za.gl/9tBBJjo
301 Moved Permanently 0 B IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /9tBBJjo HTTP/1.1
Host: za.gl
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sun, 08 Jan 2023 05:51:15 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sun, 08 Jan 2023 06:51:15 GMT
Location: https://za.gl/9tBBJjo
Server-Timing: cf-q-config;dur=4.9999980547e-06
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hJoxt0o0bHfRpHPmi2NlSxdi0pGh4b5eGbzYX48ZVI%2Fcd%2F2bGh5loosqlAp3lYyvwD571i5yZGzkEqP5hODAPpmOx6KmY0vv3svuFyM3P9%2FQYlLBa6H%2B"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7862a90c6a1db512-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 516b9d6951b09439a51d5284994ed92f
5c78edb38bae36caa8e2db8ed6635a32e46c91dd
eaaf4ebc59d2a06d02b552154c5adb7c713ffc4a7f5caabcff1c2b4cd6ec5c7b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EAAF4EBC59D2A06D02B552154C5ADB7C713FFC4A7F5CAABCFF1C2B4CD6EC5C7B"
Last-Modified: Fri, 06 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16343
Expires: Sun, 08 Jan 2023 10:23:39 GMT
Date: Sun, 08 Jan 2023 05:51:16 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash b782882bdabaf3b08e64120922b4a4b7
2035ed7fc9fb5b6ee9715601ba43de5f94d0c0e9
3fe7d1a9a55b86ec25d02634749ccfae11f3477033ba8cd7ac4131b7948ba619
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3FE7D1A9A55B86EC25D02634749CCFAE11F3477033BA8CD7AC4131B7948BA619"
Last-Modified: Sat, 07 Jan 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15607
Expires: Sun, 08 Jan 2023 10:11:23 GMT
Date: Sun, 08 Jan 2023 05:51:16 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 89a058935fd04697c87e9441fbb466a9
59b5b08119374b1da34cff7e43a7c6dc80103f6e
3a3261f495323ff0f60067b2930b8d0e5e4e5cd6ae9b14929a88047587b735da
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3A3261F495323FF0F60067B2930B8D0E5E4E5CD6AE9B14929A88047587B735DA"
Last-Modified: Sat, 07 Jan 2023 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16972
Expires: Sun, 08 Jan 2023 10:34:08 GMT
Date: Sun, 08 Jan 2023 05:51:16 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Content-Type, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 08 Jan 2023 05:41:28 GMT
content-type: application/json
age: 588
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
IP
File type PEM certificate\012- , ASCII text
Hash b1fcd419a4245617397846e8d17233f6
2a037ce244587640b27ead9a0ec2af4f862d91b2
e059b6d834c06e58494c43fb2ff42acbc27c1a1d8f7f30e2f32ca0e167599e2f
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: LToP0dwwhfUBpoWZKUPfi2DLIuiDQzJ0ZDwW6VUOKw2caNUGxTCReDICUwYN2Gnwc0wVEomvqc1IHh5F0UnRZg==
x-amz-request-id: ZJP13HGK5EV73Q44
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 08 Jan 2023 05:15:38 GMT
age: 2138
last-modified: Tue, 20 Dec 2022 14:47:58 GMT
etag: "b1fcd419a4245617397846e8d17233f6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 08 Jan 2023 05:51:16 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.2/rollups/aes.js
200 OK 4.3 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.2/rollups/aes.js
IP
File type ASCII text, with very long lines (548)
Hash 4dc1890d39b14772f9579894d823296e
ae5c8609bcf332695e4669f817c91a20a81e3208
e8280ea3c6c000fb1d319cc116e7ebe934818e2091fcf87dd6cc450b62d00b48
GET /ajax/libs/crypto-js/3.1.2/rollups/aes.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://za.gl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 08 Jan 2023 05:51:16 GMT
content-type: application/javascript; charset=utf-8
content-length: 4256
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e2d-3430"
last-modified: Mon, 04 May 2020 16:09:17 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 125007
expires: Fri, 29 Dec 2023 05:51:16 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oKzwLQ7dZ6B2du22IU8SBvt0smOPDTJCAvmNlf0xHtiRiPAwpGwmZruKSLNuL22sdMCLXhKdzV9%2BebC%2FHS1V4t3zNPwbQOuVipZke5bEICcXeGPhbj%2BeergSMucQJjV3ab%2FRHA9g"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7862a9109826b4ee-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.6.0/slick.js
200 OK 12 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.6.0/slick.js
IP
Hash fab824518fd82853ed2698f39d8ec43e
df19bf45131085a88eb2cd4c07e2bda44cef0e98
d55908906f498a577e0f9cc6ffeac157765acb67643c23d22c0d51b352e208c4
GET /ajax/libs/slick-carousel/1.6.0/slick.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://za.gl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 08 Jan 2023 05:51:16 GMT
content-type: application/javascript; charset=utf-8
content-length: 12032
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03fd5-14929"
last-modified: Mon, 04 May 2020 16:16:21 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1474810
expires: Fri, 29 Dec 2023 05:51:16 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d3rH5ohpYMLB6jaJrMFJwo6Jzxx0R8n%2B698MssnbCswjdGJn1qpUE3vxii7Gh8hHeXZ58oCT3Q5dxiOs5Np8TjpsvU06%2F1URSTNnyokjZhkTS3t92G18uVCP8n%2B6YDC%2F0wfP%2Bl3t"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7862a910c83cb4ee-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
polyfill.io/v3/polyfill.js?features=Intl%2Cfetch
200 OK 142 B URL HTTP/2 polyfill.io/v3/polyfill.js?features=Intl%2Cfetch
IP
Hash 0029422a03c75d739c3591816bdefde0
bf4af2e7c626fa715e179d4a726c6afb30e29e90
290c315adf54b46aa291ed06a69cd4d9111c08a83b265fbd57897cef29f003f0
GET /v3/polyfill.js?features=Intl%2Cfetch HTTP/1.1
Host: polyfill.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://za.gl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-allow-methods: GET,HEAD,OPTIONS
cache-control: public, s-maxage=31536000, max-age=604800, stale-while-revalidate=604800, stale-if-error=604800
content-type: text/javascript; charset=utf-8
last-modified: Sat, 19 Nov 2022 11:32:20 GMT
content-encoding: br
age: 0
accept-ranges: bytes
useragent_normaliser: firefox/105.0.0
date: Sun, 08 Jan 2023 05:51:16 GMT
vary: User-Agent, Accept-Encoding
server-timing: cache-bma1621, PASS, fastly;desc="Edge time";dur=11
content-length: 142
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash f3bf71643ae5219a72dda1da70667cf6
00e3e8da4828280fa90ad6f8550b32a1afe9eda7
a62b2beef5db6770d7caefcc77a94da89d1d64e3de538b47926c8b6dee469137
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 08 Jan 2023 05:51:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 315edeafe1715f46de7d38be371473a8
25e357166d0ddfff3e60f9042d56f37c1ab7163a
9869582721de4f610dca5030b9a703863d2eae2667061b2f722aebdaf60468e4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 08 Jan 2023 05:51:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 315edeafe1715f46de7d38be371473a8
25e357166d0ddfff3e60f9042d56f37c1ab7163a
9869582721de4f610dca5030b9a703863d2eae2667061b2f722aebdaf60468e4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 08 Jan 2023 05:51:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 63bccc1f66ce9e92e4b40dfb3d397e96
b256695f795919c1fa3d0de461cf4d44fb7573f3
739ed63c77b8f2f8ae1e929d2e6ce784986ea0d3230d2a65cc9f733837c8a581
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 08 Jan 2023 05:51:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 63bccc1f66ce9e92e4b40dfb3d397e96
b256695f795919c1fa3d0de461cf4d44fb7573f3
739ed63c77b8f2f8ae1e929d2e6ce784986ea0d3230d2a65cc9f733837c8a581
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 08 Jan 2023 05:51:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js
200 OK 30 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js
IP
File type ASCII text, with very long lines (32058)
Hash fc3fc31e5e7c0933dc18e562c1c071bf
a44c31323f6bd29e583cc585036e6eb39f7014a6
ddad766fb94b23efeb5574cdedc5e8446d496fb91bd0b08cd80be212e001055d
GET /ajax/libs/jquery/3.2.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://za.gl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30306
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 05 Jan 2023 22:24:40 GMT
expires: Fri, 05 Jan 2024 22:24:40 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
age: 199596
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/recaptcha/api.js?onload=onloadRecaptchaCallback&render=explicit
200 OK 579 B URL HTTP/2 www.google.com/recaptcha/api.js?onload=onloadRecaptchaCallback&render=explicit
IP
File type ASCII text, with very long lines (918), with no line terminators
Hash e9ab0e4280dcd37b08fd13f19bfc20b6
294370a2323b6a56a057aee19676881fd54e455c
6643c52e8c8c78005369b657f279a86c459dc1c87fbaa98dc1727872f5124902
GET /recaptcha/api.js?onload=onloadRecaptchaCallback&render=explicit HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://za.gl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Sun, 08 Jan 2023 05:51:16 GMT
date: Sun, 08 Jan 2023 05:51:16 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 579
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=UA-120643151-1
200 OK 45 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-120643151-1
IP
File type ASCII text, with very long lines (1759)
Hash 86922110852a4db375f38670e6db691f
e00171275f071a5c50731c45a970e5c529b4cdbb
51d6d95c1f5f16232bf9459675746f34a58cf70a89d82d5403ecd043d53efa43
GET /gtag/js?id=UA-120643151-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://za.gl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 08 Jan 2023 05:51:16 GMT
expires: Sun, 08 Jan 2023 05:51:16 GMT
cache-control: private, max-age=900
last-modified: Sun, 08 Jan 2023 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 45341
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=G-6QVVMFTPT3
200 OK 78 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=G-6QVVMFTPT3
IP
File type ASCII text, with very long lines (20080)
Hash 99bc88cf3f5a29e606f4faa921db844c
e1aede33d4464ada2a550e4a5e99f683d60b5159
03c6a7e6381bcaf1f8480385ada1f2fe86df78a0569145d9d270faf508575bbf
GET /gtag/js?id=G-6QVVMFTPT3 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://za.gl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 08 Jan 2023 05:51:16 GMT
expires: Sun, 08 Jan 2023 05:51:16 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 78197
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 63bccc1f66ce9e92e4b40dfb3d397e96
b256695f795919c1fa3d0de461cf4d44fb7573f3
739ed63c77b8f2f8ae1e929d2e6ce784986ea0d3230d2a65cc9f733837c8a581
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 08 Jan 2023 05:51:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 910d902590c4dce2c5fde148d455a94c
05617b6a2fd1a7eb4fcb098a7ce48011d3f835bc
3bfd7cff0474a36458748e4cc6dfa647fdd7bd8b4fa792079042a04c7dffe0b1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 08 Jan 2023 05:51:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 742 B IP
Hash 41fdb5cbd9a0287a6361381d3fd9d9bf
190aae484ba8153a6825b4c2069e6a4e0fa5d15a
0afa36522eb1260352edc422415728300530602ab8462c3b6c12b5e419caaa12
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 08 Jan 2023 05:51:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 294742535da40d02498d9e1c865d4014
99d45ec581ccba41915745f22da696aa9c5758ea
645f09beffda2d924626cedd5aa832a5a0e1b136ddf3fdc0b65fd9526f8b5531
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 08 Jan 2023 05:51:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 294742535da40d02498d9e1c865d4014
99d45ec581ccba41915745f22da696aa9c5758ea
645f09beffda2d924626cedd5aa832a5a0e1b136ddf3fdc0b65fd9526f8b5531
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 08 Jan 2023 05:51:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash d61b473587fad71a46a0326f340cee4f
dbc038c96fb9baa759d81faeae0cbb5e370d9a18
26fc0e8f9295a6d4edd37848c14f645745d5b5c5c3d8753ce33135dda2eabf07
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "26FC0E8F9295A6D4EDD37848C14F645745D5B5C5C3D8753CE33135DDA2EABF07"
Last-Modified: Fri, 06 Jan 2023 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19159
Expires: Sun, 08 Jan 2023 11:10:35 GMT
Date: Sun, 08 Jan 2023 05:51:16 GMT
Connection: keep-alive
fonts.gstatic.com/s/dmsans/v11/rP2Cp2ywxg089UriASitCBimCw.woff2
200 OK 18 kB URL HTTP/2 fonts.gstatic.com/s/dmsans/v11/rP2Cp2ywxg089UriASitCBimCw.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 18212, version 1.0\012- data
Hash ca72fb4e277e59be50b8850190822581
159b97b22006fe2a483da0a13d33cfb3cc5aa031
f3c0fa2cd71bb91d0e3acf5d77b93c49a184e9ad941532ca8c07c82eb0bd6a6c
GET /s/dmsans/v11/rP2Cp2ywxg089UriASitCBimCw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://za.gl
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 18212
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 05 Jan 2023 22:12:02 GMT
expires: Fri, 05 Jan 2024 22:12:02 GMT
cache-control: public, max-age=31536000
age: 200354
last-modified: Thu, 21 Apr 2022 16:54:14 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/dmsans/v11/rP2Hp2ywxg089UriCZOIHQ.woff2
200 OK 18 kB URL HTTP/2 fonts.gstatic.com/s/dmsans/v11/rP2Hp2ywxg089UriCZOIHQ.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 18096, version 1.0\012- data
Hash f29503a1895affee5ed85d0246238af8
f474c6e8a3e4e28fb68cf7fb29bd448cdfeb0278
7164a212fb4df27bf1e006342d1686badcba58f5a5d301772c14cc7adf1d4821
GET /s/dmsans/v11/rP2Hp2ywxg089UriCZOIHQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://za.gl
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 18096
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 05 Jan 2023 22:11:37 GMT
expires: Fri, 05 Jan 2024 22:11:37 GMT
cache-control: public, max-age=31536000
age: 200379
last-modified: Thu, 21 Apr 2022 16:54:12 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Pragma, Content-Length, Alert, Expires, ETag, Last-Modified, Backoff, Content-Type, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 08 Jan 2023 05:17:21 GMT
age: 2035
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
opticlygremio.com/1clkn/14927
200 OK 26 B URL HTTP/1.1 opticlygremio.com/1clkn/14927
IP
File type ASCII text, with no line terminators
Hash 414a242a6fee8464282857e475d3ef61
f669890350347f53aa9bd19c1a355692e8d17d2f
d4914e81dd0b4c1d8ee8e789f6b369d107b93ac886f862930e1a98580e79aafa
GET /1clkn/14927 HTTP/1.1
Host: opticlygremio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://za.gl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 08 Jan 2023 05:51:16 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Set-Cookie: GL_UI4=eJw9jd1OhDAYRIHy42aFOAkPsI9QVBAvvfEVvCSl%2FcC60G5KXfTtbUz07mTmTCaKoqSuEF9zBvYpWpzU1HSS9428bx9417WPgtM09s9j%2F9Q1gvc46G3wYlzIp7idyZDTcpBWUYm7UP0lZ2N3kyIbnTCqRLYGYylRjM7uG7maITViJRSv2tFkv4IhPqwDa3gbWJvAMUdit5pVBxRv2qiwrI5IGl6VeYTjZRF%2Bsm4dtMpjZLMTihC%2F4EYKT7N13ygUbWdvL4Bd1PDv%2Fx6zveHIFV21JGTWv5P7AaoaStk%3D; expires=Mon, 09-Jan-2023 05:51:16 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJxNjM0KgkAYRW0qSwrjQg%2FQC2T%2Fi7bVMnThAwxmXzFg84kz%2FdjTpwbR5nI4cK7jOGLsQ6gcw%2B0i2M6D9TJYbNZoX4khwgjDlO%2FaFqXUyY3ghlw8kxJuQVfFGmK%2BwuDLMuUzoRtG0z%2FXRIPIZDzZ1z8lOqmqt1bwav52vaprXFuZHP4uU69JzNndVi8GniYrTU50hrdPThnNDvER%2Fs82H24LfWVkXvCrrHhk1Y3erEny5WLIVqr1cMUHDLFHVQ%3D%3D; expires=Mon, 09-Jan-2023 05:51:16 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
ocsp.pki.goog/gts1c3
200 OK 4.5 kB IP
Hash 5080af9f04b20fe8ec30e9f74252bcf0
4e4aafc9f25d3c717bedd1900d46d7e48fa39b70
0cadaaf79e3e2a1615f448f6023dc64af0be26c489553a8bf9f4c6b17130677f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 08 Jan 2023 05:51:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
za.gl/9tBBJjo
200 OK 12 kB IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (6682), with CRLF, LF line terminators
Hash 00e8d0a223b453459eb2586ba5e4d02c
aec7ebbae5acc1f105d36b10017d11206a2a15a7
fe838a888ce7de9087b8bdbe36084dd53fb28b82013e6da64802faa917a9c5b6
GET /9tBBJjo HTTP/1.1
Host: za.gl
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Sun, 08 Jan 2023 05:51:16 GMT
content-type: text/html; charset=UTF-8
set-cookie: AppSession=hgtggbkd9mlfmd8j2jeu0qjrn4; path=/; HttpOnly; secure
zagl_publisher=1568510; expires=Sun, 08-Jan-2023 05:52:16 GMT; Max-Age=60; path=/; secure
scr=0.45; expires=Sun, 08-Jan-2023 05:52:16 GMT; Max-Age=60; path=/; secure
zagl_publisher=1568510; expires=Sun, 08-Jan-2023 05:52:16 GMT; Max-Age=60; path=/; secure
scr=0.45; expires=Sun, 08-Jan-2023 05:52:16 GMT; Max-Age=60; path=/; secure
csrfToken=3cc91445b07f37da0c664431411899190253465880c56f151cf88b2ef547dd85df1bcbc432095259489536d26c05ef7ccaffc03c7922fa8ab2916125d7089679; path=/; secure
visitor=Q2FrZQ%3D%3D.NGIyZjRmYzIyMGExNWExNGY0N2ZjNDMzYThjMGFkYzA4YWQ3MzcwOGI4ODU5YTBmM2Y3NGMyOWU3ZDMwMjdhYqJsyRUSTfnjuigvE6olY3hdFXdd%2FjivqEBA2CGcdAu%2Fa9Ln7nmzdClzqZ9j2Bm4sciib%2FsEuyldKoMIzQiilZctjFIJYIAX0gvXPWdvtqMP; expires=Mon, 09-Jan-2023 05:51:16 GMT; Max-Age=86400; path=/; HttpOnly; secure
hash=Q2FrZQ%3D%3D.ZjUzNjk0ODk5YjRjYmY1NjVmYzZlOTNiOGJjMjc1YTU3MGU0OGUwOGY0NmY3ZjQ4NDg0MTE4NmMwODExYTZiM69XI5ogAWCfDmMuicBkvwe%2BKKpxV7rCcYFe9%2FpD3jsIUC4aGgp8WT49GuYqX8z7XdT1M1MkVpsWtozTH4rTXgk%3D; expires=Wed, 08-Feb-2023 05:51:16 GMT; Max-Age=2678400; path=/; secure
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VkJitL4X%2FP8hSC81k%2FOi798W8ZqBrexMYymJnQAchDmL2CH3nU05fBL6uYtq9i%2BhS7mStmq%2FW5TFQolsEIEFBcEveml8pr69Qunv1XVo9TvgONx4jF6d"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7862a90e4ddc1c0a-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash 8589b6a84dd5a09ec546aff38bbd2515
1c3a3d8a69ae7a3ebda64292caf0e0f5968e81f7
f013da155203f0509d56e8174c2ae5ed23aad413b4391f276efd388519743b17
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2234
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 08 Jan 2023 05:51:17 GMT
Last-Modified: Sun, 08 Jan 2023 05:14:03 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471
www.google-analytics.com/analytics.js
200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://za.gl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Sun, 08 Jan 2023 04:41:08 GMT
expires: Sun, 08 Jan 2023 06:41:08 GMT
cache-control: public, max-age=7200
age: 4209
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.gstatic.com/recaptcha/releases/5qcenVbrhOy8zihcc2aHOWD4/recaptcha__en.js
200 OK 165 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/5qcenVbrhOy8zihcc2aHOWD4/recaptcha__en.js
IP
File type ASCII text, with very long lines (658)
Size 165 kB (164706 bytes)
Hash 0b7fccb24ee065a01fdde10928c03c3f
9b198014f81844820588c202cc24bf5e03bf3dd7
68756de8f0d6742525ddaca56ab350e34d822777e86939fea27eb704ae013280
GET /recaptcha/releases/5qcenVbrhOy8zihcc2aHOWD4/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://za.gl
Connection: keep-alive
Referer: https://za.gl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 164706
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 06 Jan 2023 16:14:32 GMT
expires: Sat, 06 Jan 2024 16:14:32 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 15 Dec 2022 05:24:10 GMT
content-type: text/javascript
age: 135405
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: CWgNZzmU/V37R11Pt+OeKw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 1VQWa8poWLCZz7cKlCIH1WAbQNk=
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 88300081f739a4e0bab2314493ca7e37
6f9c8e097a7cb241c05f8888179bf35105651006
30c55e0d15be2591da76e0b64a4a4429dd09610558b7c314b231d0db6be35559
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "30C55E0D15BE2591DA76E0B64A4A4429DD09610558B7C314B231D0DB6BE35559"
Last-Modified: Sat, 07 Jan 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18416
Expires: Sun, 08 Jan 2023 10:58:13 GMT
Date: Sun, 08 Jan 2023 05:51:17 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 3f9dd84b8d58b3eb7bd1d1cddd0dd389
fba54adae8f2f118c5411e9c4503142b25b5b00b
a4486087f60f7ac33c3b5e513efedab83190270b96798a4f75e02e629c655ec0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A4486087F60F7AC33C3B5E513EFEDAB83190270B96798A4F75E02E629C655EC0"
Last-Modified: Sat, 07 Jan 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18511
Expires: Sun, 08 Jan 2023 10:59:48 GMT
Date: Sun, 08 Jan 2023 05:51:17 GMT
Connection: keep-alive
fishermanslush.com/3e/c0/90/3ec0905094195898e97f189a6f59b52b.js
200 OK 13 kB URL HTTP/1.1 fishermanslush.com/3e/c0/90/3ec0905094195898e97f189a6f59b52b.js
IP
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (37163), with no line terminators
Hash 95809d0bde0640a5bf6d342e672d4ec9
b4c4869c5683bc0bc48fbfcbb09bb9932d565f8c
2fb39f438a87217b52108875ac619b3398513d5bb09d1d19e2c98f33711963f8
GET /3e/c0/90/3ec0905094195898e97f189a6f59b52b.js HTTP/1.1
Host: fishermanslush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://za.gl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sun, 08 Jan 2023 05:51:17 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b97db0608f6452ba4657cc3c15999c6b
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
region1.google-analytics.com/g/collect?v=2&tid=G-6QVVMFTPT3>m=2oe120&_p=1719160885&cid=1943867647.1673157065&ul=en-us&sr=1280x1024&_s=1&sid=1673157065&sct=1&seg=0&dl=https%3A%2F%2Fza.gl%2F9tBBJjo&dt=za.gl&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-6QVVMFTPT3>m=2oe120&_p=1719160885&cid=1943867647.1673157065&ul=en-us&sr=1280x1024&_s=1&sid=1673157065&sct=1&seg=0&dl=https%3A%2F%2Fza.gl%2F9tBBJjo&dt=za.gl&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-6QVVMFTPT3>m=2oe120&_p=1719160885&cid=1943867647.1673157065&ul=en-us&sr=1280x1024&_s=1&sid=1673157065&sct=1&seg=0&dl=https%3A%2F%2Fza.gl%2F9tBBJjo&dt=za.gl&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://za.gl
Connection: keep-alive
Referer: https://za.gl/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://za.gl
date: Sun, 08 Jan 2023 05:51:17 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fishermanslush.com/ae/5b/60/ae5b60e24661bf9ec039fadca57ec6c7.js
200 OK 21 kB URL HTTP/1.1 fishermanslush.com/ae/5b/60/ae5b60e24661bf9ec039fadca57ec6c7.js
IP
ASN #39572 DataWeb Global Group B.V.
File type HTML document, ASCII text, with very long lines (60146), with no line terminators
Hash 1b812bc90b474fc878b67a668de2cdf1
5462cfb3ffe67f1839ab436e41cf67509d2ec27b
144b367d4855ad10678145003e3f544834d40da9e4528347b20a11fd829ea0d6
GET /ae/5b/60/ae5b60e24661bf9ec039fadca57ec6c7.js HTTP/1.1
Host: fishermanslush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://za.gl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sun, 08 Jan 2023 05:51:17 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 5234ae27d19f840f4743e19ac944f5d3
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
e1.o.lencr.org/
200 OK 344 B IP
ASN #20940 Akamai International B.V.
Hash 610b93024012ad58ba5d9c7aa45a243e
a5a0bdd6f2fe6a926130fd3099f908f9ef962691
6b6cfc69ad433f05ff9300d664bbad150b30eb85e02bbd7133ce88de44053809
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "6B6CFC69AD433F05FF9300D664BBAD150B30EB85E02BBD7133CE88DE44053809"
Last-Modified: Thu, 05 Jan 2023 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8465
Expires: Sun, 08 Jan 2023 08:12:22 GMT
Date: Sun, 08 Jan 2023 05:51:17 GMT
Connection: keep-alive
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash d7c4f67a1d04c40ef03f4168574c2885
e8ff7571a83665de981d55102546abe41318dc70
7a38d25ecb4045ac14509040772c946dbaf6e353e9b0fd2ff0b4a5d0973a5cde
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=115941
Date: Sun, 08 Jan 2023 05:51:17 GMT
Etag: "63b9741c-1d7"
Expires: Mon, 09 Jan 2023 14:03:38 GMT
Last-Modified: Sat, 07 Jan 2023 13:31:08 GMT
Server: ECS (nyb/1D20)
X-Cache: Miss from cloudfront
Via: 1.1 4f01f770085624552bc30a98954f963a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: bFcPGFqD_lMP1UsuZ3W6TIdIce4MyPvKHJMrcCgQg67IsA07H3yvXw==
Age: 1950
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash d7c4f67a1d04c40ef03f4168574c2885
e8ff7571a83665de981d55102546abe41318dc70
7a38d25ecb4045ac14509040772c946dbaf6e353e9b0fd2ff0b4a5d0973a5cde
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=115323
Date: Sun, 08 Jan 2023 05:51:17 GMT
Etag: "63b9741c-1d7"
Expires: Mon, 09 Jan 2023 13:53:20 GMT
Last-Modified: Sat, 07 Jan 2023 13:31:08 GMT
Server: ECS (nyb/1D15)
X-Cache: Miss from cloudfront
Via: 1.1 057fdebf738f5915bf38a78949190758.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 6C0D7AStASRBkAXouIjqoTQjJRN5Nq8k-Io7GUXhzaeL0I_fO0H1GA==
Age: 1332
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 210ff0dabe088c185e3ad1a8016c309a
1462765c78a89c6418af69fad1fe56d3e84bf4b5
dd8ed436b533d1ca1a5f12e7884fc8ef127efabbf36b6b083dd3b03949e1c2bf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DD8ED436B533D1CA1A5F12E7884FC8EF127EFABBF36B6B083DD3B03949E1C2BF"
Last-Modified: Fri, 06 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9896
Expires: Sun, 08 Jan 2023 08:36:14 GMT
Date: Sun, 08 Jan 2023 05:51:18 GMT
Connection: keep-alive
simplewebanalysis.com/stats
200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP
File type ASCII text, with no line terminators
Hash ae783e20c929cfe14f9cd61309523c51
bb197bdfad4ba0d203eaafc086ddfb896f30d040
191cd57fecaf5f8a2cf6979c29f1ccd256f5a3f437e0ff35d7487524951b8c73
Analyzer Verdict Alert fortinet Malware
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://za.gl
Connection: keep-alive
Referer: https://za.gl/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 08 Jan 2023 05:51:18 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://za.gl
access-control-allow-credentials: true
set-cookie: uid_id2=18069857-a2bc-4b96-94ed-44c54297d988:1:1; expires=Wed, 05 Jan 2033 05:51:18 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
simplewebanalysis.com/stats
200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP
File type ASCII text, with no line terminators
Hash 94e8e718ea88e21118536cf5fb838eeb
70e71c12212a5ded8af7c015d231f98c7c0f54b2
9b63cf401586b5081cd288654a8eec9eb7a80a8abfd6b09b45a79c6c9f888ce0
Analyzer Verdict Alert fortinet Malware
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://za.gl
Connection: keep-alive
Referer: https://za.gl/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 08 Jan 2023 05:51:18 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://za.gl
access-control-allow-credentials: true
set-cookie: uid_id2=b6296ee9-34d9-41f6-b994-14818bd121a3:1:1; expires=Wed, 05 Jan 2033 05:51:18 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 344 B IP
ASN #20940 Akamai International B.V.
Hash 610b93024012ad58ba5d9c7aa45a243e
a5a0bdd6f2fe6a926130fd3099f908f9ef962691
6b6cfc69ad433f05ff9300d664bbad150b30eb85e02bbd7133ce88de44053809
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "6B6CFC69AD433F05FF9300D664BBAD150B30EB85E02BBD7133CE88DE44053809"
Last-Modified: Thu, 05 Jan 2023 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8464
Expires: Sun, 08 Jan 2023 08:12:22 GMT
Date: Sun, 08 Jan 2023 05:51:18 GMT
Connection: keep-alive
temperrunnersdale.com/pixel/purst?dl=0&th=0&sc=0&rs=1946&rd=1946&fd=997&bv=22.10.v.9&tmpl=70
200 OK 0 B URL HTTP/1.1 temperrunnersdale.com/pixel/purst?dl=0&th=0&sc=0&rs=1946&rd=1946&fd=997&bv=22.10.v.9&tmpl=70
IP
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=1946&rd=1946&fd=997&bv=22.10.v.9&tmpl=70 HTTP/1.1
Host: temperrunnersdale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://za.gl/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sun, 08 Jan 2023 05:51:18 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash cde53a2f6dbad0af5b2d8c6f5d51275c
21fa1c64fb3526879ed5f6da907e97fee480c57a
4bb28e86b923dfbcf67e9374cc1219bae7fcf2eeeafbad7ba25862d44f1aeddf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4BB28E86B923DFBCF67E9374CC1219BAE7FCF2EEEAFBAD7BA25862D44F1AEDDF"
Last-Modified: Thu, 05 Jan 2023 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4458
Expires: Sun, 08 Jan 2023 07:05:36 GMT
Date: Sun, 08 Jan 2023 05:51:18 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 11aea3c23fce2f77cadf7a551f4e8b17
4963aafedcf3fc5f28f1b4a6b0212abfd5526702
d2ada7d592878b58921cd0568efa62abefd7423d40bec16133886e2c67a791b3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D2ADA7D592878B58921CD0568EFA62ABEFD7423D40BEC16133886E2C67A791B3"
Last-Modified: Fri, 06 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16084
Expires: Sun, 08 Jan 2023 10:19:22 GMT
Date: Sun, 08 Jan 2023 05:51:18 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 11aea3c23fce2f77cadf7a551f4e8b17
4963aafedcf3fc5f28f1b4a6b0212abfd5526702
d2ada7d592878b58921cd0568efa62abefd7423d40bec16133886e2c67a791b3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D2ADA7D592878B58921CD0568EFA62ABEFD7423D40BEC16133886E2C67A791B3"
Last-Modified: Fri, 06 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16084
Expires: Sun, 08 Jan 2023 10:19:22 GMT
Date: Sun, 08 Jan 2023 05:51:18 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 1fadbf0232f1d32f9e1f69a03ae0d85f
ffd5a5ed1833a796abc058de27b29cbb58caab58
822ac968f892f2afdc623fc5acd352bfd321d13c6299318ff75289d007e458a7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "822AC968F892F2AFDC623FC5ACD352BFD321D13C6299318FF75289D007E458A7"
Last-Modified: Fri, 06 Jan 2023 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2273
Expires: Sun, 08 Jan 2023 06:29:11 GMT
Date: Sun, 08 Jan 2023 05:51:18 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb9dc47a4-a4c6-419a-a3a4-8f9104d7903d.webp
200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb9dc47a4-a4c6-419a-a3a4-8f9104d7903d.webp
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash aa7c2273cc951c105b70b0609924ba61
4e6b0302f3aa61553128d453e4c9fed886773500
320f73b9188e0d59868a47bb60c5fabf45d4f754fd934cb5082ef6ef98d4cc57
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb9dc47a4-a4c6-419a-a3a4-8f9104d7903d.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10285
x-amzn-requestid: 720699b5-142f-40e8-b42f-ebf8b0fac767
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eZDuqGP8IAMFhtA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b9e65d-480527ba582bb5a458ce1b24;Sampled=0
x-amzn-remapped-date: Sat, 07 Jan 2023 21:38:37 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hacziPAK6XADBjc0ewKd4EUwY49f3xDpl6r3xzJMsYPGuJQe4hBfFQ==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Sat, 07 Jan 2023 21:44:28 GMT
age: 29210
etag: "4e6b0302f3aa61553128d453e4c9fed886773500"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 1fadbf0232f1d32f9e1f69a03ae0d85f
ffd5a5ed1833a796abc058de27b29cbb58caab58
822ac968f892f2afdc623fc5acd352bfd321d13c6299318ff75289d007e458a7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "822AC968F892F2AFDC623FC5ACD352BFD321D13C6299318FF75289D007E458A7"
Last-Modified: Fri, 06 Jan 2023 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2273
Expires: Sun, 08 Jan 2023 06:29:11 GMT
Date: Sun, 08 Jan 2023 05:51:18 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5fc3fbba-c748-477d-b1a9-4218da052cc0.jpeg
200 OK 9.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5fc3fbba-c748-477d-b1a9-4218da052cc0.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash fc604aed78008733f09b024b71a6fda9
0f3f633b0b34ac3662febdc45704362c49622a42
7c4f5871e571148c25f83b8676846ab1b0e82be3f4a1b3fb7c05bfe23e29c1b5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5fc3fbba-c748-477d-b1a9-4218da052cc0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9644
x-amzn-requestid: 63281b3f-e673-4836-9729-7f595b0fb8b3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eZDu5FkioAMF9tg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b9e65f-5869b987090de6f758472be9;Sampled=0
x-amzn-remapped-date: Sat, 07 Jan 2023 21:38:39 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: JsNm98uTnFfNyDnk651OGxB92JTaNKc7H92yP3FCBhUb9BBsFs-Ygg==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 07 Jan 2023 21:41:46 GMT
age: 29372
etag: "0f3f633b0b34ac3662febdc45704362c49622a42"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb6a5bbd4-1919-4077-b417-b41e672d9a6e.jpeg
200 OK 6.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb6a5bbd4-1919-4077-b417-b41e672d9a6e.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5932e308c4085b38b278a84896104c40
65191708bb2a103f58286fb9a3a462f0d2151a66
fd185173148b8859625f1a5ee849b1d7148e20cd034c0b3310ee1b4d4157e8e3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb6a5bbd4-1919-4077-b417-b41e672d9a6e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6545
x-amzn-requestid: 09faae62-96b7-4558-990b-0ac1edadb354
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eTwoGHJWIAMFpVQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b7c7cd-5027b261109f2a5f1348c473;Sampled=0
x-amzn-remapped-date: Fri, 06 Jan 2023 07:03:41 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ul8oBio6bWHk3EfGidi3Lneeu3Igxo4LSl-nM7T30jaFeUoFJGDxaQ==
via: 1.1 536063cb28bfc05fcb7a78183dd89b72.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Sat, 07 Jan 2023 13:52:42 GMT
age: 57516
etag: "65191708bb2a103f58286fb9a3a462f0d2151a66"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd3750e6a-c5c3-4c07-8912-be2b2eaf7e4f.jpeg
200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd3750e6a-c5c3-4c07-8912-be2b2eaf7e4f.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 073554b46cc8ac731a6ae967ff367f70
d1a8816ad1296220be03d2191f6505f4b9fe6837
918e2a1addecb099a2b00ac33288ec1b7cd8d2a1ea9a9f90c5f1d2c54367cef1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd3750e6a-c5c3-4c07-8912-be2b2eaf7e4f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11629
x-amzn-requestid: f284312f-cc21-4148-bc52-13f52fae1190
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eT5KkHRQIAMFVOQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b7d576-7ee3d3fd4afbfcfc4faa613b;Sampled=0
x-amzn-remapped-date: Fri, 06 Jan 2023 08:01:58 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: XTxyVFQ59QCjs_0CD-nzFgyMsFKeU77l75dzWNYLJYmYZpxs6tGfHQ==
via: 1.1 1ec2938341958d70d56193d709c89dee.cloudfront.net (CloudFront), 1.1 ee8246c5442dace7525c74f6a799bb46.cloudfront.net (CloudFront), 1.1 google
date: Sun, 08 Jan 2023 03:57:57 GMT
age: 6801
etag: "d1a8816ad1296220be03d2191f6505f4b9fe6837"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ca4618f-6a71-4ec2-a5ca-de382d389417.jpeg
200 OK 4.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ca4618f-6a71-4ec2-a5ca-de382d389417.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0146cae6edad6011c47f44fb03277839
b6813e83720deba540bfbd7b469aa74b591d2f95
1cf46ba1abeb0533a36297e16789764b05e4bd8e989bb31d1d4c2897e81edd77
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ca4618f-6a71-4ec2-a5ca-de382d389417.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4946
x-amzn-requestid: f6c37ccb-08b2-4c4e-917a-02be4ac06ca0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eZDvWEJeoAMFXgg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b9e662-45a9e95a0213e1bc23044927;Sampled=0
x-amzn-remapped-date: Sat, 07 Jan 2023 21:38:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: wcgeUZbWS02iObvDp6Zha-9yNLj61Up5boN0zNQAv77pL_NYf3bvtw==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Sat, 07 Jan 2023 22:04:33 GMT
etag: "b6813e83720deba540bfbd7b469aa74b591d2f95"
content-type: image/jpeg
age: 28005
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbd91e555-c9f3-4166-92be-27db2e1919b6.jpeg
200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbd91e555-c9f3-4166-92be-27db2e1919b6.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash afcc8f4875f4b74ca0640829b689731e
584d0e11665ae89f9a294baf1e9bb4f0e4e9a4df
3e487396389c4330abc99bc99053eecc6aaf56f7afa398d70c30e1f4709577a0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbd91e555-c9f3-4166-92be-27db2e1919b6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13626
x-amzn-requestid: 407fef75-2217-4da7-8ea8-b5ede48a0615
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eNKshEEvoAMFkMg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b524b6-72ca4e7b3034e7ac1f3fa1ed;Sampled=0
x-amzn-remapped-date: Wed, 04 Jan 2023 07:03:18 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: xOpZDrVh8MsfFqh0HuJJIWFvlgIm0jUE73p9MpgRA1PO_VAv0vP2nw==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 07 Jan 2023 16:43:14 GMT
age: 47284
etag: "584d0e11665ae89f9a294baf1e9bb4f0e4e9a4df"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
unseenreport.com/pxf.gif?uuid=b6296ee9-34d9-41f6-b994-14818bd121a3&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=ae5b60e24661bf9ec039fadca57ec6c7&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=5
200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=b6296ee9-34d9-41f6-b994-14818bd121a3&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=ae5b60e24661bf9ec039fadca57ec6c7&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=5
IP
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=b6296ee9-34d9-41f6-b994-14818bd121a3&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=ae5b60e24661bf9ec039fadca57ec6c7&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=5 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://za.gl/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sun, 08 Jan 2023 05:51:18 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 137f4e466a476db75dc674f6e539b336
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=b6296ee9-34d9-41f6-b994-14818bd121a3&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=3ec0905094195898e97f189a6f59b52b&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=5
200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=b6296ee9-34d9-41f6-b994-14818bd121a3&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=3ec0905094195898e97f189a6f59b52b&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=5
IP
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=b6296ee9-34d9-41f6-b994-14818bd121a3&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=3ec0905094195898e97f189a6f59b52b&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=5 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://za.gl/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sun, 08 Jan 2023 05:51:18 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9c1ab00f7294bf105c8a285689b31e53
Strict-Transport-Security: max-age=0; includeSubdomains
blacknesskeepplan.com/sbar.json?key=3ec0905094195898e97f189a6f59b52b&uuid=b6296ee9-34d9-41f6-b994-14818bd121a3%3A1%3A1
200 OK 5.0 kB URL HTTP/1.1 blacknesskeepplan.com/sbar.json?key=3ec0905094195898e97f189a6f59b52b&uuid=b6296ee9-34d9-41f6-b994-14818bd121a3%3A1%3A1
IP
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (7023), with no line terminators
Hash 2a91b5fc5860d8400a9cd00c8cb7a658
cc53bf846836ee2da137ba3b00a6a6436b2594c8
bf88845f08cdfca44c1043f1fe17b4dc826a94bcd8dfb05301140de216e0d395
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=3ec0905094195898e97f189a6f59b52b&uuid=b6296ee9-34d9-41f6-b994-14818bd121a3%3A1%3A1 HTTP/1.1
Host: blacknesskeepplan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://za.gl
Connection: keep-alive
Referer: https://za.gl/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sun, 08 Jan 2023 05:51:18 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://za.gl
Access-Control-Allow-Origin: https://za.gl
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=16908321; expires=Mon, 09 Jan 2023 05:51:18 GMT; secure; SameSite=None
uid_id2=b6296ee9-34d9-41f6-b994-14818bd121a3:1:1; expires=Sun, 15 Jan 2023 05:51:18 GMT; secure; SameSite=None
pdhtkv=true; expires=Mon, 09 Jan 2023 05:51:18 GMT; secure; SameSite=None
uncs=1; expires=Mon, 09 Jan 2023 05:51:18 GMT; secure; SameSite=None
pdhtkv29=true; expires=Mon, 09 Jan 2023 05:51:18 GMT; secure; SameSite=None
uncs29=1; expires=Mon, 09 Jan 2023 05:51:18 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f41526856baaf0402b3a1a7a25638fdc
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 10bcbfbb46e391674dea7e6173eb12cc
f39191b2ec12d8f2a3cac088bd99910ee7f77590
13edfcb1164e226af95eec5e57ebb32624a7dff4db2e488d73a8def15b0c0906
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "13EDFCB1164E226AF95EEC5E57EBB32624A7DFF4DB2E488D73A8DEF15B0C0906"
Last-Modified: Fri, 06 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3167
Expires: Sun, 08 Jan 2023 06:44:06 GMT
Date: Sun, 08 Jan 2023 05:51:19 GMT
Connection: keep-alive
blacknesskeepplan.com/ren.gif?sid=H4sIAAAAAAAC%2F6xTX2gc1Re%2B019%2FUPDBKoIoKCOjRcFs7uyfZKclxLRJ27VpkiaRogjlztw7m%2BvemTvce2dnExCKVemLsPqkvnRytmmsFmsfhCoKsvFByYtdQdkH82pBCoLggw8iu4lUHwQfPDBzvsN3L%2Bc7f%2B7r6%2BkOwpCS%2FsJpucaFIKOVArafPMtjKjNtzy3bLi7gI%2FZZHo%2BVj9itwU81D7u4UsBP2SdY0JCjRexi7GLXPs4VC2VrdMgCT655bsHDhXKx4FbK0FJ%2Fj3VqgSYW0OYOuh847f1%2F5esbwIMuxNFH00w3jEyenolSQYxU0KSbz8WNWGYxRHdhqCwI48290yB1D6G394GMN%2FcqANm8PKgAfN5D1vcu%2BPHmnkzwmxu7Sn0BLAaf3gNZswtMdIGTLgTyAnB6CwEEFObmIY6uzEmVkdVdlgzYHtr%2F6y%2FAsx7a%2F8MDEEcfHhW8ZS9JkRouYw2tMAfe6gKvdyFJt8CsWcCzLQjMK8ApgjjKgdP%2B4%2F5Y0RtjzBsplak3UnbDsRHf88ojbrnqVn3qFl1SGraG8y7wsAuCtYFoC9LBxy1IQwvSxIKI9m1S8UKMx0M%2FLJWq5SAISqUgqFTHaIWWytUQQxoMtLfBJG0IRBsCdR4SdR4avA0q%2FQL0Sg6aWqANgibNIWMIMo0gIwgyjiAzCLJmvkGFLur8ChU69d09X9zzpbwjTX2dbEhTZzFaT3bQfYOGWfvQY9BgfbvEAuzhCvbKrlepelXmjYdu1SNjYcXzK0UfNM%2BB633DMtcG0%2FvGgmTgs4Pgky3QYgsCfhBI%2BgiQrDNexEBWOuUqhrV4Y40U6gKozCEx%2B8GsWutiBz00nFjxzu%2FAgu1nDtx58bdr%2FdsQqBwSlcNL%2FEsEdXGxsygzdHlRZhrdmE8Mj%2FgaGUxzyRDD0Pun2GomFa1N6%2FbVqWBADOC1ZabNLIkpj%2BsafXCUU8rUcakChj6v6bPMX0j1ytFUxWkyu3DseC1KFNOay7gLhN9qvQAB76EDH18d7unDU28AV1ug0v70ijHJ4dHRQPCgUUgC0SjEJGK78aRmxEyUxjxcLB4ilNM%2FMZ%2BYkSvEdZ89WfbOnMMQpduTn7wzsHeByy4EyavvOU7t2Pyc4%2FQX%2FyGFWUkjPyZc%2FNs0h3hUNxM8kPFVx1muLc%2FOOM5nNZuSus2ULVYbDUZJncU25bH986W3bl53nOmZpWOLtYXl2lCKvWSIMrZOuBDM2BGjtosxtufmT9m%2BjFN93XFmpxZPzJyrnZ46MeM4%2FZP%2FlXjQyTbaM9ASgRJ3Yz%2BxIEvzjir625OXbj%2Fx4I8vL4LgPXR44l4QbHvyqzM%2FvfbozUUgfg6a%2FeXiXbyuL0JdWUDMheGzb6ocmiIHItqg0%2F91TKK2J78tDQ18YXV8oazLvlDizd2d1bxvs0qIQ4aLzA89PxwnmHph2fOJ57Jxv0JcMLoXfPr8d38AAAD%2F%2FwEAAP%2F%2FfW8RSNgFAAA%3D
200 OK 7 B URL HTTP/1.1 blacknesskeepplan.com/ren.gif?sid=H4sIAAAAAAAC%2F6xTX2gc1Re%2B019%2FUPDBKoIoKCOjRcFs7uyfZKclxLRJ27VpkiaRogjlztw7m%2BvemTvce2dnExCKVemLsPqkvnRytmmsFmsfhCoKsvFByYtdQdkH82pBCoLggw8iu4lUHwQfPDBzvsN3L%2Bc7f%2B7r6%2BkOwpCS%2FsJpucaFIKOVArafPMtjKjNtzy3bLi7gI%2FZZHo%2BVj9itwU81D7u4UsBP2SdY0JCjRexi7GLXPs4VC2VrdMgCT655bsHDhXKx4FbK0FJ%2Fj3VqgSYW0OYOuh847f1%2F5esbwIMuxNFH00w3jEyenolSQYxU0KSbz8WNWGYxRHdhqCwI48290yB1D6G394GMN%2FcqANm8PKgAfN5D1vcu%2BPHmnkzwmxu7Sn0BLAaf3gNZswtMdIGTLgTyAnB6CwEEFObmIY6uzEmVkdVdlgzYHtr%2F6y%2FAsx7a%2F8MDEEcfHhW8ZS9JkRouYw2tMAfe6gKvdyFJt8CsWcCzLQjMK8ApgjjKgdP%2B4%2F5Y0RtjzBsplak3UnbDsRHf88ojbrnqVn3qFl1SGraG8y7wsAuCtYFoC9LBxy1IQwvSxIKI9m1S8UKMx0M%2FLJWq5SAISqUgqFTHaIWWytUQQxoMtLfBJG0IRBsCdR4SdR4avA0q%2FQL0Sg6aWqANgibNIWMIMo0gIwgyjiAzCLJmvkGFLur8ChU69d09X9zzpbwjTX2dbEhTZzFaT3bQfYOGWfvQY9BgfbvEAuzhCvbKrlepelXmjYdu1SNjYcXzK0UfNM%2BB633DMtcG0%2FvGgmTgs4Pgky3QYgsCfhBI%2BgiQrDNexEBWOuUqhrV4Y40U6gKozCEx%2B8GsWutiBz00nFjxzu%2FAgu1nDtx58bdr%2FdsQqBwSlcNL%2FEsEdXGxsygzdHlRZhrdmE8Mj%2FgaGUxzyRDD0Pun2GomFa1N6%2FbVqWBADOC1ZabNLIkpj%2BsafXCUU8rUcakChj6v6bPMX0j1ytFUxWkyu3DseC1KFNOay7gLhN9qvQAB76EDH18d7unDU28AV1ug0v70ijHJ4dHRQPCgUUgC0SjEJGK78aRmxEyUxjxcLB4ilNM%2FMZ%2BYkSvEdZ89WfbOnMMQpduTn7wzsHeByy4EyavvOU7t2Pyc4%2FQX%2FyGFWUkjPyZc%2FNs0h3hUNxM8kPFVx1muLc%2FOOM5nNZuSus2ULVYbDUZJncU25bH986W3bl53nOmZpWOLtYXl2lCKvWSIMrZOuBDM2BGjtosxtufmT9m%2BjFN93XFmpxZPzJyrnZ46MeM4%2FZP%2FlXjQyTbaM9ASgRJ3Yz%2BxIEvzjir625OXbj%2Fx4I8vL4LgPXR44l4QbHvyqzM%2FvfbozUUgfg6a%2FeXiXbyuL0JdWUDMheGzb6ocmiIHItqg0%2F91TKK2J78tDQ18YXV8oazLvlDizd2d1bxvs0qIQ4aLzA89PxwnmHph2fOJ57Jxv0JcMLoXfPr8d38AAAD%2F%2FwEAAP%2F%2FfW8RSNgFAAA%3D
IP
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F6xTX2gc1Re%2B019%2FUPDBKoIoKCOjRcFs7uyfZKclxLRJ27VpkiaRogjlztw7m%2BvemTvce2dnExCKVemLsPqkvnRytmmsFmsfhCoKsvFByYtdQdkH82pBCoLggw8iu4lUHwQfPDBzvsN3L%2Bc7f%2B7r6%2BkOwpCS%2FsJpucaFIKOVArafPMtjKjNtzy3bLi7gI%2FZZHo%2BVj9itwU81D7u4UsBP2SdY0JCjRexi7GLXPs4VC2VrdMgCT655bsHDhXKx4FbK0FJ%2Fj3VqgSYW0OYOuh847f1%2F5esbwIMuxNFH00w3jEyenolSQYxU0KSbz8WNWGYxRHdhqCwI48290yB1D6G394GMN%2FcqANm8PKgAfN5D1vcu%2BPHmnkzwmxu7Sn0BLAaf3gNZswtMdIGTLgTyAnB6CwEEFObmIY6uzEmVkdVdlgzYHtr%2F6y%2FAsx7a%2F8MDEEcfHhW8ZS9JkRouYw2tMAfe6gKvdyFJt8CsWcCzLQjMK8ApgjjKgdP%2B4%2F5Y0RtjzBsplak3UnbDsRHf88ojbrnqVn3qFl1SGraG8y7wsAuCtYFoC9LBxy1IQwvSxIKI9m1S8UKMx0M%2FLJWq5SAISqUgqFTHaIWWytUQQxoMtLfBJG0IRBsCdR4SdR4avA0q%2FQL0Sg6aWqANgibNIWMIMo0gIwgyjiAzCLJmvkGFLur8ChU69d09X9zzpbwjTX2dbEhTZzFaT3bQfYOGWfvQY9BgfbvEAuzhCvbKrlepelXmjYdu1SNjYcXzK0UfNM%2BB633DMtcG0%2FvGgmTgs4Pgky3QYgsCfhBI%2BgiQrDNexEBWOuUqhrV4Y40U6gKozCEx%2B8GsWutiBz00nFjxzu%2FAgu1nDtx58bdr%2FdsQqBwSlcNL%2FEsEdXGxsygzdHlRZhrdmE8Mj%2FgaGUxzyRDD0Pun2GomFa1N6%2FbVqWBADOC1ZabNLIkpj%2BsafXCUU8rUcakChj6v6bPMX0j1ytFUxWkyu3DseC1KFNOay7gLhN9qvQAB76EDH18d7unDU28AV1ug0v70ijHJ4dHRQPCgUUgC0SjEJGK78aRmxEyUxjxcLB4ilNM%2FMZ%2BYkSvEdZ89WfbOnMMQpduTn7wzsHeByy4EyavvOU7t2Pyc4%2FQX%2FyGFWUkjPyZc%2FNs0h3hUNxM8kPFVx1muLc%2FOOM5nNZuSus2ULVYbDUZJncU25bH986W3bl53nOmZpWOLtYXl2lCKvWSIMrZOuBDM2BGjtosxtufmT9m%2BjFN93XFmpxZPzJyrnZ46MeM4%2FZP%2FlXjQyTbaM9ASgRJ3Yz%2BxIEvzjir625OXbj%2Fx4I8vL4LgPXR44l4QbHvyqzM%2FvfbozUUgfg6a%2FeXiXbyuL0JdWUDMheGzb6ocmiIHItqg0%2F91TKK2J78tDQ18YXV8oazLvlDizd2d1bxvs0qIQ4aLzA89PxwnmHph2fOJ57Jxv0JcMLoXfPr8d38AAAD%2F%2FwEAAP%2F%2FfW8RSNgFAAA%3D HTTP/1.1
Host: blacknesskeepplan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://za.gl/
Cookie: u_pl=16908321; uid_id2=b6296ee9-34d9-41f6-b994-14818bd121a3:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sun, 08 Jan 2023 05:51:19 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c0a1b96ad6f29cc8063bb695d3459903
Strict-Transport-Security: max-age=0; includeSubdomains
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 992e5418271c3edaaf2bb52f9201f57c
746da53837bbefdadf063be9d7779755b2a7c9c9
df0cc5488abce16d74c0d0cda6b53c60c38425026bc3501360f70250fde6c771
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "DF0CC5488ABCE16D74C0D0CDA6B53C60C38425026BC3501360F70250FDE6C771"
Last-Modified: Sat, 07 Jan 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17887
Expires: Sun, 08 Jan 2023 10:49:26 GMT
Date: Sun, 08 Jan 2023 05:51:19 GMT
Connection: keep-alive
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 992e5418271c3edaaf2bb52f9201f57c
746da53837bbefdadf063be9d7779755b2a7c9c9
df0cc5488abce16d74c0d0cda6b53c60c38425026bc3501360f70250fde6c771
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "DF0CC5488ABCE16D74C0D0CDA6B53C60C38425026BC3501360F70250FDE6C771"
Last-Modified: Sat, 07 Jan 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17887
Expires: Sun, 08 Jan 2023 10:49:26 GMT
Date: Sun, 08 Jan 2023 05:51:19 GMT
Connection: keep-alive
blacknesskeepplan.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Finterstitial%2Frtb%2Fdefault%2F3%2Findex.html&l=1317&fd=96
200 OK 0 B URL HTTP/1.1 blacknesskeepplan.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Finterstitial%2Frtb%2Fdefault%2F3%2Findex.html&l=1317&fd=96
IP
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Finterstitial%2Frtb%2Fdefault%2F3%2Findex.html&l=1317&fd=96 HTTP/1.1
Host: blacknesskeepplan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://za.gl/
Cookie: u_pl=16908321; uid_id2=b6296ee9-34d9-41f6-b994-14818bd121a3:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sun, 08 Jan 2023 05:51:19 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.creative-bars1.com/sb/interstitial/rtb/default/3/img/close.png
200 OK 49 kB URL HTTP/2 cdn.creative-bars1.com/sb/interstitial/rtb/default/3/img/close.png
IP
File type PNG image data, 2063 x 2063, 8-bit/color RGBA, non-interlaced\012- data
Hash c468e1d251e84cbbd9fd43f1bf756866
29512569a2da569797a545eb36c6176d6285a8da
b0da14eff7c6fe39d973148b55c51ee6ce3948e76e488c401eb6dca5dfbd1cd8
GET /sb/interstitial/rtb/default/3/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 08 Jan 2023 05:51:19 GMT
content-type: image/png
content-length: 48623
last-modified: Wed, 23 Jun 2021 13:33:23 GMT
etag: "60d33823-bdef"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 4636688
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YDc0eo%2FuoiLiEX0UznTFMn4wBSNJx98lIO5KjXNbimgNGHDMBhmaID%2F%2FYxpKeKt%2FnqoVl%2Bxzwg%2FQ5v6RqGVrbW8iqFrw9Ln%2F4B6AAvvB8Ca8%2BC4Onc0Wy%2FQKwIGf5d2XP5PiX3rBM%2BvN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7862a920dcbf7714-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
friendshipmale.com/sfp.js
200 OK 28 kB URL HTTP/2 friendshipmale.com/sfp.js
IP
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash a0b4f8c6a36d434c9c3c4fd0aae2f471
08ad33309c240517c8aa348ce6e8f0be6ce5c3b5
6028342d435d491b604e0116d64742540358ee8afa56d7e50cef6bc5fe29a7fd
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://za.gl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 08 Jan 2023 05:51:17 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 80211b1e363bc374724b959b362d3b7a
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sun, 08 Jan 2023 05:51:17 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l%2BOMtJCFRiSURCQDR2NQ3GRlr712y6VbuvTB6HiEYYMjnnGMWDbpd37%2Fg18P9e2HyG9WtBemiQXpsKcB7sT8nslA9ajqgeAXjG4pLGBWvGrNoAd4B7abLBmd4TU8ZseiyJwmr08%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7862a918cfc388b0-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.barscreative1.com/sb/interstitial/rtb/default/3/index.html
200 OK 489 B URL HTTP/2 cdn.barscreative1.com/sb/interstitial/rtb/default/3/index.html
IP
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document, ASCII text
Hash 801972aec0fce4f97adcfeaffd374f16
b60a0f60609bf6fa171289fc35f46784e554fbf8
1af7b6c0ed6e2ef3da1e89f96dbc6a1df111b47fd8f20fa9b4e4fbbb47bff0fa
Analyzer Verdict Alert fortinet Phishing
GET /sb/interstitial/rtb/default/3/index.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://za.gl
Connection: keep-alive
Referer: https://za.gl/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 08 Jan 2023 05:51:19 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Sat, 07 May 2022 03:21:27 GMT
etag: W/"6275e5b7-525"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Sun, 08 Jan 2023 06:51:19 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
blacknesskeepplan.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Frtb%2Fdefault%2F3%2Fcss%2Fstyle.css&l=5338&fd=132
200 OK 0 B URL HTTP/1.1 blacknesskeepplan.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Frtb%2Fdefault%2F3%2Fcss%2Fstyle.css&l=5338&fd=132
IP
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Frtb%2Fdefault%2F3%2Fcss%2Fstyle.css&l=5338&fd=132 HTTP/1.1
Host: blacknesskeepplan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://za.gl/
Cookie: u_pl=16908321; uid_id2=b6296ee9-34d9-41f6-b994-14818bd121a3:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sun, 08 Jan 2023 05:51:19 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
click.pclk.name/thumbnail?seat=369022&adid=369022&i=Eoha11JH49Q_0&imgt=icon
302 Found 0 B URL HTTP/1.1 click.pclk.name/thumbnail?seat=369022&adid=369022&i=Eoha11JH49Q_0&imgt=icon
IP
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /thumbnail?seat=369022&adid=369022&i=Eoha11JH49Q_0&imgt=icon HTTP/1.1
Host: click.pclk.name
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: https://us.doctorpost.net/metrics/save.img?event=impressions&bid-id=v2-1673157078741-7-8077-1178228-176b988d-2538-6bce-6ebe-873b05e743f6&img=https%3A%2F%2Ftrack.trackingtraffo.com%2Fpush%2Fic%3Fauth%3Dpz6u78%26c%3DByJluQjSIG4f5LGamcbkpRQfn0mm09dt-mJygYFXlcgoSLEg9S7dzH3IRs_6rbQ6J6EgOkswdYHX78lfkkeDbUS2JkFL-atmNzQvydSdLt9LQh8XAR7epd0oTt7Vffr5m8HOyx9209ZBw5SNLVtYbBPBKpX5a6fqgDJ9HoVEDFs2JdctExje-3bd7kzW0EdkKM_3ZEtWOMRV0uJy0vT_qRBc083whbhQ2tvQjqZ3Au-_oUvJ9V1Ujx-aQpE3V2Wu5NRWZb3e9kVwgpurugq6Bzjeb9n1-df0VkDaiSYxmQF-ug5bwxkdMVfLXiccHOmw-eDBv_Zyyi94-yr2fMroZO2WuIk_IFpBbnVV-7pvXWlTeVzxnWy2cZA8TH59o37GxKzAaTUS2HCpqMs9YJ-wRhd9CyvoX67iNV4DTYMdci-Ddel3qFeKkDY7clY8kblVDYTAACIf9v1uqtqjr8BKswVM4UNo6wVbrkRx5-3u6sINFBNvrY73fqUw3ykzGJBEbT1q0sq0JmdvbTxW3xOJmZNz8ZOgp6qeUdl6oJvMjDiynFw8b0FZqnfjvD1uTNvUw2OLF0NoDzx-tZSm5lT_IcS5upye2AJA_dZKGLD76VgX_WOS
Pragma: no-cache
cdn.creative-bars1.com/sb/interstitial/rtb/default/3/css/animate.css
200 OK 4.8 kB URL HTTP/2 cdn.creative-bars1.com/sb/interstitial/rtb/default/3/css/animate.css
IP
Hash c91016401e0a0b7b3d7572de48c76597
12fb634abb5e708b4f55d1489055b4f626d3cdd1
2472e286e0bf6f54cef9d99e9c63301c873fa02bc4e3979e1a18587a6d973120
GET /sb/interstitial/rtb/default/3/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://za.gl
Connection: keep-alive
Referer: https://za.gl/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 08 Jan 2023 05:51:19 GMT
content-type: text/css
last-modified: Wed, 23 Jun 2021 13:33:20 GMT
etag: W/"60d33820-13591"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 72922
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GIaqfyNCdb%2FS9yfi%2FJIb%2Bp%2BKVPYhJvjoLav87mPALlhtyYCsOBbvTqglRpeJ2nWnbKPPPIomksadh0nfI1hzDlnynPXmAg1%2FflUS%2FzP%2B23xh7lBp41KMb2FTKWFPByL1SoGe90nsrhra"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7862a920ccb47714-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/interstitial/rtb/default/3/css/style.css
200 OK 1.5 kB URL HTTP/2 cdn.creative-bars1.com/sb/interstitial/rtb/default/3/css/style.css
IP
Hash 79abab276cc2d87b2d112c4bba430632
c40c356482cd9050de7b116c5c197f1405bbafe7
14c967a07f792fd99b5a2230b8c512ba32b57989dea8b045a5440ee6234b23e8
GET /sb/interstitial/rtb/default/3/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://za.gl
Connection: keep-alive
Referer: https://za.gl/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 08 Jan 2023 05:51:19 GMT
content-type: text/css
last-modified: Wed, 23 Jun 2021 13:33:21 GMT
etag: W/"60d33821-14da"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 72922
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ib74CQMBBza23wET%2BzA9jXE1bOeEtHPvIWBqhtlok5lhrApIUljZEJKW%2FvuaC6GuLa0fKqLp7lji3TsVm9tsgeq1gEqWJDVsi%2BZY1VmsKXlaNxXtOne3qG%2BCfRzvJKT8xdv26PLvXAuE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7862a920ccb67714-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/interstitial/rtb/default/3/fonts/SFUIText-Regular.woff
200 OK 73 kB URL HTTP/2 cdn.creative-bars1.com/sb/interstitial/rtb/default/3/fonts/SFUIText-Regular.woff
IP
File type Web Open Font Format, TrueType, length 72696, version 11.0\012- data
Hash 53d97caea7ef8a12beab745fcc5744e1
b8c70e4f67957e4f2cb809a58d84c773a3bde6d0
542772868e28df6d786b6f00f9dec929cba214d928cb013b32588485b46f8715
GET /sb/interstitial/rtb/default/3/fonts/SFUIText-Regular.woff HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://za.gl
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 08 Jan 2023 05:51:19 GMT
content-type: application/font-woff
content-length: 72696
last-modified: Wed, 23 Jun 2021 13:33:22 GMT
etag: "60d33822-11bf8"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 38568
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wCJRNnQ8CMlT8fBlNV2%2BXBhKPo8ysWE2Jx9pJ2fTpJxnZdzsSmcC4fUphLMWK6KzqdJqGkGaC8BoDNeqp08z8V8Hnq6ULKMGUweVFaA7g%2FQHBgngnrY2MG3n8kL3i1UEFfJczBoGcf9L"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7862a9235e8c7714-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
blacknesskeepplan.com/impr.gif?sid=H4sIAAAAAAAC%2F6xTT4gcxReuzi8%2FCHgwiiAKSktrUHBnu3t6dqcTlnWT3SRjNrub2ZWgCKG6qmamnOo%2FVFVPzy4IwajkIoye1Et632SzRoMxByGKgsx6UPZiRlDm4F4NSEAQPHgQmdmV6EHw4IPu9z2%2BKt73%2FtTr6%2BkOsiHFg6XT8RoXAo%2BXCrb55Fke0ThT5sKK6dgF%2B4h5lkcT3hGzPfzJ1mHHLhXsp8wTjDTjcdd2bNuxHfM4l6wWt8dHLPDkmu8UfLvguQWn5EFb%2Fj1WqQEKG0BbO%2Bh%2B4LT%2F%2F8bXN4CTHkThR7NMNXWcPD0XpgLrWEKLbj4XNaM4iyC8C2vSgFq0uXcaYtVH6O19EEebexVA3Lo8rAAC3kfG9w4E0eaeTAhaG7tKAwEsgoDeA1mrB0z0gOMekPgCcHoLARAKC4sQhVcWYpnh1V0WD9k%2B2v%2FrL8CzPtr%2FwwMQhR8eFbxtLsci1TyOFLRrOfB2D3i9B0m6BXrNAJ5tAdGvAKcIojAHTgePBxOuP8GYP1b0qD%2FmObWJscD3vTHHKzvlgDqug4uj1nDeA17rgWAdwMqAdPhxA9KaAWliQEgHJi75NduerAW1YrHsEUKKRUJK5QlaokWvXLMhJUPtHdBJB4joAJHnIZHnock7INMvQDVyUNQApRG0aA4ZQ5ApBBlGkHEEmUaQtfINKpSr8itUqDRw9ry754t5N9b1dbwR6zqL0Hqyg%2B4bNszYhx6DJhuYRUZs3y7Zvuf4pbJfZv5kzSn7eKJW8oOSG4DiOXC1b1Tm2nB63xiQDH12EAK8BUpsAeEHAaePAM66k64NuNH1yjasRRtruFAXQOMcEr0f9KqxLnbQQ6OJuXd%2BB0a2nzlw58Xfrg1uA5E5JDKHl%2FiXCOriYrcaZ%2BhyNc4UurGYaB7yNTyc5rLGmqH3T7HVLJa0Mqs6V2fIkBjCaytM6XkcUR7VFfrgKKeUyeOxJAx9XlFnWbCUqsbRVEZpMr907HglTCRTisdRDzC%2F1X4BCO%2BjAx9fHe3pwzNvAJdbINPBbEPr5PD4OBGcNAsJEc1ChEO2G08rhvVUccK3XfcQppz%2BifnUXNzAjvPsSc8%2Fc86GMN2e%2FuSdob0LPO4BSV59z7IqxxYXLGtQ%2FYcUupGGQYS5%2BLdpDvGwrqc4iaOrlrVSWZmfs6zPKibFdZNJU6w2m4ziOotMyiPz50tv3bxuWbNzy8eqlaWVykiKuayx1KZKuBBMmyGjpmPbtrmweMoM4ihV1y1rfqZ6Yu5c5fTMiTnLGpz8r8SDSrbRnoGKEUhxNw4SA7I070o32J6%2BdPuJB398uQqC99HhqXtBsO3pr8789NqjN6uAgxwU%2B8vFu3hdXYS6NADrC6Nn35I5tEQOWHRApf%2Fr6kRuT39bHBkEwugGQhqXAyHFm7s7q%2FjALDkeKwflSUJpwAh1Jt1iuWjbLqXepM8cH7Tqk0%2Bf%2F%2B4PAAAA%2F%2F8BAAD%2F%2F2lnn67YBQAA
200 OK 7 B URL HTTP/1.1 blacknesskeepplan.com/impr.gif?sid=H4sIAAAAAAAC%2F6xTT4gcxReuzi8%2FCHgwiiAKSktrUHBnu3t6dqcTlnWT3SRjNrub2ZWgCKG6qmamnOo%2FVFVPzy4IwajkIoye1Et632SzRoMxByGKgsx6UPZiRlDm4F4NSEAQPHgQmdmV6EHw4IPu9z2%2BKt73%2FtTr6%2BkOsiHFg6XT8RoXAo%2BXCrb55Fke0ThT5sKK6dgF%2B4h5lkcT3hGzPfzJ1mHHLhXsp8wTjDTjcdd2bNuxHfM4l6wWt8dHLPDkmu8UfLvguQWn5EFb%2Fj1WqQEKG0BbO%2Bh%2B4LT%2F%2F8bXN4CTHkThR7NMNXWcPD0XpgLrWEKLbj4XNaM4iyC8C2vSgFq0uXcaYtVH6O19EEebexVA3Lo8rAAC3kfG9w4E0eaeTAhaG7tKAwEsgoDeA1mrB0z0gOMekPgCcHoLARAKC4sQhVcWYpnh1V0WD9k%2B2v%2FrL8CzPtr%2FwwMQhR8eFbxtLsci1TyOFLRrOfB2D3i9B0m6BXrNAJ5tAdGvAKcIojAHTgePBxOuP8GYP1b0qD%2FmObWJscD3vTHHKzvlgDqug4uj1nDeA17rgWAdwMqAdPhxA9KaAWliQEgHJi75NduerAW1YrHsEUKKRUJK5QlaokWvXLMhJUPtHdBJB4joAJHnIZHnock7INMvQDVyUNQApRG0aA4ZQ5ApBBlGkHEEmUaQtfINKpSr8itUqDRw9ry754t5N9b1dbwR6zqL0Hqyg%2B4bNszYhx6DJhuYRUZs3y7Zvuf4pbJfZv5kzSn7eKJW8oOSG4DiOXC1b1Tm2nB63xiQDH12EAK8BUpsAeEHAaePAM66k64NuNH1yjasRRtruFAXQOMcEr0f9KqxLnbQQ6OJuXd%2BB0a2nzlw58Xfrg1uA5E5JDKHl%2FiXCOriYrcaZ%2BhyNc4UurGYaB7yNTyc5rLGmqH3T7HVLJa0Mqs6V2fIkBjCaytM6XkcUR7VFfrgKKeUyeOxJAx9XlFnWbCUqsbRVEZpMr907HglTCRTisdRDzC%2F1X4BCO%2BjAx9fHe3pwzNvAJdbINPBbEPr5PD4OBGcNAsJEc1ChEO2G08rhvVUccK3XfcQppz%2BifnUXNzAjvPsSc8%2Fc86GMN2e%2FuSdob0LPO4BSV59z7IqxxYXLGtQ%2FYcUupGGQYS5%2BLdpDvGwrqc4iaOrlrVSWZmfs6zPKibFdZNJU6w2m4ziOotMyiPz50tv3bxuWbNzy8eqlaWVykiKuayx1KZKuBBMmyGjpmPbtrmweMoM4ihV1y1rfqZ6Yu5c5fTMiTnLGpz8r8SDSrbRnoGKEUhxNw4SA7I070o32J6%2BdPuJB398uQqC99HhqXtBsO3pr8789NqjN6uAgxwU%2B8vFu3hdXYS6NADrC6Nn35I5tEQOWHRApf%2Fr6kRuT39bHBkEwugGQhqXAyHFm7s7q%2FjALDkeKwflSUJpwAh1Jt1iuWjbLqXepM8cH7Tqk0%2Bf%2F%2B4PAAAA%2F%2F8BAAD%2F%2F2lnn67YBQAA
IP
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F6xTT4gcxReuzi8%2FCHgwiiAKSktrUHBnu3t6dqcTlnWT3SRjNrub2ZWgCKG6qmamnOo%2FVFVPzy4IwajkIoye1Et632SzRoMxByGKgsx6UPZiRlDm4F4NSEAQPHgQmdmV6EHw4IPu9z2%2BKt73%2FtTr6%2BkOsiHFg6XT8RoXAo%2BXCrb55Fke0ThT5sKK6dgF%2B4h5lkcT3hGzPfzJ1mHHLhXsp8wTjDTjcdd2bNuxHfM4l6wWt8dHLPDkmu8UfLvguQWn5EFb%2Fj1WqQEKG0BbO%2Bh%2B4LT%2F%2F8bXN4CTHkThR7NMNXWcPD0XpgLrWEKLbj4XNaM4iyC8C2vSgFq0uXcaYtVH6O19EEebexVA3Lo8rAAC3kfG9w4E0eaeTAhaG7tKAwEsgoDeA1mrB0z0gOMekPgCcHoLARAKC4sQhVcWYpnh1V0WD9k%2B2v%2FrL8CzPtr%2FwwMQhR8eFbxtLsci1TyOFLRrOfB2D3i9B0m6BXrNAJ5tAdGvAKcIojAHTgePBxOuP8GYP1b0qD%2FmObWJscD3vTHHKzvlgDqug4uj1nDeA17rgWAdwMqAdPhxA9KaAWliQEgHJi75NduerAW1YrHsEUKKRUJK5QlaokWvXLMhJUPtHdBJB4joAJHnIZHnock7INMvQDVyUNQApRG0aA4ZQ5ApBBlGkHEEmUaQtfINKpSr8itUqDRw9ry754t5N9b1dbwR6zqL0Hqyg%2B4bNszYhx6DJhuYRUZs3y7Zvuf4pbJfZv5kzSn7eKJW8oOSG4DiOXC1b1Tm2nB63xiQDH12EAK8BUpsAeEHAaePAM66k64NuNH1yjasRRtruFAXQOMcEr0f9KqxLnbQQ6OJuXd%2BB0a2nzlw58Xfrg1uA5E5JDKHl%2FiXCOriYrcaZ%2BhyNc4UurGYaB7yNTyc5rLGmqH3T7HVLJa0Mqs6V2fIkBjCaytM6XkcUR7VFfrgKKeUyeOxJAx9XlFnWbCUqsbRVEZpMr907HglTCRTisdRDzC%2F1X4BCO%2BjAx9fHe3pwzNvAJdbINPBbEPr5PD4OBGcNAsJEc1ChEO2G08rhvVUccK3XfcQppz%2BifnUXNzAjvPsSc8%2Fc86GMN2e%2FuSdob0LPO4BSV59z7IqxxYXLGtQ%2FYcUupGGQYS5%2BLdpDvGwrqc4iaOrlrVSWZmfs6zPKibFdZNJU6w2m4ziOotMyiPz50tv3bxuWbNzy8eqlaWVykiKuayx1KZKuBBMmyGjpmPbtrmweMoM4ihV1y1rfqZ6Yu5c5fTMiTnLGpz8r8SDSrbRnoGKEUhxNw4SA7I070o32J6%2BdPuJB398uQqC99HhqXtBsO3pr8789NqjN6uAgxwU%2B8vFu3hdXYS6NADrC6Nn35I5tEQOWHRApf%2Fr6kRuT39bHBkEwugGQhqXAyHFm7s7q%2FjALDkeKwflSUJpwAh1Jt1iuWjbLqXepM8cH7Tqk0%2Bf%2F%2B4PAAAA%2F%2F8BAAD%2F%2F2lnn67YBQAA HTTP/1.1
Host: blacknesskeepplan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://za.gl/
Cookie: u_pl=16908321; uid_id2=b6296ee9-34d9-41f6-b994-14818bd121a3:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sun, 08 Jan 2023 05:51:19 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: af7d1dd828df533a1a4e291330751961
Strict-Transport-Security: max-age=0; includeSubdomains
blacknesskeepplan.com/pixel/sbs?c=1
200 OK 0 B URL HTTP/1.1 blacknesskeepplan.com/pixel/sbs?c=1
IP
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: blacknesskeepplan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://za.gl/
Cookie: u_pl=16908321; uid_id2=b6296ee9-34d9-41f6-b994-14818bd121a3:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sun, 08 Jan 2023 05:51:19 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 380cf03e6e62e691d475625e7a21b490
d5dd8ed20c35620594308ea63429c6d92af28782
28053d59f697a0bd8e957e3d5cf8c5543020616b5c90ca4f293a7c3bf6cbc677
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "28053D59F697A0BD8E957E3D5CF8C5543020616B5C90CA4F293A7C3BF6CBC677"
Last-Modified: Sat, 07 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6588
Expires: Sun, 08 Jan 2023 07:41:07 GMT
Date: Sun, 08 Jan 2023 05:51:19 GMT
Connection: keep-alive
us.doctorpost.net/metrics/save.img?event=impressions&bid-id=v2-1673157078741-7-8077-1178228-176b988d-2538-6bce-6ebe-873b05e743f6&img=https%3A%2F%2Ftrack.trackingtraffo.com%2Fpush%2Fic%3Fauth%3Dpz6u78%26c%3DByJluQjSIG4f5LGamcbkpRQfn0mm09dt-mJygYFXlcgoSLEg9S7dzH3IRs_6rbQ6J6EgOkswdYHX78lfkkeDbUS2JkFL-atmNzQvydSdLt9LQh8XAR7epd0oTt7Vffr5m8HOyx9209ZBw5SNLVtYbBPBKpX5a6fqgDJ9HoVEDFs2JdctExje-3bd7kzW0EdkKM_3ZEtWOMRV0uJy0vT_qRBc083whbhQ2tvQjqZ3Au-_oUvJ9V1Ujx-aQpE3V2Wu5NRWZb3e9kVwgpurugq6Bzjeb9n1-df0VkDaiSYxmQF-ug5bwxkdMVfLXiccHOmw-eDBv_Zyyi94-yr2fMroZO2WuIk_IFpBbnVV-7pvXWlTeVzxnWy2cZA8TH59o37GxKzAaTUS2HCpqMs9YJ-wRhd9CyvoX67iNV4DTYMdci-Ddel3qFeKkDY7clY8kblVDYTAACIf9v1uqtqjr8BKswVM4UNo6wVbrkRx5-3u6sINFBNvrY73fqUw3ykzGJBEbT1q0sq0JmdvbTxW3xOJmZNz8ZOgp6qeUdl6oJvMjDiynFw8b0FZqnfjvD1uTNvUw2OLF0NoDzx-tZSm5lT_IcS5upye2AJA_dZKGLD76VgX_WOS
302 Found 0 B URL HTTP/2 us.doctorpost.net/metrics/save.img?event=impressions&bid-id=v2-1673157078741-7-8077-1178228-176b988d-2538-6bce-6ebe-873b05e743f6&img=https%3A%2F%2Ftrack.trackingtraffo.com%2Fpush%2Fic%3Fauth%3Dpz6u78%26c%3DByJluQjSIG4f5LGamcbkpRQfn0mm09dt-mJygYFXlcgoSLEg9S7dzH3IRs_6rbQ6J6EgOkswdYHX78lfkkeDbUS2JkFL-atmNzQvydSdLt9LQh8XAR7epd0oTt7Vffr5m8HOyx9209ZBw5SNLVtYbBPBKpX5a6fqgDJ9HoVEDFs2JdctExje-3bd7kzW0EdkKM_3ZEtWOMRV0uJy0vT_qRBc083whbhQ2tvQjqZ3Au-_oUvJ9V1Ujx-aQpE3V2Wu5NRWZb3e9kVwgpurugq6Bzjeb9n1-df0VkDaiSYxmQF-ug5bwxkdMVfLXiccHOmw-eDBv_Zyyi94-yr2fMroZO2WuIk_IFpBbnVV-7pvXWlTeVzxnWy2cZA8TH59o37GxKzAaTUS2HCpqMs9YJ-wRhd9CyvoX67iNV4DTYMdci-Ddel3qFeKkDY7clY8kblVDYTAACIf9v1uqtqjr8BKswVM4UNo6wVbrkRx5-3u6sINFBNvrY73fqUw3ykzGJBEbT1q0sq0JmdvbTxW3xOJmZNz8ZOgp6qeUdl6oJvMjDiynFw8b0FZqnfjvD1uTNvUw2OLF0NoDzx-tZSm5lT_IcS5upye2AJA_dZKGLD76VgX_WOS
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /metrics/save.img?event=impressions&bid-id=v2-1673157078741-7-8077-1178228-176b988d-2538-6bce-6ebe-873b05e743f6&img=https%3A%2F%2Ftrack.trackingtraffo.com%2Fpush%2Fic%3Fauth%3Dpz6u78%26c%3DByJluQjSIG4f5LGamcbkpRQfn0mm09dt-mJygYFXlcgoSLEg9S7dzH3IRs_6rbQ6J6EgOkswdYHX78lfkkeDbUS2JkFL-atmNzQvydSdLt9LQh8XAR7epd0oTt7Vffr5m8HOyx9209ZBw5SNLVtYbBPBKpX5a6fqgDJ9HoVEDFs2JdctExje-3bd7kzW0EdkKM_3ZEtWOMRV0uJy0vT_qRBc083whbhQ2tvQjqZ3Au-_oUvJ9V1Ujx-aQpE3V2Wu5NRWZb3e9kVwgpurugq6Bzjeb9n1-df0VkDaiSYxmQF-ug5bwxkdMVfLXiccHOmw-eDBv_Zyyi94-yr2fMroZO2WuIk_IFpBbnVV-7pvXWlTeVzxnWy2cZA8TH59o37GxKzAaTUS2HCpqMs9YJ-wRhd9CyvoX67iNV4DTYMdci-Ddel3qFeKkDY7clY8kblVDYTAACIf9v1uqtqjr8BKswVM4UNo6wVbrkRx5-3u6sINFBNvrY73fqUw3ykzGJBEbT1q0sq0JmdvbTxW3xOJmZNz8ZOgp6qeUdl6oJvMjDiynFw8b0FZqnfjvD1uTNvUw2OLF0NoDzx-tZSm5lT_IcS5upye2AJA_dZKGLD76VgX_WOS HTTP/1.1
Host: us.doctorpost.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: openresty/1.15.8.3
date: Sun, 08 Jan 2023 05:51:20 GMT
content-length: 0
location: https://track.trackingtraffo.com/push/ic?auth=pz6u78&c=ByJluQjSIG4f5LGamcbkpRQfn0mm09dt-mJygYFXlcgoSLEg9S7dzH3IRs_6rbQ6J6EgOkswdYHX78lfkkeDbUS2JkFL-atmNzQvydSdLt9LQh8XAR7epd0oTt7Vffr5m8HOyx9209ZBw5SNLVtYbBPBKpX5a6fqgDJ9HoVEDFs2JdctExje-3bd7kzW0EdkKM_3ZEtWOMRV0uJy0vT_qRBc083whbhQ2tvQjqZ3Au-_oUvJ9V1Ujx-aQpE3V2Wu5NRWZb3e9kVwgpurugq6Bzjeb9n1-df0VkDaiSYxmQF-ug5bwxkdMVfLXiccHOmw-eDBv_Zyyi94-yr2fMroZO2WuIk_IFpBbnVV-7pvXWlTeVzxnWy2cZA8TH59o37GxKzAaTUS2HCpqMs9YJ-wRhd9CyvoX67iNV4DTYMdci-Ddel3qFeKkDY7clY8kblVDYTAACIf9v1uqtqjr8BKswVM4UNo6wVbrkRx5-3u6sINFBNvrY73fqUw3ykzGJBEbT1q0sq0JmdvbTxW3xOJmZNz8ZOgp6qeUdl6oJvMjDiynFw8b0FZqnfjvD1uTNvUw2OLF0NoDzx-tZSm5lT_IcS5upye2AJA_dZKGLD76VgX_WOS
X-Firefox-Spdy: h2
ocsp.sectigo.com/
200 OK 471 B IP
Hash 2b67cc0c8345d21514c717dd825deee9
6c0e0ab87a3e37698b8299884ec8d9daadaeba56
f47871b5b5fa0fb2a07a5a8b511c1447472f86873b8e98e6d531685cdb49a0dc
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 08 Jan 2023 05:51:20 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 07 Jan 2023 18:28:18 GMT
Expires: Sat, 14 Jan 2023 18:28:17 GMT
Etag: "6c0e0ab87a3e37698b8299884ec8d9daadaeba56"
Cache-Control: max-age=563216,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7862a9286ddab511-OSL
track.trackingtraffo.com/push/ic?auth=pz6u78&c=ByJluQjSIG4f5LGamcbkpRQfn0mm09dt-mJygYFXlcgoSLEg9S7dzH3IRs_6rbQ6J6EgOkswdYHX78lfkkeDbUS2JkFL-atmNzQvydSdLt9LQh8XAR7epd0oTt7Vffr5m8HOyx9209ZBw5SNLVtYbBPBKpX5a6fqgDJ9HoVEDFs2JdctExje-3bd7kzW0EdkKM_3ZEtWOMRV0uJy0vT_qRBc083whbhQ2tvQjqZ3Au-_oUvJ9V1Ujx-aQpE3V2Wu5NRWZb3e9kVwgpurugq6Bzjeb9n1-df0VkDaiSYxmQF-ug5bwxkdMVfLXiccHOmw-eDBv_Zyyi94-yr2fMroZO2WuIk_IFpBbnVV-7pvXWlTeVzxnWy2cZA8TH59o37GxKzAaTUS2HCpqMs9YJ-wRhd9CyvoX67iNV4DTYMdci-Ddel3qFeKkDY7clY8kblVDYTAACIf9v1uqtqjr8BKswVM4UNo6wVbrkRx5-3u6sINFBNvrY73fqUw3ykzGJBEbT1q0sq0JmdvbTxW3xOJmZNz8ZOgp6qeUdl6oJvMjDiynFw8b0FZqnfjvD1uTNvUw2OLF0NoDzx-tZSm5lT_IcS5upye2AJA_dZKGLD76VgX_WOS
302 Found 0 B URL HTTP/1.1 track.trackingtraffo.com/push/ic?auth=pz6u78&c=ByJluQjSIG4f5LGamcbkpRQfn0mm09dt-mJygYFXlcgoSLEg9S7dzH3IRs_6rbQ6J6EgOkswdYHX78lfkkeDbUS2JkFL-atmNzQvydSdLt9LQh8XAR7epd0oTt7Vffr5m8HOyx9209ZBw5SNLVtYbBPBKpX5a6fqgDJ9HoVEDFs2JdctExje-3bd7kzW0EdkKM_3ZEtWOMRV0uJy0vT_qRBc083whbhQ2tvQjqZ3Au-_oUvJ9V1Ujx-aQpE3V2Wu5NRWZb3e9kVwgpurugq6Bzjeb9n1-df0VkDaiSYxmQF-ug5bwxkdMVfLXiccHOmw-eDBv_Zyyi94-yr2fMroZO2WuIk_IFpBbnVV-7pvXWlTeVzxnWy2cZA8TH59o37GxKzAaTUS2HCpqMs9YJ-wRhd9CyvoX67iNV4DTYMdci-Ddel3qFeKkDY7clY8kblVDYTAACIf9v1uqtqjr8BKswVM4UNo6wVbrkRx5-3u6sINFBNvrY73fqUw3ykzGJBEbT1q0sq0JmdvbTxW3xOJmZNz8ZOgp6qeUdl6oJvMjDiynFw8b0FZqnfjvD1uTNvUw2OLF0NoDzx-tZSm5lT_IcS5upye2AJA_dZKGLD76VgX_WOS
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /push/ic?auth=pz6u78&c=ByJluQjSIG4f5LGamcbkpRQfn0mm09dt-mJygYFXlcgoSLEg9S7dzH3IRs_6rbQ6J6EgOkswdYHX78lfkkeDbUS2JkFL-atmNzQvydSdLt9LQh8XAR7epd0oTt7Vffr5m8HOyx9209ZBw5SNLVtYbBPBKpX5a6fqgDJ9HoVEDFs2JdctExje-3bd7kzW0EdkKM_3ZEtWOMRV0uJy0vT_qRBc083whbhQ2tvQjqZ3Au-_oUvJ9V1Ujx-aQpE3V2Wu5NRWZb3e9kVwgpurugq6Bzjeb9n1-df0VkDaiSYxmQF-ug5bwxkdMVfLXiccHOmw-eDBv_Zyyi94-yr2fMroZO2WuIk_IFpBbnVV-7pvXWlTeVzxnWy2cZA8TH59o37GxKzAaTUS2HCpqMs9YJ-wRhd9CyvoX67iNV4DTYMdci-Ddel3qFeKkDY7clY8kblVDYTAACIf9v1uqtqjr8BKswVM4UNo6wVbrkRx5-3u6sINFBNvrY73fqUw3ykzGJBEbT1q0sq0JmdvbTxW3xOJmZNz8ZOgp6qeUdl6oJvMjDiynFw8b0FZqnfjvD1uTNvUw2OLF0NoDzx-tZSm5lT_IcS5upye2AJA_dZKGLD76VgX_WOS HTTP/1.1
Host: track.trackingtraffo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 08 Jan 2023 05:51:20 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, max-age=0, must-revalidate, proxy-revalidate, no-store
Pragma: no-cache
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Location: https://ads.trackingtraffo.com/creatives/k1qy286gxmd5g3dpr397nw5v/1659515047164-National Casino black.png
ads.trackingtraffo.com/creatives/k1qy286gxmd5g3dpr397nw5v/1659515047164-National%20Casino%20black.png
200 OK 4.5 kB URL HTTP/1.1 ads.trackingtraffo.com/creatives/k1qy286gxmd5g3dpr397nw5v/1659515047164-National%20Casino%20black.png
IP
ASN #24940 Hetzner Online GmbH
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash 58be17b22d6e1178a54c92cf862c817e
b821bc2f016751647df49e49863077e927a70322
9cc4f3f40313b08baf54c956685ac7a21ac8a3573908b9763865c6f613ce1b5f
GET /creatives/k1qy286gxmd5g3dpr397nw5v/1659515047164-National%20Casino%20black.png HTTP/1.1
Host: ads.trackingtraffo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 08 Jan 2023 05:51:20 GMT
Content-Type: image/png
Content-Length: 4456
Last-Modified: Wed, 03 Aug 2022 08:24:07 GMT
Connection: keep-alive
ETag: "62ea30a7-1168"
Accept-Ranges: bytes
openfpcdn.io/fingerprintjs/v3
200 OK 0 B URL HTTP/2 openfpcdn.io/fingerprintjs/v3
IP
GET /fingerprintjs/v3 HTTP/1.1
Host: openfpcdn.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://za.gl
Connection: keep-alive
Referer: https://za.gl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
server: CloudFront
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
content-encoding: gzip
date: Sun, 08 Jan 2023 05:34:14 GMT
cache-control: public, max-age=627935, s-maxage=11201
etag: W/"iGPd/qM5rvpVhWvx3vVSNedX/OA"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: 7RkXjn-hs0xZ4IrOAFkLJCbFOcxKVQwABph13BrmHCO1UKqEIQuH8Q==
age: 8620
X-Firefox-Spdy: h2
fonts.googleapis.com/css2?family=DM+Sans:wght@400;700&display=swap
200 OK 0 B URL HTTP/2 fonts.googleapis.com/css2?family=DM+Sans:wght@400;700&display=swap
IP
GET /css2?family=DM+Sans:wght@400;700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://za.gl/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 08 Jan 2023 05:51:16 GMT
date: Sun, 08 Jan 2023 05:51:16 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993
200 OK 0 B URL HTTP/2 static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993
IP
GET /beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://za.gl
Connection: keep-alive
Referer: https://za.gl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 08 Jan 2023 05:51:16 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/2022.10.1
last-modified: Fri, 21 Oct 2022 01:56:09 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 7862a910fb15b511-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/interstitial/rtb/default/3/js/jquery-3.2.1.min.js
200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/interstitial/rtb/default/3/js/jquery-3.2.1.min.js
IP
GET /sb/interstitial/rtb/default/3/js/jquery-3.2.1.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://za.gl
Connection: keep-alive
Referer: https://za.gl/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 08 Jan 2023 05:51:19 GMT
content-type: application/javascript
last-modified: Wed, 23 Jun 2021 13:33:25 GMT
etag: W/"60d33825-1fa27"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 72922
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bvxjJITqLQbUAAYVpXzJHeYX5kSucLMeiVpK8CAwKxSFAlfaAk5Bb9%2BKTektCRLXMcbQBUkzdHqtwCI8xd0eN%2FTdsV7Q2LQOmk7vXHD8Dda2CVxEw0IKdzCzvjT%2FRFWWMASVnlamw4aq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7862a920ccb77714-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/interstitial/rtb/default/3/js/script.js
200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/interstitial/rtb/default/3/js/script.js
IP
GET /sb/interstitial/rtb/default/3/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://za.gl
Connection: keep-alive
Referer: https://za.gl/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 08 Jan 2023 05:51:19 GMT
content-type: application/javascript
last-modified: Wed, 23 Jun 2021 13:33:24 GMT
etag: W/"60d33824-2ed"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 38569
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WmQap8xC00Ji6HXsJa3GMSd13zhGa2y0pgEZ%2FbudDxKQNLQvB4yjHHFLfoMLCWaoCNvs2jp9J14y0ok%2FxVt4ZHJrn4rT4coji1k3Kni70nnZhq%2FU3OVoGhR0P6hUZnOEXYbP7My34%2Bs2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7862a9211ce27714-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
104.26.5.66
104.16.57.101
23.109.87.212
88.214.206.175
142.132.194.196
23.36.77.32