r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b7be8442ec1e518ccc80739495f6d047
7a9d24b9d4046262c7753c49afaf9c19f4840626
b93410a9d62da3f219796d753b61a0f730cc272c13596724aa9d20efba298b44
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B93410A9D62DA3F219796D753B61A0F730CC272C13596724AA9D20EFBA298B44"
Last-Modified: Thu, 03 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5431
Expires: Sat, 05 Nov 2022 01:55:36 GMT
Date: Sat, 05 Nov 2022 00:25:05 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash cd02b32dbc8416dcb10b468af2166c33
503a9c4cabdb19dfde769f5e2d3ef919c818c364
46ca638514d9d4cf252762fdac37a5e7b1da550fcc9911070b0b26a6aa6150a7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1420
Cache-Control: max-age=120580
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 00:25:05 GMT
Etag: "6364dbd9-1d7"
Expires: Sun, 06 Nov 2022 09:54:45 GMT
Last-Modified: Fri, 04 Nov 2022 09:31:05 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9f3527f898221f8ba6b5015f6decc100
ead93baa0e9d3a6297be3377dc3a624e5a3f509a
73a068f907cc50dd60af18d545b4264dd44bc4b9f40bf9adfceea157fdc33099
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "73A068F907CC50DD60AF18D545B4264DD44BC4B9F40BF9ADFCEEA157FDC33099"
Last-Modified: Thu, 03 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5439
Expires: Sat, 05 Nov 2022 01:55:44 GMT
Date: Sat, 05 Nov 2022 00:25:05 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: Xz+w8k0gUkZPe7OKUVISKmctOpcxZRK+7yBm8Kr30RWg3zHFvDWk+4c8G4fONIOL7fFQd+OBB20=
x-amz-request-id: EB2D4BGKRVZ36P05
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 05 Nov 2022 00:09:47 GMT
age: 918
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 05 Nov 2022 00:25:05 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
www.regionic.info/jmb/?p=18298
83.166.138.58200 OK 13 kB URL HTTP/1.1 www.regionic.info/jmb/?p=18298
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (8047), with CRLF, LF line terminators
Hash ebed80cd44341f5b39828f6ff7554786
116a48af0ef6115bc66e753c481dc76bf170c799
eefc1de32a6b4b4ffe23c207cea9e5bb295b592d6e568577b69201da08a6a2db
Analyzer Verdict Alert fortinet Phishing
GET /jmb/?p=18298 HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sat, 05 Nov 2022 00:25:05 GMT
Server: Apache
Link: <http://www.regionic.info/jmb/index.php?rest_route=/>; rel="https://api.w.org/", <http://www.regionic.info/jmb/index.php?rest_route=/wp/v2/posts/18298>; rel="alternate"; type="application/json", <http://www.regionic.info/jmb/?p=18298>; rel=shortlink
Upgrade: h2
Connection: Upgrade
Vary: Accept-Encoding
Content-Encoding: gzip
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
www.regionic.info/jmb/wp-content/themes/twentyten/style.css
83.166.138.58200 OK 5.9 kB URL HTTP/1.1 www.regionic.info/jmb/wp-content/themes/twentyten/style.css
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
File type ASCII text, with very long lines (535)
Hash 46b42de88554440913c99c306577b122
2c29e19ea1e71895b1b41138a59173dab15dfea5
2fe9193a48d8bb81f482b0cb299456e793d709bc5e86aee1426705d5e03f3743
GET /jmb/wp-content/themes/twentyten/style.css HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/?p=18298
HTTP/1.1 200 OK
Date: Sat, 05 Nov 2022 00:25:06 GMT
Server: Apache
Last-Modified: Fri, 04 Mar 2016 14:18:20 GMT
ETag: "5c67-52d39c977a300-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5945
Content-Type: text/css
static.bufferapp.com/js/button.js
104.16.138.31301 Moved Permanently 0 B URL HTTP/1.1 static.bufferapp.com/js/button.js
IP 104.16.138.31:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /js/button.js HTTP/1.1
Host: static.bufferapp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/
HTTP/1.1 301 Moved Permanently
Date: Sat, 05 Nov 2022 00:25:06 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 05 Nov 2022 01:25:06 GMT
Location: https://static.buffer.com/js/button.js
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 765173468dabb503-OSL
platform.linkedin.com/in.js?ver=6.0.3
23.36.76.210200 OK 163 kB URL HTTP/2 platform.linkedin.com/in.js?ver=6.0.3
IP 23.36.76.210:0
ASN #20940 Akamai International B.V.
File type Unicode text, UTF-8 text, with very long lines (41594)
Size 163 kB (163355 bytes)
Hash c1bba435347a1ff49f05dd27ea750e9e
5cccaa8f242566c96658a40e9cbb5696334ea313
77326612a0a1da93d1f72b2e2ad72385c8223c05bc565ea0f3262c7460149214
GET /in.js?ver=6.0.3 HTTP/1.1
Host: platform.linkedin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.regionic.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Play
expires: Sat, 5 Nov 2022 01:11:22 GMT
cache-control: public, max-age=3600
content-encoding: gzip
content-type: text/javascript; charset=UTF-8
content-length: 163355
x-li-fabric: prod-lor1
x-li-pop: prod-lor1-x
x-li-proto: http/1.1
x-li-uuid: AAXsrgfIAlnhNYJ4ln8uCw==
date: Sat, 05 Nov 2022 00:25:06 GMT
vary: Accept-Encoding
x-cdn-client-ip-version: IPV4
x-cdn: AKAM
X-Firefox-Spdy: h2
www.regionic.info/jmb/wp-includes/js/comment-reply.min.js?ver=6.0.3
83.166.138.58200 OK 1.4 kB URL HTTP/1.1 www.regionic.info/jmb/wp-includes/js/comment-reply.min.js?ver=6.0.3
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
File type ASCII text, with very long lines (2946)
Hash 28214bc78b9edfcfbc9c7b651fb4f56c
fb0847abdb33dd943a2dcda4c4b905fb5cdd116c
11691bc1acc1f3a7ab8ef7c67fb720ca58fb72e52f510009f7b0cbc2589d45e0
Analyzer Verdict Alert fortinet Phishing
GET /jmb/wp-includes/js/comment-reply.min.js?ver=6.0.3 HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/?p=18298
HTTP/1.1 200 OK
Date: Sat, 05 Nov 2022 00:25:06 GMT
Server: Apache
Last-Modified: Tue, 21 Jun 2022 06:43:55 GMT
ETag: "ba5-5e1ef8b691eb3-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1351
Content-Type: application/javascript
www.regionic.info/jmb/wp-content/plugins/add-link-to-facebook/add-link-to-facebook.css?ver=6.0.3
83.166.138.58200 OK 220 B URL HTTP/1.1 www.regionic.info/jmb/wp-content/plugins/add-link-to-facebook/add-link-to-facebook.css?ver=6.0.3
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
Hash 5960fb646f4ac405f4ec6c2c9ad2a027
0356668a2cf0a15628a6d1d0bea992a4264fc275
6e680f53135a6d4b2b75ffe9c7f687b33c4fe34abc1395e5d0e5acde4aaa595b
GET /jmb/wp-content/plugins/add-link-to-facebook/add-link-to-facebook.css?ver=6.0.3 HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/?p=18298
HTTP/1.1 200 OK
Date: Sat, 05 Nov 2022 00:25:06 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade
Last-Modified: Fri, 04 Mar 2016 14:12:02 GMT
ETag: "10f-52d39b2efd080-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 220
Content-Type: text/css
www.regionic.info/jmb/wp-includes/css/dist/block-library/style.min.css?ver=6.0.3
83.166.138.58200 OK 12 kB URL HTTP/1.1 www.regionic.info/jmb/wp-includes/css/dist/block-library/style.min.css?ver=6.0.3
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
File type ASCII text, with very long lines (43771)
Hash e5548800176e913a9084f47a3e1e04f6
eff4604acc5c26ae82a19188de2f98bf5b79d80c
a2569c768eaca09f2483b971fcebb97badd57c9a16b5ae3e16b8cdcd8c688b07
Analyzer Verdict Alert fortinet Phishing
GET /jmb/wp-includes/css/dist/block-library/style.min.css?ver=6.0.3 HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/?p=18298
HTTP/1.1 200 OK
Date: Sat, 05 Nov 2022 00:25:06 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade
Last-Modified: Wed, 13 Jul 2022 04:18:35 GMT
ETag: "15b64-5e3a8141f38c3-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 11681
Content-Type: text/css
www.regionic.info/jmb/wp-content/plugins/cardoza-facebook-like-box/cardozafacebook.css?ver=6.0.3
83.166.138.58200 OK 332 B URL HTTP/1.1 www.regionic.info/jmb/wp-content/plugins/cardoza-facebook-like-box/cardozafacebook.css?ver=6.0.3
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
File type CSV text\012- , ASCII text, with CRLF line terminators
Hash bcb6bcdc3b9f75d9834b745fafbcd2ef
d559a6d33ef73c30d7a546a69e5e6c7843dec4e4
ffee38b18271e25849cfd2ce95e3206b34e15d01aa3c21acf6dd29da55ce60f4
GET /jmb/wp-content/plugins/cardoza-facebook-like-box/cardozafacebook.css?ver=6.0.3 HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/?p=18298
HTTP/1.1 200 OK
Date: Sat, 05 Nov 2022 00:25:06 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade
Last-Modified: Tue, 21 Jun 2022 06:45:11 GMT
ETag: "437-5e1ef8fedeb50-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 332
Content-Type: text/css
www.regionic.info/jmb/wp-content/plugins/srizon-facebook-album/resources/css/elastislide.min.css?ver=6.0.3
83.166.138.58200 OK 635 B URL HTTP/1.1 www.regionic.info/jmb/wp-content/plugins/srizon-facebook-album/resources/css/elastislide.min.css?ver=6.0.3
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
File type ASCII text, with very long lines (1962), with no line terminators
Hash db3c7868bfc439e8374d97ead0d4bdee
9e58e07495cc2d09a4bbcbaeb79f02767b6557c1
c50c163a065576f4e979be7146044b2af003b994aa9be1f967bb2fb06b5cf953
Analyzer Verdict Alert fortinet Phishing
GET /jmb/wp-content/plugins/srizon-facebook-album/resources/css/elastislide.min.css?ver=6.0.3 HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/?p=18298
HTTP/1.1 200 OK
Date: Sat, 05 Nov 2022 00:25:06 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade
Last-Modified: Fri, 04 Mar 2016 14:16:24 GMT
ETag: "7aa-52d39c28d9e00-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 635
Content-Type: text/css
www.regionic.info/jmb/wp-content/plugins/srizon-facebook-album/resources/css/srizon.custom.min.css?ver=2.3
83.166.138.58200 OK 2.1 kB URL HTTP/1.1 www.regionic.info/jmb/wp-content/plugins/srizon-facebook-album/resources/css/srizon.custom.min.css?ver=2.3
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
File type ASCII text, with very long lines (8058), with no line terminators
Hash bfc3097d6a19406d6f000a8514db8c67
e92f355cf2aa7164c37640acab4d0ac189aef9ec
f453398a652ea2eeae098967a38ce361a0f0daf260fc33b208ecd97aea47ef90
GET /jmb/wp-content/plugins/srizon-facebook-album/resources/css/srizon.custom.min.css?ver=2.3 HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/?p=18298
HTTP/1.1 200 OK
Date: Sat, 05 Nov 2022 00:25:06 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade
Last-Modified: Fri, 04 Mar 2016 14:16:24 GMT
ETag: "1f7a-52d39c28d9e00-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2054
Content-Type: text/css
www.reddit.com/static/button/button1.js?newwindow=1&url=http://www.regionic.info/jmb/?p=18298
151.101.85.140301 Moved Permanently 0 B URL HTTP/1.1 www.reddit.com/static/button/button1.js?newwindow=1&url=http://www.regionic.info/jmb/?p=18298
IP 151.101.85.140:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /static/button/button1.js?newwindow=1&url=http://www.regionic.info/jmb/?p=18298 HTTP/1.1
Host: www.reddit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/
HTTP/1.1 301 Moved Permanently
Connection: close
Content-Length: 0
Retry-After: 0
Location: https://www.reddit.com/static/button/button1.js?newwindow=1&url=http://www.regionic.info/jmb/?p=18298
Accept-Ranges: bytes
Date: Sat, 05 Nov 2022 00:25:06 GMT
Via: 1.1 varnish
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Cache-Control: private, max-age=3600
Server: snooserv
Report-To: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}
NEL: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.2, "failure_fraction": 0.2}
www.regionic.info/jmb/wp-content/plugins/recent-facebook-posts/assets/css/default.min.css?ver=2.0.8
83.166.138.58200 OK 762 B URL HTTP/1.1 www.regionic.info/jmb/wp-content/plugins/recent-facebook-posts/assets/css/default.min.css?ver=2.0.8
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
File type ASCII text, with very long lines (2339), with no line terminators
Hash d4b976de1da7f7be59ad8d562245ee96
3a955fa2af18fd9d3bcdec9928021691179e43cf
6237be557b7c7539e51a3780f13bfe59761844242aab8af74f2f281509006c14
GET /jmb/wp-content/plugins/recent-facebook-posts/assets/css/default.min.css?ver=2.0.8 HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/?p=18298
HTTP/1.1 200 OK
Date: Sat, 05 Nov 2022 00:25:06 GMT
Server: Apache
Last-Modified: Fri, 04 Mar 2016 14:16:21 GMT
ETag: "923-52d39c25fd740-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 762
Content-Type: text/css
www.regionic.info/jmb/wp-content/plugins/really-simple-facebook-twitter-share-buttons/style.css?ver=6.0.3
83.166.138.58200 OK 777 B URL HTTP/1.1 www.regionic.info/jmb/wp-content/plugins/really-simple-facebook-twitter-share-buttons/style.css?ver=6.0.3
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
File type ASCII text, with CRLF line terminators
Hash 1ce521270815d9f13c11654b2c940766
b87c4a83005a7e36335cea34c80a29d2bcb5eeae
735a289163641abaa57b850a4b4c2c1734766701aaba58d73fb4107ffe2febb7
GET /jmb/wp-content/plugins/really-simple-facebook-twitter-share-buttons/style.css?ver=6.0.3 HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/?p=18298
HTTP/1.1 200 OK
Date: Sat, 05 Nov 2022 00:25:06 GMT
Server: Apache
Last-Modified: Fri, 04 Mar 2016 14:16:19 GMT
ETag: "8c2-52d39c24152c0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 777
Content-Type: text/css
www.regionic.info/jmb/wp-content/plugins/cardoza-facebook-like-box/cardozafacebook.js?ver=6.0.3
83.166.138.58200 OK 381 B URL HTTP/1.1 www.regionic.info/jmb/wp-content/plugins/cardoza-facebook-like-box/cardozafacebook.js?ver=6.0.3
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
File type ASCII text, with CRLF line terminators
Hash c26c1149a61b90738434f96a6eb566be
60b7efad2c1852b4e66737965e2edd6afc8af2e9
5e3dba55cd599aefa42c63e6726f3c2e95cf14b077c7f1a8195f9788d77207d8
Analyzer Verdict Alert fortinet Phishing
GET /jmb/wp-content/plugins/cardoza-facebook-like-box/cardozafacebook.js?ver=6.0.3 HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/?p=18298
HTTP/1.1 200 OK
Date: Sat, 05 Nov 2022 00:25:06 GMT
Server: Apache
Last-Modified: Tue, 21 Jun 2022 06:45:11 GMT
ETag: "b1f-5e1ef8fedeb50-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 381
Content-Type: application/javascript
www.regionic.info/jmb/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
83.166.138.58200 OK 31 kB URL HTTP/1.1 www.regionic.info/jmb/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
File type ASCII text, with very long lines (65447)
Hash 9640915738503451aa21181699feab5b
c053eaf36ef0da96619706b3abda326305063bd6
f8834e669ad1f4039442c26aaa373ec39c35a233b9786d374fc3f670f16b0adc
Analyzer Verdict Alert fortinet Phishing
GET /jmb/wp-includes/js/jquery/jquery.min.js?ver=3.6.0 HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/?p=18298
HTTP/1.1 200 OK
Date: Sat, 05 Nov 2022 00:25:06 GMT
Server: Apache
Last-Modified: Tue, 21 Jun 2022 06:43:55 GMT
ETag: "15db1-5e1ef8b65f233-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 30908
Content-Type: application/javascript
www.regionic.info/jmb/wp-content/plugins/fb-social-reader/js/lib/require.js?ver=1.6.0.6
83.166.138.58200 OK 20 kB URL HTTP/1.1 www.regionic.info/jmb/wp-content/plugins/fb-social-reader/js/lib/require.js?ver=1.6.0.6
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
Hash a90955a13115bcf2a0a18e5e5051b670
294f5e6ae3a8a187c890d8388356ce631c72f2e0
c66d608e487e67cfc925c3399a0db7438e59d7c48676f44e1266ee20455ec1d8
Analyzer Verdict Alert fortinet Phishing
GET /jmb/wp-content/plugins/fb-social-reader/js/lib/require.js?ver=1.6.0.6 HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/?p=18298
HTTP/1.1 200 OK
Date: Sat, 05 Nov 2022 00:25:06 GMT
Server: Apache
Last-Modified: Fri, 04 Mar 2016 14:13:08 GMT
ETag: "13706-52d39b6dee500-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 19494
Content-Type: application/javascript
www.regionic.info/jmb/wp-content/plugins/srizon-facebook-album/resources/js/modernizr.js?ver=6.0.3
83.166.138.58200 OK 4.0 kB URL HTTP/1.1 www.regionic.info/jmb/wp-content/plugins/srizon-facebook-album/resources/js/modernizr.js?ver=6.0.3
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
File type HTML document text\012- HTML document, ASCII text, with very long lines (8960)
Hash ddb5e0e67e101b25f75010659ad3f6d6
eef831f9d2e37b5af10d758380844a822e929632
2ff3d1c2cbbe1c09812aa640450044a57965f6525588a11bdf3d1032e251da8b
Analyzer Verdict Alert fortinet Phishing
GET /jmb/wp-content/plugins/srizon-facebook-album/resources/js/modernizr.js?ver=6.0.3 HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/?p=18298
HTTP/1.1 200 OK
Date: Sat, 05 Nov 2022 00:25:06 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade
Last-Modified: Fri, 04 Mar 2016 14:16:25 GMT
ETag: "23d3-52d39c29ce040-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4042
Content-Type: application/javascript
www.regionic.info/jmb/wp-content/plugins/srizon-facebook-album/resources/js/mag-popup.js?ver=6.0.3
83.166.138.58200 OK 7.7 kB URL HTTP/1.1 www.regionic.info/jmb/wp-content/plugins/srizon-facebook-album/resources/js/mag-popup.js?ver=6.0.3
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
File type ASCII text, with very long lines (20844)
Hash dbfe5bc7c17594ecb1c525e501da9564
f65f4f1d4f7043b85898ee231dfb9aba3e4220a1
86688bb51a8303ea530de4fafb4c91d3885e0447f7c10b45b3f1eb44091d558a
Analyzer Verdict Alert fortinet Phishing
GET /jmb/wp-content/plugins/srizon-facebook-album/resources/js/mag-popup.js?ver=6.0.3 HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/?p=18298
HTTP/1.1 200 OK
Date: Sat, 05 Nov 2022 00:25:06 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade
Last-Modified: Fri, 04 Mar 2016 14:16:25 GMT
ETag: "5270-52d39c29ce040-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 7677
Content-Type: application/javascript
www.regionic.info/jmb/wp-content/plugins/srizon-facebook-album/resources/js/jquery.collagePlus.min.js?ver=6.0.3
83.166.138.58200 OK 2.2 kB URL HTTP/1.1 www.regionic.info/jmb/wp-content/plugins/srizon-facebook-album/resources/js/jquery.collagePlus.min.js?ver=6.0.3
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
File type ASCII text, with very long lines (6470), with no line terminators
Hash fa84b21a34f2d58c03aef662ae5abd67
7959d25dde0b746fb99b88728aa9f9b6e24de072
2daef4f3fae6b8a14be7374b5358e2a70ca7b82486627b73f94edfab41f054be
GET /jmb/wp-content/plugins/srizon-facebook-album/resources/js/jquery.collagePlus.min.js?ver=6.0.3 HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/?p=18298
HTTP/1.1 200 OK
Date: Sat, 05 Nov 2022 00:25:06 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade
Last-Modified: Wed, 21 Nov 2018 20:29:03 GMT
ETag: "1946-57b3299de8183-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2159
Content-Type: application/javascript
www.regionic.info/jmb/wp-content/plugins/srizon-facebook-album/resources/js/jquery.elastislide.min.js?ver=6.0.3
83.166.138.58200 OK 4.1 kB URL HTTP/1.1 www.regionic.info/jmb/wp-content/plugins/srizon-facebook-album/resources/js/jquery.elastislide.min.js?ver=6.0.3
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
File type ASCII text, with very long lines (13599), with no line terminators
Hash c37425cd901572f8f757e6a36627f2c6
e5810a1f9fb0be1ef033a26296ca3bdb38bdecbc
2e6289be6d9fc69faaf37cc4614af6f6ee9b8bff60259d419e08dc2fa19bcf8f
GET /jmb/wp-content/plugins/srizon-facebook-album/resources/js/jquery.elastislide.min.js?ver=6.0.3 HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/?p=18298
HTTP/1.1 200 OK
Date: Sat, 05 Nov 2022 00:25:06 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade
Last-Modified: Wed, 21 Nov 2018 20:29:03 GMT
ETag: "351f-57b3299de8183-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4142
Content-Type: application/javascript
www.regionic.info/jmb/wp-content/plugins/fb-social-reader/js/sr.min.js?ver=1.6.0.6
83.166.138.58200 OK 16 kB URL HTTP/1.1 www.regionic.info/jmb/wp-content/plugins/fb-social-reader/js/sr.min.js?ver=1.6.0.6
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
File type Unicode text, UTF-8 text, with very long lines (56742)
Hash 44ee5d1989ce366ebf46a1977c0b4524
89b21bc7b7fcf4d0ab95df2d0d2aea997ca3fa5e
89eb529dbfefcb00a30a74bf8d13f414f37a27bcfcbe8537b62c1d6ca0f55d7c
Analyzer Verdict Alert fortinet Phishing
GET /jmb/wp-content/plugins/fb-social-reader/js/sr.min.js?ver=1.6.0.6 HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/?p=18298
HTTP/1.1 200 OK
Date: Sat, 05 Nov 2022 00:25:06 GMT
Server: Apache
Last-Modified: Fri, 04 Mar 2016 14:13:08 GMT
ETag: "dec1-52d39b6dee500-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 16453
Content-Type: application/javascript
www.regionic.info/jmb/wp-content/plugins/srizon-facebook-album/resources/js/srizon.custom.min.js?ver=2.3.2
83.166.138.58200 OK 3.4 kB URL HTTP/1.1 www.regionic.info/jmb/wp-content/plugins/srizon-facebook-album/resources/js/srizon.custom.min.js?ver=2.3.2
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
File type HTML document, ASCII text, with very long lines (11853), with no line terminators
Hash 15522215729c753f7b3723e5abf2028b
ef370e5c588147a02076ea9ff496ff510e36e39f
e9a438f36dc15af555a2bf372a222715f96a8959d62888b386858e53c5c336d3
Analyzer Verdict Alert fortinet Phishing
GET /jmb/wp-content/plugins/srizon-facebook-album/resources/js/srizon.custom.min.js?ver=2.3.2 HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/?p=18298
HTTP/1.1 200 OK
Date: Sat, 05 Nov 2022 00:25:06 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade
Last-Modified: Fri, 04 Mar 2016 14:16:25 GMT
ETag: "2e4d-52d39c29ce040-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 3448
Content-Type: application/javascript
platform.tumblr.com/v1/share.js?ver=6.0.3
74.114.154.15302 Moved Temporarily 142 B URL HTTP/1.1 platform.tumblr.com/v1/share.js?ver=6.0.3
IP 74.114.154.15:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 82c98e8e012b79c922655461171cc2fa
0828d79135573276005b04be42d79a8a3291292b
745173bcc5c57ce9751dd019606e877e0aae13b60372fdb090f3db0470c3a43c
GET /v1/share.js?ver=6.0.3 HTTP/1.1
Host: platform.tumblr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/
HTTP/1.1 302 Moved Temporarily
Server: openresty
Date: Sat, 05 Nov 2022 00:25:06 GMT
Content-Type: text/html
Content-Length: 142
Connection: keep-alive
Location: https://platform.tumblr.com/v1/share.js?ver=6.0.3
www.regionic.info/jmb/wp-content/plugins/fb-social-reader/css/style.css?ver=6.0.3
83.166.138.58200 OK 1.5 kB URL HTTP/1.1 www.regionic.info/jmb/wp-content/plugins/fb-social-reader/css/style.css?ver=6.0.3
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
Hash 846d7d2e9ab8ef1cc3045650d90be00c
4fc113ffe22a5cffb328c1ecb77e409c472c4c96
20c45d712b497f79bf178c2d6ee4a5955e6902c6bb7101969289a49bca98b949
GET /jmb/wp-content/plugins/fb-social-reader/css/style.css?ver=6.0.3 HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/?p=18298
HTTP/1.1 200 OK
Date: Sat, 05 Nov 2022 00:25:06 GMT
Server: Apache
Last-Modified: Fri, 04 Mar 2016 14:13:07 GMT
ETag: "1918-52d39b6cfa2c0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1521
Content-Type: text/css
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash de9472a389173fcda47a2ee9e31e46fb
46e8532c2ecf70a5f5846cb4593435c96f591613
f30b77c73b3c245e3de35141a0f22100a25d8719f223d9838b0a54b681c25fd9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 9
Cache-Control: max-age=170667
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 00:25:06 GMT
Etag: "6365a504-117"
Expires: Sun, 06 Nov 2022 23:49:33 GMT
Last-Modified: Fri, 04 Nov 2022 23:49:24 GMT
Server: ECS (amb/6BA2)
X-Cache: HIT
Content-Length: 279
www.regionic.info/jmb/wp-content/plugins/srizon-facebook-album/resources/css/mag-popup.min.css?ver=6.0.3
83.166.138.58200 OK 1.7 kB URL HTTP/1.1 www.regionic.info/jmb/wp-content/plugins/srizon-facebook-album/resources/css/mag-popup.min.css?ver=6.0.3
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
File type ASCII text, with very long lines (6065), with no line terminators
Hash af7191bfbee1f7906b91594e564b3b54
d16ecd7e4548743a605d649e90219b4ef69dae01
94e39de77d84991a731ebf77fa6c75641127ce142213b07317536768511b2cbb
Analyzer Verdict Alert fortinet Phishing
GET /jmb/wp-content/plugins/srizon-facebook-album/resources/css/mag-popup.min.css?ver=6.0.3 HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/?p=18298
HTTP/1.1 200 OK
Date: Sat, 05 Nov 2022 00:25:06 GMT
Server: Apache
Last-Modified: Fri, 04 Mar 2016 14:16:24 GMT
ETag: "17b1-52d39c28d9e00-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1705
Content-Type: text/css
www.regionic.info/jmb/wp-content/plugins/really-simple-facebook-twitter-share-buttons/images/specificfeeds_follow.png
83.166.138.58200 OK 714 B URL HTTP/1.1 www.regionic.info/jmb/wp-content/plugins/really-simple-facebook-twitter-share-buttons/images/specificfeeds_follow.png
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
File type PNG image data, 26 x 13, 8-bit/color RGBA, non-interlaced\012- data
Hash 346c3031219692aa036b3f70a049357e
1be1d28a7fd3c97ec06bd5acc0c1965975904dff
8eed0123cea1bc7373855ce7371d01f5c4bfbf58d0f70d9c9f2b945940f48c61
GET /jmb/wp-content/plugins/really-simple-facebook-twitter-share-buttons/images/specificfeeds_follow.png HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/?p=18298
HTTP/1.1 200 OK
Date: Sat, 05 Nov 2022 00:25:06 GMT
Server: Apache
Last-Modified: Fri, 04 Mar 2016 14:16:19 GMT
ETag: "2ca-52d39c24152c0"
Accept-Ranges: bytes
Content-Length: 714
Content-Type: image/png
www.regionic.info/jmb/wp-content/plugins/really-simple-facebook-twitter-share-buttons/images/rss.png
83.166.138.58200 OK 1.0 kB URL HTTP/1.1 www.regionic.info/jmb/wp-content/plugins/really-simple-facebook-twitter-share-buttons/images/rss.png
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
File type PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced\012- data
Hash 05e27acef3866d11912ffd5f5a8082e6
21fdfecf0185d7006dda0ca426926b3ed4d2b2b4
91eebabc35aac7ff6bc31bd78f5bba8ae01a1621dbee807f2fe26aec8076db45
GET /jmb/wp-content/plugins/really-simple-facebook-twitter-share-buttons/images/rss.png HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/?p=18298
HTTP/1.1 200 OK
Date: Sat, 05 Nov 2022 00:25:06 GMT
Server: Apache
Last-Modified: Fri, 04 Mar 2016 14:16:19 GMT
ETag: "407-52d39c24152c0"
Accept-Ranges: bytes
Content-Length: 1031
Content-Type: image/png
www.regionic.info/jmb/wp-content/plugins/really-simple-facebook-twitter-share-buttons/images/email.png
83.166.138.58200 OK 2.0 kB URL HTTP/1.1 www.regionic.info/jmb/wp-content/plugins/really-simple-facebook-twitter-share-buttons/images/email.png
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
File type PNG image data, 30 x 20, 8-bit/color RGBA, non-interlaced\012- data
Hash 49e12c71bf7fc34e81b089e93cb24e97
6dbacc6dbc4e218bfecd3667027ac60f0f5f2ad8
6716dbbcf4c38a706abf0b7ad4398ca2f1d471c647ea8ef588fe680a1494501a
GET /jmb/wp-content/plugins/really-simple-facebook-twitter-share-buttons/images/email.png HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/?p=18298
HTTP/1.1 200 OK
Date: Sat, 05 Nov 2022 00:25:06 GMT
Server: Apache
Last-Modified: Fri, 04 Mar 2016 14:16:19 GMT
ETag: "7be-52d39c24152c0"
Accept-Ranges: bytes
Content-Length: 1982
Content-Type: image/png
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 42a0adacced30df52cf7cad3e200036d
f7b4114defc61f806dbb74fd228bca155d52362a
e4928481739a2a75dce86c03b355c6dff507426e8d851cba5ca8537b1be87c20
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5884
Cache-Control: max-age=119985
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 00:25:06 GMT
Etag: "6364c817-1d7"
Expires: Sun, 06 Nov 2022 09:44:51 GMT
Last-Modified: Fri, 04 Nov 2022 08:06:47 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471
www.tipy.com/button_compact.gif
3.74.170.143301 Moved Permanently 185 B URL HTTP/1.1 www.tipy.com/button_compact.gif
IP 3.74.170.143:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4c555068310076e85908835c721911f5
9ec990aabb4391e139034f68e5e657e0f1d0b74d
568b4de0ad30e85670e724dc30ccb675924353b77807356c5ad7f29c8c38f510
GET /button_compact.gif HTTP/1.1
Host: www.tipy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/
HTTP/1.1 301 Moved Permanently
Server: nginx/1.14.2
Date: Sat, 05 Nov 2022 00:25:06 GMT
Content-Type: text/html
Content-Length: 185
Connection: keep-alive
Location: https://www.tipy.com/button_compact.gif
www.regionic.info/jmb/wp-content/uploads/2013/05/cropped-Carte_regions_Kamerun_Allemand_Batscham_mark_jmb2012N.jpg
83.166.138.58200 OK 106 kB URL HTTP/1.1 www.regionic.info/jmb/wp-content/uploads/2013/05/cropped-Carte_regions_Kamerun_Allemand_Batscham_mark_jmb2012N.jpg
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90", baseline, precision 8, 940x198, components 3\012- data
Size 106 kB (106068 bytes)
Hash ec53ed4bf2c9c19af19954b5f0dd3aaa
0d99b1707f02398171141abf1fd4ef106547cd36
bb16a4f2a4fa5fd5c218dd791144a197269bdf8afbbadabed8c8c10ff0cc71ad
GET /jmb/wp-content/uploads/2013/05/cropped-Carte_regions_Kamerun_Allemand_Batscham_mark_jmb2012N.jpg HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/?p=18298
HTTP/1.1 200 OK
Date: Sat, 05 Nov 2022 00:25:06 GMT
Server: Apache
Last-Modified: Thu, 23 May 2013 11:07:30 GMT
ETag: "19e54-4dd60b0398080"
Accept-Ranges: bytes
Content-Length: 106068
Content-Type: image/jpeg
www.reddit.com/static/button/button1.js?newwindow=1&url=http://www.regionic.info/jmb/?p=18298
151.101.85.140200 OK 1.1 kB URL HTTP/2 www.reddit.com/static/button/button1.js?newwindow=1&url=http://www.regionic.info/jmb/?p=18298
IP 151.101.85.140:0
Hash 610788fd4961c058cee1869f473c374c
43c8308946d4f121b91aae5fb1a688392a234d01
fdc2e23dcb6a6ce8f2ada0e9933e7edbda5f15d450165c71482eb752c7c5ae24
GET /static/button/button1.js?newwindow=1&url=http://www.regionic.info/jmb/?p=18298 HTTP/1.1
Host: www.reddit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.regionic.info/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Mon, 22 Sep 2014 16:25:05 GMT
etag: "610788fd4961c058cee1869f473c374c"
content-type: application/javascript
accept-ranges: bytes
date: Sat, 05 Nov 2022 00:25:06 GMT
via: 1.1 varnish
strict-transport-security: max-age=31536000; includeSubdomains
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
cache-control: private, max-age=3600
server: snooserv
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.2, "failure_fraction": 0.2}
content-length: 1074
X-Firefox-Spdy: h2
api.flattr.com/js/0.6/load.js?mode=auto&ver=6.0.3
104.26.11.251301 Moved Permanently 178 B URL HTTP/2 api.flattr.com/js/0.6/load.js?mode=auto&ver=6.0.3
IP 104.26.11.251:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
GET /js/0.6/load.js?mode=auto&ver=6.0.3 HTTP/1.1
Host: api.flattr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.regionic.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Sat, 05 Nov 2022 00:25:06 GMT
content-type: text/html
content-length: 178
location: https://button.flattr.com/loader.js?mode=auto&ver=6.0.3
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WyMKd5MUHyWACoU0c45%2BT%2B9y3Umo%2BcOdKZEfkCp3dUGZ0OVOahl8PjITbPhwX9CWBySK%2FHHjOyFnzODAJ5zAvbvMgNIFMpAB6SG43kaj7tR6DhvBCKkYc5P%2BlABRiVsK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76517347dc2ab4fd-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash de9472a389173fcda47a2ee9e31e46fb
46e8532c2ecf70a5f5846cb4593435c96f591613
f30b77c73b3c245e3de35141a0f22100a25d8719f223d9838b0a54b681c25fd9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 9
Cache-Control: max-age=170667
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 00:25:06 GMT
Etag: "6365a504-117"
Expires: Sun, 06 Nov 2022 23:49:33 GMT
Last-Modified: Fri, 04 Nov 2022 23:49:24 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 279
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e35265d5ba654dd8803b3d4a50f4c978
3df37cb947a7689dca3d75cfd47a0bcae5a9b67c
c401cbe6b71d6d03007beb911a517b6dae79834b1ec96360e0af1937ec45a5f2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C401CBE6B71D6D03007BEB911A517B6DAE79834B1EC96360E0AF1937EC45A5F2"
Last-Modified: Thu, 03 Nov 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Sat, 05 Nov 2022 06:25:06 GMT
Date: Sat, 05 Nov 2022 00:25:06 GMT
Connection: keep-alive
www.tipy.com/button_compact.gif
3.74.170.143404 Not Found 232 B URL HTTP/1.1 www.tipy.com/button_compact.gif
IP 3.74.170.143:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 328f87671c7c5a894d4f38b85b3d326b
8fea1b85bc8727669266925e412d94b74a07da38
d3dad34c1bffe93e3ec8a432f171db4a1da94b103966c11f277da95157a08ec5
GET /button_compact.gif HTTP/1.1
Host: www.tipy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.regionic.info/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 404 Not Found
Server: nginx/1.14.2
Date: Sat, 05 Nov 2022 00:25:06 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 46d688b0a27bb180c434021216c7b777
57d4fa20828639db316bb6ec73bd36e2d599c541
84dd4150cf078072605d7efbfbb1bbc6956c047ecc366f91240bc5de29302eda
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "84DD4150CF078072605D7EFBFBB1BBC6956C047ECC366F91240BC5DE29302EDA"
Last-Modified: Fri, 04 Nov 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21541
Expires: Sat, 05 Nov 2022 06:24:07 GMT
Date: Sat, 05 Nov 2022 00:25:06 GMT
Connection: keep-alive
push.services.mozilla.com/
34.214.17.205101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.214.17.205:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: fTx0QY0903QsnT2fbYTLhA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: /2Tl6JGRJuHy8a4ZsM17OlKXKOQ=
button.flattr.com/loader.js?mode=auto&ver=6.0.3
104.26.11.251301 Moved Permanently 178 B URL HTTP/2 button.flattr.com/loader.js?mode=auto&ver=6.0.3
IP 104.26.11.251:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
GET /loader.js?mode=auto&ver=6.0.3 HTTP/1.1
Host: button.flattr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.regionic.info/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
date: Sat, 05 Nov 2022 00:25:07 GMT
content-type: text/html
content-length: 178
location: https://flattr.com
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jeLvfIEPHDhcT9Cq2Js4843Dq2VwYM7uMlwI985Db89hDBC13mvBxZHLldy9zEXiPvLFmP0eWp7ci5ysZ6679Y6tW67a%2BOad5JZdWVksbs%2FyZ3xzk%2Bc8SKOgsywJpoM%2F6RUs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 765173497d86b4fd-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 522c65ccf9f6267c2a6532c0a81944d7
dc3bff29381768c606e3fa4a93a3fa7fd77d2246
caf09f480593e791f78b5466336ff68d4af2c60f486df881cbd797824987f983
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 05 Nov 2022 00:25:07 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 03 Nov 2022 20:43:23 GMT
Expires: Thu, 10 Nov 2022 20:43:22 GMT
Etag: "dc3bff29381768c606e3fa4a93a3fa7fd77d2246"
Cache-Control: max-age=504494,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76517349dc3b0af6-OSL
www.learningtoolkit.club/link.php?zzz=4
52.8.134.32301 Moved Permanently 0 B URL HTTP/1.1 www.learningtoolkit.club/link.php?zzz=4
IP 52.8.134.32:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET /link.php?zzz=4 HTTP/1.1
Host: www.learningtoolkit.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.regionic.info
Connection: keep-alive
Referer: http://www.regionic.info/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Date: Sat, 05 Nov 2022 0:25:05 GMT
Connection: Keep-Alive
Content-Length: 0
X-Frame-Options: SAMEORIGIN
Cache-Control: private, no-cache, no-store, max-age=0
Expires: Mon, 01 Jan 1990 0:00:00 GMT
Location: https://www.businessmagazine.org
www.regionic.info/jmb/wp-includes/js/wp-emoji-release.min.js?ver=6.0.3
83.166.138.58200 OK 5.0 kB URL HTTP/1.1 www.regionic.info/jmb/wp-includes/js/wp-emoji-release.min.js?ver=6.0.3
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
File type ASCII text, with very long lines (15660)
Hash e6624e0b978e6ddba476be41aaaa82df
822e920d8233072110ed7c8a7f379e5b13209b18
dac86a9ce08e4d8cded47b4fa900a664b0c997d8910c2a1be54a423678925a41
Analyzer Verdict Alert fortinet Phishing
GET /jmb/wp-includes/js/wp-emoji-release.min.js?ver=6.0.3 HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/?p=18298
HTTP/1.1 200 OK
Date: Sat, 05 Nov 2022 00:25:07 GMT
Server: Apache
Last-Modified: Tue, 21 Jun 2022 06:43:55 GMT
ETag: "48b9-5e1ef8b690f13-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5009
Content-Type: application/javascript
www.learningtoolkit.club/link.php?zzz=5
52.8.134.32301 Moved Permanently 0 B URL HTTP/1.1 www.learningtoolkit.club/link.php?zzz=5
IP 52.8.134.32:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET /link.php?zzz=5 HTTP/1.1
Host: www.learningtoolkit.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.regionic.info
Connection: keep-alive
Referer: http://www.regionic.info/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Date: Sat, 05 Nov 2022 0:25:05 GMT
Connection: Keep-Alive
Content-Length: 0
X-Frame-Options: SAMEORIGIN
Cache-Control: private, no-cache, no-store, max-age=0
Expires: Mon, 01 Jan 1990 0:00:00 GMT
Location: https://www.businessmagazine.org
platform.tumblr.com/v1/share.js?ver=6.0.3
74.114.154.15200 OK 87 B URL HTTP/2 platform.tumblr.com/v1/share.js?ver=6.0.3
IP 74.114.154.15:0
Hash 1f16898ef70a9da75fdc5f405c598d68
b4e915f5e0765790e3a95bee38d1e998a9044090
9f628bdb3023f4946de71caff8501354c0d237270a4d4726f3cb015d23cb9f0c
GET /v1/share.js?ver=6.0.3 HTTP/1.1
Host: platform.tumblr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.regionic.info/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty
date: Sat, 05 Nov 2022 00:25:07 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sun, 21 Aug 2022 06:27:38 GMT
vary: Accept-Encoding
etag: W/"6301d05a-60"
expires: Sat, 05 Nov 2022 01:25:07 GMT
pragma: public
content-encoding: br
cache-control: max-age=3600, immutable
timing-allow-origin: *
access-control-allow-origin: *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 5e5c226a5c78ef659c93a08d2ff8e90c
ee533cf92dcbfac95911e274a69fe4246593e3de
30f58ed6c42dcf92550d88e8b0238b19e60c7e0f69f806444ca7ce81d0cdcaa2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "30F58ED6C42DCF92550D88E8B0238B19E60C7E0F69F806444CA7CE81D0CDCAA2"
Last-Modified: Fri, 04 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Sat, 05 Nov 2022 06:25:07 GMT
Date: Sat, 05 Nov 2022 00:25:07 GMT
Connection: keep-alive
www.learningtoolkit.club/link.php?zzz=4
52.8.134.32301 Moved Permanently 0 B URL HTTP/1.1 www.learningtoolkit.club/link.php?zzz=4
IP 52.8.134.32:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET /link.php?zzz=4 HTTP/1.1
Host: www.learningtoolkit.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.regionic.info
Connection: keep-alive
Referer: http://www.regionic.info/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Date: Sat, 05 Nov 2022 0:25:05 GMT
Connection: Keep-Alive
Content-Length: 0
X-Frame-Options: SAMEORIGIN
Cache-Control: private, no-cache, no-store, max-age=0
Expires: Mon, 01 Jan 1990 0:00:00 GMT
Location: https://www.businessmagazine.org
cdnjs.cloudflare.com/ajax/libs/json2/20121008/json2.min.js
104.17.24.14200 OK 1.3 kB URL HTTP/1.1 cdnjs.cloudflare.com/ajax/libs/json2/20121008/json2.min.js
IP 104.17.24.14:0
File type ASCII text, with very long lines (3385), with no line terminators
Hash 9dcd98b378b18da87ab0b80928cab48a
2daa54c68961571f76c9cf230f2c469079ba4629
1766ef15d29039deb1168ca7e34a98cc3b094f7a0d74475216c3696af5d6d6b9
GET /ajax/libs/json2/20121008/json2.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/
HTTP/1.1 200 OK
Date: Sat, 05 Nov 2022 00:25:07 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 1347
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=30672000
Content-Encoding: gzip
ETag: "5eb03ec8-d39"
Last-Modified: Mon, 04 May 2020 16:11:52 GMT
cf-cdnjs-via: cfworker/kv
Cross-Origin-Resource-Policy: cross-origin
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
CF-Cache-Status: HIT
Age: 29811
Expires: Thu, 26 Oct 2023 00:25:07 GMT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HWgwwxDvWaBFLJXbS8bAOgxb0aRere9EywfJak3EvAbyDaztdsjQve14NwEgNiBviujcqGJ7kqCQmkk%2BWlxfXdCwvWRNfdwJNvIt5b3KtFv8Jh7%2BRmW%2FnqgNtOG9PnOCZx2FiZ5X"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 765173509e57b4f1-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
button.buffer.com/button/?id=d7fe5ba116051c2b&url=http%3A%2F%2Fwww.regionic.info%2Fjmb%2F%3Fp%3D18298&text=Facts%20About%20Electric%20Cars&count=horizontal&placement=button&utm_source=http%3A%2F%2Fwww.regionic.info%2Fjmb%2F%3Fp%3D18298&utm_medium=buffer_button&utm_campaign=buffer
104.16.141.52301 Moved Permanently 0 B URL HTTP/1.1 button.buffer.com/button/?id=d7fe5ba116051c2b&url=http%3A%2F%2Fwww.regionic.info%2Fjmb%2F%3Fp%3D18298&text=Facts%20About%20Electric%20Cars&count=horizontal&placement=button&utm_source=http%3A%2F%2Fwww.regionic.info%2Fjmb%2F%3Fp%3D18298&utm_medium=buffer_button&utm_campaign=buffer
IP 104.16.141.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /button/?id=d7fe5ba116051c2b&url=http%3A%2F%2Fwww.regionic.info%2Fjmb%2F%3Fp%3D18298&text=Facts%20About%20Electric%20Cars&count=horizontal&placement=button&utm_source=http%3A%2F%2Fwww.regionic.info%2Fjmb%2F%3Fp%3D18298&utm_medium=buffer_button&utm_campaign=buffer HTTP/1.1
Host: button.buffer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sat, 05 Nov 2022 00:25:07 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 05 Nov 2022 01:25:07 GMT
Location: https://button.buffer.com/button/?id=d7fe5ba116051c2b&url=http%3A%2F%2Fwww.regionic.info%2Fjmb%2F%3Fp%3D18298&text=Facts%20About%20Electric%20Cars&count=horizontal&placement=button&utm_source=http%3A%2F%2Fwww.regionic.info%2Fjmb%2F%3Fp%3D18298&utm_medium=buffer_button&utm_campaign=buffer
Set-Cookie: __cf_bm=yCAd_JHCI8v5JAElmyyaJOIfNOPN9_DTxv_BfXgJ_wg-1667607907-0-AU6RGlUYxJ+93CzMSJSv2csoiXvvLPINOYhg6uykStN2aA6IarcC2dPNwnT8fQphoC3kQMbVlRiwW3UR0FVE6XU=; path=/; expires=Sat, 05-Nov-22 00:55:07 GMT; domain=.buffer.com; HttpOnly; SameSite=None
Server-Timing: cf-q-config;dur=3.9999995351536e-06
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 76517350cdacb527-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
www.tipy.com/button.js
3.74.170.143404 Not Found 232 B IP 3.74.170.143:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 328f87671c7c5a894d4f38b85b3d326b
8fea1b85bc8727669266925e412d94b74a07da38
d3dad34c1bffe93e3ec8a432f171db4a1da94b103966c11f277da95157a08ec5
GET /button.js HTTP/1.1
Host: www.tipy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.regionic.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 404 Not Found
Server: nginx/1.14.2
Date: Sat, 05 Nov 2022 00:25:07 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
www.hyves.nl/respect/button?url=http://www.regionic.info/jmb/?p=18298
172.67.161.202301 Moved Permanently 0 B URL HTTP/1.1 www.hyves.nl/respect/button?url=http://www.regionic.info/jmb/?p=18298
IP 172.67.161.202:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /respect/button?url=http://www.regionic.info/jmb/?p=18298 HTTP/1.1
Host: www.hyves.nl
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sat, 05 Nov 2022 00:25:07 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 05 Nov 2022 01:25:07 GMT
Location: https://hyvesgames.nl/forwarded
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VT0ruAVqJNi%2BOQX26%2FctbYRtYsKElzKK1UIZCbvRfKwcAqk1vRYxw98BWdZkOrMOF69vyCjFPMffI1fn5Ibbx9YbSNZYP5pgXZ%2Bi%2BPN62yoD1AAMVBR2B5rvnkh5H8M%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76517350eacb1c12-OSL
alt-svc: h2=":443"; ma=60
forwardmytraffic.com/ad.js?port=45
192.102.6.94200 OK 1.6 kB URL HTTP/1.1 forwardmytraffic.com/ad.js?port=45
IP 192.102.6.94:0
Hash 95f0a73b272fff52d9b2c64de81eab3b
262fb7350808a4b279ba9398e1be190270a5a4e1
deb41c7ffc22ae24e9979b0bfc0f112858bbd66e7ee8f776f19ecd12ca430659
GET /ad.js?port=45 HTTP/1.1
Host: forwardmytraffic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.regionic.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.14.1
Date: Sat, 05 Nov 2022 00:25:07 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.3.4
www.tipy.com/button_compact.gif
3.74.170.143404 Not Found 232 B URL HTTP/1.1 www.tipy.com/button_compact.gif
IP 3.74.170.143:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 328f87671c7c5a894d4f38b85b3d326b
8fea1b85bc8727669266925e412d94b74a07da38
d3dad34c1bffe93e3ec8a432f171db4a1da94b103966c11f277da95157a08ec5
GET /button_compact.gif HTTP/1.1
Host: www.tipy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.regionic.info/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 404 Not Found
Server: nginx/1.14.2
Date: Sat, 05 Nov 2022 00:25:08 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
www.regionic.info/jmb/wp-content/plugins/really-simple-facebook-twitter-share-buttons/images/facebook-share.png
83.166.138.58200 OK 838 B URL HTTP/1.1 www.regionic.info/jmb/wp-content/plugins/really-simple-facebook-twitter-share-buttons/images/facebook-share.png
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash 95f675e77a2c67a004771ee5d7dce1ee
74151d65e20475ac234287288c56ab2f370f502b
6a0b082d7f6c52899ed6d19d85676486c4a9a37894b7e0daaaeaf065929ab026
GET /jmb/wp-content/plugins/really-simple-facebook-twitter-share-buttons/images/facebook-share.png HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/wp-content/plugins/really-simple-facebook-twitter-share-buttons/style.css?ver=6.0.3
HTTP/1.1 200 OK
Date: Sat, 05 Nov 2022 00:25:08 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade
Last-Modified: Fri, 04 Mar 2016 14:16:19 GMT
ETag: "346-52d39c24152c0"
Accept-Ranges: bytes
Content-Length: 838
Content-Type: image/png
www.regionic.info/jmb/wp-content/themes/twentyten/images/wordpress.png
83.166.138.58200 OK 794 B URL HTTP/1.1 www.regionic.info/jmb/wp-content/themes/twentyten/images/wordpress.png
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
File type PNG image data, 16 x 16, 8-bit colormap, non-interlaced\012- data
Hash f51375d00e7d0a70c801c6256d432d3b
313aff1fffa73433673203db25ff4154d07511e2
61d00189e16b4ae467e9f3283ccf459d666950277c866c82f337534951b50f51
GET /jmb/wp-content/themes/twentyten/images/wordpress.png HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/wp-content/themes/twentyten/style.css
HTTP/1.1 200 OK
Date: Sat, 05 Nov 2022 00:25:08 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade
Last-Modified: Fri, 04 Mar 2016 14:18:20 GMT
ETag: "31a-52d39c977a300"
Accept-Ranges: bytes
Content-Length: 794
Content-Type: image/png
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 24c11e24e9cd62348fcd914e3b07d73b
c17079ce9d5e2b8634e686c5ee56c7d91f17040a
c087d448be034ad9a4ebfee6aff7f7b8d57ebb7084b07b488a16dff3ac4a41ec
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=163079
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 00:25:08 GMT
Etag: "6365876b-118"
Expires: Sun, 06 Nov 2022 21:43:07 GMT
Last-Modified: Fri, 04 Nov 2022 21:43:07 GMT
Server: nginx
Content-Length: 280
www.regionic.info/jmb/wp-content/uploads/2012/03/bmask_pedjo_blanc_301.png
83.166.138.58200 OK 61 kB URL HTTP/1.1 www.regionic.info/jmb/wp-content/uploads/2012/03/bmask_pedjo_blanc_301.png
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
File type PNG image data, 138 x 237, 8-bit/color RGB, non-interlaced\012- data
Hash b74ef2596fd00a4b03c23aa91d9c92cf
4f5bc4506d9d95e1999b9088bd2acbe529c20707
ebb9cb51888811438828a39576992f273077047babbb1951c6a666b913fffcad
GET /jmb/wp-content/uploads/2012/03/bmask_pedjo_blanc_301.png HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/?p=18298
HTTP/1.1 200 OK
Date: Sat, 05 Nov 2022 00:25:08 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade
Last-Modified: Fri, 09 Mar 2012 17:32:38 GMT
ETag: "eda1-4bad2c7649980"
Accept-Ranges: bytes
Content-Length: 60833
Content-Type: image/png
www.redditstatic.com/button/button1.html?url=http%3A%2F%2Fwww.regionic.info%2Fjmb%2F%3Fp%3D18298
151.101.85.140200 OK 1.7 kB URL HTTP/1.1 www.redditstatic.com/button/button1.html?url=http%3A%2F%2Fwww.regionic.info%2Fjmb%2F%3Fp%3D18298
IP 151.101.85.140:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1522)
Hash 4a408b7d64f2c0937eb0d1b944e3229e
e9edc11acdf9d5ae0357b680590d3dc719bf0adc
91aee29aee50d42c1a027a0c9b82f759847e37b6027af3d7b96ccf68db3fe685
GET /button/button1.html?url=http%3A%2F%2Fwww.regionic.info%2Fjmb%2F%3Fp%3D18298 HTTP/1.1
Host: www.redditstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 1709
Last-Modified: Wed, 30 Jul 2014 19:09:19 GMT
ETag: "ce91c4f683d32f8907f0e97f3fb93696"
Expires: Thu, 31 Dec 2037 23:59:59 GMT
Content-Type: text/html
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Sat, 05 Nov 2022 00:25:08 GMT
Vary: Accept-Encoding,Origin
Server: snooserv
Report-To: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}
NEL: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
odnaknopka.ru/ok9.js
142.132.202.70200 OK 143 B IP 142.132.202.70:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with CRLF line terminators
Hash 01d104f1d2a961f6fc241ec08ba1af54
2e9f73a9137283c94c79bff44fd10f5b1a2738b6
f70c6e0720a4769e224d4ceb25d9908ae0f9da93dac347971cac311be73b1022
GET /ok9.js HTTP/1.1
Host: odnaknopka.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 05 Nov 2022 00:25:08 GMT
Content-Type: text/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
ETag: 57db8b555f2f70eab267bf9167cee7ba
www.redditstatic.com/button/button-embed.js
151.101.85.140200 OK 983 B URL HTTP/1.1 www.redditstatic.com/button/button-embed.js
IP 151.101.85.140:0
Hash 894ad3ef79db45d25e29d456dc0d4749
44560c5236cc799ab5cb2e9aa39dfe85d2d9b120
d61a96c13920a9de38d7d426dde2c890535856bda84a26845dc0272f05b33e2d
GET /button/button-embed.js HTTP/1.1
Host: www.redditstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.redditstatic.com/button/button1.html?url=http%3A%2F%2Fwww.regionic.info%2Fjmb%2F%3Fp%3D18298
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 983
Last-Modified: Wed, 22 Oct 2014 17:47:37 GMT
ETag: "f6e79e0098bfda54ca2e0e02da223645"
Expires: Thu, 31 Dec 2037 23:59:59 GMT
Content-Type: application/javascript
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Sat, 05 Nov 2022 00:25:08 GMT
Vary: Accept-Encoding,Origin
Server: snooserv
Report-To: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}
NEL: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 24c11e24e9cd62348fcd914e3b07d73b
c17079ce9d5e2b8634e686c5ee56c7d91f17040a
c087d448be034ad9a4ebfee6aff7f7b8d57ebb7084b07b488a16dff3ac4a41ec
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 0
Cache-Control: max-age=163079
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 00:25:08 GMT
Etag: "6365876b-118"
Expires: Sun, 06 Nov 2022 21:43:07 GMT
Last-Modified: Fri, 04 Nov 2022 21:43:07 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 280
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f6ae0db60213bfddbf2ad71a9fb116bf
915d2895adc3f022c28cc628aeb6e441cbb09d47
ac94f3fd00f0f8f8617d15a3816b07d25d3774e91b287ac181e5efb4ebf95e22
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AC94F3FD00F0F8F8617D15A3816B07D25D3774E91B287AC181E5EFB4EBF95E22"
Last-Modified: Thu, 03 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9314
Expires: Sat, 05 Nov 2022 03:00:22 GMT
Date: Sat, 05 Nov 2022 00:25:08 GMT
Connection: keep-alive
hyvesgames.nl/forwarded/
172.67.215.15200 OK 7.9 kB IP 172.67.215.15:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (9693)
Hash a1c0ee307b6cc1836bb252d9cec6957b
b4a137cd69323a63abd2339372ad0a32bfcba954
b8df7fe7969bcbd0fb2f92735ec450ffeeb991f10dc7e6eb4f8ab25ad8a3d72d
GET /forwarded/ HTTP/1.1
Host: hyvesgames.nl
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.regionic.info/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 05 Nov 2022 00:25:08 GMT
content-type: text/html
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
last-modified: Thu, 03 Nov 2022 19:45:12 GMT
vary: Accept-Encoding
p3p: CP="IDC DSP DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS UNI NAV INT PRE", CP="NOI DSP COR NID PSA ADM OUR IND NAV COM"
content-security-policy: sandbox allow-same-origin allow-scripts allow-orientation-lock allow-pointer-lock allow-forms allow-popups allow-top-navigation-by-user-activation;
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ccLzqRoDSC7kg77zF2RUjOs%2B4G%2B1lBzJ7f%2FaeRM5FgPLbsHKaKUYFysaEt0OfJE8cffNz39URH87ZLLif2iISGva3M0bJOLkcIOdX4APiGZ57boMENY3QPNzLAI36OOk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 765173520bbdb4ee-OSL
content-encoding: br
X-Firefox-Spdy: h2
odnaknopka.ru/stat.js
142.132.202.70200 OK 770 B IP 142.132.202.70:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with CRLF, LF line terminators
Hash 7eacaf250dbd0591c41a707705fdab46
fdde9a591bab0be71b3ba7a98b4a418d52ef760b
0599d1678c7d235c258d74876dc842f187fc0dd0660ee4a744341fcfd00eac5f
GET /stat.js HTTP/1.1
Host: odnaknopka.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 05 Nov 2022 00:25:08 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff96da6f9-536c-48c1-bafa-3f133749368c.jpeg
34.120.237.76200 OK 5.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff96da6f9-536c-48c1-bafa-3f133749368c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a5b4e91e11387354ae4208f1cc27e4dd
c904608373d3e938b09a5ed82a51c2e43f13452d
2b967cacc0433762c074cfa0e032c2694171d221c004ac9465027a8667f9207f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff96da6f9-536c-48c1-bafa-3f133749368c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5626
x-amzn-requestid: 04db4275-3da4-44dd-abca-a388803d9413
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bGHxIGfXIAMFqZA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6365866d-3f8c4f1b5066f090713f79fc;Sampled=0
x-amzn-remapped-date: Fri, 04 Nov 2022 21:38:53 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: VCxlPpzsyzwU8uwtWp-EeGUISVwkHfT8Q2dd4pyHlPy7UcSzPFq7qw==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 b13f158bdf9805ca47e07c0c35870c12.cloudfront.net (CloudFront), 1.1 google
date: Fri, 04 Nov 2022 21:59:01 GMT
age: 8767
etag: "c904608373d3e938b09a5ed82a51c2e43f13452d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F28a5f5ce-bd81-4e56-bd1b-460e13379581.jpeg
34.120.237.76200 OK 7.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F28a5f5ce-bd81-4e56-bd1b-460e13379581.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7a3b1551512640bb8f5e7deb80c32272
75805b9f03aef14cfad025259936ae5f217d25ca
5baa90853202e78cf9b59e9ab597e16ccfbf143d7e124583e64dc1ad1ee2c2df
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F28a5f5ce-bd81-4e56-bd1b-460e13379581.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7783
x-amzn-requestid: ab7cc6ee-976d-41a4-b5da-0aefd5cb6246
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bEJnzH15oAMFlwA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6364bc98-68f910b60bd5ecaf2947c59a;Sampled=0
x-amzn-remapped-date: Fri, 04 Nov 2022 07:17:44 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: JnvKcym5f71Ra_ZHzkTXnU7Fa3D5zBFK9JFKXA_A3G98jN9r3Jikyw==
via: 1.1 95b0ac620fa3a80ee590ecf1cda1c698.cloudfront.net (CloudFront), 1.1 91356d2137f5a7345e93da4516c49ec4.cloudfront.net (CloudFront), 1.1 google
date: Fri, 04 Nov 2022 10:36:52 GMT
age: 49696
etag: "75805b9f03aef14cfad025259936ae5f217d25ca"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
buttons.reddit.com/button_info.json?jsonp=buttonEmbed.parseSubmission&url=http%3A%2F%2Fwww.regionic.info%2Fjmb%2F%3Fp%3D18298
151.101.85.140404 Not Found 13 B URL HTTP/1.1 buttons.reddit.com/button_info.json?jsonp=buttonEmbed.parseSubmission&url=http%3A%2F%2Fwww.regionic.info%2Fjmb%2F%3Fp%3D18298
IP 151.101.85.140:0
File type ASCII text, with no line terminators
Hash 1e6cd917ed71a1241e4bedc29264bd98
5b65037351caeb0e5a48d963d7ffa88d0271d546
7d04f7431bbfa41a04bcc7e6b98b9de0d919756c4c671c5785c99fff45f16402
GET /button_info.json?jsonp=buttonEmbed.parseSubmission&url=http%3A%2F%2Fwww.regionic.info%2Fjmb%2F%3Fp%3D18298 HTTP/1.1
Host: buttons.reddit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.redditstatic.com/
HTTP/1.1 404 Not Found
Connection: close
Content-Length: 13
Server: Varnish
Retry-After: 0
Content-Type: text/plain
Accept-Ranges: bytes
Date: Sat, 05 Nov 2022 00:25:08 GMT
Via: 1.1 varnish
X-Served-By: cache-bma1662-BMA
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1667607908.241612,VS0,VE0
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8b19a2f3-4e39-45b1-a802-aa79f81a8a31.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8b19a2f3-4e39-45b1-a802-aa79f81a8a31.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5a3f235a8a6a70aea08ca45b9025f073
3388d99d480ba57fae4a0ebef3e29a5a9faa3cfc
4afbfa5bd1748be41737f5471ef04f9900cdf8dbc7a9a96e4dc67cc845b3b25e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8b19a2f3-4e39-45b1-a802-aa79f81a8a31.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7517
x-amzn-requestid: c0a49a26-ceff-4eb4-b7ad-5dc8da5b9a66
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ajK86HsOoAMFfFg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63578b85-405cb2a5451f04986800202a;Sampled=0
x-amzn-remapped-date: Tue, 25 Oct 2022 07:08:53 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: yzpB1I6cBnexRUBaJCu-_klUHgw7QgerTjBjwgrO-RtKVWfsWhudTQ==
via: 1.1 65cd593770fc4ba0453da1c7897f675c.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 04 Nov 2022 10:27:08 GMT
age: 50280
etag: "3388d99d480ba57fae4a0ebef3e29a5a9faa3cfc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3494b1e3-ddc8-454c-8b43-e70e2d8f07b8.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3494b1e3-ddc8-454c-8b43-e70e2d8f07b8.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2ae2b8d827fb2c8bef64febcd36f1645
f7705fcd2d91ce90c58e79324cce1e3abba6c1c8
2dc55e97ef3a85fccb104b80161a8bac16b12d37527c336563677432584c7ad5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3494b1e3-ddc8-454c-8b43-e70e2d8f07b8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11421
x-amzn-requestid: 8436166b-f342-44e9-9a31-e25dcaa7b85c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: a2gEOEYRIAMFQ2g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635f46e7-0616a6b95503fffd4f597509;Sampled=0
x-amzn-remapped-date: Mon, 31 Oct 2022 03:54:15 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: g3OtcJnT2JfzIAvUjoLvC8pOzfwGFQ-M0cH4uwNSVcr2T9jYgCihTw==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Fri, 04 Nov 2022 23:22:55 GMT
age: 3733
etag: "f7705fcd2d91ce90c58e79324cce1e3abba6c1c8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ba524bd-ef85-4f86-8f19-39ca866c6ef3.jpeg
34.120.237.76200 OK 3.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ba524bd-ef85-4f86-8f19-39ca866c6ef3.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e6627701fe981336792076df0c21937b
39da4f78058b565bfcaad4ced6f1b59a2bf6a421
aad9c8d5dbf34cbfc79bd5a69eb84e83880991f6765b955195b8ab515cab076b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ba524bd-ef85-4f86-8f19-39ca866c6ef3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3898
x-amzn-requestid: aa30ce03-5fea-431d-a8ba-f1f1f6a7313d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: a5se8GMjIAMFgxA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63608df9-5f607dee71fc5ea4688e10ad;Sampled=0
x-amzn-remapped-date: Tue, 01 Nov 2022 03:09:45 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Vl8Bsc1ci0dxMVKklWFgBLfHfAWrtMuRKsBfBwJli2kn_tHJJzSN8w==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 e95ec8f1dc02e32f0cb9e113963ceb4e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 04 Nov 2022 01:06:49 GMT
age: 83899
etag: "39da4f78058b565bfcaad4ced6f1b59a2bf6a421"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ee033d1-8a42-4b16-a163-50e55463bebf.jpeg
34.120.237.76200 OK 7.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ee033d1-8a42-4b16-a163-50e55463bebf.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3a3f762e3ae167546e31b6d5e0f2840a
204aff3eb3b4c891a362dc57d025874513deb86d
ccb66543a3ea08e23cbd2dc2ddaf1751ad5c2a7fcf6ee4ef153599859ed062c6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ee033d1-8a42-4b16-a163-50e55463bebf.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7010
x-amzn-requestid: 5f6f3a92-1993-4497-bbaa-916c92b22929
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: amew5FHFoAMF7-Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6358de6b-2547529c1f5fadc64415b9ad;Sampled=0
x-amzn-remapped-date: Wed, 26 Oct 2022 07:14:51 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: ZCsPJot68VtyAMcWAAJNjJlE4iUYSNHtXcoAPK2ANJyDU85MA0DFcw==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Fri, 04 Nov 2022 07:26:20 GMT
age: 61128
etag: "204aff3eb3b4c891a362dc57d025874513deb86d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash d9013967c68565e051f403f2ab673662
9c54b7025b0b5cf71bb85cf5c3a9c873a79b2738
8e0d99b56a4a8f2c2d5d8642da0f85b0fcdf6888cb3536ae61ff143d577c956a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3296
Cache-Control: max-age=108747
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 00:25:08 GMT
Etag: "6364a64f-117"
Expires: Sun, 06 Nov 2022 06:37:35 GMT
Last-Modified: Fri, 04 Nov 2022 05:42:39 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 279
st.automobilemag.com/uploads/sites/11/2019/08/Tesla-pickup.jpg
104.84.152.241200 OK 187 kB URL HTTP/1.1 st.automobilemag.com/uploads/sites/11/2019/08/Tesla-pickup.jpg
IP 104.84.152.241:0
ASN #20940 Akamai International B.V.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 2048x1152, components 3\012- data
Size 187 kB (186953 bytes)
Hash cd6761321c7ca4cd7ab2345e82077028
212fef2b203ad0d453b091e9b185d5ddfb41cb03
e158d5fadc556bf6863fc9d1e57dd28473ba03437cf04bd6e5812de42d422af4
GET /uploads/sites/11/2019/08/Tesla-pickup.jpg HTTP/1.1
Host: st.automobilemag.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/
HTTP/1.1 200 OK
Server: Akamai Image Server
Last-Modified: Wed, 06 Jul 2022 05:57:40 GMT
ETag: "a03f20dae3b6d2f731aab82a04fe7c7b"
Content-Type: image/jpeg
Content-Length: 186953
Cache-Control: private, no-transform, max-age=300
Expires: Sat, 05 Nov 2022 00:30:07 GMT
Date: Sat, 05 Nov 2022 00:25:07 GMT
Connection: keep-alive
Access-Control-Max-Age: 86400
Access-Control-Allow-Credentials: false
Access-Control-Allow-Headers: *
Access-Control-Allow-Methods: GET,POST
Access-Control-Allow-Origin: *
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a60b2c063dd13b61c4622de132c7b1f9
6d26c60b00cd63ea42ccfea4b307622746b22747
0e98c813df705afd5bfe7e1bd8e5fe6558926a96b6dff9fd463068fad283a295
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E98C813DF705AFD5BFE7E1BD8E5FE6558926A96B6DFF9FD463068FAD283A295"
Last-Modified: Fri, 04 Nov 2022 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5379
Expires: Sat, 05 Nov 2022 01:54:47 GMT
Date: Sat, 05 Nov 2022 00:25:08 GMT
Connection: keep-alive
assets.pinterest.com/js/pinit.js
151.101.84.84200 OK 290 B URL HTTP/1.1 assets.pinterest.com/js/pinit.js
IP 151.101.84.84:0
File type ASCII text, with very long lines (361), with no line terminators
Hash 82bfd941d2c9b3b9e0650a27c9d11737
2eb742a101e79067c9df4d15b518bde85e8eeb2e
3f6e9b85ad3ee165ec6c9587d98d2a43588f7ba0f63d31ad019a0d4cbfd3f3d1
GET /js/pinit.js HTTP/1.1
Host: assets.pinterest.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 290
ETag: "82bfd941d2c9b3b9e0650a27c9d11737"
Content-Encoding: gzip
Content-Type: application/javascript; charset=utf-8
X-CDN: fastly
alt-svc: h3=":443";ma=600,h3-29=":443";ma=600,h3-27=":443";ma=600
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Max-Age: 86400
Access-Control-Expose-Headers: X-CDN
Vary: Accept-Encoding, Origin
Cache-Control: max-age=300
date: Sat, 05 Nov 2022 00:25:08 GMT
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 32f8c23b45506c242e684cbc332c83df
33793b63e369a62a2d8030f347f6a5349827ee21
292c8d9f0d76e157df27f2ca0a0d41d4b437607a12c0880c67bf1733aec24db7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "292C8D9F0D76E157DF27F2CA0A0D41D4B437607A12C0880C67BF1733AEC24DB7"
Last-Modified: Thu, 03 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9533
Expires: Sat, 05 Nov 2022 03:04:01 GMT
Date: Sat, 05 Nov 2022 00:25:08 GMT
Connection: keep-alive
connect.facebook.net/fr_FR/sdk.js
157.240.240.1200 OK 1.7 kB URL HTTP/1.1 connect.facebook.net/fr_FR/sdk.js
IP 157.240.240.1:0
File type ASCII text, with very long lines (1961)
Hash c6d10ad75013c791b0f2b06703fd833f
7c1d0a0067a17ec72493a57afcdc66309faeaca7
d38de626a71823dafee819b9c5ca9da1a9746f1fb191f5d170cf3ecea908f76d
GET /fr_FR/sdk.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/
HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Expose-Headers: X-FB-Content-MD5
x-fb-content-md5: 3edaba2f9894a0815323b9f4c7e906af
ETag: "3bf90d5f0754268d2f893659551f2512"
Content-Type: application/x-javascript; charset=utf-8
timing-allow-origin: *
Access-Control-Allow-Origin: *
cross-origin-resource-policy: cross-origin
Expires: Sat, 05 Nov 2022 00:40:13 GMT
Cache-Control: public,max-age=1200,stale-while-revalidate=3600
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
X-Content-Type-Options: nosniff
x-fb-rlafr: 0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=31536000; preload; includeSubDomains
Content-MD5: xtEK11ATx5Gw8rBnA/2DPw==
X-FB-Debug: ZnNPCelnrlBShqrwXj+XMnFDz9gdf2nNkRbXjUAAFC9Y0RDg+6NfqIMCYWjitJGEcPfdQXU0K/ScEvMO3eQabg==
X-FB-TRIP-ID: 1679558926
Date: Sat, 05 Nov 2022 00:25:08 GMT
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 1686
www.regionic.info/favicon.ico
83.166.138.58404 Not Found 513 B URL HTTP/1.1 www.regionic.info/favicon.ico
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Hash e0640c95d0fc6b7a735a5d2baf676660
e6d90be255108401c93d14421bc8a4d29112b52f
b01e87d193e77bc8cde43397dfb7892b153ce6aab744f4bc6406d854c97e6265
GET /favicon.ico HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/?p=18298
HTTP/1.1 404 Not Found
Date: Sat, 05 Nov 2022 00:25:08 GMT
Server: Apache
Last-Modified: Wed, 18 Apr 2007 14:03:27 GMT
ETag: "201-42e638ce069c0;5c39cb01f3d05
Accept-Ranges: bytes
Content-Length: 513
Content-Type: text/html
static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993
104.16.57.101200 OK 7.1 kB URL HTTP/2 static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993
IP 104.16.57.101:0
Hash bffc0ac0b8ff1c4ec39f6677f1306190
f517143e89fbc85074b9e80b8d362aa739f69476
c7710dfb8a00885f2ca2df300edc09f59796024b80b1f25eb17f76aba6b169e4
GET /beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://button.buffer.com
Connection: keep-alive
Referer: https://button.buffer.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 05 Nov 2022 00:25:08 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/2022.10.1
last-modified: Fri, 21 Oct 2022 01:56:09 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 76517352df430b02-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
platform.twitter.com/widgets.js
93.184.220.66200 OK 29 kB URL HTTP/1.1 platform.twitter.com/widgets.js
IP 93.184.220.66:0
File type Unicode text, UTF-8 text, with very long lines (33915)
Hash 7899fffaf0046efb7f9be2495d9dc928
d4c60d88e8deea577a50f9d20e1b6b3a20cba2cf
07d50450f22df0588cc1b67f5a124cb91d99a032a229586eb7dc490cce9f7f30
GET /widgets.js HTTP/1.1
Host: platform.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.regionic.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 3000
Age: 1441
Cache-Control: public, max-age=1800
Content-Type: application/javascript; charset=utf-8
Date: Sat, 05 Nov 2022 00:25:08 GMT
Etag: "6633f9603c759c40d9b200995454f17c+gzip"
Last-Modified: Wed, 02 Nov 2022 19:43:37 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (ska/F704)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=,edge;dur=1
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 29221
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 3f8945e0b967faaa3d66f021b51698b0
d16f00dddcf46a232938d28c249f5b9777db6b2d
72c9c95ec287ed44653e94d79c883e0750abac217e80fb0845fcef9e5278af55
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 00:25:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash a2f6c296003d839bdee766ef4082e376
013ae64b10cb1355ae9b6ba38dcfa79f71a9b505
703d6582ab3344d6e4a0d5b7e0c9983b8f7e8179d73dd6584c37bbccc8c84308
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 00:25:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 459a9d034be41d34eb24ef3b8e27225d
18ddd4f5c5a7a5f2d7761a0fb8605a744dddf113
ddecd815c807024144ad8082aba6742edd5ff32c004a2b37caceeb8fca9162a5
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4814
Cache-Control: max-age=93363
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 00:25:08 GMT
Etag: "63646449-1d7"
Expires: Sun, 06 Nov 2022 02:21:11 GMT
Last-Modified: Fri, 04 Nov 2022 01:00:57 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471
feneteko.com/a
142.132.202.70302 Found 0 B IP 142.132.202.70:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /a HTTP/1.1
Host: feneteko.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.regionic.info/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 05 Nov 2022 00:25:08 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Set-Cookie: qwerty_a=0; expires=Sun, 06-Nov-2022 00:25:08 GMT; Max-Age=86400; path=/
Location: https://s.click.aliexpress.com/e/_DkvbRPd?af=a;59363&cn=oslo&cv=376357&dp=91.90.42.154
platform.tumblr.com/v1/share_2.png
74.114.154.15302 Moved Temporarily 142 B URL HTTP/1.1 platform.tumblr.com/v1/share_2.png
IP 74.114.154.15:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 82c98e8e012b79c922655461171cc2fa
0828d79135573276005b04be42d79a8a3291292b
745173bcc5c57ce9751dd019606e877e0aae13b60372fdb090f3db0470c3a43c
GET /v1/share_2.png HTTP/1.1
Host: platform.tumblr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/
HTTP/1.1 302 Moved Temporarily
Server: openresty
Date: Sat, 05 Nov 2022 00:25:08 GMT
Content-Type: text/html
Content-Length: 142
Connection: keep-alive
Location: https://platform.tumblr.com/v1/share_2.png
resistcorrectly.com/stat
176.9.60.211302 Moved Temporarily 0 B IP 176.9.60.211:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /stat HTTP/1.1
Host: resistcorrectly.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.regionic.info/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
Server: nginx/1.12.2
Date: Sat, 05 Nov 2022 00:25:08 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Access-Control-Allow-Origin: *
Set-Cookie: qwerty_stat=0; expires=Sat, 05-Nov-2022 01:25:08 GMT; Max-Age=3600; path=/
Location: https://hlmiq.com/vu/a/
ajax.googleapis.com/ajax/libs/jquery/1.9.0/jquery.min.js
216.58.207.234200 OK 33 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/1.9.0/jquery.min.js
IP 216.58.207.234:0
File type ASCII text, with very long lines (32132)
Hash 19367efa6245eafdd8c6111a367da696
901ec681692d88afa09c28cee299ba120ca33a8b
cb11ee5a06892d5ffea634705118e1cc48f276c6d18fa20605c9bf5b9c33dc32
GET /ajax/libs/jquery/1.9.0/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.regionic.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33140
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 31 Oct 2022 08:11:13 GMT
expires: Tue, 31 Oct 2023 08:11:13 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 404035
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
apis.google.com/js/plusone.js
142.250.74.174200 OK 21 kB URL HTTP/2 apis.google.com/js/plusone.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1279)
Hash 557a84e1a4b4a45f586fb72599df1ad0
78eec98dcefee53f24a6684e407c81676e7952b4
a488b14f67aa02c62eb30b758d1eb76155478e3af0b2fd78dc52de4e28ed4014
GET /js/plusone.js HTTP/1.1
Host: apis.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.regionic.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
access-control-allow-origin: *
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="gapi-team"
report-to: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
timing-allow-origin: *
content-length: 20987
date: Sat, 05 Nov 2022 00:25:08 GMT
expires: Sat, 05 Nov 2022 00:25:08 GMT
cache-control: private, max-age=1800, stale-while-revalidate=1800
etag: "c1b020d722de3a38"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
platform.twitter.com/widgets/widget_iframe.644279d1635fd969e87af94a98bd232b.html?origin=http%3A%2F%2Fwww.regionic.info
93.184.220.66200 OK 105 kB URL HTTP/1.1 platform.twitter.com/widgets/widget_iframe.644279d1635fd969e87af94a98bd232b.html?origin=http%3A%2F%2Fwww.regionic.info
IP 93.184.220.66:0
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (56168)
Size 105 kB (105445 bytes)
Hash 2b4968b185495eddda0d85b2351ebb71
c665785ca0f4039f8c71d94631cd50a879d866b5
eb8af089d8082a58a6e90fedc23007f17a9e89ddbc6a29b6e535e4847ba94160
GET /widgets/widget_iframe.644279d1635fd969e87af94a98bd232b.html?origin=http%3A%2F%2Fwww.regionic.info HTTP/1.1
Host: platform.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.regionic.info/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 180255
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Sat, 05 Nov 2022 00:25:08 GMT
Etag: "50d73c0b4a4c7e4697b9c6ac6f1ecd75+gzip"
Last-Modified: Wed, 02 Nov 2022 19:36:59 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (ska/F71D)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=,edge;dur=1
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 105445
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 1e621d5bb6fab8b48d9ada58825c783c
61bd0fbfb86d4381c273d2968af4d72c2d199458
b3f60319e256fc417a33cb7f88c0cb2a7997190e23c275cb6caefa600ad47c77
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5481
Cache-Control: max-age=94025
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 00:25:08 GMT
Etag: "63646444-1d7"
Expires: Sun, 06 Nov 2022 02:32:13 GMT
Last-Modified: Fri, 04 Nov 2022 01:00:52 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash a2f6c296003d839bdee766ef4082e376
013ae64b10cb1355ae9b6ba38dcfa79f71a9b505
703d6582ab3344d6e4a0d5b7e0c9983b8f7e8179d73dd6584c37bbccc8c84308
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 00:25:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 4a9066e8faeec7f06d9a7e91bef8ff52
699ce1c29412a4c3f9018f4deceb3db399ddcd29
46461d19bf1ea06f23d89c4179135eaca9d7c8753a91e913b3adaf2615bee36f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 00:25:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.P0B2vZm_jJk.O/m=plusone/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_nmCaDbrwZCe_WiNZEgKVKQ-FnSA/cb=gapi.loaded_0?le=scs
142.250.74.174200 OK 51 kB URL HTTP/2 apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.P0B2vZm_jJk.O/m=plusone/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_nmCaDbrwZCe_WiNZEgKVKQ-FnSA/cb=gapi.loaded_0?le=scs
IP 142.250.74.174:0
File type ASCII text, with very long lines (580)
Hash cf7ba1923d457322375044e5b1042100
25339ead949bb7b8c30b3e7eb638fc3200c8f2d6
6de820e802afec0caaf44492eb818c6eac1b2463e29bd467afa3a0d396718cd2
GET /_/scs/abc-static/_/js/k=gapi.lb.en.P0B2vZm_jJk.O/m=plusone/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_nmCaDbrwZCe_WiNZEgKVKQ-FnSA/cb=gapi.loaded_0?le=scs HTTP/1.1
Host: apis.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.regionic.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-length: 51265
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 30 Oct 2022 00:47:56 GMT
expires: Mon, 30 Oct 2023 00:47:56 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 04 Oct 2022 15:24:13 GMT
content-type: text/javascript; charset=UTF-8
age: 517032
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.P0B2vZm_jJk.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_nmCaDbrwZCe_WiNZEgKVKQ-FnSA/cb=gapi.loaded_1?le=scs
142.250.74.174200 OK 35 kB URL HTTP/2 apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.P0B2vZm_jJk.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_nmCaDbrwZCe_WiNZEgKVKQ-FnSA/cb=gapi.loaded_1?le=scs
IP 142.250.74.174:0
File type ASCII text, with very long lines (859)
Hash 6a5e842577b12d6a18e574f7af1754a4
d4ed2e34a42b3f6c4f2e666f30a832da3c2cc438
a83ab4acd08d7cca1acd65df0f5539301cf7a54e05987a1f7a199388f6f079a2
GET /_/scs/abc-static/_/js/k=gapi.lb.en.P0B2vZm_jJk.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_nmCaDbrwZCe_WiNZEgKVKQ-FnSA/cb=gapi.loaded_1?le=scs HTTP/1.1
Host: apis.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.regionic.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-length: 35307
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 04 Nov 2022 22:35:13 GMT
expires: Sat, 04 Nov 2023 22:35:13 GMT
cache-control: public, max-age=31536000
age: 6595
last-modified: Tue, 04 Oct 2022 15:24:13 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
apis.google.com/u/0/se/0/_/+1/fastbutton?usegapi=1&size=medium&hl=fr&origin=http%3A%2F%2Fwww.regionic.info&url=http%3A%2F%2Fwww.regionic.info%2Fjmb%2F%3Fp%3D18298&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.P0B2vZm_jJk.O%2Fd%3D1%2Frs%3DAHpOoo_nmCaDbrwZCe_WiNZEgKVKQ-FnSA%2Fm%3D__features__
142.250.74.174301 Moved Permanently 226 B URL HTTP/2 apis.google.com/u/0/se/0/_/+1/fastbutton?usegapi=1&size=medium&hl=fr&origin=http%3A%2F%2Fwww.regionic.info&url=http%3A%2F%2Fwww.regionic.info%2Fjmb%2F%3Fp%3D18298&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.P0B2vZm_jJk.O%2Fd%3D1%2Frs%3DAHpOoo_nmCaDbrwZCe_WiNZEgKVKQ-FnSA%2Fm%3D__features__
IP 142.250.74.174:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 4df07581948280a6e769a24c5d99d775
843a2c95362347eb8894a6acb607f139be65ded4
3561b93a48d81fac116ccd6e60163bd382abb1d594c81240f5718feb1f197f73
GET /u/0/se/0/_/+1/fastbutton?usegapi=1&size=medium&hl=fr&origin=http%3A%2F%2Fwww.regionic.info&url=http%3A%2F%2Fwww.regionic.info%2Fjmb%2F%3Fp%3D18298&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.P0B2vZm_jJk.O%2Fd%3D1%2Frs%3DAHpOoo_nmCaDbrwZCe_WiNZEgKVKQ-FnSA%2Fm%3D__features__ HTTP/1.1
Host: apis.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.regionic.info/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
location: http://developers.google.com/
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 05 Nov 2022 00:25:08 GMT
expires: Sat, 05 Nov 2022 00:55:08 GMT
cache-control: public, max-age=1800
server: sffe
content-length: 226
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
connect.facebook.net/fr_FR/sdk.js?hash=23fa4bd743366bb7e9cb48b252ba51ae
157.240.240.1200 OK 88 kB URL HTTP/2 connect.facebook.net/fr_FR/sdk.js?hash=23fa4bd743366bb7e9cb48b252ba51ae
IP 157.240.240.1:0
File type ASCII text, with very long lines (18530)
Hash 01b10c8428d4f5d935520ee9d0a5c7b4
55774dd28a4e47ded317675fa1bd12c967051ae9
e0e4e3d429d2a147124af9316a0e923b810eefe98ca7b4d1f4b34b3accf37011
GET /fr_FR/sdk.js?hash=23fa4bd743366bb7e9cb48b252ba51ae HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.regionic.info
Connection: keep-alive
Referer: http://www.regionic.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: f34f35213c5fa3d815408303c10a1ffb
etag: "b6b2982e205c6ea345345d857bf4f570"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Sat, 04 Nov 2023 22:37:36 GMT
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-fb-rlafr: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: AbEMhCjU9dk1Ug7p0KXHtA==
x-fb-debug: eI9sM1CAoDmT6PR7DjZprHruHqIa/mSjuWUde0zV1DpN8GzOR4u4susKvayQM9IU8R+LiJJmNUZke2vyAyR5sw==
priority: u=3,i
content-length: 88413
x-fb-trip-id: 1679558926
date: Sat, 05 Nov 2022 00:25:08 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 1e621d5bb6fab8b48d9ada58825c783c
61bd0fbfb86d4381c273d2968af4d72c2d199458
b3f60319e256fc417a33cb7f88c0cb2a7997190e23c275cb6caefa600ad47c77
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5481
Cache-Control: max-age=94025
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 00:25:08 GMT
Etag: "63646444-1d7"
Expires: Sun, 06 Nov 2022 02:32:13 GMT
Last-Modified: Fri, 04 Nov 2022 01:00:52 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash d59fb730ecd3a859f63173cc9b2fbd54
38c05a45435ac6f1c65b8dac0d71a1931101226e
0600549165886713e88a8f2def7ad1c9efd4c38a81a75634a096b9e5a976f87e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4953
Cache-Control: max-age=104630
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 00:25:08 GMT
Etag: "63648fc1-139"
Expires: Sun, 06 Nov 2022 05:28:58 GMT
Last-Modified: Fri, 04 Nov 2022 04:06:25 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 313
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 027684885b85e337cdef652cd26abbb1
e0c3a65e416849fd1f8c48cdf179ed7ca4d23caf
2325e754db6bbc089d1a66ba59ec75cd4a6583bbe06e400742c54c9f2366534f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2325E754DB6BBC089D1A66BA59EC75CD4A6583BBE06E400742C54C9F2366534F"
Last-Modified: Thu, 03 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6399
Expires: Sat, 05 Nov 2022 02:11:47 GMT
Date: Sat, 05 Nov 2022 00:25:08 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash b0b8880417d19c1159f5a4cef3d0aa45
d3609cf6dee19df09ff41fcc5e3a9bc828dc26e2
f0b9186d45786a2aceb2577aabb0c9a0bb70da208c46d8c323a88ced9ca296b3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 00:25:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
hlmiq.com/vu/a/
142.132.202.70200 OK 165 B IP 142.132.202.70:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash f144c872426a71034a4da02c9abae11d
ba98d7ebf9f8f69303dfdbce0245e0e80a528fcf
976c61ab51ecf964a62bae8659ddfe60c79a7eeb3134a47487faf417a0cc9c79
GET /vu/a/ HTTP/1.1
Host: hlmiq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.regionic.info/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 05 Nov 2022 00:25:08 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
developers.google.com/
142.250.74.14301 Moved Permanently 0 B IP 142.250.74.14:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: developers.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.regionic.info/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Location: https://developers.google.com/
X-Cloud-Trace-Context: db52781c4d0ac19bcfcc2ecd0acd261d
Date: Sat, 05 Nov 2022 00:25:08 GMT
Content-Type: text/html
Server: Google Frontend
Content-Length: 0
hlmiq.com/vu/a/?
142.132.202.70200 OK 1.1 kB IP 142.132.202.70:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash cc5b9bcc2cac1ae43c81b4e77e271e18
29f05319123ec932e83ae71c03d106adc45caded
dc29aebf3c90e4003bd14dda6077c1fec31d4dcf6fbea12efbd9408d5ee280db
GET /vu/a/? HTTP/1.1
Host: hlmiq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hlmiq.com/vu/a/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 05 Nov 2022 00:25:08 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 4a9066e8faeec7f06d9a7e91bef8ff52
699ce1c29412a4c3f9018f4deceb3db399ddcd29
46461d19bf1ea06f23d89c4179135eaca9d7c8753a91e913b3adaf2615bee36f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 00:25:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
syndication.twitter.com/settings?session_id=0e745a9e3b3dfe52f54b6fe88c59a348395a9069
104.244.42.8200 OK 375 B URL HTTP/2 syndication.twitter.com/settings?session_id=0e745a9e3b3dfe52f54b6fe88c59a348395a9069
IP 104.244.42.8:0
File type JSON data\012- , ASCII text, with very long lines (914), with no line terminators
Hash 22ba4030aabb3e3f64bbbcb1148617f0
2fc6418de8aeb4439351672d396dc8823b3e9357
db89caae1654117a1d9191db8633b6da5cde5deebf238bbd1800616cfc8f4254
GET /settings?session_id=0e745a9e3b3dfe52f54b6fe88c59a348395a9069 HTTP/1.1
Host: syndication.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://platform.twitter.com/
Origin: https://platform.twitter.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Sat, 05 Nov 2022 00:25:08 GMT
perf: 7626143928
vary: Origin
server: tsa_o
content-type: application/json; charset=utf-8
cache-control: must-revalidate, max-age=600
last-modified: Sat, 05 Nov 2022 00:25:08 GMT
content-length: 375
content-encoding: gzip
x-transaction-id: e6418c17257711c5
strict-transport-security: max-age=631138519
access-control-allow-origin: https://platform.twitter.com
access-control-allow-credentials: true
x-response-time: 116
x-connection-hash: 584923bf593cf6802c2e5ad8fe46a64415b190b7fac702cb6a66dfaa26c9553e
X-Firefox-Spdy: h2
hlmiq.com/to2/dhgate/
142.132.202.70307 Temporary Redirect 0 B IP 142.132.202.70:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /to2/dhgate/ HTTP/1.1
Host: hlmiq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hlmiq.com/vu/a/?
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 05 Nov 2022 00:25:08 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Referrer-Policy: no-referrer
Location: https://de.dhgate.com/?f=bm|aff|admitad|1019090|4a70603c5db1f9a809681fceb88923a6|197649||
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash d8e9e2a41da058c500904f3d57ecc386
b5de3321ca2075d56971a08e8b525de79b9005b5
2f3dbbb1bc1f14bf82cede6c7a0ad0bb7176e50748ad7a2177a3a9b416429f21
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 287
Cache-Control: max-age=123738
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 00:25:08 GMT
Etag: "6364ec9f-117"
Expires: Sun, 06 Nov 2022 10:47:26 GMT
Last-Modified: Fri, 04 Nov 2022 10:42:39 GMT
Server: ECS (amb/6BA2)
X-Cache: HIT
Content-Length: 279
hlmiq.com/to2/iherbcd/
142.132.202.70307 Temporary Redirect 0 B IP 142.132.202.70:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /to2/iherbcd/ HTTP/1.1
Host: hlmiq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hlmiq.com/vu/a/?
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 05 Nov 2022 00:25:08 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Referrer-Policy: no-referrer
Location: https://www.iherb.com/?clickref=1011lwhLWwXF&utm_source=agruna&utm_medium=affiliate&utm_campaign=1011l44232
platform.twitter.com/js/button.d2f864f87f544dc0c11d7d712a191c1f.js
93.184.220.66200 OK 2.4 kB URL HTTP/1.1 platform.twitter.com/js/button.d2f864f87f544dc0c11d7d712a191c1f.js
IP 93.184.220.66:0
File type ASCII text, with very long lines (7017), with no line terminators
Hash 83616664e4155f8af0efb0576f8920cf
1277b0f4f935bec3ada0f87c45395bb6d9b2efbc
bb19d85932c5e8a952b6fc28c1df42aed6d6920f79ee3f2217d2484294d575d3
GET /js/button.d2f864f87f544dc0c11d7d712a191c1f.js HTTP/1.1
Host: platform.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.regionic.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 180244
Cache-Control: public, max-age=315360000
Content-Type: application/javascript; charset=utf-8
Date: Sat, 05 Nov 2022 00:25:08 GMT
Etag: "7bb2d17ac20be3bd6ec1079356afecd9+gzip"
Last-Modified: Wed, 02 Nov 2022 19:36:52 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (ska/F704)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=,edge;dur=1
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 2362
hlmiq.com/to2/uatest/
142.132.202.70307 Temporary Redirect 0 B IP 142.132.202.70:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /to2/uatest/ HTTP/1.1
Host: hlmiq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hlmiq.com/vu/a/?
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 05 Nov 2022 00:25:08 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Referrer-Policy: no-referrer
Location: https://rover.ebay.com/rover/1/711-155609-835623-2/16?PARM3_ID=GBH_168&FF11=GBH_168&kw=6365ab0709e8870001ab639c_14330&mpre=
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 100a969e87ef569c353095216fc17f4f
96fabc3059b3642b457d8536ea87df162c318b1a
3f75de1fbe4e24169713f364e97a3c4e7393ee33674a58396b518c8e6ac77764
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=168804
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 00:25:08 GMT
Etag: "63659dc8-117"
Expires: Sun, 06 Nov 2022 23:18:32 GMT
Last-Modified: Fri, 04 Nov 2022 23:18:32 GMT
Server: nginx
Content-Length: 279
localbitcoins.com/?ch=1cmsy
104.18.201.62302 Found 0 B URL HTTP/2 localbitcoins.com/?ch=1cmsy
IP 104.18.201.62:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?ch=1cmsy HTTP/1.1
Host: localbitcoins.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hlmiq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sat, 05 Nov 2022 00:25:09 GMT
content-type: text/html; charset=utf-8
content-length: 0
location: /
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Accept-Language, Cookie
content-language: en
x-frame-options: DENY
set-cookie: visit_id=558086502; expires=Sun, 05 Nov 2023 00:25:08 GMT; Max-Age=31536000; Path=/
lbc_browser_id=VMCLVDNSUHQVQUOVHNFTALQBIVHDVHZN; expires=Thu, 04 May 2023 00:25:08 GMT; HttpOnly; Max-Age=15552000; Path=/; Secure
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=f.xzsooyJxEXWwxnKfy1t3zrKZ2CFPGusOLBF4tSrHM-1667607909-0-ATJuaFXHPFlgXgGx58qGfqRxATY3Q4pS3lKC7xXHi4GQwGNCS7CvmjevR-aXP8VGPvJQ6zxYbEyaF6zn-N0MKrarFpXu0yNLwBU_fPBvy6CE"}],"group":"cf-csp-endpoint","max_age":86400}
content-security-policy-report-only: script-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=f.xzsooyJxEXWwxnKfy1t3zrKZ2CFPGusOLBF4tSrHM-1667607909-0-ATJuaFXHPFlgXgGx58qGfqRxATY3Q4pS3lKC7xXHi4GQwGNCS7CvmjevR-aXP8VGPvJQ6zxYbEyaF6zn-N0MKrarFpXu0yNLwBU_fPBvy6CE; report-to cf-csp-endpoint
server: cloudflare
cf-ray: 76517356cf1db51b-OSL
X-Firefox-Spdy: h2
resistcorrectly.com/w
176.9.60.211302 Moved Temporarily 0 B IP 176.9.60.211:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /w HTTP/1.1
Host: resistcorrectly.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hlmiq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
Server: nginx/1.12.2
Date: Sat, 05 Nov 2022 00:25:08 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Access-Control-Allow-Origin: *
Set-Cookie: qwerty_w=0; expires=Mon, 07-Nov-2022 02:25:08 GMT; Max-Age=180000; path=/
Location: https://hlmiq.com/to2/iherbr10/
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash b5776e35ead7f628253ba8e269ecddaa
2a7ccd8d7c778028d6c659d5d187049c2eea3d84
510f037d9b1a4b681c6d11647e2b6b9a8f4298d92649d78a2e29b0be25333555
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3648
Cache-Control: max-age=103360
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 00:25:09 GMT
Etag: "63648fe5-117"
Expires: Sun, 06 Nov 2022 05:07:49 GMT
Last-Modified: Fri, 04 Nov 2022 04:07:01 GMT
Server: ECS (amb/6BA7)
X-Cache: HIT
Content-Length: 279
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b5ff0756bf491c47e412654d0e7d1889
3080fe5a3ba0c6b6c2279c333527cffa2d417f49
c6ca62068d39ef7bb2e1556553bc3bb00e32bbe9a6664cd33a115d96381bf296
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "C6CA62068D39EF7BB2E1556553BC3BB00E32BBE9A6664CD33A115D96381BF296"
Last-Modified: Fri, 04 Nov 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6905
Expires: Sat, 05 Nov 2022 02:20:14 GMT
Date: Sat, 05 Nov 2022 00:25:09 GMT
Connection: keep-alive
platform.twitter.com/widgets/tweet_button.644279d1635fd969e87af94a98bd232b.fr.html
93.184.220.66200 OK 14 kB URL HTTP/1.1 platform.twitter.com/widgets/tweet_button.644279d1635fd969e87af94a98bd232b.fr.html
IP 93.184.220.66:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (32033)
Hash b4287f5f4e7144060cb7d55976a0dc7f
c5dc72929f46eb40fa323f073d832eb8b489ee0a
847bd24756126b49ffe04182885b0640e7d38a6888656ef850d962571e6b602b
GET /widgets/tweet_button.644279d1635fd969e87af94a98bd232b.fr.html HTTP/1.1
Host: platform.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.regionic.info/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 179685
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Sat, 05 Nov 2022 00:25:09 GMT
Etag: "53819b01f65edf7b7866e434b2c6ea89+gzip"
Last-Modified: Wed, 02 Nov 2022 19:36:56 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (ska/F704)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=,edge;dur=1
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 13993
hlmiq.com/to2/iherbr10/
142.132.202.70307 Temporary Redirect 0 B IP 142.132.202.70:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /to2/iherbr10/ HTTP/1.1
Host: hlmiq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hlmiq.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 05 Nov 2022 00:25:09 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Referrer-Policy: no-referrer
Location: https://www.iherb.com/?clickref=1011lwhM5w8L&utm_source=cityads&utm_medium=affiliate&utm_content=1jf
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 3ce166c92b6706a803e1acd188011a7a
82cb622425e44014b6269a57918127c6b6d95a63
cd5b961f56f839be9d3857aa607d4a3d3bd4475b5badccaa7a776856cabc76b0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5995
Cache-Control: max-age=165118
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 00:25:09 GMT
Etag: "636577f8-118"
Expires: Sun, 06 Nov 2022 22:17:07 GMT
Last-Modified: Fri, 04 Nov 2022 20:37:12 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 280
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 35c57503eba4aa7f30e040514a969dc9
18faeba37f4cf5a285de10bd6d12bd506c7586c7
ca503315dfaa867cf5412e964fa3963c8ee56032cf3da3f0b09e78dd22f54031
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4686
Cache-Control: max-age=137178
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 00:25:09 GMT
Etag: "63650ff1-117"
Expires: Sun, 06 Nov 2022 14:31:27 GMT
Last-Modified: Fri, 04 Nov 2022 13:13:21 GMT
Server: ECS (amb/6BA0)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 2b908a8f29dc67bb32c91b63a78ca5c9
1db8eb9b1002050b574fc3d7845081c454cf908c
1477ae4c658ff737d5ebb567d8d837bfc8fc99c1eb2cca0409462c4a224611b0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6444
Cache-Control: max-age=87793
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 00:25:09 GMT
Etag: "6364482a-117"
Expires: Sun, 06 Nov 2022 00:48:22 GMT
Last-Modified: Thu, 03 Nov 2022 23:00:58 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 314 B IP 93.184.220.29:0
Hash fb7111f555d4face962c0d6b0759e6b1
9e368906c578c3a0d454e6be67c031de155d4794
ae0d6f42990630f1bfba1a83b0d2b7dd5ff82f4e5316ff348a3530b6c98be02b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4633
Cache-Control: max-age=86676
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 00:25:09 GMT
Etag: "63644ae0-13a"
Expires: Sun, 06 Nov 2022 00:29:45 GMT
Last-Modified: Thu, 03 Nov 2022 23:12:32 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 314
ocsp.pki.goog/s/gts1p5/dFu0OYnOnSU
142.250.74.3200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/dFu0OYnOnSU
IP 142.250.74.3:0
Hash 283049433859107a8a1e7b0a8198db00
67363b900dbad82eeea38c7314fb570c5a526e12
b7ef96d314b74273a16e0a014a21bd3050b07d850d549277206cf4fa2b98d6ef
POST /s/gts1p5/dFu0OYnOnSU HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 00:25:09 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 4e2cae15696773d8919b7a245ca58385
632afa0864f7588262d7bec11dfa710ad19c7da7
bdbbe3578ad775a84b22d995384304f3dd21c3a1d1d00a0da8ae9375e6448932
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6161
Cache-Control: max-age=97613
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 00:25:09 GMT
Etag: "63646fa1-1d7"
Expires: Sun, 06 Nov 2022 03:32:02 GMT
Last-Modified: Fri, 04 Nov 2022 01:49:21 GMT
Server: ECS (amb/6BA2)
X-Cache: HIT
Content-Length: 471
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 4b0a96341db9455afafddb993a488f21
db2c15215c47cc730ba663edf103ec1371704aa8
bc718c79f4aa09bf5030e048617274d4d5b4bc8bad4ee973c311b70e8dc763a8
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 05 Nov 2022 00:25:09 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 03 Nov 2022 07:04:22 GMT
Expires: Thu, 10 Nov 2022 07:04:21 GMT
Etag: "db2c15215c47cc730ba663edf103ec1371704aa8"
Cache-Control: max-age=455351,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 765173569bf30af6-OSL
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 426a81ce5a7af7c80641d62b9ca5641f
4c6aee32703b76ec2aa223551017643fdec493cc
028a353c3bee5829ba929a6fc99243e194947eed4c52a7f58bbb9229a8291ea0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2268
Cache-Control: max-age=122512
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 00:25:09 GMT
Etag: "6364e019-117"
Expires: Sun, 06 Nov 2022 10:27:01 GMT
Last-Modified: Fri, 04 Nov 2022 09:49:13 GMT
Server: ECS (amb/6BC8)
X-Cache: HIT
Content-Length: 279
syndication.twitter.com/i/jot/embeds?l=%7B%22widget_origin%22%3A%22http%3A%2F%2Fwww.regionic.info%2Fjmb%2F%3Fp%3D18298%22%2C%22widget_frame%22%3Afalse%2C%22language%22%3A%22fr%22%2C%22message%22%3A%22m%3Anocount%3A%22%2C%22context%22%3A%22rufous-eol%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1667607907734%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%22a3525f077c700%3A1667415560940%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22share%22%2C%22action%22%3A%22impression%22%7D%7D&session_id=0e745a9e3b3dfe52f54b6fe88c59a348395a9069
104.244.42.8200 OK 43 B URL HTTP/2 syndication.twitter.com/i/jot/embeds?l=%7B%22widget_origin%22%3A%22http%3A%2F%2Fwww.regionic.info%2Fjmb%2F%3Fp%3D18298%22%2C%22widget_frame%22%3Afalse%2C%22language%22%3A%22fr%22%2C%22message%22%3A%22m%3Anocount%3A%22%2C%22context%22%3A%22rufous-eol%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1667607907734%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%22a3525f077c700%3A1667415560940%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22share%22%2C%22action%22%3A%22impression%22%7D%7D&session_id=0e745a9e3b3dfe52f54b6fe88c59a348395a9069
IP 104.244.42.8:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 377d257f2d2e294916143c069141c1c5
b7cae69682cf31dd670b65088db8395acda6ed3e
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
GET /i/jot/embeds?l=%7B%22widget_origin%22%3A%22http%3A%2F%2Fwww.regionic.info%2Fjmb%2F%3Fp%3D18298%22%2C%22widget_frame%22%3Afalse%2C%22language%22%3A%22fr%22%2C%22message%22%3A%22m%3Anocount%3A%22%2C%22context%22%3A%22rufous-eol%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1667607907734%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%22a3525f077c700%3A1667415560940%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22share%22%2C%22action%22%3A%22impression%22%7D%7D&session_id=0e745a9e3b3dfe52f54b6fe88c59a348395a9069 HTTP/1.1
Host: syndication.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.regionic.info/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 05 Nov 2022 00:25:08 GMT
perf: 7626143928
vary: Origin
server: tsa_o
content-type: image/gif
cache-control: must-revalidate, max-age=600
last-modified: Sat, 05 Nov 2022 00:25:09 GMT
content-length: 43
x-transaction-id: 72838e6b0db29f46
strict-transport-security: max-age=631138519
x-response-time: 109
x-connection-hash: 584923bf593cf6802c2e5ad8fe46a64415b190b7fac702cb6a66dfaa26c9553e
X-Firefox-Spdy: h2
s.click.aliexpress.com/e/_DkvbRPd?af=a;59363&cn=oslo&cv=376357&dp=91.90.42.154
104.110.21.5302 Found 0 B URL HTTP/2 s.click.aliexpress.com/e/_DkvbRPd?af=a;59363&cn=oslo&cv=376357&dp=91.90.42.154
IP 104.110.21.5:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /e/_DkvbRPd?af=a;59363&cn=oslo&cv=376357&dp=91.90.42.154 HTTP/1.1
Host: s.click.aliexpress.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.regionic.info/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-length: 0
server: Tengine
x-application-context: global-traffic-holmes-f:7001
access-control-allow-methods: GET, POST, OPTION
access-control-allow-credentials: true
p3p: CP="CAO PSA OUR"
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
strict-transport-security: max-age=31536000 ; includeSubDomains
location: https://sale.aliexpress.ru/ru/__pc/continuation_default.htm?af=a&59363&cn=oslo&cv=376357&dp=91.90.42.154&aff_fcid=13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd&tt=CPS_NORMAL&aff_fsk=_DkvbRPd&aff_platform=portals-tool&sk=_DkvbRPd&aff_trace_key=13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd&terminal_id=fa3817770ce548f0b25c33422b4b5137
content-language: en-US
eagleeye-traceid: 2101e9cf16676079088842918e02b7
timing-allow-origin: *
date: Sat, 05 Nov 2022 00:25:09 GMT
set-cookie: xman_us_f=x_l=0&x_as_i=%7B%22aeuCID%22%3A%2213f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%22%2C%22af%22%3A%22a%22%2C%22affiliateKey%22%3A%22_DkvbRPd%22%2C%22channel%22%3A%22AFFILIATE%22%2C%22cv%22%3A%221%22%2C%22isCookieCache%22%3A%22N%22%2C%22ms%22%3A%221%22%2C%22pid%22%3A%22716815331%22%2C%22tagtime%22%3A1667607909034%7D&acs_rt=fa3817770ce548f0b25c33422b4b5137; Domain=.aliexpress.com; Expires=Thu, 23-Nov-2090 03:39:16 GMT; Path=/
acs_usuc_t=x_csrf=fo8mdfmk_oyc&acs_rt=fa3817770ce548f0b25c33422b4b5137; Domain=.aliexpress.com; Path=/
aeu_cid=13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd; Domain=.aliexpress.com; Expires=Thu, 23-Nov-2090 03:39:16 GMT; Path=/
xman_t=APrV9/wvNSw2kPNVDbvKDJIgVesKBpThXSYRBzAHj4WYldNZA67rIa8usGH2UvOM; Domain=.aliexpress.com; Expires=Fri, 03-Feb-2023 00:25:09 GMT; Path=/; HttpOnly
xman_f=RHTFpjtXbcZupL4tbihwJGdgTQ7ru35xZcviYMhwfp9jdoAPbwhuIVfkhxXDvE2ewhVRc695fsRm0WyLs08uSHMtUaDnOHxb5dE19mBiZZhVFDEeBObo3Q==; Domain=.aliexpress.com; Expires=Thu, 23-Nov-2090 03:39:16 GMT; Path=/; HttpOnly
traffic_se_co=%7B%7D; Domain=aliexpress.com; Expires=Thu, 23-Nov-2090 03:39:16 GMT; Path=/
af_ss_a=1; Path=/; Domain=.aliexpress.com; Max-Age=2147483647; Secure; SameSite=None
af_ss_b=1; Path=/; Domain=.aliexpress.com; Max-Age=2147483647; SameSite=Lax
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash a12cd7d246df4173bb76a4668c28e763
318a4da492eaebc69642e510b4ad09cf98af4533
c8941f56339fc5fd683cd8f848eb1c79b5afeca206d4c4e7987005c77f50f7a0
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 05 Nov 2022 00:25:09 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 03 Nov 2022 12:45:39 GMT
Expires: Thu, 10 Nov 2022 12:45:38 GMT
Etag: "318a4da492eaebc69642e510b4ad09cf98af4533"
Cache-Control: max-age=475828,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76517357efd1b518-OSL
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 14d9298dc576ec001bff7e4fd9acd569
eea89dd1492b7d31c08aa4636297dd845fd5e0c6
5fefd37686c314dfd3451ee8f4091873e2211920d3e353eb19c9372bef7e01a6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=163059
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 00:25:09 GMT
Etag: "63658758-1d7"
Expires: Sun, 06 Nov 2022 21:42:48 GMT
Last-Modified: Fri, 04 Nov 2022 21:42:48 GMT
Server: nginx
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 656a355c6cb333c5554fa65748d3d165
15e6dc206e412e258ca49e2eec46e67b831ea4a6
3bdcb16737f73a6985f7cfe3b221882d91b27ab3ec6f940f14477f94a0e40720
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 00:25:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 4f5b1c5360d3881613dbeb649a9890d3
966ff65ffd2fa6e8bf525950ab181b46d1d3b51f
21478814ea5796bbb2b589d94ea96a9044da2ac00c8494c61eb323cf84bca557
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=117678
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 00:25:09 GMT
Etag: "6364d613-116"
Expires: Sun, 06 Nov 2022 09:06:27 GMT
Last-Modified: Fri, 04 Nov 2022 09:06:27 GMT
Server: nginx
Content-Length: 278
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 8078fc59cf845dd3bf576593abca7eb9
a98aa98c75198f983eac94333c745e31b95dc0fd
c866869a252797d8120fb35c6d31578a8e7ae92dcb2a718c5d8fb9466d9b7a7a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5058
Cache-Control: max-age=150825
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 00:25:09 GMT
Etag: "636543cc-116"
Expires: Sun, 06 Nov 2022 18:18:54 GMT
Last-Modified: Fri, 04 Nov 2022 16:54:36 GMT
Server: ECS (amb/6B88)
X-Cache: HIT
Content-Length: 278
ssl.gstatic.com/accounts/o/1832714284-postmessagerelay.js
142.250.74.99200 OK 4.3 kB URL HTTP/2 ssl.gstatic.com/accounts/o/1832714284-postmessagerelay.js
IP 142.250.74.99:0
File type ASCII text, with very long lines (2267)
Hash 3f7502705229ccec9d066c5cd75e6c31
ede1663155afaa5a5213d075e6295c6d839b05c3
2be5113d3022d1819a19f327235d287a2538a03741fc08ccd9d55cc1d78b6282
GET /accounts/o/1832714284-postmessagerelay.js HTTP/1.1
Host: ssl.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://accounts.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/federated-signon-mpm-access
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="federated-signon-mpm-access"
report-to: {"group":"federated-signon-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/federated-signon-mpm-access"}]}
content-length: 4294
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 30 Oct 2022 00:32:06 GMT
expires: Mon, 30 Oct 2023 00:32:06 GMT
cache-control: public, max-age=31536000
last-modified: Fri, 28 Oct 2022 02:07:59 GMT
content-type: text/javascript
age: 517983
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 2aef8ce033057f703353ee543ec30bf5
db5d1c565667a2b692b5f06946e4ce586bbb09df
190e52c6d9f1ede69c80f1d9402dd28ffb2601b1799cb5da706a064a99744e57
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3623
Cache-Control: max-age=126718
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 00:25:09 GMT
Etag: "6364eb3c-117"
Expires: Sun, 06 Nov 2022 11:37:07 GMT
Last-Modified: Fri, 04 Nov 2022 10:36:44 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 279
www.binance.com/ru/register?ref=KZTDOPQP
143.204.55.84301 Moved Permanently 239 B URL HTTP/2 www.binance.com/ru/register?ref=KZTDOPQP
IP 143.204.55.84:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 67194376ec810b1466000b45b043ab94
b5b0840425f5602244750801336e7e8b9efd022f
39e3595d59216b98e54c6f089954d1397d9eb7f75a2a85914881cec2eef07164
GET /ru/register?ref=KZTDOPQP HTTP/1.1
Host: www.binance.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hlmiq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
content-type: text/html
content-length: 239
location: https://accounts.binance.com/ru/register?ref=KZTDOPQP
date: Sat, 05 Nov 2022 00:25:09 GMT
server: Tengine
cache-control: no-store,max-age=0,must-revalidate
x-cache: Hit from cloudfront
via: 1.1 bb1da7862c4968b28920b91b324095c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 9skHOhix7Hwfq7SIjnTFUE1rySaiDZCxIOn4MMRndpeWTD2Kp3yzrg==
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash dd8f2dc0e5c9266044efcab16efb974d
ec6aa992ad18a53074933bcfd323e2d84f901a40
1aeb30f6e1a93fcd0d14ddc62676a4e55fa567840cbacf92ee8e328f92b196aa
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5546
Cache-Control: max-age=126154
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 00:25:09 GMT
Etag: "6364e185-117"
Expires: Sun, 06 Nov 2022 11:27:43 GMT
Last-Modified: Fri, 04 Nov 2022 09:55:17 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash dd8f2dc0e5c9266044efcab16efb974d
ec6aa992ad18a53074933bcfd323e2d84f901a40
1aeb30f6e1a93fcd0d14ddc62676a4e55fa567840cbacf92ee8e328f92b196aa
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5911
Cache-Control: max-age=126519
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 00:25:09 GMT
Etag: "6364e185-117"
Expires: Sun, 06 Nov 2022 11:33:48 GMT
Last-Modified: Fri, 04 Nov 2022 09:55:17 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 279
remitano.com/join/2716653
104.18.29.12302 Found 23 B URL HTTP/2 remitano.com/join/2716653
IP 104.18.29.12:0
File type ASCII text, with no line terminators
Hash 19f1429ad5f6eb308725dc533ddbf8be
58ed14b4156f90188137f0328c9201825426a934
4a420424a2c575891b5947fe46615eb7968fc4e8d212361d6a631dc01407558b
GET /join/2716653 HTTP/1.1
Host: remitano.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hlmiq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sat, 05 Nov 2022 00:25:09 GMT
content-type: text/plain; charset=utf-8
content-length: 23
x-powered-by: Remitano
referrer-policy: strict-origin-when-cross-origin
content-security-policy: default-src * 'self' https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'
permissions-policy: camera=(*)
location: /
vary: Accept
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=Y_SbYKDMaCsI__XELJti3lsvh3y0MFaOeMX.yCVPCBI-1667607909-0-AQrxmIw_Ob_96qfwN9e08alZFCbpVt7N3TzPoPDg_YjaJSU6poTKqBkgMyNlsMOAZYfs0GdkCDxi8toctIo8MHs"}],"group":"cf-csp-endpoint","max_age":86400}
content-security-policy-report-only: script-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=Y_SbYKDMaCsI__XELJti3lsvh3y0MFaOeMX.yCVPCBI-1667607909-0-AQrxmIw_Ob_96qfwN9e08alZFCbpVt7N3TzPoPDg_YjaJSU6poTKqBkgMyNlsMOAZYfs0GdkCDxi8toctIo8MHs; report-to cf-csp-endpoint
set-cookie: AWSALB=2kHbvKZWQgyitXFKT+nSyXIzxXqbj4Bgak6KFtARzD9+MCqQWRBMjg8oysbuEzNKkAxaMHkFZUwgh5xr3bno2bE/mGfDB7ocuIGN5uvfWapZZ+to/sGh9kZoMHIs; Expires=Sat, 12 Nov 2022 00:25:09 GMT; Path=/
AWSALBCORS=2kHbvKZWQgyitXFKT+nSyXIzxXqbj4Bgak6KFtARzD9+MCqQWRBMjg8oysbuEzNKkAxaMHkFZUwgh5xr3bno2bE/mGfDB7ocuIGN5uvfWapZZ+to/sGh9kZoMHIs; Expires=Sat, 12 Nov 2022 00:25:09 GMT; Path=/; SameSite=None; Secure
AWSALB=lKiF8lkkExbPAXzrZLjnWEsA/dhhk4D3yG3KJGdHekQQH87AXpuW1EZDAUG4IWTKtgs6wHTO3Uw/A/z/SRpD12s4S3dDReAjINv9Lqy7rrrewyRTQSTIOG5eugKa; Expires=Sat, 12 Nov 2022 00:25:09 GMT; Path=/
AWSALBCORS=lKiF8lkkExbPAXzrZLjnWEsA/dhhk4D3yG3KJGdHekQQH87AXpuW1EZDAUG4IWTKtgs6wHTO3Uw/A/z/SRpD12s4S3dDReAjINv9Lqy7rrrewyRTQSTIOG5eugKa; Expires=Sat, 12 Nov 2022 00:25:09 GMT; Path=/; SameSite=None; Secure
connect.sid=s%3ACLjRan-jHi5xONBCskbFL4f_U8JaY-M-.%2FqBSP1Nn%2FZdjL3i76MDkuPxi3LVlEiYdvsXkUbCxulk; Path=/; Expires=Sun, 06 Nov 2022 00:25:09 GMT; HttpOnly
__cf_bm=smAQKonqI.PqLfQgoCbqPrEU313i7AgJ_e0mSqSaruw-1667607909-0-Ad8txlPFE/EuGBIFfFoOzybq/T+sfl0pT1Ga2vE8xMEK+90DOrOv027OlDrJGCl5ZPHChH3vLYzl82q3htcg/Y0=; path=/; expires=Sat, 05-Nov-22 00:55:09 GMT; domain=.remitano.com; HttpOnly; Secure; SameSite=None
_cfuvid=Hu0eLNPsea8UBOZ9NPrObKCCyFn3Ng.v_zvtyKTguQE-1667607909249-0-604800000; path=/; domain=.remitano.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 76517357ebae1c02-OSL
X-Firefox-Spdy: h2
www.hotelscombined.com/?a_aid=172493
151.101.85.29302 Found 0 B URL HTTP/2 www.hotelscombined.com/?a_aid=172493
IP 151.101.85.29:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?a_aid=172493 HTTP/1.1
Host: www.hotelscombined.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hlmiq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
set-cookie: p1.med.token=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Apache=W1oqmg-AAABhEUtU0I-21-VW6u$w; Max-Age=86400000; Expires=Fri, 01 Aug 2025 00:25:09 GMT; Path=/; Secure; HTTPOnly; SameSite=None
cluster=5; Max-Age=2700; Expires=Sat, 05 Nov 2022 01:10:09 GMT; Path=/; Secure; HTTPOnly; SameSite=None
kayak=zYIgplS6$pU6VePScbal; Max-Age=94608000; Expires=Tue, 04 Nov 2025 00:25:09 GMT; Path=/; Secure; HTTPOnly; SameSite=None
p1.med.sid=R-5xt_BsquMKLomP8T7ukP6-Df4IgPV19T6ehh2T3McptkSeCLoKohhyZjGkqE_gU; Path=/; Secure; HTTPOnly; SameSite=None
kanid=kan_172493; Max-Age=2592000; Expires=Mon, 05 Dec 2022 00:25:09 GMT; Path=/; Secure; HTTPOnly; SameSite=None
kanid=kan_172493; Max-Age=2592000; Expires=Mon, 05 Dec 2022 00:25:09 GMT; Path=/; Secure; HTTPOnly; SameSite=None
languageCode=EN; Max-Age=946080000; Expires=Mon, 28 Oct 2052 00:25:09 GMT; Path=/; Secure; HTTPOnly; SameSite=None
currencyCode=USD; Max-Age=946080000; Expires=Mon, 28 Oct 2052 00:25:09 GMT; Path=/; Secure; HTTPOnly; SameSite=None
kmkid=AS-uBIYx6yXS8mOxpkbtHZA; Max-Age=94608000; Expires=Tue, 04 Nov 2025 00:25:09 GMT; Path=/; Secure; HTTPOnly; SameSite=None
a_aid=172493; Expires=Mon, 5 Dec 2022 00:25:09 GMT; Path=/; Secure; HttpOnly; SameSite=None
brandId=; Expires=1970-01-01T00:00Z; Path=/; Secure; HttpOnly; SameSite=None
label=; Expires=1970-01-01T00:00Z; Path=/; Secure; HttpOnly; SameSite=None
Mobile=0; Expires=Mon, 5 Dec 2022 00:25:09 GMT; Path=/; Secure; HttpOnly; SameSite=None
visitor=id=9a44e9d9-d935-4670-835f-ceea110e3ce0&tracked=false; Expires=Mon, 5 Dec 2022 00:25:09 GMT; Path=/; Secure; HttpOnly; SameSite=None
visit=date=2022-11-05T11:25:09.218321+11:00&id=27232d44-5adb-486a-82d4-a853e45edeea; Expires=Sat, 5 Nov 2022 04:25:09 GMT; Path=/; Secure; HttpOnly; SameSite=None
QueryBasedAffiliate=11; Path=/; Secure; HttpOnly; SameSite=None
kayak.mc=AVra2jiPaCvvYpoj3ZBHG4vTSEQrpgbgHlOD6KaugUHpF82ss4Ga-LcY_HKiw9aIpwpxcOimvFjwHjUMjS_xdMZ3t25z_lqFebDJ98qfBQ-i69WDqyUngFd-EPJZUCNDCYqKiq8uxTkgYIZZ_sFg1Qne1gHBNExbLCYdC5mh1vhSAUS7J5drw9ctVU3Q9nHWng0Mdom1B3CoH5bTByOIH7NaNSE3_xP0N1xcfNy16zSg; Max-Age=94608000; Expires=Tue, 04 Nov 2025 00:25:09 GMT; Path=/; Secure; HTTPOnly; SameSite=None
mst_iBfK2w=Uah4Rk6lyOxeAoC1lsjE9Gq4TqreA0YmLo7Xj2cqaow; Expires=Sat, 05-Nov-2022 00:40:09 GMT; Path=/; HttpOnly
server: KAYAK/1.0
content-security-policy: upgrade-insecure-requests; frame-ancestors 'self'
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: origin-when-cross-origin
content-security-policy-report-only: default-src https: blob:; connect-src https:; font-src https: data:; frame-src https:; img-src https: data: blob:; media-src https:; object-src https: data: blob:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; worker-src blob:; report-uri /s/run/cspreport/reportHttp
feature-policy: camera 'none'; microphone 'none'; midi 'none'; usb 'none'; geolocation 'self'
location: /
x-sn-waf-code:
accept-ranges: bytes
date: Sat, 05 Nov 2022 00:25:09 GMT
content-length: 0
X-Firefox-Spdy: h2
www.agoda.com/deals?pcs=1&cid=1818886
104.110.12.18200 OK 24 kB URL HTTP/2 www.agoda.com/deals?pcs=1&cid=1818886
IP 104.110.12.18:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (28444), with CRLF, LF line terminators
Hash f6c1fb419c35a62a28ce9888f03392c2
5306da20d092f5b937d3e88f8929c4d0af4f1f7a
76f2af19a9396fe866e30053fdc62b39aa1e1ef909da8cd399eff889780f18e3
GET /deals?pcs=1&cid=1818886 HTTP/1.1
Host: www.agoda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hlmiq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-type: text/html; charset=utf-8
vary: User-Agent, Accept-Encoding
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
access-control-allow-methods: GET,POST
access-control-expose-headers: ag-correlation-id
cache-control: no-store, no-cache
pragma: no-cache
request-context: appId=
ag-correlation-id: b0bfd1b8-00eb-4151-b8d2-8d0d8161b39d
x-recruiting: Like HTTP headers? Come write ours: https://careersatagoda.com/job/3931446-senior-software-engineer-full-stack-bangkok-based-relocation-provided/?gh_src=b096bae01us
x-content-type-options: nosniff
ag-dc: am
x-ua-compatible: IE=edge
x-frame-options: SAMEORIGIN
content-encoding: gzip
content-length: 24087
date: Sat, 05 Nov 2022 00:25:09 GMT
set-cookie: agoda.version.03=; path=/; expires=Fri, 04-Nov-2022 00:25:09 GMT; secure
agoda.l2=; domain=www.agoda.com; path=/; expires=Fri, 04-Nov-2022 00:25:09 GMT; secure; HttpOnly
ASP.NET_SessionId=2j20234wxrslk1aakisbtvmu; domain=www.agoda.com; path=/; SameSite=Lax; secure; HttpOnly
agoda.version.03=CookieId=a833d033-7a9a-4c26-b1cd-a2de13eb313a&TItems=2$1818886$11-05-2022 07:25$11-06-2022 07:25$&DLang=en-us&CurLabel=NOK; domain=.agoda.com; path=/; expires=Sun, 05-Nov-2023 00:00:00 GMT; secure
agoda.firstclicks=1818886||||2022-11-05T07:25:09||2j20234wxrslk1aakisbtvmu||{"IsPaid":true,"gclid":"","Type":""}; domain=.agoda.com; path=/; expires=Sun, 05-Nov-2023 00:00:00 GMT; secure; HttpOnly
agoda.lastclicks=1818886||||2022-11-05T07:25:09||2j20234wxrslk1aakisbtvmu||{"IsPaid":true,"gclid":"","Type":""}; domain=.agoda.com; path=/; expires=Sun, 05-Nov-2023 00:00:00 GMT; secure; HttpOnly
agoda.landings=1818886|||2j20234wxrslk1aakisbtvmu|2022-11-05T07:25:09|True|19----1818886|||2j20234wxrslk1aakisbtvmu|2022-11-05T07:25:09|True|20----1818886|||2j20234wxrslk1aakisbtvmu|2022-11-05T07:25:09|True|99; domain=.agoda.com; path=/; expires=Sun, 05-Nov-2023 00:00:00 GMT; secure; HttpOnly
agoda.attr.03=ATItems=1818886$11-05-2022 07:25$; domain=.agoda.com; path=/; expires=Sun, 05-Nov-2023 00:00:00 GMT; secure; HttpOnly
xsrf_token=CfDJ8Dkuqwv-0VhLoFfD8dw7lYwABKhfK3EdQVTlRyw9wwkyiRl_9JwYqhAiRyyzFSuGhhshRpGio9SCGuy6WDZVqbpWXOdFOm8PZKUTorZCBaFEkSzQ7nglvl_-dpL1HJzFIZQE0FUtaylS_Q5kW4tjyZM; path=/; samesite=strict; httponly
agoda.analytics=Id=-7128483733481704126&Signature=4986607977270007174&Expiry=1667611509228; domain=.agoda.com; path=/; expires=Sat, 05-Nov-2022 01:25:09 GMT; secure
agoda.user.03=UserId=b09d0799-c61c-45a3-b196-eef5f2e7b079; domain=.agoda.com; path=/; expires=Sun, 05-Nov-2023 00:25:09 GMT; secure
agoda.prius=PriusID=0&PointsMaxTraffic=Agoda; domain=.agoda.com; path=/; expires=Sun, 05-Nov-2023 00:25:09 GMT
X-Firefox-Spdy: h2
bongacams10.com/track?v=2&c=287325
195.85.23.222302 Found 138 B URL HTTP/2 bongacams10.com/track?v=2&c=287325
IP 195.85.23.222:0
ASN #209242 Cloudflare London, LLC
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash aff950cab4c0265e21d401db15f1026d
f03e18461817f7a6546c8bf8fa8d686d7e30aca0
753e0dd54f28c4f7009b9c0b18a68aed175416bd8b7d134858264586eaac56f0
GET /track?v=2&c=287325 HTTP/1.1
Host: bongacams10.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hlmiq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sat, 05 Nov 2022 00:25:09 GMT
content-type: text/html
content-length: 138
location: https://bngtrk.com/hit.php?v=2&c=287325
x-bc: ded7850
x-zone: 5a-web51
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=jEqmfUCdtsSaRG1dwJofg9UIoB893WCs7zxwfVuoRHA-1667607909-0-Aek3A9gxk9dshzbI+SqZnhEvMfVmtm28qqV4ue/fiZWesdw63KSvgeM+MThZ+5J4LBMaclSHXlxwESaLQK57Q3Q=; path=/; expires=Sat, 05-Nov-22 00:55:09 GMT; domain=.bongacams10.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 76517358baf7b51e-OSL
X-Firefox-Spdy: h2
cex.io/r/0/up111785894/0/
104.20.133.4301 Moved Permanently 344 B URL HTTP/2 cex.io/r/0/up111785894/0/
IP 104.20.133.4:0
Hash b5ff0756bf491c47e412654d0e7d1889
3080fe5a3ba0c6b6c2279c333527cffa2d417f49
c6ca62068d39ef7bb2e1556553bc3bb00e32bbe9a6664cd33a115d96381bf296
GET /r/0/up111785894/0/ HTTP/1.1
Host: cex.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hlmiq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Sat, 05 Nov 2022 00:25:09 GMT
location: https://cex.io
x-app-version: master.57265550.1dbaad45c18e88a49d0c64bb99d3b02e29ed87bdc87e0523c8f266206c77fd23
content-security-policy-report-only: default-src 'self';connect-src 'self' https://maps.googleapis.com https://cex.io wss://cex.io/ws/;frame-src 'self' * ext.cex.io;font-src 'self' data: 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://static.cex.io;img-src 'self' data: https://static.cex.io;media-src 'self' https://static.cex.io;style-src 'self' 'unsafe-inline' https://*.googleapis.com https://code.jquery.com https://static.cex.io;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.cex.io;report-uri https://cex.io/cspr;
x-frame-options: DENY
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS
set-cookie: cex-session=s%3ADRHkBG5XwaYOAhKUeYoXNVog.GdhVcMwb1Fb8Bd7Ubd%2FpikR6Bllz5af53tVtmfxvvzQ; Path=/; HttpOnly; Secure; SameSite=None
ref=up111785894%3A0; Max-Age=2592000; Domain=.cex.io; Path=/
strict-transport-security: max-age=15724800; includeSubDomains
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 765173583cb90b69-OSL
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 656a355c6cb333c5554fa65748d3d165
15e6dc206e412e258ca49e2eec46e67b831ea4a6
3bdcb16737f73a6985f7cfe3b221882d91b27ab3ec6f940f14477f94a0e40720
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 00:25:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
rbfxdirect.com/ru/lk/?a=zkeb
104.21.89.238302 Found 424 B URL HTTP/2 rbfxdirect.com/ru/lk/?a=zkeb
IP 104.21.89.238:0
Hash 090b1e0eeed1d01774e895cf811fc7e8
405db930666dca3faea93584753020dcde2b6249
21e4de22b3cae549a642c9e5f868397de2c026ec952bedf974dc50dbd58fb0b6
GET /ru/lk/?a=zkeb HTTP/1.1
Host: rbfxdirect.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hlmiq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sat, 05 Nov 2022 00:25:09 GMT
content-type: text/html
location: https://my28.roboforex.org/ru/?a=zkeb
strict-transport-security: max-age=31536000; includeSubDomains
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hWgk4ZKpxJBYdWs2ZLDtG%2BT%2Fap8Meuln1LyDretwDCagGnFd14ALHOccNlToN2DGIOLsgANnAGqmrUcyOMJAHUZtidhekwhUyaYB15jFlTzE5%2BTEZliNvNDy%2Fw7Tbr%2B%2FlQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 765173578d18b521-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash ccccc3a3af6ae3bc9a7905b96073c7eb
91920e71cbbee150a323de9911f7018aceca6841
008a224c7d47955532e5a9fdc86ba39caab779bbb6f2efd1ef28489ef41b692a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3698
Cache-Control: max-age=172140
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 00:25:09 GMT
Etag: "63659c5f-139"
Expires: Mon, 07 Nov 2022 00:14:09 GMT
Last-Modified: Fri, 04 Nov 2022 23:12:31 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 313
www.iherb.com/?clickref=1011lwhLWwXF&utm_source=agruna&utm_medium=affiliate&utm_campaign=1011l44232
104.18.33.133301 Moved Permanently 0 B URL HTTP/2 www.iherb.com/?clickref=1011lwhLWwXF&utm_source=agruna&utm_medium=affiliate&utm_campaign=1011l44232
IP 104.18.33.133:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?clickref=1011lwhLWwXF&utm_source=agruna&utm_medium=affiliate&utm_campaign=1011l44232 HTTP/1.1
Host: www.iherb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Sat, 05 Nov 2022 00:25:09 GMT
content-length: 0
location: https://www.iherb.com/?utm_source=agruna&utm_medium=affiliate&utm_campaign=1011l44232
cache-control: no-store
strict-transport-security: max-age=31536000; includeSubDomains
cf-cache-status: DYNAMIC
set-cookie: iher-pref1=; expires=Thu, 01 Jan 1970 00:00:00 GMT; path=/; samesite=lax
iher-pref1=storeid=0; expires=Sun, 05 Nov 2023 00:25:09 GMT; domain=.iherb.com; path=/; secure; samesite=none
ih-preference=; expires=Thu, 01 Jan 1970 00:00:00 GMT; path=/; samesite=lax
ih-preference=store=0; expires=Sun, 05 Nov 2023 00:25:09 GMT; domain=.iherb.com; path=/; secure; samesite=none
ihr-ea=; expires=Thu, 01 Jan 1970 00:00:00 GMT; path=/; samesite=lax
ihr-ea=PerformanceHorizon-1011lwhLWwXF; expires=Sat, 12 Nov 2022 00:25:09 GMT; domain=.iherb.com; path=/; secure; samesite=none
__cf_bm=0z2VkS9uAIMV9kPMjoxeThGch2wowJmIdb96bUcMMwo-1667607909-0-AeUKfvk7x5LHz2n8pybF00HUxVmsPX38Fi2NhINFkghFGAKwiP5f+Bs9/DxPU18imNyrSHSetr5eIJGR/fgkAO/engFIGa4nikRxHIJUAhfx; path=/; expires=Sat, 05-Nov-22 00:55:09 GMT; domain=.iherb.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 76517358fbc8b509-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp2.globalsign.com/gsorganizationvalsha2g2
151.101.86.133200 OK 1.5 kB URL HTTP/1.1 ocsp2.globalsign.com/gsorganizationvalsha2g2
IP 151.101.86.133:0
Hash cf765cf8853ddc05b12aebdfe7413447
89e52d21a9ef22e65aa47ac72ce3bdfc6e4fbcad
d85bf2ba619fae51dc171ed153ab0cbf7df3218ae142c12e6547b80f5cc23f73
POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 1459
Server: nginx
Content-Type: application/ocsp-response
Expires: Tue, 08 Nov 2022 21:37:29 GMT
ETag: "89e52d21a9ef22e65aa47ac72ce3bdfc6e4fbcad"
Last-Modified: Fri, 04 Nov 2022 21:37:30 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Sat, 05 Nov 2022 00:25:09 GMT
Age: 2830
X-Served-By: cache-qpg1246-QPG, cache-bma1669-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 54, 2
X-Timer: S1667607909.340147,VS0,VE0
www.exness.com/a/vps0b6j3
45.60.78.64301 Moved Permanently 0 B URL HTTP/2 www.exness.com/a/vps0b6j3
IP 45.60.78.64:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /a/vps0b6j3 HTTP/1.1
Host: www.exness.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hlmiq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Sat, 05 Nov 2022 00:25:09 GMT
content-type: text/html; charset=utf-8
content-length: 0
location: https://www.exness.com/?utm_source=partners&_8f4x=1
expires: Sat, 05 Nov 2022 00:25:09 GMT
cache-control: max-age=0, no-cache, no-store, must-revalidate, private
set-cookie: track_uid=62d12f24-6840-4ecc-9088-1a1fbf0ed3d6; Domain=.exness.com; expires=Tue, 02 Nov 2032 00:25:09 GMT; Max-Age=315360000; Path=/; SameSite=Lax
track_uid=""; expires=Thu, 01 Jan 1970 00:00:00 GMT; Max-Age=0; Path=/
agent=vps0b6j3; Domain=.exness.com; expires=Fri, 03 Feb 2023 00:25:09 GMT; Max-Age=7776000; Path=/; SameSite=Lax
agent=""; expires=Thu, 01 Jan 1970 00:00:00 GMT; Max-Age=0; Path=/
agent_timestamp=1667607909312; Domain=.exness.com; expires=Fri, 03 Feb 2023 00:25:09 GMT; Max-Age=7776000; Path=/; SameSite=Lax
agent_timestamp=""; expires=Thu, 01 Jan 1970 00:00:00 GMT; Max-Age=0; Path=/
agent_platform=mt4; Domain=.exness.com; expires=Fri, 03 Feb 2023 00:25:09 GMT; Max-Age=7776000; Path=/; SameSite=Lax
agent_platform=""; expires=Thu, 01 Jan 1970 00:00:00 GMT; Max-Age=0; Path=/
agent_link="/a/vps0b6j3"; Domain=.exness.com; expires=Fri, 03 Feb 2023 00:25:09 GMT; Max-Age=7776000; Path=/; SameSite=Lax
agent_link=""; expires=Thu, 01 Jan 1970 00:00:00 GMT; Max-Age=0; Path=/
agent_full_path="/a/vps0b6j3"; Domain=.exness.com; expires=Fri, 03 Feb 2023 00:25:09 GMT; Max-Age=7776000; Path=/; SameSite=Lax
agent_full_path=""; expires=Thu, 01 Jan 1970 00:00:00 GMT; Max-Age=0; Path=/
partnercode_enabled=true; Domain=.exness.com; expires=Fri, 03 Feb 2023 00:25:09 GMT; Max-Age=7776000; Path=/; SameSite=Lax
partnercode_enabled=""; expires=Thu, 01 Jan 1970 00:00:00 GMT; Max-Age=0; Path=/
visid_incap_961876=wTMH8MQuQLWNCGkSC15Ye2StZWMAAAAAQUIPAAAAAAA5lnIRLVluup4ThyF04cWV; expires=Sat, 04 Nov 2023 22:34:25 GMT; HttpOnly; path=/; Domain=.exness.com
nlbi_961876=tmC2YYm/WSf+ogjozTYrKwAAAAC8MjuiWD85cgRzwCWghU1w; path=/; Domain=.exness.com
incap_ses_722_961876=LAiAG/wjjzSkt7ONFRAFCmStZWMAAAAAqOea6Sf+7nohgExh1afyWQ==; path=/; Domain=.exness.com
strict-transport-security: max-age=15724800; includeSubDomains
x-content-type-options: nosniff
x-cdn: Imperva
x-iinfo: 5-7304593-7304601 NNNN CT(31 64 0) RT(1667607907987 254) q(0 0 1 -1) r(1 1) U11
X-Firefox-Spdy: h2
www.iherb.com/?clickref=1011lwhM5w8L&utm_source=cityads&utm_medium=affiliate&utm_content=1jf
104.18.33.133301 Moved Permanently 0 B URL HTTP/2 www.iherb.com/?clickref=1011lwhM5w8L&utm_source=cityads&utm_medium=affiliate&utm_content=1jf
IP 104.18.33.133:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?clickref=1011lwhM5w8L&utm_source=cityads&utm_medium=affiliate&utm_content=1jf HTTP/1.1
Host: www.iherb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Sat, 05 Nov 2022 00:25:09 GMT
content-length: 0
location: https://www.iherb.com/?utm_source=cityads&utm_medium=affiliate&utm_content=1jf
cache-control: no-store
strict-transport-security: max-age=31536000; includeSubDomains
cf-cache-status: DYNAMIC
set-cookie: iher-pref1=; expires=Thu, 01 Jan 1970 00:00:00 GMT; path=/; samesite=lax
iher-pref1=storeid=0; expires=Sun, 05 Nov 2023 00:25:09 GMT; domain=.iherb.com; path=/; secure; samesite=none
ih-preference=; expires=Thu, 01 Jan 1970 00:00:00 GMT; path=/; samesite=lax
ih-preference=store=0; expires=Sun, 05 Nov 2023 00:25:09 GMT; domain=.iherb.com; path=/; secure; samesite=none
ihr-ea=; expires=Thu, 01 Jan 1970 00:00:00 GMT; path=/; samesite=lax
ihr-ea=PerformanceHorizon-1011lwhM5w8L; expires=Sat, 12 Nov 2022 00:25:09 GMT; domain=.iherb.com; path=/; secure; samesite=none
__cf_bm=Rvggiv2STd3apsh6I3UYGQgmbpc2NwW5UNLhGJl.R8c-1667607909-0-AeHwleUxc8elEjZ8M0RRVl2DDrfSe/dM2xuncItw+AnWcOQlfPzOJ+tJAuacxhVoiMaQ8+kb9yyyAwD5cOLeJvixT0SGrWj4ShWl8Tzt+TuT; path=/; expires=Sat, 05-Nov-22 00:55:09 GMT; domain=.iherb.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 76517358ebc0b509-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e8cabb51c9072fb5ceb9cdd68bbf2032
7a70275a23e1f8e43fb0975e51c5af94643f9f67
49f9650207a077ffe4fc03e271a6f2f0e2b405f4f9865543c64b86a0e53a581b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "49F9650207A077FFE4FC03E271A6F2F0E2B405F4F9865543C64B86A0E53A581B"
Last-Modified: Thu, 03 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6774
Expires: Sat, 05 Nov 2022 02:18:03 GMT
Date: Sat, 05 Nov 2022 00:25:09 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash dd8f2dc0e5c9266044efcab16efb974d
ec6aa992ad18a53074933bcfd323e2d84f901a40
1aeb30f6e1a93fcd0d14ddc62676a4e55fa567840cbacf92ee8e328f92b196aa
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5546
Cache-Control: max-age=126154
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 00:25:09 GMT
Etag: "6364e185-117"
Expires: Sun, 06 Nov 2022 11:27:43 GMT
Last-Modified: Fri, 04 Nov 2022 09:55:17 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 279
my28.roboforex.org/ru/?a=zkeb
167.71.140.86302 Moved Temporarily 145 B URL HTTP/1.1 my28.roboforex.org/ru/?a=zkeb
IP 167.71.140.86:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash bfe2c1d1b36c62666ce9ba537d324bd4
4d52a7c6d2909a506a4e81559eb24e8af077c741
5216ad883da8fe250db6892c9abca11bae07572d49a4c48a3c42276ffe6a9fb8
GET /ru/?a=zkeb HTTP/1.1
Host: my28.roboforex.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hlmiq.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
Server: nginx/1.18.0
Date: Sat, 05 Nov 2022 00:25:09 GMT
Content-Type: text/html
Content-Length: 145
Connection: keep-alive
Location: https://adsexample.com/krug.gif
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 4b0a96341db9455afafddb993a488f21
db2c15215c47cc730ba663edf103ec1371704aa8
bc718c79f4aa09bf5030e048617274d4d5b4bc8bad4ee973c311b70e8dc763a8
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 05 Nov 2022 00:25:09 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 03 Nov 2022 07:04:22 GMT
Expires: Thu, 10 Nov 2022 07:04:21 GMT
Etag: "db2c15215c47cc730ba663edf103ec1371704aa8"
Cache-Control: max-age=455351,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 765173598d840af6-OSL
ocsp.usertrust.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash fc13f0b3ee34a0b87e0b173739d88cf1
72220db6f6e4160d4f543516969aa53ed5428223
5a6f4ada0ff9780c1144617bb6745667fc8ba5ed4cdfc58b2e0ad41f4fa64757
POST / HTTP/1.1
Host: ocsp.usertrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 05 Nov 2022 00:25:09 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 03 Nov 2022 18:10:18 GMT
Expires: Thu, 10 Nov 2022 18:10:17 GMT
Etag: "72220db6f6e4160d4f543516969aa53ed5428223"
Cache-Control: max-age=603405,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 797
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76517359ce3db4e8-OSL
localbitcoins.com/
104.18.201.62200 OK 15 kB IP 104.18.201.62:0
Hash bd0166ce083378dc8dd1b6730433cdc0
7550faf2dd62f3828341aadfbf4eef4dc18ffd1a
8e07680c04d303d2c22d6119ec25af19c6e4737a89be3bcecab0926fc0937592
GET / HTTP/1.1
Host: localbitcoins.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hlmiq.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 05 Nov 2022 00:25:09 GMT
content-type: text/html; charset=utf-8
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Accept-Language, Cookie
content-language: en
x-frame-options: DENY
content-encoding: gzip
set-cookie: last_ref="https://hlmiq.com/"; expires=Mon, 05 Dec 2022 00:25:09 GMT; HttpOnly; Max-Age=2592000; Path=/; Secure
empty_visit_id=1; expires=Sun, 05 Nov 2023 00:25:09 GMT; Max-Age=31536000; Path=/
django_language=en; Path=/
lbc_browser_id=LWXNJTUGPSRIKXKRRKNUYCCLBHGERWAO; expires=Thu, 04 May 2023 00:25:09 GMT; HttpOnly; Max-Age=15552000; Path=/; Secure
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 765173575f6db51b-OSL
X-Firefox-Spdy: h2
www.exness.com/?utm_source=partners&_8f4x=1
45.60.78.64302 Found 0 B URL HTTP/2 www.exness.com/?utm_source=partners&_8f4x=1
IP 45.60.78.64:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?utm_source=partners&_8f4x=1 HTTP/1.1
Host: www.exness.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hlmiq.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
cache-control: no-cache
content-length: 0
location: https://www.exness.uk/?utm_source=partners&_8f4x=1
set-cookie: visid_incap_961876=Et3elWPiTrab4WitDujWpGStZWMAAAAAQUIPAAAAAABYwwMxGoOgaOSIQukx2PG4; expires=Sat, 04 Nov 2023 22:34:25 GMT; HttpOnly; path=/; Domain=.exness.com
nlbi_961876=mvMKTF0B/HnZxDLEzTYrKwAAAACo6BCDmyHukVN6JqwnRhVE; path=/; Domain=.exness.com
incap_ses_722_961876=FY3ZTjpWIEKzt7ONFRAFCmStZWMAAAAAZ2dlwG/YpKM7K8jVIaFIyw==; path=/; Domain=.exness.com
x-cdn: Imperva
x-iinfo: 5-7304593-7304604 NNNN CT(24 53 0) RT(1667607907987 433) q(0 0 0 -1) r(1 1) U11
X-Firefox-Spdy: h2
bngtrk.com/hit.php?v=2&c=287325
31.192.112.221302 Found 280 B URL HTTP/2 bngtrk.com/hit.php?v=2&c=287325
IP 31.192.112.221:0
ASN #48684 Viking Host B.V.
Hash 3ce166c92b6706a803e1acd188011a7a
82cb622425e44014b6269a57918127c6b6d95a63
cd5b961f56f839be9d3857aa607d4a3d3bd4475b5badccaa7a776856cabc76b0
GET /hit.php?v=2&c=287325 HTTP/1.1
Host: bngtrk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hlmiq.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Sat, 05 Nov 2022 00:25:09 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
set-cookie: BCH_H=ab10b9d65a5d2242df32b1f67273d25e%7C2022-11-05; expires=Sun, 23-Oct-2072 00:25:09 GMT; Max-Age=1576800000; path=/; domain=.promo-bc.com
BCH_H=ab10b9d65a5d2242df32b1f67273d25e%7C2022-11-05; expires=Sun, 23-Oct-2072 00:25:09 GMT; Max-Age=1576800000; path=/; domain=.bongacams.com
BCH_H=ab10b9d65a5d2242df32b1f67273d25e%7C2022-11-05; expires=Sun, 23-Oct-2072 00:25:09 GMT; Max-Age=1576800000; path=/; domain=.bongocams.biz
BCH_H=ab10b9d65a5d2242df32b1f67273d25e%7C2022-11-05; expires=Sun, 23-Oct-2072 00:25:09 GMT; Max-Age=1576800000; path=/; domain=.bongacams.org
BCH_H=ab10b9d65a5d2242df32b1f67273d25e%7C2022-11-05; expires=Sun, 23-Oct-2072 00:25:09 GMT; Max-Age=1576800000; path=/; domain=.bongacams10.com
BCH_H=ab10b9d65a5d2242df32b1f67273d25e%7C2022-11-05; expires=Sun, 23-Oct-2072 00:25:09 GMT; Max-Age=1576800000; path=/; domain=.bcmspt.com
BCH_H=ab10b9d65a5d2242df32b1f67273d25e%7C2022-11-05; expires=Sun, 23-Oct-2072 00:25:09 GMT; Max-Age=1576800000; path=/; domain=.bngwlt.com
BCH_H=ab10b9d65a5d2242df32b1f67273d25e%7C2022-11-05; expires=Sun, 23-Oct-2072 00:25:09 GMT; Max-Age=1576800000; path=/; domain=.bngpt.com
BCH_H=ab10b9d65a5d2242df32b1f67273d25e%7C2022-11-05; expires=Sun, 23-Oct-2072 00:25:09 GMT; Max-Age=1576800000; path=/; domain=.bngpst.com
BCH_H=ab10b9d65a5d2242df32b1f67273d25e%7C2022-11-05; expires=Sun, 23-Oct-2072 00:25:09 GMT; Max-Age=1576800000; path=/; domain=.bngprl.com
BCH_H=ab10b9d65a5d2242df32b1f67273d25e%7C2022-11-05; expires=Sun, 23-Oct-2072 00:25:09 GMT; Max-Age=1576800000; path=/; domain=.bngpop.com
BCH_H=ab10b9d65a5d2242df32b1f67273d25e%7C2022-11-05; expires=Sun, 23-Oct-2072 00:25:09 GMT; Max-Age=1576800000; path=/; domain=.bngosv.com
BCH_H=ab10b9d65a5d2242df32b1f67273d25e%7C2022-11-05; expires=Sun, 23-Oct-2072 00:25:09 GMT; Max-Age=1576800000; path=/; domain=.bngvs.com
BCH_H=ab10b9d65a5d2242df32b1f67273d25e%7C2022-11-05; expires=Sun, 23-Oct-2072 00:25:09 GMT; Max-Age=1576800000; path=/; domain=.bngdyn.com
BCH_H=ab10b9d65a5d2242df32b1f67273d25e%7C2022-11-05; expires=Sun, 23-Oct-2072 00:25:09 GMT; Max-Age=1576800000; path=/; domain=.dynspt.com
BCH_H=ab10b9d65a5d2242df32b1f67273d25e%7C2022-11-05; expires=Sun, 23-Oct-2072 00:25:09 GMT; Max-Age=1576800000; path=/; domain=.ecdyn.com
BCH_H=ab10b9d65a5d2242df32b1f67273d25e%7C2022-11-05; expires=Sun, 23-Oct-2072 00:25:09 GMT; Max-Age=1576800000; path=/; domain=.trkbc.com
BCH_H=ab10b9d65a5d2242df32b1f67273d25e%7C2022-11-05; expires=Sun, 23-Oct-2072 00:25:09 GMT; Max-Age=1576800000; path=/; domain=.trkbng.com
BCH_H=ab10b9d65a5d2242df32b1f67273d25e%7C2022-11-05; expires=Sun, 23-Oct-2072 00:25:09 GMT; Max-Age=1576800000; path=/; domain=.bngtrk.com
BCH_H=ab10b9d65a5d2242df32b1f67273d25e%7C2022-11-05; expires=Sun, 23-Oct-2072 00:25:09 GMT; Max-Age=1576800000; path=/; domain=.bcprm.com
location: https://bongacams.com?bcs=b3JoaWFiMTBiOWQ2NWE1ZDIyNDJkZjMyYjFmNjcyNzNkMjVlOjoxODMzNDY6Omh0dHBzOi8vaGxtaXEuY29tLzo6Ojo6OjI4NzMyNTo6MDo6MDo6MDo6OjowOjpkZWZhdWx0Ojow
expires: Sat, 05 Nov 2022 00:25:08 GMT
x-bcs: ded7384
strict-transport-security: max-age=0;
cache-control: no-cache, public
x-bc-bl: 102
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 926273a3177b7bd414c277e598d5565d
6f666de3a0ab52e6468a540da72dea4a1f6e589f
28df30d566a7e58152447d975421c33ad2f70a95fe7746087b9ac4cb18847895
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "28DF30D566A7E58152447D975421C33AD2F70A95FE7746087B9AC4CB18847895"
Last-Modified: Thu, 03 Nov 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9628
Expires: Sat, 05 Nov 2022 03:05:37 GMT
Date: Sat, 05 Nov 2022 00:25:09 GMT
Connection: keep-alive
faucetpay.io/?r=612200
172.67.73.12200 OK 4.4 kB IP 172.67.73.12:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (6711)
Hash a1b5ba1ac855adfad1966af0177822b6
23592c6000db2dd7e8453def05537f93a3bf643c
b394798bed0d9a8b6f0711cb8c4ac6552bbcd416f6b289480be9ad97dcf38e23
GET /?r=612200 HTTP/1.1
Host: faucetpay.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hlmiq.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 05 Nov 2022 00:25:09 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: faucetpay=5ndnclsl2cj99kvnaa32abfbhi; path=/; HttpOnly
source=612200; expires=Sun, 05-Nov-2023 06:13:55 GMT; Max-Age=31556926; path=/; domain=.faucetpay.io
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
allow: GET, POST, HEAD
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pGv5%2FhGsH1pG%2BTAyHe%2Fl6mze9jVIEPyjvaZF3y9Nfrm5FEjmMKiaLq9fta9nTxJHX4OFuDqXRZ1NeCtuKKOP9yn8J1CMbwNmeHftR%2BBLZW4%2B6M1AmabX%2BGtRzHAaqA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76517359edb8fab8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp2.globalsign.com/gsorganizationvalsha2g2
151.101.86.133200 OK 1.5 kB URL HTTP/1.1 ocsp2.globalsign.com/gsorganizationvalsha2g2
IP 151.101.86.133:0
Hash 305063788f688885ba1cbee2c6950925
b5deb6b485ea592451bc9c71c4b488c80e9b880a
f54a0d984f40060ee769e846de8c181d27fceb5108110145e629493c888ef050
POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 1459
Server: nginx
Content-Type: application/ocsp-response
Expires: Wed, 09 Nov 2022 00:07:16 GMT
ETag: "b5deb6b485ea592451bc9c71c4b488c80e9b880a"
Last-Modified: Sat, 05 Nov 2022 00:07:17 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Sat, 05 Nov 2022 00:25:09 GMT
Age: 1072
X-Served-By: cache-qpg1253-QPG, cache-bma1669-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 34, 1
X-Timer: S1667607910.541270,VS0,VE0
www.iherb.com/?utm_source=cityads&utm_medium=affiliate&utm_content=1jf
104.18.33.133302 Found 0 B URL HTTP/2 www.iherb.com/?utm_source=cityads&utm_medium=affiliate&utm_content=1jf
IP 104.18.33.133:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?utm_source=cityads&utm_medium=affiliate&utm_content=1jf HTTP/1.1
Host: www.iherb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: iher-pref1=storeid=0; ih-preference=store=0; ihr-ea=PerformanceHorizon-1011lwhM5w8L; __cf_bm=Rvggiv2STd3apsh6I3UYGQgmbpc2NwW5UNLhGJl.R8c-1667607909-0-AeHwleUxc8elEjZ8M0RRVl2DDrfSe/dM2xuncItw+AnWcOQlfPzOJ+tJAuacxhVoiMaQ8+kb9yyyAwD5cOLeJvixT0SGrWj4ShWl8Tzt+TuT
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Sat, 05 Nov 2022 00:25:09 GMT
content-length: 0
location: https://no.iherb.com/?utm_source=cityads&utm_medium=affiliate&utm_content=1jf
cache-control: no-cache
datacenter: production/catalog/frankfurt
buildnumber: 1761
x-client-id: page-home
strict-transport-security: max-age=31536000; includeSubDomains
cf-cache-status: EXPIRED
vary: Accept-Encoding
server: cloudflare
cf-ray: 765173598c2bb509-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.iherb.com/?utm_source=agruna&utm_medium=affiliate&utm_campaign=1011l44232
104.18.33.133302 Found 0 B URL HTTP/2 www.iherb.com/?utm_source=agruna&utm_medium=affiliate&utm_campaign=1011l44232
IP 104.18.33.133:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?utm_source=agruna&utm_medium=affiliate&utm_campaign=1011l44232 HTTP/1.1
Host: www.iherb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: iher-pref1=storeid=0; ih-preference=store=0; ihr-ea=PerformanceHorizon-1011lwhLWwXF; __cf_bm=0z2VkS9uAIMV9kPMjoxeThGch2wowJmIdb96bUcMMwo-1667607909-0-AeUKfvk7x5LHz2n8pybF00HUxVmsPX38Fi2NhINFkghFGAKwiP5f+Bs9/DxPU18imNyrSHSetr5eIJGR/fgkAO/engFIGa4nikRxHIJUAhfx
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Sat, 05 Nov 2022 00:25:09 GMT
content-length: 0
location: https://no.iherb.com/?utm_source=agruna&utm_medium=affiliate&utm_campaign=1011l44232
cache-control: no-cache
datacenter: production/catalog/london
buildnumber: 1761
x-client-id: page-home
strict-transport-security: max-age=31536000; includeSubDomains
cf-cache-status: EXPIRED
vary: Accept-Encoding
server: cloudflare
cf-ray: 765173596c1eb509-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
sale.aliexpress.ru/ru/__pc/continuation_default.htm?af=a&59363&cn=oslo&cv=376357&dp=91.90.42.154&aff_fcid=13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd&tt=CPS_NORMAL&aff_fsk=_DkvbRPd&aff_platform=portals-tool&sk=_DkvbRPd&aff_trace_key=13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd&terminal_id=fa3817770ce548f0b25c33422b4b5137
47.246.133.23302 Found 0 B URL HTTP/2 sale.aliexpress.ru/ru/__pc/continuation_default.htm?af=a&59363&cn=oslo&cv=376357&dp=91.90.42.154&aff_fcid=13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd&tt=CPS_NORMAL&aff_fsk=_DkvbRPd&aff_platform=portals-tool&sk=_DkvbRPd&aff_trace_key=13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd&terminal_id=fa3817770ce548f0b25c33422b4b5137
IP 47.246.133.23:0
ASN #45102 Alibaba US Technology Co., Ltd.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ru/__pc/continuation_default.htm?af=a&59363&cn=oslo&cv=376357&dp=91.90.42.154&aff_fcid=13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd&tt=CPS_NORMAL&aff_fsk=_DkvbRPd&aff_platform=portals-tool&sk=_DkvbRPd&aff_trace_key=13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd&terminal_id=fa3817770ce548f0b25c33422b4b5137 HTTP/1.1
Host: sale.aliexpress.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.regionic.info/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sat, 05 Nov 2022 00:25:09 GMT
content-length: 0
location: https://login.aliexpress.com/sync_cookie_read.htm?xman_goto=https%3A%2F%2Fsale.aliexpress.ru%2Fru%2F__pc%2Fcontinuation_default.htm%3Faf%3Da%2659363%26cn%3Doslo%26cv%3D376357%26dp%3D91.90.42.154%26aff_fcid%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26tt%3DCPS_NORMAL%26aff_fsk%3D_DkvbRPd%26aff_platform%3Dportals-tool%26sk%3D_DkvbRPd%26aff_trace_key%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26terminal_id%3Dfa3817770ce548f0b25c33422b4b5137
set-cookie: ali_apache_id=33.19.92.47.1667607909599.156973.3; path=/; domain=.aliexpress.com; expires=Wed, 30-Nov-2084 01:01:01 GMT
xman_us_f=x_l=0; Domain=.aliexpress.ru; Expires=Thu, 23-Nov-2090 03:39:16 GMT; Path=/
acs_usuc_t=x_csrf=2bzxiy90dr8u&acs_rt=86b9201a23ae4a5891088058a59915f8; Domain=.aliexpress.ru; Path=/
xman_t=kNadOS/vmeMT9Ut7C1Pri7cRecFgXEOGc+d1tM0948oNIqonvZVI0G8wlHinja3y; Domain=.aliexpress.ru; Expires=Fri, 03-Feb-2023 00:25:09 GMT; Path=/; HttpOnly
xman_f=faNFmirEtdswFdhMpsLrGnAtuaKQkNNF91YQj7/+3N1hdgBjECQd55TWlBHI00hG; Domain=.aliexpress.ru; Expires=Thu, 23-Nov-2090 03:39:16 GMT; Path=/; HttpOnly
p3p: CP="CAO PSA OUR"
server: Tengine/Aserver
eagleeye-traceid: 21135c2f16676079095972831ef31a
strict-transport-security: max-age=31536000
timing-allow-origin: *
X-Firefox-Spdy: h2
login.aliexpress.com/sync_cookie_read.htm?xman_goto=https%3A%2F%2Fsale.aliexpress.ru%2Fru%2F__pc%2Fcontinuation_default.htm%3Faf%3Da%2659363%26cn%3Doslo%26cv%3D376357%26dp%3D91.90.42.154%26aff_fcid%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26tt%3DCPS_NORMAL%26aff_fsk%3D_DkvbRPd%26aff_platform%3Dportals-tool%26sk%3D_DkvbRPd%26aff_trace_key%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26terminal_id%3Dfa3817770ce548f0b25c33422b4b5137
104.110.21.4302 Found 0 B URL HTTP/2 login.aliexpress.com/sync_cookie_read.htm?xman_goto=https%3A%2F%2Fsale.aliexpress.ru%2Fru%2F__pc%2Fcontinuation_default.htm%3Faf%3Da%2659363%26cn%3Doslo%26cv%3D376357%26dp%3D91.90.42.154%26aff_fcid%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26tt%3DCPS_NORMAL%26aff_fsk%3D_DkvbRPd%26aff_platform%3Dportals-tool%26sk%3D_DkvbRPd%26aff_trace_key%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26terminal_id%3Dfa3817770ce548f0b25c33422b4b5137
IP 104.110.21.4:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sync_cookie_read.htm?xman_goto=https%3A%2F%2Fsale.aliexpress.ru%2Fru%2F__pc%2Fcontinuation_default.htm%3Faf%3Da%2659363%26cn%3Doslo%26cv%3D376357%26dp%3D91.90.42.154%26aff_fcid%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26tt%3DCPS_NORMAL%26aff_fsk%3D_DkvbRPd%26aff_platform%3Dportals-tool%26sk%3D_DkvbRPd%26aff_trace_key%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26terminal_id%3Dfa3817770ce548f0b25c33422b4b5137 HTTP/1.1
Host: login.aliexpress.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.regionic.info/
Connection: keep-alive
Cookie: af_ss_a=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html;charset=UTF-8
content-length: 0
p3p: CP="CAO PSA OUR"
location: https://login.aliexpress.ru/sync_cookie_write.htm?acs_random_token=51ead96442cd46adab4fb47074343479&xman_goto=https%3A%2F%2Fsale.aliexpress.ru%2Fru%2F__pc%2Fcontinuation_default.htm%3Faf%3Da%2659363%26cn%3Doslo%26cv%3D376357%26dp%3D91.90.42.154%26aff_fcid%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26tt%3DCPS_NORMAL%26aff_fsk%3D_DkvbRPd%26aff_platform%3Dportals-tool%26sk%3D_DkvbRPd%26aff_trace_key%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26terminal_id%3Dfa3817770ce548f0b25c33422b4b5137
content-language: en-US
server: Tengine/Aserver
eagleeye-traceid: 0b0a182b16676079096988931e7315
strict-transport-security: max-age=31536000
timing-allow-origin: *
date: Sat, 05 Nov 2022 00:25:09 GMT
set-cookie: ali_apache_id=11.10.24.43.1667607909721.331450.9; path=/; domain=.aliexpress.com; expires=Wed, 30-Nov-2084 01:01:01 GMT
xman_us_f=x_l=0&acs_rt=51ead96442cd46adab4fb47074343479; Domain=.aliexpress.com; Expires=Thu, 23-Nov-2090 03:39:16 GMT; Path=/
xman_t=LxOmYhOPQV41Mw1vRhoHC1yHLMd3WDxBuKg5cee2Nlkq29g+FvkJugk0ICN71Qxp; Domain=.aliexpress.com; Expires=Fri, 03-Feb-2023 00:25:09 GMT; Path=/; HttpOnly
acs_usuc_t=acs_rt=51ead96442cd46adab4fb47074343479&x_csrf=14__11ffbz3rc; Domain=.aliexpress.com; Path=/
xman_f=O4I/KCvUmcHf7gAMipaHynA28mMMNSb/PvEJyDnn6M8R+84tIrQ9cBMKNG9BSj1yf+HxyVmil1f+yQcW+PA4xCIeQBFb2t+QSJuX2C1+PfTFmlcYuOjqag==; Domain=.aliexpress.com; Expires=Thu, 23-Nov-2090 03:39:16 GMT; Path=/; HttpOnly
ali_apache_track=; Domain=.aliexpress.com; Expires=Thu, 23-Nov-2090 03:39:16 GMT; Path=/
ali_apache_tracktmp=; Domain=.aliexpress.com; Path=/
xman_us_f=x_l=0&acs_rt=51ead96442cd46adab4fb47074343479; Domain=.aliexpress.com; Expires=Thu, 23-Nov-2090 03:39:16 GMT; Path=/
xman_t=n5bo50I6w1e1yGsON/KIJYqSGNNiNklPcf+yNF+uQfv/0REtQSDpVzDy6B8IwmBd; Domain=.aliexpress.com; Expires=Fri, 03-Feb-2023 00:25:09 GMT; Path=/; HttpOnly
acs_usuc_t=acs_rt=51ead96442cd46adab4fb47074343479&x_csrf=14__11ffbz3rc; Domain=.aliexpress.com; Path=/
xman_f=PhsOtEjli7POZYeo+D8sb4Slq68AEv5ZSDcM5HOmwhAbZZnIAvLjQK449i7OrXqIoTXD9Br9HtdqAcM2SKf2fPhlJ30E81A3wut/8vsjXqXv0KIq6Pz9YQ==; Domain=.aliexpress.com; Expires=Thu, 23-Nov-2090 03:39:16 GMT; Path=/; HttpOnly
e_id=pt40; Expires=Tue, 02 Nov 2032 00:25:09 GMT; Path=/; Domain=.aliexpress.com
X-Firefox-Spdy: h2
hyvesgames.nl/forwarded
172.67.215.15301 Moved Permanently 5.1 kB IP 172.67.215.15:0
Hash 72e46ec6474cff50706e11390818b455
5644ae40a96a5db7f26b959f4cdd143afbffc6d1
ca0b02ee2713417328e4cad453355aae6167e76eb634204d87fc94830d881e85
GET /forwarded HTTP/1.1
Host: hyvesgames.nl
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.regionic.info/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Sat, 05 Nov 2022 00:25:08 GMT
content-type: text/html; charset=iso-8859-1
location: https://hyvesgames.nl/forwarded/
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kWXCgy%2Bg8ePQYsmUis1wAVkUp8XpcLyR%2BNGQ%2BPT9JJVSxP0ThfhgjyKr1j7aXdXrboss7BU12t5zTHjHfnIZtV9xy7Ih1teXULkzPEHvO%2FzVvgyOy7CYrvdL5eJu792H"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 765173519b7db4ee-OSL
X-Firefox-Spdy: h2
login.aliexpress.ru/sync_cookie_write.htm?acs_random_token=51ead96442cd46adab4fb47074343479&xman_goto=https%3A%2F%2Fsale.aliexpress.ru%2Fru%2F__pc%2Fcontinuation_default.htm%3Faf%3Da%2659363%26cn%3Doslo%26cv%3D376357%26dp%3D91.90.42.154%26aff_fcid%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26tt%3DCPS_NORMAL%26aff_fsk%3D_DkvbRPd%26aff_platform%3Dportals-tool%26sk%3D_DkvbRPd%26aff_trace_key%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26terminal_id%3Dfa3817770ce548f0b25c33422b4b5137
47.246.133.23302 Found 0 B URL HTTP/2 login.aliexpress.ru/sync_cookie_write.htm?acs_random_token=51ead96442cd46adab4fb47074343479&xman_goto=https%3A%2F%2Fsale.aliexpress.ru%2Fru%2F__pc%2Fcontinuation_default.htm%3Faf%3Da%2659363%26cn%3Doslo%26cv%3D376357%26dp%3D91.90.42.154%26aff_fcid%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26tt%3DCPS_NORMAL%26aff_fsk%3D_DkvbRPd%26aff_platform%3Dportals-tool%26sk%3D_DkvbRPd%26aff_trace_key%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26terminal_id%3Dfa3817770ce548f0b25c33422b4b5137
IP 47.246.133.23:0
ASN #45102 Alibaba US Technology Co., Ltd.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sync_cookie_write.htm?acs_random_token=51ead96442cd46adab4fb47074343479&xman_goto=https%3A%2F%2Fsale.aliexpress.ru%2Fru%2F__pc%2Fcontinuation_default.htm%3Faf%3Da%2659363%26cn%3Doslo%26cv%3D376357%26dp%3D91.90.42.154%26aff_fcid%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26tt%3DCPS_NORMAL%26aff_fsk%3D_DkvbRPd%26aff_platform%3Dportals-tool%26sk%3D_DkvbRPd%26aff_trace_key%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26terminal_id%3Dfa3817770ce548f0b25c33422b4b5137 HTTP/1.1
Host: login.aliexpress.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.regionic.info/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Sat, 05 Nov 2022 00:25:09 GMT
content-type: text/html;charset=UTF-8
content-length: 0
location: https://sale.aliexpress.ru/ru/__pc/continuation_default.htm?af=a&59363&cn=oslo&cv=376357&dp=91.90.42.154&aff_fcid=13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd&tt=CPS_NORMAL&aff_fsk=_DkvbRPd&aff_platform=portals-tool&sk=_DkvbRPd&aff_trace_key=13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd&terminal_id=fa3817770ce548f0b25c33422b4b5137
set-cookie: ali_apache_id=33.19.92.47.1667607909818.156894.0; path=/; domain=.aliexpress.com; expires=Wed, 30-Nov-2084 01:01:01 GMT
xman_us_f=x_l=0&acs_rt=51ead96442cd46adab4fb47074343479; Domain=.aliexpress.ru; Expires=Thu, 23-Nov-2090 03:39:16 GMT; Path=/
xman_t=kvg+mBcEAmwqTNcS0+Lllt2WgSptn9Zr898RHzU7zQ1MdnV3s8O7+bbStETR9aIi; Domain=.aliexpress.ru; Expires=Fri, 03-Feb-2023 00:25:09 GMT; Path=/; HttpOnly
acs_usuc_t=acs_rt=a1516522eae043b4bd60875b2b45d39c&x_csrf=tfzelzuz_9sp; Domain=.aliexpress.ru; Path=/
xman_f=EAzjbodTIW1ql6R/LO5NAtXXoZfUI7u+ViLrSIzmtKJXWQ2N5/XC0t2c7P6naDBsC4bsUSxk7NhOM3FbI+eYdhk7xZJWj5oils7LwRSRk4TDYxL83y8KVA==; Domain=.aliexpress.ru; Expires=Thu, 23-Nov-2090 03:39:16 GMT; Path=/; HttpOnly
ali_apache_track=; Domain=.alibaba.com; Expires=Thu, 23-Nov-2090 03:39:16 GMT; Path=/
ali_apache_tracktmp=; Domain=.alibaba.com; Path=/
xman_us_f=x_l=0&acs_rt=51ead96442cd46adab4fb47074343479; Domain=.aliexpress.ru; Expires=Thu, 23-Nov-2090 03:39:16 GMT; Path=/
xman_t=ft3s6Qz1U9aWApKH1STVe2kb0Ygh4/LoOYsN+n+wtGakzB9wO43k2egjEMFeWHpv; Domain=.aliexpress.ru; Expires=Fri, 03-Feb-2023 00:25:09 GMT; Path=/; HttpOnly
acs_usuc_t=acs_rt=a1516522eae043b4bd60875b2b45d39c&x_csrf=tfzelzuz_9sp; Domain=.aliexpress.ru; Path=/
xman_f=r7pXQuE4ox/rNp1bgt+Syy262OSx3F7BR9pgp/7PRldNJ0t3DOEcKk8TC7f8hdEnP70lxijzVVp2ipeCfnLzBDiKjkSXvDjoDYEsHrYuJ36Va1q7PFFwVw==; Domain=.aliexpress.ru; Expires=Thu, 23-Nov-2090 03:39:16 GMT; Path=/; HttpOnly
p3p: CP="CAO PSA OUR"
content-language: en-US
server: Tengine/Aserver
eagleeye-traceid: 21135c2f16676079098162836ef31a
strict-transport-security: max-age=31536000
timing-allow-origin: *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash bdde5aafc45c91b738060228c1fe09a2
bf1bcf98be4471d110386dff018d2d4eefe17311
e41a2d7f41944258d801ee9de2016d668aad18530a6e7afeb4238bce94fa7695
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E41A2D7F41944258D801EE9DE2016D668AAD18530A6E7AFEB4238BCE94FA7695"
Last-Modified: Thu, 03 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2818
Expires: Sat, 05 Nov 2022 01:12:07 GMT
Date: Sat, 05 Nov 2022 00:25:09 GMT
Connection: keep-alive
www.exness.uk/?utm_source=partners&_8f4x=1
45.60.78.64200 OK 4.2 kB URL HTTP/2 www.exness.uk/?utm_source=partners&_8f4x=1
IP 45.60.78.64:0
Hash eb21eff316dae6e6a40340462959a3cd
f54fbc52469b37a14b7b5a8fb1a465e1f61ef5c9
8f61f4ce054ce2f860253a34e2666d0b85f2829486f3b87f63b5053ab31ee0fe
GET /?utm_source=partners&_8f4x=1 HTTP/1.1
Host: www.exness.uk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hlmiq.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 05 Nov 2022 00:25:09 GMT
content-type: text/html
last-modified: Thu, 20 Oct 2022 12:38:45 GMT
etag: W/"63514155-d005"
x-frame-options: DENY
x-xss-protection: 1; mode=block
referrer-policy: same-origin
link: </webpack-runtime-05add18e199058368732.js>; rel=preload; as=script, </framework-503975f2ecca4dec5b9e.js>; rel=preload; as=script, </app-af4825c57c6cc40c7ea1.js>; rel=preload; as=script, </d31dfba0d8a2627e52b662160effaf0aef569c96-aac34ff45202379bb23e.js>; rel=preload; as=script, </component---src-templates-page-home-js-ec319e746c3d703bc940.js>; rel=preload; as=script, </page-data/app-data.json>; rel=preload; as=fetch; crossorigin, </page-data/index/page-data.json>; rel=preload; as=fetch; crossorigin
x-router-node: pw-uk-97447b6c4-lnrll
x-robots-tag: noindex, nofollow
strict-transport-security: max-age=15724800; includeSubDomains
cache-control: no-cache, private
x-content-type-options: nosniff
set-cookie: language=en;Path=/;Max-Age=2628000
nlbi_1243376=6A7OBYD2y1zeWgKhhB7R3QAAAADiaO6VD9psIWn493Gp8cvf; path=/; Domain=.exness.uk
visid_incap_1243376=fx6M1Ns9RB+AE7YoumjBNWStZWMAAAAAQUIPAAAAAADWz4nMe1REZJOGmYO/XgXq; expires=Sat, 04 Nov 2023 22:34:32 GMT; HttpOnly; path=/; Domain=.exness.uk
incap_ses_722_1243376=M7EoY7CciEi7t7ONFRAFCmStZWMAAAAA+hUe2wyNFlDVHHKKJl1jLg==; path=/; Domain=.exness.uk
x-cdn: Imperva
content-encoding: gzip
x-iinfo: 9-4500211-4493161 pNYN RT(1667607908632 20) q(0 0 0 0) r(0 0) U12
X-Firefox-Spdy: h2
www.hotelscombined.com/
151.101.85.29200 OK 8.2 kB IP 151.101.85.29:0
Hash dece7aa7e6dde6c92b5e71d69c07f344
d3239b8f8c99a5019778bbec3064ecbde62eb3b7
b927bbd1870386e4eb48fecde3a57692f1b5006c599e659d007ec67686f79270
GET / HTTP/1.1
Host: www.hotelscombined.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hlmiq.com/
Cookie: Apache=W1oqmg-AAABhEUtU0I-21-VW6u$w; cluster=5; kayak=zYIgplS6$pU6VePScbal; p1.med.sid=R-5xt_BsquMKLomP8T7ukP6-Df4IgPV19T6ehh2T3McptkSeCLoKohhyZjGkqE_gU; kanid=kan_172493; languageCode=EN; currencyCode=USD; kmkid=AS-uBIYx6yXS8mOxpkbtHZA; a_aid=172493; brandId=; label=; Mobile=0; visitor=id=9a44e9d9-d935-4670-835f-ceea110e3ce0&tracked=false; visit=date=2022-11-05T11:25:09.218321+11:00&id=27232d44-5adb-486a-82d4-a853e45edeea; QueryBasedAffiliate=11; kayak.mc=AVra2jiPaCvvYpoj3ZBHG4vTSEQrpgbgHlOD6KaugUHpF82ss4Ga-LcY_HKiw9aIpwpxcOimvFjwHjUMjS_xdMZ3t25z_lqFebDJ98qfBQ-i69WDqyUngFd-EPJZUCNDCYqKiq8uxTkgYIZZ_sFg1Qne1gHBNExbLCYdC5mh1vhSAUS7J5drw9ctVU3Q9nHWng0Mdom1B3CoH5bTByOIH7NaNSE3_xP0N1xcfNy16zSg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
set-cookie: Apache=W1oqmg-AAABhEUtU0I-21-VW6u$w; Max-Age=86400000; Expires=Fri, 01 Aug 2025 00:25:09 GMT; Path=/; Secure; HTTPOnly; SameSite=None
cluster=5; Max-Age=2700; Expires=Sat, 05 Nov 2022 01:10:09 GMT; Path=/; Secure; HTTPOnly; SameSite=None
languageCode=EN; Max-Age=946080000; Expires=Mon, 28 Oct 2052 00:25:09 GMT; Path=/; Secure; HTTPOnly; SameSite=None
currencyCode=USD; Max-Age=946080000; Expires=Mon, 28 Oct 2052 00:25:09 GMT; Path=/; Secure; HTTPOnly; SameSite=None
languageCode=EN; Max-Age=946080000; Expires=Mon, 28 Oct 2052 00:25:09 GMT; Path=/; Secure; HTTPOnly; SameSite=None
currencyCode=USD; Max-Age=946080000; Expires=Mon, 28 Oct 2052 00:25:09 GMT; Path=/; Secure; HTTPOnly; SameSite=None
mst_iBfK2w=oYw-QrLvHx3kXoIWblxOD7l4v7fFv1b8jsNNKzmEAgQ; Expires=Sat, 05-Nov-2022 00:40:09 GMT; Path=/; HttpOnly
csid=997621c0-3f58-49ed-bb0e-c9b2c2f86389; path=/; Secure; SameSite=Strict;
server: KAYAK/1.0
content-security-policy: upgrade-insecure-requests; frame-ancestors 'self'
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-encoding: br
referrer-policy: origin-when-cross-origin
content-security-policy-report-only: default-src https: blob:; connect-src https:; font-src https: data:; frame-src https:; img-src https: data: blob:; media-src https:; object-src https: data: blob:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; worker-src blob:; report-uri /s/run/cspreport/reportHttp
feature-policy: camera 'none'; microphone 'none'; midi 'none'; usb 'none'; geolocation 'self'
content-language: en-US
content-type: text/html;charset=UTF-8
x-sn-waf-code:
accept-ranges: bytes
date: Sat, 05 Nov 2022 00:25:09 GMT
vary: Accept-Encoding
cache-control: private, no-store
X-Firefox-Spdy: h2
login.aliexpress.ru/sync_cookie_write.htm?acs_random_token=104da5fdf28a4ce89d547ca08bee9028&xman_goto=https%3A%2F%2Fsale.aliexpress.ru%2Fru%2F__pc%2Fcontinuation_default.htm%3Faf%3Da%2659363%26cn%3Doslo%26cv%3D376357%26dp%3D91.90.42.154%26aff_fcid%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26tt%3DCPS_NORMAL%26aff_fsk%3D_DkvbRPd%26aff_platform%3Dportals-tool%26sk%3D_DkvbRPd%26aff_trace_key%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26terminal_id%3Dfa3817770ce548f0b25c33422b4b5137
47.246.133.23302 Found 0 B URL HTTP/2 login.aliexpress.ru/sync_cookie_write.htm?acs_random_token=104da5fdf28a4ce89d547ca08bee9028&xman_goto=https%3A%2F%2Fsale.aliexpress.ru%2Fru%2F__pc%2Fcontinuation_default.htm%3Faf%3Da%2659363%26cn%3Doslo%26cv%3D376357%26dp%3D91.90.42.154%26aff_fcid%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26tt%3DCPS_NORMAL%26aff_fsk%3D_DkvbRPd%26aff_platform%3Dportals-tool%26sk%3D_DkvbRPd%26aff_trace_key%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26terminal_id%3Dfa3817770ce548f0b25c33422b4b5137
IP 47.246.133.23:0
ASN #45102 Alibaba US Technology Co., Ltd.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sync_cookie_write.htm?acs_random_token=104da5fdf28a4ce89d547ca08bee9028&xman_goto=https%3A%2F%2Fsale.aliexpress.ru%2Fru%2F__pc%2Fcontinuation_default.htm%3Faf%3Da%2659363%26cn%3Doslo%26cv%3D376357%26dp%3D91.90.42.154%26aff_fcid%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26tt%3DCPS_NORMAL%26aff_fsk%3D_DkvbRPd%26aff_platform%3Dportals-tool%26sk%3D_DkvbRPd%26aff_trace_key%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26terminal_id%3Dfa3817770ce548f0b25c33422b4b5137 HTTP/1.1
Host: login.aliexpress.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.regionic.info/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Sat, 05 Nov 2022 00:25:09 GMT
content-type: text/html;charset=UTF-8
content-length: 0
location: https://sale.aliexpress.ru/ru/__pc/continuation_default.htm?af=a&59363&cn=oslo&cv=376357&dp=91.90.42.154&aff_fcid=13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd&tt=CPS_NORMAL&aff_fsk=_DkvbRPd&aff_platform=portals-tool&sk=_DkvbRPd&aff_trace_key=13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd&terminal_id=fa3817770ce548f0b25c33422b4b5137
set-cookie: ali_apache_id=33.19.92.47.1667607909979.157274.4; path=/; domain=.aliexpress.com; expires=Wed, 30-Nov-2084 01:01:01 GMT
xman_us_f=x_l=0&acs_rt=104da5fdf28a4ce89d547ca08bee9028; Domain=.aliexpress.ru; Expires=Thu, 23-Nov-2090 03:39:16 GMT; Path=/
xman_t=1VXLPxvVq6IdXlwYpUNuiPLtm2E2+DloMh/iljLC2SDUVan4JHp1zc99kYusRK9b; Domain=.aliexpress.ru; Expires=Fri, 03-Feb-2023 00:25:09 GMT; Path=/; HttpOnly
acs_usuc_t=acs_rt=0a619c88e1fe4176904d420cdd3119d0&x_csrf=jxhuaeglwtvw; Domain=.aliexpress.ru; Path=/
xman_f=4vT4Lugu3TiQNaE6dUhTwib7zS9Fkcd/KmqBoYsV3Z3JRpqXFU0tJ0aY5kFKZRJzW4n1WDxJjbnsM0fiQeJbOIm7Ri/hLuX/kpMSLKhA5gXxFef6pEtD1w==; Domain=.aliexpress.ru; Expires=Thu, 23-Nov-2090 03:39:16 GMT; Path=/; HttpOnly
ali_apache_track=; Domain=.alibaba.com; Expires=Thu, 23-Nov-2090 03:39:16 GMT; Path=/
ali_apache_tracktmp=; Domain=.alibaba.com; Path=/
xman_us_f=x_l=0&acs_rt=104da5fdf28a4ce89d547ca08bee9028; Domain=.aliexpress.ru; Expires=Thu, 23-Nov-2090 03:39:16 GMT; Path=/
xman_t=ysPF5/TQY921MtD1h1LKyRwlhNwo0xJbH6gSC308tOJ0iJKdKztBxxiP2Y1bnhEW; Domain=.aliexpress.ru; Expires=Fri, 03-Feb-2023 00:25:09 GMT; Path=/; HttpOnly
acs_usuc_t=acs_rt=0a619c88e1fe4176904d420cdd3119d0&x_csrf=jxhuaeglwtvw; Domain=.aliexpress.ru; Path=/
xman_f=ygdxROUo80P/6iJK76YCFcFZzyszPnhT7PuxTmm2Y600SXbqJ48Ameg5/oH3GoQVlMMpCDY5J1BB4zBfDDKiJePjK5TrNml9dZje8H2kY2wric7ztcmdBA==; Domain=.aliexpress.ru; Expires=Thu, 23-Nov-2090 03:39:16 GMT; Path=/; HttpOnly
p3p: CP="CAO PSA OUR"
content-language: en-US
server: Tengine/Aserver
eagleeye-traceid: 21135c2f16676079099772841ef31a
strict-transport-security: max-age=31536000
timing-allow-origin: *
X-Firefox-Spdy: h2
get.mona.co/1mLxRmFn1bb
52.52.225.90307 Temporary Redirect 0 B IP 52.52.225.90:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /1mLxRmFn1bb HTTP/1.1
Host: get.mona.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hlmiq.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: openresty
Date: Sat, 05 Nov 2022 00:25:09 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: _s=wT1aWiC0Ac2OOz6I4KV16rGFS%2Fo4I8oZ4ynq6D%2FyIAshCSnrDvvCdUvaC%2BFvLSsp; Max-Age=31536000; Path=/; Expires=Sun, 05 Nov 2023 00:25:09 GMT; Secure
Location: https://monaco.app.link/1mLxRmFn1bb?_p=c91529cb981c60f2fc1c8bf9
Strict-Transport-Security: max-age=31536000; includeSubDomains
sale.aliexpress.ru/ru/__pc/continuation_default.htm?af=a&59363&cn=oslo&cv=376357&dp=91.90.42.154&aff_fcid=13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd&tt=CPS_NORMAL&aff_fsk=_DkvbRPd&aff_platform=portals-tool&sk=_DkvbRPd&aff_trace_key=13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd&terminal_id=fa3817770ce548f0b25c33422b4b5137
47.246.133.23302 Found 0 B URL HTTP/2 sale.aliexpress.ru/ru/__pc/continuation_default.htm?af=a&59363&cn=oslo&cv=376357&dp=91.90.42.154&aff_fcid=13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd&tt=CPS_NORMAL&aff_fsk=_DkvbRPd&aff_platform=portals-tool&sk=_DkvbRPd&aff_trace_key=13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd&terminal_id=fa3817770ce548f0b25c33422b4b5137
IP 47.246.133.23:0
ASN #45102 Alibaba US Technology Co., Ltd.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ru/__pc/continuation_default.htm?af=a&59363&cn=oslo&cv=376357&dp=91.90.42.154&aff_fcid=13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd&tt=CPS_NORMAL&aff_fsk=_DkvbRPd&aff_platform=portals-tool&sk=_DkvbRPd&aff_trace_key=13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd&terminal_id=fa3817770ce548f0b25c33422b4b5137 HTTP/1.1
Host: sale.aliexpress.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.regionic.info/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Sat, 05 Nov 2022 00:25:10 GMT
content-length: 0
location: https://login.aliexpress.com/sync_cookie_read.htm?xman_goto=https%3A%2F%2Fsale.aliexpress.ru%2Fru%2F__pc%2Fcontinuation_default.htm%3Faf%3Da%2659363%26cn%3Doslo%26cv%3D376357%26dp%3D91.90.42.154%26aff_fcid%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26tt%3DCPS_NORMAL%26aff_fsk%3D_DkvbRPd%26aff_platform%3Dportals-tool%26sk%3D_DkvbRPd%26aff_trace_key%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26terminal_id%3Dfa3817770ce548f0b25c33422b4b5137
set-cookie: ali_apache_id=33.19.92.47.166760791034.157134.7; path=/; domain=.aliexpress.com; expires=Wed, 30-Nov-2084 01:01:01 GMT
xman_us_f=x_l=0; Domain=.aliexpress.ru; Expires=Thu, 23-Nov-2090 03:39:17 GMT; Path=/
acs_usuc_t=x_csrf=zlcprwg50cla&acs_rt=cd6927ad0aa6419c9df3d3a84320cce3; Domain=.aliexpress.ru; Path=/
xman_t=5pAcMnQsuQE5vKHLR4/X1KCsfh01foOCt7bNrgHUm6ruyXZTCq7ocy3dmqVfM/wF; Domain=.aliexpress.ru; Expires=Fri, 03-Feb-2023 00:25:10 GMT; Path=/; HttpOnly
xman_f=HAZIi6/tWy2HVdxf/ZYA2M3vGUn//vKw3a5tHXCPi0CPrfWqjPRxVofhqspTxlm7; Domain=.aliexpress.ru; Expires=Thu, 23-Nov-2090 03:39:17 GMT; Path=/; HttpOnly
p3p: CP="CAO PSA OUR"
server: Tengine/Aserver
eagleeye-traceid: 21135c2f16676079100332844ef31a
strict-transport-security: max-age=31536000
timing-allow-origin: *
X-Firefox-Spdy: h2
login.aliexpress.com/sync_cookie_read.htm?xman_goto=https%3A%2F%2Fsale.aliexpress.ru%2Fru%2F__pc%2Fcontinuation_default.htm%3Faf%3Da%2659363%26cn%3Doslo%26cv%3D376357%26dp%3D91.90.42.154%26aff_fcid%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26tt%3DCPS_NORMAL%26aff_fsk%3D_DkvbRPd%26aff_platform%3Dportals-tool%26sk%3D_DkvbRPd%26aff_trace_key%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26terminal_id%3Dfa3817770ce548f0b25c33422b4b5137
104.110.21.4302 Found 0 B URL HTTP/2 login.aliexpress.com/sync_cookie_read.htm?xman_goto=https%3A%2F%2Fsale.aliexpress.ru%2Fru%2F__pc%2Fcontinuation_default.htm%3Faf%3Da%2659363%26cn%3Doslo%26cv%3D376357%26dp%3D91.90.42.154%26aff_fcid%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26tt%3DCPS_NORMAL%26aff_fsk%3D_DkvbRPd%26aff_platform%3Dportals-tool%26sk%3D_DkvbRPd%26aff_trace_key%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26terminal_id%3Dfa3817770ce548f0b25c33422b4b5137
IP 104.110.21.4:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sync_cookie_read.htm?xman_goto=https%3A%2F%2Fsale.aliexpress.ru%2Fru%2F__pc%2Fcontinuation_default.htm%3Faf%3Da%2659363%26cn%3Doslo%26cv%3D376357%26dp%3D91.90.42.154%26aff_fcid%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26tt%3DCPS_NORMAL%26aff_fsk%3D_DkvbRPd%26aff_platform%3Dportals-tool%26sk%3D_DkvbRPd%26aff_trace_key%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26terminal_id%3Dfa3817770ce548f0b25c33422b4b5137 HTTP/1.1
Host: login.aliexpress.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.regionic.info/
Connection: keep-alive
Cookie: af_ss_a=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
content-type: text/html;charset=UTF-8
content-length: 0
p3p: CP="CAO PSA OUR"
location: https://login.aliexpress.ru/sync_cookie_write.htm?acs_random_token=7210243998c04d2982d06525ed7ff4e6&xman_goto=https%3A%2F%2Fsale.aliexpress.ru%2Fru%2F__pc%2Fcontinuation_default.htm%3Faf%3Da%2659363%26cn%3Doslo%26cv%3D376357%26dp%3D91.90.42.154%26aff_fcid%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26tt%3DCPS_NORMAL%26aff_fsk%3D_DkvbRPd%26aff_platform%3Dportals-tool%26sk%3D_DkvbRPd%26aff_trace_key%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26terminal_id%3Dfa3817770ce548f0b25c33422b4b5137
content-language: en-US
server: Tengine/Aserver
eagleeye-traceid: 0b0a01f816676079100727802efd19
strict-transport-security: max-age=31536000
timing-allow-origin: *
date: Sat, 05 Nov 2022 00:25:10 GMT
set-cookie: ali_apache_id=11.10.1.248.166760791095.344315.8; path=/; domain=.aliexpress.com; expires=Wed, 30-Nov-2084 01:01:01 GMT
xman_us_f=x_l=0&acs_rt=7210243998c04d2982d06525ed7ff4e6; Domain=.aliexpress.com; Expires=Thu, 23-Nov-2090 03:39:17 GMT; Path=/
xman_t=ZcU9YDzRe5DeGAHLLBhy6cBLuaz/v7mQJCGC52CMv0jOerQZb2i2IhFncJVpHCAx; Domain=.aliexpress.com; Expires=Fri, 03-Feb-2023 00:25:10 GMT; Path=/; HttpOnly
acs_usuc_t=acs_rt=7210243998c04d2982d06525ed7ff4e6&x_csrf=13hdt_6g2s2ob; Domain=.aliexpress.com; Path=/
xman_f=TmR6bWfrRiLjZs1Xg/tuCIkQ1k9uxh1XUFGUtI2M8Vyd38465/lOfIw4NqpINZgReVFEFIuxuWemeDvWpwRoZe3yQFYnftUaPpDwCTvwHPVqPzL2WQMMEA==; Domain=.aliexpress.com; Expires=Thu, 23-Nov-2090 03:39:17 GMT; Path=/; HttpOnly
ali_apache_track=; Domain=.aliexpress.com; Expires=Thu, 23-Nov-2090 03:39:17 GMT; Path=/
ali_apache_tracktmp=; Domain=.aliexpress.com; Path=/
xman_us_f=x_l=0&acs_rt=7210243998c04d2982d06525ed7ff4e6; Domain=.aliexpress.com; Expires=Thu, 23-Nov-2090 03:39:17 GMT; Path=/
xman_t=fkvpR0czvrc2VzdZsvrfK1r4F8aKfVtcoVl3MAf7LUcl8Z8jR2kqL9/ZFFXCN4ep; Domain=.aliexpress.com; Expires=Fri, 03-Feb-2023 00:25:10 GMT; Path=/; HttpOnly
acs_usuc_t=acs_rt=7210243998c04d2982d06525ed7ff4e6&x_csrf=13hdt_6g2s2ob; Domain=.aliexpress.com; Path=/
xman_f=Qwr3J3/cA04cKgdDju+o176VK00HEKwm5xgWI6Q8lsrnFSi+ZQwEG5JkwIZMki18B5VM2zThhCcF0ZnGs6ztJ9tBfIlY8bCj+WfMcG/RJMP39RbWUpnj2g==; Domain=.aliexpress.com; Expires=Thu, 23-Nov-2090 03:39:17 GMT; Path=/; HttpOnly
e_id=pt10; Expires=Tue, 02 Nov 2032 00:25:10 GMT; Path=/; Domain=.aliexpress.com
X-Firefox-Spdy: h2
login.aliexpress.ru/sync_cookie_write.htm?acs_random_token=7210243998c04d2982d06525ed7ff4e6&xman_goto=https%3A%2F%2Fsale.aliexpress.ru%2Fru%2F__pc%2Fcontinuation_default.htm%3Faf%3Da%2659363%26cn%3Doslo%26cv%3D376357%26dp%3D91.90.42.154%26aff_fcid%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26tt%3DCPS_NORMAL%26aff_fsk%3D_DkvbRPd%26aff_platform%3Dportals-tool%26sk%3D_DkvbRPd%26aff_trace_key%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26terminal_id%3Dfa3817770ce548f0b25c33422b4b5137
47.246.133.23302 Found 0 B URL HTTP/2 login.aliexpress.ru/sync_cookie_write.htm?acs_random_token=7210243998c04d2982d06525ed7ff4e6&xman_goto=https%3A%2F%2Fsale.aliexpress.ru%2Fru%2F__pc%2Fcontinuation_default.htm%3Faf%3Da%2659363%26cn%3Doslo%26cv%3D376357%26dp%3D91.90.42.154%26aff_fcid%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26tt%3DCPS_NORMAL%26aff_fsk%3D_DkvbRPd%26aff_platform%3Dportals-tool%26sk%3D_DkvbRPd%26aff_trace_key%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26terminal_id%3Dfa3817770ce548f0b25c33422b4b5137
IP 47.246.133.23:0
ASN #45102 Alibaba US Technology Co., Ltd.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sync_cookie_write.htm?acs_random_token=7210243998c04d2982d06525ed7ff4e6&xman_goto=https%3A%2F%2Fsale.aliexpress.ru%2Fru%2F__pc%2Fcontinuation_default.htm%3Faf%3Da%2659363%26cn%3Doslo%26cv%3D376357%26dp%3D91.90.42.154%26aff_fcid%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26tt%3DCPS_NORMAL%26aff_fsk%3D_DkvbRPd%26aff_platform%3Dportals-tool%26sk%3D_DkvbRPd%26aff_trace_key%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26terminal_id%3Dfa3817770ce548f0b25c33422b4b5137 HTTP/1.1
Host: login.aliexpress.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.regionic.info/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Sat, 05 Nov 2022 00:25:10 GMT
content-type: text/html;charset=UTF-8
content-length: 0
location: https://sale.aliexpress.ru/ru/__pc/continuation_default.htm?af=a&59363&cn=oslo&cv=376357&dp=91.90.42.154&aff_fcid=13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd&tt=CPS_NORMAL&aff_fsk=_DkvbRPd&aff_platform=portals-tool&sk=_DkvbRPd&aff_trace_key=13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd&terminal_id=fa3817770ce548f0b25c33422b4b5137
set-cookie: ali_apache_id=33.19.92.47.1667607910150.160883.5; path=/; domain=.aliexpress.com; expires=Wed, 30-Nov-2084 01:01:01 GMT
xman_us_f=x_l=0&acs_rt=7210243998c04d2982d06525ed7ff4e6; Domain=.aliexpress.ru; Expires=Thu, 23-Nov-2090 03:39:17 GMT; Path=/
xman_t=Tl+jnG2erjcRC7LshHggqaU0T5BwuAFS+mELzTUnhJtJ/+Mtd7/IZIQavwNhOwOf; Domain=.aliexpress.ru; Expires=Fri, 03-Feb-2023 00:25:10 GMT; Path=/; HttpOnly
acs_usuc_t=acs_rt=a57811eec842490697c03fbce8cffb97&x_csrf=1e9aa39810r1x; Domain=.aliexpress.ru; Path=/
xman_f=HPAaGZz0qiYdIq0qrBq3kFLF6Pd5ljASRkGaPNPYfqdpYqNDLamle1Gg0RRPg7vLimqWe26Fmzrqhh3X7I8TPROugFkXQ6Pi+fAm++oQHucVBxk7TzsVTQ==; Domain=.aliexpress.ru; Expires=Thu, 23-Nov-2090 03:39:17 GMT; Path=/; HttpOnly
ali_apache_track=; Domain=.alibaba.com; Expires=Thu, 23-Nov-2090 03:39:17 GMT; Path=/
ali_apache_tracktmp=; Domain=.alibaba.com; Path=/
xman_us_f=x_l=0&acs_rt=7210243998c04d2982d06525ed7ff4e6; Domain=.aliexpress.ru; Expires=Thu, 23-Nov-2090 03:39:17 GMT; Path=/
xman_t=ZvFnrhxaCNvpW4Uz8dlbdhWmE386z2lIqPMVrhNDwbvFF7eU76hT9Bydl2oicnQy; Domain=.aliexpress.ru; Expires=Fri, 03-Feb-2023 00:25:10 GMT; Path=/; HttpOnly
acs_usuc_t=acs_rt=a57811eec842490697c03fbce8cffb97&x_csrf=1e9aa39810r1x; Domain=.aliexpress.ru; Path=/
xman_f=AwYCM/QniB7Gl/DCOS9RgB8Se/nMZDRZ8HQxot1GGakKL0tEZ3kLpgPvQsWzvqgNTOWo0uNirEH5EffoCQcMgEjDGElg7tmt6HNbq2krtJer5FuobE7phA==; Domain=.aliexpress.ru; Expires=Thu, 23-Nov-2090 03:39:17 GMT; Path=/; HttpOnly
p3p: CP="CAO PSA OUR"
content-language: en-US
server: Tengine/Aserver
eagleeye-traceid: 21135c2f16676079101392845ef31a
strict-transport-security: max-age=31536000
timing-allow-origin: *
X-Firefox-Spdy: h2
no.bongacams.com/?bcs=b3JoaWFiMTBiOWQ2NWE1ZDIyNDJkZjMyYjFmNjcyNzNkMjVlOjoxODMzNDY6Omh0dHBzOi8vaGxtaXEuY29tLzo6Ojo6OjI4NzMyNTo6MDo6MDo6MDo6OjowOjpkZWZhdWx0Ojow
195.85.23.95200 OK 24 kB URL HTTP/2 no.bongacams.com/?bcs=b3JoaWFiMTBiOWQ2NWE1ZDIyNDJkZjMyYjFmNjcyNzNkMjVlOjoxODMzNDY6Omh0dHBzOi8vaGxtaXEuY29tLzo6Ojo6OjI4NzMyNTo6MDo6MDo6MDo6OjowOjpkZWZhdWx0Ojow
IP 195.85.23.95:0
ASN #209242 Cloudflare London, LLC
Hash aebed627cab28f4172436f3dfbb79897
d318abdebdb9b595bc7daac7f2b0ab0acb55e462
27bf1c5136a37b1ce75a83c62bc8b3dd3880d3a7925612bb09e641fce3fb0cb2
GET /?bcs=b3JoaWFiMTBiOWQ2NWE1ZDIyNDJkZjMyYjFmNjcyNzNkMjVlOjoxODMzNDY6Omh0dHBzOi8vaGxtaXEuY29tLzo6Ojo6OjI4NzMyNTo6MDo6MDo6MDo6OjowOjpkZWZhdWx0Ojow HTTP/1.1
Host: no.bongacams.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hlmiq.com/
Connection: keep-alive
Cookie: bonga20120608=2a64f5c9ee4abb25b0e3882c489ec538; __cf_bm=Lmu41yBQMlHCiCjPr4DzWlswZvTa03jjVjl8urfWJZE-1667607909-0-AYkdxpYsDNshnpTHR03P0UWzAvbxj9k8uVBttewpsBTZ2wiHNZpbzaQnOPRSQXt5LxMnD+jDtnArmkHCIOnkNvU=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 05 Nov 2022 00:25:10 GMT
content-type: text/html; charset=utf-8
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
referrer-policy: origin-when-cross-origin
x-ua-compatible: IE=edge,chrome=1
cache-control: no-cache, no-store, must-revalidate
x-zone: 5a-web54
set-cookie: ts_type2=1; expires=Sun, 05-Nov-2023 00:25:09 GMT; Max-Age=31535999; path=/; domain=.bongacams.com
fv=BGN5AmN2AmL2ZD==; expires=Sun, 05-Nov-2023 00:25:09 GMT; Max-Age=31535999; path=/; domain=.bongacams.com
uh=rxb4JUIDpxIjE1EVIIWwK2ykBR5mIt==; expires=Sun, 05-Nov-2023 00:25:09 GMT; Max-Age=31535999; path=/; domain=.bongacams.com
ratr=183346%3A%3A287325%3A%3A2022-11-05%2002%3A25%3A09%3A%3Ahttps%3A%2F%2Fhlmiq.com%2F%3A%3A%3A%3A; expires=Sun, 23-Oct-2072 00:25:09 GMT; Max-Age=1576799999; path=/; domain=.bongacams.com; HttpOnly
BONGAH_HIT=ab10b9d65a5d2242df32b1f67273d25e%3A%3A183346%3A%3Ahttps%3A%2F%2Fhlmiq.com%2F%3A%3A%3A%3A%3A%3A287325%3A%3A%3A%3A%3A%3A0%3A%3A0%3A%3A0%3A%3A0%3A%3A%3A%3A0%3A%3Adefault%3A%3A0%3A%3A2022-11-05%2002%3A25%3A09; expires=Thu, 04-May-2023 00:25:09 GMT; Max-Age=15551999; path=/; domain=.bongacams.com; secure; HttpOnly; SameSite=None
BONGA_REF=https%3A%2F%2Fhlmiq.com%2F; expires=Thu, 04-May-2023 00:25:09 GMT; Max-Age=15551999; path=/; domain=.bongacams.com; HttpOnly
reg_ver2=3; expires=Sun, 05-Nov-2023 00:25:09 GMT; Max-Age=31535999; path=/; domain=.bongacams.com
sg=964; expires=Sun, 05-Nov-2023 00:25:09 GMT; Max-Age=31535999; path=/; domain=.bongacams.com; secure; SameSite=None
warning18=%5B%22no_NO%22%5D; expires=Sun, 05-Nov-2023 00:25:10 GMT; Max-Age=31536000; path=/; domain=.bongacams.com; secure; SameSite=None
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7651735afa68b4ee-OSL
content-encoding: br
X-Firefox-Spdy: h2
login.aliexpress.com/sync_cookie_read.htm?xman_goto=https%3A%2F%2Fsale.aliexpress.ru%2Fru%2F__pc%2Fcontinuation_default.htm%3Faf%3Da%2659363%26cn%3Doslo%26cv%3D376357%26dp%3D91.90.42.154%26aff_fcid%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26tt%3DCPS_NORMAL%26aff_fsk%3D_DkvbRPd%26aff_platform%3Dportals-tool%26sk%3D_DkvbRPd%26aff_trace_key%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26terminal_id%3Dfa3817770ce548f0b25c33422b4b5137
104.110.21.4302 Found 0 B URL HTTP/2 login.aliexpress.com/sync_cookie_read.htm?xman_goto=https%3A%2F%2Fsale.aliexpress.ru%2Fru%2F__pc%2Fcontinuation_default.htm%3Faf%3Da%2659363%26cn%3Doslo%26cv%3D376357%26dp%3D91.90.42.154%26aff_fcid%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26tt%3DCPS_NORMAL%26aff_fsk%3D_DkvbRPd%26aff_platform%3Dportals-tool%26sk%3D_DkvbRPd%26aff_trace_key%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26terminal_id%3Dfa3817770ce548f0b25c33422b4b5137
IP 104.110.21.4:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sync_cookie_read.htm?xman_goto=https%3A%2F%2Fsale.aliexpress.ru%2Fru%2F__pc%2Fcontinuation_default.htm%3Faf%3Da%2659363%26cn%3Doslo%26cv%3D376357%26dp%3D91.90.42.154%26aff_fcid%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26tt%3DCPS_NORMAL%26aff_fsk%3D_DkvbRPd%26aff_platform%3Dportals-tool%26sk%3D_DkvbRPd%26aff_trace_key%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26terminal_id%3Dfa3817770ce548f0b25c33422b4b5137 HTTP/1.1
Host: login.aliexpress.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.regionic.info/
Connection: keep-alive
Cookie: af_ss_a=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
content-type: text/html;charset=UTF-8
content-length: 0
p3p: CP="CAO PSA OUR"
location: https://login.aliexpress.ru/sync_cookie_write.htm?acs_random_token=b3652ad25f0e4d6ba6b73610eb470176&xman_goto=https%3A%2F%2Fsale.aliexpress.ru%2Fru%2F__pc%2Fcontinuation_default.htm%3Faf%3Da%2659363%26cn%3Doslo%26cv%3D376357%26dp%3D91.90.42.154%26aff_fcid%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26tt%3DCPS_NORMAL%26aff_fsk%3D_DkvbRPd%26aff_platform%3Dportals-tool%26sk%3D_DkvbRPd%26aff_trace_key%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26terminal_id%3Dfa3817770ce548f0b25c33422b4b5137
content-language: en-US
server: Tengine/Aserver
eagleeye-traceid: 2100bdf116676079102637554e4762
strict-transport-security: max-age=31536000
timing-allow-origin: *
date: Sat, 05 Nov 2022 00:25:10 GMT
set-cookie: ali_apache_id=33.0.189.241.1667607910264.331456.3; path=/; domain=.aliexpress.com; expires=Wed, 30-Nov-2084 01:01:01 GMT
xman_us_f=x_l=0&acs_rt=b3652ad25f0e4d6ba6b73610eb470176; Domain=.aliexpress.com; Expires=Thu, 23-Nov-2090 03:39:17 GMT; Path=/
xman_t=KBOu3Ckg7SfS0VOUTS6Q9ug3JCevjmjxq0BEWvkBlSzdwmFqHTQsN7QR0CC3HtWW; Domain=.aliexpress.com; Expires=Fri, 03-Feb-2023 00:25:10 GMT; Path=/; HttpOnly
acs_usuc_t=acs_rt=b3652ad25f0e4d6ba6b73610eb470176&x_csrf=zh3rr95_p0y8; Domain=.aliexpress.com; Path=/
xman_f=azmVDYsAZwwpsOgWnx/hb+SodBfw8A2ga/6/EgS/BW83Sf08dclz0wZiP+usRMH+eazr09bQDYrPoctcIacvI+EHEQzJXdh1JUZ59yId4DG5jHR9N5SDlg==; Domain=.aliexpress.com; Expires=Thu, 23-Nov-2090 03:39:17 GMT; Path=/; HttpOnly
ali_apache_track=; Domain=.aliexpress.com; Expires=Thu, 23-Nov-2090 03:39:17 GMT; Path=/
ali_apache_tracktmp=; Domain=.aliexpress.com; Path=/
xman_us_f=x_l=0&acs_rt=b3652ad25f0e4d6ba6b73610eb470176; Domain=.aliexpress.com; Expires=Thu, 23-Nov-2090 03:39:17 GMT; Path=/
xman_t=DEVI9TLnbbHrK7x5QqB7ClAFThcOvzxSBPNm+arKOXxN263fBLCV45keSEgPmPlR; Domain=.aliexpress.com; Expires=Fri, 03-Feb-2023 00:25:10 GMT; Path=/; HttpOnly
acs_usuc_t=acs_rt=b3652ad25f0e4d6ba6b73610eb470176&x_csrf=zh3rr95_p0y8; Domain=.aliexpress.com; Path=/
xman_f=fBihF9eUy6K3TZLxt6sroGo00arxT7R5anI6CXqmK8PZIRr016vbsqrQtUim1qvgvKPmdjgCJD/LbY4ik3vIExrp5mRpWQrSQyoaCWjkYY0706NEHZv7iA==; Domain=.aliexpress.com; Expires=Thu, 23-Nov-2090 03:39:17 GMT; Path=/; HttpOnly
e_id=pt90; Expires=Tue, 02 Nov 2032 00:25:10 GMT; Path=/; Domain=.aliexpress.com
X-Firefox-Spdy: h2
login.aliexpress.ru/sync_cookie_write.htm?acs_random_token=b3652ad25f0e4d6ba6b73610eb470176&xman_goto=https%3A%2F%2Fsale.aliexpress.ru%2Fru%2F__pc%2Fcontinuation_default.htm%3Faf%3Da%2659363%26cn%3Doslo%26cv%3D376357%26dp%3D91.90.42.154%26aff_fcid%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26tt%3DCPS_NORMAL%26aff_fsk%3D_DkvbRPd%26aff_platform%3Dportals-tool%26sk%3D_DkvbRPd%26aff_trace_key%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26terminal_id%3Dfa3817770ce548f0b25c33422b4b5137
47.246.133.23302 Found 0 B URL HTTP/2 login.aliexpress.ru/sync_cookie_write.htm?acs_random_token=b3652ad25f0e4d6ba6b73610eb470176&xman_goto=https%3A%2F%2Fsale.aliexpress.ru%2Fru%2F__pc%2Fcontinuation_default.htm%3Faf%3Da%2659363%26cn%3Doslo%26cv%3D376357%26dp%3D91.90.42.154%26aff_fcid%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26tt%3DCPS_NORMAL%26aff_fsk%3D_DkvbRPd%26aff_platform%3Dportals-tool%26sk%3D_DkvbRPd%26aff_trace_key%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26terminal_id%3Dfa3817770ce548f0b25c33422b4b5137
IP 47.246.133.23:0
ASN #45102 Alibaba US Technology Co., Ltd.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sync_cookie_write.htm?acs_random_token=b3652ad25f0e4d6ba6b73610eb470176&xman_goto=https%3A%2F%2Fsale.aliexpress.ru%2Fru%2F__pc%2Fcontinuation_default.htm%3Faf%3Da%2659363%26cn%3Doslo%26cv%3D376357%26dp%3D91.90.42.154%26aff_fcid%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26tt%3DCPS_NORMAL%26aff_fsk%3D_DkvbRPd%26aff_platform%3Dportals-tool%26sk%3D_DkvbRPd%26aff_trace_key%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26terminal_id%3Dfa3817770ce548f0b25c33422b4b5137 HTTP/1.1
Host: login.aliexpress.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.regionic.info/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Sat, 05 Nov 2022 00:25:10 GMT
content-type: text/html;charset=UTF-8
content-length: 0
location: https://sale.aliexpress.ru/ru/__pc/continuation_default.htm?af=a&59363&cn=oslo&cv=376357&dp=91.90.42.154&aff_fcid=13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd&tt=CPS_NORMAL&aff_fsk=_DkvbRPd&aff_platform=portals-tool&sk=_DkvbRPd&aff_trace_key=13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd&terminal_id=fa3817770ce548f0b25c33422b4b5137
set-cookie: ali_apache_id=33.19.92.47.1667607910307.157118.6; path=/; domain=.aliexpress.com; expires=Wed, 30-Nov-2084 01:01:01 GMT
xman_us_f=x_l=0&acs_rt=b3652ad25f0e4d6ba6b73610eb470176; Domain=.aliexpress.ru; Expires=Thu, 23-Nov-2090 03:39:17 GMT; Path=/
xman_t=rjK8Gh+MOVSt3FZvwp03SwUiySMZX65ZPsFJfTHLqo83HuAdXTFp9kTkcljX1Ahg; Domain=.aliexpress.ru; Expires=Fri, 03-Feb-2023 00:25:10 GMT; Path=/; HttpOnly
acs_usuc_t=acs_rt=c056f408201d4b499cfb65d16f555994&x_csrf=1br2l61s8kcvy; Domain=.aliexpress.ru; Path=/
xman_f=0PObqKRal2ugW7ZqrhPP38Ljqoe5cLggQ2yohCx9dvIv6DBimn3PSidH249DmITlIYYF690agmENY3Qh/5oDsA+hePWyChbeAfJcMSuRZJgxfp+JKuA6xg==; Domain=.aliexpress.ru; Expires=Thu, 23-Nov-2090 03:39:17 GMT; Path=/; HttpOnly
ali_apache_track=; Domain=.alibaba.com; Expires=Thu, 23-Nov-2090 03:39:17 GMT; Path=/
ali_apache_tracktmp=; Domain=.alibaba.com; Path=/
xman_us_f=x_l=0&acs_rt=b3652ad25f0e4d6ba6b73610eb470176; Domain=.aliexpress.ru; Expires=Thu, 23-Nov-2090 03:39:17 GMT; Path=/
xman_t=MKQbbUeCaCU7rWLtWfy7Y/m+Dq2TVmAghZIg0PYW2hPj93M169gkAZ7VjTjuoQdI; Domain=.aliexpress.ru; Expires=Fri, 03-Feb-2023 00:25:10 GMT; Path=/; HttpOnly
acs_usuc_t=acs_rt=c056f408201d4b499cfb65d16f555994&x_csrf=1br2l61s8kcvy; Domain=.aliexpress.ru; Path=/
xman_f=4NKSPRGZMaeQbAatER2G46WPG9jeIL5m4Jm2WN7xf0+SQcRbyQneW8PUOjDO7kt47FMP+s0Uc7bfDSs3Z9ky/gvvpgvbqnseX/tlIFKRInHrL9nnsFzO4g==; Domain=.aliexpress.ru; Expires=Thu, 23-Nov-2090 03:39:17 GMT; Path=/; HttpOnly
p3p: CP="CAO PSA OUR"
content-language: en-US
server: Tengine/Aserver
eagleeye-traceid: 21135c2f16676079103052848ef31a
strict-transport-security: max-age=31536000
timing-allow-origin: *
X-Firefox-Spdy: h2
sale.aliexpress.ru/ru/__pc/continuation_default.htm?af=a&59363&cn=oslo&cv=376357&dp=91.90.42.154&aff_fcid=13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd&tt=CPS_NORMAL&aff_fsk=_DkvbRPd&aff_platform=portals-tool&sk=_DkvbRPd&aff_trace_key=13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd&terminal_id=fa3817770ce548f0b25c33422b4b5137
47.246.133.23302 Found 0 B URL HTTP/2 sale.aliexpress.ru/ru/__pc/continuation_default.htm?af=a&59363&cn=oslo&cv=376357&dp=91.90.42.154&aff_fcid=13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd&tt=CPS_NORMAL&aff_fsk=_DkvbRPd&aff_platform=portals-tool&sk=_DkvbRPd&aff_trace_key=13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd&terminal_id=fa3817770ce548f0b25c33422b4b5137
IP 47.246.133.23:0
ASN #45102 Alibaba US Technology Co., Ltd.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ru/__pc/continuation_default.htm?af=a&59363&cn=oslo&cv=376357&dp=91.90.42.154&aff_fcid=13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd&tt=CPS_NORMAL&aff_fsk=_DkvbRPd&aff_platform=portals-tool&sk=_DkvbRPd&aff_trace_key=13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd&terminal_id=fa3817770ce548f0b25c33422b4b5137 HTTP/1.1
Host: sale.aliexpress.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.regionic.info/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Sat, 05 Nov 2022 00:25:10 GMT
content-length: 0
location: https://login.aliexpress.com/sync_cookie_read.htm?xman_goto=https%3A%2F%2Fsale.aliexpress.ru%2Fru%2F__pc%2Fcontinuation_default.htm%3Faf%3Da%2659363%26cn%3Doslo%26cv%3D376357%26dp%3D91.90.42.154%26aff_fcid%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26tt%3DCPS_NORMAL%26aff_fsk%3D_DkvbRPd%26aff_platform%3Dportals-tool%26sk%3D_DkvbRPd%26aff_trace_key%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26terminal_id%3Dfa3817770ce548f0b25c33422b4b5137
set-cookie: ali_apache_id=33.19.92.47.1667607910377.157033.4; path=/; domain=.aliexpress.com; expires=Wed, 30-Nov-2084 01:01:01 GMT
xman_us_f=x_l=0; Domain=.aliexpress.ru; Expires=Thu, 23-Nov-2090 03:39:17 GMT; Path=/
acs_usuc_t=x_csrf=1o1i_lu0xv6h&acs_rt=c00aa5d4ac94407aaa91630131a7c922; Domain=.aliexpress.ru; Path=/
xman_t=sHrgBdmWpHGe7XDgoBzwLcSzg7SgbXxrQLdRLyysm7ne5PuU2gZ4pPuvDwmY5N08; Domain=.aliexpress.ru; Expires=Fri, 03-Feb-2023 00:25:10 GMT; Path=/; HttpOnly
xman_f=xIaK742slAlixIreCR62dAvwmvc4zjSEQZ1h/KNkl7r4H4E/l2TOo/L82NPcrjHR; Domain=.aliexpress.ru; Expires=Thu, 23-Nov-2090 03:39:17 GMT; Path=/; HttpOnly
p3p: CP="CAO PSA OUR"
server: Tengine/Aserver
eagleeye-traceid: 21135c2f16676079103702850ef31a
strict-transport-security: max-age=31536000
timing-allow-origin: *
X-Firefox-Spdy: h2
ocsp.dcocsp.cn/
79.133.177.231200 OK 471 B IP 79.133.177.231:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
Hash 0ab73965fcd05601fc1f6773e649dfda
b6e1c57a1b9b5c71de461f5dfde6668229ebe108
ab3109f3a31df570bd3798c43d5bced81b3b063f1afaf7d8cbe1a04575b1a7ad
POST / HTTP/1.1
Host: ocsp.dcocsp.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Date: Fri, 04 Nov 2022 23:41:46 GMT
Last-Modified: Fri, 04 Nov 2022 12:18:35 GMT
ETag: "6365031b-1d7"
Expires: Sun, 06 Nov 2022 12:18:35 GMT
Accept-Ranges: bytes
Ali-Swift-Global-Savetime: 1667605306
Via: cache21.l2de2[0,0,304-0,H], cache25.l2de2[1,0], cache12.de3[0,0,200-0,H], cache12.de3[1,0]
Age: 2604
X-Cache: HIT TCP_MEM_HIT dirn:12:414303345
X-Swift-SaveTime: Fri, 04 Nov 2022 23:45:21 GMT
X-Swift-CacheTime: 3385
Timing-Allow-Origin: *
EagleId: 4f85b1a016676079103944442e
login.aliexpress.com/sync_cookie_read.htm?xman_goto=https%3A%2F%2Fsale.aliexpress.ru%2Fru%2F__pc%2Fcontinuation_default.htm%3Faf%3Da%2659363%26cn%3Doslo%26cv%3D376357%26dp%3D91.90.42.154%26aff_fcid%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26tt%3DCPS_NORMAL%26aff_fsk%3D_DkvbRPd%26aff_platform%3Dportals-tool%26sk%3D_DkvbRPd%26aff_trace_key%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26terminal_id%3Dfa3817770ce548f0b25c33422b4b5137
104.110.21.4302 Found 0 B URL HTTP/2 login.aliexpress.com/sync_cookie_read.htm?xman_goto=https%3A%2F%2Fsale.aliexpress.ru%2Fru%2F__pc%2Fcontinuation_default.htm%3Faf%3Da%2659363%26cn%3Doslo%26cv%3D376357%26dp%3D91.90.42.154%26aff_fcid%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26tt%3DCPS_NORMAL%26aff_fsk%3D_DkvbRPd%26aff_platform%3Dportals-tool%26sk%3D_DkvbRPd%26aff_trace_key%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26terminal_id%3Dfa3817770ce548f0b25c33422b4b5137
IP 104.110.21.4:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sync_cookie_read.htm?xman_goto=https%3A%2F%2Fsale.aliexpress.ru%2Fru%2F__pc%2Fcontinuation_default.htm%3Faf%3Da%2659363%26cn%3Doslo%26cv%3D376357%26dp%3D91.90.42.154%26aff_fcid%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26tt%3DCPS_NORMAL%26aff_fsk%3D_DkvbRPd%26aff_platform%3Dportals-tool%26sk%3D_DkvbRPd%26aff_trace_key%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26terminal_id%3Dfa3817770ce548f0b25c33422b4b5137 HTTP/1.1
Host: login.aliexpress.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.regionic.info/
Connection: keep-alive
Cookie: af_ss_a=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
content-type: text/html;charset=UTF-8
content-length: 0
p3p: CP="CAO PSA OUR"
location: https://login.aliexpress.ru/sync_cookie_write.htm?acs_random_token=22f4575ef8054d46a606f2ae6b70544a&xman_goto=https%3A%2F%2Fsale.aliexpress.ru%2Fru%2F__pc%2Fcontinuation_default.htm%3Faf%3Da%2659363%26cn%3Doslo%26cv%3D376357%26dp%3D91.90.42.154%26aff_fcid%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26tt%3DCPS_NORMAL%26aff_fsk%3D_DkvbRPd%26aff_platform%3Dportals-tool%26sk%3D_DkvbRPd%26aff_trace_key%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26terminal_id%3Dfa3817770ce548f0b25c33422b4b5137
content-language: en-US
server: Tengine/Aserver
eagleeye-traceid: 0b0a01f816676079104147810efd19
strict-transport-security: max-age=31536000
timing-allow-origin: *
date: Sat, 05 Nov 2022 00:25:10 GMT
set-cookie: ali_apache_id=11.10.1.248.1667607910437.374392.4; path=/; domain=.aliexpress.com; expires=Wed, 30-Nov-2084 01:01:01 GMT
xman_us_f=x_l=0&acs_rt=22f4575ef8054d46a606f2ae6b70544a; Domain=.aliexpress.com; Expires=Thu, 23-Nov-2090 03:39:17 GMT; Path=/
xman_t=QEMp6ix0bI7kmqsthEPKEW56TcRVfuFT944gQy/g2EYdsv51NF23UVlXT16HkkCr; Domain=.aliexpress.com; Expires=Fri, 03-Feb-2023 00:25:10 GMT; Path=/; HttpOnly
acs_usuc_t=acs_rt=22f4575ef8054d46a606f2ae6b70544a&x_csrf=19wvyb8ap6d2t; Domain=.aliexpress.com; Path=/
xman_f=Tw7a6AJQ5Dw73BpTXV+VCLmt0THNmxnPxZW92JI1vIgtEDwsL1tbynhabrdgwv/Tc9bsSLEtL/GEpLCEfubql5pnGiEpqwH+AN+LgRlruzcccc/DqGZoQw==; Domain=.aliexpress.com; Expires=Thu, 23-Nov-2090 03:39:17 GMT; Path=/; HttpOnly
ali_apache_track=; Domain=.aliexpress.com; Expires=Thu, 23-Nov-2090 03:39:17 GMT; Path=/
ali_apache_tracktmp=; Domain=.aliexpress.com; Path=/
xman_us_f=x_l=0&acs_rt=22f4575ef8054d46a606f2ae6b70544a; Domain=.aliexpress.com; Expires=Thu, 23-Nov-2090 03:39:17 GMT; Path=/
xman_t=5f0bfp+3aIgDqFnh0dqqLBCdpeu6brep+kJfluslsyTUCf5Hoj1ISLsvI1EOi7Qz; Domain=.aliexpress.com; Expires=Fri, 03-Feb-2023 00:25:10 GMT; Path=/; HttpOnly
acs_usuc_t=acs_rt=22f4575ef8054d46a606f2ae6b70544a&x_csrf=19wvyb8ap6d2t; Domain=.aliexpress.com; Path=/
xman_f=WYAbJMkHrM3FAka3//vNggXqLYFeO17izVKk369gPNxoZijELY7Zt115gzPvNq8dyMNM56m98HhQ+igiorhDtM/kiWWaxZu1JLh3kXsdwmStOi+z4nChOQ==; Domain=.aliexpress.com; Expires=Thu, 23-Nov-2090 03:39:17 GMT; Path=/; HttpOnly
e_id=pt80; Expires=Tue, 02 Nov 2032 00:25:10 GMT; Path=/; Domain=.aliexpress.com
X-Firefox-Spdy: h2
login.aliexpress.ru/sync_cookie_write.htm?acs_random_token=22f4575ef8054d46a606f2ae6b70544a&xman_goto=https%3A%2F%2Fsale.aliexpress.ru%2Fru%2F__pc%2Fcontinuation_default.htm%3Faf%3Da%2659363%26cn%3Doslo%26cv%3D376357%26dp%3D91.90.42.154%26aff_fcid%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26tt%3DCPS_NORMAL%26aff_fsk%3D_DkvbRPd%26aff_platform%3Dportals-tool%26sk%3D_DkvbRPd%26aff_trace_key%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26terminal_id%3Dfa3817770ce548f0b25c33422b4b5137
47.246.133.23302 Found 0 B URL HTTP/2 login.aliexpress.ru/sync_cookie_write.htm?acs_random_token=22f4575ef8054d46a606f2ae6b70544a&xman_goto=https%3A%2F%2Fsale.aliexpress.ru%2Fru%2F__pc%2Fcontinuation_default.htm%3Faf%3Da%2659363%26cn%3Doslo%26cv%3D376357%26dp%3D91.90.42.154%26aff_fcid%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26tt%3DCPS_NORMAL%26aff_fsk%3D_DkvbRPd%26aff_platform%3Dportals-tool%26sk%3D_DkvbRPd%26aff_trace_key%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26terminal_id%3Dfa3817770ce548f0b25c33422b4b5137
IP 47.246.133.23:0
ASN #45102 Alibaba US Technology Co., Ltd.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sync_cookie_write.htm?acs_random_token=22f4575ef8054d46a606f2ae6b70544a&xman_goto=https%3A%2F%2Fsale.aliexpress.ru%2Fru%2F__pc%2Fcontinuation_default.htm%3Faf%3Da%2659363%26cn%3Doslo%26cv%3D376357%26dp%3D91.90.42.154%26aff_fcid%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26tt%3DCPS_NORMAL%26aff_fsk%3D_DkvbRPd%26aff_platform%3Dportals-tool%26sk%3D_DkvbRPd%26aff_trace_key%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26terminal_id%3Dfa3817770ce548f0b25c33422b4b5137 HTTP/1.1
Host: login.aliexpress.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.regionic.info/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Sat, 05 Nov 2022 00:25:10 GMT
content-type: text/html;charset=UTF-8
content-length: 0
location: https://sale.aliexpress.ru/ru/__pc/continuation_default.htm?af=a&59363&cn=oslo&cv=376357&dp=91.90.42.154&aff_fcid=13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd&tt=CPS_NORMAL&aff_fsk=_DkvbRPd&aff_platform=portals-tool&sk=_DkvbRPd&aff_trace_key=13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd&terminal_id=fa3817770ce548f0b25c33422b4b5137
set-cookie: ali_apache_id=33.19.92.47.1667607910480.157072.5; path=/; domain=.aliexpress.com; expires=Wed, 30-Nov-2084 01:01:01 GMT
xman_us_f=x_l=0&acs_rt=22f4575ef8054d46a606f2ae6b70544a; Domain=.aliexpress.ru; Expires=Thu, 23-Nov-2090 03:39:17 GMT; Path=/
xman_t=YlLJLRfZYrVofBjRWDYfsE3nJPIX7oN4z/dZ+AyoqQznmiVZUD34Q+AdnT1Of7Fh; Domain=.aliexpress.ru; Expires=Fri, 03-Feb-2023 00:25:10 GMT; Path=/; HttpOnly
acs_usuc_t=acs_rt=d3d8eb9bcda94c588e8a01fc0f0dea8d&x_csrf=z45wfkl4v5ti; Domain=.aliexpress.ru; Path=/
xman_f=Rxb/5irXfJytTzCBAY5XHUrD4+zBrqxOrbDJeU5DUFOHU528czKIJwCSDbXwO7jKTzt5Ue8GFsjkaJKmf7HD4RnztMRuIDPTo6db0D3/0/FUjQovUrZeQA==; Domain=.aliexpress.ru; Expires=Thu, 23-Nov-2090 03:39:17 GMT; Path=/; HttpOnly
ali_apache_track=; Domain=.alibaba.com; Expires=Thu, 23-Nov-2090 03:39:17 GMT; Path=/
ali_apache_tracktmp=; Domain=.alibaba.com; Path=/
xman_us_f=x_l=0&acs_rt=22f4575ef8054d46a606f2ae6b70544a; Domain=.aliexpress.ru; Expires=Thu, 23-Nov-2090 03:39:17 GMT; Path=/
xman_t=EJ+xHEaOcEQco06UgCzFupJ1b0cyqKN1qgBZJ8Jk+wQB2JFMKvW5apcwj2fWW7ZD; Domain=.aliexpress.ru; Expires=Fri, 03-Feb-2023 00:25:10 GMT; Path=/; HttpOnly
acs_usuc_t=acs_rt=d3d8eb9bcda94c588e8a01fc0f0dea8d&x_csrf=z45wfkl4v5ti; Domain=.aliexpress.ru; Path=/
xman_f=DYnU6HI/gFvmr7XXDEDtWh6oBwmet/YJ8TPsLAbR2YlkVWEDqPSkuGQHFRFg1Lj/ba0tNRbA8xu51JrPpdumVIlnw9X6wjpbgmU5HcrAVp3+SPQjpYX19g==; Domain=.aliexpress.ru; Expires=Thu, 23-Nov-2090 03:39:17 GMT; Path=/; HttpOnly
p3p: CP="CAO PSA OUR"
content-language: en-US
server: Tengine/Aserver
eagleeye-traceid: 21135c2f16676079104772852ef31a
strict-transport-security: max-age=31536000
timing-allow-origin: *
X-Firefox-Spdy: h2
sale.aliexpress.ru/ru/__pc/continuation_default.htm?af=a&59363&cn=oslo&cv=376357&dp=91.90.42.154&aff_fcid=13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd&tt=CPS_NORMAL&aff_fsk=_DkvbRPd&aff_platform=portals-tool&sk=_DkvbRPd&aff_trace_key=13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd&terminal_id=fa3817770ce548f0b25c33422b4b5137
47.246.133.23302 Found 188 kB URL HTTP/2 sale.aliexpress.ru/ru/__pc/continuation_default.htm?af=a&59363&cn=oslo&cv=376357&dp=91.90.42.154&aff_fcid=13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd&tt=CPS_NORMAL&aff_fsk=_DkvbRPd&aff_platform=portals-tool&sk=_DkvbRPd&aff_trace_key=13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd&terminal_id=fa3817770ce548f0b25c33422b4b5137
IP 47.246.133.23:0
ASN #45102 Alibaba US Technology Co., Ltd.
File type gzip compressed data, from Unix\012- data
Size 188 kB (187818 bytes)
Hash 48ad7d39d8412fbd5acf9d0db9476d35
381842f8fa6074b8518c1897d10cae301742661f
7b7557c3bcab4438bff8e93174567ac734345329dfe8534e0c91ef08861aa955
GET /ru/__pc/continuation_default.htm?af=a&59363&cn=oslo&cv=376357&dp=91.90.42.154&aff_fcid=13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd&tt=CPS_NORMAL&aff_fsk=_DkvbRPd&aff_platform=portals-tool&sk=_DkvbRPd&aff_trace_key=13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd&terminal_id=fa3817770ce548f0b25c33422b4b5137 HTTP/1.1
Host: sale.aliexpress.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.regionic.info/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Sat, 05 Nov 2022 00:25:10 GMT
content-length: 0
location: https://login.aliexpress.com/sync_cookie_read.htm?xman_goto=https%3A%2F%2Fsale.aliexpress.ru%2Fru%2F__pc%2Fcontinuation_default.htm%3Faf%3Da%2659363%26cn%3Doslo%26cv%3D376357%26dp%3D91.90.42.154%26aff_fcid%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26tt%3DCPS_NORMAL%26aff_fsk%3D_DkvbRPd%26aff_platform%3Dportals-tool%26sk%3D_DkvbRPd%26aff_trace_key%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26terminal_id%3Dfa3817770ce548f0b25c33422b4b5137
set-cookie: ali_apache_id=33.19.92.47.1667607910537.156170.8; path=/; domain=.aliexpress.com; expires=Wed, 30-Nov-2084 01:01:01 GMT
xman_us_f=x_l=0; Domain=.aliexpress.ru; Expires=Thu, 23-Nov-2090 03:39:17 GMT; Path=/
acs_usuc_t=x_csrf=1dtkq8dzjdbzf&acs_rt=15ba2bf5f80740fe8af0713c271085e3; Domain=.aliexpress.ru; Path=/
xman_t=zRAHwU0bfCIzi+iBUOZJZGzKV7QpeAhuhbtbJ+WAloGGtpwZnb6xCz0ei9mEDH8O; Domain=.aliexpress.ru; Expires=Fri, 03-Feb-2023 00:25:10 GMT; Path=/; HttpOnly
xman_f=2SVEznBC3FZ2kWgloZeRfhimxEzLPieFqCC06wUY+aeYggbNec07AJm7WgK8qAap; Domain=.aliexpress.ru; Expires=Thu, 23-Nov-2090 03:39:17 GMT; Path=/; HttpOnly
p3p: CP="CAO PSA OUR"
server: Tengine/Aserver
eagleeye-traceid: 21135c2f16676079105352855ef31a
strict-transport-security: max-age=31536000
timing-allow-origin: *
X-Firefox-Spdy: h2
login.aliexpress.com/sync_cookie_read.htm?xman_goto=https%3A%2F%2Fsale.aliexpress.ru%2Fru%2F__pc%2Fcontinuation_default.htm%3Faf%3Da%2659363%26cn%3Doslo%26cv%3D376357%26dp%3D91.90.42.154%26aff_fcid%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26tt%3DCPS_NORMAL%26aff_fsk%3D_DkvbRPd%26aff_platform%3Dportals-tool%26sk%3D_DkvbRPd%26aff_trace_key%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26terminal_id%3Dfa3817770ce548f0b25c33422b4b5137
104.110.21.4302 Found 0 B URL HTTP/2 login.aliexpress.com/sync_cookie_read.htm?xman_goto=https%3A%2F%2Fsale.aliexpress.ru%2Fru%2F__pc%2Fcontinuation_default.htm%3Faf%3Da%2659363%26cn%3Doslo%26cv%3D376357%26dp%3D91.90.42.154%26aff_fcid%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26tt%3DCPS_NORMAL%26aff_fsk%3D_DkvbRPd%26aff_platform%3Dportals-tool%26sk%3D_DkvbRPd%26aff_trace_key%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26terminal_id%3Dfa3817770ce548f0b25c33422b4b5137
IP 104.110.21.4:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sync_cookie_read.htm?xman_goto=https%3A%2F%2Fsale.aliexpress.ru%2Fru%2F__pc%2Fcontinuation_default.htm%3Faf%3Da%2659363%26cn%3Doslo%26cv%3D376357%26dp%3D91.90.42.154%26aff_fcid%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26tt%3DCPS_NORMAL%26aff_fsk%3D_DkvbRPd%26aff_platform%3Dportals-tool%26sk%3D_DkvbRPd%26aff_trace_key%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26terminal_id%3Dfa3817770ce548f0b25c33422b4b5137 HTTP/1.1
Host: login.aliexpress.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.regionic.info/
Connection: keep-alive
Cookie: af_ss_a=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
content-type: text/html;charset=UTF-8
content-length: 0
p3p: CP="CAO PSA OUR"
location: https://login.aliexpress.ru/sync_cookie_write.htm?acs_random_token=41d2bd495a6642219ce068e8dce6c036&xman_goto=https%3A%2F%2Fsale.aliexpress.ru%2Fru%2F__pc%2Fcontinuation_default.htm%3Faf%3Da%2659363%26cn%3Doslo%26cv%3D376357%26dp%3D91.90.42.154%26aff_fcid%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26tt%3DCPS_NORMAL%26aff_fsk%3D_DkvbRPd%26aff_platform%3Dportals-tool%26sk%3D_DkvbRPd%26aff_trace_key%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26terminal_id%3Dfa3817770ce548f0b25c33422b4b5137
content-language: en-US
server: Tengine/Aserver
eagleeye-traceid: 2100bdf116676079106007569e4762
strict-transport-security: max-age=31536000
timing-allow-origin: *
date: Sat, 05 Nov 2022 00:25:10 GMT
set-cookie: ali_apache_id=33.0.189.241.1667607910601.345709.1; path=/; domain=.aliexpress.com; expires=Wed, 30-Nov-2084 01:01:01 GMT
xman_us_f=x_l=0&acs_rt=41d2bd495a6642219ce068e8dce6c036; Domain=.aliexpress.com; Expires=Thu, 23-Nov-2090 03:39:17 GMT; Path=/
xman_t=4cWygD5Ov61Xzx7a1ByUQmzQ5aQxxANPn8d0C0CBHBe1FPebebfnsfswWipiu2lD; Domain=.aliexpress.com; Expires=Fri, 03-Feb-2023 00:25:10 GMT; Path=/; HttpOnly
acs_usuc_t=acs_rt=41d2bd495a6642219ce068e8dce6c036&x_csrf=g3qhjuf0036f; Domain=.aliexpress.com; Path=/
xman_f=ZTeEhFHgNrRTSrXXuFwiklLNKLPRLhJJl4C964g/Efxx4SYQ+bG4jkqQbT51aeaH5Dd2ZURYdXwHVRdmIE1KRik/AdBbhM7S/2F5AacqcoXmMs6QUfFcow==; Domain=.aliexpress.com; Expires=Thu, 23-Nov-2090 03:39:17 GMT; Path=/; HttpOnly
ali_apache_track=; Domain=.aliexpress.com; Expires=Thu, 23-Nov-2090 03:39:17 GMT; Path=/
ali_apache_tracktmp=; Domain=.aliexpress.com; Path=/
xman_us_f=x_l=0&acs_rt=41d2bd495a6642219ce068e8dce6c036; Domain=.aliexpress.com; Expires=Thu, 23-Nov-2090 03:39:17 GMT; Path=/
xman_t=QRXIwfwOJSpZ0qd5Cy8C/03uAHff4OCJsI4+Gx49aiX0pclYz+Pa1ITOK/TKdfMA; Domain=.aliexpress.com; Expires=Fri, 03-Feb-2023 00:25:10 GMT; Path=/; HttpOnly
acs_usuc_t=acs_rt=41d2bd495a6642219ce068e8dce6c036&x_csrf=g3qhjuf0036f; Domain=.aliexpress.com; Path=/
xman_f=kZEJXqSCDtobBObFyryGY4zV9mJu+9114UDMoS/VMCNv0OpMuGCJuHWYhU5CL5A/mlvuXAiBKDKI8FgTsDXK1AlGTLkevOFhVRN2ipIs4IrYHoXkJWb3Hw==; Domain=.aliexpress.com; Expires=Thu, 23-Nov-2090 03:39:17 GMT; Path=/; HttpOnly
e_id=pt70; Expires=Tue, 02 Nov 2032 00:25:10 GMT; Path=/; Domain=.aliexpress.com
X-Firefox-Spdy: h2
login.aliexpress.ru/sync_cookie_write.htm?acs_random_token=41d2bd495a6642219ce068e8dce6c036&xman_goto=https%3A%2F%2Fsale.aliexpress.ru%2Fru%2F__pc%2Fcontinuation_default.htm%3Faf%3Da%2659363%26cn%3Doslo%26cv%3D376357%26dp%3D91.90.42.154%26aff_fcid%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26tt%3DCPS_NORMAL%26aff_fsk%3D_DkvbRPd%26aff_platform%3Dportals-tool%26sk%3D_DkvbRPd%26aff_trace_key%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26terminal_id%3Dfa3817770ce548f0b25c33422b4b5137
47.246.133.23302 Found 0 B URL HTTP/2 login.aliexpress.ru/sync_cookie_write.htm?acs_random_token=41d2bd495a6642219ce068e8dce6c036&xman_goto=https%3A%2F%2Fsale.aliexpress.ru%2Fru%2F__pc%2Fcontinuation_default.htm%3Faf%3Da%2659363%26cn%3Doslo%26cv%3D376357%26dp%3D91.90.42.154%26aff_fcid%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26tt%3DCPS_NORMAL%26aff_fsk%3D_DkvbRPd%26aff_platform%3Dportals-tool%26sk%3D_DkvbRPd%26aff_trace_key%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26terminal_id%3Dfa3817770ce548f0b25c33422b4b5137
IP 47.246.133.23:0
ASN #45102 Alibaba US Technology Co., Ltd.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sync_cookie_write.htm?acs_random_token=41d2bd495a6642219ce068e8dce6c036&xman_goto=https%3A%2F%2Fsale.aliexpress.ru%2Fru%2F__pc%2Fcontinuation_default.htm%3Faf%3Da%2659363%26cn%3Doslo%26cv%3D376357%26dp%3D91.90.42.154%26aff_fcid%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26tt%3DCPS_NORMAL%26aff_fsk%3D_DkvbRPd%26aff_platform%3Dportals-tool%26sk%3D_DkvbRPd%26aff_trace_key%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26terminal_id%3Dfa3817770ce548f0b25c33422b4b5137 HTTP/1.1
Host: login.aliexpress.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.regionic.info/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Sat, 05 Nov 2022 00:25:10 GMT
content-type: text/html;charset=UTF-8
content-length: 0
location: https://sale.aliexpress.ru/ru/__pc/continuation_default.htm?af=a&59363&cn=oslo&cv=376357&dp=91.90.42.154&aff_fcid=13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd&tt=CPS_NORMAL&aff_fsk=_DkvbRPd&aff_platform=portals-tool&sk=_DkvbRPd&aff_trace_key=13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd&terminal_id=fa3817770ce548f0b25c33422b4b5137
set-cookie: ali_apache_id=33.19.92.47.1667607910645.157038.1; path=/; domain=.aliexpress.com; expires=Wed, 30-Nov-2084 01:01:01 GMT
xman_us_f=x_l=0&acs_rt=41d2bd495a6642219ce068e8dce6c036; Domain=.aliexpress.ru; Expires=Thu, 23-Nov-2090 03:39:17 GMT; Path=/
xman_t=3pHjQCQa4c/NRrt0uv3dU9g5ltZh4iCE6xUNozNXfaq31G6Fpogc+7xroH4cZT5Z; Domain=.aliexpress.ru; Expires=Fri, 03-Feb-2023 00:25:10 GMT; Path=/; HttpOnly
acs_usuc_t=acs_rt=e24f0148adb1467c9b4ef0afe95dd5cc&x_csrf=q7w0s1wlckjt; Domain=.aliexpress.ru; Path=/
xman_f=VuqghhRfXi2TZ4ZNDpeA0UZBiUavsLvGHxcqdXxMVumh7DDIqkXJcmAiwuIdYe7/uzOTEktjShDUvxgs068Yl5GZnzlgzcribhZVH8gpQG1La3R2pwWbWw==; Domain=.aliexpress.ru; Expires=Thu, 23-Nov-2090 03:39:17 GMT; Path=/; HttpOnly
ali_apache_track=; Domain=.alibaba.com; Expires=Thu, 23-Nov-2090 03:39:17 GMT; Path=/
ali_apache_tracktmp=; Domain=.alibaba.com; Path=/
xman_us_f=x_l=0&acs_rt=41d2bd495a6642219ce068e8dce6c036; Domain=.aliexpress.ru; Expires=Thu, 23-Nov-2090 03:39:17 GMT; Path=/
xman_t=O2ySnh7T1KPJ+cm+x4Y/ucTPtedK254en39ca1DyPgDpTyCmDGdzvYfiIi61Yw1h; Domain=.aliexpress.ru; Expires=Fri, 03-Feb-2023 00:25:10 GMT; Path=/; HttpOnly
acs_usuc_t=acs_rt=e24f0148adb1467c9b4ef0afe95dd5cc&x_csrf=q7w0s1wlckjt; Domain=.aliexpress.ru; Path=/
xman_f=CPAihJAi0yT2JsNkphMF4J14keFbSlxIJKD2qlxP9n/HzBEk8JYexV2ZdTgAkYVK0X8OTrDfP0/zr8MTeJB/trm3bFh2db8G0uMbHPYcoZI+PqdsCzAyvg==; Domain=.aliexpress.ru; Expires=Thu, 23-Nov-2090 03:39:17 GMT; Path=/; HttpOnly
p3p: CP="CAO PSA OUR"
content-language: en-US
server: Tengine/Aserver
eagleeye-traceid: 21135c2f16676079106432857ef31a
strict-transport-security: max-age=31536000
timing-allow-origin: *
X-Firefox-Spdy: h2
sale.aliexpress.ru/ru/__pc/continuation_default.htm?af=a&59363&cn=oslo&cv=376357&dp=91.90.42.154&aff_fcid=13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd&tt=CPS_NORMAL&aff_fsk=_DkvbRPd&aff_platform=portals-tool&sk=_DkvbRPd&aff_trace_key=13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd&terminal_id=fa3817770ce548f0b25c33422b4b5137
47.246.133.23302 Found 0 B URL HTTP/2 sale.aliexpress.ru/ru/__pc/continuation_default.htm?af=a&59363&cn=oslo&cv=376357&dp=91.90.42.154&aff_fcid=13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd&tt=CPS_NORMAL&aff_fsk=_DkvbRPd&aff_platform=portals-tool&sk=_DkvbRPd&aff_trace_key=13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd&terminal_id=fa3817770ce548f0b25c33422b4b5137
IP 47.246.133.23:0
ASN #45102 Alibaba US Technology Co., Ltd.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ru/__pc/continuation_default.htm?af=a&59363&cn=oslo&cv=376357&dp=91.90.42.154&aff_fcid=13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd&tt=CPS_NORMAL&aff_fsk=_DkvbRPd&aff_platform=portals-tool&sk=_DkvbRPd&aff_trace_key=13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd&terminal_id=fa3817770ce548f0b25c33422b4b5137 HTTP/1.1
Host: sale.aliexpress.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.regionic.info/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Sat, 05 Nov 2022 00:25:10 GMT
content-length: 0
location: https://login.aliexpress.com/sync_cookie_read.htm?xman_goto=https%3A%2F%2Fsale.aliexpress.ru%2Fru%2F__pc%2Fcontinuation_default.htm%3Faf%3Da%2659363%26cn%3Doslo%26cv%3D376357%26dp%3D91.90.42.154%26aff_fcid%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26tt%3DCPS_NORMAL%26aff_fsk%3D_DkvbRPd%26aff_platform%3Dportals-tool%26sk%3D_DkvbRPd%26aff_trace_key%3D13f56d43662249948bc4d152156ab078-1667607909034-09700-_DkvbRPd%26terminal_id%3Dfa3817770ce548f0b25c33422b4b5137
set-cookie: ali_apache_id=33.19.92.47.1667607910701.156110.1; path=/; domain=.aliexpress.com; expires=Wed, 30-Nov-2084 01:01:01 GMT
xman_us_f=x_l=0; Domain=.aliexpress.ru; Expires=Thu, 23-Nov-2090 03:39:17 GMT; Path=/
acs_usuc_t=x_csrf=550mwnmnx5zp&acs_rt=fda00045a0654f76a3f534bb9f6dde8f; Domain=.aliexpress.ru; Path=/
xman_t=0sKJKAvsBlyV2Qv2DIo13y26eWbZo7SoglRAanXaxvgh8jm2t3NCRI7Sb6nQT31f; Domain=.aliexpress.ru; Expires=Fri, 03-Feb-2023 00:25:10 GMT; Path=/; HttpOnly
xman_f=wpV13Rktiyx5sQd5Xrfv8K6/vSMk4F6iNlBazlozbFO/WSRvzIfecNkGcKw7KG9L; Domain=.aliexpress.ru; Expires=Thu, 23-Nov-2090 03:39:17 GMT; Path=/; HttpOnly
p3p: CP="CAO PSA OUR"
server: Tengine/Aserver
eagleeye-traceid: 21135c2f16676079106992859ef31a
strict-transport-security: max-age=31536000
timing-allow-origin: *
X-Firefox-Spdy: h2
app.mona.co/referral/fallback?_branch_match_id=1117235429465862708&_branch_referrer=H4sIAAAAAAAAA8soKSkottLXT08t0cvNz0vUS87XN8z1qQjKdcszTEoCAE64N64fAAAA
104.17.172.32302 Found 3.0 kB URL HTTP/2 app.mona.co/referral/fallback?_branch_match_id=1117235429465862708&_branch_referrer=H4sIAAAAAAAAA8soKSkottLXT08t0cvNz0vUS87XN8z1qQjKdcszTEoCAE64N64fAAAA
IP 104.17.172.32:0
Hash a71a7a4727b8ac261065082dfe3f5655
b630e6b142482f231e9875ec428b8b5c533b351d
01f9d8c94c00c8397e9bbf1392ddbe1d53e0f0829a4c523888092961689e6b4f
GET /referral/fallback?_branch_match_id=1117235429465862708&_branch_referrer=H4sIAAAAAAAAA8soKSkottLXT08t0cvNz0vUS87XN8z1qQjKdcszTEoCAE64N64fAAAA HTTP/1.1
Host: app.mona.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hlmiq.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sat, 05 Nov 2022 00:25:10 GMT
content-type: text/html; charset=utf-8
location: https://referral.crypto.com/signup?_branch_match_id=1117235429465862708
cache-control: no-cache, no-store
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
x-request-id: b6a323d3-ac70-41ef-8107-d6297aad64a0
x-runtime: 0.008911
strict-transport-security: max-age=604800
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=B7AqRRY.wkGQCfWCYSItgwDOrTbF7G0FMT9Ixf85_8o-1667607910-0-AfSVsG2FVSRC7+XW+d7ygVv7SdAuDviWu3uOGX557B/1VeRqFkQSaGSTMD8hBFuZuJcwYDG5Eec55AqRcAvJFu4NGKsXatP1OBvAszCFIUTa; path=/; expires=Sat, 05-Nov-22 00:55:10 GMT; domain=.mona.co; HttpOnly; Secure; SameSite=None
__cfruid=80ff28f9d6f7b975f00e7dab5c13dd86f8be30cb-1667607910; path=/; domain=.mona.co; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 7651735fb84cb503-OSL
X-Firefox-Spdy: h2
offer.alibaba.com/cps/j19u1ne5?bm=cps&src=saf&tp1=9b081532b1207069ecfcb20c4deedcd4&pid=656490
47.246.136.22200 OK 14 kB URL HTTP/2 offer.alibaba.com/cps/j19u1ne5?bm=cps&src=saf&tp1=9b081532b1207069ecfcb20c4deedcd4&pid=656490
IP 47.246.136.22:0
ASN #45102 Alibaba US Technology Co., Ltd.
Hash af4385407156336711cd2f2eca242b47
37433afc57f45eb361ceda94c06f3bb782ed112d
deb3ef2d5a63e42c2dc22fbaaf651f33215fe57ca9feea1083ff672fa184c3d4
GET /cps/j19u1ne5?bm=cps&src=saf&tp1=9b081532b1207069ecfcb20c4deedcd4&pid=656490 HTTP/1.1
Host: offer.alibaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hlmiq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 05 Nov 2022 00:25:09 GMT
content-type: text/html;charset=UTF-8
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000 ; includeSubDomains
set-cookie: ali_apache_id=33.1.212.51.1667607909434.505055.1; path=/; domain=.alibaba.com; expires=Wed, 30-Nov-2084 01:01:01 GMT
XSRF-TOKEN=449853af-a080-4a12-906a-d381bf8d6e57; Path=/; HttpOnly
cna=ZZvsG8mJ6zMCAS/2gNbSt0u8; Domain=alibaba.com; Expires=Thu, 23-Nov-2090 03:39:16 GMT; Path=/
cna=ZZvsG8mJ6zMCAS/2gNbSt0u8; Domain=mmstat.com; Expires=Thu, 23-Nov-2090 03:39:16 GMT; Path=/
ali_apache_track=""; Domain=.alibaba.com; Expires=Thu, 23-Nov-2090 03:39:16 GMT; Path=/
ali_apache_tracktmp=""; Domain=.alibaba.com; Path=/
x-application-context: arcadia:7001
referrer-policy: unsafe-url
content-language: en-US
content-encoding: gzip
timing-allow-origin: *
eagleid: 2101d43316676079094332798e46ce
server-timing: rt;dur=0.092,eagleid;desc=2101d43316676079094332798e46ce
X-Firefox-Spdy: h2
www.lightinthebox.com/?utm_campaign=irpid&utm_content=Indoleads2019&utm_source=gan&utm_medium=affiliate&litb_from=affiliate_gan&clickid=VIgRQ51ejxyNWLpwfg0VZSHFUkDXPtUWXUjWwE0&irgwc=1
104.84.152.56200 OK 15 kB URL HTTP/2 www.lightinthebox.com/?utm_campaign=irpid&utm_content=Indoleads2019&utm_source=gan&utm_medium=affiliate&litb_from=affiliate_gan&clickid=VIgRQ51ejxyNWLpwfg0VZSHFUkDXPtUWXUjWwE0&irgwc=1
IP 104.84.152.56:0
ASN #20940 Akamai International B.V.
Hash 9c843e523cae585b88a4146e0f0602b3
a49783b727518cc189eff07ac910805dcba3eba7
55e7eee32ec7d36148caa78b16b4125d837eb3f44efd686df10eda425d9c50d3
GET /?utm_campaign=irpid&utm_content=Indoleads2019&utm_source=gan&utm_medium=affiliate&litb_from=affiliate_gan&clickid=VIgRQ51ejxyNWLpwfg0VZSHFUkDXPtUWXUjWwE0&irgwc=1 HTTP/1.1
Host: www.lightinthebox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hlmiq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=utf-8
x-frame-options: allow-from https://gw.lightinthebox.com
x-xss-protection: 1;mode=block
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
p3p: CP="CAO PSA OUR"
pragma: no-cache
vela_device:
vela_is_first_visit:
vela_s:
vela_s_c:
vela_v:
vela_v_c:
vela_w:
vela_w_c:
content-encoding: gzip
access-control-allow-origin: 0
access-control-allow-credentials: true
access-control-allow-methods: GET,POST,PUT,DELETE,OPTIONS
x-akamai-transformed: 9 - 0 pmb=mTOE,1
cache-control: no-cache, no-store, must-revalidate
expires: Sat, 05 Nov 2022 00:25:09 GMT
date: Sat, 05 Nov 2022 00:25:09 GMT
vary: Accept-Encoding
set-cookie: sid=5jjfm2cn08slibenip3o1al93p; expires=Mon, 05-Dec-2022 00:25:09 GMT; Max-Age=2592000; path=/; domain=.lightinthebox.com
first_visit_time=fe12d15ed54ba0afe27c71eb952134c8; expires=Sun, 05-Nov-2023 00:25:09 GMT; Max-Age=31536000; path=/; domain=.lightinthebox.com; secure
vela_s_c=42; expires=Sat, 05-Nov-2022 00:55:09 GMT; Max-Age=1800; path=/; domain=.lightinthebox.com; secure
vela_v_c=42; expires=Sat, 05-Nov-2022 08:25:09 GMT; Max-Age=28800; path=/; domain=.lightinthebox.com; secure
vela_w_c=42; expires=Sat, 12-Nov-2022 00:25:09 GMT; Max-Age=604800; path=/; domain=.lightinthebox.com; secure
vela_m_c=42; expires=Mon, 05-Dec-2022 00:25:09 GMT; Max-Age=2592000; path=/; domain=.lightinthebox.com; secure
vela_3m_c=42; expires=Fri, 03-Feb-2023 00:25:09 GMT; Max-Age=7776000; path=/; domain=.lightinthebox.com; secure
vela_m_ca=42; expires=Mon, 05-Dec-2022 00:25:09 GMT; Max-Age=2592000; path=/; domain=.lightinthebox.com; secure
vela_s=6365ad65574e7; expires=Sat, 05-Nov-2022 00:55:09 GMT; Max-Age=1800; path=/; domain=.lightinthebox.com; secure
vela_m=6365ad65574ec; expires=Mon, 05-Dec-2022 00:25:09 GMT; Max-Age=2592000; path=/; domain=.lightinthebox.com; secure
vela_3m=6365ad65574f0; expires=Fri, 03-Feb-2023 00:25:09 GMT; Max-Age=7776000; path=/; domain=.lightinthebox.com; secure
vela_v=6365ad65574f4; expires=Sat, 05-Nov-2022 08:25:09 GMT; Max-Age=28800; path=/; domain=.lightinthebox.com; secure
vela_w=6365ad65574f8; expires=Sat, 12-Nov-2022 00:25:09 GMT; Max-Age=604800; path=/; domain=.lightinthebox.com; secure
vela_device=desktop; expires=Sun, 06-Nov-2022 00:25:09 GMT; Max-Age=86400; path=/; domain=.lightinthebox.com; secure
vela_is_first_visit=1; expires=Sun, 05-Nov-2023 00:25:09 GMT; Max-Age=31536000; path=/; domain=.lightinthebox.com; secure
affi=664b08e55c41be35e1e822fee3b61691; expires=Tue, 20-Dec-2022 00:25:09 GMT; Max-Age=3888000; path=/; domain=.lightinthebox.com; secure
feature=V1199488_A; expires=Fri, 03-Feb-2023 00:25:09 GMT; Max-Age=7776000; path=/; domain=.lightinthebox.com; secure
local=en%7CNO%7CNOK; expires=Mon, 05-Dec-2022 00:25:09 GMT; Max-Age=2592000; path=/; domain=.lightinthebox.com; secure
__cust=AAAAAGNlrWUfhDQxdp7OAg==; expires=Sun, 05-Nov-23 00:25:09 GMT; domain=lightinthebox.com; path=/
SRV=A_202107051500; Expires=Mon, 05-Dec-2022 00:25:09 GMT; path=/; domain=.lightinthebox.com
AKA-WWW-LITB-ORIGIN=EU; expires=Sat, 12-Nov-2022 00:25:09 GMT; path=/; domain=.lightinthebox.com; secure
X-Firefox-Spdy: h2
accounts.binance.com/ru/register?ref=KZTDOPQP
54.230.111.67200 OK 0 B URL HTTP/2 accounts.binance.com/ru/register?ref=KZTDOPQP
IP 54.230.111.67:0
GET /ru/register?ref=KZTDOPQP HTTP/1.1
Host: accounts.binance.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hlmiq.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
date: Sat, 05 Nov 2022 00:24:14 GMT
server: Tengine
bnc-cache-proxy-expire-time: 1667607911
bnc-cache-proxy-rewrite:
bnc-cache-proxy-type: redis-hit
cache-control: no-store, max-age=0, must-revalidate
etag: W/"6364ce58-42d6"
last-modified: Fri, 04 Nov 2022 08:33:28 GMT
x-cluster-info: fe-com
x-envoy-decorator-operation: cache-proxy.cache-proxy.svc.cluster.local:80/*
x-envoy-upstream-service-time: 1
x-gateway: gateway
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubdomains
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: OdyPVRfE2fdf8wXoADuTk78OJIAqmLjf40EY2ok99M3YdQGgHL1JNw==
age: 55
X-Firefox-Spdy: h2
www.ebay.com/?PARM3_ID=GBH_168&FF11=GBH_168&kw=6365ab0709e8870001ab639c_14330&mkevt=1&mkcid=16&mkrid=711-155609-835623-2&ufes_redirect=true
23.38.201.25200 OK 0 B URL HTTP/2 www.ebay.com/?PARM3_ID=GBH_168&FF11=GBH_168&kw=6365ab0709e8870001ab639c_14330&mkevt=1&mkcid=16&mkrid=711-155609-835623-2&ufes_redirect=true
IP 23.38.201.25:0
GET /?PARM3_ID=GBH_168&FF11=GBH_168&kw=6365ab0709e8870001ab639c_14330&mkevt=1&mkcid=16&mkrid=711-155609-835623-2&ufes_redirect=true HTTP/1.1
Host: www.ebay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
accept-ch: sec-ch-ua-model,sec-ch-ua-platform-version,sec-ch-ua-full-version
content-type: text/html;charset=utf-8
rlogid: t6klaook%60b0%3D%3C%3Dqkiojbnkmcc4%3B(widc%60*w%60ut3542-184452d5bbe-0x503
x-envoy-upstream-service-time: 218
content-encoding: gzip
server: ebay-proxy-server
x-edgeconnect-midmile-rtt: 24
x-edgeconnect-origin-mex-latency: 219
date: Sat, 05 Nov 2022 00:25:11 GMT
vary: Accept-Encoding
set-cookie: dp1=bbl/NO67281467^; Domain=.ebay.com; Path=/; Expires=Mon, 04 Nov 2024 00:25:11 GMT; Secure
nonsession=BAQAAAYQ/7+h2AAaAADMABGVG4OcwMTY4AMoAIGcoFGc0NTJkNWJkNDE4NDBhNzQ0NjljNTc1YzdmZmVhNDkwMQDLAAFjZbRvMR1xxNy0y7Tcmbkp7Nyo7g+7nDH/; Domain=.ebay.com; Path=/; Expires=Mon, 04 Nov 2024 00:25:11 GMT; HttpOnly; Secure
s=CgAD4ACBjZv7nNDUyZDViZDQxODQwYTc0NDY5YzU3NWM3ZmZlYTQ5MDGOwwB+; Domain=.ebay.com; Path=/; HttpOnly; Secure
ebay=%5Esbf%3D%23000000%5E; Domain=.ebay.com; Path=/; Secure
__deba=u76_j5s2-_pCxpJYMUXNhb5aoagAL6XQt0GB7uFYXFECgpKsDJwZIqGVkLxZ9JCqXR8UW1J2_XMwSXzXGqPFGJ1dL93tluc9mFNOH9jM_zTKQZNHCVUdan_dHDoHLHrnBYDdHifN0JskHpCyQG63Lw==; Path=/; Domain=.ebay.com; Expires=Thu, 4 May 2023 00:25:11 UTC
ak_bmsc=15E7542EE7BFE0856154260C3877ACAD~000000000000000000000000000000~YAAQBE8kFyA5bz+EAQAAWVwtRRGmEtLdsTssPLSo6POrfPuJXE4xS7YRMnQikIxB7FItgr2Cv1Fii3/RL2Y/2rEk8MtCFOPTnemaFW0E6FUpGRKSStp72TjDbDqEelAl6wMDx4uXOvD44RNMd5zZlWJaeJyL/8LUI5sg01l0L09dMTIfroHOsfievUtCYbgXBbz4rjqp0bd9ks9FTJe7MW1cTPRRGT2j4zAETi9GpKUSFhplCRiYo9X92K/HcI/GHfxEIORZUj4I6/yJMJrTO8V9zdC49GGtHT9B/Zyl3mjK91laJnYd1ViHEk7lt27vlwjp1HdlzpVq3wd0Nu08O6xcsZqeUXMQpz4jKkUo0xWaQyWQqiySc1kv42OKNR5SsxJq+v/DZg==; Domain=.ebay.com; Path=/; Expires=Sat, 05 Nov 2022 02:25:11 GMT; Max-Age=7200; HttpOnly
X-Firefox-Spdy: h2
iqbroker.com//lp/ultimate-trading/?active=forex2&aff=7792
185.117.134.138200 OK 0 B URL HTTP/2 iqbroker.com//lp/ultimate-trading/?active=forex2&aff=7792
IP 185.117.134.138:0
ASN #204006 Iqoption Europe Ltd
GET //lp/ultimate-trading/?active=forex2&aff=7792 HTTP/1.1
Host: iqbroker.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hlmiq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 05 Nov 2022 00:25:09 GMT
content-type: text/html; charset=utf-8
last-modified: Thu, 27 Oct 2022 09:03:35 GMT
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
set-cookie: IsRestrictedCountry=false; expires=Mon, 05 Dec 2022 00:25:09 GMT; domain=.iqbroker.com; path=/; secure; SameSite=None
IsRegulatedCountry=true; expires=Mon, 05 Dec 2022 00:25:09 GMT; domain=.iqbroker.com; path=/; secure; SameSite=None
Country=no; expires=Mon, 05 Dec 2022 00:25:09 GMT; domain=.iqbroker.com; path=/; secure; SameSite=None
CountryID=149; expires=Mon, 05 Dec 2022 00:25:09 GMT; domain=.iqbroker.com; path=/; secure; SameSite=None
landing=/lp/ultimate-trading/; expires=Mon, 05 Dec 2022 00:25:09 GMT; domain=.iqbroker.com; path=/; secure; SameSite=None
aff=7792; expires=Mon, 05 Dec 2022 00:25:09 GMT; domain=.iqbroker.com; path=/; secure; SameSite=None
retrack=; expires=Mon, 05 Dec 2022 00:25:09 GMT; domain=.iqbroker.com; path=/; secure; SameSite=None
affextra=; expires=Mon, 05 Dec 2022 00:25:09 GMT; domain=.iqbroker.com; path=/; secure; SameSite=None
afftrack=; expires=Mon, 05 Dec 2022 00:25:09 GMT; domain=.iqbroker.com; path=/; secure; SameSite=None
aff_model=; expires=Mon, 05 Dec 2022 00:25:09 GMT; domain=.iqbroker.com; path=/; secure; SameSite=None
aff_ts=2022-11-05T00:25:09Z; expires=Mon, 05 Dec 2022 00:25:09 GMT; domain=.iqbroker.com; path=/; secure; SameSite=None
AffTrackGroup=Black_team_(partnerka); expires=Mon, 05 Dec 2022 00:25:09 GMT; domain=.iqbroker.com; path=/; secure; SameSite=None
Serv=NL; expires=Mon, 05 Dec 2022 00:25:09 GMT; domain=.iqbroker.com; path=/; secure; SameSite=None
referrer=https://hlmiq.com/; expires=Mon, 05 Dec 2022 00:25:09 GMT; domain=.iqbroker.com; path=/; secure; SameSite=None
AppID=id871125783; expires=Mon, 05 Dec 2022 00:25:09 GMT; domain=.iqbroker.com; path=/; secure; SameSite=None
brand_id=1; expires=Sat, 12 Nov 2022 00:25:09 GMT; domain=.iqbroker.com; path=/; secure; SameSite=None
platform=9; expires=Mon, 05 Dec 2022 00:25:09 GMT; domain=.iqbroker.com; path=/; secure; SameSite=None
client_platform_id=9; expires=Mon, 05 Dec 2022 00:25:09 GMT; domain=.iqbroker.com; path=/; secure; SameSite=None
support_email=support@eu.iqoption.com; expires=Mon, 05 Dec 2022 00:25:09 GMT; domain=.iqbroker.com; path=/; secure; SameSite=None
company_id=1; expires=Mon, 05 Dec 2022 00:25:09 GMT; domain=.iqbroker.com; path=/; secure; SameSite=None
IsAppStoreCountry=true; expires=Mon, 05 Dec 2022 00:25:09 GMT; domain=.iqbroker.com; path=/; secure; SameSite=None
RedirectDomain=iqoption.com; expires=Mon, 05 Dec 2022 00:25:09 GMT; domain=.iqbroker.com; path=/; secure; SameSite=None
RedirectDomains=iqoption.com,iqtrading.asia; expires=Mon, 05 Dec 2022 00:25:09 GMT; domain=.iqbroker.com; path=/; secure; SameSite=None
linkPolicy=/en/terms-and-conditions/privacy-policy-new; expires=Mon, 05 Dec 2022 00:25:09 GMT; domain=.iqbroker.com; path=/; secure; SameSite=None
linkTerms=/en/terms-and-conditions/terms-and-conditions; expires=Mon, 05 Dec 2022 00:25:09 GMT; domain=.iqbroker.com; path=/; secure; SameSite=None
link: <https://iqbroker.com/lp/ultimate-trading/en/forex2/>; rel="canonical"
backend: arbitre_v4
remote-addr: 91.90.42.154
content-encoding: gzip
strict-transport-security: max-age=15555600
x-content-type-options: nosniff
X-Firefox-Spdy: h2
developers.google.com/
142.250.74.14200 OK 0 B IP 142.250.74.14:0
GET / HTTP/1.1
Host: developers.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.regionic.info/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Fri, 04 Nov 2022 18:40:04 GMT
content-type: text/html; charset=utf-8
set-cookie: _ga_devsite=GA1.3.3778090294.1667607909; Expires=Mon, 04 Nov 2024 00:25:09 GMT; Max-Age=63072000; Path=/
content-security-policy: base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-htgqdJg3jblEVNESCGxTeeFpj8F4Ae' 'unsafe-eval'; report-uri https://csp.withgoogle.com/csp/devsite/v2
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 0
x-content-type-options: nosniff
cache-control: no-cache, must-revalidate
expires: 0
pragma: no-cache
content-encoding: gzip
x-cloud-trace-context: 8ae130f0137c3e4510bff221bf3bbb5b
vary: Accept-Encoding
date: Sat, 05 Nov 2022 00:25:09 GMT
server: Google Frontend
content-length: 22591
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.semrush.com/?ref=2017024630&refer_source=&utm_source=berush&utm_medium=promo&utm_campaign=link_other
34.120.45.191200 OK 0 B URL HTTP/2 www.semrush.com/?ref=2017024630&refer_source=&utm_source=berush&utm_medium=promo&utm_campaign=link_other
IP 34.120.45.191:0
GET /?ref=2017024630&refer_source=&utm_source=berush&utm_medium=promo&utm_campaign=link_other HTTP/1.1
Host: www.semrush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hlmiq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 05 Nov 2022 00:25:09 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
x-service-response-time: 0.01938
content-language: en
x-service: index
server-timing: service;dur=20.87413, backend;dur=44.11034
set-cookie: ga_exp_97bcf015aa5e49efb7cdbaa9=0; Domain=.semrush.com; expires=Sat, 03 Dec 2022 00:25:09 GMT; Max-Age=2419200; Path=/; SameSite=lax
PHPSESSID=5f492b84f9dbcfc8c30053aa85e3447b; Path=/; Domain=semrush.com; Expires=Sun, 06 Nov 2022 00:25:09 GMT; HttpOnly; Secure
SSO-JWT=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiI1ZjQ5MmI4NGY5ZGJjZmM4YzMwMDUzYWE4NWUzNDQ3YiIsImlhdCI6MTY2NzYwNzkwNCwiaXNzIjoic3NvIn0.vAaTPuzIXO7Y50joupGH4eoDRud1Qcw35XZLkGqY7diSkKqVBAX8_1KIO3R8Ae5Mbxf-WK-fpBHWGL32HkVxnQ; Path=/; Domain=semrush.com; Expires=Sun, 06 Nov 2022 00:25:09 GMT; HttpOnly; Secure
GCLB=CL33uaT1yPL0ew; path=/; HttpOnly; expires=Sun, 06-Nov-2022 00:25:09 GMT
sm-log-id: flb-7b9b2e8659b12c70303c8fd76882e9fb
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache
strict-transport-security: max-age=31536000; includeSubdomains; preload
content-encoding: br
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
bongacams.com/?bcs=b3JoaWFiMTBiOWQ2NWE1ZDIyNDJkZjMyYjFmNjcyNzNkMjVlOjoxODMzNDY6Omh0dHBzOi8vaGxtaXEuY29tLzo6Ojo6OjI4NzMyNTo6MDo6MDo6MDo6OjowOjpkZWZhdWx0Ojow
195.85.23.89302 Found 0 B URL HTTP/2 bongacams.com/?bcs=b3JoaWFiMTBiOWQ2NWE1ZDIyNDJkZjMyYjFmNjcyNzNkMjVlOjoxODMzNDY6Omh0dHBzOi8vaGxtaXEuY29tLzo6Ojo6OjI4NzMyNTo6MDo6MDo6MDo6OjowOjpkZWZhdWx0Ojow
IP 195.85.23.89:0
ASN #209242 Cloudflare London, LLC
GET /?bcs=b3JoaWFiMTBiOWQ2NWE1ZDIyNDJkZjMyYjFmNjcyNzNkMjVlOjoxODMzNDY6Omh0dHBzOi8vaGxtaXEuY29tLzo6Ojo6OjI4NzMyNTo6MDo6MDo6MDo6OjowOjpkZWZhdWx0Ojow HTTP/1.1
Host: bongacams.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hlmiq.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sat, 05 Nov 2022 00:25:09 GMT
content-type: text/html; charset=utf-8
location: https://no.bongacams.com/?bcs=b3JoaWFiMTBiOWQ2NWE1ZDIyNDJkZjMyYjFmNjcyNzNkMjVlOjoxODMzNDY6Omh0dHBzOi8vaGxtaXEuY29tLzo6Ojo6OjI4NzMyNTo6MDo6MDo6MDo6OjowOjpkZWZhdWx0Ojow
cache-control: no-cache, no-store, must-revalidate
x-zone: 5a-web44
cf-cache-status: DYNAMIC
set-cookie: bonga20120608=2a64f5c9ee4abb25b0e3882c489ec538; path=/; domain=.bongacams.com; secure; HttpOnly; SameSite=None
ts_type=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.bongacams.com
ts_type2=1; expires=Sun, 05-Nov-2023 00:25:09 GMT; Max-Age=31536000; path=/; domain=.bongacams.com
fv=BGN5AmN2AmL2ZD==; expires=Sun, 05-Nov-2023 00:25:09 GMT; Max-Age=31536000; path=/; domain=.bongacams.com
uh=AJyLpHAkEzSSoaD0BRSvBTu3ZwERHt==; expires=Sun, 05-Nov-2023 00:25:09 GMT; Max-Age=31536000; path=/; domain=.bongacams.com
ratr=183346%3A%3A287325%3A%3A2022-11-05%2002%3A25%3A09%3A%3Ahttps%3A%2F%2Fhlmiq.com%2F%3A%3A%3A%3A; expires=Sun, 23-Oct-2072 00:25:09 GMT; Max-Age=1576800000; path=/; domain=.bongacams.com; HttpOnly
__cf_bm=Lmu41yBQMlHCiCjPr4DzWlswZvTa03jjVjl8urfWJZE-1667607909-0-AYkdxpYsDNshnpTHR03P0UWzAvbxj9k8uVBttewpsBTZ2wiHNZpbzaQnOPRSQXt5LxMnD+jDtnArmkHCIOnkNvU=; path=/; expires=Sat, 05-Nov-22 00:55:09 GMT; domain=.bongacams.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 7651735a692db51b-OSL
X-Firefox-Spdy: h2
accounts.google.com/o/oauth2/postmessageRelay?parent=http%3A%2F%2Fwww.regionic.info&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.P0B2vZm_jJk.O%2Fd%3D1%2Frs%3DAHpOoo_nmCaDbrwZCe_WiNZEgKVKQ-FnSA%2Fm%3D__features__
216.58.207.237200 OK 0 B URL HTTP/2 accounts.google.com/o/oauth2/postmessageRelay?parent=http%3A%2F%2Fwww.regionic.info&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.P0B2vZm_jJk.O%2Fd%3D1%2Frs%3DAHpOoo_nmCaDbrwZCe_WiNZEgKVKQ-FnSA%2Fm%3D__features__
IP 216.58.207.237:0
GET /o/oauth2/postmessageRelay?parent=http%3A%2F%2Fwww.regionic.info&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.P0B2vZm_jJk.O%2Fd%3D1%2Frs%3DAHpOoo_nmCaDbrwZCe_WiNZEgKVKQ-FnSA%2Fm%3D__features__ HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.regionic.info/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 05 Nov 2022 00:25:08 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /o/cspreport, script-src 'nonce-TgNg3K9SI5P9Od7TlB18sQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.activecampaign.com/?_r=MNKTMH1C
104.20.1.15200 OK 0 B URL HTTP/2 www.activecampaign.com/?_r=MNKTMH1C
IP 104.20.1.15:0
GET /?_r=MNKTMH1C HTTP/1.1
Host: www.activecampaign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hlmiq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 05 Nov 2022 00:25:09 GMT
content-type: text/html; charset=UTF-8
cf-ray: 765173584e411c0a-OSL
access-control-allow-origin: https://stageac.wpengine.com
cache-control: max-age=15552000, must-revalidate
last-modified: Tue, 27 Sep 2022 16:08:55 GMT
link: <https://www.activecampaign.com/wp-json/>; rel="https://api.w.org/", <https://www.activecampaign.com/wp-json/wp/v2/pages/28550>; rel="alternate"; type="application/json", <https://www.activecampaign.com/>; rel=shortlink
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding,Cookie
cf-cache-status: DYNAMIC
x-cache: HIT: 2357
x-cache-group: normal
x-cacheable: YES:15552000.000
x-powered-by: WP Engine
set-cookie: statamic_referrer_page=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
__cf_bm=CRpJVoyUh1yewE8U7BoELcBEt1k12_9Y3sUJtpWcRl8-1667607909-0-AfMKQVw542qsRnF1FksE+6OE9mp0CW4u6xlZn2mpEjwGHtFSHxl8v36HwOpOS2MVxYgB6AvE0mQKe52akBanX+s=; path=/; expires=Sat, 05-Nov-22 00:55:09 GMT; domain=.activecampaign.com; HttpOnly; Secure; SameSite=None
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
de.dhgate.com/?f=bm|aff|admitad|1019090|4a70603c5db1f9a809681fceb88923a6|197649||
152.195.52.170200 OK 0 B URL HTTP/2 de.dhgate.com/?f=bm|aff|admitad|1019090|4a70603c5db1f9a809681fceb88923a6|197649||
IP 152.195.52.170:0
GET /?f=bm|aff|admitad|1019090|4a70603c5db1f9a809681fceb88923a6|197649|| HTTP/1.1
Host: de.dhgate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
content-language: en-US
content-type: text/html; charset=utf-8
date: Sat, 05 Nov 2022 00:25:09 GMT
ec-version: v3.4.8
server: openresty
set-cookie: b2b_ip_country=NO; Domain=dhgate.com; Expires=Mon, 05-Dec-22 00:25:09 GMT; Path=/
b2b_ship_country=NO; Domain=dhgate.com; Expires=Mon, 05-Dec-22 00:25:09 GMT; Path=/
last_choice=0; Domain=dhgate.com; Expires=Mon, 05-Dec-22 00:25:09 GMT; Path=/
b2b_ip_country=NO; Domain=dhgate.com; Expires=Mon, 05-Dec-22 00:25:09 GMT; Path=/
b2b_ship_country=NO; Domain=dhgate.com; Expires=Mon, 05-Dec-22 00:25:09 GMT; Path=/
last_choice=0; Domain=dhgate.com; Expires=Mon, 05-Dec-22 00:25:09 GMT; Path=/
ref_f=bm%7Caff%7Cadmitad%7C1019090%7C4a70603c5db1f9a809681fceb88923a6%7C197649%7C%7C;Domain=dhgate.com; Expires=Mon, 05-Dec-22 00:25:09 GMT; Path=/
ref_f_full=%7B%22f%22%3A%22bm%257Caff%257Cadmitad%257C1019090%257C4a70603c5db1f9a809681fceb88923a6%257C197649%257C%257C%22%2C%22utm%5Fsource%22%3A%22%22%2C%22utm%5Fmedium%22%3A%22%22%2C%22utm%5Fcampaign%22%3A%22%22%2C%22utm%5Fterm%22%3A%22%22%2C%22utm%5Fcontent%22%3A%22%22%2C%22cst1%22%3A%22%22%2C%22cst2%22%3A%22%22%7D; Domain=dhgate.com; Expires=Mon, 05-Dec-22 00:25:09 GMT; Path=/
vid=rBLlFGNlrWUmOkIzEFIJAg==; expires=Fri, 01-Aug-25 00:25:09 GMT; domain=dhgate.com; path=/
srv_id: 172.18.173.57:80
strict-transport-security: max-age=63072000; includeSubdomains; preload
vary: User-Agent
X-Firefox-Spdy: h2
freebitco.in/signup/?op=s&r=3669689
104.22.6.169200 OK 0 B URL HTTP/2 freebitco.in/signup/?op=s&r=3669689
IP 104.22.6.169:0
GET /signup/?op=s&r=3669689 HTTP/1.1
Host: freebitco.in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hlmiq.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 05 Nov 2022 00:25:09 GMT
content-type: text/html;charset=UTF-8
vary: Accept-Encoding
server: cloudflare
cf-ray: 7651735a8e270afa-OSL
content-encoding: br
X-Firefox-Spdy: h2
static.buffer.com/js/button.js
104.16.141.52200 OK 0 B URL HTTP/2 static.buffer.com/js/button.js
IP 104.16.141.52:0
GET /js/button.js HTTP/1.1
Host: static.buffer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.regionic.info/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 05 Nov 2022 00:25:06 GMT
content-type: text/javascript
x-amz-id-2: Ez4lz1aR1yMYZHegBAJ5vo0CmbjWEJDT1L7iuTPXlEI15UkH8cOSAh+JlIzIVKpOc5SOw7ZdQLw=
x-amz-request-id: PR1Y3NMPESV3ARMJ
last-modified: Sat, 01 Apr 2017 01:06:37 GMT
etag: W/"c8686dc19498aa717127b1d47a53a912"
cf-cache-status: HIT
age: 2981
expires: Sat, 05 Nov 2022 04:25:06 GMT
cache-control: public, max-age=14400
set-cookie: __cf_bm=IFrqVRTTO8UpU3S3MwE8OLs9X6PycGj1tCHttQqb3I8-1667607906-0-AV+eMBTCQK7uKBjJSw1TXoVKgApUdDaF2DsrFtKKrtyZvSwpN4UVCsloIZvpN2CHxO+93+MaXSL6ANXzobf2mBU=; path=/; expires=Sat, 05-Nov-22 00:55:06 GMT; domain=.buffer.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
strict-transport-security: max-age=15552000
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7651734788afb521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.tomtop.com/?aid=agru
52.24.81.145200 OK 0 B IP 52.24.81.145:0
GET /?aid=agru HTTP/1.1
Host: www.tomtop.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hlmiq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 05 Nov 2022 00:25:10 GMT
content-type: text/html; charset=UTF-8
server: nginx/
vary: Accept-Encoding
set-cookie: PLAY_LANG=en; expires=Sun, 05-Nov-2023 00:22:13 GMT; Max-Age=31536000; path=/; domain=.tomtop.com
country=United+States%7CUS; expires=Sun, 05-Nov-2023 00:22:13 GMT; Max-Age=31536000; path=/; domain=.tomtop.com
TT_CURR=USD; expires=Sun, 05-Nov-2023 00:22:13 GMT; Max-Age=31536000; path=/; domain=.tomtop.com
TT_LANG=1; expires=Sun, 05-Nov-2023 00:22:13 GMT; Max-Age=31536000; path=/; domain=.tomtop.com
USERID_COOKIE_NAME=20221105002213531587; expires=Sun, 05-Nov-2023 00:22:13 GMT; Max-Age=31536000; path=/; domain=.tomtop.com
PLAY_LANG=en; expires=Sun, 05-Nov-2023 00:22:13 GMT; Max-Age=31536000; path=/; domain=.tomtop.com
country=United+States%7CUS; expires=Sun, 05-Nov-2023 00:22:13 GMT; Max-Age=31536000; path=/; domain=.tomtop.com
TT_CURR=USD; expires=Sun, 05-Nov-2023 00:22:13 GMT; Max-Age=31536000; path=/; domain=.tomtop.com
TT_LANG=1; expires=Sun, 05-Nov-2023 00:22:13 GMT; Max-Age=31536000; path=/; domain=.tomtop.com
USERID_COOKIE_NAME=20221105002213064927; expires=Sun, 05-Nov-2023 00:22:13 GMT; Max-Age=31536000; path=/; domain=.tomtop.com
PLAY_LANG=en; expires=Sun, 05-Nov-2023 00:22:13 GMT; Max-Age=31536000; path=/; domain=.tomtop.com
country=United+States%7CUS; expires=Sun, 05-Nov-2023 00:22:13 GMT; Max-Age=31536000; path=/; domain=.tomtop.com
TT_CURR=USD; expires=Sun, 05-Nov-2023 00:22:13 GMT; Max-Age=31536000; path=/; domain=.tomtop.com
TT_LANG=1; expires=Sun, 05-Nov-2023 00:22:13 GMT; Max-Age=31536000; path=/; domain=.tomtop.com
USERID_COOKIE_NAME=20221105002213431798; expires=Sun, 05-Nov-2023 00:22:13 GMT; Max-Age=31536000; path=/; domain=.tomtop.com
PLAY_LANG=en; expires=Sun, 05-Nov-2023 00:22:13 GMT; Max-Age=31536000; path=/; domain=.tomtop.com
country=United+States%7CUS; expires=Sun, 05-Nov-2023 00:22:13 GMT; Max-Age=31536000; path=/; domain=.tomtop.com
TT_CURR=USD; expires=Sun, 05-Nov-2023 00:22:13 GMT; Max-Age=31536000; path=/; domain=.tomtop.com
TT_LANG=1; expires=Sun, 05-Nov-2023 00:22:13 GMT; Max-Age=31536000; path=/; domain=.tomtop.com
USERID_COOKIE_NAME=20221105002213995711; expires=Sun, 05-Nov-2023 00:22:13 GMT; Max-Age=31536000; path=/; domain=.tomtop.com
Secure
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
expires: Sat, 05 Nov 2022 00:28:10 GMT
cache-control: max-age=180
x-cache: HIT from 172.31.59.35
content-encoding: gzip
X-Firefox-Spdy: h2
www.bitget.com/ru/referral/register?clacCode=8UAKEPZA
104.18.9.145200 OK 0 B URL HTTP/2 www.bitget.com/ru/referral/register?clacCode=8UAKEPZA
IP 104.18.9.145:0
GET /ru/referral/register?clacCode=8UAKEPZA HTTP/1.1
Host: www.bitget.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hlmiq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 05 Nov 2022 00:25:09 GMT
content-type: text/html; charset=utf-8
last-modified: Fri, 04 Nov 2022 11:58:05 GMT
vary: Accept-Encoding
strict-transport-security: max-age=15768000;includeSubDomains;preload
content-security-policy-report-only: default-src 'self' https: blob: wss: data: 'unsafe-inline' 'unsafe-eval' 'report-sample'; report-uri https://632817c861f1dae92c2ae121.endpoint.csper.io?v=0;
cf-cache-status: HIT
age: 100
expires: Sat, 05 Nov 2022 00:30:09 GMT
cache-control: public, max-age=300
set-cookie: __cf_bm=LbSXQ9CaGf9CKDb8PlstY_Z0bxgfE_DdYMFV4BkK1MI-1667607909-0-AdR+2yU/+oHLJbuCZY3Yjv9OJ/+EyGvi8oom7sF9BrfOXaDSjlm7JdxhNypyK1i6Y/gYXKYqoTYfbsqC32qQ3FE=; path=/; expires=Sat, 05-Nov-22 00:55:09 GMT; domain=.bitget.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 765173576b6cb4f4-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.rentalcars.com/?affiliateCode=citylab&preflang=ru&adplat=rclink&adcamp=5hnZ1XqSNQZEssE&utm_source=ca&aip=1jf&click_id=5hnZ1XqSNQZEssE
104.16.105.108200 OK 0 B URL HTTP/2 www.rentalcars.com/?affiliateCode=citylab&preflang=ru&adplat=rclink&adcamp=5hnZ1XqSNQZEssE&utm_source=ca&aip=1jf&click_id=5hnZ1XqSNQZEssE
IP 104.16.105.108:0
GET /?affiliateCode=citylab&preflang=ru&adplat=rclink&adcamp=5hnZ1XqSNQZEssE&utm_source=ca&aip=1jf&click_id=5hnZ1XqSNQZEssE HTTP/1.1
Host: www.rentalcars.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hlmiq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 05 Nov 2022 00:25:09 GMT
content-type: text/html; charset=utf-8
cf-ray: 765173577ca3fab8-OSL
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
referrer-policy: no-referrer-when-downgrade
set-cookie: tj_seed=00a51d3f991affac7d92ecd1f9c3000000; Max-Age=31536000; Domain=.rentalcars.com; Path=/; Expires=Sun, 05 Nov 2023 00:25:09 GMT
essentials_visitor=%7B%22correlationId%22%3A%22cff230c0-c8df-409c-a10b-9672ce069753%22%7D; Domain=.rentalcars.com; Path=/
attribution=%7B%22affiliateCode%22%3A%22citylab%22%7D; Domain=.rentalcars.com; Path=/; HttpOnly
tj_conf="tj_pref_currency:NOK|tj_pref_lang:ru|tjcor:no|"; Domain=.rentalcars.com; Path=/; Expires=Mon, 05 Dec 2022 00:25:09 GMT
et_uvi=17e4f375-67d9-4c47-abc3-60a2301e439c; Max-Age=86400; Domain=.rentalcars.com; Path=/; Expires=Sun, 06 Nov 2022 00:25:09 GMT
tj_track=QWR3b3Jkc19DcmVhdGl2ZV9UYWc6cmNsaW5rfEFkd29yZHNfTUQ1X1RhZzo1aG5aMVhxU05RWkVzc0V8YWRjYW1wOjVobloxWHFTTlFaRXNzRXxhZHBsYXQ6cmNsaW5rfGFmZmlsaWF0ZUNvZGU6Y2l0eWxhYnw=; Max-Age=2592000; Domain=.rentalcars.com; Path=/; Expires=Mon, 05 Dec 2022 00:25:09 GMT
click_id=5hnZ1XqSNQZEssE; Path=/; Secure; SameSite=Lax
ADRUM_BT=R:18|i:796941|g:370d1a5c-5224-42cb-add7-6ffe0e28cb3534140|e:618|n:rentalcars_934e5cf6-5803-43fc-9fd5-bff3f000060d; Path=/; Expires=Sat, 05 Nov 2022 00:25:39 GMT
__cflb=02DiuGCPf8mnD61dA8yVMsg2LZXzkqqzuWtbdJPWeLnZA; SameSite=Lax; path=/; expires=Sat, 05-Nov-22 23:25:09 GMT; HttpOnly
x-content-type-options: nosniff
x-envoy-upstream-service-time: 120
x-xss-protection: 1; mode=block
vary: Accept-Encoding
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
www.stumbleupon.com/hostedbadge.php?s=1&r=http://www.regionic.info/jmb/?p=18298
76.76.21.142404 Not Found 0 B URL HTTP/2 www.stumbleupon.com/hostedbadge.php?s=1&r=http://www.regionic.info/jmb/?p=18298
IP 76.76.21.142:0
GET /hostedbadge.php?s=1&r=http://www.regionic.info/jmb/?p=18298 HTTP/1.1
Host: www.stumbleupon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.regionic.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 404 Not Found
access-control-allow-origin: *
age: 636042
cache-control: public, max-age=0, must-revalidate
content-disposition: inline; filename="404"
content-encoding: br
content-type: text/html; charset=utf-8
date: Sat, 05 Nov 2022 00:25:07 GMT
etag: W/"1a30bd62d0e7d6b9c85d90d076391f09"
server: Vercel
strict-transport-security: max-age=63072000
x-matched-path: /404
x-vercel-cache: HIT
x-vercel-id: arn1:arn1::wgw94-1667607907940-6152e9d1e11a
X-Firefox-Spdy: h2
changelly.com/?from=btc&to=eth&amount=0.1&ref_id=t68bpi9bnrma1q8f
104.26.7.108200 OK 0 B URL HTTP/2 changelly.com/?from=btc&to=eth&amount=0.1&ref_id=t68bpi9bnrma1q8f
IP 104.26.7.108:0
GET /?from=btc&to=eth&amount=0.1&ref_id=t68bpi9bnrma1q8f HTTP/1.1
Host: changelly.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hlmiq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 05 Nov 2022 00:25:09 GMT
content-type: text/html; charset=utf-8
set-cookie: WTP_AB_variant=1; Max-Age=16070400; Domain=.changelly.com; Path=/; Expires=Wed, 10 May 2023 00:25:09 GMT; Secure; SameSite=None
user_id=689c2962-21c7-42af-8486-8e6b453b8863; Max-Age=321408000; Domain=.changelly.com; Path=/; Expires=Tue, 11 Jan 2033 00:25:09 GMT; Secure; SameSite=None
ref_id=t68bpi9bnrma1q8f; Domain=.changelly.com; Path=/; Secure; SameSite=None
affise_data=; Domain=.changelly.com; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT; Secure; SameSite=None
ipcountry=NO; Max-Age=2678400; Domain=.changelly.com; Path=/; Expires=Tue, 06 Dec 2022 00:25:09 GMT; Secure; SameSite=None
time=1667607909249; Domain=.changelly.com; Path=/; Secure; SameSite=None
__zrtbanner49=4194423b-d39b-45e1-939b-de075b485e54; Max-Age=7776000; Domain=.changelly.com; Path=/; Expires=Fri, 03 Feb 2023 00:25:09 GMT; HttpOnly; Secure; SameSite=None
x-nextjs-cache: HIT
cache-control: s-maxage=900, stale-while-revalidate
strict-transport-security: max-age=31536000; includeSubdomains;
x-frame-options: DENY
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t%2BRV2KGjay6eYeFYhw1KAHoMjHpWjI%2FscytzDGreEi%2BTQg0kd%2BjttzkqaVQu34nHUUxK6RW%2FWLFvUX3lJANEQ1okvD51NTpgIbD2Kmr3bWvbDVcy2jdQcfGfRAGGX04%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 765173580bcfb4f4-OSL
content-encoding: br
X-Firefox-Spdy: h2
stripchat.com/?affiliateId=73b0fbd3ee36ead2b74e59d3464a7035c57d58262dabefced6d54007bc244727
104.18.63.130200 OK 0 B URL HTTP/2 stripchat.com/?affiliateId=73b0fbd3ee36ead2b74e59d3464a7035c57d58262dabefced6d54007bc244727
IP 104.18.63.130:0
GET /?affiliateId=73b0fbd3ee36ead2b74e59d3464a7035c57d58262dabefced6d54007bc244727 HTTP/1.1
Host: stripchat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hlmiq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 05 Nov 2022 00:25:09 GMT
content-type: text/html; charset=utf-8
x-cache-status: MISS
content-security-policy-report-only: default-src 'self' *.stripchat.com data: blob: *.amplitude.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.stripcdn.com *.stripst.com *.stripst.dev *.strpst.com *.strwst.com *.doppiocdn.com *.doppiocdn.net *.doppiocdn.org *.trafficjunky.net main.exoclick.com tsyndicate.com *.hotjar.com *.hotjar.io;img-src 'self' * data: blob: android-webview-video-poster:;script-src 'self' *.stripchat.com data: 'unsafe-inline' 'unsafe-eval' blob: *.amplitude.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.hpyrdr.dev *.hytto.com *.lovense.com *.stripst.com *.stripst.dev *.strpst.com *.strwst.com *.trafficjunky.net cometmaster.com *.google.com platform.twitter.com main.exoclick.com tsyndicate.com wss://*.sc-apps.com www.googleadservices.com cdnjs.cloudflare.com/ajax/libs/fingerprintjs2/2.1.2/fingerprint2.min.js *.crowdin.com cdntechone.com *.dmskgo.com *.nktrdr.com *.ktkjmp.com *.xhamster.com *.llyjmp.com *.lxzrdr.com *.mdyjmp.com *.mgdjmp.com *.rdfxgo.com *.smljmp.com *.stripcash.com *.xxxjmp.com *.xxxivjmp.com *.xxxvjmp.com *.xxxvijmp.com *.xxxviijmp.com *.xxxviiijmp.com *.xlrdr.com *.xlirdr.com *.xliirdr.com *.xliiirdr.com *.xlivrdr.com *.xlvrdr.com *.xlvirdr.com *.xlviirdr.com *.xlviiirdr.com *.zybrdr.com;connect-src 'self' *.stripchat.com *.amplitude.com *.doubleclick.net *.flixstorage.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.hytto.com *.lovense.club *.lovense.club:34568 *.lovense.com *.stripcdn.com *.xhamsterlive.com *.xlivesex.com *.stripst.com *.stripst.dev *.strpst.com *.strwst.com *.doppiocdn.com *.doppiocdn.net *.doppiocdn.org syndication.twitter.com wss://*.stripchat.com wss://*.stripcdn.com wss://*.stripcdn.com:8090 wss://*.stripst.com wss://*.stripst.dev wss://*.strpst.com wss://*.strwst.com wss://*.doppiocdn.com wss://*.lovense.com wss://cometmaster.com wss://*.sc-apps.com *.crowdin.com crowdin.com datatechone.com accounts.google.com *.dmskgo.com *.nktrdr.com *.ktkjmp.com *.xhamster.com *.llyjmp.com *.lxzrdr.com *.mdyjmp.com *.mgdjmp.com *.rdfxgo.com *.smljmp.com *.stripcash.com *.xxxjmp.com *.xxxivjmp.com *.xxxvjmp.com *.xxxvijmp.com *.xxxviijmp.com *.xxxviiijmp.com *.xlrdr.com *.xlirdr.com *.xliirdr.com *.xliiirdr.com *.xlivrdr.com *.xlvrdr.com *.xlvirdr.com *.xlviirdr.com *.xlviiirdr.com *.zybrdr.com;media-src 'self' *.stripchat.com data: blob: *.ahcdn.com *.stripcdn.com *.stripst.com *.stripst.dev *.strpst.com *.strwst.com *.doppiocdn.com *.doppiocdn.net *.doppiocdn.org;style-src 'self' *.stripchat.com 'unsafe-inline' *.googleapis.com *.hytto.com *.lovense.com *.stripcdn.com *.stripst.com *.stripst.dev *.strpst.com *.strwst.com *.tagmanager.google.com *.crowdin.com accounts.google.com;frame-src * data:;report-uri /_csp
strict-transport-security: max-age=15768000
x-frame-options: deny
cf-cache-status: DYNAMIC
set-cookie: __cflb=02DiuFntVtrkFMde1diFXETMoPQnjLdDzt2NkA77G8PrC; SameSite=None; Secure; path=/; expires=Sat, 05-Nov-22 23:25:09 GMT; HttpOnly
server: cloudflare
cf-ray: 765173579b7d1c02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
adsexample.com/krug.gif
142.132.202.70200 OK 0 B IP 142.132.202.70:0
ASN #24940 Hetzner Online GmbH
GET /krug.gif HTTP/1.1
Host: adsexample.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hlmiq.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 05 Nov 2022 00:25:09 GMT
Content-Type: image/gif
Content-Length: 34904
Last-Modified: Thu, 26 Nov 2020 10:17:51 GMT
Connection: keep-alive
ETag: "5fbf80cf-8858"
Accept-Ranges: bytes
www.miniinthebox.com/?utm_campaign=1398851&utm_content=Indoleads2019&utm_source=gan&utm_medium=affiliate&litb_from=affiliate_gan&clickid=0WZx6N1eVxyNWLpwfg0VZSHFUkDXPG0GXUjWwE0&irgwc=1
104.84.152.56200 OK 0 B URL HTTP/2 www.miniinthebox.com/?utm_campaign=1398851&utm_content=Indoleads2019&utm_source=gan&utm_medium=affiliate&litb_from=affiliate_gan&clickid=0WZx6N1eVxyNWLpwfg0VZSHFUkDXPG0GXUjWwE0&irgwc=1
IP 104.84.152.56:0
ASN #20940 Akamai International B.V.
GET /?utm_campaign=1398851&utm_content=Indoleads2019&utm_source=gan&utm_medium=affiliate&litb_from=affiliate_gan&clickid=0WZx6N1eVxyNWLpwfg0VZSHFUkDXPG0GXUjWwE0&irgwc=1 HTTP/1.1
Host: www.miniinthebox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hlmiq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
x-xss-protection: 1;mode=block
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
p3p: CP="CAO PSA OUR"
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vela_device:
vela_is_first_visit:
vela_s:
vela_s_c:
vela_v:
vela_v_c:
vela_w:
vela_w_c:
content-encoding: gzip
access-control-allow-credentials: true
access-control-allow-methods: GET,POST,PUT,DELETE,OPTIONS
x-akamai-transformed: 9 - 0 pmb=mTOE,1mRUM,1
date: Sat, 05 Nov 2022 00:25:09 GMT
vary: Accept-Encoding
set-cookie: sid=aubto20333epchi2q246umehg9; expires=Mon, 05-Dec-2022 00:25:09 GMT; Max-Age=2592000; path=/; domain=.miniinthebox.com
first_visit_time=fe12d15ed54ba0afe27c71eb952134c8; expires=Sun, 05-Nov-2023 00:25:09 GMT; Max-Age=31536000; path=/; domain=.miniinthebox.com; secure
vela_s_c=42; expires=Sat, 05-Nov-2022 00:55:09 GMT; Max-Age=1800; path=/; domain=.miniinthebox.com; secure
vela_v_c=42; expires=Sat, 05-Nov-2022 08:25:09 GMT; Max-Age=28800; path=/; domain=.miniinthebox.com; secure
vela_w_c=42; expires=Sat, 12-Nov-2022 00:25:09 GMT; Max-Age=604800; path=/; domain=.miniinthebox.com; secure
vela_m_c=42; expires=Mon, 05-Dec-2022 00:25:09 GMT; Max-Age=2592000; path=/; domain=.miniinthebox.com; secure
vela_3m_c=42; expires=Fri, 03-Feb-2023 00:25:09 GMT; Max-Age=7776000; path=/; domain=.miniinthebox.com; secure
vela_m_ca=42; expires=Mon, 05-Dec-2022 00:25:09 GMT; Max-Age=2592000; path=/; domain=.miniinthebox.com; secure
vela_s=6365ad654b58c; expires=Sat, 05-Nov-2022 00:55:09 GMT; Max-Age=1800; path=/; domain=.miniinthebox.com; secure
vela_m=6365ad654b595; expires=Mon, 05-Dec-2022 00:25:09 GMT; Max-Age=2592000; path=/; domain=.miniinthebox.com; secure
vela_3m=6365ad654b59c; expires=Fri, 03-Feb-2023 00:25:09 GMT; Max-Age=7776000; path=/; domain=.miniinthebox.com; secure
vela_v=6365ad654b5a3; expires=Sat, 05-Nov-2022 08:25:09 GMT; Max-Age=28800; path=/; domain=.miniinthebox.com; secure
vela_w=6365ad654b5a9; expires=Sat, 12-Nov-2022 00:25:09 GMT; Max-Age=604800; path=/; domain=.miniinthebox.com; secure
vela_device=desktop; expires=Sun, 06-Nov-2022 00:25:09 GMT; Max-Age=86400; path=/; domain=.miniinthebox.com; secure
vela_is_first_visit=1; expires=Sun, 05-Nov-2023 00:25:09 GMT; Max-Age=31536000; path=/; domain=.miniinthebox.com; secure
affi=664b08e55c41be35e1e822fee3b61691; expires=Tue, 20-Dec-2022 00:25:09 GMT; Max-Age=3888000; path=/; domain=.miniinthebox.com; secure
feature=V1199488_A; expires=Fri, 03-Feb-2023 00:25:09 GMT; Max-Age=7776000; path=/; domain=.miniinthebox.com; secure
local=en%7CNO%7CNOK; expires=Mon, 05-Dec-2022 00:25:09 GMT; Max-Age=2592000; path=/; domain=.miniinthebox.com; secure
__cust=AAAAAGNlrWVyISWXhIWOAg==; expires=Sun, 05-Nov-23 00:25:09 GMT; domain=miniinthebox.com; path=/
SRV=A_202009161055; Expires=Mon, 05-Dec-2022 00:25:09 GMT; path=/; domain=.miniinthebox.com
server-timing: edge; dur=282, origin; dur=316, cdn-cache; desc=MISS
X-Firefox-Spdy: h2
chaturbate.com/in/?track=default&tour=hr8m&campaign=sgo1n
104.18.100.40200 OK 0 B URL HTTP/2 chaturbate.com/in/?track=default&tour=hr8m&campaign=sgo1n
IP 104.18.100.40:0
GET /in/?track=default&tour=hr8m&campaign=sgo1n HTTP/1.1
Host: chaturbate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hlmiq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 05 Nov 2022 00:25:09 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding, Accept-Language, Cookie
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
content-language: en
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://ajax.googleapis.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.google.com/cv/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/cv/ https://www.gstatic.com/eureka/ https://www.gstatic.com/cast/ https://*.nr-data.net https://certify-js.alexametrics.com https://player.vimeo.com/api/player.js http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com ; style-src 'self' data: 'unsafe-inline' https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.googleapis.com ; img-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://*.stream.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://cdnjs.cloudflare.com https://www.gstatic.com https://*.nr-data.net https://certify.alexametrics.com https://stats.g.doubleclick.net https://cbgames.s3.amazonaws.com https://player.vimeo.com https://script.hotjar.com http://script.hotjar.com ; font-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com ; connect-src 'self' blob: blob https://*.mmcdn.com wss://*.mmcdn.com wss://*.mmcdn.com:8443 https://*.highwebmedia.com wss://*.highwebmedia.com wss://*.highwebmedia.com:8443 https://*.nr-data.net https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://cbvideoupload.s3-accelerate.amazonaws.com https://stats.g.doubleclick.net https://internet-up.ably-realtime.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://tls-use1.fpapi.io https://use1.fptls.com https://eun1.fptls.com https://aps1.fptls.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com ; media-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com mediasource: blob: data: https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com; object-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://download.macromedia.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ; frame-src 'self' https://*.mmcdn.com https://*.chaturbate.com https://chaturbate.com https://*.highwebmedia.com https://adserver.exoticads.com https://www.google.com/recaptcha/ https://*.wnu.com https://wnu.com https://checkout.2000charge.com https://www.sofort.com https://*.girogate.de https://player.vimeo.com https://vars.hotjar.com ; child-src 'self' blob: blob ; worker-src 'self' blob: blob ; form-action 'self' https://*.chaturbate.com https://chaturbate.com https://*.stream.highwebmedia.com https://www.coinpayments.net https://*.wnu.com https://wnu.com https://devportal.cb.dev https://*.web.amer-1.jumio.ai https://smartpay.coinsmart.com ; manifest-src 'self' https://*.mmcdn.com https://*.highwebmedia.com ; report-uri https://report-uri.mmcdn.com/r/t/csp/enforce;
report-to: {"group":"default","max_age":2592000,"endpoints":[{"url":"https://report-uri.mmcdn.com/a/t/g"}],"include_subdomains":true}
nel: {"report_to":"default","max_age":2592000,"include_subdomains":true}
x-frame-options: DENY
cache-control: no-cache
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report=https://report-uri.highwebmedia.com/r/t/xss/enforce
referrer-policy: strict-origin-when-cross-origin
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
set-cookie: affkey="eJyrVipSslJQyigpKSi20tfPyMnNLNRLzs/VV6oFAHc5CM8="; Domain=.chaturbate.com; expires=Mon, 05-Dec-2022 00:25:09 GMT; Max-Age=2592000; Path=/
sbr=sec:sbrb510e9c1-0e25-47a0-8b4a-449369434ea3:1or6zl:gJU7DMAKpT2SyNc1Q4NCmNr05-E; Domain=.chaturbate.com; expires=Thu, 31-Jul-2025 00:25:09 GMT; HttpOnly; Max-Age=86313600; Path=/; Secure
__cf_bm=qqXPBisc3Vm_0mySSu6lQjZVzH5iWTy5hZzDgS7KvA8-1667607909-0-AdGHDOc2cT5M6kPgWzpulZ1nqBcP/8e+CRmXsnI9hRaOvgszTyY2tLoFBiXJs38/csG0Q4ws7X4VKshSOUyu2fQ=; path=/; expires=Sat, 05-Nov-22 00:55:09 GMT; domain=.chaturbate.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 76517357dbff1bfa-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.instaforex.com/
172.67.22.196200 OK 0 B IP 172.67.22.196:0
GET / HTTP/1.1
Host: www.instaforex.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hlmiq.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 05 Nov 2022 00:25:09 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
x-powered-by: PHP/7.3.33
set-cookie: cookie1h=1; expires=Sat, 05-Nov-2022 01:25:09 GMT; Max-Age=3600; path=/
cookie24h=1; expires=Sun, 06-Nov-2022 00:25:09 GMT; Max-Age=86400; path=/
cookieForever=1; expires=Sun, 05-Nov-2023 00:25:09 GMT; Max-Age=31536000; path=/
lang=en; expires=Mon, 05-Dec-2022 00:25:09 GMT; Max-Age=2592000; path=/; domain=.instaforex.com
PHPSESSID=n9sdlst2uo0fqdgglfo2v6u18h; path=/
criteoPatrnersTimestamp=1667607939; expires=Tue, 02-Nov-2032 00:25:09 GMT; Max-Age=315360000; path=/
criteoTimestamp=1667607939; expires=Tue, 02-Nov-2032 00:25:09 GMT; Max-Age=315360000; path=/
expires: Sat, 05 Nov 2022 00:25:08 GMT
pragma: no-cache
cache-control: no-cache
strict-transport-security: max-age=31536000;
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 76517358ec90b4ff-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
freebitco.in/?r=3669689
104.22.6.169302 Found 0 B IP 104.22.6.169:0
GET /?r=3669689 HTTP/1.1
Host: freebitco.in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hlmiq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sat, 05 Nov 2022 00:25:09 GMT
content-type: text/html; charset=iso-8859-1
location: https://freebitco.in/signup/?op=s&r=3669689
cache-control: max-age=0
expires: Sat, 05 Nov 2022 00:25:09 GMT
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 765173588c9d0afa-OSL
X-Firefox-Spdy: h2
crypto.com/app/8mk2bghn8f
104.18.113.58301 Moved Permanently 0 B URL HTTP/2 crypto.com/app/8mk2bghn8f
IP 104.18.113.58:0
GET /app/8mk2bghn8f HTTP/1.1
Host: crypto.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hlmiq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Sat, 05 Nov 2022 00:25:09 GMT
location: https://platinum.crypto.com/r/8mk2bghn8f
cf-ray: 765173588c411bfa-OSL
cache-control: max-age=3600
expires: Sat, 05 Nov 2022 01:25:09 GMT
vary: Accept-Encoding
set-cookie: __cf_bm=rx2ncds7iqrO5.p7BgZNczF2ULaOC5kS12V8AYUPnc0-1667607909-0-AZiG9Fqcnj7rottJro4s8MStqEUVzUudlxKagtJgkTRadWBJtA05twYr/S8qalEKsSEUacSMUnOu5X7wWD7nBjE=; path=/; expires=Sat, 05-Nov-22 00:55:09 GMT; domain=.crypto.com; HttpOnly; Secure; SameSite=None
server: cloudflare
X-Firefox-Spdy: h2
remitano.com/
104.18.29.12200 OK 0 B IP 104.18.29.12:0
GET / HTTP/1.1
Host: remitano.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hlmiq.com/
Connection: keep-alive
Cookie: AWSALBCORS=lKiF8lkkExbPAXzrZLjnWEsA/dhhk4D3yG3KJGdHekQQH87AXpuW1EZDAUG4IWTKtgs6wHTO3Uw/A/z/SRpD12s4S3dDReAjINv9Lqy7rrrewyRTQSTIOG5eugKa; __cf_bm=smAQKonqI.PqLfQgoCbqPrEU313i7AgJ_e0mSqSaruw-1667607909-0-Ad8txlPFE/EuGBIFfFoOzybq/T+sfl0pT1Ga2vE8xMEK+90DOrOv027OlDrJGCl5ZPHChH3vLYzl82q3htcg/Y0=; _cfuvid=Hu0eLNPsea8UBOZ9NPrObKCCyFn3Ng.v_zvtyKTguQE-1667607909249-0-604800000
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 05 Nov 2022 00:25:09 GMT
content-type: text/html; charset=utf-8
x-powered-by: Remitano
referrer-policy: strict-origin-when-cross-origin
content-security-policy: default-src * 'self' https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'
permissions-policy: camera=(*)
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubDomains; preload
set-cookie: AWSALB=P+dXRrsMTbjZmaYrh+yAevujAw5XJG5boTcyasPwcNnp/i3jtM2HIdg+g6t9aiPB7QC8pNQfj1K+9TWykkk/ZlZhttHwbQOUXaFnPl/NEvfUjEYHrRBO94e9JGC1aiRi8avKN14jy2EVSJbHNKpBf6hCIroP4vDFr0Ik7bELNG7TDIhLBBpeCFzV7FBkUQ==; Expires=Sat, 12 Nov 2022 00:25:09 GMT; Path=/
AWSALBCORS=P+dXRrsMTbjZmaYrh+yAevujAw5XJG5boTcyasPwcNnp/i3jtM2HIdg+g6t9aiPB7QC8pNQfj1K+9TWykkk/ZlZhttHwbQOUXaFnPl/NEvfUjEYHrRBO94e9JGC1aiRi8avKN14jy2EVSJbHNKpBf6hCIroP4vDFr0Ik7bELNG7TDIhLBBpeCFzV7FBkUQ==; Expires=Sat, 12 Nov 2022 00:25:09 GMT; Path=/; SameSite=None; Secure
AWSALB=dAVat3qHYB7tkcBEpxbfRLBtXQ2VMu3x9WsufdGiq8Usa6IMq+puxKtrlUgczdtPIuWMIxKOqnBnLKUPh2LT2BDuhRCa+SXtuo02GTyuIMVaJ/pwnVukk37MI+7S; Expires=Sat, 12 Nov 2022 00:25:09 GMT; Path=/
AWSALBCORS=dAVat3qHYB7tkcBEpxbfRLBtXQ2VMu3x9WsufdGiq8Usa6IMq+puxKtrlUgczdtPIuWMIxKOqnBnLKUPh2LT2BDuhRCa+SXtuo02GTyuIMVaJ/pwnVukk37MI+7S; Expires=Sat, 12 Nov 2022 00:25:09 GMT; Path=/; SameSite=None; Secure
connect.sid=s%3AS8ef-mEFqvafVJgUp2EezlNI4flcSYEc.AaRbvkG5f12PZtwO%2BHVF8bL2WFwTcbJbnUbSJHJufQs; Path=/; Expires=Sun, 06 Nov 2022 00:25:09 GMT; HttpOnly
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 765173592c791c02-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
www.thelotter.net/?tl_affid=9175
107.154.132.27200 OK 0 B URL HTTP/2 www.thelotter.net/?tl_affid=9175
IP 107.154.132.27:0
GET /?tl_affid=9175 HTTP/1.1
Host: www.thelotter.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hlmiq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: private
content-type: text/html; charset=utf-8
content-encoding: gzip
vary: Accept-Encoding
server:
x-frame-options: SAMEORIGIN
x-aspnet-version: 4.0.30319
set-cookie: lng=1; path=/; secure
number_of_redirects=0; path=/; secure
urls_tracker=https://www.thelotter.net/default.aspx?itemid=1&tl_affid=9175; path=/; secure
ViewMobileV2={"DeviceName":"Chrome - Windows","DeviceType":"Windows Desktop","IsDesktop":true,"IsMobile":false,"IsRobot":false,"IsSmartphone":false,"IsTablet":false}; path=/; secure
ASP.NET_SessionId=n2gx4c4lb20wcaxpwyzr2itn; path=/; secure; HttpOnly; SameSite=None
Referral-Cookie=%7b%22LandingUrl%22%3a%22https%3a%2f%2fwww.thelotter.net%3a443%2fdefault.aspx%3fitemid%3d1%26tl_affid%3d9175%22%2c%22ReferralUrl%22%3a%22https%3a%2f%2fhlmiq.com%2f%22%7d; expires=Mon, 05-Dec-2022 00:25:09 GMT; path=/; secure
visid_incap_1072880=Zh8SUeWmRj6tRBX1NzJzB2WtZWMAAAAAQUIPAAAAAACqDB3aDv6FKJxdJl47u5fg; expires=Sat, 04 Nov 2023 22:36:10 GMT; HttpOnly; path=/; Domain=.thelotter.net; Secure; SameSite=None
incap_ses_721_1072880=XED7d0K/GQE1vcBF74EBCmWtZWMAAAAAFwd7V+E2VZ5xpgcU5blumw==; path=/; Domain=.thelotter.net; Secure; SameSite=None
x-powered-by: ASP.NET
server-name: Simba4
strict-transport-security: max-age=16070400
x-ua-compatible: IE=edge
access-control-allow-origin: *
access-control-allow-headers: *
date: Sat, 05 Nov 2022 00:25:09 GMT
x-cdn: Imperva
x-iinfo: 12-7712667-7712669 NNNN CT(25 81 0) RT(1667607908801 240) q(0 0 1 0) r(4 5) U12
X-Firefox-Spdy: h2
www.stumbleupon.com/hostedbadge.php?s=1&r=http://www.regionic.info/jmb/?p=18298
76.76.21.142404 Not Found 0 B URL HTTP/2 www.stumbleupon.com/hostedbadge.php?s=1&r=http://www.regionic.info/jmb/?p=18298
IP 76.76.21.142:0
GET /hostedbadge.php?s=1&r=http://www.regionic.info/jmb/?p=18298 HTTP/1.1
Host: www.stumbleupon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.regionic.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
access-control-allow-origin: *
age: 636041
cache-control: public, max-age=0, must-revalidate
content-disposition: inline; filename="404"
content-encoding: br
content-type: text/html; charset=utf-8
date: Sat, 05 Nov 2022 00:25:06 GMT
etag: W/"1a30bd62d0e7d6b9c85d90d076391f09"
server: Vercel
strict-transport-security: max-age=63072000
x-matched-path: /404
x-vercel-cache: HIT
x-vercel-id: arn1:arn1::575q9-1667607906341-a5c5f23f9cff
X-Firefox-Spdy: h2
www.instaforex.com/?x=LVYG
172.67.22.196302 Found 0 B URL HTTP/2 www.instaforex.com/?x=LVYG
IP 172.67.22.196:0
GET /?x=LVYG HTTP/1.1
Host: www.instaforex.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hlmiq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sat, 05 Nov 2022 00:25:09 GMT
content-type: text/html; charset=utf-8
location: https://www.instaforex.com/
x-powered-by: PHP/7.3.33
set-cookie: secure_partner_cookie=hlmiq.comxllxLVYG; expires=Sun, 05-Nov-2023 00:25:09 GMT; Max-Age=31536000; path=/; domain=.instaforex.com
secure_partner_cookie=hlmiq.comxllxLVYG; expires=Sat, 12-Nov-2022 00:25:09 GMT; Max-Age=604800; path=/; domain=.instaforex.com
cookie1h=1; expires=Sat, 05-Nov-2022 01:25:09 GMT; Max-Age=3600; path=/
cookie24h=1; expires=Sun, 06-Nov-2022 00:25:09 GMT; Max-Age=86400; path=/
cookieForever=1; expires=Sun, 05-Nov-2023 00:25:09 GMT; Max-Age=31536000; path=/
lang=en; expires=Mon, 05-Dec-2022 00:25:09 GMT; Max-Age=2592000; path=/; domain=.instaforex.com
PHPSESSID=kouapbmgno7osi61opouebjmhg; path=/
x=LVYG; expires=Sun, 05-Nov-2023 00:25:09 GMT; Max-Age=31536000; path=/; domain=.instaforex.com
x_time=05-11-2022+02%3A25; expires=Sun, 05-Nov-2023 00:25:09 GMT; Max-Age=31536000; path=/; domain=.instaforex.com
d=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.instaforex.com
d=https%3A%2F%2Fhlmiq.com%2F; expires=Sun, 05-Nov-2023 00:25:09 GMT; Max-Age=31536000; path=/; domain=.instaforex.com
expires: Sat, 05 Nov 2022 00:25:08 GMT
pragma: no-cache
cache-control: no-cache
strict-transport-security: max-age=31536000;
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 76517357abb6b4ff-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
is.gd/zIJynH
172.67.83.132301 Moved Permanently 0 B IP 172.67.83.132:0
GET /zIJynH HTTP/1.1
Host: is.gd
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hlmiq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Sat, 05 Nov 2022 00:25:09 GMT
content-type: text/html; charset=UTF-8
location: https://faucetpay.io/?r=612200
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 76517357af73b4eb-OSL
X-Firefox-Spdy: h2
kinsta.com/?kaid=ARRPTWYMWIMC
172.64.145.125403 Forbidden 0 B URL HTTP/2 kinsta.com/?kaid=ARRPTWYMWIMC
IP 172.64.145.125:0
GET /?kaid=ARRPTWYMWIMC HTTP/1.1
Host: kinsta.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hlmiq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 403 Forbidden
date: Sat, 05 Nov 2022 00:25:09 GMT
content-type: text/html; charset=UTF-8
cf-chl-bypass: 1
referrer-policy: same-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
server: cloudflare
cf-ray: 7651735739ebb51e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2