r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 111c8a4d6ad583c6126cfa9c4648851f
7bb69828eadedd57e2eb57f0612e0208bde3fcc7
44c24f6c3c0470e5b2112f9089eef8029a4f80dc966eacee001841b08e59cb79
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "44C24F6C3C0470E5B2112F9089EEF8029A4F80DC966EACEE001841B08E59CB79"
Last-Modified: Mon, 13 Feb 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10531
Expires: Tue, 14 Feb 2023 11:28:02 GMT
Date: Tue, 14 Feb 2023 08:32:31 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 9b39c3955aa73765d5c9cbe0d4c52f83
b13bf774f0189207d90d846b86b68fcf2f64f868
f6fea261b800d26e329ced17006c9f5d10b6c490dac3b2276cc7b0e2aa38316c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F6FEA261B800D26E329CED17006C9F5D10B6C490DAC3B2276CC7B0E2AA38316C"
Last-Modified: Mon, 13 Feb 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4069
Expires: Tue, 14 Feb 2023 09:40:20 GMT
Date: Tue, 14 Feb 2023 08:32:31 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 3534c46dafa4e959cb5f4aba0b1d8cd7
f4aa8774355b04bf1f074aeb73c56c52b32568ab
68b7b6679046611b607c073416e818c6d0391e2953ecc8781b02e57a9b5af306
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "68B7B6679046611B607C073416E818C6D0391E2953ECC8781B02E57A9B5AF306"
Last-Modified: Mon, 13 Feb 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11010
Expires: Tue, 14 Feb 2023 11:36:01 GMT
Date: Tue, 14 Feb 2023 08:32:31 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bf0c602d32b3c14606f22a86183b5e3c
6eabd8d83475eba731968abe1a05a8bfd272f160
6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Backoff, Alert, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 14 Feb 2023 07:37:20 GMT
content-type: application/json
age: 3311
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e76071a28ee566dababb3834f46d68ed
aebb4e68c1ba2de0f90025283e8ed8470944fde0
78b6df2627172e5b35476bc31020f02898cdc412aaf4337af2c3b049a60912b6
GET /chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: XtUDI1wyYHA5rleYJFFDy33CDHgJ+NegeCjvpdu3vFm7BvfY4eBrKtPL4TPfPF5Mgo14S/QV6DM=
x-amz-request-id: PP068JYJ1S3T5YBV
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 14 Feb 2023 07:46:51 GMT
age: 2740
last-modified: Sun, 29 Jan 2023 18:44:47 GMT
etag: "e76071a28ee566dababb3834f46d68ed"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
classactionlawsuitcenter.com/wp-admin/ass/amexnew.zip
69.16.215.169403 Forbidden 336 B URL HTTP/1.1 classactionlawsuitcenter.com/wp-admin/ass/amexnew.zip
IP 69.16.215.169:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (687), with no line terminators
Hash eb1ac8bd03fbe2ddc6b458c0512a6030
7cdad3c8ed3b059635e8e0ad952ee83a3b3be156
5e181f707a2397a9094a197c8b5e8c8c2b732135e3ed73b9fe727784bc6a5823
Analyzer Verdict Alert fortinet Phishing
GET /wp-admin/ass/amexnew.zip HTTP/1.1
Host: classactionlawsuitcenter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 403 Forbidden
Date: Tue, 14 Feb 2023 08:32:31 GMT
Server: Apache
X-Powered-By: PHP/7.0.33
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 336
Keep-Alive: timeout=5, max=100
Content-Type: text/html; charset=UTF-8
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 14 Feb 2023 08:32:31 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
classactionlawsuitcenter.com/favicon.ico
69.16.215.169200 OK 336 B URL HTTP/1.1 classactionlawsuitcenter.com/favicon.ico
IP 69.16.215.169:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (687), with no line terminators
Hash eb1ac8bd03fbe2ddc6b458c0512a6030
7cdad3c8ed3b059635e8e0ad952ee83a3b3be156
5e181f707a2397a9094a197c8b5e8c8c2b732135e3ed73b9fe727784bc6a5823
GET /favicon.ico HTTP/1.1
Host: classactionlawsuitcenter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://classactionlawsuitcenter.com/wp-admin/ass/amexnew.zip
HTTP/1.1 200 OK
Date: Tue, 14 Feb 2023 08:32:31 GMT
Server: Apache
X-Powered-By: PHP/7.0.33
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Cache-Control: max-age=600
Expires: Tue, 14 Feb 2023 08:42:31 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 336
Keep-Alive: timeout=5, max=100
Content-Type: text/html; charset=UTF-8
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Last-Modified, Alert, Backoff, Content-Type, Pragma, Expires, Cache-Control, Retry-After, ETag
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 14 Feb 2023 08:14:53 GMT
age: 1059
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 188e06be43a4f1b02aa98f1762147970
5e6b7e3a172fb7327331fd8c7f74559d079bd4fb
89bd97cff26b8d656f26db21b59b02fbc3f671ac903e1e44735c7472ebd05090
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "89BD97CFF26B8D656F26DB21B59B02FBC3F671AC903E1E44735C7472EBD05090"
Last-Modified: Mon, 13 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15670
Expires: Tue, 14 Feb 2023 12:53:42 GMT
Date: Tue, 14 Feb 2023 08:32:32 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 5b691fa75ffded62cce97d2adb742ef0
700843296a5bd450aa239ab104e0c6000de024cf
88e50f22c143810d40937652e76a42e4d8fc9b98ec5a8296406e087364e8dae7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "88E50F22C143810D40937652E76A42E4D8FC9B98EC5A8296406E087364E8DAE7"
Last-Modified: Mon, 13 Feb 2023 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21573
Expires: Tue, 14 Feb 2023 14:32:05 GMT
Date: Tue, 14 Feb 2023 08:32:32 GMT
Connection: keep-alive
push.services.mozilla.com/
35.166.158.207101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.166.158.207:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: /7kuSJmiSIWgaLXAiinsQw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: vFTGIozOrJfeNQftdOCfpJQS7Cs=
n-g.ng/AoU0r0
190.115.26.9302 Found 0 B IP 190.115.26.9:0
ASN #262254 DDOS-GUARD CORP.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /AoU0r0 HTTP/1.1
Host: n-g.ng
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://classactionlawsuitcenter.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
set-cookie: __ddg1_=QaPCOk5u5FdLeSyIAm5l; Domain=.n-g.ng; HttpOnly; Path=/; Expires=Wed, 14-Feb-2024 08:32:32 GMT
date: Tue, 14 Feb 2023 08:32:32 GMT
location: https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=2ahUKEwj3n9a_4uz8AhVKRqQEHZZdCYkQFnoECAgQAQ&url=https%3A%2F%2Fen.rawafedpor.com%2F6059%2Ffear-and-greed-index-skewed-towards-greed-first-time-months&usg=AOvVaw3SiS_7wiqsoc9hIBiEGffA
content-length: 0
content-type: text/html; charset=UTF-8
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 704848873afb62f820c1b194e3620519
6b5dc73daf065a51ee2364b34f0e488902663d3d
19c8c76bb1c818f85ff5aafdf3d0bdd9e7ee2a4ec0753954d220eb2f23a234a8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 14 Feb 2023 08:32:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=2ahUKEwj3n9a_4uz8AhVKRqQEHZZdCYkQFnoECAgQAQ&url=https%3A%2F%2Fen.rawafedpor.com%2F6059%2Ffear-and-greed-index-skewed-towards-greed-first-time-months&usg=AOvVaw3SiS_7wiqsoc9hIBiEGffA
142.250.74.164200 OK 603 B URL HTTP/2 www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=2ahUKEwj3n9a_4uz8AhVKRqQEHZZdCYkQFnoECAgQAQ&url=https%3A%2F%2Fen.rawafedpor.com%2F6059%2Ffear-and-greed-index-skewed-towards-greed-first-time-months&usg=AOvVaw3SiS_7wiqsoc9hIBiEGffA
IP 142.250.74.164:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (1135)
Hash d85e6791031fc8df6dfcb935a9706945
9dfa5c830e2f346ee0ef5bf7785614644ae71621
0e5078f48d44f8c07243810001d61bc047e8a6175f647c4ddd9ddded8e12e1b4
GET /url?sa=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=2ahUKEwj3n9a_4uz8AhVKRqQEHZZdCYkQFnoECAgQAQ&url=https%3A%2F%2Fen.rawafedpor.com%2F6059%2Ffear-and-greed-index-skewed-towards-greed-first-time-months&usg=AOvVaw3SiS_7wiqsoc9hIBiEGffA HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://classactionlawsuitcenter.com/
Connection: keep-alive
Cookie: __Secure-ENID=5.SE=WgoywoGOUEmJadxoIB0r2lkzXHeKVqth1xGOa4ffzT7dUHt-ZXjx-iHV7oK7BCuj96T6WcNdOxtcPrvT6hvt4NQxsLWhAuRLpweU30AweJoV-BgqMIIyysdeq33RUY6ph26qQ9jBKSd0XSV6yoBSxOS9PmgWEsI53hUDjv_5qeI; CONSENT=PENDING+883
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 14 Feb 2023 08:32:32 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=31536000
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
content-encoding: br
server: gws
content-length: 603
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 29a7a34fc894553ff324f97441fdaaeb
00357179dbfc4b0608c7d972e203007687378b7e
dc8608bacd61ca8f8eb8c315b7ea3ccb3e1e988177b8a22026e96b100019431b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 14 Feb 2023 08:32:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
95.101.11.115200 OK 344 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 800ec6bffdddcd7337471358635c43db
c86c717bc28a45fd314aae83aa3e25079fc9dab5
5b2381c5a9dadf59c7c020049ea2cf085187ebd8e332f76396951baf5fb9a0f1
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "5B2381C5A9DADF59C7C020049EA2CF085187EBD8E332F76396951BAF5FB9A0F1"
Last-Modified: Mon, 13 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18512
Expires: Tue, 14 Feb 2023 13:41:05 GMT
Date: Tue, 14 Feb 2023 08:32:33 GMT
Connection: keep-alive
e1.o.lencr.org/
95.101.11.115200 OK 344 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 800ec6bffdddcd7337471358635c43db
c86c717bc28a45fd314aae83aa3e25079fc9dab5
5b2381c5a9dadf59c7c020049ea2cf085187ebd8e332f76396951baf5fb9a0f1
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "5B2381C5A9DADF59C7C020049EA2CF085187EBD8E332F76396951BAF5FB9A0F1"
Last-Modified: Mon, 13 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18512
Expires: Tue, 14 Feb 2023 13:41:05 GMT
Date: Tue, 14 Feb 2023 08:32:33 GMT
Connection: keep-alive
en.rawafedpor.com/qa-theme/SnowFlat/qa-styles.css?1.8.6
188.114.97.1200 OK 14 kB URL HTTP/2 en.rawafedpor.com/qa-theme/SnowFlat/qa-styles.css?1.8.6
IP 188.114.97.1:0
File type ASCII text, with very long lines (57354), with no line terminators
Hash 171a3a9ff426541934026ba0d4a81cc7
98edc562df9e67762f2ef6904c88d0f7be233ab9
1ac3570ba39e65294b386eacd5aa792df5ed0a181ce39d6bb23052dd4c1d8a3c
Analyzer Verdict Alert fortinet Malware
GET /qa-theme/SnowFlat/qa-styles.css?1.8.6 HTTP/1.1
Host: en.rawafedpor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://en.rawafedpor.com/6059/fear-and-greed-index-skewed-towards-greed-first-time-months
Cookie: PHPSESSID=3c0643bd7e9a4bbfe44f0dec023a0fdd; qa_key=p6aonf7btjo2096grwlxfvna0egxlk35
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 14 Feb 2023 08:32:33 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=71322
last-modified: Sat, 16 Apr 2022 22:24:36 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 4169
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VTe5YJcXBAuN%2BtNcsQhs3D2OjXW3%2Bq%2FZFdHZ8IIKllXRAyUmEOeNmIqPLSUs4h6tXqWCI2OvLrw9dW2iGCm3zluq6ZbfevPkEl8duiSNmxT4in9mut29c9k%2F5OcjJl2IpMFJBA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 799474317915b4ff-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
en.rawafedpor.com/6059/fear-and-greed-index-skewed-towards-greed-first-time-months
188.114.97.1200 OK 7.2 kB URL HTTP/2 en.rawafedpor.com/6059/fear-and-greed-index-skewed-towards-greed-first-time-months
IP 188.114.97.1:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (2773)
Hash 395e852c6eedea0239620aba93b4de3f
6b6b7d2f127069bea34b03e66b0b59078a3a1924
cde7b50f9250ff61aeb1e6f56a15ed83a2283d46f0c15be697ff737aefb0ecc1
Analyzer Verdict Alert fortinet Malware
GET /6059/fear-and-greed-index-skewed-towards-greed-first-time-months HTTP/1.1
Host: en.rawafedpor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 14 Feb 2023 08:32:33 GMT
content-type: text/html; charset=utf-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=3c0643bd7e9a4bbfe44f0dec023a0fdd; path=/
qa_key=p6aonf7btjo2096grwlxfvna0egxlk35; expires=Thu, 16-Feb-2023 08:32:33 GMT; Max-Age=172800; path=/; HttpOnly
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HHlN5wfEjM2NdtyLAjl7PiRtttXtyjAETvaacdalCwH3wbrF9hhVHj%2Bu1Z1ykvA5vWHiRQTgSOt775oVnN2ovJg7gFzE27TSSzX2fbSz2jwwRVUu%2FdMIlvl1kwO5JskqkbwKlQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7994742f5e4fb4ff-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 2dea84b056fe03cf91ce514618731475
5eaa44bbf7d4864cb50950e90c5832027fb8a18f
5f05224b4c2683bf0d1eca2b00cb5ace1f985e8dbc9f4b5461b0a21c2d8e2398
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 14 Feb 2023 08:32:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=UA-62733008-16
142.250.74.168200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-62733008-16
IP 142.250.74.168:0
File type ASCII text, with very long lines (1759)
Hash 452e3c8fcb2889df31cd479a2e20c45c
bd45bfe279b85bac7a455edaf1abbccc7841d27d
e24d490f776b3e5111b74bcd34da51a67dd7863bfa4b1f4d4c95d82235ae08a1
GET /gtag/js?id=UA-62733008-16 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://en.rawafedpor.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 14 Feb 2023 08:32:33 GMT
expires: Tue, 14 Feb 2023 08:32:33 GMT
cache-control: private, max-age=900
last-modified: Tue, 14 Feb 2023 06:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 44115
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash d42a01fdf9af7a50d630c42fde100d30
a7568d35657f934220298ca4c2fb102398554196
f215d87cad50e9310bf2a4df263b24e1c87e7cda29e48f93f6b0d76eb218ab1d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F215D87CAD50E9310BF2A4DF263B24E1C87E7CDA29E48F93F6B0D76EB218AB1D"
Last-Modified: Mon, 13 Feb 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20727
Expires: Tue, 14 Feb 2023 14:18:00 GMT
Date: Tue, 14 Feb 2023 08:32:33 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 2dea84b056fe03cf91ce514618731475
5eaa44bbf7d4864cb50950e90c5832027fb8a18f
5f05224b4c2683bf0d1eca2b00cb5ace1f985e8dbc9f4b5461b0a21c2d8e2398
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 14 Feb 2023 08:32:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faee02a15-8482-4f95-a7be-3d184d8c9d77.jpeg
34.120.237.76200 OK 2.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faee02a15-8482-4f95-a7be-3d184d8c9d77.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4976933e30a4a44e68d08c00ffae17d1
70a5fda7f3515776a08d7063619eb4a8a61efba0
4adeae7a16af1167e6ffab1beab81feaec2dbdc0c90e5beb081c7bfcea0e5443
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faee02a15-8482-4f95-a7be-3d184d8c9d77.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 2360
x-amzn-requestid: f2e6dc22-444c-42af-947c-6d9d6f0253de
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AS_0iFhHIAMFjXQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63eaace9-18f8bade4f2ddbd0018c2117;Sampled=0
x-amzn-remapped-date: Mon, 13 Feb 2023 21:34:33 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ESGbRefQzfK2WINhWLISRdtGqaO2W4Cn0-Aj1oNLfPC0tnYaPDubYg==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Mon, 13 Feb 2023 22:31:43 GMT
age: 36050
etag: "70a5fda7f3515776a08d7063619eb4a8a61efba0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc3b95fd0-70b7-4757-9068-83472c90622c.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc3b95fd0-70b7-4757-9068-83472c90622c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash dd9dfc91c131903f04b22bca2ea07569
8fac706269ae3ec4a9f60a64f6b08066e9eeb22a
d72e6a45a42dd6f6d39bdf2a68837a2fdd73b9df6e01a29dd173725b3d88e97e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc3b95fd0-70b7-4757-9068-83472c90622c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12032
x-amzn-requestid: 1be7b95f-1088-4e2a-ba74-bba8a5c3b615
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AMZ_gHE7oAMFfkg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e809fc-65057649605a732b64098657;Sampled=0
x-amzn-remapped-date: Sat, 11 Feb 2023 21:34:52 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 3wc9cOb6EBcYrHuQPvVx1h8f0xSef25washUegMtRo7oeLosn4RlYg==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Tue, 14 Feb 2023 00:41:17 GMT
age: 28276
etag: "8fac706269ae3ec4a9f60a64f6b08066e9eeb22a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 39bd8923ebd523f3d7e9a40f555e9402
d5ba449bc6c3edc72eebaf5dc66817723e387c89
14f05165df53af8abe516d752d576b901e7647ad8bef9645a621f0e634127002
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 14 Feb 2023 08:32:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 39bd8923ebd523f3d7e9a40f555e9402
d5ba449bc6c3edc72eebaf5dc66817723e387c89
14f05165df53af8abe516d752d576b901e7647ad8bef9645a621f0e634127002
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 14 Feb 2023 08:32:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 39bd8923ebd523f3d7e9a40f555e9402
d5ba449bc6c3edc72eebaf5dc66817723e387c89
14f05165df53af8abe516d752d576b901e7647ad8bef9645a621f0e634127002
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 14 Feb 2023 08:32:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ba070e2-295e-485b-8bb9-cf35a649e9d1.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ba070e2-295e-485b-8bb9-cf35a649e9d1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b8526505043a5b3a1a8a3e86f80dd796
121031f827508bc441ab34387ffdf9bf878c43a9
70e9f640c8339aea888ceea9fd2ef74fa2c3ea210f69fa22442155dca61a799e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ba070e2-295e-485b-8bb9-cf35a649e9d1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10635
x-amzn-requestid: 98a6b744-d08f-4e53-a0b0-735b336c8513
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AS_zjG9boAMFchQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63eaace3-5d86345a4ee7009e61291369;Sampled=0
x-amzn-remapped-date: Mon, 13 Feb 2023 21:34:27 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: KJ56reDkEbXg0bE7sE4pB1n7Lkn1nLiKblbKM9aFYCow4tpHrIqGnw==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Mon, 13 Feb 2023 22:31:33 GMT
etag: "121031f827508bc441ab34387ffdf9bf878c43a9"
content-type: image/jpeg
age: 36060
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F318ff2b9-f4f9-4c7a-81df-9e4b1f2674dd.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F318ff2b9-f4f9-4c7a-81df-9e4b1f2674dd.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f36dc9974ff642bd2d59215b566e9b48
3a8baa33c526c25a0eb42a3a777cf38eeb01b25c
90868802014325116787331c121e74d0a9550d0f2b309801ffa66160fa810cde
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F318ff2b9-f4f9-4c7a-81df-9e4b1f2674dd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11402
x-amzn-requestid: 17e77e17-627f-4070-848a-e2fba60ca596
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ATAtHGmBIAMFdmQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63eaae53-6958c09576c288a3308a3aab;Sampled=0
x-amzn-remapped-date: Mon, 13 Feb 2023 21:40:35 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: QSsnNIzDqHxB_RtWCxFsNxJHHcS5jAJsGA_SoSdFGCv183aBgKSSEg==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Mon, 13 Feb 2023 22:17:30 GMT
age: 36903
etag: "3a8baa33c526c25a0eb42a3a777cf38eeb01b25c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fda518233-4123-4219-ab0d-8824cc00a762.jpeg
34.120.237.76200 OK 4.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fda518233-4123-4219-ab0d-8824cc00a762.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 37b2975c3f6a43a2e17affd8aa40ac68
b3db997a3f6ba6805cff0a6267db09adb97531ce
af996382d9c1c02b1e4b22fe6e2f5ff94d9d2c2a5ea972c01e68eb97ff4db1a2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fda518233-4123-4219-ab0d-8824cc00a762.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4498
x-amzn-requestid: a8ca66bd-e43c-42c7-9215-a2adc943237d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AS_1RHYFoAMFajg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63eaacee-730337f0135fe0ee6ea2f9ef;Sampled=0
x-amzn-remapped-date: Mon, 13 Feb 2023 21:34:38 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: IRoIjQCEJX760zAu7Mvt_6cjBmG_7EA1_UF-aIENtczJBHF1PgQ-Qw==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google
date: Mon, 13 Feb 2023 22:44:09 GMT
age: 35304
etag: "b3db997a3f6ba6805cff0a6267db09adb97531ce"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F24f0049e-76d4-495b-9bed-117c9c75873d.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F24f0049e-76d4-495b-9bed-117c9c75873d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f079f7eb69d4ff280b52a9d9ec107b31
5ba5b77b46a1c945432107cd20bbf01e89cf5b9c
282c096d6c7651ca912b229062ef10efd186d09fdcb99ee7c882e07a7ca9567e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F24f0049e-76d4-495b-9bed-117c9c75873d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11902
x-amzn-requestid: 94ac9a3a-f3ed-40fb-8370-46989d4270a4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AS_75E-fIAMFr7Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63eaad18-3db96207518a869c01ce96c1;Sampled=0
x-amzn-remapped-date: Mon, 13 Feb 2023 21:35:20 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: KgpF6uixeViywfT7Omiy6UvQHCkhGqW92r3_IovQzeVrgCTQTa0zLQ==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Mon, 13 Feb 2023 22:18:42 GMT
age: 36831
etag: "5ba5b77b46a1c945432107cd20bbf01e89cf5b9c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
142.250.74.110200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.110:0
File type ASCII text, with very long lines (1490)
Hash ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://en.rawafedpor.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Tue, 14 Feb 2023 07:44:09 GMT
expires: Tue, 14 Feb 2023 09:44:09 GMT
cache-control: public, max-age=7200
age: 2905
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8594790428066018
142.250.74.2200 OK 50 kB URL HTTP/2 pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8594790428066018
IP 142.250.74.2:0
File type ASCII text, with very long lines (3649)
Hash 97f03f1367db8340594ea2d1b0003e37
3f2298b3998b1d005efff90bc7364d9a20d8b156
e2a493555a659ca9556cacb7f37ace0617b725b7aab4fe61ddfb857ebc56b551
GET /pagead/js/adsbygoogle.js?client=ca-pub-8594790428066018 HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://en.rawafedpor.com
Connection: keep-alive
Referer: https://en.rawafedpor.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Tue, 14 Feb 2023 08:32:33 GMT
expires: Tue, 14 Feb 2023 08:32:33 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 2162057957299823631
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 49774
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.google-analytics.com/j/collect?v=1&_v=j99&a=395612815&t=pageview&_s=1&dl=https%3A%2F%2Fen.rawafedpor.com%2F6059%2Ffear-and-greed-index-skewed-towards-greed-first-time-months&dr=https%3A%2F%2Fwww.google.com%2F&ul=en-us&de=UTF-8&dt=The%20BTC%20Fear%20and%20Greed%20Index%20is%20skewed%20towards%20greed%20for%20the%20first%20time%20in%2010%20months%20-%20Rawafedpor%20Q%26A&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=YEBAAUABAAAAACAAI~&jid=954624717&gjid=1494210172&cid=368519509.1676363636&tid=UA-62733008-16&_gid=2049785024.1676363636&_r=1>m=457e32d0&z=20817878
142.250.74.110200 OK 1 B URL HTTP/2 www.google-analytics.com/j/collect?v=1&_v=j99&a=395612815&t=pageview&_s=1&dl=https%3A%2F%2Fen.rawafedpor.com%2F6059%2Ffear-and-greed-index-skewed-towards-greed-first-time-months&dr=https%3A%2F%2Fwww.google.com%2F&ul=en-us&de=UTF-8&dt=The%20BTC%20Fear%20and%20Greed%20Index%20is%20skewed%20towards%20greed%20for%20the%20first%20time%20in%2010%20months%20-%20Rawafedpor%20Q%26A&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=YEBAAUABAAAAACAAI~&jid=954624717&gjid=1494210172&cid=368519509.1676363636&tid=UA-62733008-16&_gid=2049785024.1676363636&_r=1>m=457e32d0&z=20817878
IP 142.250.74.110:0
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?v=1&_v=j99&a=395612815&t=pageview&_s=1&dl=https%3A%2F%2Fen.rawafedpor.com%2F6059%2Ffear-and-greed-index-skewed-towards-greed-first-time-months&dr=https%3A%2F%2Fwww.google.com%2F&ul=en-us&de=UTF-8&dt=The%20BTC%20Fear%20and%20Greed%20Index%20is%20skewed%20towards%20greed%20for%20the%20first%20time%20in%2010%20months%20-%20Rawafedpor%20Q%26A&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=YEBAAUABAAAAACAAI~&jid=954624717&gjid=1494210172&cid=368519509.1676363636&tid=UA-62733008-16&_gid=2049785024.1676363636&_r=1>m=457e32d0&z=20817878 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://en.rawafedpor.com
Connection: keep-alive
Referer: https://en.rawafedpor.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://en.rawafedpor.com
date: Tue, 14 Feb 2023 08:32:34 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 39bd8923ebd523f3d7e9a40f555e9402
d5ba449bc6c3edc72eebaf5dc66817723e387c89
14f05165df53af8abe516d752d576b901e7647ad8bef9645a621f0e634127002
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 14 Feb 2023 08:32:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202302080101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-8594790428066018&plah=en.rawafedpor.com&bust=31072323
142.250.74.2200 OK 123 kB URL HTTP/2 pagead2.googlesyndication.com/pagead/managed/js/adsense/m202302080101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-8594790428066018&plah=en.rawafedpor.com&bust=31072323
IP 142.250.74.2:0
File type ASCII text, with very long lines (3376)
Size 123 kB (122940 bytes)
Hash e43ee8d50b071089c102f48f082a220e
333cdcda6fa88255be6fd300af124aacd5343b70
8af2b8deeccf405e5668c100ac12a0b7b460bf2cb77d5ffee9ec79f51cd8a32b
GET /pagead/managed/js/adsense/m202302080101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-8594790428066018&plah=en.rawafedpor.com&bust=31072323 HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://en.rawafedpor.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Tue, 14 Feb 2023 08:32:34 GMT
expires: Tue, 14 Feb 2023 08:32:34 GMT
cache-control: private, max-age=3600, stale-while-revalidate=3600
content-type: text/javascript; charset=UTF-8
etag: 9057646562921759858
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 122940
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/html/r20230209/r20190131/zrt_lookup.html
216.58.207.226200 OK 4.2 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/html/r20230209/r20190131/zrt_lookup.html
IP 216.58.207.226:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2579)
Hash 2fb3574102373e2e076cfa2ff90cdf25
d06c985183def975546d6e47ab6369c11dcf7195
e61cbc207f7fc2f429deceff11e7a339a3d9a9574da6d035054eba02ee381345
GET /pagead/html/r20230209/r20190131/zrt_lookup.html HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://en.rawafedpor.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 4242
x-xss-protection: 0
date: Mon, 13 Feb 2023 09:08:51 GMT
expires: Mon, 27 Feb 2023 09:08:51 GMT
cache-control: public, max-age=1209600
age: 84223
etag: 10353107486223812946
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 289c721a8d4c809119c8015f7b9e2f57
6473ff534c0d3ffc6873ef4884ff2f335f0323fa
108552f1aad2695468046727ad48f1ebd565de267daf033abd9c5f4e3fe79cff
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 14 Feb 2023 08:32:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 29a7a34fc894553ff324f97441fdaaeb
00357179dbfc4b0608c7d972e203007687378b7e
dc8608bacd61ca8f8eb8c315b7ea3ccb3e1e988177b8a22026e96b100019431b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 14 Feb 2023 08:32:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash f48f404b096233d450cf335d9f40f24e
18ce733026e09526ffba5f79822902bffcbbd4e1
547f22d026f56991f3b61db25c1331a88a3728276bed76b89619cb738c195547
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 14 Feb 2023 08:32:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
partner.googleadservices.com/gampad/cookie.js?domain=en.rawafedpor.com&callback=_gfp_s_&client=ca-pub-8594790428066018
216.58.207.194200 OK 254 B URL HTTP/2 partner.googleadservices.com/gampad/cookie.js?domain=en.rawafedpor.com&callback=_gfp_s_&client=ca-pub-8594790428066018
IP 216.58.207.194:0
File type ASCII text, with very long lines (395), with no line terminators
Hash 462fc25fa177511864497df5b9f69f01
bc67e71f759a3fd6025a7a4e0ab637eab12bf839
448fb696202c85f723364f786aac4ba0cc9dd48c316334651f8786e24e6f62b5
GET /gampad/cookie.js?domain=en.rawafedpor.com&callback=_gfp_s_&client=ca-pub-8594790428066018 HTTP/1.1
Host: partner.googleadservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://en.rawafedpor.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Tue, 14 Feb 2023 08:32:34 GMT
server: cafe
cache-control: private
content-length: 254
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
adservice.google.com/adsid/integrator.js?domain=en.rawafedpor.com
142.250.74.66200 OK 100 B URL HTTP/2 adservice.google.com/adsid/integrator.js?domain=en.rawafedpor.com
IP 142.250.74.66:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=en.rawafedpor.com HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://en.rawafedpor.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Tue, 14 Feb 2023 08:32:34 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
adservice.google.no/adsid/integrator.js?domain=en.rawafedpor.com
216.58.211.2200 OK 100 B URL HTTP/2 adservice.google.no/adsid/integrator.js?domain=en.rawafedpor.com
IP 216.58.211.2:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=en.rawafedpor.com HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://en.rawafedpor.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Tue, 14 Feb 2023 08:32:34 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash f48f404b096233d450cf335d9f40f24e
18ce733026e09526ffba5f79822902bffcbbd4e1
547f22d026f56991f3b61db25c1331a88a3728276bed76b89619cb738c195547
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 14 Feb 2023 08:32:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 289c721a8d4c809119c8015f7b9e2f57
6473ff534c0d3ffc6873ef4884ff2f335f0323fa
108552f1aad2695468046727ad48f1ebd565de267daf033abd9c5f4e3fe79cff
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 14 Feb 2023 08:32:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230209&st=env
142.250.74.2200 OK 11 kB URL HTTP/2 pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230209&st=env
IP 142.250.74.2:0
File type JSON data\012- , ASCII text, with very long lines (14802), with no line terminators
Hash d9bb4f7e3047555155110763e5b79277
2ec962705552276c8a338a2732f38bb4e0d75ee7
f0f70fd0c87b7ff6d2df192d51d1f17f382b81da1d73be77bd3368d4306cfad4
GET /getconfig/sodar?sv=200&tid=gda&tv=r20230209&st=env HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://en.rawafedpor.com
Connection: keep-alive
Referer: https://en.rawafedpor.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-type: application/json; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
date: Tue, 14 Feb 2023 08:32:34 GMT
server: cafe
content-length: 11175
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 484e53a930dca698bd7dcec23cdc891e
d90ba836c73496656d393bfaf2ba43aece47c660
d5e78fab358c361c979e404a310b5d9bc1ea1e402dccd9e6de21835e814b3aeb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 14 Feb 2023 08:32:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
tpc.googlesyndication.com/sodar/sodar2.js
216.58.211.1200 OK 6.4 kB URL HTTP/2 tpc.googlesyndication.com/sodar/sodar2.js
IP 216.58.211.1:0
File type ASCII text, with very long lines (1321)
Hash ac906814ed812c4ecdbb624a3bd2f6c3
8e4547eaffaa66a1ee61b36028dbcd7091d0e7de
8ab8cef6156022c4547455defd8252b48b6bcb8b734072849345bb99758705fe
GET /sodar/sodar2.js HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://en.rawafedpor.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 6386
date: Tue, 14 Feb 2023 08:32:35 GMT
expires: Tue, 14 Feb 2023 08:32:35 GMT
cache-control: private, max-age=3000
etag: "1637097310169751"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
tpc.googlesyndication.com/sodar/sodar2/225/runner.html
216.58.211.1200 OK 5.0 kB URL HTTP/2 tpc.googlesyndication.com/sodar/sodar2/225/runner.html
IP 216.58.211.1:0
File type HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2020)
Hash f530c16b248be97e10df228df6a41c24
ca3c3a38bbeef6906682b3e0b2a7be40c08b0925
f45287dcfd79a2411e79f98c834c6f7eff8a281a9b4fdba0124be9d204987786
GET /sodar/sodar2/225/runner.html HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://en.rawafedpor.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 13 Feb 2023 08:45:21 GMT
expires: Tue, 13 Feb 2024 08:45:21 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
vary: Accept-Encoding
age: 85634
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/bg/BCIcmf313WzoCVCbVncOKNc8C4ARuhVvc7JlJ5i6CqM.js
142.250.74.2200 OK 14 kB URL HTTP/2 pagead2.googlesyndication.com/bg/BCIcmf313WzoCVCbVncOKNc8C4ARuhVvc7JlJ5i6CqM.js
IP 142.250.74.2:0
File type ASCII text, with very long lines (35857)
Hash 79a62667fe5dd370547d8462fae95a60
309245f4dc10abed1d7e204410d40e2fec03fa53
c1821b83a6b2f60624add2a2000525db6d4abdf42ac57bfba273b1c38396b5dd
GET /bg/BCIcmf313WzoCVCbVncOKNc8C4ARuhVvc7JlJ5i6CqM.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tpc.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-length: 14187
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 13 Feb 2023 15:46:52 GMT
expires: Tue, 13 Feb 2024 15:46:52 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 07 Feb 2023 17:38:00 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 60343
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 704848873afb62f820c1b194e3620519
6b5dc73daf065a51ee2364b34f0e488902663d3d
19c8c76bb1c818f85ff5aafdf3d0bdd9e7ee2a4ec0753954d220eb2f23a234a8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 14 Feb 2023 08:32:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/recaptcha/api2/aframe
142.250.74.164200 OK 512 B URL HTTP/2 www.google.com/recaptcha/api2/aframe
IP 142.250.74.164:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (783), with no line terminators
Hash b090d7e1326503bc196fe13da1a4e278
846f1538fe19c4ff8636f36f72f84b754ad94ca8
4cb0ac727d3d99c858303121d4f0eaf3e1902051615bf69c40a8d0c4f18d4976
GET /recaptcha/api2/aframe HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://en.rawafedpor.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Tue, 14 Feb 2023 08:32:35 GMT
date: Tue, 14 Feb 2023 08:32:35 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'nonce-_1qFUxotoQItXsQN63uhOg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 512
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230209&jk=1611710713047393&rc=
142.250.74.2204 No Content 0 B URL HTTP/2 pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230209&jk=1611710713047393&rc=
IP 142.250.74.2:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pagead/sodar?id=sodar2&v=225&li=gda_r20230209&jk=1611710713047393&rc= HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Tue, 14 Feb 2023 08:32:35 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230209&jk=1611710713047393&bg=!7O-l77vNAAYuhb89DoU7ADkAdvg8WpFaQZJD4tZB_m_ezmnXLHsRj0_UoM9D40NKpWUW2tzH3ZpgWVYLBeRXtM2Xk5beTdyCq5ICAAAAYVIAAAAEaAEHmQJ_QKnu3HyF2YlIu8dqIa9jp9F7dv3pHp8mTtqtxSv0aw-QuuBDAKRZMoKP7SOwVA5kCd8TjX7RH9wwPig21-QYP7_zRaPa4Yk9igv-IFUrQ7oq3suWYuGrXccvBXiHkVN42Cd_iBx49-VPguNOX9DlH88hBGW3X0u_yUVBkjDGl3iDpW1Wx_8lO-vZHkZZiaBbijTOktGkfniFsHoiTTglbWBR1dOzbIWJo9hG_2OtKPo5PaetVpfwIHG-8z89w1DfWsB6d1S7lJBVevCV3Xy4JfMZXNHLkRclfcCzQPVkCEhS-Bm10zJQaMZbKcH-5j9xxLV2CdZ6Ms_DprqsWpoPHkKQkLD4uVSF7xTaGl90-BzBuTDNxZvc35Tnzios8fV5JIOTZztQ8zNj4TfuS0nNxIYPExEAyqKasMvcsfKQ7uYUWEaY7zjYMRrbZTn9AdHqAUl76qTZr-2eVM9lQb20KzcbLObaEmeZWQwELq4mbb1rM-tGwr_GUDzd8JGzuU9_JvLoxikwCmAfSuFSk26INhD3G0Gumoho-BSNaOdzmhAwfrNULUJLJuanMdKlk7myFU-BgGaEWzu9didsiRJ8YKoiawTr21vauPriwMQnYov-kErxqyEX8vXcnv4LmihfkE_qeK7sBYJ1qRG7rgqr-MFHj40al1BYeQEBsUaOj3VrS5sZfs6oo51VhZ7wEaGEJTOgA2skxaOrdoJKOSPTzPVVAfXZ4DtAhsZgHyHxw8r3dY3u2-ImsFOOoUWJ0I2k_4jkYvmhnAWiG8NgPhQxygq8TnZ7SoZAZ4N4PnA7M5aO01deGoQ0cnZV7jCqkH7OkLmEwVWqEwaAUWPsp7TU
142.250.74.2204 No Content 0 B URL HTTP/2 pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230209&jk=1611710713047393&bg=!7O-l77vNAAYuhb89DoU7ADkAdvg8WpFaQZJD4tZB_m_ezmnXLHsRj0_UoM9D40NKpWUW2tzH3ZpgWVYLBeRXtM2Xk5beTdyCq5ICAAAAYVIAAAAEaAEHmQJ_QKnu3HyF2YlIu8dqIa9jp9F7dv3pHp8mTtqtxSv0aw-QuuBDAKRZMoKP7SOwVA5kCd8TjX7RH9wwPig21-QYP7_zRaPa4Yk9igv-IFUrQ7oq3suWYuGrXccvBXiHkVN42Cd_iBx49-VPguNOX9DlH88hBGW3X0u_yUVBkjDGl3iDpW1Wx_8lO-vZHkZZiaBbijTOktGkfniFsHoiTTglbWBR1dOzbIWJo9hG_2OtKPo5PaetVpfwIHG-8z89w1DfWsB6d1S7lJBVevCV3Xy4JfMZXNHLkRclfcCzQPVkCEhS-Bm10zJQaMZbKcH-5j9xxLV2CdZ6Ms_DprqsWpoPHkKQkLD4uVSF7xTaGl90-BzBuTDNxZvc35Tnzios8fV5JIOTZztQ8zNj4TfuS0nNxIYPExEAyqKasMvcsfKQ7uYUWEaY7zjYMRrbZTn9AdHqAUl76qTZr-2eVM9lQb20KzcbLObaEmeZWQwELq4mbb1rM-tGwr_GUDzd8JGzuU9_JvLoxikwCmAfSuFSk26INhD3G0Gumoho-BSNaOdzmhAwfrNULUJLJuanMdKlk7myFU-BgGaEWzu9didsiRJ8YKoiawTr21vauPriwMQnYov-kErxqyEX8vXcnv4LmihfkE_qeK7sBYJ1qRG7rgqr-MFHj40al1BYeQEBsUaOj3VrS5sZfs6oo51VhZ7wEaGEJTOgA2skxaOrdoJKOSPTzPVVAfXZ4DtAhsZgHyHxw8r3dY3u2-ImsFOOoUWJ0I2k_4jkYvmhnAWiG8NgPhQxygq8TnZ7SoZAZ4N4PnA7M5aO01deGoQ0cnZV7jCqkH7OkLmEwVWqEwaAUWPsp7TU
IP 142.250.74.2:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230209&jk=1611710713047393&bg=!7O-l77vNAAYuhb89DoU7ADkAdvg8WpFaQZJD4tZB_m_ezmnXLHsRj0_UoM9D40NKpWUW2tzH3ZpgWVYLBeRXtM2Xk5beTdyCq5ICAAAAYVIAAAAEaAEHmQJ_QKnu3HyF2YlIu8dqIa9jp9F7dv3pHp8mTtqtxSv0aw-QuuBDAKRZMoKP7SOwVA5kCd8TjX7RH9wwPig21-QYP7_zRaPa4Yk9igv-IFUrQ7oq3suWYuGrXccvBXiHkVN42Cd_iBx49-VPguNOX9DlH88hBGW3X0u_yUVBkjDGl3iDpW1Wx_8lO-vZHkZZiaBbijTOktGkfniFsHoiTTglbWBR1dOzbIWJo9hG_2OtKPo5PaetVpfwIHG-8z89w1DfWsB6d1S7lJBVevCV3Xy4JfMZXNHLkRclfcCzQPVkCEhS-Bm10zJQaMZbKcH-5j9xxLV2CdZ6Ms_DprqsWpoPHkKQkLD4uVSF7xTaGl90-BzBuTDNxZvc35Tnzios8fV5JIOTZztQ8zNj4TfuS0nNxIYPExEAyqKasMvcsfKQ7uYUWEaY7zjYMRrbZTn9AdHqAUl76qTZr-2eVM9lQb20KzcbLObaEmeZWQwELq4mbb1rM-tGwr_GUDzd8JGzuU9_JvLoxikwCmAfSuFSk26INhD3G0Gumoho-BSNaOdzmhAwfrNULUJLJuanMdKlk7myFU-BgGaEWzu9didsiRJ8YKoiawTr21vauPriwMQnYov-kErxqyEX8vXcnv4LmihfkE_qeK7sBYJ1qRG7rgqr-MFHj40al1BYeQEBsUaOj3VrS5sZfs6oo51VhZ7wEaGEJTOgA2skxaOrdoJKOSPTzPVVAfXZ4DtAhsZgHyHxw8r3dY3u2-ImsFOOoUWJ0I2k_4jkYvmhnAWiG8NgPhQxygq8TnZ7SoZAZ4N4PnA7M5aO01deGoQ0cnZV7jCqkH7OkLmEwVWqEwaAUWPsp7TU HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://en.rawafedpor.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Tue, 14 Feb 2023 08:32:36 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2