| lp.duz.pw/lp/fl-1?_p_=eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJlbmMiOiJBMTI4R0NNIiwicDJjIjoyMDQ4LCJwMnMiOiI4TEpTRnRNX2dBX1pFeHZLeTY0WE93In0.f4TwSnkIb1OtAnaxUnBV1WpRZQqo991m.Evvzuxb_RZBPvl9a._fQNGl6qzi1NnyBQ-zii5YbMY7dSKJmigiTHREqYRh9YNZKeebeFfU4HVqhdTTySqXh_IPDlqTKvhbxXlOPsrOeDDSLAJQK4yoDvickY1kOXa5_CKPuqg6TjwIF-5pigUyJCyUJ5Xg3mvjSwam0_iF5_4e6wcW-PE7viifFUzo9yKL8XAis-RG2Pgbqc0TvqkxS9AXQj6PrUmgeI7ihtdyvto2p_JXmG0VXJWUn4SA2xWcOg5lHoNmwLZaYlH-Wdq11EFXtaPGeg-Qa71ax-5gG3uqBdvdc2DxFSNxMivoyWYVODsPt6uH8zGRThLjSH4Hgrxs7pFnZWjQPG1-mRqKrwzGJW-6_oIFvXFSEr4NxKHowNjL_PbBv2Rbc9rK9A8O8IlriBrvRloTRNuQnvpWhhQrnjzAc3B5PG8b6YiYaFEiLsIa6-PM-Tv0EePru7JbQmBcSIkxZlknlZsPIWzvhjhPA2m1UIiRqYEh-_b6qfmL1V7iF70Y5em96wQ9OslR-RZ24rZMT7.Atc2jtiH0jlyHWBzTmvVuQ | 172.67.188.43 | 301 Moved Permanently | 0 B |
URL HTTP/1.1lp.duz.pw/lp/fl-1?_p_=eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJlbmMiOiJBMTI4R0NNIiwicDJjIjoyMDQ4LCJwMnMiOiI4TEpTRnRNX2dBX1pFeHZLeTY0WE93In0.f4TwSnkIb1OtAnaxUnBV1WpRZQqo991m.Evvzuxb_RZBPvl9a._fQNGl6qzi1NnyBQ-zii5YbMY7dSKJmigiTHREqYRh9YNZKeebeFfU4HVqhdTTySqXh_IPDlqTKvhbxXlOPsrOeDDSLAJQK4yoDvickY1kOXa5_CKPuqg6TjwIF-5pigUyJCyUJ5Xg3mvjSwam0_iF5_4e6wcW-PE7viifFUzo9yKL8XAis-RG2Pgbqc0TvqkxS9AXQj6PrUmgeI7ihtdyvto2p_JXmG0VXJWUn4SA2xWcOg5lHoNmwLZaYlH-Wdq11EFXtaPGeg-Qa71ax-5gG3uqBdvdc2DxFSNxMivoyWYVODsPt6uH8zGRThLjSH4Hgrxs7pFnZWjQPG1-mRqKrwzGJW-6_oIFvXFSEr4NxKHowNjL_PbBv2Rbc9rK9A8O8IlriBrvRloTRNuQnvpWhhQrnjzAc3B5PG8b6YiYaFEiLsIa6-PM-Tv0EePru7JbQmBcSIkxZlknlZsPIWzvhjhPA2m1UIiRqYEh-_b6qfmL1V7iF70Y5em96wQ9OslR-RZ24rZMT7.Atc2jtiH0jlyHWBzTmvVuQ IP172.67.188.43:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
NIDS | Severity | Alert | suricata | low | ET INFO HTTP Request to a *.pw domain |
GET /lp/fl-1?_p_=eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJlbmMiOiJBMTI4R0NNIiwicDJjIjoyMDQ4LCJwMnMiOiI4TEpTRnRNX2dBX1pFeHZLeTY0WE93In0.f4TwSnkIb1OtAnaxUnBV1WpRZQqo991m.Evvzuxb_RZBPvl9a._fQNGl6qzi1NnyBQ-zii5YbMY7dSKJmigiTHREqYRh9YNZKeebeFfU4HVqhdTTySqXh_IPDlqTKvhbxXlOPsrOeDDSLAJQK4yoDvickY1kOXa5_CKPuqg6TjwIF-5pigUyJCyUJ5Xg3mvjSwam0_iF5_4e6wcW-PE7viifFUzo9yKL8XAis-RG2Pgbqc0TvqkxS9AXQj6PrUmgeI7ihtdyvto2p_JXmG0VXJWUn4SA2xWcOg5lHoNmwLZaYlH-Wdq11EFXtaPGeg-Qa71ax-5gG3uqBdvdc2DxFSNxMivoyWYVODsPt6uH8zGRThLjSH4Hgrxs7pFnZWjQPG1-mRqKrwzGJW-6_oIFvXFSEr4NxKHowNjL_PbBv2Rbc9rK9A8O8IlriBrvRloTRNuQnvpWhhQrnjzAc3B5PG8b6YiYaFEiLsIa6-PM-Tv0EePru7JbQmBcSIkxZlknlZsPIWzvhjhPA2m1UIiRqYEh-_b6qfmL1V7iF70Y5em96wQ9OslR-RZ24rZMT7.Atc2jtiH0jlyHWBzTmvVuQ HTTP/1.1
Host: lp.duz.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Mon, 27 Mar 2023 20:20:17 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Mon, 27 Mar 2023 21:20:17 GMT
Location: https://lp.duz.pw/lp/fl-1?_p_=eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJlbmMiOiJBMTI4R0NNIiwicDJjIjoyMDQ4LCJwMnMiOiI4TEpTRnRNX2dBX1pFeHZLeTY0WE93In0.f4TwSnkIb1OtAnaxUnBV1WpRZQqo991m.Evvzuxb_RZBPvl9a._fQNGl6qzi1NnyBQ-zii5YbMY7dSKJmigiTHREqYRh9YNZKeebeFfU4HVqhdTTySqXh_IPDlqTKvhbxXlOPsrOeDDSLAJQK4yoDvickY1kOXa5_CKPuqg6TjwIF-5pigUyJCyUJ5Xg3mvjSwam0_iF5_4e6wcW-PE7viifFUzo9yKL8XAis-RG2Pgbqc0TvqkxS9AXQj6PrUmgeI7ihtdyvto2p_JXmG0VXJWUn4SA2xWcOg5lHoNmwLZaYlH-Wdq11EFXtaPGeg-Qa71ax-5gG3uqBdvdc2DxFSNxMivoyWYVODsPt6uH8zGRThLjSH4Hgrxs7pFnZWjQPG1-mRqKrwzGJW-6_oIFvXFSEr4NxKHowNjL_PbBv2Rbc9rK9A8O8IlriBrvRloTRNuQnvpWhhQrnjzAc3B5PG8b6YiYaFEiLsIa6-PM-Tv0EePru7JbQmBcSIkxZlknlZsPIWzvhjhPA2m1UIiRqYEh-_b6qfmL1V7iF70Y5em96wQ9OslR-RZ24rZMT7.Atc2jtiH0jlyHWBzTmvVuQ
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gsAsn6SKNGr40FX5Fq82UKkXgoLWH38n0sc%2BMgKz2J6QygiGes6AHzlWmKjXJX7nZv46OYgK6Gvkt2Czeihgpq1iQVTpTtFI2U4C7SsiM9MXGXjXU4N11L2mIR0%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7aea55486f0c0b69-OSL
alt-svc: h2=":443"; ma=60
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash93f633ce30c038eb581544323c5a971e 2f60526cb750c6babccc207f75fb5a8ae6f7598b 0ff6df80a892199848fb943af78541b66efc09a7ab70d4b169906fdbac1eabf8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FF6DF80A892199848FB943AF78541B66EFC09A7AB70D4B169906FDBAC1EABF8"
Last-Modified: Mon, 27 Mar 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7336
Expires: Mon, 27 Mar 2023 22:22:33 GMT
Date: Mon, 27 Mar 2023 20:20:17 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash911d74784325663a0d95b463b0e9ae9b 21e999229be584d8e42696bce71236ad5bcb9a25 f48cbe4d605e660a45267400e0add4f7bc7cd523c450376ecd8e3a7f094abf56
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F48CBE4D605E660A45267400E0ADD4F7BC7CD523C450376ECD8E3A7F094ABF56"
Last-Modified: Mon, 27 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7381
Expires: Mon, 27 Mar 2023 22:23:18 GMT
Date: Mon, 27 Mar 2023 20:20:17 GMT
Connection: keep-alive
|
|
| firefox.settings.services.mozilla.com/v1/ | 35.241.9.150 | 200 OK | 939 B |
URL HTTP/2firefox.settings.services.mozilla.com/v1/ IP35.241.9.150:0
File typeJSON data\012- , ASCII text, with very long lines (939), with no line terminators Hash4ad6984a756720fbfff47b37a75513a2 355e35258114452af8b9638985ed9d8ef3bf0aca 43181fccb10652c68cae86e5e32b4e8f426fb5ad49d8125cb99e072cff573cf5
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Alert, Content-Type, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 27 Mar 2023 20:15:45 GMT
content-type: application/json
age: 272
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash5ad3eec59bebbf969f175627757507c1 b176af3a70db378c9e1f219bab24d9d446070d6f 704fa284035b4c9aa487331b516f5f11c324e204756ae2503bad2606ed34f25e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "704FA284035B4C9AA487331B516F5F11C324E204756AE2503BAD2606ED34F25E"
Last-Modified: Mon, 27 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14383
Expires: Tue, 28 Mar 2023 00:20:00 GMT
Date: Mon, 27 Mar 2023 20:20:17 GMT
Connection: keep-alive
|
|
| content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain | 34.160.144.191 | 200 OK | 5.3 kB |
URL HTTP/2content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain IP34.160.144.191:0
File typePEM certificate\012- , ASCII text Hashe7bace7c1e04d44012e37ddffe36e5d5 3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2 6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: jJVIhJAhYamgxLKyGySUA5AiKpk52qtpviCpuJwoUlBeeuG9oC/x0t9rNd/dVeV/mAAvX9VP4rQ=
x-amz-request-id: 8Z6MPMSHXX20QQC2
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 27 Mar 2023 20:01:46 GMT
age: 1111
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| contile.services.mozilla.com/v1/tiles | 34.117.237.239 | 200 OK | 12 B |
URL HTTP/2contile.services.mozilla.com/v1/tiles IP34.117.237.239:0
File typeJSON data\012- , ASCII text, with no line terminators Hash23e88fb7b99543fb33315b29b1fad9d6 a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 27 Mar 2023 20:20:17 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash982657f9588ccfa8323949d6aa6bdbef d5ddd03185b3ab8312e8a602820e2dff58628dcd da5ca99ab424d9cbb29fbe7b0190670a683b92858b7b380847bbf4dd56c67fff
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DA5CA99AB424D9CBB29FBE7B0190670A683B92858B7B380847BBF4DD56C67FFF"
Last-Modified: Mon, 27 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2515
Expires: Mon, 27 Mar 2023 21:02:13 GMT
Date: Mon, 27 Mar 2023 20:20:18 GMT
Connection: keep-alive
|
|
| o347841.ingest.sentry.io/api/6438082/envelope/?sentry_key=314d64bffa33413a911a2b97c37e7dcb&sentry_version=7&sentry_client=sentry.javascript.nextjs%2F7.26.0 | 34.120.195.249 | 200 OK | 2.0 kB |
URL HTTP/2o347841.ingest.sentry.io/api/6438082/envelope/?sentry_key=314d64bffa33413a911a2b97c37e7dcb&sentry_version=7&sentry_client=sentry.javascript.nextjs%2F7.26.0 IP34.120.195.249:0
Hash666024de4fb68b9accb1e6ccf4f857c5 7af7084bd2213a062bd37783decc3f689909c664 8cd15d59071d191e91c2da2ef1423c0a5ab2197178df9321b9a9d27556ad94ba
POST /api/6438082/envelope/?sentry_key=314d64bffa33413a911a2b97c37e7dcb&sentry_version=7&sentry_client=sentry.javascript.nextjs%2F7.26.0 HTTP/1.1
Host: o347841.ingest.sentry.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lp.duz.pw/
Content-Type: text/plain;charset=UTF-8
Origin: https://lp.duz.pw
Content-Length: 441
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 27 Mar 2023 20:20:18 GMT
content-type: application/json
content-length: 2
access-control-allow-origin: https://lp.duz.pw
access-control-expose-headers: retry-after, x-sentry-rate-limits, x-sentry-error
vary: Origin
x-envoy-upstream-service-time: 0
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash982657f9588ccfa8323949d6aa6bdbef d5ddd03185b3ab8312e8a602820e2dff58628dcd da5ca99ab424d9cbb29fbe7b0190670a683b92858b7b380847bbf4dd56c67fff
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DA5CA99AB424D9CBB29FBE7B0190670A683B92858B7B380847BBF4DD56C67FFF"
Last-Modified: Mon, 27 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2515
Expires: Mon, 27 Mar 2023 21:02:13 GMT
Date: Mon, 27 Mar 2023 20:20:18 GMT
Connection: keep-alive
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.131 | 200 OK | 472 B |
IP142.250.74.131:0
Hash7e2d8156baac12231cc9cbfdefedacf1 62384d8842fb5b560ac39636bb519953e22dc664 ee4dbd79fc1569ab6ae0ea7b90b4b7d8dbb846296cf7fc68b24be78b7b95993b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 27 Mar 2023 20:20:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| www.googletagmanager.com/gtm.js?id=GTM-PXCBFS2 | 142.250.74.40 | 200 OK | 42 kB |
URL HTTP/2www.googletagmanager.com/gtm.js?id=GTM-PXCBFS2 IP142.250.74.40:0
File typeASCII text, with very long lines (2206) Hash7a0246fd77694b40a590c5d99f585a4c 40a79cea1609323d259674f408751cb5ead34342 72d31f9d78406d1f6c4441528b36411b62159bfa14f2cb4ba847eb7081a0c471
GET /gtm.js?id=GTM-PXCBFS2 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lp.duz.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 27 Mar 2023 20:20:18 GMT
expires: Mon, 27 Mar 2023 20:20:18 GMT
cache-control: private, max-age=900
last-modified: Mon, 27 Mar 2023 19:54:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 41694
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| xlink.duz.pw/graphql | 104.21.81.45 | 204 No Content | 0 B |
IP104.21.81.45:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /graphql HTTP/1.1
Host: xlink.duz.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://lp.duz.pw/
Origin: https://lp.duz.pw
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 204 No Content
date: Mon, 27 Mar 2023 20:20:18 GMT
status: 204 No Content
access-control-allow-headers: content-type
access-control-allow-origin: *
access-control-allow-methods: GET,POST
vary: Access-Control-Request-Headers
x-powered-by: Phusion Passenger(R) 6.0.17
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CK4TxCAXTFea4%2Bz5C28%2FHoyD6oo3Qrjml7yhB8VAOJTd6JOjLfEie76JJdC8dGhvQMVKddtYT%2BuO6UvhRakZGTM6GsV6yOPIciIBNen5DR6sarquOI1X3yQstqfbYZY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7aea554d3850b505-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.131 | 200 OK | 472 B |
IP142.250.74.131:0
Hash7e2d8156baac12231cc9cbfdefedacf1 62384d8842fb5b560ac39636bb519953e22dc664 ee4dbd79fc1569ab6ae0ea7b90b4b7d8dbb846296cf7fc68b24be78b7b95993b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 27 Mar 2023 20:20:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US | 35.241.9.150 | 200 OK | 329 B |
URL HTTP/2firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US IP35.241.9.150:0
File typeJSON data\012- , ASCII text, with very long lines (329), with no line terminators Hash0333b0655111aa68de771adfcc4db243 63f295a144ac87a7c8e23417626724eeca68a7eb 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, ETag, Content-Type, Cache-Control, Pragma, Alert, Last-Modified, Retry-After, Backoff, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 27 Mar 2023 20:17:24 GMT
age: 174
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash76a0aba3ddb470751c690f5a725159f2 8cb789e8e0dfa336270700ef1e607173f2aee6cd e76de476654125a06994065d66e30c6fb6c354d0f67fd4e31a3f78679e2bfdcb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E76DE476654125A06994065D66E30C6FB6C354D0F67FD4E31A3F78679E2BFDCB"
Last-Modified: Mon, 27 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10615
Expires: Mon, 27 Mar 2023 23:17:13 GMT
Date: Mon, 27 Mar 2023 20:20:18 GMT
Connection: keep-alive
|
|
| push.services.mozilla.com/ | 54.188.40.0 | 101 Switching Protocols | 0 B |
URL HTTP/1.1push.services.mozilla.com/ IP54.188.40.0:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: bM1u3glNF8zkkBDNPH5OeQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 5siuxtoZ4ZezksoDh1ueMP/LPbA=
|
|
| region1.google-analytics.com/g/collect?v=2&tid=G-RJQ3BK2Q0C>m=45je33m0&_p=890140268&cid=1614223589.1679948437&ul=en-us&sr=1280x1024&_s=1&sid=1679948437&sct=1&seg=0&dl=https%3A%2F%2Flp.duz.pw%2Flp%2Ffl-1%3F_p_%3DeyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJlbmMiOiJBMTI4R0NNIiwicDJjIjoyMDQ4LCJwMnMiOiI4TEpTRnRNX2dBX1pFeHZLeTY0WE93In0.f4TwSnkIb1OtAnaxUnBV1WpRZQqo991m.Evvzuxb_RZBPvl9a._fQNGl6qzi1NnyBQ-zii5YbMY7dSKJmigiTHREqYRh9YNZKeebeFfU4HVqhdTTySqXh_IPDlqTKvhbxXlOPsrOeDDSLAJQK4yoDvickY1kOXa5_CKPuqg6TjwIF-5pigUyJCyUJ5Xg3mvjSwam0_iF5_4e6wcW-PE7viifFUzo9yKL8XAis-RG2Pgbqc0TvqkxS9AXQj6PrUmgeI7ihtdyvto2p_JXmG0VXJWUn4SA2xWcOg5lHoNmwLZaYlH-Wdq11EFXtaPGeg-Qa71ax-5gG3uqBdvdc2DxFSNxMivoyWYVODsPt6uH8zGRThLjSH4Hgrxs7pFnZWjQPG1-mRqKrwzGJW-6_oIFvXFSEr4NxKHowNjL_PbBv2Rbc9rK9A8O8IlriBrvRloTRNuQnvpWhhQrnjzAc3B5PG8b6YiYaFEiLsIa6-PM-Tv0EePru7JbQmBcSIkxZlknlZsPIWzvhjhPA2m1UIiRqYEh-_b6qfmL1V7iF70Y5em96wQ9OslR-RZ24rZMT7.Atc2jtiH0jlyHWBzTmvVuQ&dt=Shopper%20Rewards&en=page_view&_fv=1&_nsi=1&_ss=1 | 216.239.32.36 | 204 No Content | 0 B |
URL HTTP/2region1.google-analytics.com/g/collect?v=2&tid=G-RJQ3BK2Q0C>m=45je33m0&_p=890140268&cid=1614223589.1679948437&ul=en-us&sr=1280x1024&_s=1&sid=1679948437&sct=1&seg=0&dl=https%3A%2F%2Flp.duz.pw%2Flp%2Ffl-1%3F_p_%3DeyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJlbmMiOiJBMTI4R0NNIiwicDJjIjoyMDQ4LCJwMnMiOiI4TEpTRnRNX2dBX1pFeHZLeTY0WE93In0.f4TwSnkIb1OtAnaxUnBV1WpRZQqo991m.Evvzuxb_RZBPvl9a._fQNGl6qzi1NnyBQ-zii5YbMY7dSKJmigiTHREqYRh9YNZKeebeFfU4HVqhdTTySqXh_IPDlqTKvhbxXlOPsrOeDDSLAJQK4yoDvickY1kOXa5_CKPuqg6TjwIF-5pigUyJCyUJ5Xg3mvjSwam0_iF5_4e6wcW-PE7viifFUzo9yKL8XAis-RG2Pgbqc0TvqkxS9AXQj6PrUmgeI7ihtdyvto2p_JXmG0VXJWUn4SA2xWcOg5lHoNmwLZaYlH-Wdq11EFXtaPGeg-Qa71ax-5gG3uqBdvdc2DxFSNxMivoyWYVODsPt6uH8zGRThLjSH4Hgrxs7pFnZWjQPG1-mRqKrwzGJW-6_oIFvXFSEr4NxKHowNjL_PbBv2Rbc9rK9A8O8IlriBrvRloTRNuQnvpWhhQrnjzAc3B5PG8b6YiYaFEiLsIa6-PM-Tv0EePru7JbQmBcSIkxZlknlZsPIWzvhjhPA2m1UIiRqYEh-_b6qfmL1V7iF70Y5em96wQ9OslR-RZ24rZMT7.Atc2jtiH0jlyHWBzTmvVuQ&dt=Shopper%20Rewards&en=page_view&_fv=1&_nsi=1&_ss=1 IP216.239.32.36:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-RJQ3BK2Q0C>m=45je33m0&_p=890140268&cid=1614223589.1679948437&ul=en-us&sr=1280x1024&_s=1&sid=1679948437&sct=1&seg=0&dl=https%3A%2F%2Flp.duz.pw%2Flp%2Ffl-1%3F_p_%3DeyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJlbmMiOiJBMTI4R0NNIiwicDJjIjoyMDQ4LCJwMnMiOiI4TEpTRnRNX2dBX1pFeHZLeTY0WE93In0.f4TwSnkIb1OtAnaxUnBV1WpRZQqo991m.Evvzuxb_RZBPvl9a._fQNGl6qzi1NnyBQ-zii5YbMY7dSKJmigiTHREqYRh9YNZKeebeFfU4HVqhdTTySqXh_IPDlqTKvhbxXlOPsrOeDDSLAJQK4yoDvickY1kOXa5_CKPuqg6TjwIF-5pigUyJCyUJ5Xg3mvjSwam0_iF5_4e6wcW-PE7viifFUzo9yKL8XAis-RG2Pgbqc0TvqkxS9AXQj6PrUmgeI7ihtdyvto2p_JXmG0VXJWUn4SA2xWcOg5lHoNmwLZaYlH-Wdq11EFXtaPGeg-Qa71ax-5gG3uqBdvdc2DxFSNxMivoyWYVODsPt6uH8zGRThLjSH4Hgrxs7pFnZWjQPG1-mRqKrwzGJW-6_oIFvXFSEr4NxKHowNjL_PbBv2Rbc9rK9A8O8IlriBrvRloTRNuQnvpWhhQrnjzAc3B5PG8b6YiYaFEiLsIa6-PM-Tv0EePru7JbQmBcSIkxZlknlZsPIWzvhjhPA2m1UIiRqYEh-_b6qfmL1V7iF70Y5em96wQ9OslR-RZ24rZMT7.Atc2jtiH0jlyHWBzTmvVuQ&dt=Shopper%20Rewards&en=page_view&_fv=1&_nsi=1&_ss=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lp.duz.pw
Connection: keep-alive
Referer: https://lp.duz.pw/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://lp.duz.pw
date: Mon, 27 Mar 2023 20:20:19 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hashbe1cd1cf8e462ca6f6acb2f132e614d5 037f3bc7ab850fa2c69f2584bb24340b25bb6f3c e212abd38fd1ccc428a4c480913938f8ea6e9da873ebe73df55cdbee7fff2efa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E212ABD38FD1CCC428A4C480913938F8EA6E9DA873EBE73DF55CDBEE7FFF2EFA"
Last-Modified: Sun, 26 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6702
Expires: Mon, 27 Mar 2023 22:12:01 GMT
Date: Mon, 27 Mar 2023 20:20:19 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hashbe1cd1cf8e462ca6f6acb2f132e614d5 037f3bc7ab850fa2c69f2584bb24340b25bb6f3c e212abd38fd1ccc428a4c480913938f8ea6e9da873ebe73df55cdbee7fff2efa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E212ABD38FD1CCC428A4C480913938F8EA6E9DA873EBE73DF55CDBEE7FFF2EFA"
Last-Modified: Sun, 26 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6702
Expires: Mon, 27 Mar 2023 22:12:01 GMT
Date: Mon, 27 Mar 2023 20:20:19 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hashbe1cd1cf8e462ca6f6acb2f132e614d5 037f3bc7ab850fa2c69f2584bb24340b25bb6f3c e212abd38fd1ccc428a4c480913938f8ea6e9da873ebe73df55cdbee7fff2efa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E212ABD38FD1CCC428A4C480913938F8EA6E9DA873EBE73DF55CDBEE7FFF2EFA"
Last-Modified: Sun, 26 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6702
Expires: Mon, 27 Mar 2023 22:12:01 GMT
Date: Mon, 27 Mar 2023 20:20:19 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hashbe1cd1cf8e462ca6f6acb2f132e614d5 037f3bc7ab850fa2c69f2584bb24340b25bb6f3c e212abd38fd1ccc428a4c480913938f8ea6e9da873ebe73df55cdbee7fff2efa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E212ABD38FD1CCC428A4C480913938F8EA6E9DA873EBE73DF55CDBEE7FFF2EFA"
Last-Modified: Sun, 26 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6702
Expires: Mon, 27 Mar 2023 22:12:01 GMT
Date: Mon, 27 Mar 2023 20:20:19 GMT
Connection: keep-alive
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3fb4d16c-eef2-49cc-ac24-b125a7d6d9e0.jpeg | 34.120.237.76 | 200 OK | 3.6 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3fb4d16c-eef2-49cc-ac24-b125a7d6d9e0.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash1ec08d4bd079a92161fc80f41281b5a9 bf61369962342cce85de8f48942b4b150fd2721e 8a8ed12c31d89d71c3cb88f0813ded83939529206461e917dcb0b8bc11abdda4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3fb4d16c-eef2-49cc-ac24-b125a7d6d9e0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3589
x-amzn-requestid: 9c09af43-79e8-4734-b28b-4194e0bb1e4e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CW1uyE2joAMF50g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641f6991-7607d33f6301182b591c56e8;Sampled=0
x-amzn-remapped-date: Sat, 25 Mar 2023 21:37:21 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: pjRA439kqSg5daR_Zuvsf2l45R4oqv3AMWNiMCGQ_C5o2KA8kEd3TQ==
via: 1.1 46673955829b59a6da0ab071e0b7fbea.cloudfront.net (CloudFront), 1.1 27a84054de24e45f952ea4056a821764.cloudfront.net (CloudFront), 1.1 google
date: Sun, 26 Mar 2023 21:37:24 GMT
age: 81775
etag: "bf61369962342cce85de8f48942b4b150fd2721e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4429ed9b-a655-45dc-a59b-78db53c9c2f6.jpeg | 34.120.237.76 | 200 OK | 12 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4429ed9b-a655-45dc-a59b-78db53c9c2f6.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hashe999a9d79efe60a30b2942c5f2940294 c3891c43b16521f66eb3a52d83694de2ddd39871 290ed1232883a4ec63ef42c30f40b819983c5544e35261d2d1e0d1e55d0c8b07
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4429ed9b-a655-45dc-a59b-78db53c9c2f6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12017
x-amzn-requestid: 4f61a0c7-4b18-4289-b47c-eeeff93d873f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Ca6yQGNtoAMFsxw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64210b41-350e4e2425d9606e478872b5;Sampled=0
x-amzn-remapped-date: Mon, 27 Mar 2023 03:19:29 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: TCzHm5qTtnAUDSmayc-LLFmDfV7o6PaaYYfVtN_w7cC3o66HCa3DEg==
via: 1.1 b3cdce1c2fc39b89f45c98c417351f26.cloudfront.net (CloudFront), 1.1 0a2ce08fa1ec3c33302a7547d3305978.cloudfront.net (CloudFront), 1.1 google
date: Mon, 27 Mar 2023 03:34:08 GMT
age: 60371
etag: "c3891c43b16521f66eb3a52d83694de2ddd39871"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fccb0254d-5c75-4e14-a0c6-04283194ce5b.jpeg | 34.120.237.76 | 200 OK | 11 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fccb0254d-5c75-4e14-a0c6-04283194ce5b.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash668a8a17a1bb77ea7db7fa23c9df9690 242108539ff8694a3c557d07b2b000e764a77f24 100952573dc9eeba889a77f4d148b646accb99f277035f0607b1c6918f93a358
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fccb0254d-5c75-4e14-a0c6-04283194ce5b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10591
x-amzn-requestid: 8359ddc1-a6c6-4caf-9de3-f2eb4dcb0c78
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CaIO-F0QIAMF5_A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6420ba5f-72ee066911fdddb62c4a201d;Sampled=0
x-amzn-remapped-date: Sun, 26 Mar 2023 21:34:23 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: hfm1xuKZ-Olu263DvYfbYlEnANaiIL9e7jEDUqDAf3ihT5N2HAdyIA==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 60b744e5b364d04abea9fa6686121242.cloudfront.net (CloudFront), 1.1 google
date: Sun, 26 Mar 2023 21:49:30 GMT
age: 81049
etag: "242108539ff8694a3c557d07b2b000e764a77f24"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d7ce900-ce9b-481b-9205-9748eeded2e8.jpeg | 34.120.237.76 | 200 OK | 10 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d7ce900-ce9b-481b-9205-9748eeded2e8.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash22905e8a7c8b1741dd51842c114a6517 c5900fe2396e0ca371c4847af4e96149850c3577 1525f9f39c09370fcb1f58f079f2d741a4c6d13fba26e6dd5b79466153d7685e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d7ce900-ce9b-481b-9205-9748eeded2e8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10405
x-amzn-requestid: 0b8dad7a-2ec1-4eed-9a2c-06079ed46662
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CRi69E9xoAMFiJg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641d4b79-2f606ac041c5db24583c8d51;Sampled=0
x-amzn-remapped-date: Fri, 24 Mar 2023 07:04:25 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: qbbEi0tXZLKo6qjrbJMtTHdhWziYrLrgzY1hzt_LrQJoeDDBbJnZBA==
via: 1.1 4b800f7fa2c3fbb9f4f3c505b0df315e.cloudfront.net (CloudFront), 1.1 b48dedcc55e63f14261aa92cf2d61522.cloudfront.net (CloudFront), 1.1 google
date: Mon, 27 Mar 2023 05:54:17 GMT
age: 51962
etag: "c5900fe2396e0ca371c4847af4e96149850c3577"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F217b24c4-6cf4-4be4-bdbf-764890bd9672.jpeg | 34.120.237.76 | 200 OK | 4.8 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F217b24c4-6cf4-4be4-bdbf-764890bd9672.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash8cc79a830964d923d24a45f5ccc9939b 557cc4827414912c41319ad961c14cce71ed4a18 b3b1c73b34057cb6e41920f3d55213ad8c193076525767c051960ec26d17ca3c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F217b24c4-6cf4-4be4-bdbf-764890bd9672.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4775
x-amzn-requestid: 28d0e56d-ed03-4686-bd49-34f193f1c65a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CK96KF9coAMFvMA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641aa9da-122cd32a6f23e8442a52464c;Sampled=0
x-amzn-remapped-date: Wed, 22 Mar 2023 07:10:18 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: psNReeBG7nAuKQXIMl1zwCVmvtZ-xwn6Fx8oAIX4wi4GCNUWNWOGMA==
via: 1.1 4e4278a2778e72cc34feef6db603088c.cloudfront.net (CloudFront), 1.1 34f8ef0e4c880df0650a814412a26ea6.cloudfront.net (CloudFront), 1.1 google
date: Sun, 26 Mar 2023 22:12:36 GMT
age: 79663
etag: "557cc4827414912c41319ad961c14cce71ed4a18"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F00ac1765-db6c-42e3-99bf-d857d27a34b9.jpeg | 34.120.237.76 | 200 OK | 5.6 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F00ac1765-db6c-42e3-99bf-d857d27a34b9.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hashc831201ad81f55c63c1b101ce854a810 0e9b952f6489f0a5f4862d3bea2fbe0ecdd379e5 c854489720d2ca4a95eef00addda0fcdaf481402d044df7725282654a97eb54a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F00ac1765-db6c-42e3-99bf-d857d27a34b9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5556
x-amzn-requestid: 6b050645-14aa-47f7-b4a5-2e27abbe5115
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CM69eHE3IAMF0Yw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641b71ef-6ab2948e2bf2578f29798372;Sampled=0
x-amzn-remapped-date: Wed, 22 Mar 2023 21:23:59 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: CgU9j02Bnw0UdIwQ3sRCDvJoPitHIAUTRDhLH_PMXYlAPoAwSbv6Iw==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 4d8620b80ebe37d366388e117039aa8e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 27 Mar 2023 05:36:52 GMT
age: 53007
etag: "0e9b952f6489f0a5f4862d3bea2fbe0ecdd379e5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| lp.duz.pw/lp/fl-1?_p_=eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJlbmMiOiJBMTI4R0NNIiwicDJjIjoyMDQ4LCJwMnMiOiI4TEpTRnRNX2dBX1pFeHZLeTY0WE93In0.f4TwSnkIb1OtAnaxUnBV1WpRZQqo991m.Evvzuxb_RZBPvl9a._fQNGl6qzi1NnyBQ-zii5YbMY7dSKJmigiTHREqYRh9YNZKeebeFfU4HVqhdTTySqXh_IPDlqTKvhbxXlOPsrOeDDSLAJQK4yoDvickY1kOXa5_CKPuqg6TjwIF-5pigUyJCyUJ5Xg3mvjSwam0_iF5_4e6wcW-PE7viifFUzo9yKL8XAis-RG2Pgbqc0TvqkxS9AXQj6PrUmgeI7ihtdyvto2p_JXmG0VXJWUn4SA2xWcOg5lHoNmwLZaYlH-Wdq11EFXtaPGeg-Qa71ax-5gG3uqBdvdc2DxFSNxMivoyWYVODsPt6uH8zGRThLjSH4Hgrxs7pFnZWjQPG1-mRqKrwzGJW-6_oIFvXFSEr4NxKHowNjL_PbBv2Rbc9rK9A8O8IlriBrvRloTRNuQnvpWhhQrnjzAc3B5PG8b6YiYaFEiLsIa6-PM-Tv0EePru7JbQmBcSIkxZlknlZsPIWzvhjhPA2m1UIiRqYEh-_b6qfmL1V7iF70Y5em96wQ9OslR-RZ24rZMT7.Atc2jtiH0jlyHWBzTmvVuQ | 172.67.188.43 | 200 OK | 0 B |
URL HTTP/2lp.duz.pw/lp/fl-1?_p_=eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJlbmMiOiJBMTI4R0NNIiwicDJjIjoyMDQ4LCJwMnMiOiI4TEpTRnRNX2dBX1pFeHZLeTY0WE93In0.f4TwSnkIb1OtAnaxUnBV1WpRZQqo991m.Evvzuxb_RZBPvl9a._fQNGl6qzi1NnyBQ-zii5YbMY7dSKJmigiTHREqYRh9YNZKeebeFfU4HVqhdTTySqXh_IPDlqTKvhbxXlOPsrOeDDSLAJQK4yoDvickY1kOXa5_CKPuqg6TjwIF-5pigUyJCyUJ5Xg3mvjSwam0_iF5_4e6wcW-PE7viifFUzo9yKL8XAis-RG2Pgbqc0TvqkxS9AXQj6PrUmgeI7ihtdyvto2p_JXmG0VXJWUn4SA2xWcOg5lHoNmwLZaYlH-Wdq11EFXtaPGeg-Qa71ax-5gG3uqBdvdc2DxFSNxMivoyWYVODsPt6uH8zGRThLjSH4Hgrxs7pFnZWjQPG1-mRqKrwzGJW-6_oIFvXFSEr4NxKHowNjL_PbBv2Rbc9rK9A8O8IlriBrvRloTRNuQnvpWhhQrnjzAc3B5PG8b6YiYaFEiLsIa6-PM-Tv0EePru7JbQmBcSIkxZlknlZsPIWzvhjhPA2m1UIiRqYEh-_b6qfmL1V7iF70Y5em96wQ9OslR-RZ24rZMT7.Atc2jtiH0jlyHWBzTmvVuQ IP172.67.188.43:0
NIDS | Severity | Alert | suricata | low | ET INFO HTTP Request to a *.pw domain |
GET /lp/fl-1?_p_=eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJlbmMiOiJBMTI4R0NNIiwicDJjIjoyMDQ4LCJwMnMiOiI4TEpTRnRNX2dBX1pFeHZLeTY0WE93In0.f4TwSnkIb1OtAnaxUnBV1WpRZQqo991m.Evvzuxb_RZBPvl9a._fQNGl6qzi1NnyBQ-zii5YbMY7dSKJmigiTHREqYRh9YNZKeebeFfU4HVqhdTTySqXh_IPDlqTKvhbxXlOPsrOeDDSLAJQK4yoDvickY1kOXa5_CKPuqg6TjwIF-5pigUyJCyUJ5Xg3mvjSwam0_iF5_4e6wcW-PE7viifFUzo9yKL8XAis-RG2Pgbqc0TvqkxS9AXQj6PrUmgeI7ihtdyvto2p_JXmG0VXJWUn4SA2xWcOg5lHoNmwLZaYlH-Wdq11EFXtaPGeg-Qa71ax-5gG3uqBdvdc2DxFSNxMivoyWYVODsPt6uH8zGRThLjSH4Hgrxs7pFnZWjQPG1-mRqKrwzGJW-6_oIFvXFSEr4NxKHowNjL_PbBv2Rbc9rK9A8O8IlriBrvRloTRNuQnvpWhhQrnjzAc3B5PG8b6YiYaFEiLsIa6-PM-Tv0EePru7JbQmBcSIkxZlknlZsPIWzvhjhPA2m1UIiRqYEh-_b6qfmL1V7iF70Y5em96wQ9OslR-RZ24rZMT7.Atc2jtiH0jlyHWBzTmvVuQ HTTP/1.1
Host: lp.duz.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Mon, 27 Mar 2023 20:20:17 GMT
content-type: text/html; charset=utf-8
status: 200 OK
x-powered-by: Next.js, Phusion Passenger(R) 6.0.17
cache-control: private, no-cache, no-store, max-age=0, must-revalidate
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HdYyeNMiLCIIgg3baek2V4quqkR2CGd1W4B7duXFxPnCwus%2FX08B8rB6tzdBcAsu8z%2FEfdD5OS%2F%2B8AsPMQSfDsq1C%2BCD5urGNSnluBcv9KF6r4dwYuKQcmaGVHg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7aea5549c9e10b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| xlink.duz.pw/graphql | 104.21.81.45 | 200 OK | 0 B |
IP104.21.81.45:0
POST /graphql HTTP/1.1
Host: xlink.duz.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lp.duz.pw/
content-type: application/json
Origin: https://lp.duz.pw
Content-Length: 219
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Mon, 27 Mar 2023 20:20:18 GMT
content-type: application/json
status: 200 OK
access-control-allow-origin: *
vary: Accept-Encoding
x-powered-by: Phusion Passenger(R) 6.0.17
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LuC7%2Br%2BUNbawah7UzZdFUmqpbZV0dPd2AvGXkY8yl7AaR8OTsn00AgfOXJ5aP7W66UfZ7FgAPf6MSB1JpG6ToRvbLuv56Y41cRO6ta3HFkma9%2FOwFQmy%2FVgcpa6qfC0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7aea554d88e1b505-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|