za.gl/GgHy2
301 Moved Permanently 0 B IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /GgHy2 HTTP/1.1
Host: za.gl
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sun, 27 Nov 2022 07:07:28 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sun, 27 Nov 2022 08:07:28 GMT
Location: https://za.gl/GgHy2
Server-Timing: cf-q-config;dur=4.000001354143e-06
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HOGntDSHGpdIQI3krlKsubThjW%2BIDkGsILiuA8E1K59mxziRU%2Fx4%2FWO0MMDxFMZMEYmW5LSdrg3CWQMB1Q9jCU%2Bya95Ud1JGzpkkc80sH1%2FVJ4yasAlw"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 770906ebf915b4f3-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash cdbad2434b7d127a4fc769807a9dc3e7
fa98cd9fc2309ab4423f33f683d17bdb17d76713
560cbbb751ab2884024da3b93fba6bc45c6434797dba72a98c05e7fc2bb94bc1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "560CBBB751AB2884024DA3B93FBA6BC45C6434797DBA72A98C05E7FC2BB94BC1"
Last-Modified: Sat, 26 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6997
Expires: Sun, 27 Nov 2022 09:04:05 GMT
Date: Sun, 27 Nov 2022 07:07:28 GMT
Connection: keep-alive
ocsp.digicert.com/
200 OK 471 B IP
Hash 15b59d5e62caedb4bec3ba6724906c1e
960f801e608a56fdd11449f4face29f62cad2b21
8c72a45737c2eeddf328b0ed3236f3243551d904e94ec9dd7254972ebfb9229e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2501
Cache-Control: max-age=101120
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 07:07:28 GMT
Etag: "6381eaec-1d7"
Expires: Mon, 28 Nov 2022 11:12:48 GMT
Last-Modified: Sat, 26 Nov 2022 10:31:08 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 71f9c681a82440fd55e76c780a20e55d
3147768cfbcdd06e0c6e69684292e68e99917a80
5ea71ce6dd9e927f9bb3f97f59cc1ac7dc25a949024815965b29bc5835614786
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5EA71CE6DD9E927F9BB3F97F59CC1AC7DC25A949024815965B29BC5835614786"
Last-Modified: Sat, 26 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13922
Expires: Sun, 27 Nov 2022 10:59:30 GMT
Date: Sun, 27 Nov 2022 07:07:28 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 567df7db606cf5d0871aa5bc9311b6da
4263faac7cbab2fcaf6661911dcad5091c06be17
e9650e1fdc46fc8678708ddcc37ab369c7a6d50489a004be896f20c7a3a644b0
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 27 Nov 2022 06:19:21 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2887
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: CcwUjnyr/KqUQZl9ynIXtbBPuVDrN1kZvib3YTnoT4EZfwb/ZbTZl7ol27omjVSEKkbacUIRIDc=
x-amz-request-id: 77ZCNNCJA0VYYBRJ
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 27 Nov 2022 06:44:32 GMT
age: 1376
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 278 B IP
Hash 749d2ba574a4577b875a690517f0af02
6b9a21c2a93e2fa4bbde7a0ebd84b23879e9a7ab
698bc3ae709879b9822509bc08147b3d084ea70c2d98bf0197bf9dea5369617a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5429
Cache-Control: max-age=131043
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 07:07:28 GMT
Etag: "6382545e-116"
Expires: Mon, 28 Nov 2022 19:31:31 GMT
Last-Modified: Sat, 26 Nov 2022 18:01:02 GMT
Server: ECS (amb/6B9C)
X-Cache: HIT
Content-Length: 278
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 07:07:28 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 278 B IP
Hash 749d2ba574a4577b875a690517f0af02
6b9a21c2a93e2fa4bbde7a0ebd84b23879e9a7ab
698bc3ae709879b9822509bc08147b3d084ea70c2d98bf0197bf9dea5369617a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5429
Cache-Control: max-age=131043
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 07:07:28 GMT
Etag: "6382545e-116"
Expires: Mon, 28 Nov 2022 19:31:31 GMT
Last-Modified: Sat, 26 Nov 2022 18:01:02 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 278
ocsp.digicert.com/
200 OK 554 B IP
Hash 1aba2b03cf3dc1ed24ed0b2e573a33ab
a70d67fbc88afe88609bc53cbabf10eb8c4ff358
a474907eb7a13b8df5c0ada7267afafcfec172081f0889c7ddeeaf675d15a308
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1173
Cache-Control: max-age=135432
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 07:07:28 GMT
Etag: "63827623-118"
Expires: Mon, 28 Nov 2022 20:44:40 GMT
Last-Modified: Sat, 26 Nov 2022 20:25:07 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 280
polyfill.io/v3/polyfill.js?features=Intl%2Cfetch
200 OK 142 B URL HTTP/2 polyfill.io/v3/polyfill.js?features=Intl%2Cfetch
IP
Hash 0029422a03c75d739c3591816bdefde0
bf4af2e7c626fa715e179d4a726c6afb30e29e90
290c315adf54b46aa291ed06a69cd4d9111c08a83b265fbd57897cef29f003f0
GET /v3/polyfill.js?features=Intl%2Cfetch HTTP/1.1
Host: polyfill.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://za.gl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-allow-methods: GET,HEAD,OPTIONS
cache-control: public, s-maxage=31536000, max-age=604800, stale-while-revalidate=604800, stale-if-error=604800
content-type: text/javascript; charset=utf-8
last-modified: Sat, 19 Nov 2022 11:32:20 GMT
content-encoding: br
age: 0
accept-ranges: bytes
useragent_normaliser: firefox/105.0.0
date: Sun, 27 Nov 2022 07:07:28 GMT
vary: User-Agent, Accept-Encoding
server-timing: cache-bma1620, PASS, fastly;desc="Edge time";dur=12
content-length: 142
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 1.7 kB IP
Hash 98694c737d209a9f2de4b7b6fd5b1137
ee9a00d7a57af10ff4f8f0140f3b4ff0974231ac
6927cabbc3a40ffc84041cdf2958f989030ec2f90769c8893aad6fda413d6883
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 812
Cache-Control: max-age=172123
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 07:07:28 GMT
Etag: "638306df-117"
Expires: Tue, 29 Nov 2022 06:56:11 GMT
Last-Modified: Sun, 27 Nov 2022 06:42:39 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 279
cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.2/rollups/aes.js
200 OK 4.3 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.2/rollups/aes.js
IP
File type ASCII text, with very long lines (548)
Hash 4dc1890d39b14772f9579894d823296e
ae5c8609bcf332695e4669f817c91a20a81e3208
e8280ea3c6c000fb1d319cc116e7ebe934818e2091fcf87dd6cc450b62d00b48
GET /ajax/libs/crypto-js/3.1.2/rollups/aes.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://za.gl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 07:07:28 GMT
content-type: application/javascript; charset=utf-8
content-length: 4256
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e2d-3430"
last-modified: Mon, 04 May 2020 16:09:17 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 381530
expires: Fri, 17 Nov 2023 07:07:28 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b2vKw3%2F9SZBTcDUejTznvnkm2%2F2N%2F2D6qudeQuyVWXRqPv9aKmddVTlqQp5nJDNDBPrZ5gy4kYHRqoPPUELUfmT%2F0YxOcFSRl%2FSxXycHDmJ0FC3q0bDJ85oyULbxS%2BgQPmFf2ati"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 770906f0abbc0b39-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.6.0/slick.js
200 OK 12 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.6.0/slick.js
IP
Hash fab824518fd82853ed2698f39d8ec43e
df19bf45131085a88eb2cd4c07e2bda44cef0e98
d55908906f498a577e0f9cc6ffeac157765acb67643c23d22c0d51b352e208c4
GET /ajax/libs/slick-carousel/1.6.0/slick.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://za.gl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 07:07:28 GMT
content-type: application/javascript; charset=utf-8
content-length: 12032
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03fd5-14929"
last-modified: Mon, 04 May 2020 16:16:21 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 5153964
expires: Fri, 17 Nov 2023 07:07:28 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FB2ogBqCa5o1As9jhieq%2FHWlN7gplmXHFTVlDKxxWe80Ecwo%2BNOuTIHlsDh7JAhcRIsWpzaKy8yocBBZa1BrJ70lVzuS3f%2F9Gyol8387ZyIso10i2JyS2CN%2BMsgGG%2FhnotkB71Ri"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 770906f0abc10b39-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 2.8 kB IP
Hash dea76c5e6389c121c12a03d1ae0d66fd
17844760469ff32c0b10fb4d8cb4447a20fbfb1f
2df70428a25d16bcb4d86cb1e58b32a79d6004441307e1db2ba415ef6293ce50
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 07:07:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
200 OK 280 B IP
Hash ebed87c2caeb00f3daca76b91f1d5856
0b524def376f7bf90143e8c002fbbdc776d4b457
9d50a898f0edaf6c38ef9827dcfc72de00b8afd71fde693644c3e7424f6efaa4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1173
Cache-Control: max-age=135432
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 07:07:28 GMT
Etag: "63827623-118"
Expires: Mon, 28 Nov 2022 20:44:40 GMT
Last-Modified: Sat, 26 Nov 2022 20:25:07 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 280
ocsp.pki.goog/gts1c3
200 OK 535 B IP
Hash e516c593594fea7bcd1cc7d57a69a70e
80d4b128bb54ee01b3c3640afc7460c4a6d128f5
ddf2ae78b02e0f1a45cb07b5646244456b4eee6ccec5a77bf9e690fb29ebab6d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 07:07:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 0ee1d1a60ec1770ec3e880a25c257f5d
015b05feff63bdcf8fae4d1a8c0c83c923a2ca67
b6845619444a37f322c044933a44cf3fd283a18a54d03bad4f76a2ed8c2cbaf6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 07:07:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 1.4 kB IP
Hash 86d1519e96cea93967451dcc39769e48
580812c2aa7c38a297227eace54155648569104b
77edd75ebf94f68eb5ac7ac4cdaa4a23634e51e8a1a2b5c83b0cc842896f395c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 07:07:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js
200 OK 30 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js
IP
File type ASCII text, with very long lines (32058)
Hash fc3fc31e5e7c0933dc18e562c1c071bf
a44c31323f6bd29e583cc585036e6eb39f7014a6
ddad766fb94b23efeb5574cdedc5e8446d496fb91bd0b08cd80be212e001055d
GET /ajax/libs/jquery/3.2.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://za.gl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30306
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 18:54:48 GMT
expires: Thu, 23 Nov 2023 18:54:48 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 303160
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/recaptcha/api.js?onload=onloadRecaptchaCallback&render=explicit
200 OK 580 B URL HTTP/2 www.google.com/recaptcha/api.js?onload=onloadRecaptchaCallback&render=explicit
IP
File type ASCII text, with very long lines (918), with no line terminators
Hash dbf518f97165d213611f9e6f762bf876
a8529116d76204a0420a8c244723466310787f79
bc0692ecebd5884ea21d4bd3cd0ef1aa05f8a8439ea5f8ea7ebfe8110b603082
GET /recaptcha/api.js?onload=onloadRecaptchaCallback&render=explicit HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://za.gl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Sun, 27 Nov 2022 07:07:28 GMT
date: Sun, 27 Nov 2022 07:07:28 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 580
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 5af61422c4eaa1b995ec63e463abda26
db75634681ed688840773ce828c169ac9da7d131
506791493bb08d458008ad072ac34a26c2170c1e775b83f55f20cd8af97aa895
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 07:07:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=UA-120643151-1
200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-120643151-1
IP
File type ASCII text, with very long lines (1921)
Hash ca7be4a37b4ae049a5fe4d362e8c9d74
0effbc94a79c500d73870ed41739285b5cab23f0
315b9e6ff54d5d2902d2177c4c9776bcdb4f8ae9a26a0c75005f37f15610eb07
GET /gtag/js?id=UA-120643151-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://za.gl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 27 Nov 2022 07:07:28 GMT
expires: Sun, 27 Nov 2022 07:07:28 GMT
cache-control: private, max-age=900
last-modified: Sun, 27 Nov 2022 06:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43593
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=G-6QVVMFTPT3
200 OK 76 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=G-6QVVMFTPT3
IP
File type ASCII text, with very long lines (19102)
Hash b9decfbfb1cfe51c63dbf026bf2ec785
deb4002d91875fba12e4fc5fb4b348d0ae2e5ef5
2c6d58f12c5a504aa29d59cef7cd2837123ab4f330814a3385bcd994b5583068
GET /gtag/js?id=G-6QVVMFTPT3 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://za.gl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 27 Nov 2022 07:07:28 GMT
expires: Sun, 27 Nov 2022 07:07:28 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 75943
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 5af61422c4eaa1b995ec63e463abda26
db75634681ed688840773ce828c169ac9da7d131
506791493bb08d458008ad072ac34a26c2170c1e775b83f55f20cd8af97aa895
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 07:07:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash bed8f63f2e8f22dad9b4136d9cce331c
1350d313f70ac041f587467a35c8ceb794d830eb
dfa43e8f86dd3ff722ba6326ff53918a2c85607f679f21feed2d3607ce89c08b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DFA43E8F86DD3FF722BA6326FF53918A2C85607F679F21FEED2D3607CE89C08B"
Last-Modified: Sat, 26 Nov 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9251
Expires: Sun, 27 Nov 2022 09:41:39 GMT
Date: Sun, 27 Nov 2022 07:07:28 GMT
Connection: keep-alive
fonts.googleapis.com/css2?family=DM+Sans:wght@400;700&display=swap
200 OK 714 B URL HTTP/2 fonts.googleapis.com/css2?family=DM+Sans:wght@400;700&display=swap
IP
Hash 14de825e333513c1c6d507d5dcf231f1
3efcc6e0fe4500d9336ed36528bf1906e30fd23a
03a8479127ce4862e7210c14bdafed87869f050b1ba50046eeb67cea5df371fb
GET /css2?family=DM+Sans:wght@400;700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://za.gl/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 27 Nov 2022 07:07:28 GMT
date: Sun, 27 Nov 2022 07:07:28 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 88e42375d2172305f819b892225cf877
674324641f82700172e72fe259ee2241361e2ea1
6dce3754a67df878b536c368657a492a1f908d408fe7fe5ba43c5d24c44434b3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 07:07:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 0ee1d1a60ec1770ec3e880a25c257f5d
015b05feff63bdcf8fae4d1a8c0c83c923a2ca67
b6845619444a37f322c044933a44cf3fd283a18a54d03bad4f76a2ed8c2cbaf6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 07:07:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
opticlygremio.com/1clkn/14927
200 OK 26 B URL HTTP/1.1 opticlygremio.com/1clkn/14927
IP
File type ASCII text, with no line terminators
Hash 414a242a6fee8464282857e475d3ef61
f669890350347f53aa9bd19c1a355692e8d17d2f
d4914e81dd0b4c1d8ee8e789f6b369d107b93ac886f862930e1a98580e79aafa
Analyzer Verdict Alert quad9 Sinkholed
GET /1clkn/14927 HTTP/1.1
Host: opticlygremio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://za.gl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 27 Nov 2022 07:07:28 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Set-Cookie: GL_UI4=eJw9jd1OhDAYRIHy42aFOAkPsI9QVBAvvfEVvCSl%2FcC60G5KXfTtbUz07mTmTCaKoqSuEF9zBvYpWpzU1HSS9428bx9417WPgtM09s9j%2F9Q1gvc46G3wYlzIp7idyZDTcpBWUYm7UP0lZ2N3kyIbnTCqRLYGYylRjM7uG7maITViJRSv2tFkv4IhPqwDa3gbWJvAMUdit5pVBxRv2qiwrI5IGl6VeYTjZRF%2Bsm4dtMpjZLMTihC%2F4EYKT7N13ygUbWdvL4Bd1PDv%2Fx6zveHIFV21JGTWv5P7AaoaStk%3D; expires=Mon, 28-Nov-2022 07:07:28 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJxNjM0KgkAYRW0qSwrjQg%2FQC2T%2Fi7bVMnThAwxmXzFg84kz%2FdjTpwbR5nI4cK7jOGLsQ6gcw%2B0i2M6D9TJYbNZoX4khwgjDlO%2FaFqXUyY3ghlw8kxJuQVfFGmK%2BwuDLMuUzoRtG0z%2FXRIPIZDzZ1z8lOqmqt1bwav52vaprXFuZHP4uU69JzNndVi8GniYrTU50hrdPThnNDvER%2Fs82H24LfWVkXvCrrHhk1Y3erEny5WLIVqr1cMUHDLFHVQ%3D%3D; expires=Mon, 28-Nov-2022 07:07:28 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
ocsp.pki.goog/gts1c3
200 OK 10 kB IP
Hash 709bc8152612ceddc1aac402d5858450
7d56b4578739521be2c9af3241f32cda69361e4e
9f4e161bb798f46b8dd682552cd4139df46b88e17c04d4f66d250b9e5d132239
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 07:07:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash e9895464b828d538dc654c678c82b181
af5791cd48761cb3f3f979b481c23e1508692823
c93a71d276aa3f386bef66ed2b4d69e041cccc9a4df5024b14d54ce2569948f0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 07:07:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/dmsans/v11/rP2Cp2ywxg089UriASitCBimCw.woff2
200 OK 18 kB URL HTTP/2 fonts.gstatic.com/s/dmsans/v11/rP2Cp2ywxg089UriASitCBimCw.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 18212, version 1.0\012- data
Hash ca72fb4e277e59be50b8850190822581
159b97b22006fe2a483da0a13d33cfb3cc5aa031
f3c0fa2cd71bb91d0e3acf5d77b93c49a184e9ad941532ca8c07c82eb0bd6a6c
GET /s/dmsans/v11/rP2Cp2ywxg089UriASitCBimCw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://za.gl
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 18212
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 27 Nov 2022 00:51:09 GMT
expires: Mon, 27 Nov 2023 00:51:09 GMT
cache-control: public, max-age=31536000
age: 22580
last-modified: Thu, 21 Apr 2022 16:54:14 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/dmsans/v11/rP2Hp2ywxg089UriCZOIHQ.woff2
200 OK 18 kB URL HTTP/2 fonts.gstatic.com/s/dmsans/v11/rP2Hp2ywxg089UriCZOIHQ.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 18096, version 1.0\012- data
Hash f29503a1895affee5ed85d0246238af8
f474c6e8a3e4e28fb68cf7fb29bd448cdfeb0278
7164a212fb4df27bf1e006342d1686badcba58f5a5d301772c14cc7adf1d4821
GET /s/dmsans/v11/rP2Hp2ywxg089UriCZOIHQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://za.gl
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 18096
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 24 Nov 2022 20:33:10 GMT
expires: Fri, 24 Nov 2023 20:33:10 GMT
cache-control: public, max-age=31536000
age: 210859
last-modified: Thu, 21 Apr 2022 16:54:12 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash e9895464b828d538dc654c678c82b181
af5791cd48761cb3f3f979b481c23e1508692823
c93a71d276aa3f386bef66ed2b4d69e041cccc9a4df5024b14d54ce2569948f0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 07:07:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
200 OK 471 B IP
Hash d3df71aab146eefc49acb608796aab63
8401892995193919376dfcd798b09c8261579454
a616c1e54e896576601e6107c1814adbebf35364d8ed807cdd89ac36b8200c88
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3429
Cache-Control: max-age=96991
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 07:07:29 GMT
Etag: "6381d72b-1d7"
Expires: Mon, 28 Nov 2022 10:04:00 GMT
Last-Modified: Sat, 26 Nov 2022 09:06:51 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 471
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash 70d13dbff7ec0930c387ac6ddb403251
c56e868cf2def175720c52c5f32d792ee2f749f9
17b8faf2988649ceaeecefa46842ad15d89caef8833f0e949011088f11e56de7
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=103246
Date: Sun, 27 Nov 2022 07:07:29 GMT
Etag: "6381e966-1d7"
Expires: Mon, 28 Nov 2022 11:48:15 GMT
Last-Modified: Sat, 26 Nov 2022 10:24:38 GMT
Server: ECS (bsa/EB15)
X-Cache: Miss from cloudfront
Via: 1.1 8ac66e1d6983a0f44cf391b1ec3b1cce.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: CWqXhb6I0PBMSJRHGbUBmRSA_4zNJdbfOJHaVQpzxGmxHWnTu7reiQ==
Age: 5017
www.google-analytics.com/analytics.js
200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://za.gl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Sun, 27 Nov 2022 06:41:08 GMT
expires: Sun, 27 Nov 2022 08:41:08 GMT
cache-control: public, max-age=7200
age: 1581
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
za.gl/GgHy2
200 OK 174 kB IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (6810), with CRLF, LF line terminators
Size 174 kB (174270 bytes)
Hash 802013475d2bcb69142e52caa5c1581b
a604ec2bc0fd28fa58f95c3cfaa9df74228619bc
e460f9cdc89c27d87bc3d53d7094387c19e8644a97bcc93b011ad98a78ee6817
GET /GgHy2 HTTP/1.1
Host: za.gl
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Sun, 27 Nov 2022 07:07:28 GMT
content-type: text/html; charset=UTF-8
set-cookie: AppSession=9eb8vhnl4o56qrikgiapc891p6; path=/; HttpOnly; secure
zagl_publisher=865410; expires=Sun, 27-Nov-2022 07:08:28 GMT; Max-Age=60; path=/; secure
scr=0.45; expires=Sun, 27-Nov-2022 07:08:28 GMT; Max-Age=60; path=/; secure
zagl_publisher=865410; expires=Sun, 27-Nov-2022 07:08:28 GMT; Max-Age=60; path=/; secure
scr=0.45; expires=Sun, 27-Nov-2022 07:08:28 GMT; Max-Age=60; path=/; secure
csrfToken=472e99be8c73c0ae40f7e5cc96568363bc3073e50db772afc39f567c616b3385a8c2bfcc433ddbbf2a52534eaa430648703e4221d175a931175361fdce0499b3; path=/; secure
visitor=Q2FrZQ%3D%3D.MDNiNTAwNzkxMjAxNzUwYTcxYTkwYjY4MzYxMWVkYWY4NzJmMWEwM2E3YWEzZDEzMzA0YmFiZjlkMWFjMjk1ON0tdNAzKA0%2BK2SPPMGF4NV3wcnsgnb4oPwmq6CrSbXP1Nt3iospSWnM7Zcjlmfq0oQyPwa70QBvWR%2F81k7eX%2Fr5ZyH2gjXI3W7Y%2BQSSM94u; expires=Mon, 28-Nov-2022 07:07:28 GMT; Max-Age=86400; path=/; HttpOnly; secure
hash=Q2FrZQ%3D%3D.NWQ1YjE0Y2E0MWZkNzZmZDYxZWU2NmY4OGI1ZGMwNjExOGQxZjc2NzkwMWNhMGY0YmE5MzhiZjdlNTIxOTRkZsI%2BYGjJMsD2YXyc%2BKpQjbyjMWT0zcmO6ZOzJDI19D%2BRRdz4NgZy5%2BAsyBLj54fPBi4gq%2F1%2FZFY30x7wl4%2FU5qw%3D; expires=Tue, 27-Dec-2022 07:07:28 GMT; Max-Age=2592000; path=/; secure
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m7hj98O7aflxsy0pbGVVQL7Sqze3jPStA2akoYniS4bcyf%2FOP9YLl1dejxkIaZ7jlK2aao6SEXesjp%2FNKuh0BKDGEXFYfUG0M05NR3%2FKx1NiS2MRkCqd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770906eddc23b503-OSL
content-encoding: br
X-Firefox-Spdy: h2
push.services.mozilla.com/
101 Switching Protocols 4.1 kB URL HTTP/1.1 push.services.mozilla.com/
IP
Hash 9a7db5c5b490731a3a29159ed3a66972
91a1937ea6cf3b0529b1436730dd9144260d5b17
c69d9b4261280403f33d571d1b06691f17b9be72470340b78b15a686b2a22a79
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: V7UACJZLqJlT2N6a8KeNHQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Xxqnph8938Ah0AWD2+dQLtm+l54=
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash d4c2c38b64f782454fc2c0d60252ad15
b98ee83c4d3af302a828b6eac065426a7d6501cf
80b7f9ea618164d015aa82826116f37f06dd06a6ebe6492405bd9e503c557a93
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "80B7F9EA618164D015AA82826116F37F06DD06A6EBE6492405BD9E503C557A93"
Last-Modified: Sat, 26 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4326
Expires: Sun, 27 Nov 2022 08:19:35 GMT
Date: Sun, 27 Nov 2022 07:07:29 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash d4c2c38b64f782454fc2c0d60252ad15
b98ee83c4d3af302a828b6eac065426a7d6501cf
80b7f9ea618164d015aa82826116f37f06dd06a6ebe6492405bd9e503c557a93
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "80B7F9EA618164D015AA82826116F37F06DD06A6EBE6492405BD9E503C557A93"
Last-Modified: Sat, 26 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16510
Expires: Sun, 27 Nov 2022 11:42:39 GMT
Date: Sun, 27 Nov 2022 07:07:29 GMT
Connection: keep-alive
fishermanslush.com/3e/c0/90/3ec0905094195898e97f189a6f59b52b.js
200 OK 13 kB URL HTTP/1.1 fishermanslush.com/3e/c0/90/3ec0905094195898e97f189a6f59b52b.js
IP
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (37163), with no line terminators
Hash 674c0658120ed5ffccb7fef8ccbdbff3
5a011029eaa982979023371ea771c2b355b727f3
42a143dfb6c8d8c0806f94e280db4ad120fd0c07c43f7d778a2fe34b757a69c2
GET /3e/c0/90/3ec0905094195898e97f189a6f59b52b.js HTTP/1.1
Host: fishermanslush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://za.gl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sun, 27 Nov 2022 07:07:29 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4cd70edfa0a212989f14c48e8f45d576
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
fishermanslush.com/ae/5b/60/ae5b60e24661bf9ec039fadca57ec6c7.js
200 OK 21 kB URL HTTP/1.1 fishermanslush.com/ae/5b/60/ae5b60e24661bf9ec039fadca57ec6c7.js
IP
ASN #39572 DataWeb Global Group B.V.
File type HTML document, ASCII text, with very long lines (60176), with no line terminators
Hash 0512b64b33bc25a6c1237d2b733f5d3d
ef15bf5dfe4f2ea3eb95e433832f861be137c8f7
f4c58f5381b5161fcbe04f50f91fc1178b7e782ae5a042ee7be2a85678a5fe8a
GET /ae/5b/60/ae5b60e24661bf9ec039fadca57ec6c7.js HTTP/1.1
Host: fishermanslush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://za.gl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sun, 27 Nov 2022 07:07:29 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 28cee9a96a968910d79ef1ea7ad4a1a3
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
region1.google-analytics.com/g/collect?v=2&tid=G-6QVVMFTPT3>m=2oeb90&_p=1298660635&cid=2123306029.1669532849&ul=en-us&sr=1280x1024&_s=1&sid=1669532848&sct=1&seg=0&dl=https%3A%2F%2Fza.gl%2FGgHy2&dt=za.gl&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
204 No Content 1 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-6QVVMFTPT3>m=2oeb90&_p=1298660635&cid=2123306029.1669532849&ul=en-us&sr=1280x1024&_s=1&sid=1669532848&sct=1&seg=0&dl=https%3A%2F%2Fza.gl%2FGgHy2&dt=za.gl&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
IP
File type very short file (no magic)
Hash eccbc87e4b5ce2fe28308fd9f2a7baf3
77de68daecd823babbb58edb1c8e14d7106e83bb
4e07408562bedb8b60ce05c1decfe3ad16b72230967de01f640b7e4729b49fce
POST /g/collect?v=2&tid=G-6QVVMFTPT3>m=2oeb90&_p=1298660635&cid=2123306029.1669532849&ul=en-us&sr=1280x1024&_s=1&sid=1669532848&sct=1&seg=0&dl=https%3A%2F%2Fza.gl%2FGgHy2&dt=za.gl&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://za.gl
Connection: keep-alive
Referer: https://za.gl/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://za.gl
date: Sun, 27 Nov 2022 07:07:29 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash d08d079d04458028065ddfa315e8ca41
146b9eb370f649d3a230226ab373e05f39fd80af
c108c7e6ef9d790abca48344401f4b5a2204fe16287908f48a865181f711f000
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "C108C7E6EF9D790ABCA48344401F4B5A2204FE16287908F48A865181F711F000"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6398
Expires: Sun, 27 Nov 2022 08:54:07 GMT
Date: Sun, 27 Nov 2022 07:07:29 GMT
Connection: keep-alive
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash 4af47334194a0d10c2bfd52f16eb91ac
8ea04d240499dea43f26c738c8428df118dd622d
6741505308b8f473e68a567b74e6cd099b7a624b3711cc0acab45b2add675f74
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=112043
Date: Sun, 27 Nov 2022 07:07:29 GMT
Etag: "63821517-1d7"
Expires: Mon, 28 Nov 2022 14:14:52 GMT
Last-Modified: Sat, 26 Nov 2022 13:31:03 GMT
Server: ECS (dcb/7FA5)
X-Cache: Miss from cloudfront
Via: 1.1 8ac66e1d6983a0f44cf391b1ec3b1cce.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: f-KeLu52yTL8K_9qf5GuyQwPFIaUgmlO80yUwHkW8A3NGwOIBBREjw==
Age: 2629
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash 4af47334194a0d10c2bfd52f16eb91ac
8ea04d240499dea43f26c738c8428df118dd622d
6741505308b8f473e68a567b74e6cd099b7a624b3711cc0acab45b2add675f74
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sun, 27 Nov 2022 07:07:29 GMT
Last-Modified: Sun, 27 Nov 2022 06:26:17 GMT
Server: ECS (dcb/7F14)
X-Cache: Miss from cloudfront
Via: 1.1 04c4f064943f75498361739eb063cb7a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: SCSjEvyYprv9GZuSlGwWIgRJo0LLENnnd0-u1LJfGpeoCa4bdk9hLw==
Age: 2472
simplewebanalysis.com/stats
200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP
File type ASCII text, with no line terminators
Hash c17804630753c8a8a4bb99e98d28b38f
02e34ef54394a5f9e336596085c8507990beaadb
654885425a97c4e3b8eaa1ea21bfaf030fdc4c3f497b62f9e61a1e18f62e5754
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://za.gl
Connection: keep-alive
Referer: https://za.gl/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 07:07:30 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://za.gl
access-control-allow-credentials: true
set-cookie: uid_id2=acef744c-648c-44e6-a8c6-a65a666e960d:3:1; expires=Wed, 24 Nov 2032 07:07:30 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
simplewebanalysis.com/stats
200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP
File type ASCII text, with no line terminators
Hash 9f47a7a55ed313631ce890b6837c0057
14842575428830f96343d53ddf2248c186ef7dbf
b8253aa2ff038fa55a8c0e645a0ce497ac1c4bf52c6c75528bfcd80f6455f29e
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://za.gl
Connection: keep-alive
Referer: https://za.gl/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 07:07:30 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://za.gl
access-control-allow-credentials: true
set-cookie: uid_id2=93ce80b3-51ce-45c5-8bb7-1a3e4bed120a:2:1; expires=Wed, 24 Nov 2032 07:07:30 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 04d66f10b9a937d99d9d4a73e89b20b4
bbc2a6943f5590ecaae2e9c34834a17fe7112976
fe957c45b614986436ec9cd8ed6334efd8b82a824d268c3d3454ec4b6c2e36e0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FE957C45B614986436EC9CD8ED6334EFD8B82A824D268C3D3454EC4B6C2E36E0"
Last-Modified: Sat, 26 Nov 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3024
Expires: Sun, 27 Nov 2022 07:57:54 GMT
Date: Sun, 27 Nov 2022 07:07:30 GMT
Connection: keep-alive
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash d08d079d04458028065ddfa315e8ca41
146b9eb370f649d3a230226ab373e05f39fd80af
c108c7e6ef9d790abca48344401f4b5a2204fe16287908f48a865181f711f000
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "C108C7E6EF9D790ABCA48344401F4B5A2204FE16287908F48A865181F711F000"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6397
Expires: Sun, 27 Nov 2022 08:54:07 GMT
Date: Sun, 27 Nov 2022 07:07:30 GMT
Connection: keep-alive
integrityprinciplesthorough.com/pixel/purst?dl=0&th=0&sc=0&rs=1916&rd=1916&fd=882&bv=22.10.v.9&tmpl=70
200 OK 0 B URL HTTP/1.1 integrityprinciplesthorough.com/pixel/purst?dl=0&th=0&sc=0&rs=1916&rd=1916&fd=882&bv=22.10.v.9&tmpl=70
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=1916&rd=1916&fd=882&bv=22.10.v.9&tmpl=70 HTTP/1.1
Host: integrityprinciplesthorough.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://za.gl/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 27 Nov 2022 07:07:30 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 9131e8d3f3d4cb75936096e0bed676f1
6004d602e55df4312a11da35d0f56fe0a029b1f3
ac8636d95cc774c776dfbc2facb52a79bed6e29bce86d2745db64a1dcdb08240
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AC8636D95CC774C776DFBC2FACB52A79BED6E29BCE86D2745DB64A1DCDB08240"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17271
Expires: Sun, 27 Nov 2022 11:55:21 GMT
Date: Sun, 27 Nov 2022 07:07:30 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14300
Expires: Sun, 27 Nov 2022 11:05:50 GMT
Date: Sun, 27 Nov 2022 07:07:30 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14300
Expires: Sun, 27 Nov 2022 11:05:50 GMT
Date: Sun, 27 Nov 2022 07:07:30 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff0b2959f-9d1d-41c7-a7c1-b9f52a7766ac.jpeg
200 OK 7.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff0b2959f-9d1d-41c7-a7c1-b9f52a7766ac.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 76c00eceed956377d7469ef58b0815cb
97a135335f5b1b042adeb385718f8808cb78528b
81fb72ab752b2eb39ab6ee015055304490b3b6c3259968703fd07c2a2eed1e61
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff0b2959f-9d1d-41c7-a7c1-b9f52a7766ac.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7380
x-amzn-requestid: 18589644-299c-4a39-9376-db1bd1472009
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cOo4iEegIAMFeuQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63828836-23990acc0fdc599a75a534e3;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 21:42:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: RqsZxAtbOkWBGbXJ3sZHxcS-ZvWOw7Yg2Qd4zj0QLhrp3wAXC8w6jA==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 21:42:14 GMT
etag: "97a135335f5b1b042adeb385718f8808cb78528b"
content-type: image/jpeg
age: 33916
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg
200 OK 4.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash cc0a257323f882caff067adb86d906e4
cedf2f21be7cd366bd46055b62b5513db3011dfc
c16a9296d5e840a468fef7fb2764b9f7d4b3131d7ade2ce4999de1eead5469e0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4803
x-amzn-requestid: 80f7f1c8-0316-4181-83ac-2787b1ae825f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cOo4iFHoIAMF2-g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63828836-2c0a081b07e0785b4350c10c;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 21:42:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: AVwDLlKoy5pc9NNuR_OakMB0ONGAoO-k2AKwV--b2sjiaqYSKAWlZg==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 21:42:14 GMT
etag: "cedf2f21be7cd366bd46055b62b5513db3011dfc"
content-type: image/jpeg
age: 33916
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4565b77f-3e3b-4410-b35b-b4e9a478ce4f.jpeg
200 OK 8.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4565b77f-3e3b-4410-b35b-b4e9a478ce4f.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash cc51742200b699c93a6ede66c7997d2a
1021cf938f62cf18466e2ff4d55ce8c52c0f9cf6
a7cc50883ac1a59fc14f0467551dec16cef3b033df599b23916427c5e42be1aa
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4565b77f-3e3b-4410-b35b-b4e9a478ce4f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8145
x-amzn-requestid: 8aaa302d-30b2-4fb0-aafe-e63f3d9bf680
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cCSogEkHIAMFtxA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637d97cf-660d88387db5e9a145718d46;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 03:47:27 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 5XZhJ2zj6Ca5gubdHU0DyM-doTvt2pU38IBKx_vLKtDdN2G8VUW-fg==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 19:43:10 GMT
age: 41060
etag: "1021cf938f62cf18466e2ff4d55ce8c52c0f9cf6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdee4f5d4-5a5e-4a39-9681-50795cecc0f4.jpeg
200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdee4f5d4-5a5e-4a39-9681-50795cecc0f4.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2cd887044e91d7ed0f1a8d7119ff7dd0
ae8aa4ce6ddaccba771fe65446926b60fc5628da
bad283c15531000b7a8c126d442154b64a880cc26196a46cbd2e6266a526db67
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdee4f5d4-5a5e-4a39-9681-50795cecc0f4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10199
x-amzn-requestid: baee3bbe-7ded-425a-ae39-fccfc8169217
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cOo4iF1VIAMF09g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63828836-5522727b2f09b27e63b23270;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 21:42:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: K2eKLQhrsCdd4ASsfEibRuZAYW4CpPTlO3fZs7xdoKrw1HBxfTGkEA==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 21:42:14 GMT
etag: "ae8aa4ce6ddaccba771fe65446926b60fc5628da"
content-type: image/jpeg
age: 33916
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F15290721-a62e-49b8-80c6-967680cff24f.jpeg
200 OK 6.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F15290721-a62e-49b8-80c6-967680cff24f.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f7f16c0f8a8e710210ce77c0e4c1c2a2
590c34be54c9889eec4ff7993e070fda836f711f
4224287ba765da59c877ac4f1dec65accc5bec934b7598d9cbbee669ba4ab12e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F15290721-a62e-49b8-80c6-967680cff24f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6883
x-amzn-requestid: 9e3878c9-1817-427e-b121-969a8cbc7ad8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cL1ySF0tIAMFY4Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638169a8-5143ffea77b70cf67ef60ad7;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 01:19:36 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: K4mksi8EQxTxRXDqN-0iWJc-LmiI7joDX5xGmPb1HetziDj4mRCC7Q==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 05:53:37 GMT
age: 4433
etag: "590c34be54c9889eec4ff7993e070fda836f711f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F597d0b25-8af2-425a-be32-195ac8e4bc00.jpeg
200 OK 4.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F597d0b25-8af2-425a-be32-195ac8e4bc00.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 514b4077fad50ba782e4bbb2c95c6852
4770f56d4d9489df43f33952e4bfa84d8e46414e
a97ce7c911625345342731b96cf423ee36182e101e3039694a666d6508a702ef
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F597d0b25-8af2-425a-be32-195ac8e4bc00.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4374
x-amzn-requestid: 16fa9401-4b57-4300-9377-3a7d96de3a38
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cGB7uFWJIAMFfTg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637f16b1-3386c7b54d828c3b1393b9ce;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 07:01:05 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 6XMNeYqDwM9yHZf1rkBRhZ6k_iZE92MWKavu0vlQnT2jZ--tswQwWw==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 07:07:11 GMT
age: 19
etag: "4770f56d4d9489df43f33952e4bfa84d8e46414e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash af7b8db21256a1e9513f134f4a83aa7f
a81fc3bc0519040bfcbd9e2875b6aaa44259bc4d
84eb422804f5bb5cb226d1e778f4e98e3bbc5b99e0a7f8ab91aeeb1a5502f117
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "84EB422804F5BB5CB226D1E778F4E98E3BBC5B99E0A7F8AB91AEEB1A5502F117"
Last-Modified: Fri, 25 Nov 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5522
Expires: Sun, 27 Nov 2022 08:39:32 GMT
Date: Sun, 27 Nov 2022 07:07:30 GMT
Connection: keep-alive
unseenreport.com/pxf.gif?uuid=93ce80b3-51ce-45c5-8bb7-1a3e4bed120a&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=3ec0905094195898e97f189a6f59b52b&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=7
200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=93ce80b3-51ce-45c5-8bb7-1a3e4bed120a&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=3ec0905094195898e97f189a6f59b52b&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=7
IP
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=93ce80b3-51ce-45c5-8bb7-1a3e4bed120a&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=3ec0905094195898e97f189a6f59b52b&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=7 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://za.gl/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sun, 27 Nov 2022 07:07:30 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f573cd5938c9e745cfe070ffe7976e45
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=93ce80b3-51ce-45c5-8bb7-1a3e4bed120a&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=ae5b60e24661bf9ec039fadca57ec6c7&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=7
200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=93ce80b3-51ce-45c5-8bb7-1a3e4bed120a&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=ae5b60e24661bf9ec039fadca57ec6c7&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=7
IP
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=93ce80b3-51ce-45c5-8bb7-1a3e4bed120a&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=ae5b60e24661bf9ec039fadca57ec6c7&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=7 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://za.gl/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sun, 27 Nov 2022 07:07:30 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d45e5449fda4b2cf5d20a66a0c5e0382
Strict-Transport-Security: max-age=0; includeSubdomains
parkingridiculous.com/sbar.json?key=3ec0905094195898e97f189a6f59b52b&uuid=93ce80b3-51ce-45c5-8bb7-1a3e4bed120a%3A2%3A1
200 OK 4.2 kB URL HTTP/1.1 parkingridiculous.com/sbar.json?key=3ec0905094195898e97f189a6f59b52b&uuid=93ce80b3-51ce-45c5-8bb7-1a3e4bed120a%3A2%3A1
IP
File type JSON data\012- , ASCII text, with very long lines (5806), with no line terminators
Hash 53ea1082e518fc56285f747d38090eee
55c36a23f85c48e90f2186f8a8961f1a71fc065b
f08ad61fb10a118e223ba96b6a9a42bb4ef469b44677d4ea850585cdd1da71c5
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=3ec0905094195898e97f189a6f59b52b&uuid=93ce80b3-51ce-45c5-8bb7-1a3e4bed120a%3A2%3A1 HTTP/1.1
Host: parkingridiculous.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://za.gl
Connection: keep-alive
Referer: https://za.gl/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 27 Nov 2022 07:07:31 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://za.gl
Access-Control-Allow-Origin: https://za.gl
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=16908321; expires=Mon, 28 Nov 2022 07:07:30 GMT; secure; SameSite=None
uid_id2=93ce80b3-51ce-45c5-8bb7-1a3e4bed120a:2:1; expires=Sun, 04 Dec 2022 07:07:30 GMT; secure; SameSite=None
pdhtkv=true; expires=Mon, 28 Nov 2022 07:07:31 GMT; secure; SameSite=None
uncs=1; expires=Mon, 28 Nov 2022 07:07:31 GMT; secure; SameSite=None
pdhtkv29=true; expires=Mon, 28 Nov 2022 07:07:31 GMT; secure; SameSite=None
uncs29=1; expires=Mon, 28 Nov 2022 07:07:31 GMT; secure; SameSite=None
slec3ec0905094195898e97f189a6f59b52b=[3760946]; expires=Sun, 27 Nov 2022 07:07:36 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 5a19b11ae845905e3eeee01186863ee5
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash c7afa63a2e765a5889feedb036228204
546d048429118d6ff49049b948a6d39c3706b4e1
ce33ebbd5115ffaac9721eacc50f458d369b30dbc875379c5602fe846d078207
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CE33EBBD5115FFAAC9721EACC50F458D369B30DBC875379C5602FE846D078207"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6544
Expires: Sun, 27 Nov 2022 08:56:35 GMT
Date: Sun, 27 Nov 2022 07:07:31 GMT
Connection: keep-alive
parkingridiculous.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSPWwcRRidNaYBioAQUgrQIVGAhM%2Bzd7e5W1JYhBBkkT8lQa5nZmfPg%2Bd2lpnd2%2FNVFpYgEhSHaOhYv7NjJUSIiBqBzqFAJ0XkKNAVuKVFspQUNOjskyy%2BYr5v5r3ie%2B%2FNZzv5IaHI2fT6FdNXWrPloEorb66pJDKFq1y9VfFplZ6vrKnkXON8pTc7bPcdnwZV%2BlblAyk2zHKN%2BpT61K9cUlbGprd8jEKl90O%2FGtJqo1b1gwZ69v93l3twzEPUPSQvQUWTZ9d%2FewAlRkg6P1yUbiMz6dvvd3LNMmPRjfY%2FSjYSUyTonI6x9RAn%2B3M2jJsQ8s0CTLI%2FVwDT3Z0pAFcT4v3pgyf78zXBu3snm3INmYBHz6PojiD1CIqNIMw2VPSYACLC1WtIOneuGluwzROUzdAJWXxyBFVMyOJfLyPpfH9Bq17lptF5pkzi0ItLqN4Iqj1Cmh8g63tQxQFE9ilU9IgsP7mMpLN7zWkDFU3fCOtCtiivLwW%2BkEuNQARLLc6bSz6rywaXkV%2Bj7NgipUZQ8QhaDsDcAnLnIVce8thDnnroRNMKC8KY0mbM43q91RBC1OtCBK1zURDVG62YIhczDQNk6QBCDyDsFlK7hQ01gM1%2FgVsv4SIPLiPoRiUKSVA4goIRFIqgyAiKbrkXaVdz5Z1Iu5z7816b93o5NFl7h%2B2ZrC0TspMekhdnxnkL5HVsyGmlLgUNaUDDhh8GrbAlw2bst0J2Lg5CHtQ4nCqh3AKY89Cfpfi7h3TWizPg7ABOH0CoM2D5q2DFsFmjYOvDRouin%2Bz1WbWtEZkSabaIbNPb0Yfk7HFyoahBivHK05tPH01f%2BRzClkhtiY%2FVQ4K2vj28YQqye8MUjjy4lmaqo%2FpslurNjGVy8d6HcrMwNlq96AZ33xUzYDbevyVddpklkUrajnx3QUWRtJeMFZL8tOrWJL%2Beu%2FULuU3y9PL19y6tdlIrnVMmGYGpx82vIdSEPHdl6%2Fi%2FvvblQyg7gs1LdPIxmReUOYBIt%2BDS8crR3X%2F%2F1l9chDMEVp9yeOqhyMuhrfHTR60mpHb0K7Qcr3y7%2Bok4e28Mxks4eWoDl%2BOf%2Fznh77jbaFsPLNtG0inRtSW6ugTTA7j8mWGW2vHKH%2FXjAtfekGvr7XJt9Vcn9jo1rcggprGkNcnjkMdNRqMwboSchb5s8oD5yNxEbL%2Fw438AAAD%2F%2FwEAAP%2F%2FoZIRI4sEAAA%3D
200 OK 7 B URL HTTP/1.1 parkingridiculous.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSPWwcRRidNaYBioAQUgrQIVGAhM%2Bzd7e5W1JYhBBkkT8lQa5nZmfPg%2Bd2lpnd2%2FNVFpYgEhSHaOhYv7NjJUSIiBqBzqFAJ0XkKNAVuKVFspQUNOjskyy%2BYr5v5r3ie%2B%2FNZzv5IaHI2fT6FdNXWrPloEorb66pJDKFq1y9VfFplZ6vrKnkXON8pTc7bPcdnwZV%2BlblAyk2zHKN%2BpT61K9cUlbGprd8jEKl90O%2FGtJqo1b1gwZ69v93l3twzEPUPSQvQUWTZ9d%2FewAlRkg6P1yUbiMz6dvvd3LNMmPRjfY%2FSjYSUyTonI6x9RAn%2B3M2jJsQ8s0CTLI%2FVwDT3Z0pAFcT4v3pgyf78zXBu3snm3INmYBHz6PojiD1CIqNIMw2VPSYACLC1WtIOneuGluwzROUzdAJWXxyBFVMyOJfLyPpfH9Bq17lptF5pkzi0ItLqN4Iqj1Cmh8g63tQxQFE9ilU9IgsP7mMpLN7zWkDFU3fCOtCtiivLwW%2BkEuNQARLLc6bSz6rywaXkV%2Bj7NgipUZQ8QhaDsDcAnLnIVce8thDnnroRNMKC8KY0mbM43q91RBC1OtCBK1zURDVG62YIhczDQNk6QBCDyDsFlK7hQ01gM1%2FgVsv4SIPLiPoRiUKSVA4goIRFIqgyAiKbrkXaVdz5Z1Iu5z7816b93o5NFl7h%2B2ZrC0TspMekhdnxnkL5HVsyGmlLgUNaUDDhh8GrbAlw2bst0J2Lg5CHtQ4nCqh3AKY89Cfpfi7h3TWizPg7ABOH0CoM2D5q2DFsFmjYOvDRouin%2Bz1WbWtEZkSabaIbNPb0Yfk7HFyoahBivHK05tPH01f%2BRzClkhtiY%2FVQ4K2vj28YQqye8MUjjy4lmaqo%2FpslurNjGVy8d6HcrMwNlq96AZ33xUzYDbevyVddpklkUrajnx3QUWRtJeMFZL8tOrWJL%2Beu%2FULuU3y9PL19y6tdlIrnVMmGYGpx82vIdSEPHdl6%2Fi%2FvvblQyg7gs1LdPIxmReUOYBIt%2BDS8crR3X%2F%2F1l9chDMEVp9yeOqhyMuhrfHTR60mpHb0K7Qcr3y7%2Bok4e28Mxks4eWoDl%2BOf%2Fznh77jbaFsPLNtG0inRtSW6ugTTA7j8mWGW2vHKH%2FXjAtfekGvr7XJt9Vcn9jo1rcggprGkNcnjkMdNRqMwboSchb5s8oD5yNxEbL%2Fw438AAAD%2F%2FwEAAP%2F%2FoZIRI4sEAAA%3D
IP
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSPWwcRRidNaYBioAQUgrQIVGAhM%2Bzd7e5W1JYhBBkkT8lQa5nZmfPg%2Bd2lpnd2%2FNVFpYgEhSHaOhYv7NjJUSIiBqBzqFAJ0XkKNAVuKVFspQUNOjskyy%2BYr5v5r3ie%2B%2FNZzv5IaHI2fT6FdNXWrPloEorb66pJDKFq1y9VfFplZ6vrKnkXON8pTc7bPcdnwZV%2BlblAyk2zHKN%2BpT61K9cUlbGprd8jEKl90O%2FGtJqo1b1gwZ69v93l3twzEPUPSQvQUWTZ9d%2FewAlRkg6P1yUbiMz6dvvd3LNMmPRjfY%2FSjYSUyTonI6x9RAn%2B3M2jJsQ8s0CTLI%2FVwDT3Z0pAFcT4v3pgyf78zXBu3snm3INmYBHz6PojiD1CIqNIMw2VPSYACLC1WtIOneuGluwzROUzdAJWXxyBFVMyOJfLyPpfH9Bq17lptF5pkzi0ItLqN4Iqj1Cmh8g63tQxQFE9ilU9IgsP7mMpLN7zWkDFU3fCOtCtiivLwW%2BkEuNQARLLc6bSz6rywaXkV%2Bj7NgipUZQ8QhaDsDcAnLnIVce8thDnnroRNMKC8KY0mbM43q91RBC1OtCBK1zURDVG62YIhczDQNk6QBCDyDsFlK7hQ01gM1%2FgVsv4SIPLiPoRiUKSVA4goIRFIqgyAiKbrkXaVdz5Z1Iu5z7816b93o5NFl7h%2B2ZrC0TspMekhdnxnkL5HVsyGmlLgUNaUDDhh8GrbAlw2bst0J2Lg5CHtQ4nCqh3AKY89Cfpfi7h3TWizPg7ABOH0CoM2D5q2DFsFmjYOvDRouin%2Bz1WbWtEZkSabaIbNPb0Yfk7HFyoahBivHK05tPH01f%2BRzClkhtiY%2FVQ4K2vj28YQqye8MUjjy4lmaqo%2FpslurNjGVy8d6HcrMwNlq96AZ33xUzYDbevyVddpklkUrajnx3QUWRtJeMFZL8tOrWJL%2Beu%2FULuU3y9PL19y6tdlIrnVMmGYGpx82vIdSEPHdl6%2Fi%2FvvblQyg7gs1LdPIxmReUOYBIt%2BDS8crR3X%2F%2F1l9chDMEVp9yeOqhyMuhrfHTR60mpHb0K7Qcr3y7%2Bok4e28Mxks4eWoDl%2BOf%2Fznh77jbaFsPLNtG0inRtSW6ugTTA7j8mWGW2vHKH%2FXjAtfekGvr7XJt9Vcn9jo1rcggprGkNcnjkMdNRqMwboSchb5s8oD5yNxEbL%2Fw438AAAD%2F%2FwEAAP%2F%2FoZIRI4sEAAA%3D HTTP/1.1
Host: parkingridiculous.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://za.gl/
Cookie: u_pl=16908321; uid_id2=93ce80b3-51ce-45c5-8bb7-1a3e4bed120a:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec3ec0905094195898e97f189a6f59b52b=[3760946]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 27 Nov 2022 07:07:31 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2f1ad2de09d46780ff35ada827807632
Strict-Transport-Security: max-age=0; includeSubdomains
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 3a1eb8e3d7b5e963c21e1905e849e570
fff8193edc6218562c5612b0e02f73dbcca98c0c
12db50941a08926a1f14146c52b53cfc6acc1dcb6ac858f6fcfb421330dfb12f
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "12DB50941A08926A1F14146C52B53CFC6ACC1DCB6AC858F6FCFB421330DFB12F"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15846
Expires: Sun, 27 Nov 2022 11:31:37 GMT
Date: Sun, 27 Nov 2022 07:07:31 GMT
Connection: keep-alive
parkingridiculous.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Finterstitial%2Fsoftware%2FflashPlayer%2Fmac%2Fmulti%2F1%2Findex.html&l=3323&fd=124
200 OK 0 B URL HTTP/1.1 parkingridiculous.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Finterstitial%2Fsoftware%2FflashPlayer%2Fmac%2Fmulti%2F1%2Findex.html&l=3323&fd=124
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Finterstitial%2Fsoftware%2FflashPlayer%2Fmac%2Fmulti%2F1%2Findex.html&l=3323&fd=124 HTTP/1.1
Host: parkingridiculous.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://za.gl/
Cookie: u_pl=16908321; uid_id2=93ce80b3-51ce-45c5-8bb7-1a3e4bed120a:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec3ec0905094195898e97f189a6f59b52b=[3760946]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 27 Nov 2022 07:07:31 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.creative-bars1.com/sb/interstitial/software/flashPlayer/mac/multi/1/img/flash-logo.png
200 OK 9.4 kB URL HTTP/2 cdn.creative-bars1.com/sb/interstitial/software/flashPlayer/mac/multi/1/img/flash-logo.png
IP
File type PNG image data, 240 x 240, 8-bit colormap, non-interlaced\012- data
Hash 910542c04f8bf2f90ee33d17d538a006
18d5943e5d51539038f7988c34bccef2937c5545
5969cb3c5c4f573f5c05035ddf9748ee17d5c71df6fca4e484f65d30e2694e57
GET /sb/interstitial/software/flashPlayer/mac/multi/1/img/flash-logo.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 07:07:31 GMT
content-type: image/png
content-length: 9360
last-modified: Wed, 01 Sep 2021 12:22:39 GMT
etag: "612f708f-2490"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1012521
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Oc8qx%2F9kyq11GYNGpnuKb1XqCmnV6POsUHTmq8gBVtB%2FXd2yqYvK3U4V%2BGx7JwtAcR8HCPeNT%2FRJmI7tAwxsMiGDdkIaM5xIkL0UU1ahOuqqr%2Ftk5QGp9slAdN6IgAPZmPJrBvYR3Ycc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77090701acd474a1-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 3a1eb8e3d7b5e963c21e1905e849e570
fff8193edc6218562c5612b0e02f73dbcca98c0c
12db50941a08926a1f14146c52b53cfc6acc1dcb6ac858f6fcfb421330dfb12f
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "12DB50941A08926A1F14146C52B53CFC6ACC1DCB6AC858F6FCFB421330DFB12F"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15846
Expires: Sun, 27 Nov 2022 11:31:37 GMT
Date: Sun, 27 Nov 2022 07:07:31 GMT
Connection: keep-alive
parkingridiculous.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Fsoftware%2FflashPlayer%2Fmac%2Fmulti%2F1%2Fcss%2Fstyle.css&l=4522&fd=117
200 OK 0 B URL HTTP/1.1 parkingridiculous.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Fsoftware%2FflashPlayer%2Fmac%2Fmulti%2F1%2Fcss%2Fstyle.css&l=4522&fd=117
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Fsoftware%2FflashPlayer%2Fmac%2Fmulti%2F1%2Fcss%2Fstyle.css&l=4522&fd=117 HTTP/1.1
Host: parkingridiculous.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://za.gl/
Cookie: u_pl=16908321; uid_id2=93ce80b3-51ce-45c5-8bb7-1a3e4bed120a:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec3ec0905094195898e97f189a6f59b52b=[3760946]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 27 Nov 2022 07:07:31 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.creative-bars1.com/sb/interstitial/software/flashPlayer/mac/multi/1/css/style.css
200 OK 1.3 kB URL HTTP/2 cdn.creative-bars1.com/sb/interstitial/software/flashPlayer/mac/multi/1/css/style.css
IP
Hash b0b362d133eb4904706bb0622229b74f
22d89f78efb4c1cf967ac7e28821f4f39df8baf7
79b0f34463059aaa97b3b2f0f3319f64e893a595ce9e300d86fb031cc7fa28c0
GET /sb/interstitial/software/flashPlayer/mac/multi/1/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://za.gl
Connection: keep-alive
Referer: https://za.gl/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 07:07:31 GMT
content-type: text/css
last-modified: Wed, 01 Sep 2021 12:22:34 GMT
etag: W/"612f708a-11aa"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 33325
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FwjxvS%2B293ZUdu2AWNafU%2BxaiTqRL2LEHgtpYrjwTxTO6sK5Gc2%2BE%2B%2B8H2D%2Fo7lPTsmYheHgwuqOSBmsFLsru%2BxCuFNBlPZcpxNhFJzI3%2FmQuHzuMyiPtBsXhBEMC6TbE%2BM6y8%2FC9ixC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 770907018cc174a1-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/interstitial/software/flashPlayer/mac/multi/1/css/animate.css
200 OK 4.8 kB URL HTTP/2 cdn.creative-bars1.com/sb/interstitial/software/flashPlayer/mac/multi/1/css/animate.css
IP
Hash c91016401e0a0b7b3d7572de48c76597
12fb634abb5e708b4f55d1489055b4f626d3cdd1
2472e286e0bf6f54cef9d99e9c63301c873fa02bc4e3979e1a18587a6d973120
GET /sb/interstitial/software/flashPlayer/mac/multi/1/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://za.gl
Connection: keep-alive
Referer: https://za.gl/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 07:07:31 GMT
content-type: text/css
last-modified: Wed, 01 Sep 2021 12:22:34 GMT
etag: W/"612f708a-13591"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 33325
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zcfPaY2OZ8mujJx%2Ffvz0zgecxFkvonq5qI%2FZajvaFlwl6stUN76s9yhe6SlwNvd2FxPl%2Foz7LeZqkVXgZw20kusSqDiDVY28n1IHYaEkjN2ekAaHVdE%2Fa4BA%2BEcfxtWuBRDkB8ML6U1r"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 770907018cbb74a1-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
friendshipmale.com/sfp.js
200 OK 28 kB URL HTTP/2 friendshipmale.com/sfp.js
IP
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash c3b99821891404c938a08c623639bc8d
18aaca1d8ddc3682285b0366aaa94cfe8deafb9f
b86b4aeda936a68d7d75012e865103db01dc7e82c1ee2d7d0ca6d50550008379
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://za.gl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 07:07:30 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: c44aca7e3ce7eac66c6d71a5689ac56f
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sun, 27 Nov 2022 07:07:29 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OH2DfibT7dijXxYVprntjtow5YbBKkxd6xVqXL8dkXATcMW%2FYKF8jcyrc19MDgi1ZEQ1VC7JC8arJzRaZ5RHtV1SDT3rUzRdPArDuEaESIHOB1oq7BGwxRK7KcNtQPkbFLRPhHk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 770906f81e58742b-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
parkingridiculous.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSPWwcRRidNaYBioAQUgrQIVGAhM%2F7c5vbJYVFCEEW%2BVMSlHr%2B9jx4bmeZ2b11XFlEgkhQHKKhY%2F3OjpUQISJqBDqHAp0UkaNALnBLixQpKWjQ2ZYsvmK%2Bb%2Ba94nvvzWeb1T7xUdG9yxfMutKaLsZtv%2FXmdZULU7vWxWutwG%2F7p1vXVX6qc7q1Njvs4J3Aj9v%2BW60PJF81i6Ef%2BH7gB61zysrMrC0eoFDFvTRop367E7aDuIM1%2B%2F%2B7qzw46kEM9slLUGL67Mpv96H4GHn%2Fh7PSrZamePv9fqVpaSwGYuejfDU3dY7%2B8ZhZD1m%2Bc8SGcVNCvpmDyXeOFMAMtmYKwNSUeH8GYPnO0Zpgg%2B3DTZmGzMHE86gHY0g9hqJjcHMTSjwiABe4eAl5%2F%2FZFY2t64xClM3RK5p88hqqnZP6vl5H3vz%2Bj1VrrqtFVqUzusJY1UGtjqN4YRbWLct2DqnfBy0%2BhxEOy%2BOQ88v7WJacNlNh7I424THwWLcQBlwudmMcLCWPdhYBGssOkCEKfHlik1BgqG0PLIaibQ%2BU8VMpDlXmoCg99sdeicZr5fjdjWRQlHc55FHEeJ6dELKJOkvmo%2BEzDEGUxBNdDcLuBwm5gVQ1hq1%2FgVho44cGVBAPRoJYEtSOoKUGtCOqSoB4020K70DW3hXYVC456eNSjZmTK3ibdNmVP5mSz2Ccvzozz5sjrWJV7rUhyP%2FVjP%2B0EaZykiUy7WZCk9FQWpywOGZxqoNwcqPOwPkvxdw%2FFrNcnwOgunN4FVydAq1dB61E39EFXRp3Ex3q%2BvU7bPQ1hGhTlPMob3qbeJycPkkt5CMknS0%2BvPn2498rn4LZBYRt8rB4Q9PSt0RVTk60rpnbk%2FqWiVH21TmepXi1pKefvfihv1MaK5bNueOddPgNm471r0pXnaS5U3nPkuzNKCGnPGcsl%2BWnZXZfscuVWzlQ2r4rzl987t9wvrHROmXwMqh51vwZXU%2FLchY2D%2F%2Fralw%2Bg7Bi2atCvJuSooMwueLEBV0yWHt%2F592%2F9xVk4Q2D1MYcVHuqqGdmQHT9qNSXh41%2Bh5WTp2%2BVP%2BMm7E1DWwMljG5ic%2FPzPIX%2FT3ULPeqDlTeT9BgPbYKAbUD2Eq54ZlYWdLP0RHRSY9kZMW2%2BLaau%2FOrTXqb1WHHRkwpIuF4JJLoJuGCWR74dCdLqpDFKUbspvvvDjfwAAAP%2F%2FAQAA%2F%2F%2B1mp%2FFiwQAAA%3D%3D
200 OK 7 B URL HTTP/1.1 parkingridiculous.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSPWwcRRidNaYBioAQUgrQIVGAhM%2F7c5vbJYVFCEEW%2BVMSlHr%2B9jx4bmeZ2b11XFlEgkhQHKKhY%2F3OjpUQISJqBDqHAp0UkaNALnBLixQpKWjQ2ZYsvmK%2Bb%2Ba94nvvzWeb1T7xUdG9yxfMutKaLsZtv%2FXmdZULU7vWxWutwG%2F7p1vXVX6qc7q1Njvs4J3Aj9v%2BW60PJF81i6Ef%2BH7gB61zysrMrC0eoFDFvTRop367E7aDuIM1%2B%2F%2B7qzw46kEM9slLUGL67Mpv96H4GHn%2Fh7PSrZamePv9fqVpaSwGYuejfDU3dY7%2B8ZhZD1m%2Bc8SGcVNCvpmDyXeOFMAMtmYKwNSUeH8GYPnO0Zpgg%2B3DTZmGzMHE86gHY0g9hqJjcHMTSjwiABe4eAl5%2F%2FZFY2t64xClM3RK5p88hqqnZP6vl5H3vz%2Bj1VrrqtFVqUzusJY1UGtjqN4YRbWLct2DqnfBy0%2BhxEOy%2BOQ88v7WJacNlNh7I424THwWLcQBlwudmMcLCWPdhYBGssOkCEKfHlik1BgqG0PLIaibQ%2BU8VMpDlXmoCg99sdeicZr5fjdjWRQlHc55FHEeJ6dELKJOkvmo%2BEzDEGUxBNdDcLuBwm5gVQ1hq1%2FgVho44cGVBAPRoJYEtSOoKUGtCOqSoB4020K70DW3hXYVC456eNSjZmTK3ibdNmVP5mSz2Ccvzozz5sjrWJV7rUhyP%2FVjP%2B0EaZykiUy7WZCk9FQWpywOGZxqoNwcqPOwPkvxdw%2FFrNcnwOgunN4FVydAq1dB61E39EFXRp3Ex3q%2BvU7bPQ1hGhTlPMob3qbeJycPkkt5CMknS0%2BvPn2498rn4LZBYRt8rB4Q9PSt0RVTk60rpnbk%2FqWiVH21TmepXi1pKefvfihv1MaK5bNueOddPgNm471r0pXnaS5U3nPkuzNKCGnPGcsl%2BWnZXZfscuVWzlQ2r4rzl987t9wvrHROmXwMqh51vwZXU%2FLchY2D%2F%2Fralw%2Bg7Bi2atCvJuSooMwueLEBV0yWHt%2F592%2F9xVk4Q2D1MYcVHuqqGdmQHT9qNSXh41%2Bh5WTp2%2BVP%2BMm7E1DWwMljG5ic%2FPzPIX%2FT3ULPeqDlTeT9BgPbYKAbUD2Eq54ZlYWdLP0RHRSY9kZMW2%2BLaau%2FOrTXqb1WHHRkwpIuF4JJLoJuGCWR74dCdLqpDFKUbspvvvDjfwAAAP%2F%2FAQAA%2F%2F%2B1mp%2FFiwQAAA%3D%3D
IP
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSPWwcRRidNaYBioAQUgrQIVGAhM%2F7c5vbJYVFCEEW%2BVMSlHr%2B9jx4bmeZ2b11XFlEgkhQHKKhY%2F3OjpUQISJqBDqHAp0UkaNALnBLixQpKWjQ2ZYsvmK%2Bb%2Ba94nvvzWeb1T7xUdG9yxfMutKaLsZtv%2FXmdZULU7vWxWutwG%2F7p1vXVX6qc7q1Njvs4J3Aj9v%2BW60PJF81i6Ef%2BH7gB61zysrMrC0eoFDFvTRop367E7aDuIM1%2B%2F%2B7qzw46kEM9slLUGL67Mpv96H4GHn%2Fh7PSrZamePv9fqVpaSwGYuejfDU3dY7%2B8ZhZD1m%2Bc8SGcVNCvpmDyXeOFMAMtmYKwNSUeH8GYPnO0Zpgg%2B3DTZmGzMHE86gHY0g9hqJjcHMTSjwiABe4eAl5%2F%2FZFY2t64xClM3RK5p88hqqnZP6vl5H3vz%2Bj1VrrqtFVqUzusJY1UGtjqN4YRbWLct2DqnfBy0%2BhxEOy%2BOQ88v7WJacNlNh7I424THwWLcQBlwudmMcLCWPdhYBGssOkCEKfHlik1BgqG0PLIaibQ%2BU8VMpDlXmoCg99sdeicZr5fjdjWRQlHc55FHEeJ6dELKJOkvmo%2BEzDEGUxBNdDcLuBwm5gVQ1hq1%2FgVho44cGVBAPRoJYEtSOoKUGtCOqSoB4020K70DW3hXYVC456eNSjZmTK3ibdNmVP5mSz2Ccvzozz5sjrWJV7rUhyP%2FVjP%2B0EaZykiUy7WZCk9FQWpywOGZxqoNwcqPOwPkvxdw%2FFrNcnwOgunN4FVydAq1dB61E39EFXRp3Ex3q%2BvU7bPQ1hGhTlPMob3qbeJycPkkt5CMknS0%2BvPn2498rn4LZBYRt8rB4Q9PSt0RVTk60rpnbk%2FqWiVH21TmepXi1pKefvfihv1MaK5bNueOddPgNm471r0pXnaS5U3nPkuzNKCGnPGcsl%2BWnZXZfscuVWzlQ2r4rzl987t9wvrHROmXwMqh51vwZXU%2FLchY2D%2F%2Fralw%2Bg7Bi2atCvJuSooMwueLEBV0yWHt%2F592%2F9xVk4Q2D1MYcVHuqqGdmQHT9qNSXh41%2Bh5WTp2%2BVP%2BMm7E1DWwMljG5ic%2FPzPIX%2FT3ULPeqDlTeT9BgPbYKAbUD2Eq54ZlYWdLP0RHRSY9kZMW2%2BLaau%2FOrTXqb1WHHRkwpIuF4JJLoJuGCWR74dCdLqpDFKUbspvvvDjfwAAAP%2F%2FAQAA%2F%2F%2B1mp%2FFiwQAAA%3D%3D HTTP/1.1
Host: parkingridiculous.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://za.gl/
Cookie: u_pl=16908321; uid_id2=93ce80b3-51ce-45c5-8bb7-1a3e4bed120a:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec3ec0905094195898e97f189a6f59b52b=[3760946]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 27 Nov 2022 07:07:31 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2f39eafbfc186dc18240ce27cd6af54c
Strict-Transport-Security: max-age=0; includeSubdomains
cdn.creative-bars1.com/sb/interstitial/software/flashPlayer/mac/multi/1/js/script.js
200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/interstitial/software/flashPlayer/mac/multi/1/js/script.js
IP
GET /sb/interstitial/software/flashPlayer/mac/multi/1/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://za.gl
Connection: keep-alive
Referer: https://za.gl/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 07:07:31 GMT
content-type: application/javascript
last-modified: Wed, 01 Sep 2021 12:22:36 GMT
etag: W/"612f708c-7082"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 33325
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NhXqsltinzQvrgVKUpsK%2B2IMrUF3RE09THvTdjdTMT%2Bvkh7msii4QBrMmA%2B%2F0jPcbIFvLK2Q8qBJdjYC7xOGSRNzhDjh6EpA6py%2FMB1b09%2FHKuyw67%2FWt591qSZqGwxsuxMnCBvUgW88"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 770907021d0c74a1-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993
200 OK 0 B URL HTTP/2 static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993
IP
GET /beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://za.gl
Connection: keep-alive
Referer: https://za.gl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 07:07:28 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/2022.10.1
last-modified: Fri, 21 Oct 2022 01:56:09 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 770906f0ca61b517-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
openfpcdn.io/fingerprintjs/v3
200 OK 0 B URL HTTP/2 openfpcdn.io/fingerprintjs/v3
IP
GET /fingerprintjs/v3 HTTP/1.1
Host: openfpcdn.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://za.gl
Connection: keep-alive
Referer: https://za.gl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
server: CloudFront
date: Sun, 27 Nov 2022 07:03:05 GMT
cache-control: public, max-age=581464, s-maxage=10572
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
content-encoding: br
etag: W/"iGPd/qM5rvpVhWvx3vVSNedX/OA"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: gjvu_yadCldNMTBNvTR9dh8BVuwEfOTgCc3_Sx8eoLnmjrl1UfzcCA==
age: 264
X-Firefox-Spdy: h2
cdn.barscreative1.com/sb/interstitial/software/flashPlayer/mac/multi/1/index.html
200 OK 0 B URL HTTP/2 cdn.barscreative1.com/sb/interstitial/software/flashPlayer/mac/multi/1/index.html
IP
ASN #39572 DataWeb Global Group B.V.
Analyzer Verdict Alert fortinet Phishing
GET /sb/interstitial/software/flashPlayer/mac/multi/1/index.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://za.gl
Connection: keep-alive
Referer: https://za.gl/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 07:07:31 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Wed, 01 Sep 2021 12:22:33 GMT
etag: W/"612f7089-cfb"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Sun, 27 Nov 2022 08:07:31 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/interstitial/software/flashPlayer/mac/multi/1/img/close.svg
200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/interstitial/software/flashPlayer/mac/multi/1/img/close.svg
IP
GET /sb/interstitial/software/flashPlayer/mac/multi/1/img/close.svg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 07:07:31 GMT
content-type: image/svg+xml
last-modified: Wed, 01 Sep 2021 12:22:39 GMT
etag: W/"612f708f-4ff"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1012521
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ceoQhTJwSJ0po1Gl7oHYiC9C%2FOOMk11R10uUletzMCHf7jPU%2FR8QMj3%2B3YXrD%2FAMJF%2BVd0A7dB8ggjDMPoZ6T4j808rz6wzkASSXyNbe5KilFsaUzbAM51uEkkpbHV18kBI1tX5UOqXA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77090701acd374a1-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/interstitial/software/flashPlayer/mac/multi/1/js/jquery.min.js
200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/interstitial/software/flashPlayer/mac/multi/1/js/jquery.min.js
IP
GET /sb/interstitial/software/flashPlayer/mac/multi/1/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 07:07:31 GMT
content-type: application/javascript
last-modified: Wed, 01 Sep 2021 12:22:37 GMT
etag: W/"612f708d-149a0"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1012521
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q4NJvt8p6c54opJDCtE1wINkUAXPHd1EUalcZ%2F4J6d%2FxOe8ggnPTvNCddAyQUr1FlRafLiqttYDVCDcO%2BEFRtAm59HELuqK2SC1K1XYiYItCn1GcGh%2F5I7XZhtTtm5QECivvJz1WkSqu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77090701acd674a1-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
172.67.73.23
104.17.25.14
93.184.220.29
172.255.6.58
18.185.190.54
23.36.76.226