r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash dca68db7aea32f6683ce8d542c078f04
19c495238df74fca680e21f18627ff94de5dd2e5
35cab3987fc0e4a41b305cb208c1e33fa38ce8bdfd9f386c3dc0411dd4d5ac61
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "35CAB3987FC0E4A41B305CB208C1E33FA38CE8BDFD9F386C3DC0411DD4D5AC61"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17015
Expires: Tue, 07 Feb 2023 13:31:29 GMT
Date: Tue, 07 Feb 2023 08:47:54 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 565c1bbc5c1c40be1988b3bf6fd9dc1a
cfdba5bc597130461dd67bf6cda53183be592493
60ceb36a8329c92fc49a3caf50daf511a38e01eac21a07d7a0a838166bea058d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "60CEB36A8329C92FC49A3CAF50DAF511A38E01EAC21A07D7A0A838166BEA058D"
Last-Modified: Mon, 06 Feb 2023 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5104
Expires: Tue, 07 Feb 2023 10:12:58 GMT
Date: Tue, 07 Feb 2023 08:47:54 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Content-Type, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 07 Feb 2023 08:36:31 GMT
content-type: application/json
age: 683
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash cc14b0d2f7c451f6431dc87ba54d1d60
bab8bfda6fa3e2f17125353f5147211787dc25d0
b58fe18a5cc8fe5aaf49ba7eadd0ef34692892e68e9c52eb5bb56ea27e1300ad
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B58FE18A5CC8FE5AAF49BA7EADD0EF34692892E68E9C52EB5BB56EA27E1300AD"
Last-Modified: Mon, 06 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12820
Expires: Tue, 07 Feb 2023 12:21:34 GMT
Date: Tue, 07 Feb 2023 08:47:54 GMT
Connection: keep-alive
productmusics.com/ru53332/AEKm6V6TUwAAtBECAFVTGQAMAHtEs0wA/download?ugct=14.exe
173.239.8.164302 Moved Temporarily 145 B URL HTTP/1.1 productmusics.com/ru53332/AEKm6V6TUwAAtBECAFVTGQAMAHtEs0wA/download?ugct=14.exe
IP 173.239.8.164:0
ASN #27257 WEBAIR-INTERNET
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash ca35f86083c327b09ec3df0adfe284e7
bd680276bffaf6fdb304657003d51a74b5c2f998
84c1fdfe0e68e2ed14b46fd867e91688936072ad51471ea9fa0c7616480ab912
Analyzer Verdict Alert fortinet Malware
GET /ru53332/AEKm6V6TUwAAtBECAFVTGQAMAHtEs0wA/download?ugct=14.exe HTTP/1.1
Host: productmusics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Moved Temporarily
Server: nginx/1.20.1
Date: Tue, 07 Feb 2023 08:47:54 GMT
Content-Type: text/html
Content-Length: 145
Connection: keep-alive
Location: http://productmusics.com/
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e76071a28ee566dababb3834f46d68ed
aebb4e68c1ba2de0f90025283e8ed8470944fde0
78b6df2627172e5b35476bc31020f02898cdc412aaf4337af2c3b049a60912b6
GET /chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: oOdAJNPJZULz4UguwnA8ghjNIfY5nR4tI8px+2YSnKsraRw7K8+tv2fcCNOz4Usc+wE5R9MjbHc=
x-amz-request-id: 0X1ANWF3GFMKAAR3
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 07 Feb 2023 08:35:27 GMT
age: 747
last-modified: Sun, 29 Jan 2023 18:44:47 GMT
etag: "e76071a28ee566dababb3834f46d68ed"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 07 Feb 2023 08:47:54 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
productmusics.com/
173.239.8.164200 OK 249 B IP 173.239.8.164:0
ASN #27257 WEBAIR-INTERNET
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash ebb3a409f0acc388938bac002af9a6aa
925b7c9198e73fa55640b851519db2e0767fa952
fc1e2128fbc9f1d479d9a286963b9095dfea2d5324a4327d845c2bc25f5ebd2e
Analyzer Verdict Alert fortinet Phishing
NIDS Severity Alert suricata medium ET ADWARE_PUP Win32/Zonebac Traffic Redirect
GET / HTTP/1.1
Host: productmusics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Tue, 07 Feb 2023 08:47:54 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Content-Type, Pragma, ETag, Retry-After, Backoff, Expires, Alert, Cache-Control, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 07 Feb 2023 08:07:20 GMT
age: 2435
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
productmusics.com/favicon.ico
173.239.8.164404 Not Found 114 B URL HTTP/1.1 productmusics.com/favicon.ico
IP 173.239.8.164:0
ASN #27257 WEBAIR-INTERNET
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4dda89292ffda632595d8e4040ef07c8
55c26cf87340555b3c09ba932bbabfc066a8d0ea
2615795f2aaccceaee3a5a92bcb488c122aed8a152f042633e41657fff9f7278
GET /favicon.ico HTTP/1.1
Host: productmusics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://productmusics.com/
HTTP/1.1 404 Not Found
Server: nginx/1.20.1
Date: Tue, 07 Feb 2023 08:47:55 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9b88bae61bca33aba8aa99f6128db8d9
a07b61fb2458917699613fcae68710941b595416
54915c2f79822732e06a592d027da421ad1e7a6458c545f98333db25612b3dea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "54915C2F79822732E06A592D027DA421AD1E7A6458C545F98333DB25612B3DEA"
Last-Modified: Mon, 06 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15276
Expires: Tue, 07 Feb 2023 13:02:31 GMT
Date: Tue, 07 Feb 2023 08:47:55 GMT
Connection: keep-alive
push.services.mozilla.com/
35.164.243.166101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.164.243.166:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: HLk1qrkSI6RwXxqJtZNP+g==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 341egRzLlXu/Wf5KozCkELRXBY0=
productmusics.com/
173.239.8.164200 OK 245 B IP 173.239.8.164:0
ASN #27257 WEBAIR-INTERNET
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash ad3b1b0aa00ec75864c849e8fa37c896
325fa66fbc66a6dea2da1009c429784d8df3bff5
beb1ed5b37a3ac3507eb9cfce2d42b298549e360f0aba83b920231cf2fffad90
Analyzer Verdict Alert fortinet Phishing
NIDS Severity Alert suricata medium ET ADWARE_PUP Win32/Zonebac Traffic Redirect
POST / HTTP/1.1
Host: productmusics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 12
Origin: http://productmusics.com
Connection: keep-alive
Referer: http://productmusics.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Tue, 07 Feb 2023 08:47:55 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: ipc=eyJ2ZXJzaW9uIjoxLCJzdWJJZCI6MywiZm9sZGVySWQiOjEsImZlZWRJZCI6NjQsInRzIjoxNjc1NzU5Njc1LCJoYXNoIjoiNjMyOWYxNmYifQ==;Expires=Tue, 07-Feb-2023 09:47:55 GMT;Max-Age=3600
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Encoding: gzip
belia-glp.com/zcvisitor/1d17e720-a6c4-11ed-b7d6-123d71bfa201/13946a70-a5da-11ec-9226-0a76dcc61f13?campaignid=053def20-6018-11ed-9d73-128084d1ce51
52.7.54.238200 1.1 kB URL HTTP/1.1 belia-glp.com/zcvisitor/1d17e720-a6c4-11ed-b7d6-123d71bfa201/13946a70-a5da-11ec-9226-0a76dcc61f13?campaignid=053def20-6018-11ed-9d73-128084d1ce51
IP 52.7.54.238:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash e6d8f281ddf41de165385446f02096c3
e4ebbd1060717f78a165371550e464540594dd16
e3316f4a9e697a2aa0c6e7bd04d227ced0e96d22a9db589199c234da7015fa8d
GET /zcvisitor/1d17e720-a6c4-11ed-b7d6-123d71bfa201/13946a70-a5da-11ec-9226-0a76dcc61f13?campaignid=053def20-6018-11ed-9d73-128084d1ce51 HTTP/1.1
Host: belia-glp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://productmusics.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200
Date: Tue, 07 Feb 2023 08:47:55 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Server: GQOhfIJt
belia-glp.com/zcredirect?visitid=1d17e720-a6c4-11ed-b7d6-123d71bfa201&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false
52.7.54.238200 952 B URL HTTP/1.1 belia-glp.com/zcredirect?visitid=1d17e720-a6c4-11ed-b7d6-123d71bfa201&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false
IP 52.7.54.238:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (433)
Hash 6cb85c8815b459db13f593f0a3636b29
d46b5e7dda44b5063e19c5f8b9d760a480b959b9
a1d3c48e0c10dab30c602c11f2f313fda4536d76756c2cde5e125b3468ff69f0
GET /zcredirect?visitid=1d17e720-a6c4-11ed-b7d6-123d71bfa201&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false HTTP/1.1
Host: belia-glp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://belia-glp.com/zcvisitor/1d17e720-a6c4-11ed-b7d6-123d71bfa201/13946a70-a5da-11ec-9226-0a76dcc61f13?campaignid=053def20-6018-11ed-9d73-128084d1ce51
Upgrade-Insecure-Requests: 1
HTTP/1.1 200
Date: Tue, 07 Feb 2023 08:47:56 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
redirected: JS
Server: zeVFQDWk
belia-glp.com/favicon.ico
52.7.54.238404 653 B URL HTTP/1.1 belia-glp.com/favicon.ico
IP 52.7.54.238:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (649), with no line terminators
Hash ba2732b1b2fa2626ffaa15f62f9e7d66
203d4e7fbb1d80449d6e4e1f3ae7a9bf8625debe
879861cb72fe9fbb476dab246021c4c83b4066327de2529e05ec54d3afb0a1c8
GET /favicon.ico HTTP/1.1
Host: belia-glp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://belia-glp.com/zcredirect?visitid=1d17e720-a6c4-11ed-b7d6-123d71bfa201&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false
HTTP/1.1 404
Date: Tue, 07 Feb 2023 08:47:56 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 653
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Content-Language: en
Server: YcFuAwch
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 68273225f74fbf7493f395610d7a73fc
5a8779ef5656aeeba23b365aad60b7901c5dd7fc
c83f285a1f3df0f7ac758a68ee95cc3d2671f80264c2e143cc0561cc574e3f19
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C83F285A1F3DF0F7AC758A68EE95CC3D2671F80264C2E143CC0561CC574E3F19"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8639
Expires: Tue, 07 Feb 2023 11:11:55 GMT
Date: Tue, 07 Feb 2023 08:47:56 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 68273225f74fbf7493f395610d7a73fc
5a8779ef5656aeeba23b365aad60b7901c5dd7fc
c83f285a1f3df0f7ac758a68ee95cc3d2671f80264c2e143cc0561cc574e3f19
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C83F285A1F3DF0F7AC758A68EE95CC3D2671F80264C2E143CC0561CC574E3F19"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8639
Expires: Tue, 07 Feb 2023 11:11:55 GMT
Date: Tue, 07 Feb 2023 08:47:56 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7926951f-dd16-4029-a877-933fa5d3c0f5.png
34.120.237.76200 OK 5.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7926951f-dd16-4029-a877-933fa5d3c0f5.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash cf292b03a5db7eb8e0660a518f41233c
8fa486cdecffff8a663da2df88227ee784c298a2
cfc5efb92068bdeeda5c95f9851213b14afa76776486d0493cf4c05b30453cf0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7926951f-dd16-4029-a877-933fa5d3c0f5.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5634
x-amzn-requestid: c380f2eb-c707-4086-9646-179ea89ba210
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fy9JKEpqoAMF9RA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dddbd4-49510561740468ba7b39f211;Sampled=0
x-amzn-remapped-date: Sat, 04 Feb 2023 04:15:16 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ofAz9sRlztBs3zypgsL9DkiJypsxagC7ZcUX3PLL_7FzUALp_MxtKA==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Mon, 06 Feb 2023 18:44:39 GMT
age: 50597
etag: "8fa486cdecffff8a663da2df88227ee784c298a2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe56753b9-ced9-4038-88f6-9ea3a7bc9f04.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe56753b9-ced9-4038-88f6-9ea3a7bc9f04.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash aa6c416b3a87ded887c9dcf7c51e5dd0
45f4ef9e68591c00669043abe96959bead8f17ae
9e10394b387916e40c44d4e02fbc1ea72214d870df189ce16d24015de00682bf
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe56753b9-ced9-4038-88f6-9ea3a7bc9f04.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11205
x-amzn-requestid: abdf9c40-a2b7-49ae-bea1-ff5abfcea781
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fvszZFOZoAMFkNg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dc8e7b-6e508da05ff6f33e691de130;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 04:33:00 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hLrbI5Acy2RBlg7VqGE2b83zuqgt-bx0kD0nlH8uYaJ8tii2FqMLfw==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 06 Feb 2023 15:25:12 GMT
age: 62564
etag: "45f4ef9e68591c00669043abe96959bead8f17ae"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9bbda930-ccb5-4a8a-b679-2389a710fc6f.jpeg
34.120.237.76200 OK 6.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9bbda930-ccb5-4a8a-b679-2389a710fc6f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d057038cd3164c40413a88f9b5c2af92
afbcb6617c7277ea42068c2aa1c8dcba02549873
ae03b42f1a5c3774e3ea569a886707a8a31da05a45bd971b829cf579be0ea6c7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9bbda930-ccb5-4a8a-b679-2389a710fc6f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6787
x-amzn-requestid: 15924d6a-68a3-414b-9e23-68d37291d4a8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fvyxSEjXIAMFT3Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dc9808-22daff920f5fe1201328ccee;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 05:13:44 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: AOnXbzTBcVZ3quJx3NoNQC08Gk5_phyp8UiWCm6Dk4GPxl8FCaIC4w==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 04:57:41 GMT
age: 13815
etag: "afbcb6617c7277ea42068c2aa1c8dcba02549873"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8ada2635-3335-4f49-9e7f-22d2ae016030.jpeg
34.120.237.76200 OK 4.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8ada2635-3335-4f49-9e7f-22d2ae016030.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash eedb4de12585c70ddb5b8f94fe6a59e2
83c9437e71a0a03b3e8ff652155a85eafa76cdda
d4493a30f62e9ad224b3595ba3af8a322e2d4a3d9238a1847973f962bdcc0c82
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8ada2635-3335-4f49-9e7f-22d2ae016030.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4227
x-amzn-requestid: b45f2ab7-0102-4542-9514-54fb93a0e27f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f77sTH4jIAMFnsQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e1731b-4a24bcb1102e58543cd81343;Sampled=0
x-amzn-remapped-date: Mon, 06 Feb 2023 21:37:31 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: V_4NzIAVBOZMjf_YIM3bowFdlP1y4peI5JI-jO105s3NVjmyYnC0Tg==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 06 Feb 2023 21:48:48 GMT
age: 39548
etag: "83c9437e71a0a03b3e8ff652155a85eafa76cdda"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F90168201-5a9a-4b46-93be-3475cfc8d425.jpeg
34.120.237.76200 OK 3.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F90168201-5a9a-4b46-93be-3475cfc8d425.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1ce14d8444f612655b3a1bfe39524fa4
975a6a73a44f6c148b78971c644cfe74a02089bb
4bb09993f3b4a0fbb2680e2eeb200a2733be367c8746bc22d0f926d8b3ff7164
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F90168201-5a9a-4b46-93be-3475cfc8d425.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3633
x-amzn-requestid: 3d3ca1a8-338e-4930-ae3a-71d6486c4f19
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fpdtCHe1oAMFQIA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63da0fec-549b40a006425da83f4f1610;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 07:08:28 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: CRc35z3FKqU1Zy7U3j3Wy9W4NhYpeGrT_5oG266ce1KEF0nWD1385Q==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Mon, 06 Feb 2023 21:46:30 GMT
age: 39686
etag: "975a6a73a44f6c148b78971c644cfe74a02089bb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa8ec9ce3-b686-41f5-8011-400eea8266d1.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa8ec9ce3-b686-41f5-8011-400eea8266d1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash bea82060b0cd156bf25493942ab62317
4182ba66cceb85c1e873ed5c72a86d53ab851b94
b77aaa7620aa77c7b73be04ad7c91af04f5e91393b3847928668bed644d68709
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa8ec9ce3-b686-41f5-8011-400eea8266d1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10297
x-amzn-requestid: e1dcfab3-4321-4c83-8ad2-5b6a1b948178
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f77J0G-voAMFrfg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e1723e-33c2bc5c1f200cca7d7aa961;Sampled=0
x-amzn-remapped-date: Mon, 06 Feb 2023 21:33:50 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: vKNh9Q9gmq_ho8Lz5QBBlue1tQiHsn20KF7tID1zITx-YSQPnN2vMw==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Mon, 06 Feb 2023 21:46:30 GMT
age: 39686
etag: "4182ba66cceb85c1e873ed5c72a86d53ab851b94"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
nativeadssearch.click/index.php?key=pdr211sy4449xeazadt9&cid=zr1d17e720a6c411edb7d6123d71bfa2014e3d70b1c4a949b3b19ac41f4ef5a848071024b0c082948bcd&bid=0.002000&target=kilo-cud-1x2n94yz2m&campaign_id=1978938&geo=NO&keyword=&source=cramoisy-sardine&match=&campaign_name=INTL+%7C+av+%7C+domain+%7C+d+%7C+NA+%7C+RON+%7C+L&creative_number=0&traffic_type=DOMAIN&visitor_type=NON-ADULT
45.32.107.182302 Found 0 B URL HTTP/1.1 nativeadssearch.click/index.php?key=pdr211sy4449xeazadt9&cid=zr1d17e720a6c411edb7d6123d71bfa2014e3d70b1c4a949b3b19ac41f4ef5a848071024b0c082948bcd&bid=0.002000&target=kilo-cud-1x2n94yz2m&campaign_id=1978938&geo=NO&keyword=&source=cramoisy-sardine&match=&campaign_name=INTL+%7C+av+%7C+domain+%7C+d+%7C+NA+%7C+RON+%7C+L&creative_number=0&traffic_type=DOMAIN&visitor_type=NON-ADULT
IP 45.32.107.182:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /index.php?key=pdr211sy4449xeazadt9&cid=zr1d17e720a6c411edb7d6123d71bfa2014e3d70b1c4a949b3b19ac41f4ef5a848071024b0c082948bcd&bid=0.002000&target=kilo-cud-1x2n94yz2m&campaign_id=1978938&geo=NO&keyword=&source=cramoisy-sardine&match=&campaign_name=INTL+%7C+av+%7C+domain+%7C+d+%7C+NA+%7C+RON+%7C+L&creative_number=0&traffic_type=DOMAIN&visitor_type=NON-ADULT HTTP/1.1
Host: nativeadssearch.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://belia-glp.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx/1.22.0
Date: Tue, 07 Feb 2023 08:47:57 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: uclick=oce2j2bz; expires=Wed, 08-Feb-2023 08:47:57 GMT; Max-Age=86400; path=/; secure; SameSite=none
uclickhash=oce2j2bz-oce2j2bz-qe37-pma6-qd3v-17hewj-17ntfe-413e1b; expires=Wed, 08-Feb-2023 08:47:57 GMT; Max-Age=86400; path=/; secure; SameSite=none
Location: https://pcguru.cloud/01_sweeps/V01.php?city=Oslo&lpkey=16d1750f75d1991077&uclick=oce2j2bz&uclickhash=oce2j2bz-oce2j2bz-qe37-pma6-qd3v-17hewj-17ntfe-413e1b
Strict-Transport-Security: max-age=31536000
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 4f91d1d0fddb696ade490734df5672ff
1a7b8c3c85a17126f7966f7a59d5abdb5e5a9aef
e737518fa9c0d44d5ce925bc8bb730cf45cb075d51b37ddf6e9d487f969afd72
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=104845
Content-Type: application/ocsp-response
Date: Tue, 07 Feb 2023 08:47:57 GMT
Etag: "63e106ca-117"
Expires: Wed, 08 Feb 2023 13:55:22 GMT
Last-Modified: Mon, 06 Feb 2023 13:55:22 GMT
Server: nginx
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 4f91d1d0fddb696ade490734df5672ff
1a7b8c3c85a17126f7966f7a59d5abdb5e5a9aef
e737518fa9c0d44d5ce925bc8bb730cf45cb075d51b37ddf6e9d487f969afd72
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 0
Cache-Control: max-age=104845
Content-Type: application/ocsp-response
Date: Tue, 07 Feb 2023 08:47:57 GMT
Etag: "63e106ca-117"
Expires: Wed, 08 Feb 2023 13:55:22 GMT
Last-Modified: Mon, 06 Feb 2023 13:55:22 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 279
pcguru.cloud/01_sweeps/files/iconright.png
104.21.26.238200 OK 251 B URL HTTP/2 pcguru.cloud/01_sweeps/files/iconright.png
IP 104.21.26.238:0
File type PNG image data, 65 x 22, 8-bit grayscale, non-interlaced\012- data
Hash e784245ea607ba4e15be8540bc11eda3
8980fb4106040db372707e217241c1753821e80a
a65cffbe202763b59b3d72d356c7c1749e045eddeed383dad33b0b2cf0f9c8e6
GET /01_sweeps/files/iconright.png HTTP/1.1
Host: pcguru.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 07 Feb 2023 08:47:58 GMT
content-type: image/png
content-length: 251
last-modified: Tue, 03 Nov 2020 20:40:26 GMT
etag: "fb-5b339df6c4495"
accept-ranges: bytes
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5GDaE5VFQji72HNE4zHY2eISuXTlM4pmcklqM1%2BoAcEsYH4FyopsKJqFXuqbZoPlfgSn%2F62oywskMSHcFJIWlpD2K5TqtgoPNFgtjVRyMd0uvsFSaNZvT8qM5CMC4gU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 795add22eab70b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pcguru.cloud/01_sweeps/files/8.jpg
104.21.26.238200 OK 5.5 kB URL HTTP/2 pcguru.cloud/01_sweeps/files/8.jpg
IP 104.21.26.238:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 160x160, components 3\012- data
Hash 341a98cb7c8217fd11afeab3fb32aac0
9fed14cbd2fdfee4b2800f1b9a46692096bb0ded
7134620982f683cfaa8d5ae29199f3acdda5ac1ab53f626ad9fedb170dc5c947
GET /01_sweeps/files/8.jpg HTTP/1.1
Host: pcguru.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 07 Feb 2023 08:47:58 GMT
content-type: image/jpeg
content-length: 5461
last-modified: Tue, 03 Nov 2020 20:40:25 GMT
etag: "1555-5b339df59b69a"
accept-ranges: bytes
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yzePMKbsMbhaOJTiIirfx%2FKfzYFcSG%2BzSKLaPbTTq62U7ikT%2BvsSo9xvtcNYYM098EjPtwmWs%2FWB8i5yEzKB3GR3kloSs6Eua05egdV%2BdLjwyTozxvSyiWgP97vhnQg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 795add22ead60b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pcguru.cloud/01_sweeps/files/3.jpg
104.21.26.238200 OK 2.3 kB URL HTTP/2 pcguru.cloud/01_sweeps/files/3.jpg
IP 104.21.26.238:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], baseline, precision 8, 50x50, components 3\012- data
Hash 7274a0b31bc18274ef57c0f5625bdc7e
8f62f5340044fa10d95da62a4ebea9e1e83eaafe
80a8bc695525b75eefd0ee48a1b620876726d00df724903945683e004a611c09
GET /01_sweeps/files/3.jpg HTTP/1.1
Host: pcguru.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 07 Feb 2023 08:47:58 GMT
content-type: image/jpeg
content-length: 2347
last-modified: Tue, 03 Nov 2020 20:40:24 GMT
etag: "92b-5b339df51793c"
accept-ranges: bytes
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j4X0%2F14ZNn3vbBFCsRo8oHzOAnRp5P5490k4GBlP0vtjqosD22%2F2SRqD2HJt%2FHPMRvIUmqKrgSMj0%2BEMvoZoErazvLUxtHZGdohASPn4AOlzPMJnfOE9AG69vOKR7S8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 795add22eacc0b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pcguru.cloud/01_sweeps/files/5.jpg
104.21.26.238200 OK 2.7 kB URL HTTP/2 pcguru.cloud/01_sweeps/files/5.jpg
IP 104.21.26.238:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], baseline, precision 8, 50x50, components 3\012- data
Hash b83f5a25c2d587596626aee663b8f70f
a2e64240265fd44d999f8ded2adacd7682d35430
a00f22f4ddf1020743355767b36ac111837c2d07b29f69e0b135b6d086949108
GET /01_sweeps/files/5.jpg HTTP/1.1
Host: pcguru.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 07 Feb 2023 08:47:58 GMT
content-type: image/jpeg
content-length: 2743
last-modified: Tue, 03 Nov 2020 20:40:24 GMT
etag: "ab7-5b339df51987c"
accept-ranges: bytes
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WkHHkKDUm6mKNxMBf3FpXVYpbwHPz4dRFIYkYVdAqSq9LaTzaOm%2BEDWr5GQxF90WJ429sq3Wulfa32eCXCQSAHgkWsehiBh4iBJWkqLGANjy6Q7ramuePoCHXN1PzfY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 795add22ead00b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pcguru.cloud/01_sweeps/files/6.jpg
104.21.26.238200 OK 2.5 kB URL HTTP/2 pcguru.cloud/01_sweeps/files/6.jpg
IP 104.21.26.238:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], baseline, precision 8, 50x50, components 3\012- data
Hash 563cf4014770f06cdbbf26971ca37907
471d4117b647e3cc78b24ae417cd5ba6041654fe
2ee5166fa57aa4254f5e64ffac1dac3233f66aa68f6dffa51576f365606bc418
GET /01_sweeps/files/6.jpg HTTP/1.1
Host: pcguru.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 07 Feb 2023 08:47:58 GMT
content-type: image/jpeg
content-length: 2531
last-modified: Tue, 03 Nov 2020 20:40:24 GMT
etag: "9e3-5b339df55901b"
accept-ranges: bytes
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5ahNHOX%2B7LHfUSziFodxhqQvLpIA30F8XXKrGjJdM2DCm2%2BMILB%2Bhubx5jisX9kx7TGSkEIGdJH%2FHELgsbUOxPXpadU4DLRq6Ms8axhOxjx30YsLPIhhBxAtO2coudc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 795add22ead10b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pcguru.cloud/01_sweeps/files/7.jpg
104.21.26.238200 OK 3.0 kB URL HTTP/2 pcguru.cloud/01_sweeps/files/7.jpg
IP 104.21.26.238:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], baseline, precision 8, 50x50, components 3\012- data
Hash 08dd2f281de8d55554b2a7d6c7be00ec
dc50e8a1c997a02e7f49e5708bd0c0526c7c383b
72117103f0b2cf5cddc3dced568a223174a023d8f647c83606a413653762e2c2
GET /01_sweeps/files/7.jpg HTTP/1.1
Host: pcguru.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 07 Feb 2023 08:47:58 GMT
content-type: image/jpeg
content-length: 3026
last-modified: Tue, 03 Nov 2020 20:40:24 GMT
etag: "bd2-5b339df55befb"
accept-ranges: bytes
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W3OgkcT0QfSm4QBZ0gNt%2Fl3VtQwA8b1bMdKIGFVcLy5igO7jfwg3dUJdPdEHlgoRch3Zd2gKZNp4yH0aLgjgCPaXcjMoX3MnhZaYOfn%2BDBUB2QajLe%2FRT5NOOTR7zDI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 795add22ead20b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pcguru.cloud/01_sweeps/files/selfie6.jpg
104.21.26.238200 OK 12 kB URL HTTP/2 pcguru.cloud/01_sweeps/files/selfie6.jpg
IP 104.21.26.238:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 170x170, components 3\012- data
Hash d023070157781cf6b171f3edc947da8a
2a1c2909d4d5f983abbac5d6c18eac91f235f8c0
7e93e3e78016b8df7fb158db739e8c27309d6600f956e151408e75b94ea3e38c
GET /01_sweeps/files/selfie6.jpg HTTP/1.1
Host: pcguru.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 07 Feb 2023 08:47:58 GMT
content-type: image/jpeg
content-length: 11675
last-modified: Mon, 27 Sep 2021 22:03:25 GMT
etag: "2d9b-5cd0144285319"
accept-ranges: bytes
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yPMj9n6i%2BIkrFvUI6JTZK0%2BkXPCVwHjCAJaQlEHlaFbIn4288OO84rkS7XtcIUg54pqbdodlbYrhzP1D8FaSy1%2Bij4C%2Blrvpsi%2FJMVEIVmFTCR4VV%2BME%2FysSAoRzFeA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 795add22eacb0b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pcguru.cloud/01_sweeps/files/1ip7.jpg
104.21.26.238200 OK 2.3 kB URL HTTP/2 pcguru.cloud/01_sweeps/files/1ip7.jpg
IP 104.21.26.238:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], baseline, precision 8, 50x50, components 3\012- data
Hash 885e3c0ce2860c7ccf247773f94a6282
16531ea4c90cea9ebc6969acca52e6875ff2a1ca
254cc840b416dc93a9d9f1cb24a7cdbe3345b3c1cb5f87bad6c6b6e98f66983a
GET /01_sweeps/files/1ip7.jpg HTTP/1.1
Host: pcguru.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 07 Feb 2023 08:47:58 GMT
content-type: image/jpeg
content-length: 2310
last-modified: Tue, 03 Nov 2020 20:40:24 GMT
etag: "906-5b339df4d049d"
accept-ranges: bytes
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZDRswGDMeVsczIR%2FOA7mQyuBWVtlGzbZod9HzBRaobo0nNkV4Scp%2FEcJLKM67qJsRO%2F0KtbLfGZHSsP7wpj3uf1ssEptYHO2CzElFuzwXFiQhMoGKyRs%2FHqZIDgFaww%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 795add22eac90b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pcguru.cloud/01_sweeps/files/selfie2.jpg
104.21.26.238200 OK 4.7 kB URL HTTP/2 pcguru.cloud/01_sweeps/files/selfie2.jpg
IP 104.21.26.238:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 170x170, components 3\012- data
Hash 37f08c7d35e1e2852aa4018f1369bb28
46f4b6ceaf392bb9679ec8bd4189f1f89d8e1b21
d1a4fc3d2f61ad3eb57e5e9490554eaf2727dc52398d573f8c463eefd60177a2
GET /01_sweeps/files/selfie2.jpg HTTP/1.1
Host: pcguru.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 07 Feb 2023 08:47:58 GMT
content-type: image/jpeg
content-length: 4700
last-modified: Tue, 03 Nov 2020 20:40:27 GMT
etag: "125c-5b339df7a1f71"
accept-ranges: bytes
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7VrlkJvFH6CXmn%2FNvqCGFWi5i7KTSwzWLsxX3cemJHNGfKV4Xd%2FMUAvApTm9IVe4feGZ2ErPO6Zl2e1Nto%2B3HP6xBBj6Ji8V5jUHeFAFGQDdGKKzkWRbUNkdi%2F8NibE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 795add22eacf0b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pcguru.cloud/01_sweeps/files/selfie1.jpg
104.21.26.238200 OK 7.6 kB URL HTTP/2 pcguru.cloud/01_sweeps/files/selfie1.jpg
IP 104.21.26.238:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 170x170, components 3\012- data
Hash 234fd8eebedc41c197d5f2caa1b4c71a
9ff640622b0838d6d7641c688ad0c5730cf3058e
63da5863ecd18881817075275fdb7dfc4f33984416d79423ad58278dff2bb132
GET /01_sweeps/files/selfie1.jpg HTTP/1.1
Host: pcguru.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 07 Feb 2023 08:47:58 GMT
content-type: image/jpeg
content-length: 7559
last-modified: Tue, 03 Nov 2020 20:40:27 GMT
etag: "1d87-5b339df787991"
accept-ranges: bytes
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pkWb3tPtW14QBNydqc0aJl%2F9a4EOiZtE4danEHfxmuQq6RXlN0Xff7PHKW2TiOjAXnwsl1fKu3D2yjBYOH0YIGIo%2FG%2BtOJW41TAdLCxx7Y7OGIsVpW96uUTWpHpZogs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 795add22eac60b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pcguru.cloud/01_sweeps/files/2ip7.jpg
104.21.26.238200 OK 2.6 kB URL HTTP/2 pcguru.cloud/01_sweeps/files/2ip7.jpg
IP 104.21.26.238:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], baseline, precision 8, 50x50, components 3\012- data
Hash 6872e4547eaeb8176bd7b506726bd51b
35fab5159696aa1b7fa4036a88e26179a55146be
727652fc0f80cf3a3103fbfbf585f9e037e8316fed215322a9bd4a6404aaac96
GET /01_sweeps/files/2ip7.jpg HTTP/1.1
Host: pcguru.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 07 Feb 2023 08:47:58 GMT
content-type: image/jpeg
content-length: 2622
last-modified: Tue, 03 Nov 2020 20:40:24 GMT
etag: "a3e-5b339df4d431d"
accept-ranges: bytes
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FTZiWyY46iNfpNFl7WkOpPxHWC7RJ0FgpygmprR3lw7tGXNnKVwpitKqwRVXDhKOGbTVarG9mK%2Fdp3YWWTBYzXw2CF%2BXyQDE%2FASUAHFAMGH2FzhEPzSagTwELDuWa8A%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 795add22eac30b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pcguru.cloud/01_sweeps/files/refresh.png
104.21.26.238200 OK 2.4 kB URL HTTP/2 pcguru.cloud/01_sweeps/files/refresh.png
IP 104.21.26.238:0
File type PNG image data, 70 x 70, 8-bit colormap, non-interlaced\012- data
Hash 24e225ddebd3f741cd53f0daca31b281
17e1c1e3f028532ce2435a91c71e979dcf067e06
84bf536c8bf22703eab902d1351c8af9eb215770d5c16581beb2c0ffd8c36278
GET /01_sweeps/files/refresh.png HTTP/1.1
Host: pcguru.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 07 Feb 2023 08:47:58 GMT
content-type: image/png
content-length: 2416
last-modified: Tue, 03 Nov 2020 20:40:27 GMT
etag: "970-5b339df75ca12"
accept-ranges: bytes
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iudhfCis3xyxWvPrWfH4YRoGhEbvay8JlNgyfnCoJSpe7tlmM1UL0WTBWIJwkT01qJ2R9XYxWfd546Vm3jN111uHOk1c3rnDG8DinAzOX5aEKVnhKHctj1TIfBwn3L8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 795add22fae00b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pcguru.cloud/01_sweeps/files/gift.gif
104.21.26.238200 OK 16 kB URL HTTP/2 pcguru.cloud/01_sweeps/files/gift.gif
IP 104.21.26.238:0
File type GIF image data, version 89a, 100 x 100\012- data
Hash 3505cd0c8f53e34423ff2eecf93e66c7
2a98771b4946eefd399882b118ddc5df27490228
c0342f61a55a4031bcd1711c15de49cf59b50a79cc6cc14ae23e6b95e4ba356b
GET /01_sweeps/files/gift.gif HTTP/1.1
Host: pcguru.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 07 Feb 2023 08:47:58 GMT
content-type: image/gif
content-length: 15766
last-modified: Tue, 03 Nov 2020 20:40:26 GMT
etag: "3d96-5b339df682db6"
accept-ranges: bytes
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gofue6hzdokPAkJ%2FAOunBjPZm55en4JOFQNWv59hpcnac9%2Fkd5gLhq%2FO5EYHo7wZika4TJOB3TxE%2FCb1QnMpiArGRPKg2U6Ce3PkCte9QhGvMPxa1XqPp4akfANXWOA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 795add22fada0b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pcguru.cloud/01_sweeps/files/spin4.png
104.21.26.238200 OK 45 kB URL HTTP/2 pcguru.cloud/01_sweeps/files/spin4.png
IP 104.21.26.238:0
File type PNG image data, 321 x 321, 8-bit/color RGBA, non-interlaced\012- data
Hash b74e75a86be99e7ae037ef609cac0cae
9650ba0f098b72a4386591142f8140bb7a4672d7
f820218fe062af2d4dd3d8ff94ae502ed483f540c2eaa87ca9d06008dcfc5bdc
GET /01_sweeps/files/spin4.png HTTP/1.1
Host: pcguru.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 07 Feb 2023 08:47:58 GMT
content-type: image/png
content-length: 45248
last-modified: Tue, 03 Nov 2020 20:40:27 GMT
etag: "b0c0-5b339df81ef6f"
accept-ranges: bytes
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dvt%2BwzNctW%2BSy6SxyPamsr0KEshR3Mz0vN0dSiuIACL0ovYbmAG37F2IaxoQK5B2k82D3fRSOLa%2BF0WWpGawZPyV30go%2F%2FFhG8QkAJRU2Y5tcMDdz2IoNSZh7n6v9nQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 795add22eac00b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pcguru.cloud/01_sweeps/files/giftbox.png
104.21.26.238200 OK 50 kB URL HTTP/2 pcguru.cloud/01_sweeps/files/giftbox.png
IP 104.21.26.238:0
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash 9e63cef698f81b9d8da1b5138ed30942
960a6f77f757bba5334cdc1d69b47c830606e015
880df77228b27c08ca8ee78f9c4b5024cf7b3f3341475448f3b3664c19c7081b
GET /01_sweeps/files/giftbox.png HTTP/1.1
Host: pcguru.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 07 Feb 2023 08:47:58 GMT
content-type: image/png
content-length: 50086
last-modified: Tue, 03 Nov 2020 20:40:26 GMT
etag: "c3a6-5b339df6abdf5"
accept-ranges: bytes
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=difwKry6bhlWGOtvbZif4BU6vBJrT%2Bm3pTEtbgE7yfx5u%2F0hCaShDURz%2BvjZ%2BXMql6fdGPD6iOVcVRRaL420DX%2BUkCP9w037xnKbBNT%2B0hD7yb3kp9%2FsXSItRw50cQk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 795add22eac20b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pcguru.cloud/01_sweeps/files/styles.css
104.21.26.238200 OK 0 B URL HTTP/2 pcguru.cloud/01_sweeps/files/styles.css
IP 104.21.26.238:0
GET /01_sweeps/files/styles.css HTTP/1.1
Host: pcguru.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 07 Feb 2023 08:47:58 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Tue, 03 Nov 2020 20:40:28 GMT
etag: W/"5487-5b339df86834e"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2FCwhcpo187%2BMHu95w01JeqjExTw6d04sXOSo3rCztgXceA%2B4shUxyMfo02vZkBukBSN4l55nAYxAQpbpr2LcKHstJZ1NZOsMzt36NgDXk0vy8qoyArBURI3054USTk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 795add22eab50b02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pcguru.cloud/01_sweeps/V01.php?city=Oslo&lpkey=16d1750f75d1991077&uclick=oce2j2bz&uclickhash=oce2j2bz-oce2j2bz-qe37-pma6-qd3v-17hewj-17ntfe-413e1b
104.21.26.238200 OK 0 B URL HTTP/2 pcguru.cloud/01_sweeps/V01.php?city=Oslo&lpkey=16d1750f75d1991077&uclick=oce2j2bz&uclickhash=oce2j2bz-oce2j2bz-qe37-pma6-qd3v-17hewj-17ntfe-413e1b
IP 104.21.26.238:0
GET /01_sweeps/V01.php?city=Oslo&lpkey=16d1750f75d1991077&uclick=oce2j2bz&uclickhash=oce2j2bz-oce2j2bz-qe37-pma6-qd3v-17hewj-17ntfe-413e1b HTTP/1.1
Host: pcguru.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://belia-glp.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 07 Feb 2023 08:47:57 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9hu2GKGv4ylifDRCP24EUxAO2H7uJhHNQdS5M0WbOwxoyo%2BFQR4OK7Az4aj%2BaI1ZNE82TOwTz8RrdTg7r1YHD5seVvXBg9e6y5YwzYbEZe1qfp9ifOAIDcerVsyvDXo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 795add2108650b02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2