
6aa1fbfb532fc85b041684e259bbeecf53c7e7f711c8d414fc0775c4c1404457
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6AA1FBFB532FC85B041684E259BBEECF53C7E7F711C8D414FC0775C4C1404457"
Last-Modified: Sat, 17 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7145
Expires: Sun, 18 Dec 2022 16:32:59 GMT
Date: Sun, 18 Dec 2022 14:33:54 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 74619c8a7d32d46fc91cc86f793f107c
3f2b1390ef4f7cd385f513d57297fa482f7dd43c
6aa1fbfb532fc85b041684e259bbeecf53c7e7f711c8d414fc0775c4c1404457
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6AA1FBFB532FC85B041684E259BBEECF53C7E7F711C8D414FC0775C4C1404457"
Last-Modified: Sat, 17 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7145
Expires: Sun, 18 Dec 2022 16:32:59 GMT
Date: Sun, 18 Dec 2022 14:33:54 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 74619c8a7d32d46fc91cc86f793f107c
3f2b1390ef4f7cd385f513d57297fa482f7dd43c
6aa1fbfb532fc85b041684e259bbeecf53c7e7f711c8d414fc0775c4c1404457
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6AA1FBFB532FC85B041684E259BBEECF53C7E7F711C8D414FC0775C4C1404457"
Last-Modified: Sat, 17 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7145
Expires: Sun, 18 Dec 2022 16:32:59 GMT
Date: Sun, 18 Dec 2022 14:33:54 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 74619c8a7d32d46fc91cc86f793f107c
3f2b1390ef4f7cd385f513d57297fa482f7dd43c
6aa1fbfb532fc85b041684e259bbeecf53c7e7f711c8d414fc0775c4c1404457
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6AA1FBFB532FC85B041684E259BBEECF53C7E7F711C8D414FC0775C4C1404457"
Last-Modified: Sat, 17 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7145
Expires: Sun, 18 Dec 2022 16:32:59 GMT
Date: Sun, 18 Dec 2022 14:33:54 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 74619c8a7d32d46fc91cc86f793f107c
3f2b1390ef4f7cd385f513d57297fa482f7dd43c
6aa1fbfb532fc85b041684e259bbeecf53c7e7f711c8d414fc0775c4c1404457
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6AA1FBFB532FC85B041684E259BBEECF53C7E7F711C8D414FC0775C4C1404457"
Last-Modified: Sat, 17 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7145
Expires: Sun, 18 Dec 2022 16:32:59 GMT
Date: Sun, 18 Dec 2022 14:33:54 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0c81bdf4-0a78-472d-ba75-80092016f334.png
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0c81bdf4-0a78-472d-ba75-80092016f334.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ed374d0c34e8b2e15f08a6479a4f45e7
5db9e59699048998f0685e940640eae19ef11c8e
9933854830be796a87cfe44b6b8336294e2d3dbbe3205f267720aca6968c3a21
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0c81bdf4-0a78-472d-ba75-80092016f334.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12125
x-amzn-requestid: e44faa15-1dfd-4bc0-bdfb-307c3de2755d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dT2QPFZAIAMFf5g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639e3734-33d636210a1e24742ee71187;Sampled=0
x-amzn-remapped-date: Sat, 17 Dec 2022 21:40:04 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: JHDfcd35b-bHZm6oayBIN5NDt6ZeGygBfvu7IKU18wFiLHMGEPQPkQ==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 17 Dec 2022 22:02:19 GMT
etag: "5db9e59699048998f0685e940640eae19ef11c8e"
content-type: image/jpeg
age: 59495
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a667002-4518-4b30-baaa-3a4eab2bdc1d.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a667002-4518-4b30-baaa-3a4eab2bdc1d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ada04738696f861648635c9ba98841e4
ce644cd4349d88aa7c24b2503b0b18b444061639
e5cee777efbf1d8a0f95f6cce71199e5f016a91f90cf0afe38bc86654b9d730d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a667002-4518-4b30-baaa-3a4eab2bdc1d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8696
x-amzn-requestid: c897aeed-a082-46a1-965f-39e8c763cb05
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dT10ZH3jIAMF0gw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639e3682-548ac80840737a20743980f5;Sampled=0
x-amzn-remapped-date: Sat, 17 Dec 2022 21:37:06 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: xFbmIbrDz7MnhaF8tqHeTDzjrwbsP7SbmYb_OLLWZPb7poAmecfDew==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Sat, 17 Dec 2022 21:39:05 GMT
age: 60889
etag: "ce644cd4349d88aa7c24b2503b0b18b444061639"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2e098e9f-4d93-4282-beb5-b37a17658134.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2e098e9f-4d93-4282-beb5-b37a17658134.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 12c4c2232b6d09e9085f0214b3260c1e
a24f8e949a2f2a973fe2dd5af994cd970d37f13a
000475ed7d0aab9a7dab3e25f0a29f82552739fea99f98cbf5131282d0db7d63
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2e098e9f-4d93-4282-beb5-b37a17658134.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10670
x-amzn-requestid: d72e1904-caf4-4c72-a811-d1bde023f4b2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dT11JGCsIAMFRDg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639e3687-7789040d71253d00378f9162;Sampled=0
x-amzn-remapped-date: Sat, 17 Dec 2022 21:37:11 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: NWh-ecaQXJITj6VyK4qutXz95L557E8kCDxs-fNBRmkjUk_ZG0Oygg==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Sat, 17 Dec 2022 21:39:05 GMT
age: 60889
etag: "a24f8e949a2f2a973fe2dd5af994cd970d37f13a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb6b04bcc-ed1e-40f8-81f9-587f3470d5fe.jpeg
34.120.237.76200 OK 9.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb6b04bcc-ed1e-40f8-81f9-587f3470d5fe.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 578392bee48563d778885698790a124b
597892da925c3a363878e81ff02032a316303512
d30fe2470e1f63c5249fd42d7cd804bbf326cf9a703c61e31b5322ebdb26fca6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb6b04bcc-ed1e-40f8-81f9-587f3470d5fe.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9925
x-amzn-requestid: 15eb2112-b947-458a-8544-51bac721773d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dT2k9HNjIAMFTTw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639e37b9-7c5b94866d266af252f133b3;Sampled=0
x-amzn-remapped-date: Sat, 17 Dec 2022 21:42:17 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 0nlTTVMgZIa6HUmL4bx0L-menIA1szAYPKbL-2p3jcX9XDGOAHL5eg==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Sat, 17 Dec 2022 21:51:24 GMT
etag: "597892da925c3a363878e81ff02032a316303512"
content-type: image/jpeg
age: 60150
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2ded193-0301-4ad3-a888-72c52212ad95.jpeg
34.120.237.76200 OK 5.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2ded193-0301-4ad3-a888-72c52212ad95.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash bfd0e913579b4ff2f511223d70cb01fb
497e0ffef816e100e6ddc221ec17d5f389c1142a
bee68ae1a938a5111a32dab4ec4f6964994e6c39143eac9ab94d6c5e29999372
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2ded193-0301-4ad3-a888-72c52212ad95.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5185
x-amzn-requestid: 3087af97-3f2d-4848-b297-eba8d84f10c5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dT10YHv8oAMF2sg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639e3682-7527022d4bd9c15518fe75cc;Sampled=0
x-amzn-remapped-date: Sat, 17 Dec 2022 21:37:06 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Dg3c2lWr1FbFUalH5QB05VrQIkpt3LNuUM-VxJZiaXy3nJu-cfd5jg==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 17 Dec 2022 21:39:05 GMT
age: 60889
etag: "497e0ffef816e100e6ddc221ec17d5f389c1142a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae5629d0-2146-4184-be4e-96bb9ad63cda.jpeg
34.120.237.76200 OK 5.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae5629d0-2146-4184-be4e-96bb9ad63cda.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f483fbc04fdbb1b30097fadad516f718
5acc44f724df315d42fad6c3a6147c781285f498
c0709eab8e4a270d6a1ff763953241c6820dfd53f1c45fd73b0a8e2837934b58
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae5629d0-2146-4184-be4e-96bb9ad63cda.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5290
x-amzn-requestid: 78198cd7-6565-48c4-a017-52522d65d9af
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dOAbhGYpoAMF3gw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639be116-62976f8f1156951a5f8173f8;Sampled=0
x-amzn-remapped-date: Fri, 16 Dec 2022 03:08:06 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 2iWdl5-74fJleg5LpAWNtIhG1xbDtulnFiD_XfzKC5dQS90JsRkDrg==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 18 Dec 2022 01:23:35 GMT
age: 47419
etag: "5acc44f724df315d42fad6c3a6147c781285f498"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
waaw.to/js/video.jquery_plugs/modernizr.js?12
190.115.19.71200 OK 652 B URL HTTP/2 waaw.to/js/video.jquery_plugs/modernizr.js?12
IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
File type ASCII text, with very long lines (1227), with no line terminators
Hash aecce2cd69440bcd1b71a8f0ce204922
7bf5702d34c33349bead0bb2cb7ad2200d699196
b9159c2d62fb50c02489b011962ed2549515067437b550834432787ff25a5dfb
GET /js/video.jquery_plugs/modernizr.js?12 HTTP/1.1
Host: waaw.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://waaw.to/e/zdGkp7Dl2lEp?http_referer=https%3A%2F%2Frepelispluss.me%2F
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=5h8SuVINGVzCYlojbDoK; Domain=.waaw.to; HttpOnly; Path=/; Expires=Mon, 18-Dec-2023 14:33:54 GMT
date: Mon, 17 Oct 2022 10:46:28 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Sun, 03 Jun 2018 17:19:35 GMT
etag: W/"5b142327-4cb"
access-control-allow-origin: *
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
content-encoding: br
x-cache-status-inferno-s: HIT
x-inferno-location: static
age: 5370446
ddg-cache-status: HIT,MISS
content-length: 652
X-Firefox-Spdy: h2
waaw.to/js/d_check.js?34
190.115.19.71200 OK 1.0 kB IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
File type ASCII text, with very long lines (821)
Hash 841e4af4332ce934406a4e59a063aa98
fd8429c4c48157e134268b448d713b642f461af6
fde29879f9e4795b74c36aa1a23b32f35f5f67131fc914be72e42f1fff8740d3
GET /js/d_check.js?34 HTTP/1.1
Host: waaw.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://waaw.to/e/zdGkp7Dl2lEp?http_referer=https%3A%2F%2Frepelispluss.me%2F
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=POsmwrSb1EYz2uXSoWvL; Domain=.waaw.to; HttpOnly; Path=/; Expires=Mon, 18-Dec-2023 14:33:54 GMT
date: Mon, 17 Oct 2022 10:55:14 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Thu, 27 Feb 2020 14:57:53 GMT
etag: W/"5e57d8f1-d8a"
access-control-allow-origin: *
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
content-encoding: br
x-cache-status-inferno-s: HIT
x-inferno-location: static
age: 5369920
ddg-cache-status: HIT,MISS
content-length: 1028
X-Firefox-Spdy: h2
waaw.to/js/embed.205.js?736
190.115.19.71200 OK 40 kB URL HTTP/2 waaw.to/js/embed.205.js?736
IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
File type Unicode text, UTF-8 text, with very long lines (3414)
Hash a5b2f5bea0283771168801d2ebfeb91f
a0aef692a880b36965c49a2c71ff7b9c9a9fe586
1f5532db6292eefe3632e228f22d933c8d2f740d00f21982d7e4348ad0d17698
GET /js/embed.205.js?736 HTTP/1.1
Host: waaw.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://waaw.to/e/zdGkp7Dl2lEp?http_referer=https%3A%2F%2Frepelispluss.me%2F
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=EJl9QA56DIg8mP1PRs9Y; Domain=.waaw.to; HttpOnly; Path=/; Expires=Mon, 18-Dec-2023 14:33:54 GMT
date: Mon, 17 Oct 2022 10:46:28 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Thu, 04 Aug 2022 18:07:34 GMT
etag: W/"62ec0ae6-298ce"
access-control-allow-origin: *
access-control-allow-credentials: true
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
content-encoding: br
x-cache-status-inferno-s: HIT
x-inferno-location: static
age: 5370446
ddg-cache-status: HIT,MISS
content-length: 39596
X-Firefox-Spdy: h2
waaw.to/js/adv/fuckadblock.js?2
190.115.19.71200 OK 3.5 kB URL HTTP/2 waaw.to/js/adv/fuckadblock.js?2
IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
File type ASCII text, with CRLF line terminators
Hash ec1ee09f3fac94172cb7563a95812487
77b7090fc3bb4431371fa6ed84e2623dd0015c30
94db3115fa9ba527b159c6c3d3b928c585774be570300801d274eac81806eda0
GET /js/adv/fuckadblock.js?2 HTTP/1.1
Host: waaw.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://waaw.to/e/zdGkp7Dl2lEp?http_referer=https%3A%2F%2Frepelispluss.me%2F
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=dGMq5b8mYW025mikR3K8; Domain=.waaw.to; HttpOnly; Path=/; Expires=Mon, 18-Dec-2023 14:33:54 GMT
date: Mon, 17 Oct 2022 10:46:28 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Tue, 27 Aug 2019 17:39:04 GMT
etag: W/"5d656ab8-369e"
access-control-allow-origin: *
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
content-encoding: br
x-cache-status-inferno-s: HIT
x-inferno-location: static
age: 5370446
ddg-cache-status: HIT,MISS
content-length: 3525
X-Firefox-Spdy: h2
waaw.to/styles/global/embed_player.3.css?130
190.115.19.71200 OK 1.6 kB URL HTTP/2 waaw.to/styles/global/embed_player.3.css?130
IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
Hash 8e6c46db0d3b9b09cb250529f4e92245
78ccfc915538c39e35acb536eca217f2f12e7a0e
7a8726525e4b7e4a725b96f82dafba6d1da8b54d71c5d02144aca8b7d306bf65
GET /styles/global/embed_player.3.css?130 HTTP/1.1
Host: waaw.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://waaw.to/e/zdGkp7Dl2lEp?http_referer=https%3A%2F%2Frepelispluss.me%2F
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=RJFN7gBrmaRZZJN2OpJD; Domain=.waaw.to; HttpOnly; Path=/; Expires=Mon, 18-Dec-2023 14:33:54 GMT
date: Mon, 17 Oct 2022 10:46:28 GMT
content-type: text/css; charset=UTF-8
vary: Accept-Encoding
last-modified: Wed, 09 Dec 2020 22:16:37 GMT
etag: W/"5fd14cc5-1701"
access-control-allow-origin: *
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
content-encoding: br
x-cache-status-inferno-s: HIT
x-inferno-location: static
age: 5370446
ddg-cache-status: HIT,MISS
content-length: 1623
X-Firefox-Spdy: h2
unpkg.com/jquery@2.2.4/dist/jquery.min.js
104.16.122.175200 OK 31 kB URL HTTP/2 unpkg.com/jquery@2.2.4/dist/jquery.min.js
IP 104.16.122.175:0
File type ASCII text, with very long lines (32065)
Hash c573fc35198095197e23e0c0f8d88241
b0b466b0da645e65d4bf545a91d031137b8e96d9
b834d10a59680f6864e9fdf8425d4fd26d8381da2d535d407fd53d6bfb12191f
GET /jquery@2.2.4/dist/jquery.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://waaw.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 18 Dec 2022 14:33:54 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Fri, 20 May 2016 17:24:42 GMT
etag: W/"14e4a-abtp4lyn1e8JNTF1hOYVPz/ZqIw"
via: 1.1 fly.io
fly-request-id: 01G754SVY4BFC19MXYRYRMED91-fra
cf-cache-status: HIT
age: 14417535
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 77b89dc61fbfb500-OSL
content-encoding: br
X-Firefox-Spdy: h2
commentsengine.com/js/js.load.1.js?6639063909620221
104.21.60.27200 OK 0 B URL HTTP/2 commentsengine.com/js/js.load.1.js?6639063909620221
IP 104.21.60.27:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /js/js.load.1.js?6639063909620221 HTTP/1.1
Host: commentsengine.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://waaw.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 18 Dec 2022 14:33:54 GMT
content-type: application/javascript; charset=UTF-8
content-length: 0
last-modified: Thu, 14 Apr 2022 12:20:52 GMT
etag: "625811a4-0"
access-control-allow-origin: *
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
x-cache-status-inferno-s: MISS
x-inferno-location: static
cf-cache-status: HIT
age: 16823359
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FGZZF77%2F5qTL54htaisaSz5TLxAYTVLVPDpnbPABV2AARCym5ihgtVx%2FMXuGe%2Fx%2FXkaLYmjiLvwlfoBKGGhxL%2FTn1hDhVY1xcJi%2FgBW813T%2FKxNYUkQ9Ne%2FPBdCE6f3TjFeYUdM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77b89dc67ce6b52d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
waaw.to/ad/api/popunder.js
190.115.19.71200 OK 305 B URL HTTP/2 waaw.to/ad/api/popunder.js
IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
File type ASCII text, with no line terminators
Hash 9533d3cc3146ba6a57a959c932c388d2
772486c594db64c4babf9bfc7c6b71c8a035d868
207cf7292138a59f9dd340a88f7aaf6c030330343bb70206c4fe1e0cb2d58b1b
GET /ad/api/popunder.js HTTP/1.1
Host: waaw.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://waaw.to/e/zdGkp7Dl2lEp?http_referer=https%3A%2F%2Frepelispluss.me%2F
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=YdknrqqWlqgnxHmDFe7J; Domain=.waaw.to; HttpOnly; Path=/; Expires=Mon, 18-Dec-2023 14:33:54 GMT
date: Sun, 17 Jul 2022 16:41:23 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Wed, 15 Sep 2021 14:06:22 GMT
etag: W/"6141fdde-15"
access-control-allow-origin: *
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
x-cache-status-inferno-s: HIT
x-inferno-location: static
accept-ranges: bytes
age: 13297996
ddg-cache-status: HIT,HIT
content-encoding: br
vary: Accept-Encoding
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d9b18ac6541daf704dd981d6e72a5ab7
4516d6a2850f57ab5f1a4e9e07bf9dc3b43aa7e1
d866c3b16c7dbd7683aa1856b13e9abad1bdf69760fe1aeacc80140c30bda6c2
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "D866C3B16C7DBD7683AA1856B13E9ABAD1BDF69760FE1AEACC80140C30BDA6C2"
Last-Modified: Sat, 17 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13939
Expires: Sun, 18 Dec 2022 18:26:14 GMT
Date: Sun, 18 Dec 2022 14:33:55 GMT
Connection: keep-alive
testingmetriksbre.ru/netu.php
104.21.50.109200 OK 4.9 kB URL HTTP/2 testingmetriksbre.ru/netu.php
IP 104.21.50.109:0
File type ASCII text, with very long lines (855), with CRLF line terminators
Hash ea0d20b467837f62b0caede22c914261
1c3670549ca3310d3c07f710a8c1e76e4a0bafd0
fa35bfd868ee93370fd027fb35bb18987e6c22fe4dc8ae5fe55c44d2e5908dff
GET /netu.php HTTP/1.1
Host: testingmetriksbre.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://waaw.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 18 Dec 2022 14:33:55 GMT
content-type: application/javascript
x-powered-by: PHP/7.1.33
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wykmNQjRAECAmCLsfpET02M7uTLtJDS9JJVDStV89VA477xe91bBKkagFPIVm0B3ewJXgmd%2F1Klmzd912D5jaOMMU5%2BzZRRsLNIYT%2B12CSFy9RMpr1NPedhv0xNS6ONFhRHTxaKQ7w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77b89dc67e2db515-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 03c8258e1c16364384a10c746732e080
24f121ea76ab812448228b238fadc421f5c4d6c8
9dfb03f619014cd8683030fb68b00b8a0befd9ad9755fcd77c69a2a4e163d397
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 18 Dec 2022 14:33:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/url?q=https%3A%2F%2Fenwrapquai.com%2Fi929rGRpBcgWqES%2F55380&sa=D&sntz=1&usg=AOvVaw1SSQPRxviAgj2l_1Dv47Ku
142.250.74.132200 OK 388 B URL HTTP/2 www.google.com/url?q=https%3A%2F%2Fenwrapquai.com%2Fi929rGRpBcgWqES%2F55380&sa=D&sntz=1&usg=AOvVaw1SSQPRxviAgj2l_1Dv47Ku
IP 142.250.74.132:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 90d9e32da626a9c3a219b947a68c88be
06639cddd8ca15249f8d04e9f656d8354419bd6f
48e2e0816ac0d8339dc0f97921514e61cca86e5b4faa75fc1cfa9cadf140399a
GET /url?q=https%3A%2F%2Fenwrapquai.com%2Fi929rGRpBcgWqES%2F55380&sa=D&sntz=1&usg=AOvVaw1SSQPRxviAgj2l_1Dv47Ku HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
location: https://enwrapquai.com/i929rGRpBcgWqES/55380
cache-control: private
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=31536000
cross-origin-opener-policy-report-only: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
date: Sun, 18 Dec 2022 14:33:55 GMT
server: gws
content-length: 388
x-xss-protection: 0
expires: Sun, 18 Dec 2022 14:33:55 GMT
set-cookie: __Secure-ENID=9.SE=gfypJj3q7S3MShvpbiRNAAaECr09Wv-sFTlXXb7VgCXSW_bfoVx-zjv1YJhcSddsSC2zbH8lxyJ9vQrQ33FZx8uYtCaHdTIKViCPhtMkR9dnr0d6lgCaX-5XOyJ1o2fLFJbjfMKW-moqNQnv33eWhKX9MVkzTKeascvHUQx-RO8; expires=Thu, 18-Jan-2024 06:52:13 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
CONSENT=PENDING+441; expires=Tue, 17-Dec-2024 14:33:55 GMT; path=/; domain=.google.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 157b62091fad279063f540564a4c72e6
9db33b844db31eed03695c97daf4c84a4d7d265f
92904432175c023613dea4d660d2c9098e00b7f3b628c8519bf5b404cad450a8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 18 Dec 2022 14:33:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/analytics.js
142.250.74.110200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.110:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Sun, 18 Dec 2022 12:41:08 GMT
expires: Sun, 18 Dec 2022 14:41:08 GMT
cache-control: public, max-age=7200
age: 6767
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash bb7384a7ebd0750168d87fe0005a4bfe
4936fa40f933f4e1ba04a176f8513393209b4377
84671b37c9b125a46c3dcbacb6acdefdde6018e0ad5b72b7179e875cfbabe159
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 18 Dec 2022 14:33:55 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 18 Dec 2022 14:30:41 GMT
Expires: Sun, 25 Dec 2022 14:30:40 GMT
Etag: "4936fa40f933f4e1ba04a176f8513393209b4377"
Cache-Control: max-age=604004,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77b89dc7bfd81bfa-OSL
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3e994e14a149f39da5de58f2ba594c68
547d68785dd9bfae1cc1ca895d8e79845390aeb0
c2de013879c338095d1308834d3ddc69927720187231a36e521915235349e33f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C2DE013879C338095D1308834D3DDC69927720187231A36E521915235349E33F"
Last-Modified: Sat, 17 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2983
Expires: Sun, 18 Dec 2022 15:23:38 GMT
Date: Sun, 18 Dec 2022 14:33:55 GMT
Connection: keep-alive
enwrapquai.com/i929rGRpBcgWqES/55380
172.255.6.58200 OK 7.5 kB URL HTTP/1.1 enwrapquai.com/i929rGRpBcgWqES/55380
IP 172.255.6.58:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (19413)
Hash a218767c8687abf42cf0d59a7e7ba5e5
1745a0b43d7ddb8e95c02255d822976dd9be77f4
6158329c487a2bededd76e6dd845aaf50ae56176357ea2e6457d620f3f3b9563
Analyzer Verdict Alert quad9 Sinkholed
GET /i929rGRpBcgWqES/55380 HTTP/1.1
Host: enwrapquai.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.google.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Dec 2022 14:33:55 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Set-Cookie: GL_UI4=eJw9jd1OhDAYRIHy42aFOAkPsI9QVBAvvfEVvCSl%2FcC60G5KXfTtbUz07mTmTCaKoqSuEF9zBvYpWpzU1HSS9428bx9417WPgtM09s9j%2F9Q1gvc46G3wYlzIp7idyZDTcpBWUYm7UP0lZ2N3kyIbnTCqRLYGYylRjM7uG7maITViJRSv2tFkv4IhPqwDa3gbWJvAMUdit5pVBxRv2qiwrI5IGl6VeYTjZRF%2Bsm4dtMpjZLMTihC%2F4EYKT7N13ygUbWdvL4Bd1PDv%2Fx6zveHIFV21JGTWv5P7AaoaStk%3D; expires=Mon, 19-Dec-2022 14:33:55 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJxNjM0KgkAYRW0qSwrjQg%2FQC2T%2Fi7bVMnThAwxmXzFg84kz%2FdjTpwbR5nI4cK7jOGLsQ6gcw%2B0i2M6D9TJYbNZoX4khwgjDlO%2FaFqXUyY3ghlw8kxJuQVfFGmK%2BwuDLMuUzoRtG0z%2FXRIPIZDzZ1z8lOqmqt1bwav52vaprXFuZHP4uU69JzNndVi8GniYrTU50hrdPThnNDvER%2Fs82H24LfWVkXvCrrHhk1Y3erEny5WLIVqr1cMUHDLFHVQ%3D%3D; expires=Mon, 19-Dec-2022 14:33:55 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
cdn-s5.cfeucdn.com/flv/api/files/thumbs/2019/07/28/1564291671kz8vd-640x480-1.jpg
213.186.120.164200 OK 87 kB URL HTTP/2 cdn-s5.cfeucdn.com/flv/api/files/thumbs/2019/07/28/1564291671kz8vd-640x480-1.jpg
IP 213.186.120.164:0
File type JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1280x720, components 3\012- data
Hash 8be07c887d1421084c89feddf9482265
976db14912314ee8d435c64b4b91e557bb4609dc
e56694c4cdad38e709f8771ff8d31548fe2e44eacfadaae2d9fdd8a1dd7c2f49
GET /flv/api/files/thumbs/2019/07/28/1564291671kz8vd-640x480-1.jpg HTTP/1.1
Host: cdn-s5.cfeucdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://waaw.to/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 18 Dec 2022 14:33:24 GMT
content-type: image/jpeg
content-length: 87371
last-modified: Sun, 28 Jul 2019 06:00:00 GMT
etag: "5d3d39e0-1554b"
server: cloudflare
expires: Mon, 24 Nov 2121 14:33:24 GMT
cache-control: max-age=3122064000, public
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 991ad96a61989e5732fe4068e488cb84
f666a486ec4eada838dcc01a39a171e7d4fcfd6d
83cfef9dcf7cb5aea97cb19ddc0ce3911b7105b5e934bf0a05819d935622bdd2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "83CFEF9DCF7CB5AEA97CB19DDC0CE3911B7105B5E934BF0A05819D935622BDD2"
Last-Modified: Sat, 17 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5843
Expires: Sun, 18 Dec 2022 16:11:18 GMT
Date: Sun, 18 Dec 2022 14:33:55 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 991ad96a61989e5732fe4068e488cb84
f666a486ec4eada838dcc01a39a171e7d4fcfd6d
83cfef9dcf7cb5aea97cb19ddc0ce3911b7105b5e934bf0a05819d935622bdd2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "83CFEF9DCF7CB5AEA97CB19DDC0CE3911B7105B5E934BF0A05819D935622BDD2"
Last-Modified: Sat, 17 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5843
Expires: Sun, 18 Dec 2022 16:11:18 GMT
Date: Sun, 18 Dec 2022 14:33:55 GMT
Connection: keep-alive
syenitetatler.tech/cuid/?f=https%3A%2F%2Fenwrapquai.com
142.91.159.179200 OK 0 B URL HTTP/1.1 syenitetatler.tech/cuid/?f=https%3A%2F%2Fenwrapquai.com
IP 142.91.159.179:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
OPTIONS /cuid/?f=https%3A%2F%2Fenwrapquai.com HTTP/1.1
Host: syenitetatler.tech
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://enwrapquai.com/
Origin: https://enwrapquai.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Dec 2022 14:33:55 GMT
Content-Length: 0
Connection: keep-alive
Keep-Alive: timeout=20
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://enwrapquai.com
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash bb7384a7ebd0750168d87fe0005a4bfe
4936fa40f933f4e1ba04a176f8513393209b4377
84671b37c9b125a46c3dcbacb6acdefdde6018e0ad5b72b7179e875cfbabe159
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 18 Dec 2022 14:33:55 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 18 Dec 2022 14:30:41 GMT
Expires: Sun, 25 Dec 2022 14:30:40 GMT
Etag: "4936fa40f933f4e1ba04a176f8513393209b4377"
Cache-Control: max-age=604004,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77b89dca59ef1bfa-OSL
syenitetatler.tech/cuid/?f=https%3A%2F%2Fenwrapquai.com
142.91.159.179200 OK 32 B URL HTTP/1.1 syenitetatler.tech/cuid/?f=https%3A%2F%2Fenwrapquai.com
IP 142.91.159.179:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 16dc3bd067f20270618bf713a34fbb5d
409db07305e65ab19912e29c4ec648ba3b7639b2
eb5dba943d0a467f647463f1c8627714d208a9547c173af3307df89e3603b560
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
POST /cuid/?f=https%3A%2F%2Fenwrapquai.com HTTP/1.1
Host: syenitetatler.tech
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://enwrapquai.com/
Content-Type: application/json
Origin: https://enwrapquai.com
Content-Length: 10
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Dec 2022 14:33:55 GMT
Content-Type: application/json
Content-Length: 32
Connection: keep-alive
Keep-Alive: timeout=20
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://enwrapquai.com
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: a97fa794a0f9=67441ee8ab20c3d358caea; expires=Sun, 24 Apr 2050 12:40:00 GMT; domain=syenitetatler.tech; path=/; secure; SameSite=None
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
ocsp.pki.goog/s/gts1p5/oh17uUli4Cw
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/oh17uUli4Cw
IP 142.250.74.131:0
Hash b975c6ea9c7eb4c856cfa46c74e32e95
add1bae1595cbaf02962d39e5ab64ec296781e32
b970c64a076955cf7b613fa24e703b9d8c09b6fff86d779b67bae2c450ea6df9
POST /s/gts1p5/oh17uUli4Cw HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 18 Dec 2022 14:33:55 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
for-j.com/tds3.html?ymid=167137403510000TNOTV415326358024V86&zoneid=5460782&subid=5939010&sourceid=315519420&tt=2
104.18.8.13200 OK 11 kB URL HTTP/2 for-j.com/tds3.html?ymid=167137403510000TNOTV415326358024V86&zoneid=5460782&subid=5939010&sourceid=315519420&tt=2
IP 104.18.8.13:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash eca3b03cb2ba1482d2379b78647f85f4
15b9d2613d4336c5e5856343fe275946131ae230
246bc37795a214eec5b3c89c1fe0a327d2137c597343daec814008a1dd57f5fe
GET /tds3.html?ymid=167137403510000TNOTV415326358024V86&zoneid=5460782&subid=5939010&sourceid=315519420&tt=2 HTTP/1.1
Host: for-j.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 18 Dec 2022 14:33:55 GMT
content-type: text/html
last-modified: Wed, 02 Nov 2022 11:31:57 GMT
cf-cache-status: HIT
age: 1241873
expires: Wed, 18 Jan 2023 14:33:55 GMT
cache-control: public, max-age=2678400
vary: Accept-Encoding
server: cloudflare
cf-ray: 77b89dcc09ffb523-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/oh17uUli4Cw
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/oh17uUli4Cw
IP 142.250.74.131:0
Hash b975c6ea9c7eb4c856cfa46c74e32e95
add1bae1595cbaf02962d39e5ab64ec296781e32
b970c64a076955cf7b613fa24e703b9d8c09b6fff86d779b67bae2c450ea6df9
POST /s/gts1p5/oh17uUli4Cw HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 18 Dec 2022 14:33:56 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
waaw.to/ad/banner/_adsense_/_adserver/_adview_.ad.json?adzone=top&adsize=300x250&advid=32986149
190.115.19.71200 OK 50 kB URL HTTP/2 waaw.to/ad/banner/_adsense_/_adserver/_adview_.ad.json?adzone=top&adsize=300x250&advid=32986149
IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
Hash 1da09c2479c4d27ae393041b0ea7a3d9
d9cf98aaa066af699dc339e8f63162f9cd454863
8e12a640434a184630ff5f9d3fc5c0132307a31409ef11f8d80acc87b0cb1393
GET /ad/banner/_adsense_/_adserver/_adview_.ad.json?adzone=top&adsize=300x250&advid=32986149 HTTP/1.1
Host: waaw.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://waaw.to/e/zdGkp7Dl2lEp?http_referer=https%3A%2F%2Frepelispluss.me%2F
Cookie: uid=Xl1p3Aewc4FNKaMBVW_9L932t2pp_DcN
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=G67sGgmAP9vhjBNqT9bj; Domain=.waaw.to; HttpOnly; Path=/; Expires=Mon, 18-Dec-2023 14:33:55 GMT
date: Sun, 18 Dec 2022 14:33:54 GMT
content-type: application/json
access-control-allow-origin: *
x-inferno-location: banner
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e0986cc7ae24f5afd66bc5121c187216
89997b8cdae040999506384f659efadfb46e1e74
556cd5b1685cba22ef982393a82b8f616fe31bfd809709a38b5acda66fdea90d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "556CD5B1685CBA22EF982393A82B8F616FE31BFD809709A38B5ACDA66FDEA90D"
Last-Modified: Sat, 17 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1929
Expires: Sun, 18 Dec 2022 15:06:05 GMT
Date: Sun, 18 Dec 2022 14:33:56 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a208c9f2ba01a6b7934298eac8d0cf71
5d6c4d4e87e270c3b3d2d9830c6f3b7da6659fd0
bcace9bd7f04ac446f144f1a3182f239c8b52a946972a932901d007923d70ff7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BCACE9BD7F04AC446F144F1A3182F239C8B52A946972A932901D007923D70FF7"
Last-Modified: Sat, 17 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2740
Expires: Sun, 18 Dec 2022 15:19:36 GMT
Date: Sun, 18 Dec 2022 14:33:56 GMT
Connection: keep-alive
naggedhechtia.tech/imp/55380?md=snIhJiOzgzMzwiIzJiOiEjM4ADexAjM0ICLiImI6ISM4FjIsIiciojIoRHdwNnOv8yd3dnLn92bnxWZuM2bt9iIsISciojIoRHdwNnOv8SZudnchBXc1FWauM2bt9Sa5ITOydkUwJ0YndVcFN1L1UzM4AjIsICaioDOyYTNsICbiojIl5WLVNlIsICdioDMsIieioDOxQzMsIyaioDNsISdiojI2cDN0ETZlhTYiJDMjNDZzUDOjFWZhJCLiYmI6Qnc1VGLiUmI6Iya5NGb2VDcuFDdndTYoFnIsIybioDdyVXZsISbioTM2cTMzcDNwMTN4kzMsIydiojIlcjQlIjM0lGdsVWJyITJzEUJyITJyITJyMUJyIzall3dvJHZzViMyUyMBVSNCVSNEViMDViMyQ3bwd3byR2clIjMlMTQlUjQlIjMhRmdlJHdpNXZyVyMBFTJyITJ1QUJ3QkIsICcyJiOxwiIoNmI6EjNsIiYsJiOtEDLiYndiojI152YoV2YrVGZiwiI2JnI6ISduNGalN2alRmIsISYjJiO1ADLiMGdiojI152au92duJCLiMWZ0JiOiUnbr52b35mIsIyYkxWbioTLxwiIjRGbioTLxwiIjJHd0JiOtETf&pdc=HnK_b9fYsni*n_LlsT2auMpAGOfSjHa8NWGUkU81sUM
172.255.6.142200 OK 58 B URL HTTP/1.1 naggedhechtia.tech/imp/55380?md=snIhJiOzgzMzwiIzJiOiEjM4ADexAjM0ICLiImI6ISM4FjIsIiciojIoRHdwNnOv8yd3dnLn92bnxWZuM2bt9iIsISciojIoRHdwNnOv8SZudnchBXc1FWauM2bt9Sa5ITOydkUwJ0YndVcFN1L1UzM4AjIsICaioDOyYTNsICbiojIl5WLVNlIsICdioDMsIieioDOxQzMsIyaioDNsISdiojI2cDN0ETZlhTYiJDMjNDZzUDOjFWZhJCLiYmI6Qnc1VGLiUmI6Iya5NGb2VDcuFDdndTYoFnIsIybioDdyVXZsISbioTM2cTMzcDNwMTN4kzMsIydiojIlcjQlIjM0lGdsVWJyITJzEUJyITJyITJyMUJyIzall3dvJHZzViMyUyMBVSNCVSNEViMDViMyQ3bwd3byR2clIjMlMTQlUjQlIjMhRmdlJHdpNXZyVyMBFTJyITJ1QUJ3QkIsICcyJiOxwiIoNmI6EjNsIiYsJiOtEDLiYndiojI152YoV2YrVGZiwiI2JnI6ISduNGalN2alRmIsISYjJiO1ADLiMGdiojI152au92duJCLiMWZ0JiOiUnbr52b35mIsIyYkxWbioTLxwiIjRGbioTLxwiIjJHd0JiOtETf&pdc=HnK_b9fYsni*n_LlsT2auMpAGOfSjHa8NWGUkU81sUM
IP 172.255.6.142:0
File type HTML document text\012- HTML document, ASCII text, with no line terminators
Hash c0d656e325525f28dbe969397135c07b
8b71f15a24f3440f3406fa845f5656752c873605
defa02d1919451c6ce4e510588e0b2f084c9f8154e8972ce0695fe9aefe900a3
Analyzer Verdict Alert quad9 Sinkholed
GET /imp/55380?md=snIhJiOzgzMzwiIzJiOiEjM4ADexAjM0ICLiImI6ISM4FjIsIiciojIoRHdwNnOv8yd3dnLn92bnxWZuM2bt9iIsISciojIoRHdwNnOv8SZudnchBXc1FWauM2bt9Sa5ITOydkUwJ0YndVcFN1L1UzM4AjIsICaioDOyYTNsICbiojIl5WLVNlIsICdioDMsIieioDOxQzMsIyaioDNsISdiojI2cDN0ETZlhTYiJDMjNDZzUDOjFWZhJCLiYmI6Qnc1VGLiUmI6Iya5NGb2VDcuFDdndTYoFnIsIybioDdyVXZsISbioTM2cTMzcDNwMTN4kzMsIydiojIlcjQlIjM0lGdsVWJyITJzEUJyITJyITJyMUJyIzall3dvJHZzViMyUyMBVSNCVSNEViMDViMyQ3bwd3byR2clIjMlMTQlUjQlIjMhRmdlJHdpNXZyVyMBFTJyITJ1QUJ3QkIsICcyJiOxwiIoNmI6EjNsIiYsJiOtEDLiYndiojI152YoV2YrVGZiwiI2JnI6ISduNGalN2alRmIsISYjJiO1ADLiMGdiojI152au92duJCLiMWZ0JiOiUnbr52b35mIsIyYkxWbioTLxwiIjRGbioTLxwiIjJHd0JiOtETf&pdc=HnK_b9fYsni*n_LlsT2auMpAGOfSjHa8NWGUkU81sUM HTTP/1.1
Host: naggedhechtia.tech
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://enwrapquai.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Dec 2022 14:33:56 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Set-Cookie: GL_UI4=eJw9jd1OhDAYRIHy42aFOAkPsI9QVBAvvfEVvCSl%2FcC60G5KXfTtbUz07mTmTCaKoqSuEF9zBvYpWpzU1HSS9428bx9417WPgtM09s9j%2F9Q1gvc46G3wYlzIp7idyZDTcpBWUYm7UP0lZ2N3kyIbnTCqRLYGYylRjM7uG7maITViJRSv2tFkv4IhPqwDa3gbWJvAMUdit5pVBxRv2qiwrI5IGl6VeYTjZRF%2Bsm4dtMpjZLMTihC%2F4EYKT7N13ygUbWdvL4Bd1PDv%2Fx6zveHIFV21JGTWv5P7AaoaStk%3D; expires=Mon, 19-Dec-2022 14:33:56 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJxNjM0KgkAYRW0qSwrjQg%2FQC2T%2Fi7bVMnThAwxmXzFg84kz%2FdjTpwbR5nI4cK7jOGLsQ6gcw%2B0i2M6D9TJYbNZoX4khwgjDlO%2FaFqXUyY3ghlw8kxJuQVfFGmK%2BwuDLMuUzoRtG0z%2FXRIPIZDzZ1z8lOqmqt1bwav52vaprXFuZHP4uU69JzNndVi8GniYrTU50hrdPThnNDvER%2Fs82H24LfWVkXvCrrHhk1Y3erEny5WLIVqr1cMUHDLFHVQ%3D%3D; expires=Mon, 19-Dec-2022 14:33:56 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
buzzonclick.com/script/i.php?stamat=m%257C%252C%252CQhZvYjF-oGU3BU9GH0dEdHP3xP.2c6%252Ciko0NoQoq8we6GRKCa6YrhVYHVJ1xnOa1RlnWs34H1jU6Jeu7WgMH5mU-J25gkWQfhoHVxJ3p7KeYD4jsBnL-aHLSa96shfyRYW3VM6ERCdgDXnZywB115apEmHi6RrAhsj6sUdogwMCfrAKBPqJ9sagQTC3ztEf6JdsfjUDvgFbazVIirAigxQDQ-6YS8cRaraTrqIWrdVb5azgVm6sqxksznMOhpRP8OS570z8Ip6zPVL4sM89e5PBfN9e60BQHPQgdeK0VQBDiC_uM2szA5DqbGCyPqKr6DWhFpG76bIOWI2eImGNWTu3_fBWCvZ6srhlEQr-yOEEaCpwH-AKIkJSKfLTGmrhfu-PzoGfTyzT6JIcLAa4taqT5wrys_xgrZhiqdRkJREVMsVkv1766y3pdGhq40IdmisqNtWrwviKHR-FTqpbZvMc9BNGfLgpc_mGmXVePBA4CjjnvBEz668gfuHjcLECS3gckj0-AWU%252C
35.186.243.67302 Found 44 B URL HTTP/2 buzzonclick.com/script/i.php?stamat=m%257C%252C%252CQhZvYjF-oGU3BU9GH0dEdHP3xP.2c6%252Ciko0NoQoq8we6GRKCa6YrhVYHVJ1xnOa1RlnWs34H1jU6Jeu7WgMH5mU-J25gkWQfhoHVxJ3p7KeYD4jsBnL-aHLSa96shfyRYW3VM6ERCdgDXnZywB115apEmHi6RrAhsj6sUdogwMCfrAKBPqJ9sagQTC3ztEf6JdsfjUDvgFbazVIirAigxQDQ-6YS8cRaraTrqIWrdVb5azgVm6sqxksznMOhpRP8OS570z8Ip6zPVL4sM89e5PBfN9e60BQHPQgdeK0VQBDiC_uM2szA5DqbGCyPqKr6DWhFpG76bIOWI2eImGNWTu3_fBWCvZ6srhlEQr-yOEEaCpwH-AKIkJSKfLTGmrhfu-PzoGfTyzT6JIcLAa4taqT5wrys_xgrZhiqdRkJREVMsVkv1766y3pdGhq40IdmisqNtWrwviKHR-FTqpbZvMc9BNGfLgpc_mGmXVePBA4CjjnvBEz668gfuHjcLECS3gckj0-AWU%252C
IP 35.186.243.67:0
Hash 15ce19dfa82b4fa05644f55e28121ea5
56af635cd4a54c18370a882840a24ab579d9676a
e4e56314e44a9a07c298646acbc9e879faa3bf5fcdb74361502c6db109234388
GET /script/i.php?stamat=m%257C%252C%252CQhZvYjF-oGU3BU9GH0dEdHP3xP.2c6%252Ciko0NoQoq8we6GRKCa6YrhVYHVJ1xnOa1RlnWs34H1jU6Jeu7WgMH5mU-J25gkWQfhoHVxJ3p7KeYD4jsBnL-aHLSa96shfyRYW3VM6ERCdgDXnZywB115apEmHi6RrAhsj6sUdogwMCfrAKBPqJ9sagQTC3ztEf6JdsfjUDvgFbazVIirAigxQDQ-6YS8cRaraTrqIWrdVb5azgVm6sqxksznMOhpRP8OS570z8Ip6zPVL4sM89e5PBfN9e60BQHPQgdeK0VQBDiC_uM2szA5DqbGCyPqKr6DWhFpG76bIOWI2eImGNWTu3_fBWCvZ6srhlEQr-yOEEaCpwH-AKIkJSKfLTGmrhfu-PzoGfTyzT6JIcLAa4taqT5wrys_xgrZhiqdRkJREVMsVkv1766y3pdGhq40IdmisqNtWrwviKHR-FTqpbZvMc9BNGfLgpc_mGmXVePBA4CjjnvBEz668gfuHjcLECS3gckj0-AWU%252C HTTP/1.1
Host: buzzonclick.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: openresty
date: Sun, 18 Dec 2022 14:33:55 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
location: https://for-j.com/tds3.html?ymid=167137403510000TNOTV415326358024V86&zoneid=5460782&subid=5939010&sourceid=315519420&tt=2
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ak.roudoduor.com/?z=5460782&syncedCookie=true&rhd=false
23.36.76.242302 Found 0 B URL HTTP/2 ak.roudoduor.com/?z=5460782&syncedCookie=true&rhd=false
IP 23.36.76.242:0
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
POST /?z=5460782&syncedCookie=true&rhd=false HTTP/1.1
Host: ak.roudoduor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 577
Origin: https://ak.roudoduor.com
Connection: keep-alive
Referer: https://ak.roudoduor.com/afu.php?zoneid=5460782&var=5460782&rid=BPTR34PbLD67mf1dYD5JaA%3D%3D&rhd=false
Cookie: OAID=0596fec7048d4ee89037c7a8548d4db1; oaidts=1671374035
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 302 Found
content-length: 0
x-trace-id: dfa4be94ede56139f841afaa77548a9d
link: <https://www.google.com>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
referrer-policy: no-referrer
location: https://www.google.com/?rdk=rk3
access-control-allow-origin: https://ak.roudoduor.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
expires: Sun, 18 Dec 2022 14:33:56 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Sun, 18 Dec 2022 14:33:56 GMT
set-cookie: OAID=0596fec7048d4ee89037c7a8548d4db1; expires=Mon, 18 Dec 2023 14:33:56 GMT; path=/; secure; SameSite=None
oaidts=1671374035; expires=Mon, 18 Dec 2023 14:33:56 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Sun, 25 Dec 2022 14:33:56 GMT; path=/; secure; SameSite=None
server-timing: cdn-cache; desc=MISS, edge; dur=20, origin; dur=11
X-Firefox-Spdy: h2
waaw.to/cdn-cgi/trace
190.115.19.71404 Not Found 568 B IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash b2a72ac897d3cac5039dfce117dab39d
e787d53b829f9d84fec0042b8743e522d195cb72
fe0e818af135b611e5e44bcfb9cf7e3565ec4232d30cc5a84c6411de37d10e3a
GET /cdn-cgi/trace HTTP/1.1
Host: waaw.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://waaw.to/e/zdGkp7Dl2lEp?http_referer=https%3A%2F%2Frepelispluss.me%2F
Cookie: uid=Xl1p3Aewc4FNKaMBVW_9L932t2pp_DcN
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: ddos-guard
set-cookie: __ddg1_=o1xP9WYfKkFwRPJS1zbl; Domain=.waaw.to; HttpOnly; Path=/; Expires=Mon, 18-Dec-2023 14:33:55 GMT
date: Sun, 18 Dec 2022 14:33:54 GMT
content-type: text/html; charset=UTF-8
x-origin-location: /
x-cache-status-inferno: MISS
x-inferno-location: /
content-encoding: br
vary: Accept-Encoding
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Oswald:200,300,400,500,600,700|Roboto:100,100i,300,300i,400,400i,500,500i,700,700i,900,900i|Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i|oswald
142.250.74.106200 OK 2.4 kB URL HTTP/2 fonts.googleapis.com/css?family=Oswald:200,300,400,500,600,700|Roboto:100,100i,300,300i,400,400i,500,500i,700,700i,900,900i|Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i|oswald
IP 142.250.74.106:0
Hash 335da90f6c78ed9698c8d690a1f78b9c
5cceb9932b6b1fefaac63f5a59c7aeaa2924fe42
ad32c15abc2505eda81acd3deff842edc3f60cb5bb3c0ec32c9a908945d6f1b3
GET /css?family=Oswald:200,300,400,500,600,700|Roboto:100,100i,300,300i,400,400i,500,500i,700,700i,900,900i|Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i|oswald HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://marazma.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 18 Dec 2022 14:33:56 GMT
date: Sun, 18 Dec 2022 14:33:56 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6846f5f65df5a2ebc9f5b9cba782e9c3
708216f1ac8b66759b3db808b95e79af4f092454
ec03de938be9d11af5006fbafab0bc9f76e352d3831508341d94a55a71e6fee1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EC03DE938BE9D11AF5006FBAFAB0BC9F76E352D3831508341D94A55A71E6FEE1"
Last-Modified: Sat, 17 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7074
Expires: Sun, 18 Dec 2022 16:31:50 GMT
Date: Sun, 18 Dec 2022 14:33:56 GMT
Connection: keep-alive
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 5d2fadc19e0e22470865c1463eebd9c1
f2349948931659cb93217f009f8cf7b2fe977cc4
752af1114224646864494adde5d6d6bcb274c608a04ea86fd30020ffdc40efc0
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 18 Dec 2022 14:33:56 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 15 Dec 2022 16:52:39 GMT
Expires: Thu, 22 Dec 2022 16:52:38 GMT
Etag: "f2349948931659cb93217f009f8cf7b2fe977cc4"
Cache-Control: max-age=353321,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77b89dcded4b1bfa-OSL
unseenreport.com/pxf.gif?uuid=b91caa52-1f69-4fa2-ad5b-0ea1a1cfc8c2&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=629a79c4048fd9a1098471b0b9664f60&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=14
192.243.61.225200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=b91caa52-1f69-4fa2-ad5b-0ea1a1cfc8c2&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=629a79c4048fd9a1098471b0b9664f60&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=14
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=b91caa52-1f69-4fa2-ad5b-0ea1a1cfc8c2&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=629a79c4048fd9a1098471b0b9664f60&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=14 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://repelispluss.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 18 Dec 2022 14:33:56 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ea9043b0caa6e4a65e81ce06dde6aa2c
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=b91caa52-1f69-4fa2-ad5b-0ea1a1cfc8c2&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=a9fd7d4599f3dd6968bebb4d4ec2593c&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=14
192.243.61.225200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=b91caa52-1f69-4fa2-ad5b-0ea1a1cfc8c2&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=a9fd7d4599f3dd6968bebb4d4ec2593c&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=14
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=b91caa52-1f69-4fa2-ad5b-0ea1a1cfc8c2&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=a9fd7d4599f3dd6968bebb4d4ec2593c&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=14 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://repelispluss.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 18 Dec 2022 14:33:56 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0a7b08f873e63bab201cf8162ebe14a9
Strict-Transport-Security: max-age=0; includeSubdomains
popxyz.com/Jr1zAzZ
104.21.75.199200 OK 48 kB IP 104.21.75.199:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (343)
Hash 59ed002da684ce56c8ec93e94b608e49
854c5f902e720012efd54781c12096ff20ea8d8f
e754d939f8adc09827119110f3a9744331b0a83cc9b13a3cf380a82f5b131bca
GET /Jr1zAzZ HTTP/1.1
Host: popxyz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://marazma.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 18 Dec 2022 14:33:57 GMT
content-type: text/html; charset=utf-8
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tyVFw61TvxcEJPWxmBcu4u5pkWNoH5nNV1sc3rMNGsBGnbhh5o6XTamvbGuaeBI8N9JMsmqSGBVRzgnTrQ3%2FYZOnAdHkWRIb%2BnyXbYSplbE4jWjqRvB3VGf2B24V"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77b89dd418f8b517-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 90f9faf49c00bdc0a1880723213f2ef3
39a153b92f273c98427f81307dc6af573fc4aab9
2b4b596a27bb6f8e1f467014bbfc4ac79999555c81f8374047510ef472785789
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5421
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 18 Dec 2022 14:33:57 GMT
Last-Modified: Sun, 18 Dec 2022 13:03:37 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 280
www.popxperts.com/qpad49Q
104.21.39.130301 Moved Permanently 552 B URL HTTP/2 www.popxperts.com/qpad49Q
IP 104.21.39.130:0
Hash 98d723c0628417ed108a19cdc3e8ff6a
254f914130f3857ed70e77aa06dc0d2309a461b9
6ff2bd4dff4a74ded74ab77479da2dec6decb6d20a9ac587fd8a824834871c37
GET /qpad49Q HTTP/1.1
Host: www.popxperts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://popxyz.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Sun, 18 Dec 2022 14:33:57 GMT
location: https://popxperts.com/qpad49Q
cache-control: max-age=3600
expires: Sun, 18 Dec 2022 15:33:57 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oid35sF%2FmBQSZEEogwYw4HqL0T%2FVyrqHmWBvQZw0PF%2BjeCGgO2w56WQO6FTMO9G5wJXx54DaBbMI%2BWN%2F5lLU6pxMB%2F4h1wJn7uhj%2FU%2F1nvEifE2HA1ZsLXqFOr9zvJxOjC5yDQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77b89dd53a5cb517-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 1f9cbc60b61b0437776cbb69a55c4077
3a0c5b3bb407b9d1f0376679b4ec5302a987d46c
d8e733fe7a7d1482699eb2f7edf4050b1b9bcd5a4eb8d73378e7df4002879d4c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3057
Cache-Control: max-age=158069
Content-Type: application/ocsp-response
Date: Sun, 18 Dec 2022 14:33:57 GMT
Etag: "639edf59-117"
Expires: Tue, 20 Dec 2022 10:28:26 GMT
Last-Modified: Sun, 18 Dec 2022 09:37:29 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 279
ocsp.sectigo.com/
104.18.32.68200 OK 473 B IP 104.18.32.68:0
Hash 5103b2eff7e3387d89474ba696567317
65bacc4d8878951d066f1cf7c389dfdd613e6dbb
e62636c9cf075c22fecbbe0e9d4f59ee584dffae7705e2343a1b6ded0b181569
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 18 Dec 2022 14:33:58 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 17 Dec 2022 01:50:05 GMT
Expires: Sat, 24 Dec 2022 01:50:04 GMT
Etag: "045f47aa736e878ecbaa6ba0a5c81df40070b5e5"
Cache-Control: max-age=471965,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77b89dd92d771bfa-OSL
zap.buzz/Jr1zAzZ
104.21.53.136302 Found 716 B IP 104.21.53.136:0
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (303)
Hash d9794308ce1fb053b324fab8f7e064d4
6c08a66612a774d8b538631623504bbc6a33403f
db7665c4cae8914e8a615db8a3170dfda813deea6cd34eab115eef89ea776755
GET /Jr1zAzZ HTTP/1.1
Host: zap.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://popxyz.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sun, 18 Dec 2022 14:33:57 GMT
content-type: text/html; charset=utf-8
location: https://xml.poprtb.com/redirect?feed=491010&auth=OpDJQF&pubid=152420
vary: Cookie
set-cookie: session=eyJfcGVybWFuZW50Ijp0cnVlfQ.Y58k1Q.Gzf1DXmoWreEZSJq_JoRkPJRcow; Expires=Sun, 18 Dec 2022 15:03:57 GMT; HttpOnly; Path=/
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hznzm7pF7K3vfmFVMjYO9Odnw2Zm8z5856RTAElf%2F7RyGopXef%2FrsMdfY1pY8vgwKp%2F2sZaLX4jHyXVlsbbCQ%2Bvhpnc9pB04jwuxoVoHab2OFbfoDCDITSYMJA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77b89dd75a48b4f9-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 236fd4a40f2d4233860b2b98c2749233
c27f43a90daefce7d3f9ac9e0651c7e4daf81e70
c92137c1024c84a64816955a5d83dee56395ab82117fd34643bed5a3364edaa8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C92137C1024C84A64816955A5D83DEE56395AB82117FD34643BED5A3364EDAA8"
Last-Modified: Sat, 17 Dec 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7103
Expires: Sun, 18 Dec 2022 16:32:22 GMT
Date: Sun, 18 Dec 2022 14:33:59 GMT
Connection: keep-alive
www.forexgold.xyz/wp-content/uploads/2022/09/Winning-Strategies-With-Forex-Charts-300x218.jpg
34.91.95.185200 OK 14 kB URL HTTP/2 www.forexgold.xyz/wp-content/uploads/2022/09/Winning-Strategies-With-Forex-Charts-300x218.jpg
IP 34.91.95.185:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82", progressive, precision 8, 300x218, components 3\012- data
Hash 26ff550c7f37fc6cb54ca324a45bbdea
d7a8b500c8911ca134775bc5f0d4039ab958cae3
d2685e3ebf671db78f3b01ee1585eec46a6b7daf093542e6a4300f303e1e2bed
GET /wp-content/uploads/2022/09/Winning-Strategies-With-Forex-Charts-300x218.jpg HTTP/1.1
Host: www.forexgold.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.forexgold.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 18 Dec 2022 14:33:59 GMT
content-type: image/jpeg
content-length: 13468
last-modified: Sun, 18 Dec 2022 02:29:00 GMT
etag: "639e7aec-349c"
expires: Mon, 18 Dec 2023 04:52:23 GMT
cache-control: max-age=31536000
x-cdn-c: all
x-sg-cdn: 1
x-proxy-cache: HIT
host-header: 8441280b0c35cbc1147f8ba998a563a7
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash fdbb7ba725cc70f13ad981863c8c5581
1b9a678e8f3b68f162bc7a6e7bde5171f5415046
dcab650b9fa579906912c3b598b7099cf0728e72b7782d5362849ef310a00965
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 18 Dec 2022 14:33:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash fdbb7ba725cc70f13ad981863c8c5581
1b9a678e8f3b68f162bc7a6e7bde5171f5415046
dcab650b9fa579906912c3b598b7099cf0728e72b7782d5362849ef310a00965
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 18 Dec 2022 14:33:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/nunito/v25/XRXV3I6Li01BKofINeaB.woff2
216.58.207.227200 OK 36 kB URL HTTP/2 fonts.gstatic.com/s/nunito/v25/XRXV3I6Li01BKofINeaB.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 35904, version 1.0\012- data
Hash c26b97e7f5bb7a34d190703522d75e16
69d9e5aea0544dbaf9b78c1b65139c03eceece8f
96217f1d27fb909f92b4a6b35a0d3d6775f2f0b4d136d27aee88547d3ed87357
GET /s/nunito/v25/XRXV3I6Li01BKofINeaB.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.forexgold.xyz
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 35904
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 16 Dec 2022 13:33:15 GMT
expires: Sat, 16 Dec 2023 13:33:15 GMT
cache-control: public, max-age=31536000
age: 176444
last-modified: Mon, 18 Jul 2022 19:34:47 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash fdbb7ba725cc70f13ad981863c8c5581
1b9a678e8f3b68f162bc7a6e7bde5171f5415046
dcab650b9fa579906912c3b598b7099cf0728e72b7782d5362849ef310a00965
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 18 Dec 2022 14:33:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.forexgold.xyz/wp-content/uploads/siteground-optimizer-assets/siteground-optimizer-combined-css-5427f79d6226316f84f312b56416aef2.css
34.91.95.185200 OK 27 kB URL HTTP/2 www.forexgold.xyz/wp-content/uploads/siteground-optimizer-assets/siteground-optimizer-combined-css-5427f79d6226316f84f312b56416aef2.css
IP 34.91.95.185:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type ASCII text, with very long lines (47826)
Hash 4426d92ffb5049e47e4ef510283cc877
a5af7ee72bf384f146fd56f21e38eb2afde460fc
10b2ac0c7a047db9aa94b1f7c53b22546482dc44cab549ac5baea23ec9cf13f1
GET /wp-content/uploads/siteground-optimizer-assets/siteground-optimizer-combined-css-5427f79d6226316f84f312b56416aef2.css HTTP/1.1
Host: www.forexgold.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.forexgold.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 18 Dec 2022 14:33:59 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Sun, 18 Dec 2022 04:44:05 GMT
etag: W/"639e9a95-21485"
expires: Mon, 18 Dec 2023 04:44:05 GMT
cache-control: max-age=31536000
x-cdn-c: all
content-encoding: gzip
x-sg-cdn: 1
x-proxy-cache: HIT
host-header: 8441280b0c35cbc1147f8ba998a563a7
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 0973dd05c36d5b21a858d6a6bec71334
e5bc1af376e6cd71fe3be45b393ceb1f61434891
e46922306d68a94ce397d96c12c5ddfd0341e139369cab988a6c57b57a9bd0ad
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 18 Dec 2022 14:33:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
securepubads.g.doubleclick.net/tag/js/gpt.js
142.250.74.130200 OK 28 kB URL HTTP/2 securepubads.g.doubleclick.net/tag/js/gpt.js
IP 142.250.74.130:0
File type ASCII text, with very long lines (40253)
Hash cd91a1fd2b9bfe67d515cc36b3c34903
7f8286b85da37718308c6c0cd6608df953fbed5d
e6099f220b91443cb5a9123857f74574f2bab9bf5afc00de0bc59e44cb5f42a5
GET /tag/js/gpt.js HTTP/1.1
Host: securepubads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.forexgold.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 27542
date: Sun, 18 Dec 2022 14:33:59 GMT
expires: Sun, 18 Dec 2022 14:33:59 GMT
cache-control: private, max-age=900, stale-while-revalidate=3600
etag: "1424 / 816 of 1000 / last-modified: 1670587517"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 0973dd05c36d5b21a858d6a6bec71334
e5bc1af376e6cd71fe3be45b393ceb1f61434891
e46922306d68a94ce397d96c12c5ddfd0341e139369cab988a6c57b57a9bd0ad
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 18 Dec 2022 14:34:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
waaw.to/js/video.counters.2.js?117
190.115.19.71200 OK 441 B URL HTTP/2 waaw.to/js/video.counters.2.js?117
IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
Hash 4c23bd1a73185d17c9629ae0ebf627a7
b0fc57ef86b0a0fb640c1216bb4d84f86b31d877
5f4902e415702f1c6518b03dc5da1a4ff237200de2e7e8cc9799a51b7a672aa7
GET /js/video.counters.2.js?117 HTTP/1.1
Host: waaw.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://waaw.to/e/zdGkp7Dl2lEp?http_referer=https%3A%2F%2Frepelispluss.me%2F
Cookie: uid=Xl1p3Aewc4FNKaMBVW_9L932t2pp_DcN
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=3sAv5y2m9VSpuXNkdbQY; Domain=.waaw.to; HttpOnly; Path=/; Expires=Mon, 18-Dec-2023 14:34:00 GMT
date: Mon, 17 Oct 2022 10:55:20 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Sun, 06 Feb 2022 19:35:56 GMT
etag: W/"6200231c-2b8"
access-control-allow-origin: *
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
content-encoding: br
x-cache-status-inferno-s: HIT
x-inferno-location: static
age: 5369920
ddg-cache-status: HIT,MISS
content-length: 441
X-Firefox-Spdy: h2
ocsp2.globalsign.com/gsalphasha2g2
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp2.globalsign.com/gsalphasha2g2
IP 104.18.20.226:0
Hash a1789dcbb33d71f88efc9f64f6ed7bfd
abd638f42d43d58b6fa4ae8d1f34729eaa866534
b1a5cea104e428cbd8ff3fab1fa90aab149fca7276e33e7ab25b34c3271fa4cd
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 18 Dec 2022 14:34:00 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Thu, 22 Dec 2022 12:48:13 GMT
ETag: "abd638f42d43d58b6fa4ae8d1f34729eaa866534"
Last-Modified: Sun, 18 Dec 2022 12:48:14 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2996
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77b89de72b44b4fd-OSL
counter.yadro.ru/hit?rhttps%3A//waaw.to/watch_video.php%3Fv%3DzdGkp7Dl2lEp%26http_referer%3Dhttps%253A%252F%252Frepelispluss.me%252F;s1280*1024*24;uhttps%3A//waaw.to/e/zdGkp7Dl2lEp%3Fhttp_referer%3Dhttps%253A%252F%252Frepelispluss.me%252F;0.26224373956390346
88.212.202.52200 OK 43 B URL HTTP/1.1 counter.yadro.ru/hit?rhttps%3A//waaw.to/watch_video.php%3Fv%3DzdGkp7Dl2lEp%26http_referer%3Dhttps%253A%252F%252Frepelispluss.me%252F;s1280*1024*24;uhttps%3A//waaw.to/e/zdGkp7Dl2lEp%3Fhttp_referer%3Dhttps%253A%252F%252Frepelispluss.me%252F;0.26224373956390346
IP 88.212.202.52:0
ASN #39134 United Network LLC
File type GIF image data, version 89a, 1 x 1\012- data
Hash fc94fb0c3ed8a8f909dbc7630a0987ff
56d45f8a17f5078a20af9962c992ca4678450765
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
GET /hit?rhttps%3A//waaw.to/watch_video.php%3Fv%3DzdGkp7Dl2lEp%26http_referer%3Dhttps%253A%252F%252Frepelispluss.me%252F;s1280*1024*24;uhttps%3A//waaw.to/e/zdGkp7Dl2lEp%3Fhttp_referer%3Dhttps%253A%252F%252Frepelispluss.me%252F;0.26224373956390346 HTTP/1.1
Host: counter.yadro.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://waaw.to/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sun, 18 Dec 2022 14:34:00 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Expires: Fri, 17 Dec 2021 21:00:00 GMT
Pragma: no-cache
Cache-control: no-cache
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=86400
ocsp.globalsign.com/gseccovsslca2018
104.18.20.226200 OK 937 B URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP 104.18.20.226:0
Hash 78ab5808f0f8a58921a2dc0729cb6590
ecd7868b651f1d7ffd02128582967085cc09fcd7
c4059f7032f43d1517d6fbc59354e39dd14310cc34df765456c1b0044404104b
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 18 Dec 2022 14:34:00 GMT
Content-Type: application/ocsp-response
Content-Length: 937
Connection: keep-alive
Expires: Thu, 22 Dec 2022 13:07:33 GMT
ETag: "ecd7868b651f1d7ffd02128582967085cc09fcd7"
Last-Modified: Sun, 18 Dec 2022 13:07:34 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2276
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77b89de76d3fb506-OSL
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 7b18428df832332e2f89ca51203de4ba
8272451b056b54992cfa05e70c53adde8b744299
c9bdf42b2f8b0cf614cd4821bce48a719d284c836eb98959dce1802dea20e617
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 18 Dec 2022 14:34:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 157b62091fad279063f540564a4c72e6
9db33b844db31eed03695c97daf4c84a4d7d265f
92904432175c023613dea4d660d2c9098e00b7f3b628c8519bf5b404cad450a8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 18 Dec 2022 14:34:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.no/adsid/integrator.js?domain=www.forexgold.xyz
142.250.74.66200 OK 100 B URL HTTP/2 adservice.google.no/adsid/integrator.js?domain=www.forexgold.xyz
IP 142.250.74.66:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=www.forexgold.xyz HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.forexgold.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sun, 18 Dec 2022 14:34:00 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
adservice.google.com/adsid/integrator.js?domain=www.forexgold.xyz
142.250.74.130200 OK 100 B URL HTTP/2 adservice.google.com/adsid/integrator.js?domain=www.forexgold.xyz
IP 142.250.74.130:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=www.forexgold.xyz HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.forexgold.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sun, 18 Dec 2022 14:34:00 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 2f3dbc33499e42ecb967c87f0df23a85
96a87c596ae880eb482b0e8a5fdb6e09bb728895
aee03631139a47dfbb4dbbfd4257d10afc3b814b5f70366759bdff153e9e2bd0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 18 Dec 2022 14:34:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
mc.yandex.ru/metrika/tag.js
87.250.251.119200 OK 75 kB URL HTTP/2 mc.yandex.ru/metrika/tag.js
IP 87.250.251.119:0
Hash e59620b696dd57f5a26e7872968543f7
c701d3f2c5931c141a73f971d80161db9f54618a
08edb20add56b4e8d565e3a35379b850548d285eb4dab63bb475122219010920
GET /metrika/tag.js HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://waaw.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 73737
date: Sun, 18 Dec 2022 14:34:00 GMT
access-control-allow-origin: *
etag: "639bee03-12009"
expires: Sun, 18 Dec 2022 15:34:00 GMT
last-modified: Fri, 16 Dec 2022 07:03:15 GMT
cache-control: max-age=3600
content-encoding: br
content-type: application/javascript
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
197139fcbf5c24057a2114e62b1e5ad8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=3
142.250.74.97200 OK 2.7 kB URL HTTP/2 197139fcbf5c24057a2114e62b1e5ad8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=3
IP 142.250.74.97:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (5657)
Hash e8ee9c011ff8e1f464e74c37113119ee
64ad72134ea05877de0f2b6503f5c0d8c3f78197
09e42988871806c7f0a897bda7bc4247f47f4d8590749eaa245b8ff1fa907303
GET /safeframe/1-0-40/html/container.html?n=3 HTTP/1.1
Host: 197139fcbf5c24057a2114e62b1e5ad8.safeframe.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.forexgold.xyz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 2653
date: Sun, 18 Dec 2022 14:34:00 GMT
expires: Mon, 18 Dec 2023 14:34:00 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022120501&st=env
142.250.74.98200 OK 11 kB URL HTTP/2 pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022120501&st=env
IP 142.250.74.98:0
File type JSON data\012- , ASCII text, with very long lines (14678), with no line terminators
Hash dd8c432e7464418dca88337aa401bc18
a14ee80c35bcce7816ee05a262656a97e7871c1e
c4cbf7aca248f3a714684151913a09ce8a10193340b7ed832306711dc30c323a
GET /getconfig/sodar?sv=200&tid=gpt&tv=2022120501&st=env HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.forexgold.xyz
Connection: keep-alive
Referer: https://www.forexgold.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-type: application/json; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
date: Sun, 18 Dec 2022 14:34:00 GMT
server: cafe
content-length: 11081
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
mc.yandex.ru/metrika/advert.gif
87.250.251.119200 OK 43 B URL HTTP/2 mc.yandex.ru/metrika/advert.gif
IP 87.250.251.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /metrika/advert.gif HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://waaw.to/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sun, 18 Dec 2022 14:34:00 GMT
access-control-allow-origin: *
etag: "639bee03-2b"
expires: Sun, 18 Dec 2022 15:34:00 GMT
accept-ranges: bytes
last-modified: Fri, 16 Dec 2022 07:03:15 GMT
cache-control: max-age=3600
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 2458f74b77e58363938c46672acd8c03
00d3566d5d6fccccf70ef3bcba11f85bc0ee33c8
58b235aa8df4c7d8b3e2a1032f96512e93ec33bbd246ee8a295f9215381223ea
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 18 Dec 2022 14:34:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
tpc.googlesyndication.com/sodar/sodar2.js
172.217.21.161200 OK 6.4 kB URL HTTP/2 tpc.googlesyndication.com/sodar/sodar2.js
IP 172.217.21.161:0
File type ASCII text, with very long lines (1321)
Hash ac906814ed812c4ecdbb624a3bd2f6c3
8e4547eaffaa66a1ee61b36028dbcd7091d0e7de
8ab8cef6156022c4547455defd8252b48b6bcb8b734072849345bb99758705fe
GET /sodar/sodar2.js HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.forexgold.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 6386
date: Sun, 18 Dec 2022 14:34:00 GMT
expires: Sun, 18 Dec 2022 14:34:00 GMT
cache-control: private, max-age=3000
etag: "1637097310169751"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
tpc.googlesyndication.com/sodar/sodar2/225/runner.html
172.217.21.161200 OK 5.0 kB URL HTTP/2 tpc.googlesyndication.com/sodar/sodar2/225/runner.html
IP 172.217.21.161:0
File type HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2020)
Hash f530c16b248be97e10df228df6a41c24
ca3c3a38bbeef6906682b3e0b2a7be40c08b0925
f45287dcfd79a2411e79f98c834c6f7eff8a281a9b4fdba0124be9d204987786
GET /sodar/sodar2/225/runner.html HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.forexgold.xyz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 16 Dec 2022 17:31:48 GMT
expires: Sat, 16 Dec 2023 17:31:48 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 162132
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
waaw.to/e/zdGkp7Dl2lEp?http_referer=https%3A%2F%2Frepelispluss.me%2F
190.115.19.71200 OK 0 B URL HTTP/2 waaw.to/e/zdGkp7Dl2lEp?http_referer=https%3A%2F%2Frepelispluss.me%2F
IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
GET /e/zdGkp7Dl2lEp?http_referer=https%3A%2F%2Frepelispluss.me%2F HTTP/1.1
Host: waaw.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://waaw.to/watch_video.php?v=zdGkp7Dl2lEp&http_referer=https%3A%2F%2Frepelispluss.me%2F
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=1mTMvXrKclH3J3JR6Y3X; Domain=.waaw.to; HttpOnly; Path=/; Expires=Mon, 18-Dec-2023 14:33:54 GMT
date: Sun, 18 Dec 2022 14:33:54 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
x-robots-tag: 'none, noindex, nofollow, noarchive, nosnippet, noodp, notranslate, noimageindex'
x-content-type-options: nosniff
x-xss-protection: 1; mode=block;
p3p: policyref="http://www.example.com/w3c/p3p.xml", CP="CURa ADMa DEVa CONo HISa OUR IND DSP ALL COR"
link: <//waaw.to>; rel=preconnect; crossorigin, <//global.stun.twilio.com>; rel=dns-prefetch; crossorigin, <//counter.yadro.ru>; rel=preconnect; crossorigin, <//imasdk.googleapis.com>; rel=preconnect; crossorigin, <//stun2.l.google.com>; rel=dns-prefetch; crossorigin, <//unpkg.com>; rel=preconnect; crossorigin, <//mc.yandex.ru>; rel=preconnect; crossorigin, <//cdn.jsdelivr.net>; rel=preconnect; crossorigin, <//signal.netu.tv>; rel=dns-prefetch; crossorigin,<//wss.commentsengine.com>; rel=dns-prefetch; crossorigin, <//www.gstatic.com>; rel=preconnect; crossorigin, <//imasdk.googleapis.com>; rel=preconnect; crossorigin, <//storage.googleapis.com>; rel=preconnect; crossorigin, <//www.google.com>; rel=preconnect; crossorigin,<//deliver.vkcdnservice.com>; rel=preconnect; crossorigin, <//deliver.vkcdnservice.com>; rel=preconnect; crossorigin,<//vkcdnservice.appspot.com.storage.googleapis.com>; rel=preconnect; crossorigin, <//www.google.com>; rel=preconnect; crossorigin, <//www.recaptcha.net>; rel=preconnect; crossorigin, <//cdnjs.cloudflare.com>; rel=preconnect; crossorigin
x-origin-location: player
cache-control: public, stale-if-error=30, max-age=30
content-encoding: gzip
x-cache-status-inferno: EXPIRED
x-inferno-location: player
x-inferno-limit-req: DELAYED
X-Firefox-Spdy: h2
friendshipmale.com/sfp.js
172.64.108.35200 OK 0 B URL HTTP/2 friendshipmale.com/sfp.js
IP 172.64.108.35:0
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://repelispluss.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 18 Dec 2022 14:33:54 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: ae97b9aa5e4f42f306b795bbd2f9d113
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sun, 18 Dec 2022 14:33:54 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Gf%2BzCneecHrOs4CPavCM4XJOk8uA1Q7pt3DGy7FgaSoyi8ptHPxVDNZE33QcDGWraewe74GNXIuB3wwaJwb%2Br6PXSGUFyOvkz1NU5wW6pHbqru07UHDeGLrxH4wA%2Bf1j4sCggqg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77b89dc1ddb48897-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
buzzonclick.com/jump/next.php?stamat=m%257C%252C0IiYzIjdrB1dwP0dEdHP3xP.ed2%252C2t5FkDDYpjxJXsMWHSh7wKsTFo_9DWdVnHcBDLzDvAXNSLYjo08zdgyhzuIsi5Gk
35.186.243.67302 Found 0 B URL HTTP/2 buzzonclick.com/jump/next.php?stamat=m%257C%252C0IiYzIjdrB1dwP0dEdHP3xP.ed2%252C2t5FkDDYpjxJXsMWHSh7wKsTFo_9DWdVnHcBDLzDvAXNSLYjo08zdgyhzuIsi5Gk
IP 35.186.243.67:0
GET /jump/next.php?stamat=m%257C%252C0IiYzIjdrB1dwP0dEdHP3xP.ed2%252C2t5FkDDYpjxJXsMWHSh7wKsTFo_9DWdVnHcBDLzDvAXNSLYjo08zdgyhzuIsi5Gk HTTP/1.1
Host: buzzonclick.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: openresty
date: Sun, 18 Dec 2022 14:33:55 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
location: https://buzzonclick.com/script/i.php?stamat=m%257C%252C%252CQhZvYjF-oGU3BU9GH0dEdHP3xP.2c6%252Ciko0NoQoq8we6GRKCa6YrhVYHVJ1xnOa1RlnWs34H1jU6Jeu7WgMH5mU-J25gkWQfhoHVxJ3p7KeYD4jsBnL-aHLSa96shfyRYW3VM6ERCdgDXnZywB115apEmHi6RrAhsj6sUdogwMCfrAKBPqJ9sagQTC3ztEf6JdsfjUDvgFbazVIirAigxQDQ-6YS8cRaraTrqIWrdVb5azgVm6sqxksznMOhpRP8OS570z8Ip6zPVL4sM89e5PBfN9e60BQHPQgdeK0VQBDiC_uM2szA5DqbGCyPqKr6DWhFpG76bIOWI2eImGNWTu3_fBWCvZ6srhlEQr-yOEEaCpwH-AKIkJSKfLTGmrhfu-PzoGfTyzT6JIcLAa4taqT5wrys_xgrZhiqdRkJREVMsVkv1766y3pdGhq40IdmisqNtWrwviKHR-FTqpbZvMc9BNGfLgpc_mGmXVePBA4CjjnvBEz668gfuHjcLECS3gckj0-AWU%252C
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.forexgold.xyz/wp-content/uploads/siteground-optimizer-assets/siteground-optimizer-combined-js-14d0e46b9cc0fe8d07037917e120b02d.js
34.91.95.185200 OK 0 B URL HTTP/2 www.forexgold.xyz/wp-content/uploads/siteground-optimizer-assets/siteground-optimizer-combined-js-14d0e46b9cc0fe8d07037917e120b02d.js
IP 34.91.95.185:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
GET /wp-content/uploads/siteground-optimizer-assets/siteground-optimizer-combined-js-14d0e46b9cc0fe8d07037917e120b02d.js HTTP/1.1
Host: www.forexgold.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.forexgold.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 18 Dec 2022 14:33:59 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Sun, 18 Dec 2022 04:44:05 GMT
etag: W/"639e9a95-2fff"
expires: Mon, 18 Dec 2023 04:44:07 GMT
cache-control: max-age=31536000
x-cdn-c: all
content-encoding: gzip
x-sg-cdn: 1
x-proxy-cache: HIT
host-header: 8441280b0c35cbc1147f8ba998a563a7
X-Firefox-Spdy: h2
unpkg.com/progressbar.js@1.1.0/dist/progressbar.min.js
104.16.122.175200 OK 0 B URL HTTP/2 unpkg.com/progressbar.js@1.1.0/dist/progressbar.min.js
IP 104.16.122.175:0
GET /progressbar.js@1.1.0/dist/progressbar.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://waaw.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 18 Dec 2022 14:33:54 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: W/"7315-VGu3QlAvqjb4wruVTC8CgYdmBAQ"
via: 1.1 fly.io
fly-request-id: 01F3YGTHVETVB9B7TG2TW5GR8F
cf-cache-status: HIT
age: 20684798
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 77b89dc61fb8b500-OSL
content-encoding: br
X-Firefox-Spdy: h2
unpkg.com/jquery.cookie@1.4.1/jquery.cookie.js
104.16.122.175200 OK 0 B URL HTTP/2 unpkg.com/jquery.cookie@1.4.1/jquery.cookie.js
IP 104.16.122.175:0
GET /jquery.cookie@1.4.1/jquery.cookie.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://waaw.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 18 Dec 2022 14:33:54 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Sun, 27 Apr 2014 20:04:54 GMT
etag: W/"c31-MeG8xM+AWiwv7iH0je0eWY9koqg"
via: 1.1 fly.io
fly-request-id: 01G75513388K1MR4R8RW1AYXTV-fra
cf-cache-status: HIT
age: 14417535
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 77b89dc61fc0b500-OSL
content-encoding: br
X-Firefox-Spdy: h2
marazma.com/Jr1zAzZ
104.21.0.191200 OK 0 B IP 104.21.0.191:0
GET /Jr1zAzZ HTTP/1.1
Host: marazma.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 18 Dec 2022 14:33:56 GMT
content-type: text/html; charset=utf-8
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XNcaeSAnJA2asw4CdYT0vPBscm8hGRb%2BPelDqT8ZUF9%2BF6X5OIJX%2B7fBddcNDIRfUp7NuAUv%2FZupEPQeYT63arOoneNzWUz%2BR5JbPiCAYIu2QjEUTPpHJsXtuuOTqA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77b89dceda76b4fd-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
waaw.to/ad/banner/_adsense_/_adserver/_adview_.ad.json?adzone=top&adsize=300x250&advid=21518568
190.115.19.71200 OK 0 B URL HTTP/2 waaw.to/ad/banner/_adsense_/_adserver/_adview_.ad.json?adzone=top&adsize=300x250&advid=21518568
IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
GET /ad/banner/_adsense_/_adserver/_adview_.ad.json?adzone=top&adsize=300x250&advid=21518568 HTTP/1.1
Host: waaw.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://waaw.to/e/zdGkp7Dl2lEp?http_referer=https%3A%2F%2Frepelispluss.me%2F
Cookie: uid=Xl1p3Aewc4FNKaMBVW_9L932t2pp_DcN
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=SM6EWQ67CisOiILAlfGb; Domain=.waaw.to; HttpOnly; Path=/; Expires=Mon, 18-Dec-2023 14:33:55 GMT
date: Sun, 18 Dec 2022 14:33:54 GMT
content-type: application/json
access-control-allow-origin: *
x-inferno-location: banner
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
marazma.com/static/css/style.css
104.21.0.191200 OK 0 B URL HTTP/2 marazma.com/static/css/style.css
IP 104.21.0.191:0
GET /static/css/style.css HTTP/1.1
Host: marazma.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://marazma.com/Jr1zAzZ
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 18 Dec 2022 14:33:56 GMT
content-type: text/css
last-modified: Thu, 08 Dec 2022 21:31:03 GMT
etag: W/"63925797-76c83"
cache-control: max-age=14400
cf-cache-status: HIT
age: 7063
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ch8PsALupGh6xbUJ71kFW8TLtjgVns4dcEiSgekBSxfEv9ZN7gCB9qwysXaKdeDSLdPUal2ZqNPpw1LlATh8lKs4YgHgeSPp0yzTjOWELvnhLo5SF3nzAX0Wqp5oAg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77b89dcf7b1cb4fd-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/mQ0hfpLFOZs
142.250.74.131200 OK 0 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/mQ0hfpLFOZs
IP 142.250.74.131:0
POST /s/gts1p5/mQ0hfpLFOZs HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 18 Dec 2022 14:33:56 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.marazma.com/zEel8G4
188.114.97.1301 Moved Permanently 0 B IP 188.114.97.1:0
GET /zEel8G4 HTTP/1.1
Host: www.marazma.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://marazma.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 301 Moved Permanently
date: Sun, 18 Dec 2022 14:33:56 GMT
location: https://marazma.com/zEel8G4
cache-control: max-age=3600
expires: Sun, 18 Dec 2022 15:33:56 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6vW23LbkG6XBHJ21KwWnWVVsq7L%2FVACylysjMWVV4mJCor0%2FIgvP5NUco9ScGLWi7uuXEIozfQIPqItVd%2Bw8UEcsvL594gJCGUNzJ5OZEU5i7xHE0BN%2BhgW6D0DDveUvm%2BA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77b89dcfeb1db4fa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.forexgold.xyz/
34.91.95.185200 OK 0 B IP 34.91.95.185:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
GET / HTTP/1.1
Host: www.forexgold.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://popxyz.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 18 Dec 2022 14:33:59 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-cache-enabled: True
link: <https://www.forexgold.xyz/wp-json/>; rel="https://api.w.org/"
x-httpd-modphp: 1
x-cdn-c: all
content-encoding: gzip
x-sg-cdn: 1
x-proxy-cache: HIT
host-header: 8441280b0c35cbc1147f8ba998a563a7
X-Firefox-Spdy: h2
reypelis.tv/i.js
104.21.34.174200 OK 0 B IP 104.21.34.174:0
GET /i.js HTTP/1.1
Host: reypelis.tv
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://repelispluss.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 18 Dec 2022 14:33:53 GMT
content-type: application/javascript
last-modified: Wed, 23 Nov 2022 04:36:10 GMT
etag: W/"637da33a-f3"
expires: Fri, 23 Dec 2022 14:04:46 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 2161747
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pNoTDhnJ2eoC%2FHLlJ%2Fiwc2mwLexPiD2k9XRun7TX%2BUSS1c62pYpnYrRA3ohGtcqNPvIA9vhkg6RX9KeYkfqQh2MIVpRlPsJQHuk2OI5hvAyZ9gae5S17A9TBCIbxdg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77b89dc048edb52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
reypelis.tv/i.php
104.21.34.174200 OK 0 B IP 104.21.34.174:0
GET /i.php HTTP/1.1
Host: reypelis.tv
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://repelispluss.me/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 18 Dec 2022 14:33:54 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c8F9%2B7i9cHT8T6FWxdKi4KoOmHEPC6rcgc8qjWqxDiTyOxsnFt1j66LC5nmpFEBAPuYo9%2FQZ%2BTG%2F%2B6v3uqsY2kkkfyJ0nbwtlPp23g9fRdSGtvmmvPCbh0tRB%2B0%2Fkw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77b89dc06902b52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
for-j.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
104.18.8.13200 OK 0 B URL HTTP/2 for-j.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
IP 104.18.8.13:0
GET /cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js HTTP/1.1
Host: for-j.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 18 Dec 2022 14:33:55 GMT
content-type: application/javascript
last-modified: Wed, 14 Dec 2022 12:21:11 GMT
etag: W/"6399bfb7-302c"
vary: Accept-Encoding
server: cloudflare
cf-ray: 77b89dcc2a22b523-OSL
x-frame-options: DENY
x-content-type-options: nosniff
expires: Tue, 20 Dec 2022 14:33:55 GMT
cache-control: max-age=172800, public
content-encoding: gzip
X-Firefox-Spdy: h2