r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2405562765b49b2782ebd2e2994851d5
be7ac8e558f7875bb1fb86ab5ec674424a5ff269
422cfa907461cb7b93b9089d600052f9e94951e5e0c93d97651905002e48ad3e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "422CFA907461CB7B93B9089D600052F9E94951E5E0C93D97651905002E48AD3E"
Last-Modified: Thu, 26 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11799
Expires: Sat, 28 Jan 2023 17:33:45 GMT
Date: Sat, 28 Jan 2023 14:17:06 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a2104f935c638b4767ca5ae0d738ef23
85c6af15af749be0ceeae6de17c36925b750f166
5d4789a3696bd7faa9916768cb627bbc89bf70a756d80e53860cbac13c2bc8b1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5D4789A3696BD7FAA9916768CB627BBC89BF70A756D80E53860CBAC13C2BC8B1"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11904
Expires: Sat, 28 Jan 2023 17:35:30 GMT
Date: Sat, 28 Jan 2023 14:17:06 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Retry-After, Content-Type, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 28 Jan 2023 13:43:05 GMT
content-type: application/json
age: 2041
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 69f73ac59327cd9ad7d99816ccfcc03e
c54844f82dbee0d5ee4c8ce344eb0139373e6c6b
e81c685b2d8f0e31b89e5cfc911a2c5a99a556646830ac5a8468d991b5e871a3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E81C685B2D8F0E31B89E5CFC911A2C5A99A556646830AC5A8468D991B5E871A3"
Last-Modified: Thu, 26 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5885
Expires: Sat, 28 Jan 2023 15:55:11 GMT
Date: Sat, 28 Jan 2023 14:17:06 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: SlPMqLIMryWAkuFi3c6RvBDqSVgqnF0C7tFgOIxJgsDXnqskkcId/s9bRTP/4eHS7YaN12EgDVA=
x-amz-request-id: Q7XQF9QM1KWS3XMH
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 28 Jan 2023 13:20:59 GMT
age: 3367
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 14:17:06 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
04.ma/oukaimeden-live-camera/
174.142.248.172200 OK 13 kB URL HTTP/1.1 04.ma/oukaimeden-live-camera/
IP 174.142.248.172:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (9381), with CRLF, LF line terminators
Hash 9ad68301f1377a6bf5ca3bb31861db86
0bb3fd36e21577ba118212db88eb20bca43e33ae
f9559841d4c037b62b46ae2ff10f363b8627b6583bf9bccb349a65ac4976eaa1
GET /oukaimeden-live-camera/ HTTP/1.1
Host: 04.ma
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 14:17:06 GMT
Server: Apache/2.4.48 (Unix) OpenSSL/1.0.2k-fips
X-Powered-By: PHP/5.6.37
X-LiteSpeed-Tag: e31_HTTP.200
Link: <http://04.ma/wp-json/>; rel="https://api.w.org/", <http://04.ma/wp-json/wp/v2/pages/74482>; rel="alternate"; type="application/json", <http://04.ma/?p=74482>; rel=shortlink
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 13150
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
fonts.googleapis.com/css?family=Droid+Sans%3Aregular%2C700
142.250.74.106200 OK 304 B URL HTTP/1.1 fonts.googleapis.com/css?family=Droid+Sans%3Aregular%2C700
IP 142.250.74.106:0
Hash 37bd97ab5d600328cee799bbc856e70f
b81303809a55a104a709773e53737aedcaec1f44
37d6bf70e3ca3db4fc2d0ce9c7f364c91fdf3d8a5ff2bb17d5d7a94d3b63e64e
GET /css?family=Droid+Sans%3Aregular%2C700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://04.ma/
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Sat, 28 Jan 2023 14:17:07 GMT
Date: Sat, 28 Jan 2023 14:17:07 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
04.ma/wp-includes/css/classic-themes.min.css
174.142.248.172200 OK 189 B URL HTTP/1.1 04.ma/wp-includes/css/classic-themes.min.css
IP 174.142.248.172:0
Hash 5a18e16eb01cbaa862eb32e6b77bedb2
3abf9b913cc9f558f02cba7c9b822f8d1812cb96
d2b5af913332941d5ae7786d1fa70e0d009315c4ede6ad5b80d0f663bb54521f
GET /wp-includes/css/classic-themes.min.css HTTP/1.1
Host: 04.ma
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://04.ma/oukaimeden-live-camera/
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 14:17:07 GMT
Server: Apache/2.4.48 (Unix) OpenSSL/1.0.2k-fips
Last-Modified: Wed, 02 Nov 2022 14:59:16 GMT
ETag: "d9-5ec7e15a3dd06-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 189
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
04.ma/wp-includes/css/dist/block-library/style-rtl.min.css
174.142.248.172200 OK 12 kB URL HTTP/1.1 04.ma/wp-includes/css/dist/block-library/style-rtl.min.css
IP 174.142.248.172:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 735af9eedc2593eea79507330db2590f
d384d6792a24ffa9297e6aa03c89eae606698107
e7a9772dcfdfdfe6a2c5dfb54f4e78c9c15df8153406387bbdb9574fbb193478
GET /wp-includes/css/dist/block-library/style-rtl.min.css HTTP/1.1
Host: 04.ma
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://04.ma/oukaimeden-live-camera/
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 14:17:07 GMT
Server: Apache/2.4.48 (Unix) OpenSSL/1.0.2k-fips
Last-Modified: Tue, 15 Nov 2022 20:19:41 GMT
ETag: "17226-5ed88137ed166-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 12483
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
cdn.speakol.com/widget/js/speakol-widget-v2.js
54.230.111.13200 OK 145 kB URL HTTP/2 cdn.speakol.com/widget/js/speakol-widget-v2.js
IP 54.230.111.13:0
File type ASCII text, with very long lines (49049)
Size 145 kB (144991 bytes)
Hash ec9f6107f4c6bf30e1136eb9891d03bf
6eaa209348a5b415d3940de932ab4f6b275184e4
5d9627946fcad2ddacefe71e61e52e0fe6da36f2957869ce1d4abf8e410fbc6e
GET /widget/js/speakol-widget-v2.js HTTP/1.1
Host: cdn.speakol.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://04.ma/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
content-length: 144991
last-modified: Thu, 07 Jul 2022 14:59:13 GMT
accept-ranges: bytes
server: AmazonS3
date: Fri, 27 Jan 2023 03:50:34 GMT
etag: "ec9f6107f4c6bf30e1136eb9891d03bf"
x-cache: Hit from cloudfront
via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: PNbLC2Uyh2QWnkstgYWpXsMeEba-9rniW8coQl5xGlXYMjJQzTgcrQ==
age: 123995
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 36147c185553851c38547798733a9fb2
912ec40237eae2ed558d09103c86c41f87896eca
a4fd9090983c75e1b7faf5ea9439532f51d747faf1853138ac13bdaafa490246
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 14:17:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=UA-71375215-1
142.250.74.168200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-71375215-1
IP 142.250.74.168:0
File type ASCII text, with very long lines (1759)
Hash cf9e56ca9444af9843d0b5bc6b1d6d35
b7b846ed992dcd0d1790cfc69bb053d8753ee7a7
e117f9d17d60ede916b916945eeeeae75a1fdd8eda86c08fe6a6ae1908b700eb
GET /gtag/js?id=UA-71375215-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://04.ma/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 28 Jan 2023 14:17:07 GMT
expires: Sat, 28 Jan 2023 14:17:07 GMT
cache-control: private, max-age=900
last-modified: Sat, 28 Jan 2023 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 44054
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 16a7b6a7128312e2f985d30df18c4487
6017bff79ffb525d9c7f9f32b999b74b5dc69602
663fd12209627f08e759c2ed1c76278a5da79dae1e0b46082dd1bb44775f7a16
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "663FD12209627F08E759C2ED1C76278A5DA79DAE1E0B46082DD1BB44775F7A16"
Last-Modified: Fri, 27 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10206
Expires: Sat, 28 Jan 2023 17:07:13 GMT
Date: Sat, 28 Jan 2023 14:17:07 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 36147c185553851c38547798733a9fb2
912ec40237eae2ed558d09103c86c41f87896eca
a4fd9090983c75e1b7faf5ea9439532f51d747faf1853138ac13bdaafa490246
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 14:17:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
04.ma/wp-content/plugins/sassy-social-share/public/css/sassy-social-share-public.css
174.142.248.172200 OK 2.3 kB URL HTTP/1.1 04.ma/wp-content/plugins/sassy-social-share/public/css/sassy-social-share-public.css
IP 174.142.248.172:0
File type ASCII text, with very long lines (9700), with no line terminators
Hash 2fb8008b5c677c277c7a7a6b3db3ec3a
212d79c6ce1f87e9fa5cd436a5cb7b3f1b7f2aba
80a4a4e504cdfac6d14bd1077e74bda744ee96c916e639d1434dc537e16d0b12
GET /wp-content/plugins/sassy-social-share/public/css/sassy-social-share-public.css HTTP/1.1
Host: 04.ma
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://04.ma/oukaimeden-live-camera/
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 14:17:07 GMT
Server: Apache/2.4.48 (Unix) OpenSSL/1.0.2k-fips
Last-Modified: Wed, 21 Dec 2022 13:53:50 GMT
ETag: "25e4-5f056e1d9d407-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 2334
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
04.ma/wp-content/themes/Sahifa-Theme/sahifa/rtl.css
174.142.248.172200 OK 3.6 kB URL HTTP/1.1 04.ma/wp-content/themes/Sahifa-Theme/sahifa/rtl.css
IP 174.142.248.172:0
Hash 56a00263a751c781402f848f8c5e108c
9e0d260e8025bbd25e5f7c41fbddde23ac5833ba
5ef916575ed420c76555c5c11ad324717332654a4d1516699fa31cea7d96e179
GET /wp-content/themes/Sahifa-Theme/sahifa/rtl.css HTTP/1.1
Host: 04.ma
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://04.ma/oukaimeden-live-camera/
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 14:17:07 GMT
Server: Apache/2.4.48 (Unix) OpenSSL/1.0.2k-fips
Last-Modified: Tue, 30 Aug 2022 17:01:57 GMT
ETag: "3e0f-5e778568e4b16-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 3590
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
04.ma/wp-content/themes/Sahifa-Theme/sahifa/js/tie-scripts.js
174.142.248.172200 OK 23 kB URL HTTP/1.1 04.ma/wp-content/themes/Sahifa-Theme/sahifa/js/tie-scripts.js
IP 174.142.248.172:0
File type ASCII text, with very long lines (13759)
Hash dbecae572e1cf06d669b9e89de5a4777
5c64dcbfec73c0c55ae95abcb668530f5b0fe771
4b401d76e45019254adf493d6f9ab3aca713ffc8628d721a931fa9c0ec03e420
GET /wp-content/themes/Sahifa-Theme/sahifa/js/tie-scripts.js HTTP/1.1
Host: 04.ma
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://04.ma/oukaimeden-live-camera/
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 14:17:07 GMT
Server: Apache/2.4.48 (Unix) OpenSSL/1.0.2k-fips
Last-Modified: Tue, 30 Aug 2022 18:09:16 GMT
ETag: "13700-5e7794740dd29-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 23005
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
04.ma/wp-content/plugins/featured-image-from-url/includes/html/js/image.js
174.142.248.172200 OK 1.0 kB URL HTTP/1.1 04.ma/wp-content/plugins/featured-image-from-url/includes/html/js/image.js
IP 174.142.248.172:0
Hash b0c572a8406241601b73a10e59615ca3
fe0292350a98d3e68e1f86135ab28565b9cbd83f
7d203dc8b3f0908d14acc4ad319305fabfd2fbf9e4c1b3b89c2ae633449e33ce
GET /wp-content/plugins/featured-image-from-url/includes/html/js/image.js HTTP/1.1
Host: 04.ma
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://04.ma/oukaimeden-live-camera/
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 14:17:07 GMT
Server: Apache/2.4.48 (Unix) OpenSSL/1.0.2k-fips
Last-Modified: Sun, 22 Jan 2023 14:31:33 GMT
ETag: "ef2-5f2db23a7ffe9-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 1022
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
04.ma/wp-includes/js/wp-emoji-release.min.js
174.142.248.172200 OK 5.0 kB URL HTTP/1.1 04.ma/wp-includes/js/wp-emoji-release.min.js
IP 174.142.248.172:0
File type ASCII text, with very long lines (15660)
Hash e6624e0b978e6ddba476be41aaaa82df
822e920d8233072110ed7c8a7f379e5b13209b18
dac86a9ce08e4d8cded47b4fa900a664b0c997d8910c2a1be54a423678925a41
GET /wp-includes/js/wp-emoji-release.min.js HTTP/1.1
Host: 04.ma
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://04.ma/oukaimeden-live-camera/
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 14:17:07 GMT
Server: Apache/2.4.48 (Unix) OpenSSL/1.0.2k-fips
Last-Modified: Tue, 30 Aug 2022 16:49:43 GMT
ETag: "48b9-5e7782ac8e8df-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 5009
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
04.ma/wp-content/themes/Sahifa-Theme/sahifa/css/ilightbox/dark-skin/skin.css
174.142.248.172200 OK 1.3 kB URL HTTP/1.1 04.ma/wp-content/themes/Sahifa-Theme/sahifa/css/ilightbox/dark-skin/skin.css
IP 174.142.248.172:0
Hash 4905af72584c815d51b17b82d426f04c
fdfe9be7bf05d4496ef300a82148dc42d70f34ee
bf10abfb1dc5ae059526d7a56e970099ff4b84b0109a886013f9506c60aa7fa0
GET /wp-content/themes/Sahifa-Theme/sahifa/css/ilightbox/dark-skin/skin.css HTTP/1.1
Host: 04.ma
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://04.ma/oukaimeden-live-camera/
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 14:17:07 GMT
Server: Apache/2.4.48 (Unix) OpenSSL/1.0.2k-fips
Last-Modified: Tue, 30 Aug 2022 18:23:06 GMT
ETag: "1b63-5e77978c06bf1-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 1301
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/css
04.ma/wp-content/plugins/sassy-social-share/public/js/sassy-social-share-public.js
174.142.248.172200 OK 40 kB URL HTTP/1.1 04.ma/wp-content/plugins/sassy-social-share/public/js/sassy-social-share-public.js
IP 174.142.248.172:0
File type ASCII text, with very long lines (2747), with CRLF line terminators
Hash 0b4c5784b009e41d16863041343633c7
eccd76089e8cd9dcf9f326ec6470374ff683ae65
cba5e2e861fb3fd973de17ad5fcd4f120e2d2ad7cadf4bbc1452f4f11928dcf0
GET /wp-content/plugins/sassy-social-share/public/js/sassy-social-share-public.js HTTP/1.1
Host: 04.ma
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://04.ma/oukaimeden-live-camera/
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 14:17:07 GMT
Server: Apache/2.4.48 (Unix) OpenSSL/1.0.2k-fips
Last-Modified: Wed, 21 Dec 2022 13:53:50 GMT
ETag: "1d4ca-5f056e1d9d407-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 40016
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
04.ma/wp-content/themes/Sahifa-Theme/sahifa/js/ilightbox.packed.js
174.142.248.172200 OK 23 kB URL HTTP/1.1 04.ma/wp-content/themes/Sahifa-Theme/sahifa/js/ilightbox.packed.js
IP 174.142.248.172:0
File type ASCII text, with very long lines (43207)
Hash 0a9e71daa90bd70d2104ffdad36ef10f
dc8c6f2bdd4750255285cfc4602fcdaa234a0119
4ffb5e93367874c301d0a294d836fcc07cca50bc721b37101f0c4c412ad233c0
GET /wp-content/themes/Sahifa-Theme/sahifa/js/ilightbox.packed.js HTTP/1.1
Host: 04.ma
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://04.ma/oukaimeden-live-camera/
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 14:17:07 GMT
Server: Apache/2.4.48 (Unix) OpenSSL/1.0.2k-fips
Last-Modified: Tue, 30 Aug 2022 18:09:13 GMT
ETag: "d01d-5e779471a03ba-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 23364
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Last-Modified, ETag, Expires, Backoff, Content-Length, Cache-Control, Alert, Retry-After, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 28 Jan 2023 13:41:40 GMT
age: 2127
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
04.ma/wp-includes/js/jquery/jquery-migrate.min.js
174.142.248.172200 OK 4.2 kB URL HTTP/1.1 04.ma/wp-includes/js/jquery/jquery-migrate.min.js
IP 174.142.248.172:0
File type ASCII text, with very long lines (11126)
Hash 5629711d7fdd5b28441bac39b851299f
4e0bf2b7383097f7c352023a1b1b1b48a50356b6
44c444309c7a6c05ff4a9bc198bed9e9596bedb5658637c85689c9a471dcdd16
GET /wp-includes/js/jquery/jquery-migrate.min.js HTTP/1.1
Host: 04.ma
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://04.ma/oukaimeden-live-camera/
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 14:17:07 GMT
Server: Apache/2.4.48 (Unix) OpenSSL/1.0.2k-fips
Last-Modified: Tue, 30 Aug 2022 16:56:19 GMT
ETag: "2bd8-5e77842617ef7-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 4169
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
04.ma/wp-content/themes/Sahifa-Theme/sahifa/style.css
174.142.248.172200 OK 36 kB URL HTTP/1.1 04.ma/wp-content/themes/Sahifa-Theme/sahifa/style.css
IP 174.142.248.172:0
File type ASCII text, with very long lines (25651)
Hash 8f9fb58d09f21e748ac19fc90abe36bc
dd211eb271ba905cdbf70d957aa71cba67aac63f
703a54dc67ea8f42071f84fdc4f8f5d078f4757230d7302a128a0633e192d1ce
GET /wp-content/themes/Sahifa-Theme/sahifa/style.css HTTP/1.1
Host: 04.ma
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://04.ma/oukaimeden-live-camera/
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 14:17:07 GMT
Server: Apache/2.4.48 (Unix) OpenSSL/1.0.2k-fips
Last-Modified: Tue, 30 Aug 2022 17:01:59 GMT
ETag: "30c9f-5e77856ad0277-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 36092
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
04.ma/wp-includes/js/jquery/jquery.min.js
174.142.248.172200 OK 31 kB URL HTTP/1.1 04.ma/wp-includes/js/jquery/jquery.min.js
IP 174.142.248.172:0
File type ASCII text, with very long lines (65447)
Hash 1b5264c989379b828aff60f65a518a24
98641237f14ccb33ac114f54329a33bd0aa17eb7
6c8e7b78c6dbc13426810c905572db7589cf3e00264e30ce797fddb0b1092237
GET /wp-includes/js/jquery/jquery.min.js HTTP/1.1
Host: 04.ma
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://04.ma/oukaimeden-live-camera/
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 14:17:07 GMT
Server: Apache/2.4.48 (Unix) OpenSSL/1.0.2k-fips
Last-Modified: Wed, 02 Nov 2022 14:59:17 GMT
ETag: "15e54-5ec7e15aaa754-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 30995
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
push.services.mozilla.com/
54.184.253.181101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.184.253.181:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: muiV4WXVp80ymxBXncPKGQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: cnBpR2PQaht/MjojjQAHGU4Pl4Q=
04.ma/wp-content/uploads/2020/07/PicsArt_07-21-11.43.07.jpg
174.142.248.172200 OK 4.8 kB URL HTTP/1.1 04.ma/wp-content/uploads/2020/07/PicsArt_07-21-11.43.07.jpg
IP 174.142.248.172:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7], baseline, precision 8, 100x56, components 3\012- data
Hash dc2c7b5133b2d19c16d05c536f047176
b59d28c1852cbe73e044e20c52151f58cd629d48
f15f9ce07a1bc6eed43ad23d53bc851fbd6c9abba63b64d006f0ead2354e50f0
GET /wp-content/uploads/2020/07/PicsArt_07-21-11.43.07.jpg HTTP/1.1
Host: 04.ma
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://04.ma/oukaimeden-live-camera/
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 14:17:07 GMT
Server: Apache/2.4.48 (Unix) OpenSSL/1.0.2k-fips
Last-Modified: Tue, 30 Aug 2022 17:50:37 GMT
ETag: "12ea-5e779049bcd59"
Accept-Ranges: bytes
Content-Length: 4842
Vary: User-Agent
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/jpeg
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 7da8f9a23d8c05f64f248e4e3427c76e
e2d001c2909cd9403173cbb0e288d55fbc8e4d0a
db8790004124a0eeb0676860170ad9c37250b2ba697a27dee62c99b64c67b4b8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 14:17:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 0544ceb43fda46b5032408f892f2e3a0
c7eb2281ca7b91cf57ad0f0de8f6240a75f90c62
740983757ab6c9f7ccfd07f004176d4a56a010a6d6dfdbdab3ce6c888519357f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "740983757AB6C9F7CCFD07F004176D4A56A010A6D6DFDBDAB3CE6C888519357F"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11479
Expires: Sat, 28 Jan 2023 17:28:26 GMT
Date: Sat, 28 Jan 2023 14:17:07 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 7da8f9a23d8c05f64f248e4e3427c76e
e2d001c2909cd9403173cbb0e288d55fbc8e4d0a
db8790004124a0eeb0676860170ad9c37250b2ba697a27dee62c99b64c67b4b8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 14:17:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/droidsans/v18/SlGWmQWMvZQIdix7AFxXmMh3eDs1Zw.woff2
216.58.207.227200 OK 22 kB URL HTTP/1.1 fonts.gstatic.com/s/droidsans/v18/SlGWmQWMvZQIdix7AFxXmMh3eDs1Zw.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 22376, version 1.0\012- data
Hash e6af16165f9bfda6aafd0088b8c01daa
c9c0ee8309619643e65ba1b22bfffcd1a7ca1e51
e803cd8c5031ac6b0d099a2d96ba1c3ee44782649a7f7c6f0d09b6410d93e216
GET /s/droidsans/v18/SlGWmQWMvZQIdix7AFxXmMh3eDs1Zw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://04.ma
Connection: keep-alive
Referer: http://fonts.googleapis.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 22376
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 25 Jan 2023 02:05:20 GMT
Expires: Thu, 25 Jan 2024 02:05:20 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Tue, 19 Apr 2022 18:25:01 GMT
Content-Type: font/woff2
Age: 303107
pl15610403.highcpmrevenuenetwork.com/e7f30dce19415158994336e358b9a9e2/invoke.js
192.243.61.225200 OK 9.3 kB URL HTTP/1.1 pl15610403.highcpmrevenuenetwork.com/e7f30dce19415158994336e358b9a9e2/invoke.js
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type Unicode text, UTF-8 text, with very long lines (25058), with no line terminators
Hash 47d71c31e5496f2dbe955a82572d38d6
55485528be89b53476b8c28fbe8fa17b145c9f42
fcbee784c9beb5abf60a3f2d3e00ad6f49126d6fff10fd06be640f7a47b1a58d
Analyzer Verdict Alert quad9 Sinkholed
GET /e7f30dce19415158994336e358b9a9e2/invoke.js HTTP/1.1
Host: pl15610403.highcpmrevenuenetwork.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://04.ma/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 28 Jan 2023 14:17:07 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ac66df91fead202fbc14db2cbe63967d
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
04.ma/wp-content/themes/Sahifa-Theme/sahifa/images/patterns/body-bg5.png
174.142.248.172200 OK 4.9 kB URL HTTP/1.1 04.ma/wp-content/themes/Sahifa-Theme/sahifa/images/patterns/body-bg5.png
IP 174.142.248.172:0
File type PNG image data, 98 x 98, 8-bit/color RGBA, non-interlaced\012- data
Hash 07ac0f938584b8fcbca5db5f8e7a409e
a66794b8e0309b4c609f461da7f3410324161e33
9f21613c7b71ba4c31fad3e589d441e372ca732a2b264671628de279eec805ec
GET /wp-content/themes/Sahifa-Theme/sahifa/images/patterns/body-bg5.png HTTP/1.1
Host: 04.ma
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://04.ma/oukaimeden-live-camera/
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 14:17:07 GMT
Server: Apache/2.4.48 (Unix) OpenSSL/1.0.2k-fips
Last-Modified: Tue, 30 Aug 2022 18:18:11 GMT
ETag: "133a-5e77967262bd4"
Accept-Ranges: bytes
Content-Length: 4922
Vary: User-Agent
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png
cdn.onesignal.com/sdks/OneSignalSDK.js
104.18.225.52200 OK 24 kB URL HTTP/2 cdn.onesignal.com/sdks/OneSignalSDK.js
IP 104.18.225.52:0
File type ASCII text, with very long lines (9097)
Hash 4146c0e7679a7e96630acd546fc1f294
52677ca89598003a4d011d864a099b52271092f0
d7ab5b97c034671aea0c5f77da47d568599c3928cd5a64fc166460aca0cc6e5a
GET /sdks/OneSignalSDK.js HTTP/1.1
Host: cdn.onesignal.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://04.ma/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 14:17:07 GMT
content-type: application/javascript
etag: W/"ae63ef8ff03da61fffaa7f165729897a"
access-control-allow-headers: OneSignal-Subscription-Id
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: HIT
age: 3082
expires: Tue, 31 Jan 2023 14:17:07 GMT
cache-control: public, max-age=259200
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
server: cloudflare
cf-ray: 790a598b29990b59-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 7da8f9a23d8c05f64f248e4e3427c76e
e2d001c2909cd9403173cbb0e288d55fbc8e4d0a
db8790004124a0eeb0676860170ad9c37250b2ba697a27dee62c99b64c67b4b8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 14:17:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 0544ceb43fda46b5032408f892f2e3a0
c7eb2281ca7b91cf57ad0f0de8f6240a75f90c62
740983757ab6c9f7ccfd07f004176d4a56a010a6d6dfdbdab3ce6c888519357f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "740983757AB6C9F7CCFD07F004176D4A56A010A6D6DFDBDAB3CE6C888519357F"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11479
Expires: Sat, 28 Jan 2023 17:28:26 GMT
Date: Sat, 28 Jan 2023 14:17:07 GMT
Connection: keep-alive
04.ma/wp-content/themes/Sahifa-Theme/sahifa/images/home.png
174.142.248.172200 OK 1.0 kB URL HTTP/1.1 04.ma/wp-content/themes/Sahifa-Theme/sahifa/images/home.png
IP 174.142.248.172:0
File type PNG image data, 30 x 78, 8-bit colormap, non-interlaced\012- data
Hash 2ca35c0c6c0a17872bc7c6ef7fb1d6e5
6504abb26cf52c2250ea8e9c5645bb9439cefba9
6039cdb2c8028b73ddb9d711e7eb22834a8e11ba865283a7ed2fd2c75a401040
GET /wp-content/themes/Sahifa-Theme/sahifa/images/home.png HTTP/1.1
Host: 04.ma
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://04.ma/wp-content/themes/Sahifa-Theme/sahifa/style.css
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 14:17:07 GMT
Server: Apache/2.4.48 (Unix) OpenSSL/1.0.2k-fips
Last-Modified: Tue, 30 Aug 2022 18:09:09 GMT
ETag: "3fe-5e77946dd2581"
Accept-Ranges: bytes
Content-Length: 1022
Vary: User-Agent
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/png
04.ma/wp-content/themes/Sahifa-Theme/sahifa/fonts/BebasNeue/BebasNeue-webfont.woff
174.142.248.172200 OK 20 kB URL HTTP/1.1 04.ma/wp-content/themes/Sahifa-Theme/sahifa/fonts/BebasNeue/BebasNeue-webfont.woff
IP 174.142.248.172:0
File type Web Open Font Format, CFF, length 19996, version 1.300\012- data
Hash 07db5c04835629ee7284a0481197443d
9f56f7e1b14b89828393aef3ff581a4a22320af0
e8c2e4d6ab0ad2f055a6cc3c777d31531e665758db5ca815f2613afad72f7088
GET /wp-content/themes/Sahifa-Theme/sahifa/fonts/BebasNeue/BebasNeue-webfont.woff HTTP/1.1
Host: 04.ma
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://04.ma/wp-content/themes/Sahifa-Theme/sahifa/style.css
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 14:17:07 GMT
Server: Apache/2.4.48 (Unix) OpenSSL/1.0.2k-fips
Last-Modified: Tue, 30 Aug 2022 18:17:28 GMT
ETag: "4e1c-5e7796499ae9e"
Accept-Ranges: bytes
Content-Length: 19996
Vary: User-Agent
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: font/woff
04.ma/wp-content/themes/Sahifa-Theme/sahifa/images/stripe.png
174.142.248.172200 OK 93 B URL HTTP/1.1 04.ma/wp-content/themes/Sahifa-Theme/sahifa/images/stripe.png
IP 174.142.248.172:0
File type PNG image data, 12 x 14, 8-bit/color RGBA, non-interlaced\012- data
Hash 51386a2f66885faebd7ce34fceee3c7f
d428fb21cb1c35bb8d1a579df9aa7034c62f8e61
23c79bb552706be2ca97bdb259921e3269a5263326b147676c2f7909a45b58c9
GET /wp-content/themes/Sahifa-Theme/sahifa/images/stripe.png HTTP/1.1
Host: 04.ma
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://04.ma/wp-content/themes/Sahifa-Theme/sahifa/style.css
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 14:17:07 GMT
Server: Apache/2.4.48 (Unix) OpenSSL/1.0.2k-fips
Last-Modified: Tue, 30 Aug 2022 18:09:11 GMT
ETag: "5d-5e77946ff1904"
Accept-Ranges: bytes
Content-Length: 93
Vary: User-Agent
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png
04.ma/wp-content/themes/Sahifa-Theme/sahifa/fonts/fontawesome/fontawesome-webfont.woff2?v=4.4.0
174.142.248.172200 OK 64 kB URL HTTP/1.1 04.ma/wp-content/themes/Sahifa-Theme/sahifa/fonts/fontawesome/fontawesome-webfont.woff2?v=4.4.0
IP 174.142.248.172:0
File type Web Open Font Format (Version 2), TrueType, length 64464, version 4.262\012- data
Hash 4b5a84aaf1c9485e060c503a0ff8cadb
574ea2698c03ae9477db2ea3baf460ee32f1a7ea
3c4a1bb7ce3234407184f0d80cc4dec075e4ad616b44dcc5778e1cfb1bc24019
GET /wp-content/themes/Sahifa-Theme/sahifa/fonts/fontawesome/fontawesome-webfont.woff2?v=4.4.0 HTTP/1.1
Host: 04.ma
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://04.ma/wp-content/themes/Sahifa-Theme/sahifa/style.css
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 14:17:07 GMT
Server: Apache/2.4.48 (Unix) OpenSSL/1.0.2k-fips
Last-Modified: Tue, 30 Aug 2022 18:17:31 GMT
ETag: "fbd0-5e77964c6c1d3"
Accept-Ranges: bytes
Content-Length: 64464
Vary: User-Agent
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: font/woff2
ocsp.sca1b.amazontrust.com/
54.230.245.100200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.100:0
Hash c2d37fd4f1678643fc9f53dd026cd7e3
1dd8510cd853835d82892664350acccfc6715f16
6506e317135169829b64f503a456bdd7d1a28dab8985bf20c2c5534d033779af
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sat, 28 Jan 2023 14:17:07 GMT
Last-Modified: Sat, 28 Jan 2023 13:58:55 GMT
Server: ECS (nyb/1D16)
X-Cache: Miss from cloudfront
Via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: yF3XCItiuxDT9ZsJkia9qo23mDRc7zdSwV_CIw8GBqSEn_d1vQ0FaQ==
Age: 1092
fonts.googleapis.com/css?family=Lato&display=swap
142.250.74.106200 OK 379 B URL HTTP/2 fonts.googleapis.com/css?family=Lato&display=swap
IP 142.250.74.106:0
Hash 319098cbb7eb7638e432423c831f8d95
fa181b5610ab7a8ae26103e094280d01018ab1a6
ba6cb603531f989ba11e1d9eeb478028963a972bc9f56c4bc0514ff6783b4ea1
GET /css?family=Lato&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://04.ma/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 28 Jan 2023 14:17:07 GMT
date: Sat, 28 Jan 2023 14:17:07 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 4a7606ace160c8c8814f8fbe956daba2
a62498aae8c8be1fa895b9f1d43bbdf0a65d3ce1
77f020a5ec9ec02c217270b76fd60d2680b2c919e40fe761c56a260fe0f86ab1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1640
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 14:17:08 GMT
Last-Modified: Sat, 28 Jan 2023 13:49:48 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 280
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f39b3a60431aa79bce8fd633c4adfd03
6a40c50297f5a9bd1cc8623e5b1e6a75d85d2038
8b3e03277b91d07f5cf62332e3f89bd6c27ce85a66d359bd8adabe9bfa203b39
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8B3E03277B91D07F5CF62332E3F89BD6C27CE85A66D359BD8ADABE9BFA203B39"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11588
Expires: Sat, 28 Jan 2023 17:30:16 GMT
Date: Sat, 28 Jan 2023 14:17:08 GMT
Connection: keep-alive
cdn.speakol.com/widget/images/sponsor.png
54.230.111.13200 OK 3.3 kB URL HTTP/2 cdn.speakol.com/widget/images/sponsor.png
IP 54.230.111.13:0
File type PNG image data, 232 x 232, 8-bit colormap, non-interlaced\012- data
Hash c3f586616268e8e0ba61d6d7c327d205
a8100d623132ffad3db10392a5fe53e6ec1ee921
f15570ce9c82998dc9496550a8669088a4cf3b1e15052345ec5c42c2d7484e1b
GET /widget/images/sponsor.png HTTP/1.1
Host: cdn.speakol.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://04.ma/
Cookie: __SPK_UID=72892de9-9f16-11ed-9ba4-be52a8e33faa
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 3349
date: Sun, 22 Jan 2023 00:09:37 GMT
last-modified: Thu, 12 Sep 2019 14:55:40 GMT
etag: "c3f586616268e8e0ba61d6d7c327d205"
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: m1w2FJyVf-lrpBnyhaNmBXQteaAMAUti5t4IE5WeVlAvmFz6OOvgIQ==
age: 569252
X-Firefox-Spdy: h2
cdn.speakol.com/pre-loader.gif
54.230.111.13200 OK 5.0 kB URL HTTP/2 cdn.speakol.com/pre-loader.gif
IP 54.230.111.13:0
File type GIF image data, version 89a, 32 x 32\012- data
Hash 6d441c740f299f4b63fdc505df5fee58
21ad87610ad1483108e50bc3a48d15c214b56836
d3e4d77607242455dbced6e25c81dfc57a8666dbfcc19b01d7306f757a5e227b
GET /pre-loader.gif HTTP/1.1
Host: cdn.speakol.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://04.ma/
Cookie: __SPK_UID=72892de9-9f16-11ed-9ba4-be52a8e33faa
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/gif
content-length: 5033
last-modified: Thu, 03 Jun 2021 14:59:55 GMT
accept-ranges: bytes
server: AmazonS3
date: Sat, 21 Jan 2023 20:18:20 GMT
etag: "6d441c740f299f4b63fdc505df5fee58"
x-cache: Hit from cloudfront
via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: EsFaLHkR_G0AriimHnrmxd8ebR3KmdnqC01DK-bNGqd039muH5j6xw==
age: 583129
X-Firefox-Spdy: h2
cdn.speakol.com/widget/html/speakol-appends.html
54.230.111.13200 OK 4.7 kB URL HTTP/2 cdn.speakol.com/widget/html/speakol-appends.html
IP 54.230.111.13:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3738)
Hash 1541c592418687eea9bf2ba67dad2537
925db305bc9ea9a9b5b512578cde22a7b8cd8787
8db1785c7abb21f5abcc34d06d9023ef62110b12088cc950c47821bcbde851ab
GET /widget/html/speakol-appends.html HTTP/1.1
Host: cdn.speakol.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://04.ma/
Cookie: __SPK_UID=72892de9-9f16-11ed-9ba4-be52a8e33faa
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 4737
last-modified: Fri, 01 Jan 2021 18:02:04 GMT
accept-ranges: bytes
server: AmazonS3
date: Wed, 25 Jan 2023 10:56:37 GMT
etag: "1541c592418687eea9bf2ba67dad2537"
x-cache: Hit from cloudfront
via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: kPzrwfP1z8wPrmx_D54m5WX-k4vbEMTAlsAlv5J-2SSaE-8ZSILvsw==
age: 271232
X-Firefox-Spdy: h2
events.askjdhaa.com/api/v1/push/widget-page-view
54.230.111.6200 OK 41 B URL HTTP/2 events.askjdhaa.com/api/v1/push/widget-page-view
IP 54.230.111.6:0
File type JSON data\012- , ASCII text
Hash 24da1f40d960111cc2a036d3000ac35e
f877cab5f4629e3783db405e4c9877d12df24e83
1a818c2563508b16d451acdb1513ee2ffa38b4f8fed58888dbcc3701e702eb50
POST /api/v1/push/widget-page-view HTTP/1.1
Host: events.askjdhaa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 214
Origin: http://04.ma
Connection: keep-alive
Referer: http://04.ma/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json; charset=UTF-8
content-length: 41
date: Sat, 28 Jan 2023 14:17:08 GMT
server: nginx/1.21.6
access-control-allow-origin: *
content-encoding: gzip
vary: Origin, Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 6259d2cd8a5947ad41a420527bbed7a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: NUX81IJzJu6lXT-6K5fNCklUOLuM3nyfh20aF8TaWGk6ocOgMe3mMg==
X-Firefox-Spdy: h2
cdn.taboola.com/libtrc/adreact-network/loader.js
151.101.65.44200 OK 50 kB URL HTTP/1.1 cdn.taboola.com/libtrc/adreact-network/loader.js
IP 151.101.65.44:0
File type ASCII text, with very long lines (65199)
Hash 1be15d7e36cb10bbaa875dbdf5845436
3c31adcbd0c606a1fabad65c6ce7e4799ea99edd
828f39cd6c1aea358610c15dc38318009dc20e6124d8db118b19a0938ab83ba7
GET /libtrc/adreact-network/loader.js HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://04.ma/
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 50512
Server: nginx
Content-Type: application/javascript; charset=utf-8
access-control-allow-origin: *
content-encoding: gzip
etag: "7cd775fa10cfc8aa675d572e263756c2d4bfda8d"
last-modified: Sat, 28 Jan 2023 11:46:55 UTC
x-amz-id-2: A+X9N1SEt7N5LwZo6pX5htz0FBizwHGohwldWbOinaQZ51Y8ccv0uGdwvXgSpD+e5JDC+Imp+pI=
x-amz-request-id: H0GGDD07QFNC84X2
x-amz-version-id: ZIXdPJ8z72uT0gj.LzkxS0WYDE04vTkf
x-from-cache: 1
x-envoy-upstream-service-time: 9
Accept-Ranges: bytes
Date: Sat, 28 Jan 2023 14:17:08 GMT
Via: 1.1 varnish
Age: 9013
X-Served-By: cache-bma1657-BMA
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1674915428.317845,VS0,VE1
Cache-Control: private,max-age=14400
Vary: Accept-Encoding, Accept-Encoding
abp: 27
pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
142.250.74.130200 OK 53 kB URL HTTP/1.1 pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
IP 142.250.74.130:0
File type ASCII text, with very long lines (4879)
Hash ee8a0174726501daf53ee85e219ef6fd
a2715c020bec5563d8e5c1e163ee5663d4bd3d07
b8e89d28b08159f276846a3170bcaa7b6eee834ddff79ac7963ef4d76d8f41be
GET /pagead/js/adsbygoogle.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://04.ma/
HTTP/1.1 200 OK
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
Date: Sat, 28 Jan 2023 14:17:08 GMT
Expires: Sat, 28 Jan 2023 14:17:08 GMT
Cache-Control: private, max-age=3600
Content-Type: text/javascript; charset=UTF-8
ETag: 13587227741927394242
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 52627
X-XSS-Protection: 0
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash e7ebbff54ced2c07469b302fc6d44078
f59983c844c398bd37705051ca685b2d07d85726
04eb3bd7658c1112bfc1d0098e8d7f5fafdb10459e3290c0d4e6a17e65a5494f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 14:17:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash e7ebbff54ced2c07469b302fc6d44078
f59983c844c398bd37705051ca685b2d07d85726
04eb3bd7658c1112bfc1d0098e8d7f5fafdb10459e3290c0d4e6a17e65a5494f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 14:17:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/analytics.js
142.250.74.110200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.110:0
File type ASCII text, with very long lines (1490)
Hash ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://04.ma/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Sat, 28 Jan 2023 13:46:59 GMT
expires: Sat, 28 Jan 2023 15:46:59 GMT
cache-control: public, max-age=7200
age: 1809
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 4a7606ace160c8c8814f8fbe956daba2
a62498aae8c8be1fa895b9f1d43bbdf0a65d3ce1
77f020a5ec9ec02c217270b76fd60d2680b2c919e40fe761c56a260fe0f86ab1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1640
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 14:17:08 GMT
Last-Modified: Sat, 28 Jan 2023 13:49:48 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 280
04.ma/wp-content/uploads/2021/12/cropped-Screenshot_20210723_013356-192x192.jpg
174.142.248.172200 OK 13 kB URL HTTP/1.1 04.ma/wp-content/uploads/2021/12/cropped-Screenshot_20210723_013356-192x192.jpg
IP 174.142.248.172:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82", baseline, precision 8, 192x192, components 3\012- data
Hash ca0f84da4834131f9e096a97b1cdfacc
593db04660ae1bf4f32e929a91395558d9d77d68
e8680f28b965fb066473c29980ceb06aa3114a95fee8afa4712a4f7759448e65
GET /wp-content/uploads/2021/12/cropped-Screenshot_20210723_013356-192x192.jpg HTTP/1.1
Host: 04.ma
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://04.ma/oukaimeden-live-camera/
Cookie: __SPK_UID=72892de9-9f16-11ed-9ba4-be52a8e33faa; dom3ic8zudi28v8lr6fgphwffqoz0j6c=a8756f54-c7fc-4aec-a6a9-0f7808e18aa1%3A3%3A1
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 14:17:08 GMT
Server: Apache/2.4.48 (Unix) OpenSSL/1.0.2k-fips
Last-Modified: Tue, 30 Aug 2022 17:57:50 GMT
ETag: "33ba-5e7791e64c63e"
Accept-Ranges: bytes
Content-Length: 13242
Vary: User-Agent
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/jpeg
04.ma/wp-content/themes/Sahifa-Theme/sahifa/favicon.ico
174.142.248.172200 OK 514 B URL HTTP/1.1 04.ma/wp-content/themes/Sahifa-Theme/sahifa/favicon.ico
IP 174.142.248.172:0
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash f0d65f479ea43fc88b3bc3bba50e64ae
aa7393fe1f64ad6e4d326122bdc689c6b6c073d5
4cbe4f289f3f814b8c206091bc4fc7141b95e6879833de75948685fb02620fb4
GET /wp-content/themes/Sahifa-Theme/sahifa/favicon.ico HTTP/1.1
Host: 04.ma
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://04.ma/oukaimeden-live-camera/
Cookie: __SPK_UID=72892de9-9f16-11ed-9ba4-be52a8e33faa; dom3ic8zudi28v8lr6fgphwffqoz0j6c=a8756f54-c7fc-4aec-a6a9-0f7808e18aa1%3A3%3A1
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 14:17:08 GMT
Server: Apache/2.4.48 (Unix) OpenSSL/1.0.2k-fips
Last-Modified: Tue, 30 Aug 2022 17:01:56 GMT
ETag: "47e-5e7785675d54a-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 514
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/x-icon
pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-9575065054627750
142.250.74.130200 OK 50 kB URL HTTP/2 pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-9575065054627750
IP 142.250.74.130:0
File type ASCII text, with very long lines (3649)
Hash 1ccd2e75c140cdf27a91133064224eb8
0f41269f26c09213bf77a32abcf025a4adf026d5
6625132a9ab7203a1b646a56787799a85aa6c8105e22222bd9b205297bc7b9a0
GET /pagead/js/adsbygoogle.js?client=ca-pub-9575065054627750 HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://04.ma
Connection: keep-alive
Referer: http://04.ma/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sat, 28 Jan 2023 14:17:08 GMT
expires: Sat, 28 Jan 2023 14:17:08 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 8868763830176648897
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 50087
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
recommendation.speakol.com/api/v2.1/recommendation/config?wids=wi-5515&uid=undefined&rid=&ref=http%3A%2F%2F04.ma%2Foukaimeden-live-camera%2F
54.230.111.74200 OK 6.0 kB URL HTTP/2 recommendation.speakol.com/api/v2.1/recommendation/config?wids=wi-5515&uid=undefined&rid=&ref=http%3A%2F%2F04.ma%2Foukaimeden-live-camera%2F
IP 54.230.111.74:0
Hash b260f2e3510e44bb6022813c5451d2c2
88649aef926b3794760fde8e5e2dc5e2f7648b2d
c5aebd8d613e37421485359d4332c596ff1cec9ecc79d6f7ce7ae2041c0db237
GET /api/v2.1/recommendation/config?wids=wi-5515&uid=undefined&rid=&ref=http%3A%2F%2F04.ma%2Foukaimeden-live-camera%2F HTTP/1.1
Host: recommendation.speakol.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://04.ma/
Origin: http://04.ma
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json; charset=utf-8
date: Sat, 28 Jan 2023 14:17:07 GMT
server: nginx/1.21.6
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-headers: Origin, Content-Type, Set-Cookie, Cookie, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: http://04.ma
access-control-expose-headers: Content-Length
set-cookie: __SPK_UID=72892de9-9f16-11ed-9ba4-be52a8e33faa; Path=/; Domain=speakol.com; Expires=Wed, 22 Feb 2023 14:17:07 GMT; Secure; SameSite=None
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 04c4f064943f75498361739eb063cb7a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: wi2FVOOdyARZ9FSzO-8y3OQ0JEssg627n9e39Oe4WFMU4yy8PduQHw==
X-Firefox-Spdy: h2
securepubads.g.doubleclick.net/tag/js/gpt.js
142.250.74.130200 OK 28 kB URL HTTP/2 securepubads.g.doubleclick.net/tag/js/gpt.js
IP 142.250.74.130:0
File type ASCII text, with very long lines (39375)
Hash 4834eaa4472ec378f2163f4c19a8c601
1e82cc3a6684dff4f315bc1ca347afcc26d1c63a
2331ed09813390fc384f41d0196a14da292ab9a8b28eebbf4479a6a8e58c2b0f
GET /tag/js/gpt.js HTTP/1.1
Host: securepubads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://04.ma/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 27568
date: Sat, 28 Jan 2023 14:17:08 GMT
expires: Sat, 28 Jan 2023 14:17:08 GMT
cache-control: private, max-age=900, stale-while-revalidate=3600
etag: "1465 / 635 of 1000 / last-modified: 1674860937"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
142.250.74.130200 OK 50 kB URL HTTP/2 pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
IP 142.250.74.130:0
File type ASCII text, with very long lines (4879)
Hash 9055d9805516b4b37c183d8803c1f21d
7b9f84ce55f195a56f8e0044a4702b35cad2d92a
c73dee22a69446e2a63ed2790d743758e81a3b5b9373aec2cd6b2154a22fa424
GET /pagead/js/adsbygoogle.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://04.ma/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sat, 28 Jan 2023 14:17:08 GMT
expires: Sat, 28 Jan 2023 14:17:08 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 14470453214213172145
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 50008
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash e7ebbff54ced2c07469b302fc6d44078
f59983c844c398bd37705051ca685b2d07d85726
04eb3bd7658c1112bfc1d0098e8d7f5fafdb10459e3290c0d4e6a17e65a5494f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 14:17:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash e7ebbff54ced2c07469b302fc6d44078
f59983c844c398bd37705051ca685b2d07d85726
04eb3bd7658c1112bfc1d0098e8d7f5fafdb10459e3290c0d4e6a17e65a5494f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 14:17:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
googleads.g.doubleclick.net/pagead/html/r20230124/r20190131/zrt_lookup.html
142.250.74.66200 OK 4.2 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/html/r20230124/r20190131/zrt_lookup.html
IP 142.250.74.66:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2579)
Hash 2fb3574102373e2e076cfa2ff90cdf25
d06c985183def975546d6e47ab6369c11dcf7195
e61cbc207f7fc2f429deceff11e7a339a3d9a9574da6d035054eba02ee381345
GET /pagead/html/r20230124/r20190131/zrt_lookup.html HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://04.ma/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 4242
x-xss-protection: 0
date: Sat, 28 Jan 2023 09:23:45 GMT
expires: Sat, 11 Feb 2023 09:23:45 GMT
cache-control: public, max-age=1209600
etag: 10353107486223812946
content-type: text/html; charset=UTF-8
age: 17603
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdn.speakol.com/media/prod/75e17b4889d52c8b277ade04d0ac2f95/72663/1649460321_68219
54.230.111.13200 OK 103 kB URL HTTP/2 cdn.speakol.com/media/prod/75e17b4889d52c8b277ade04d0ac2f95/72663/1649460321_68219
IP 54.230.111.13:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 1080x720, components 3\012- data
Size 103 kB (102552 bytes)
Hash 996294bd31c8cc0e29920b1549e783ed
4a61edc3654864bb4ce64b6d23ad29508314ce43
ac1dc684239f5ee17f80d1ad80a6d443084cf29562730cac9c116447abc1766f
GET /media/prod/75e17b4889d52c8b277ade04d0ac2f95/72663/1649460321_68219 HTTP/1.1
Host: cdn.speakol.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://04.ma/
Cookie: __SPK_UID=72892de9-9f16-11ed-9ba4-be52a8e33faa
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
content-length: 102552
last-modified: Fri, 08 Apr 2022 23:25:23 GMT
accept-ranges: bytes
server: AmazonS3
date: Sun, 22 Jan 2023 11:39:17 GMT
cache-control: max-age=604800
etag: "996294bd31c8cc0e29920b1549e783ed"
x-cache: Hit from cloudfront
via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Pe_YKeovd06o609vaISKi_jYFFJRFfRUJ5PAKpq9AK3cf4BJmWPW-g==
age: 541856
X-Firefox-Spdy: h2
cdn.taboola.com/libtrc/impl.20230126-3-RELEASE.js
151.101.65.44200 OK 155 kB URL HTTP/2 cdn.taboola.com/libtrc/impl.20230126-3-RELEASE.js
IP 151.101.65.44:0
File type ASCII text, with very long lines (65509)
Size 155 kB (154870 bytes)
Hash 10823a261b2c0249484d20950801bf40
79430743855a7705f5be36bbe67372549359f07a
40200710fe9b480358a11bf8a259f0f5ad0d3a34abbd4800166838cf09fe19f5
GET /libtrc/impl.20230126-3-RELEASE.js HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://04.ma/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: RUkcrQFVADZ9oW/03MUfG+XxFfDYzh/Odm9AEM16hPoLiDelVmflR7myPuW9CXyB32ESvxSjYAE=
x-amz-request-id: DWA3SKVQ1EZDJBBH
last-modified: Thu, 26 Jan 2023 12:36:52 GMT
etag: "10823a261b2c0249484d20950801bf40"
content-encoding: br
x-amz-version-id: TAd_8bqSo5fWrgPH3gtBYqLL.EXhCFF9
content-type: application/javascript
accept-ranges: bytes
date: Sat, 28 Jan 2023 14:17:08 GMT
via: 1.1 varnish
age: 6015
x-served-by: cache-bma1620-BMA
x-cache: HIT
x-cache-hits: 3696
x-timer: S1674915429.616458,VS0,VE0
cache-control: private,max-age=31536000
vary: Accept-Encoding
abp: 12
server: AmazonS3-br
content-length: 154870
X-Firefox-Spdy: h2
04maroc.os.tc/webPushIframe
104.16.220.96200 OK 121 kB URL HTTP/2 04maroc.os.tc/webPushIframe
IP 104.16.220.96:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size 121 kB (121008 bytes)
Hash 723f19eef997c6f4c356bc32e3455264
73521533080124f85f1eec4ee2669832f5641c1b
cf54958770d5005eaab9817732c16b7e20edb738414fee2b56fd174fae56662c
GET /webPushIframe HTTP/1.1
Host: 04maroc.os.tc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://04.ma/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 14:17:08 GMT
content-type: text/html; charset=utf-8
vary: Origin, Accept-Encoding
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
cache-control: public, max-age=3600
pragma: no-cache
expires: Sat, 28 Jan 2023 15:17:08 GMT
x-request-id: 63f0fa79-48e0-4e87-beaf-fe26809ba0f8
x-runtime: 0.007552
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: REVALIDATED
server: cloudflare
cf-ray: 790a59918b5eb51d-OSL
content-encoding: br
X-Firefox-Spdy: h2
errresound.com/ntv.json?key=e7f30dce19415158994336e358b9a9e2&vstc=4
192.243.61.227200 OK 16 kB URL HTTP/1.1 errresound.com/ntv.json?key=e7f30dce19415158994336e358b9a9e2&vstc=4
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , ASCII text, with very long lines (16507), with no line terminators
Hash f0c3c402ebd98cd91d8f3fd7e923db63
2d61e242c0ce677176a5edc7c796c815bec5ef9f
1a8dccecb8b9fabc7bedebcc93f62efc88c6a198e521f306a169f34b7b0fb8b8
Analyzer Verdict Alert quad9 Sinkholed
GET /ntv.json?key=e7f30dce19415158994336e358b9a9e2&vstc=4 HTTP/1.1
Host: errresound.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://04.ma
Connection: keep-alive
Referer: http://04.ma/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 28 Jan 2023 14:17:08 GMT
Content-Type: application/json
Content-Length: 16507
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://04.ma
Access-Control-Allow-Origin: http://04.ma
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=15509904; expires=Sun, 29 Jan 2023 14:17:08 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 29 Jan 2023 14:17:08 GMT; secure; SameSite=None
uncs=1; expires=Sun, 29 Jan 2023 14:17:08 GMT; secure; SameSite=None
pdhtkv49=true; expires=Sun, 29 Jan 2023 14:17:08 GMT; secure; SameSite=None
uncs49=1; expires=Sun, 29 Jan 2023 14:17:08 GMT; secure; SameSite=None
nlece7f30dce19415158994336e358b9a9e2=[2229212,2229213,3955576]; expires=Sat, 28 Jan 2023 14:17:13 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 71409f8e7a0e13a39fb6defad3078fad
Strict-Transport-Security: max-age=0; includeSubdomains
sb.scorecardresearch.com/b?c1=7&c2=34354936&c3=1&cs_it=b3&cv=3.8.0.210223&ns__t=1674915431567&ns_c=UTF-8&c7=http%3A%2F%2F04.ma%2Foukaimeden-live-camera%2F&c8=%D9%83%D8%A7%D9%85%D9%8A%D8%B1%D8%A7%20%D8%A3%D9%88%D9%83%D8%A7%D9%8A%D9%85%D8%AF%D9%86%20%D9%85%D8%A8%D8%A7%D8%B4%D8%B1%D8%A9%20-%20Oukaimeden%20Live%20Camera%20%E2%80%A2&c9=
54.230.111.88204 No Content 0 B URL HTTP/2 sb.scorecardresearch.com/b?c1=7&c2=34354936&c3=1&cs_it=b3&cv=3.8.0.210223&ns__t=1674915431567&ns_c=UTF-8&c7=http%3A%2F%2F04.ma%2Foukaimeden-live-camera%2F&c8=%D9%83%D8%A7%D9%85%D9%8A%D8%B1%D8%A7%20%D8%A3%D9%88%D9%83%D8%A7%D9%8A%D9%85%D8%AF%D9%86%20%D9%85%D8%A8%D8%A7%D8%B4%D8%B1%D8%A9%20-%20Oukaimeden%20Live%20Camera%20%E2%80%A2&c9=
IP 54.230.111.88:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /b?c1=7&c2=34354936&c3=1&cs_it=b3&cv=3.8.0.210223&ns__t=1674915431567&ns_c=UTF-8&c7=http%3A%2F%2F04.ma%2Foukaimeden-live-camera%2F&c8=%D9%83%D8%A7%D9%85%D9%8A%D8%B1%D8%A7%20%D8%A3%D9%88%D9%83%D8%A7%D9%8A%D9%85%D8%AF%D9%86%20%D9%85%D8%A8%D8%A7%D8%B4%D8%B1%D8%A9%20-%20Oukaimeden%20Live%20Camera%20%E2%80%A2&c9= HTTP/1.1
Host: sb.scorecardresearch.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://04.ma/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sat, 28 Jan 2023 14:17:08 GMT
set-cookie: UID=1D2212ac2d966214515df481674915428; domain=.scorecardresearch.com; path=/; max-age=62208000
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: YXYaSYDPM6uHwh1xpFKkNhxAZqHajJM3f_UFTjm9Rjb1zJ7hllfLfg==
X-Firefox-Spdy: h2
gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS
178.250.2.146302 Found 0 B URL HTTP/1.1 gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS
IP 178.250.2.146:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sync?c=72&r=2&j=TRC.getRTUS HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://04.ma/
HTTP/1.1 302 Found
content-length: 0
location: https://gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS
cache-control: no-cache
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash c083fb68af37d6c700a3fa4eb04a29cb
9b3ff3c9c0bd7dc448eb18e74ddc029f7c18dc9a
3ea0d4252ad90ee13a6b23ebd1144639f7bb73e4d96ef2590b21a155809e65e2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 14:17:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash ab04da9bc46246cc0001464e7f6b5e19
01ce4f7004aec7a24d4545a1e742ab6a1e639b48
22e519a39cb2e7e5f6da23d35f4498aa7a2d00e06613fd3bbf8de8a62ed2d354
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 14:17:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
trc-events.taboola.com/adreact-04ma/log/2/debug?tim=14%3A17%3A11.717&type=usage&msg=rtus&llvl=2&id=8710&cv=20230126-3-RELEASE<=deflated&file=rtus.js&method=injectRtus&position=default&extraData=%7B%7D
141.226.228.48204 No Content 0 B URL HTTP/2 trc-events.taboola.com/adreact-04ma/log/2/debug?tim=14%3A17%3A11.717&type=usage&msg=rtus&llvl=2&id=8710&cv=20230126-3-RELEASE<=deflated&file=rtus.js&method=injectRtus&position=default&extraData=%7B%7D
IP 141.226.228.48:0
ASN #200478 Taboola.com ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /adreact-04ma/log/2/debug?tim=14%3A17%3A11.717&type=usage&msg=rtus&llvl=2&id=8710&cv=20230126-3-RELEASE<=deflated&file=rtus.js&method=injectRtus&position=default&extraData=%7B%7D HTTP/1.1
Host: trc-events.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://04.ma/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx
date: Sat, 28 Jan 2023 14:17:08 GMT
x-fastly-to-nlb-rtt: 21909
access-control-allow-credentials: true
X-Firefox-Spdy: h2
adservice.google.no/adsid/integrator.js?domain=04.ma
142.250.74.2200 OK 100 B URL HTTP/2 adservice.google.no/adsid/integrator.js?domain=04.ma
IP 142.250.74.2:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=04.ma HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://04.ma/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sat, 28 Jan 2023 14:17:08 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
adservice.google.com/adsid/integrator.js?domain=04.ma
142.250.74.66200 OK 100 B URL HTTP/2 adservice.google.com/adsid/integrator.js?domain=04.ma
IP 142.250.74.66:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=04.ma HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://04.ma/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sat, 28 Jan 2023 14:17:08 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash c083fb68af37d6c700a3fa4eb04a29cb
9b3ff3c9c0bd7dc448eb18e74ddc029f7c18dc9a
3ea0d4252ad90ee13a6b23ebd1144639f7bb73e4d96ef2590b21a155809e65e2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 14:17:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2418
Expires: Sat, 28 Jan 2023 14:57:27 GMT
Date: Sat, 28 Jan 2023 14:17:09 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash ab04da9bc46246cc0001464e7f6b5e19
01ce4f7004aec7a24d4545a1e742ab6a1e639b48
22e519a39cb2e7e5f6da23d35f4498aa7a2d00e06613fd3bbf8de8a62ed2d354
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 14:17:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
errresound.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSQYscRRSuzo4gelHJRfDQeAiKMumemc5Om0BwjSuLcXdNInvwVF1VPVtudVdT1T09u6fViOQ4Bw%2Fqqfeb3SyJiyQ%2FQJFZL2HxkAaRBbMnL4I3QTzKTAZGH%2FR77%2BvvHb7v1ftirzgjHgp6uv6B3pFK0YtB03Nf25Ap16V1V2%2B5vtf0LrsbMr3UuewOJsn03%2FK9oOm97r4n2Ja%2B2PJ8z%2FM9312WRsR6cHHKQmZHod8MvWan1fSDDgbm%2F9gWDix1wPtn5CVIXj%2Bz%2BeghJBsjTR5cE3Yr19mb7yaFork26PPDj9KtVJcpknkbGwdxejibhrY1IV%2Bdg04PZw6g%2B%2FsTB4hkTZxffUTp4Uwmov7BU6WRgkgR8edR9scQagxJx2D6NiR%2FTADGsbqGNLm7qk1Jt5%2BydMLWpPH3X5BlTRpPziNNvltScuDe1KrIpU4tBnEFORhD9sbIimPkOw5keQyWfwbJCdKkguTV1LWUY8h4DCWGoNZBMfmkgyJ2UGQOEn7q0iCMPW8xjuJ2u9thjLXbjAXdSzzg7U439lCwiawh8mwIpoZgZheZ2cWWHMIUP8JuVrDcgc1r4ny4iz6vUAqC0hKUlKCUBGVOUParA65sy1Z3ubJF5M9qa1bb1UjnvT16oPOeSMledkZenO7jz3tDbIlTVyzGbY8z4YcdP%2FCDbhh22u1Loh10o5CGogUrK0h7bmp1R9bkPHsDmazJwoXfEdFjWHUMJhdACx%2B0HC22PNDNUafrYSc98DrNhILrClneQL7t7Kkz8vJUwKsLv0Gwk6v3Xzl61r%2FwB5ipkJkKn8ifCHrqzuiGLsn%2BDV1a8nAty2Uid%2BjksW7mNBcL998X26U2fOWaHd57m02ISXt0S9j8Ok25THuWfLskORdmWRsmyPcrdkNE64XdXCpMWmTX199ZXkkyI6yVOh2Dysdr%2F4DJmjQ%2B%2FWF6hi%2F8%2FDmkGcMUFZLihMwCUh%2BDZbuw2Vy91QRGzWeizEFZVCPTiuY%2FlSRQYo5pVMH%2BB0fzfs%2FeQc80QPPb0%2BPrmwp9VYGqIWzx3CjPzMnVR19P4htEqjGKlGnsR8qoL6ernaQnNbny8aAmV64%2BgJWnrghiLxZeS0RxGMWL1ONh3AkjGvpiMQqoj9zW7Jcm%2FxcAAP%2F%2FAQAA%2F%2F%2FyriyMbQQAAA%3D%3D
192.243.61.227200 OK 7 B URL HTTP/1.1 errresound.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSQYscRRSuzo4gelHJRfDQeAiKMumemc5Om0BwjSuLcXdNInvwVF1VPVtudVdT1T09u6fViOQ4Bw%2Fqqfeb3SyJiyQ%2FQJFZL2HxkAaRBbMnL4I3QTzKTAZGH%2FR77%2BvvHb7v1ftirzgjHgp6uv6B3pFK0YtB03Nf25Ap16V1V2%2B5vtf0LrsbMr3UuewOJsn03%2FK9oOm97r4n2Ja%2B2PJ8z%2FM9312WRsR6cHHKQmZHod8MvWan1fSDDgbm%2F9gWDix1wPtn5CVIXj%2Bz%2BeghJBsjTR5cE3Yr19mb7yaFork26PPDj9KtVJcpknkbGwdxejibhrY1IV%2Bdg04PZw6g%2B%2FsTB4hkTZxffUTp4Uwmov7BU6WRgkgR8edR9scQagxJx2D6NiR%2FTADGsbqGNLm7qk1Jt5%2BydMLWpPH3X5BlTRpPziNNvltScuDe1KrIpU4tBnEFORhD9sbIimPkOw5keQyWfwbJCdKkguTV1LWUY8h4DCWGoNZBMfmkgyJ2UGQOEn7q0iCMPW8xjuJ2u9thjLXbjAXdSzzg7U439lCwiawh8mwIpoZgZheZ2cWWHMIUP8JuVrDcgc1r4ny4iz6vUAqC0hKUlKCUBGVOUParA65sy1Z3ubJF5M9qa1bb1UjnvT16oPOeSMledkZenO7jz3tDbIlTVyzGbY8z4YcdP%2FCDbhh22u1Loh10o5CGogUrK0h7bmp1R9bkPHsDmazJwoXfEdFjWHUMJhdACx%2B0HC22PNDNUafrYSc98DrNhILrClneQL7t7Kkz8vJUwKsLv0Gwk6v3Xzl61r%2FwB5ipkJkKn8ifCHrqzuiGLsn%2BDV1a8nAty2Uid%2BjksW7mNBcL998X26U2fOWaHd57m02ISXt0S9j8Ok25THuWfLskORdmWRsmyPcrdkNE64XdXCpMWmTX199ZXkkyI6yVOh2Dysdr%2F4DJmjQ%2B%2FWF6hi%2F8%2FDmkGcMUFZLihMwCUh%2BDZbuw2Vy91QRGzWeizEFZVCPTiuY%2FlSRQYo5pVMH%2BB0fzfs%2FeQc80QPPb0%2BPrmwp9VYGqIWzx3CjPzMnVR19P4htEqjGKlGnsR8qoL6ernaQnNbny8aAmV64%2BgJWnrghiLxZeS0RxGMWL1ONh3AkjGvpiMQqoj9zW7Jcm%2FxcAAP%2F%2FAQAA%2F%2F%2FyriyMbQQAAA%3D%3D
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSQYscRRSuzo4gelHJRfDQeAiKMumemc5Om0BwjSuLcXdNInvwVF1VPVtudVdT1T09u6fViOQ4Bw%2Fqqfeb3SyJiyQ%2FQJFZL2HxkAaRBbMnL4I3QTzKTAZGH%2FR77%2BvvHb7v1ftirzgjHgp6uv6B3pFK0YtB03Nf25Ap16V1V2%2B5vtf0LrsbMr3UuewOJsn03%2FK9oOm97r4n2Ja%2B2PJ8z%2FM9312WRsR6cHHKQmZHod8MvWan1fSDDgbm%2F9gWDix1wPtn5CVIXj%2Bz%2BeghJBsjTR5cE3Yr19mb7yaFork26PPDj9KtVJcpknkbGwdxejibhrY1IV%2Bdg04PZw6g%2B%2FsTB4hkTZxffUTp4Uwmov7BU6WRgkgR8edR9scQagxJx2D6NiR%2FTADGsbqGNLm7qk1Jt5%2BydMLWpPH3X5BlTRpPziNNvltScuDe1KrIpU4tBnEFORhD9sbIimPkOw5keQyWfwbJCdKkguTV1LWUY8h4DCWGoNZBMfmkgyJ2UGQOEn7q0iCMPW8xjuJ2u9thjLXbjAXdSzzg7U439lCwiawh8mwIpoZgZheZ2cWWHMIUP8JuVrDcgc1r4ny4iz6vUAqC0hKUlKCUBGVOUParA65sy1Z3ubJF5M9qa1bb1UjnvT16oPOeSMledkZenO7jz3tDbIlTVyzGbY8z4YcdP%2FCDbhh22u1Loh10o5CGogUrK0h7bmp1R9bkPHsDmazJwoXfEdFjWHUMJhdACx%2B0HC22PNDNUafrYSc98DrNhILrClneQL7t7Kkz8vJUwKsLv0Gwk6v3Xzl61r%2FwB5ipkJkKn8ifCHrqzuiGLsn%2BDV1a8nAty2Uid%2BjksW7mNBcL998X26U2fOWaHd57m02ISXt0S9j8Ok25THuWfLskORdmWRsmyPcrdkNE64XdXCpMWmTX199ZXkkyI6yVOh2Dysdr%2F4DJmjQ%2B%2FWF6hi%2F8%2FDmkGcMUFZLihMwCUh%2BDZbuw2Vy91QRGzWeizEFZVCPTiuY%2FlSRQYo5pVMH%2BB0fzfs%2FeQc80QPPb0%2BPrmwp9VYGqIWzx3CjPzMnVR19P4htEqjGKlGnsR8qoL6ernaQnNbny8aAmV64%2BgJWnrghiLxZeS0RxGMWL1ONh3AkjGvpiMQqoj9zW7Jcm%2FxcAAP%2F%2FAQAA%2F%2F%2FyriyMbQQAAA%3D%3D HTTP/1.1
Host: errresound.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://04.ma/
Cookie: u_pl=15509904; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlece7f30dce19415158994336e358b9a9e2=[2229212,2229213,3955576]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 28 Jan 2023 14:17:08 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f3906d2bfa3cee852e4f3bac33269809
Strict-Transport-Security: max-age=0; includeSubdomains
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2418
Expires: Sat, 28 Jan 2023 14:57:27 GMT
Date: Sat, 28 Jan 2023 14:17:09 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F33ce0741-fcf6-4205-8b3a-016953553eaf.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F33ce0741-fcf6-4205-8b3a-016953553eaf.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 195316042e7f798eeeb7993fecb3a383
4aeca24ad4702f87feaf9674ea0c1ff6d71826a3
b7e0a61060455241fce844d2c91eca500d409804361063ddb61053cbc9c7b1c1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F33ce0741-fcf6-4205-8b3a-016953553eaf.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13376
x-amzn-requestid: 64d0092e-1f1a-4183-a4a6-805e0bf37d32
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa-DvHIyoAMF6fA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d443b1-6387770232ddca74531bce91;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:35:45 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 8cRGlncOQ6qYv7qbI1HxTz-qUYJkTVa5V2qJM1C8XM5dmyXFA8qRvA==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:48:58 GMT
age: 59291
etag: "4aeca24ad4702f87feaf9674ea0c1ff6d71826a3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg
34.120.237.76200 OK 4.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4205d8106659e00fff1cbe9262918b8c
ab4f6528594a1725934727dc7d834c028a79c609
31f1a28602a194bd0856495d4d81d5c72cd7ff4e5bad6bdd1a31ec3041f4a2cc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4475
x-amzn-requestid: b7b272d6-3089-4f33-89b5-5cb388640e10
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_e6HsaIAMF5Lg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d445f8-1789f7f4264270916da323db;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:45:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hAzO-IMqc1CFpiBAlRl8seIYL9UonyrBMATibovyFq5kEuaweY_VyA==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:56:46 GMT
age: 58823
etag: "ab4f6528594a1725934727dc7d834c028a79c609"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2418
Expires: Sat, 28 Jan 2023 14:57:27 GMT
Date: Sat, 28 Jan 2023 14:17:09 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb781854-72d1-4a71-a095-0416f886f570.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb781854-72d1-4a71-a095-0416f886f570.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 131eb343c5abd61939457d69bd371348
ffb2035cf64fc83f01db5c6f26ffa264b6aac95b
8486eb9dc6325018f8721bc6f37408f260b6e652b145280f2d778d860d3ec2d5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb781854-72d1-4a71-a095-0416f886f570.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7538
x-amzn-requestid: 113924cc-a196-4dbd-91d9-68c213265afe
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e3fobF-ZoAMFjjA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c61302-6b24941a642b22cf21e47dc0;Sampled=0
x-amzn-remapped-date: Tue, 17 Jan 2023 03:16:18 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 2P09wOtKPDHjxxAuzcLFMQJwmGN1zNJcH9LA6IJpeaGiaPVRF4y-TA==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 22:14:23 GMT
age: 57766
etag: "ffb2035cf64fc83f01db5c6f26ffa264b6aac95b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
cdn.cloudimagesb.com/cti/29/eb/08/29eb08c32bad57ff8c8e14af3a16e9c1/1628586955.jpg
45.133.44.9200 OK 24 kB URL HTTP/1.1 cdn.cloudimagesb.com/cti/29/eb/08/29eb08c32bad57ff8c8e14af3a16e9c1/1628586955.jpg
IP 45.133.44.9:0
ASN #39572 DataWeb Global Group B.V.
Hash e6cfc09f5b4e61974e9cf4bf0b5779dd
ca1b795ebcc9c62879fb20ca87397dc926abcbc3
cae676e97fa7be22a831897d903403d6f968fde697ed778d4f730453bbff4e6e
GET /cti/29/eb/08/29eb08c32bad57ff8c8e14af3a16e9c1/1628586955.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://04.ma/
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 14:17:08 GMT
Content-Type: image/jpeg
Content-Length: 22987
Connection: keep-alive
Server: nginx/1.17.6
Last-Modified: Tue, 10 Aug 2021 09:16:05 GMT
ETag: "611243d5-59cb"
Expires: Mon, 30 Jan 2023 14:17:08 GMT
Cache-Control: max-age=172800
X-Proxy-Cache: HIT
Accept-Ranges: bytes
cdn.cloudimagesb.com/cti/51/bb/80/51bb807c8b914e3cc08eace2b0587473/1628586935.jpg
45.133.44.9200 OK 30 kB URL HTTP/1.1 cdn.cloudimagesb.com/cti/51/bb/80/51bb807c8b914e3cc08eace2b0587473/1628586935.jpg
IP 45.133.44.9:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 320x240, components 3\012- data
Hash a87779ccaaa4021b0b4f33812742679a
87322480f885dc0b6463c182b7bdb3eb60ab2592
a8f8dbc930527f94496d5a9883b6034e27a673090a89b518596d6e2b656df96f
GET /cti/51/bb/80/51bb807c8b914e3cc08eace2b0587473/1628586935.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://04.ma/
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 14:17:08 GMT
Content-Type: image/jpeg
Content-Length: 30127
Connection: keep-alive
Server: nginx/1.17.6
Last-Modified: Tue, 10 Aug 2021 09:15:44 GMT
ETag: "611243c0-75af"
Expires: Mon, 30 Jan 2023 14:17:08 GMT
Cache-Control: max-age=172800
X-Proxy-Cache: HIT
Accept-Ranges: bytes
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0cadb8fa-5527-46cd-92dd-6316ac84a7d5.jpeg
34.120.237.76200 OK 7.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0cadb8fa-5527-46cd-92dd-6316ac84a7d5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 57b73886cbbb719eda5f733c018eedfb
b84ed40973f8a0d3c10529e34f9466746cfdaf0c
4ba11c23e0bbd2aed53b04ad0b3d22161af1971ddcfb75ae55734de9a49af207
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0cadb8fa-5527-46cd-92dd-6316ac84a7d5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7028
x-amzn-requestid: c1743fed-205a-431b-8648-474facde6d09
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa-CwFtboAMF9rg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d443ab-5b94864c707c42fc36fbc63a;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:35:39 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 7LUa_R8g8Rlv7JJA0_okht-vGe-xBSyZ5TPJTFakAHlncQPZKEdULQ==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:48:58 GMT
age: 59291
etag: "b84ed40973f8a0d3c10529e34f9466746cfdaf0c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2418
Expires: Sat, 28 Jan 2023 14:57:27 GMT
Date: Sat, 28 Jan 2023 14:17:09 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0a2033b2-0708-4731-82a4-5bbc9f000ae2.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0a2033b2-0708-4731-82a4-5bbc9f000ae2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a2881cea3ae511d3dfd2f6b7cd598a4e
105d8d675aaafce5602e4015aee2d1659553d1b1
0993ef71c2af9e07ed09e0e2ba40a4d9fdd01444154c2f39f8fc48a4dfef1730
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0a2033b2-0708-4731-82a4-5bbc9f000ae2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10863
x-amzn-requestid: db873091-be76-4276-aa3e-f9bd44051508
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fbAMbHCMoAMFsYg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d4471c-57f14d6a3ebcc8a1788bae80;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:50:20 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: S8H9sSYtUyye2ex8ulTLy6SEyqTt3xUmjRkTWL0oCEDZIDA21dnudw==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 22:38:29 GMT
etag: "105d8d675aaafce5602e4015aee2d1659553d1b1"
content-type: image/jpeg
age: 56320
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22cc3f55-9811-4ec2-a57e-a3e71a3f0554.jpeg
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22cc3f55-9811-4ec2-a57e-a3e71a3f0554.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ea24bcba583bd8bd139559448a343e68
b9d37c2b14f890d41983a59f352e8f7caa9c94bb
e5ef5975eec964ae1684deb424f00833f2d217bdc7e6c385320ed3adeb6bc1c4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22cc3f55-9811-4ec2-a57e-a3e71a3f0554.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7585
x-amzn-requestid: bfb52acb-e0d7-482d-8be9-be5db1c16cac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_vkE5roAMF0Hw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d44663-2d38d314177e0ac40d4c8240;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:47:15 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: K9YWM9eaEc1DQ6wtEEuADnG1U-ahRBXDaiHIAm20dkWMOxPWBlJidw==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 22:46:13 GMT
age: 55856
etag: "b9d37c2b14f890d41983a59f352e8f7caa9c94bb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
cdn.cloudimagesb.com/si/06/17/a0/0617a061e6a71952b94e88ab57d30d21/1674471968.png
45.133.44.9200 OK 80 kB URL HTTP/1.1 cdn.cloudimagesb.com/si/06/17/a0/0617a061e6a71952b94e88ab57d30d21/1674471968.png
IP 45.133.44.9:0
ASN #39572 DataWeb Global Group B.V.
File type gzip compressed data, from Unix\012- data
Hash cfa559c187584a3ed52271c758d3ce36
f0dfebf8e299e8dc3af33320706517762282f13a
beb5b2e8fd32fb5b745013f1af19610fc917b8df241216a0d1fae67ab0f415f5
GET /si/06/17/a0/0617a061e6a71952b94e88ab57d30d21/1674471968.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://04.ma/
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 14:17:08 GMT
Content-Type: image/png
Content-Length: 78315
Connection: keep-alive
Server: nginx/1.17.6
Last-Modified: Mon, 23 Jan 2023 11:06:17 GMT
ETag: "63ce6a29-131eb"
Expires: Mon, 30 Jan 2023 14:17:08 GMT
Cache-Control: max-age=172800
X-Proxy-Cache: HIT
Accept-Ranges: bytes
cdn.cloudimagesb.com/si/14/d6/f0/14d6f0079ffda60cd9961f9c32e1cb1b/1674209884.png
45.133.44.9200 OK 108 kB URL HTTP/1.1 cdn.cloudimagesb.com/si/14/d6/f0/14d6f0079ffda60cd9961f9c32e1cb1b/1674209884.png
IP 45.133.44.9:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 320 x 240, 8-bit/color RGBA, non-interlaced\012- data
Size 108 kB (108061 bytes)
Hash f25a89906f49b309b04a788657e63775
fafed8a699a3942ca5d277b5f329e1e2377d3747
05d3612dca9ad5a805bd967d52285f06a4e8f028a3e94f4cef6031b985b9796d
GET /si/14/d6/f0/14d6f0079ffda60cd9961f9c32e1cb1b/1674209884.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://04.ma/
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 14:17:09 GMT
Content-Type: image/png
Content-Length: 108061
Connection: keep-alive
Server: nginx/1.17.6
Last-Modified: Fri, 20 Jan 2023 10:18:12 GMT
ETag: "63ca6a64-1a61d"
Expires: Mon, 30 Jan 2023 14:17:09 GMT
Cache-Control: max-age=172800
X-Proxy-Cache: HIT
Accept-Ranges: bytes
errresound.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSQWskRRSuTkYQvajsRfAweFgUZdI9M51MuwvBuEaCaxJ3V3LwVF1VPSlT3dVUdU9Pcoouyh7n4EE9db5JNuwaZPcHKDLxsgQP2yAScHPyIngTxKPM7MDog6r3Xn3v8H1fvS8O8gviIqfnmx%2FoPakUXfAbbv21LZlwXdj6%2Bq265zbcK%2FUtmSy2r9T748v03vJcv%2BG%2BXn9PsB290HQ91%2FVcr74qjYh0f2GCQqYngdcI3Ea72fD8Nvrm%2F73NHVjqgPcuyEuQvHpm%2B9FDSDZCEj%2B4JuxOptM3341zRTNt0OPHHyU7iS4SxLMyMg6i5Hg6DW0rQr6ag06Opwqge4djBQhlRZxfPYTJ8ZQmwt7RU6ahgkgQ8udR9EYQagRJR2D6NiR%2FTADGsb6BJL67rk1Bd5%2BidIxWpPb3X5BFRWpPLiGJv1tRsl%2B%2FqVWeSZ1Y9KMSsj%2BC7I6Q5qfI9hzI4hQs%2BwySEyRxCcnLiWopR5DRCEoMQK2DfHykgzxykKcOYn5ep34Que5SFEatVqfNGGu1GPM7i9znrXYncpGzMa0BsnQApgZgZh%2Bp2ceOHMDkP8Jul7Dcgc0q4ny4jx4vUQiCwhIUlKCQBEVGUPTKI65s05Z3ubJ56E1zc5pb5VBn3QN6pLOuSMhBekFenPjx570BdsR5XSxFLZcz4QVtz%2Ff8ThC0W61F0fI7YUAD0YSVJaSdm0jdkxW5xN5AKisyf%2Fl3hPQUVp2CyXnQ3AMthktNF3R72O642EuO3HYjpuC6RJrVkO06B%2BqCvDwh8Or8Ewh2tnz%2FlZNnvct%2FgJkSqSnxifyJoKvuDG%2Foghze0IUlDzfSTMZyj44%2F62ZGMzF%2F%2F32xW2jD167Zwb232RgYlye3hM2u04TLpGvJtyuSc2FWtWGCfL9mt0S4mdvtldwkeXp9853VtTg1wlqpkxGofLzxD5isSO3THyZr%2BMLPn0OaEUxeIs7PyDQg9SlYug%2BbzthbTWDUbCZM51Dk5dA0w9mjkgRKzHoalrD%2F6cNZfWDvoGtqoNntyfL1TImeKkHVADZ%2Fbpil5mz50dfj%2BAahqg1DZWqHoTLqy7G1v038rcjVj%2FsVubr8AFae14UfuZFwmyKMgjBaoi4PonYQ0sATS6FPPWS2Yr80%2BL8AAAD%2F%2FwEAAP%2F%2F8h2yXG0EAAA%3D
192.243.61.227200 OK 7 B URL HTTP/1.1 errresound.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSQWskRRSuTkYQvajsRfAweFgUZdI9M51MuwvBuEaCaxJ3V3LwVF1VPSlT3dVUdU9Pcoouyh7n4EE9db5JNuwaZPcHKDLxsgQP2yAScHPyIngTxKPM7MDog6r3Xn3v8H1fvS8O8gviIqfnmx%2FoPakUXfAbbv21LZlwXdj6%2Bq265zbcK%2FUtmSy2r9T748v03vJcv%2BG%2BXn9PsB290HQ91%2FVcr74qjYh0f2GCQqYngdcI3Ea72fD8Nvrm%2F73NHVjqgPcuyEuQvHpm%2B9FDSDZCEj%2B4JuxOptM3341zRTNt0OPHHyU7iS4SxLMyMg6i5Hg6DW0rQr6ag06Opwqge4djBQhlRZxfPYTJ8ZQmwt7RU6ahgkgQ8udR9EYQagRJR2D6NiR%2FTADGsb6BJL67rk1Bd5%2BidIxWpPb3X5BFRWpPLiGJv1tRsl%2B%2FqVWeSZ1Y9KMSsj%2BC7I6Q5qfI9hzI4hQs%2BwySEyRxCcnLiWopR5DRCEoMQK2DfHykgzxykKcOYn5ep34Que5SFEatVqfNGGu1GPM7i9znrXYncpGzMa0BsnQApgZgZh%2Bp2ceOHMDkP8Jul7Dcgc0q4ny4jx4vUQiCwhIUlKCQBEVGUPTKI65s05Z3ubJ56E1zc5pb5VBn3QN6pLOuSMhBekFenPjx570BdsR5XSxFLZcz4QVtz%2Ff8ThC0W61F0fI7YUAD0YSVJaSdm0jdkxW5xN5AKisyf%2Fl3hPQUVp2CyXnQ3AMthktNF3R72O642EuO3HYjpuC6RJrVkO06B%2BqCvDwh8Or8Ewh2tnz%2FlZNnvct%2FgJkSqSnxifyJoKvuDG%2Foghze0IUlDzfSTMZyj44%2F62ZGMzF%2F%2F32xW2jD167Zwb232RgYlye3hM2u04TLpGvJtyuSc2FWtWGCfL9mt0S4mdvtldwkeXp9853VtTg1wlqpkxGofLzxD5isSO3THyZr%2BMLPn0OaEUxeIs7PyDQg9SlYug%2BbzthbTWDUbCZM51Dk5dA0w9mjkgRKzHoalrD%2F6cNZfWDvoGtqoNntyfL1TImeKkHVADZ%2Fbpil5mz50dfj%2BAahqg1DZWqHoTLqy7G1v038rcjVj%2FsVubr8AFae14UfuZFwmyKMgjBaoi4PonYQ0sATS6FPPWS2Yr80%2BL8AAAD%2F%2FwEAAP%2F%2F8h2yXG0EAAA%3D
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSQWskRRSuTkYQvajsRfAweFgUZdI9M51MuwvBuEaCaxJ3V3LwVF1VPSlT3dVUdU9Pcoouyh7n4EE9db5JNuwaZPcHKDLxsgQP2yAScHPyIngTxKPM7MDog6r3Xn3v8H1fvS8O8gviIqfnmx%2FoPakUXfAbbv21LZlwXdj6%2Bq265zbcK%2FUtmSy2r9T748v03vJcv%2BG%2BXn9PsB290HQ91%2FVcr74qjYh0f2GCQqYngdcI3Ea72fD8Nvrm%2F73NHVjqgPcuyEuQvHpm%2B9FDSDZCEj%2B4JuxOptM3341zRTNt0OPHHyU7iS4SxLMyMg6i5Hg6DW0rQr6ag06Opwqge4djBQhlRZxfPYTJ8ZQmwt7RU6ahgkgQ8udR9EYQagRJR2D6NiR%2FTADGsb6BJL67rk1Bd5%2BidIxWpPb3X5BFRWpPLiGJv1tRsl%2B%2FqVWeSZ1Y9KMSsj%2BC7I6Q5qfI9hzI4hQs%2BwySEyRxCcnLiWopR5DRCEoMQK2DfHykgzxykKcOYn5ep34Que5SFEatVqfNGGu1GPM7i9znrXYncpGzMa0BsnQApgZgZh%2Bp2ceOHMDkP8Jul7Dcgc0q4ny4jx4vUQiCwhIUlKCQBEVGUPTKI65s05Z3ubJ56E1zc5pb5VBn3QN6pLOuSMhBekFenPjx570BdsR5XSxFLZcz4QVtz%2Ff8ThC0W61F0fI7YUAD0YSVJaSdm0jdkxW5xN5AKisyf%2Fl3hPQUVp2CyXnQ3AMthktNF3R72O642EuO3HYjpuC6RJrVkO06B%2BqCvDwh8Or8Ewh2tnz%2FlZNnvct%2FgJkSqSnxifyJoKvuDG%2Foghze0IUlDzfSTMZyj44%2F62ZGMzF%2F%2F32xW2jD167Zwb232RgYlye3hM2u04TLpGvJtyuSc2FWtWGCfL9mt0S4mdvtldwkeXp9853VtTg1wlqpkxGofLzxD5isSO3THyZr%2BMLPn0OaEUxeIs7PyDQg9SlYug%2BbzthbTWDUbCZM51Dk5dA0w9mjkgRKzHoalrD%2F6cNZfWDvoGtqoNntyfL1TImeKkHVADZ%2Fbpil5mz50dfj%2BAahqg1DZWqHoTLqy7G1v038rcjVj%2FsVubr8AFae14UfuZFwmyKMgjBaoi4PonYQ0sATS6FPPWS2Yr80%2BL8AAAD%2F%2FwEAAP%2F%2F8h2yXG0EAAA%3D HTTP/1.1
Host: errresound.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://04.ma/
Cookie: u_pl=15509904; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlece7f30dce19415158994336e358b9a9e2=[2229212,2229213,3955576]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 28 Jan 2023 14:17:09 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 224c06ecc86ebc656752760780ddb9ec
Strict-Transport-Security: max-age=0; includeSubdomains
errresound.com/ren.gif?sid=H4sIAAAAAAAC%2F1RST2gcVRx%2B011B7EnpRRAZPBRF2czsn2THFoKxpgRrmv7RHDy9ee%2FN5pm384b3ZnY2OYUWpcc9eFBPk2%2BThtZQ2lsvgmy8lJwcEAnYnLyI3gTPMtuF6A%2Fm92e%2B3%2BH7fu%2F7ajc7JR4yerL2id6WStG5TsNz316XMde5dVdvu77X8C656zKeb19yh1Uyg%2Fd9r9Pw3nGvCrap55qe73m%2B57vL0ohID%2BemKGRyGPiNwGu0mw2%2F08bQ%2FH%2B2mQNLHfDBKXkNkpcvbTx7AskmiPuPrwi7merkvY%2F6maKpNhjwg0%2FjzVjnMfpnbWQcRPHBbBvaloR8cw46PpgpgB7sVQoQypI4v%2FoI44MZTYSD%2FRdMQwURI%2BTnkQ8mEGoCSSdg%2Bi4k%2F5kAjGP1OuL%2B%2FVVtcrr1AqUVWpL6P39D5iWpP7%2BAuP9oScmhe0urLJU6thhGBeRwAtmbIMmOkG47kPkRWHoHkhPE%2FQKSF1PVUk4gowmUGIFaB1n1SQdZ5CBLHPT5iUs7QeR5C1EYtVrdNmOs1WKs053nHd5qdyMPGatojZAmIzA1AjM7SMwONuUIJvsRdqOA5Q5sWhLnxg4GvEAuCHJLkFOCXBLkKUE%2BKPa5sk1b3OfKZqE%2Fq81ZbRVjnfZ26b5OeyImu8kpeXV6j78ejLApTlyxELU8zoQftP2O3%2BkGQbvVmhetTjcMaCCasLKAtOemUrdlSS6wd5HIktQu%2Fo6QHsGqIzBZA8180Hy80PRAN8btrofteN9rN%2FoUXBdI0jrSLWdXnZLXpwQufz6EYMeLj57e%2BPPLN5%2BCmQKJKfCF%2FImgp%2B6Nb%2Bqc7N3UuSVPriep7MttWj3WrZSmovbwY7GVa8NXrtjRgw9YBVTt4W1h02s05jLuWfL9kuRcmGVtmCA%2FrNh1Ea5ldmMpM3GWXFv7cHmlnxhhrdTxBLQynlwEkyU5X%2FtsakT3zlVIM4HJCvSzYzILSH0EluzAJseLD984fNm%2F%2BAesJjDqbCdMasizYmya4dlPJQmUOJtpWMD%2BZw7P%2Bl17Dz1TB03vTu03MAUGqgBVI9jslXGamOPFZ99W8R1CVR%2BHytT3QmXU1yV5q%2FZblZ5Pz1ySy4uPYeWJKzqRFwmvKcIoCKMF6vEgagchDXyxEHaoj9SW7JcG%2FxcAAP%2F%2FAQAA%2F%2F%2BhQM8PbwQAAA%3D%3D
192.243.61.227200 OK 7 B URL HTTP/1.1 errresound.com/ren.gif?sid=H4sIAAAAAAAC%2F1RST2gcVRx%2B011B7EnpRRAZPBRF2czsn2THFoKxpgRrmv7RHDy9ee%2FN5pm384b3ZnY2OYUWpcc9eFBPk2%2BThtZQ2lsvgmy8lJwcEAnYnLyI3gTPMtuF6A%2Fm92e%2B3%2BH7fu%2F7ajc7JR4yerL2id6WStG5TsNz316XMde5dVdvu77X8C656zKeb19yh1Uyg%2Fd9r9Pw3nGvCrap55qe73m%2B57vL0ohID%2BemKGRyGPiNwGu0mw2%2F08bQ%2FH%2B2mQNLHfDBKXkNkpcvbTx7AskmiPuPrwi7merkvY%2F6maKpNhjwg0%2FjzVjnMfpnbWQcRPHBbBvaloR8cw46PpgpgB7sVQoQypI4v%2FoI44MZTYSD%2FRdMQwURI%2BTnkQ8mEGoCSSdg%2Bi4k%2F5kAjGP1OuL%2B%2FVVtcrr1AqUVWpL6P39D5iWpP7%2BAuP9oScmhe0urLJU6thhGBeRwAtmbIMmOkG47kPkRWHoHkhPE%2FQKSF1PVUk4gowmUGIFaB1n1SQdZ5CBLHPT5iUs7QeR5C1EYtVrdNmOs1WKs053nHd5qdyMPGatojZAmIzA1AjM7SMwONuUIJvsRdqOA5Q5sWhLnxg4GvEAuCHJLkFOCXBLkKUE%2BKPa5sk1b3OfKZqE%2Fq81ZbRVjnfZ26b5OeyImu8kpeXV6j78ejLApTlyxELU8zoQftP2O3%2BkGQbvVmhetTjcMaCCasLKAtOemUrdlSS6wd5HIktQu%2Fo6QHsGqIzBZA8180Hy80PRAN8btrofteN9rN%2FoUXBdI0jrSLWdXnZLXpwQufz6EYMeLj57e%2BPPLN5%2BCmQKJKfCF%2FImgp%2B6Nb%2Bqc7N3UuSVPriep7MttWj3WrZSmovbwY7GVa8NXrtjRgw9YBVTt4W1h02s05jLuWfL9kuRcmGVtmCA%2FrNh1Ea5ldmMpM3GWXFv7cHmlnxhhrdTxBLQynlwEkyU5X%2FtsakT3zlVIM4HJCvSzYzILSH0EluzAJseLD984fNm%2F%2BAesJjDqbCdMasizYmya4dlPJQmUOJtpWMD%2BZw7P%2Bl17Dz1TB03vTu03MAUGqgBVI9jslXGamOPFZ99W8R1CVR%2BHytT3QmXU1yV5q%2FZblZ5Pz1ySy4uPYeWJKzqRFwmvKcIoCKMF6vEgagchDXyxEHaoj9SW7JcG%2FxcAAP%2F%2FAQAA%2F%2F%2BhQM8PbwQAAA%3D%3D
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RST2gcVRx%2B011B7EnpRRAZPBRF2czsn2THFoKxpgRrmv7RHDy9ee%2FN5pm384b3ZnY2OYUWpcc9eFBPk2%2BThtZQ2lsvgmy8lJwcEAnYnLyI3gTPMtuF6A%2Fm92e%2B3%2BH7fu%2F7ajc7JR4yerL2id6WStG5TsNz316XMde5dVdvu77X8C656zKeb19yh1Uyg%2Fd9r9Pw3nGvCrap55qe73m%2B57vL0ohID%2BemKGRyGPiNwGu0mw2%2F08bQ%2FH%2B2mQNLHfDBKXkNkpcvbTx7AskmiPuPrwi7merkvY%2F6maKpNhjwg0%2FjzVjnMfpnbWQcRPHBbBvaloR8cw46PpgpgB7sVQoQypI4v%2FoI44MZTYSD%2FRdMQwURI%2BTnkQ8mEGoCSSdg%2Bi4k%2F5kAjGP1OuL%2B%2FVVtcrr1AqUVWpL6P39D5iWpP7%2BAuP9oScmhe0urLJU6thhGBeRwAtmbIMmOkG47kPkRWHoHkhPE%2FQKSF1PVUk4gowmUGIFaB1n1SQdZ5CBLHPT5iUs7QeR5C1EYtVrdNmOs1WKs053nHd5qdyMPGatojZAmIzA1AjM7SMwONuUIJvsRdqOA5Q5sWhLnxg4GvEAuCHJLkFOCXBLkKUE%2BKPa5sk1b3OfKZqE%2Fq81ZbRVjnfZ26b5OeyImu8kpeXV6j78ejLApTlyxELU8zoQftP2O3%2BkGQbvVmhetTjcMaCCasLKAtOemUrdlSS6wd5HIktQu%2Fo6QHsGqIzBZA8180Hy80PRAN8btrofteN9rN%2FoUXBdI0jrSLWdXnZLXpwQufz6EYMeLj57e%2BPPLN5%2BCmQKJKfCF%2FImgp%2B6Nb%2Bqc7N3UuSVPriep7MttWj3WrZSmovbwY7GVa8NXrtjRgw9YBVTt4W1h02s05jLuWfL9kuRcmGVtmCA%2FrNh1Ea5ldmMpM3GWXFv7cHmlnxhhrdTxBLQynlwEkyU5X%2FtsakT3zlVIM4HJCvSzYzILSH0EluzAJseLD984fNm%2F%2BAesJjDqbCdMasizYmya4dlPJQmUOJtpWMD%2BZw7P%2Bl17Dz1TB03vTu03MAUGqgBVI9jslXGamOPFZ99W8R1CVR%2BHytT3QmXU1yV5q%2FZblZ5Pz1ySy4uPYeWJKzqRFwmvKcIoCKMF6vEgagchDXyxEHaoj9SW7JcG%2FxcAAP%2F%2FAQAA%2F%2F%2BhQM8PbwQAAA%3D%3D HTTP/1.1
Host: errresound.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://04.ma/
Cookie: u_pl=15509904; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlece7f30dce19415158994336e358b9a9e2=[2229212,2229213,3955576]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 28 Jan 2023 14:17:09 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 16d55d919df7d5e208f65573760d0fe8
Strict-Transport-Security: max-age=0; includeSubdomains
errresound.com/65/aa/28/65aa283021630dfd9030555c4c61a78c.js
192.243.61.227200 OK 29 kB URL HTTP/1.1 errresound.com/65/aa/28/65aa283021630dfd9030555c4c61a78c.js
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash ff121fe2d8d93f1e00ea5904fda53edf
c8b8f5ca1a02634188415fca35d8e199a140b5d1
1ee35c262c2827e27444bdcb1cabd1927f3f1f959484096a5bf816eb4b2c96cf
Analyzer Verdict Alert quad9 Sinkholed
GET /65/aa/28/65aa283021630dfd9030555c4c61a78c.js HTTP/1.1
Host: errresound.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://04.ma/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 28 Jan 2023 14:17:09 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 69cf5da0059279459254ce96ac53aed2
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
errresound.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSPWwcRRSeTY4mVKA0UKAVBQKBLrv3E9%2BSSBYmGFkEx4mDXFDNzsyeB8%2FurGZ2b8%2BuLCJQyisogGr9nR0rEEVJlwaBzjSRpUgsQsgScQMdFEhI0CG055MsnjTvZ75XfN9779Od%2FJh4yOnRyvt6SypFL3Sbnvvqmky4Lqy7fNP1vaZ3yV2TycXOJXdYOzN40%2Fe6Te81913BNvSFlud7nu%2F57qI0ItLDC1MUMr0X%2BM3Aa3ZaTb%2FbwdD8v7a5A0sd8MExeR6SV8%2BsP34IySZI4gdXhN3IdPrGO3GuaKYNBnz%2Fg2Qj0UWC%2BDSNjIMo2Z91Q9uKkM%2FPQCf7MwXQg91aAUJZEednH2GyP6OJcLB3wjRUEAlC%2FiyKwQRCTSDpBEzfguQ%2FEIBxLF9DEt9Z1qagmycordGKNP7%2BC7KoSOPpeSTx%2FQUlh%2B6qVnkmdWIxjErI4QSyP0GaHyDbciCLA7DsY0hOkMQlJC%2BnqqWcQEYTKDECtQ7y%2BkkHeeQgTx3E%2FMil3SDyvLkojNrtXocx1m4z1u1d5F3e7vQiDzmraY2QpSMwNQIz20jNNjbkCCb%2FDna9hOUObFYR5%2Fo2BrxEIQgKS1BQgkISFBlBMSj3uLItW97hyuahP4utWWyXY531d%2BiezvoiITvpMXluOo8%2F7o6wIY5cMRe1Pc6EH3T8rt%2FtBUGn3b4o2t1eGNBAtGBlCWnPTKVuyYqcZ68jlRU5%2B8pvCOkBrDoAk2dBcx%2B0GM%2B1PND1cafnYSvZ8zrNmILrEmnWQLbp7Khj8sKUwOX5BxDscP7HvV9X%2F3lyBGZKpKbER%2FJ7gr66Pb6hC7J7QxeWPLyWZjKWW7Re1mpGM9H46j2xWWjDl67Y0d23WA3U6b2bwmZXacJl0rfk6wXJuTCL2jBBvlmyayJcye36Qm6SPL268vbiUpwaYa3UyQS0Prx6E7Ii5%2F59cXqIbvwE0kxg8hJxfkhmBqknYOk2bHo4f%2F%2FR9d8%2FeekRrCYw6rQnTBso8nJsWuHpp5IESpzWNCxhxekQQnH47Z8n2I69jb5pgGa3puc3MCUGqgRVI9j83DhLzeH84y9q%2BxKhaoxDZRq7oTLqs4q8fPaX2j2tyOUPhyeztvLIFd3Ii4TXEmEUhNEc9XgQdYKQBr6YC7vUR2Yr9lOT%2FwcAAP%2F%2FAQAA%2F%2F%2FF076mbwQAAA%3D%3D
192.243.61.227200 OK 7 B URL HTTP/1.1 errresound.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSPWwcRRSeTY4mVKA0UKAVBQKBLrv3E9%2BSSBYmGFkEx4mDXFDNzsyeB8%2FurGZ2b8%2BuLCJQyisogGr9nR0rEEVJlwaBzjSRpUgsQsgScQMdFEhI0CG055MsnjTvZ75XfN9779Od%2FJh4yOnRyvt6SypFL3Sbnvvqmky4Lqy7fNP1vaZ3yV2TycXOJXdYOzN40%2Fe6Te81913BNvSFlud7nu%2F57qI0ItLDC1MUMr0X%2BM3Aa3ZaTb%2FbwdD8v7a5A0sd8MExeR6SV8%2BsP34IySZI4gdXhN3IdPrGO3GuaKYNBnz%2Fg2Qj0UWC%2BDSNjIMo2Z91Q9uKkM%2FPQCf7MwXQg91aAUJZEednH2GyP6OJcLB3wjRUEAlC%2FiyKwQRCTSDpBEzfguQ%2FEIBxLF9DEt9Z1qagmycordGKNP7%2BC7KoSOPpeSTx%2FQUlh%2B6qVnkmdWIxjErI4QSyP0GaHyDbciCLA7DsY0hOkMQlJC%2BnqqWcQEYTKDECtQ7y%2BkkHeeQgTx3E%2FMil3SDyvLkojNrtXocx1m4z1u1d5F3e7vQiDzmraY2QpSMwNQIz20jNNjbkCCb%2FDna9hOUObFYR5%2Fo2BrxEIQgKS1BQgkISFBlBMSj3uLItW97hyuahP4utWWyXY531d%2BiezvoiITvpMXluOo8%2F7o6wIY5cMRe1Pc6EH3T8rt%2FtBUGn3b4o2t1eGNBAtGBlCWnPTKVuyYqcZ68jlRU5%2B8pvCOkBrDoAk2dBcx%2B0GM%2B1PND1cafnYSvZ8zrNmILrEmnWQLbp7Khj8sKUwOX5BxDscP7HvV9X%2F3lyBGZKpKbER%2FJ7gr66Pb6hC7J7QxeWPLyWZjKWW7Re1mpGM9H46j2xWWjDl67Y0d23WA3U6b2bwmZXacJl0rfk6wXJuTCL2jBBvlmyayJcye36Qm6SPL268vbiUpwaYa3UyQS0Prx6E7Ii5%2F59cXqIbvwE0kxg8hJxfkhmBqknYOk2bHo4f%2F%2FR9d8%2FeekRrCYw6rQnTBso8nJsWuHpp5IESpzWNCxhxekQQnH47Z8n2I69jb5pgGa3puc3MCUGqgRVI9j83DhLzeH84y9q%2BxKhaoxDZRq7oTLqs4q8fPaX2j2tyOUPhyeztvLIFd3Ii4TXEmEUhNEc9XgQdYKQBr6YC7vUR2Yr9lOT%2FwcAAP%2F%2FAQAA%2F%2F%2FF076mbwQAAA%3D%3D
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSPWwcRRSeTY4mVKA0UKAVBQKBLrv3E9%2BSSBYmGFkEx4mDXFDNzsyeB8%2FurGZ2b8%2BuLCJQyisogGr9nR0rEEVJlwaBzjSRpUgsQsgScQMdFEhI0CG055MsnjTvZ75XfN9779Od%2FJh4yOnRyvt6SypFL3Sbnvvqmky4Lqy7fNP1vaZ3yV2TycXOJXdYOzN40%2Fe6Te81913BNvSFlud7nu%2F57qI0ItLDC1MUMr0X%2BM3Aa3ZaTb%2FbwdD8v7a5A0sd8MExeR6SV8%2BsP34IySZI4gdXhN3IdPrGO3GuaKYNBnz%2Fg2Qj0UWC%2BDSNjIMo2Z91Q9uKkM%2FPQCf7MwXQg91aAUJZEednH2GyP6OJcLB3wjRUEAlC%2FiyKwQRCTSDpBEzfguQ%2FEIBxLF9DEt9Z1qagmycordGKNP7%2BC7KoSOPpeSTx%2FQUlh%2B6qVnkmdWIxjErI4QSyP0GaHyDbciCLA7DsY0hOkMQlJC%2BnqqWcQEYTKDECtQ7y%2BkkHeeQgTx3E%2FMil3SDyvLkojNrtXocx1m4z1u1d5F3e7vQiDzmraY2QpSMwNQIz20jNNjbkCCb%2FDna9hOUObFYR5%2Fo2BrxEIQgKS1BQgkISFBlBMSj3uLItW97hyuahP4utWWyXY531d%2BiezvoiITvpMXluOo8%2F7o6wIY5cMRe1Pc6EH3T8rt%2FtBUGn3b4o2t1eGNBAtGBlCWnPTKVuyYqcZ68jlRU5%2B8pvCOkBrDoAk2dBcx%2B0GM%2B1PND1cafnYSvZ8zrNmILrEmnWQLbp7Khj8sKUwOX5BxDscP7HvV9X%2F3lyBGZKpKbER%2FJ7gr66Pb6hC7J7QxeWPLyWZjKWW7Re1mpGM9H46j2xWWjDl67Y0d23WA3U6b2bwmZXacJl0rfk6wXJuTCL2jBBvlmyayJcye36Qm6SPL268vbiUpwaYa3UyQS0Prx6E7Ii5%2F59cXqIbvwE0kxg8hJxfkhmBqknYOk2bHo4f%2F%2FR9d8%2FeekRrCYw6rQnTBso8nJsWuHpp5IESpzWNCxhxekQQnH47Z8n2I69jb5pgGa3puc3MCUGqgRVI9j83DhLzeH84y9q%2BxKhaoxDZRq7oTLqs4q8fPaX2j2tyOUPhyeztvLIFd3Ii4TXEmEUhNEc9XgQdYKQBr6YC7vUR2Yr9lOT%2FwcAAP%2F%2FAQAA%2F%2F%2FF076mbwQAAA%3D%3D HTTP/1.1
Host: errresound.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://04.ma/
Cookie: u_pl=15509904; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlece7f30dce19415158994336e358b9a9e2=[2229212,2229213,3955576]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 28 Jan 2023 14:17:09 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f017c342d4e68dd92c321b64daac2b81
Strict-Transport-Security: max-age=0; includeSubdomains
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 4abb97e5fd107cb87b896feb33a2159b
757fc267c534b8f5191f97d4c6dce60753e965f2
88d691d314752499a884e54232b88c0d19e4c8163236851b99a0b0d3ac0d7f8a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 14:17:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 04c624d8879f883e20d8df7051843b37
0ba630a4f0865b761623030784e2b931cc6bfe1f
de8698a1e78247e0fbbe185a542c8ba7dcde748c3e84a5f636d2c6a6a10aedd1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3590
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 14:17:09 GMT
Last-Modified: Sat, 28 Jan 2023 13:17:19 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 313
partner.googleadservices.com/gampad/cookie.js?domain=04.ma&callback=_gfp_s_&client=ca-pub-9575065054627750
216.58.207.226200 OK 247 B URL HTTP/2 partner.googleadservices.com/gampad/cookie.js?domain=04.ma&callback=_gfp_s_&client=ca-pub-9575065054627750
IP 216.58.207.226:0
File type ASCII text, with very long lines (377), with no line terminators
Hash 482d92e97f230934f0f6ef52658ecb48
7366627d8776d570ed5fa4a84f211e2496bcd3de
93342fa3ce560cc9117f5810b83c5cb5a8888bf8d106235f7828381a3bd4a675
GET /gampad/cookie.js?domain=04.ma&callback=_gfp_s_&client=ca-pub-9575065054627750 HTTP/1.1
Host: partner.googleadservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://04.ma/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sat, 28 Jan 2023 14:17:09 GMT
server: cafe
cache-control: private
content-length: 247
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
solemnvine.com/pixel/purst?dl=0&th=0&sc=0&rs=2997&rd=2997&fd=369&bv=22.10.v.10&tmpl=136
173.233.137.52200 OK 0 B URL HTTP/1.1 solemnvine.com/pixel/purst?dl=0&th=0&sc=0&rs=2997&rd=2997&fd=369&bv=22.10.v.10&tmpl=136
IP 173.233.137.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=2997&rd=2997&fd=369&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: solemnvine.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://04.ma/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 28 Jan 2023 14:17:09 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 4abb97e5fd107cb87b896feb33a2159b
757fc267c534b8f5191f97d4c6dce60753e965f2
88d691d314752499a884e54232b88c0d19e4c8163236851b99a0b0d3ac0d7f8a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 14:17:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 17504951994384b5dfa3387f5e8b684f
d76ab271cbc580a05222ec155fbc0e82545ae97c
f7e09c196a20bed2d1c1f6fada5eb982e04880a2f1c8c24d7fdce87e46152c3d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 14:17:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 17504951994384b5dfa3387f5e8b684f
d76ab271cbc580a05222ec155fbc0e82545ae97c
f7e09c196a20bed2d1c1f6fada5eb982e04880a2f1c8c24d7fdce87e46152c3d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 14:17:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
tpc.googlesyndication.com/pagead/js/r20230124/r20110914/client/qs_click_protection_fy2021.js
216.58.207.193200 OK 7.5 kB URL HTTP/2 tpc.googlesyndication.com/pagead/js/r20230124/r20110914/client/qs_click_protection_fy2021.js
IP 216.58.207.193:0
File type ASCII text, with very long lines (1506)
Hash c8e19ab58d75eb01fd735f016f55201f
e3d257ad917d19ae463c29907f36e31e856cad37
52207b7bc66270e84d6bb6c05c6d5a2d2b0d511138073a3d3fe15d7c08119932
GET /pagead/js/r20230124/r20110914/client/qs_click_protection_fy2021.js HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 7523
x-xss-protection: 0
date: Fri, 27 Jan 2023 20:39:56 GMT
expires: Fri, 10 Feb 2023 20:39:56 GMT
cache-control: public, max-age=1209600
age: 63433
etag: 641023367890010850
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
tpc.googlesyndication.com/pagead/js/r20230124/r20110914/abg_lite_fy2021.js
216.58.207.193200 OK 9.1 kB URL HTTP/2 tpc.googlesyndication.com/pagead/js/r20230124/r20110914/abg_lite_fy2021.js
IP 216.58.207.193:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 048f55c2d3c143edfb2458287406a015
3881e320a5b92620e9ea80ae3b660b75a89d203b
22fcc33b9e76adc9732c009b2237272154075a5b477e94e1717cc562ba272cb0
GET /pagead/js/r20230124/r20110914/abg_lite_fy2021.js HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 8871
x-xss-protection: 0
date: Fri, 27 Jan 2023 20:40:41 GMT
expires: Fri, 10 Feb 2023 20:40:41 GMT
cache-control: public, max-age=1209600
age: 63388
etag: 9510037503091481574
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash cbe94bc7052911313fffd1cdad964a74
a96a6606f1d20baeeb4040c9ced3ba2f7bd1aada
430d90ac0a39038dbb5336cf29baf6786ac29491c5a8e4dcce04e93d9fceb5e1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 14:17:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.gstatic.com/mysidia/8aec859a266e19fb42fee7f82edeac28.js?tag=mysidia_one_click_handler_one_afma_2019
142.250.74.35200 OK 14 kB URL HTTP/2 www.gstatic.com/mysidia/8aec859a266e19fb42fee7f82edeac28.js?tag=mysidia_one_click_handler_one_afma_2019
IP 142.250.74.35:0
File type C++ source, ASCII text, with very long lines (1688)
Hash 3582c692298538eabf17eebd7434e582
587a6222383df174947008131dcccc13efbd3dba
ac83b4d1ea4abd201377d450290a7cc306499837a4b6ff1cd2b0f8d275baaa82
GET /mysidia/8aec859a266e19fb42fee7f82edeac28.js?tag=mysidia_one_click_handler_one_afma_2019 HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="mysidia"
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-length: 14079
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 27 Jan 2023 18:43:21 GMT
expires: Thu, 27 Apr 2023 18:43:21 GMT
cache-control: public, max-age=7776000
last-modified: Fri, 27 Jan 2023 00:31:18 GMT
content-type: text/javascript
age: 70429
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash cbe94bc7052911313fffd1cdad964a74
a96a6606f1d20baeeb4040c9ced3ba2f7bd1aada
430d90ac0a39038dbb5336cf29baf6786ac29491c5a8e4dcce04e93d9fceb5e1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 14:17:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
216.58.207.227200 OK 28 kB URL HTTP/2 fonts.gstatic.com/s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 28288, version 1.0\012- data
Hash 53b5e785dfdca21fa7adf7119fa1f8cc
a3a86dfd216ad29183ba5493ae39d45b62f9d8b8
4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08
GET /s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://googleads.g.doubleclick.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 28288
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 26 Jan 2023 14:34:21 GMT
expires: Fri, 26 Jan 2024 14:34:21 GMT
cache-control: public, max-age=31536000
age: 171769
last-modified: Wed, 01 Jun 2022 19:05:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://04.ma
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 25 Jan 2023 19:33:54 GMT
expires: Thu, 25 Jan 2024 19:33:54 GMT
cache-control: public, max-age=31536000
age: 240196
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.windy.com/img/logo201802/logo-full-windycom-white.svg
54.230.111.59200 OK 0 B URL HTTP/2 www.windy.com/img/logo201802/logo-full-windycom-white.svg
IP 54.230.111.59:0
GET /img/logo201802/logo-full-windycom-white.svg HTTP/1.1
Host: www.windy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webcams.windy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
content-type: image/svg+xml
server: nginx/1.18.0
date: Fri, 13 Jan 2023 02:20:59 GMT
last-modified: Tue, 15 May 2018 13:28:18 GMT
etag: W/"5afae072-2c43"
expires: Sun, 12 Jan 2025 02:20:59 GMT
cache-control: max-age=63072000
access-control-allow-origin: *
via: 1.1 google, 1.1 04c4f064943f75498361739eb063cb7a.cloudfront.net (CloudFront)
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: _lZ0c0PgFoNKBHlk4EWHhXxGFO6e401MXvTWxIC8C5Bb2tPZQ9j-Zw==
age: 1338969
X-Firefox-Spdy: h2
webcams.windy.com/webcams/public/embed/player/1622904818/day?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjoibWV0ZW9ibHVlLWNvbSIsInRvcGljIjoibGtyLXBsYXllci1hZGZyZWUiLCJpZCI6MTYyMjkwNDgxOCwiaWF0IjoxNjcwNTc0NjQ5LCJleHAiOjE2NzA1NzgyNDl9.9sTp75HslEoH-RTGQVECpXV7B7OtVbP_-IFGXtIwzjM
34.95.106.157200 OK 0 B URL HTTP/2 webcams.windy.com/webcams/public/embed/player/1622904818/day?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjoibWV0ZW9ibHVlLWNvbSIsInRvcGljIjoibGtyLXBsYXllci1hZGZyZWUiLCJpZCI6MTYyMjkwNDgxOCwiaWF0IjoxNjcwNTc0NjQ5LCJleHAiOjE2NzA1NzgyNDl9.9sTp75HslEoH-RTGQVECpXV7B7OtVbP_-IFGXtIwzjM
IP 34.95.106.157:0
GET /webcams/public/embed/player/1622904818/day?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjoibWV0ZW9ibHVlLWNvbSIsInRvcGljIjoibGtyLXBsYXllci1hZGZyZWUiLCJpZCI6MTYyMjkwNDgxOCwiaWF0IjoxNjcwNTc0NjQ5LCJleHAiOjE2NzA1NzgyNDl9.9sTp75HslEoH-RTGQVECpXV7B7OtVbP_-IFGXtIwzjM HTTP/1.1
Host: webcams.windy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://04.ma/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-powered-by: Express
access-control-allow-origin: *
vary: Referer, Accept-Encoding
content-type: text/html; charset=utf-8
content-encoding: gzip
date: Sat, 28 Jan 2023 14:17:07 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.googleapis.com/css2?family=Roboto&display=swap
142.250.74.106200 OK 0 B URL HTTP/2 fonts.googleapis.com/css2?family=Roboto&display=swap
IP 142.250.74.106:0
GET /css2?family=Roboto&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://04.ma/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 28 Jan 2023 14:17:07 GMT
date: Sat, 28 Jan 2023 14:17:07 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
sb.scorecardresearch.com/beacon.js
54.230.111.88200 OK 0 B URL HTTP/2 sb.scorecardresearch.com/beacon.js
IP 54.230.111.88:0
GET /beacon.js HTTP/1.1
Host: sb.scorecardresearch.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://04.ma/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
last-modified: Tue, 28 Jun 2022 13:19:23 GMT
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: gzip
date: Sat, 28 Jan 2023 01:20:13 GMT
cache-control: max-age=86400
etag: W/"eaf85c1c6758e84acfe134efd70e9373"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: RMqsoyZelVJgB9bAFDpOYn72NmZCDZAZZazavIW5cnRzcMA4Kq08EQ==
age: 46619
X-Firefox-Spdy: h2
gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS
178.250.2.146200 OK 0 B URL HTTP/2 gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS
IP 178.250.2.146:0
GET /sync?c=72&r=2&j=TRC.getRTUS HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://04.ma/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 14:17:09 GMT
content-type: text/javascript; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
expires: 60
server-processing-duration-in-ticks: 611499
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
recommendation.speakol.com/api/v2.1/recommendation?lang=ar&wids=wi-5515&pid=undefined&url=http%3A%2F%2F04.ma%2Foukaimeden-live-camera%2F&uid=72892de9-9f16-11ed-9ba4-be52a8e33faa&rid=72892e12-9f16-11ed-9ba4-be52a8e33faa&ref=http%3A%2F%2F04.ma%2Foukaimeden-live-camera%2F&lf=true&ads_offset=0&articles_offset=0&page=0
54.230.111.74200 OK 0 B URL HTTP/2 recommendation.speakol.com/api/v2.1/recommendation?lang=ar&wids=wi-5515&pid=undefined&url=http%3A%2F%2F04.ma%2Foukaimeden-live-camera%2F&uid=72892de9-9f16-11ed-9ba4-be52a8e33faa&rid=72892e12-9f16-11ed-9ba4-be52a8e33faa&ref=http%3A%2F%2F04.ma%2Foukaimeden-live-camera%2F&lf=true&ads_offset=0&articles_offset=0&page=0
IP 54.230.111.74:0
GET /api/v2.1/recommendation?lang=ar&wids=wi-5515&pid=undefined&url=http%3A%2F%2F04.ma%2Foukaimeden-live-camera%2F&uid=72892de9-9f16-11ed-9ba4-be52a8e33faa&rid=72892e12-9f16-11ed-9ba4-be52a8e33faa&ref=http%3A%2F%2F04.ma%2Foukaimeden-live-camera%2F&lf=true&ads_offset=0&articles_offset=0&page=0 HTTP/1.1
Host: recommendation.speakol.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://04.ma/
Origin: http://04.ma
Connection: keep-alive
Cookie: __SPK_UID=72892de9-9f16-11ed-9ba4-be52a8e33faa
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json; charset=utf-8
date: Sat, 28 Jan 2023 14:17:08 GMT
server: nginx/1.21.6
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-headers: Origin, Content-Type, Set-Cookie, Cookie, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: http://04.ma
access-control-expose-headers: Content-Length
set-cookie: __SPK_UID=72892de9-9f16-11ed-9ba4-be52a8e33faa; Path=/; Domain=speakol.com; Expires=Wed, 22 Feb 2023 14:17:08 GMT; Secure; SameSite=None
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 04c4f064943f75498361739eb063cb7a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: T-pQOsJ_7hPOX5fRgvaoAdxwpPQemWaMsuuYSOXL4bdpFWMhqWkmxg==
X-Firefox-Spdy: h2