r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3d0727e32cd103ddd4b73f28c81758aa
197a7bf43d63723fc532c23c6dced68d5cc36652
d3f75d03561d6a47d19370292e821a86e58381466f0c69386a21175de55882ff
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D3F75D03561D6A47D19370292E821A86E58381466F0C69386A21175DE55882FF"
Last-Modified: Fri, 11 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4087
Expires: Sat, 12 Nov 2022 09:46:39 GMT
Date: Sat, 12 Nov 2022 08:38:32 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 4edf853c470fcec0ab277c78527f3c2d
de93530ce15337e671c488d9fe05e7091d4956f0
b9d7976b398b1243ff8a571ddd3975d3a1317d69101061bdb1a755b3b56620e6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5582
Cache-Control: max-age=98757
Content-Type: application/ocsp-response
Date: Sat, 12 Nov 2022 08:38:32 GMT
Etag: "636e247f-1d7"
Expires: Sun, 13 Nov 2022 12:04:29 GMT
Last-Modified: Fri, 11 Nov 2022 10:31:27 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a8391107bfc5e4673e8a706f90f63768
5295ed0b1cb8bad4d3e851049acc7f0270937d12
ed5c27510100ffc4481be474ebcb020d147c645beb110604d5284eeeb8b97c02
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "ED5C27510100FFC4481BE474EBCB020D147C645BEB110604D5284EEEB8B97C02"
Last-Modified: Fri, 11 Nov 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10676
Expires: Sat, 12 Nov 2022 11:36:28 GMT
Date: Sat, 12 Nov 2022 08:38:32 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 4736bac84ca28f2b1e961159fb4ea098
1319612979f53896fcfeacd4215c2715d4951e4c
5e81213e111ddf68c7f884f72b4e06fc4dc95eb902c3cf0762236b2418840dba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Retry-After, Content-Length, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 12 Nov 2022 07:44:01 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 3271
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: ajdnm70+LMl2sFhQ1vwwLwtKb+CeJgZPvpighn3UAKBHi+q0qglcMYRcfQzedwo15oKZ10otgjc=
x-amz-request-id: VPV6V95VT3QHYY4V
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 12 Nov 2022 07:50:10 GMT
age: 2902
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
regionic.info/jmb/?p=128992
83.166.138.58301 Moved Permanently 268 B URL HTTP/1.1 regionic.info/jmb/?p=128992
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
Hash 737ccc5b83966bf4e96ae79e455edd61
282e5815173b41b78b3e4203c3cd56fc46824a6f
ac03c87988282cc9c9617db2c5ccdf1bd8836536336e79b717316981822df7ea
Analyzer Verdict Alert fortinet Phishing
GET /jmb/?p=128992 HTTP/1.1
Host: regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sat, 12 Nov 2022 08:38:31 GMT
Server: Apache
X-Redirect-By: WordPress
Upgrade: h2
Connection: Upgrade
Location: http://www.regionic.info/jmb/?p=128992
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 08:38:32 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Cache-Control, Pragma, Retry-After, ETag, Alert, Expires, Backoff, Content-Type, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 12 Nov 2022 08:25:00 GMT
cache-control: public,max-age=3600
age: 812
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
www.regionic.info/jmb/?p=128992
83.166.138.58200 OK 12 kB URL HTTP/1.1 www.regionic.info/jmb/?p=128992
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (8047), with CRLF, LF line terminators
Hash 13898bb2ddaa5099d5889e7044da9b88
d223d5516fc565eecfc6e68e87e6925ba9b467fe
971c7cc46f3a3d3ecb80d17637c302c3cf04962bfcdfea0d415ae08c040ade04
Analyzer Verdict Alert fortinet Phishing
GET /jmb/?p=128992 HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sat, 12 Nov 2022 08:38:32 GMT
Server: Apache
Link: <http://www.regionic.info/jmb/index.php?rest_route=/>; rel="https://api.w.org/", <http://www.regionic.info/jmb/index.php?rest_route=/wp/v2/posts/128992>; rel="alternate"; type="application/json", <http://www.regionic.info/jmb/?p=128992>; rel=shortlink
Upgrade: h2
Connection: Upgrade
Vary: Accept-Encoding
Content-Encoding: gzip
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash f7ff606fbc8634c858bbc04b69f55cf6
2441de2cba649239efd0dae7a878d7ef2245c0b4
95154e0dbb7e827b8f893cc141f986c29634ead618256470d753429aa65a0548
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6265
Cache-Control: max-age=94365
Content-Type: application/ocsp-response
Date: Sat, 12 Nov 2022 08:38:32 GMT
Etag: "636e10ac-1d7"
Expires: Sun, 13 Nov 2022 10:51:17 GMT
Last-Modified: Fri, 11 Nov 2022 09:06:52 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 471
www.regionic.info/jmb/wp-content/themes/twentyten/style.css
83.166.138.58200 OK 5.9 kB URL HTTP/1.1 www.regionic.info/jmb/wp-content/themes/twentyten/style.css
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
File type ASCII text, with very long lines (535)
Hash 46b42de88554440913c99c306577b122
2c29e19ea1e71895b1b41138a59173dab15dfea5
2fe9193a48d8bb81f482b0cb299456e793d709bc5e86aee1426705d5e03f3743
GET /jmb/wp-content/themes/twentyten/style.css HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/?p=128992
HTTP/1.1 200 OK
Date: Sat, 12 Nov 2022 08:38:32 GMT
Server: Apache
Last-Modified: Fri, 04 Mar 2016 14:18:20 GMT
ETag: "5c67-52d39c977a300-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5945
Content-Type: text/css
static.bufferapp.com/js/button.js
104.16.139.31301 Moved Permanently 0 B URL HTTP/1.1 static.bufferapp.com/js/button.js
IP 104.16.139.31:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /js/button.js HTTP/1.1
Host: static.bufferapp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/
HTTP/1.1 301 Moved Permanently
Date: Sat, 12 Nov 2022 08:38:32 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 12 Nov 2022 09:38:32 GMT
Location: https://static.buffer.com/js/button.js
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 768df3b76ea20b3d-OSL
www.reddit.com/static/button/button1.js?newwindow=1&url=http://www.regionic.info/jmb/?p=128992
151.101.85.140301 Moved Permanently 0 B URL HTTP/1.1 www.reddit.com/static/button/button1.js?newwindow=1&url=http://www.regionic.info/jmb/?p=128992
IP 151.101.85.140:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /static/button/button1.js?newwindow=1&url=http://www.regionic.info/jmb/?p=128992 HTTP/1.1
Host: www.reddit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/
HTTP/1.1 301 Moved Permanently
Connection: close
Content-Length: 0
Retry-After: 0
Location: https://www.reddit.com/static/button/button1.js?newwindow=1&url=http://www.regionic.info/jmb/?p=128992
Accept-Ranges: bytes
Date: Sat, 12 Nov 2022 08:38:32 GMT
Via: 1.1 varnish
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Cache-Control: private, max-age=3600
Server: snooserv
Report-To: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}
NEL: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.2, "failure_fraction": 0.2}
www.regionic.info/jmb/wp-content/plugins/recent-facebook-posts/assets/css/default.min.css?ver=2.0.8
83.166.138.58200 OK 762 B URL HTTP/1.1 www.regionic.info/jmb/wp-content/plugins/recent-facebook-posts/assets/css/default.min.css?ver=2.0.8
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
File type ASCII text, with very long lines (2339), with no line terminators
Hash d4b976de1da7f7be59ad8d562245ee96
3a955fa2af18fd9d3bcdec9928021691179e43cf
6237be557b7c7539e51a3780f13bfe59761844242aab8af74f2f281509006c14
GET /jmb/wp-content/plugins/recent-facebook-posts/assets/css/default.min.css?ver=2.0.8 HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/?p=128992
HTTP/1.1 200 OK
Date: Sat, 12 Nov 2022 08:38:32 GMT
Server: Apache
Last-Modified: Fri, 04 Mar 2016 14:16:21 GMT
ETag: "923-52d39c25fd740-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 762
Content-Type: text/css
www.regionic.info/jmb/wp-content/plugins/fb-social-reader/css/style.css?ver=6.0.3
83.166.138.58200 OK 1.5 kB URL HTTP/1.1 www.regionic.info/jmb/wp-content/plugins/fb-social-reader/css/style.css?ver=6.0.3
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
Hash 846d7d2e9ab8ef1cc3045650d90be00c
4fc113ffe22a5cffb328c1ecb77e409c472c4c96
20c45d712b497f79bf178c2d6ee4a5955e6902c6bb7101969289a49bca98b949
GET /jmb/wp-content/plugins/fb-social-reader/css/style.css?ver=6.0.3 HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/?p=128992
HTTP/1.1 200 OK
Date: Sat, 12 Nov 2022 08:38:32 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade
Last-Modified: Fri, 04 Mar 2016 14:13:07 GMT
ETag: "1918-52d39b6cfa2c0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1521
Content-Type: text/css
www.regionic.info/jmb/wp-content/plugins/srizon-facebook-album/resources/css/elastislide.min.css?ver=6.0.3
83.166.138.58200 OK 635 B URL HTTP/1.1 www.regionic.info/jmb/wp-content/plugins/srizon-facebook-album/resources/css/elastislide.min.css?ver=6.0.3
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
File type ASCII text, with very long lines (1962), with no line terminators
Hash db3c7868bfc439e8374d97ead0d4bdee
9e58e07495cc2d09a4bbcbaeb79f02767b6557c1
c50c163a065576f4e979be7146044b2af003b994aa9be1f967bb2fb06b5cf953
Analyzer Verdict Alert fortinet Phishing
GET /jmb/wp-content/plugins/srizon-facebook-album/resources/css/elastislide.min.css?ver=6.0.3 HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/?p=128992
HTTP/1.1 200 OK
Date: Sat, 12 Nov 2022 08:38:32 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade
Last-Modified: Fri, 04 Mar 2016 14:16:24 GMT
ETag: "7aa-52d39c28d9e00-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 635
Content-Type: text/css
www.regionic.info/jmb/wp-content/plugins/srizon-facebook-album/resources/css/mag-popup.min.css?ver=6.0.3
83.166.138.58200 OK 1.7 kB URL HTTP/1.1 www.regionic.info/jmb/wp-content/plugins/srizon-facebook-album/resources/css/mag-popup.min.css?ver=6.0.3
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
File type ASCII text, with very long lines (6065), with no line terminators
Hash af7191bfbee1f7906b91594e564b3b54
d16ecd7e4548743a605d649e90219b4ef69dae01
94e39de77d84991a731ebf77fa6c75641127ce142213b07317536768511b2cbb
Analyzer Verdict Alert fortinet Phishing
GET /jmb/wp-content/plugins/srizon-facebook-album/resources/css/mag-popup.min.css?ver=6.0.3 HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/?p=128992
HTTP/1.1 200 OK
Date: Sat, 12 Nov 2022 08:38:32 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade
Last-Modified: Fri, 04 Mar 2016 14:16:24 GMT
ETag: "17b1-52d39c28d9e00-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1705
Content-Type: text/css
www.regionic.info/jmb/wp-content/plugins/srizon-facebook-album/resources/css/srizon.custom.min.css?ver=2.3
83.166.138.58200 OK 2.1 kB URL HTTP/1.1 www.regionic.info/jmb/wp-content/plugins/srizon-facebook-album/resources/css/srizon.custom.min.css?ver=2.3
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
File type ASCII text, with very long lines (8058), with no line terminators
Hash bfc3097d6a19406d6f000a8514db8c67
e92f355cf2aa7164c37640acab4d0ac189aef9ec
f453398a652ea2eeae098967a38ce361a0f0daf260fc33b208ecd97aea47ef90
GET /jmb/wp-content/plugins/srizon-facebook-album/resources/css/srizon.custom.min.css?ver=2.3 HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/?p=128992
HTTP/1.1 200 OK
Date: Sat, 12 Nov 2022 08:38:32 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade
Last-Modified: Fri, 04 Mar 2016 14:16:24 GMT
ETag: "1f7a-52d39c28d9e00-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2054
Content-Type: text/css
www.regionic.info/jmb/wp-content/plugins/cardoza-facebook-like-box/cardozafacebook.css?ver=6.0.3
83.166.138.58200 OK 332 B URL HTTP/1.1 www.regionic.info/jmb/wp-content/plugins/cardoza-facebook-like-box/cardozafacebook.css?ver=6.0.3
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
File type CSV text\012- , ASCII text, with CRLF line terminators
Hash bcb6bcdc3b9f75d9834b745fafbcd2ef
d559a6d33ef73c30d7a546a69e5e6c7843dec4e4
ffee38b18271e25849cfd2ce95e3206b34e15d01aa3c21acf6dd29da55ce60f4
GET /jmb/wp-content/plugins/cardoza-facebook-like-box/cardozafacebook.css?ver=6.0.3 HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/?p=128992
HTTP/1.1 200 OK
Date: Sat, 12 Nov 2022 08:38:32 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade
Last-Modified: Tue, 21 Jun 2022 06:45:11 GMT
ETag: "437-5e1ef8fedeb50-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 332
Content-Type: text/css
platform.linkedin.com/in.js?ver=6.0.3
23.36.76.121200 OK 163 kB URL HTTP/2 platform.linkedin.com/in.js?ver=6.0.3
IP 23.36.76.121:0
ASN #20940 Akamai International B.V.
File type Unicode text, UTF-8 text, with very long lines (41594)
Size 163 kB (163355 bytes)
Hash c1bba435347a1ff49f05dd27ea750e9e
5cccaa8f242566c96658a40e9cbb5696334ea313
77326612a0a1da93d1f72b2e2ad72385c8223c05bc565ea0f3262c7460149214
GET /in.js?ver=6.0.3 HTTP/1.1
Host: platform.linkedin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.regionic.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Play
expires: Sat, 12 Nov 2022 09:24:05 GMT
cache-control: public, max-age=3600
content-encoding: gzip
content-type: text/javascript; charset=UTF-8
content-length: 163355
x-li-fabric: prod-lor1
x-li-pop: prod-lor1-x
x-li-proto: http/1.1
x-li-uuid: AAXtQbq/DSSO9pGjKGCPeA==
date: Sat, 12 Nov 2022 08:38:32 GMT
vary: Accept-Encoding
x-cdn-client-ip-version: IPV4
x-cdn: AKAM
X-Firefox-Spdy: h2
www.regionic.info/jmb/wp-content/plugins/really-simple-facebook-twitter-share-buttons/style.css?ver=6.0.3
83.166.138.58200 OK 777 B URL HTTP/1.1 www.regionic.info/jmb/wp-content/plugins/really-simple-facebook-twitter-share-buttons/style.css?ver=6.0.3
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
File type ASCII text, with CRLF line terminators
Hash 1ce521270815d9f13c11654b2c940766
b87c4a83005a7e36335cea34c80a29d2bcb5eeae
735a289163641abaa57b850a4b4c2c1734766701aaba58d73fb4107ffe2febb7
GET /jmb/wp-content/plugins/really-simple-facebook-twitter-share-buttons/style.css?ver=6.0.3 HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/?p=128992
HTTP/1.1 200 OK
Date: Sat, 12 Nov 2022 08:38:32 GMT
Server: Apache
Last-Modified: Fri, 04 Mar 2016 14:16:19 GMT
ETag: "8c2-52d39c24152c0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 777
Content-Type: text/css
www.regionic.info/jmb/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
83.166.138.58200 OK 4.2 kB URL HTTP/1.1 www.regionic.info/jmb/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
File type ASCII text, with very long lines (11126)
Hash 5629711d7fdd5b28441bac39b851299f
4e0bf2b7383097f7c352023a1b1b1b48a50356b6
44c444309c7a6c05ff4a9bc198bed9e9596bedb5658637c85689c9a471dcdd16
GET /jmb/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/?p=128992
HTTP/1.1 200 OK
Date: Sat, 12 Nov 2022 08:38:32 GMT
Server: Apache
Last-Modified: Tue, 21 Jun 2022 06:43:55 GMT
ETag: "2bd8-5e1ef8b65c353-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4169
Content-Type: application/javascript
www.regionic.info/jmb/wp-content/plugins/cardoza-facebook-like-box/cardozafacebook.js?ver=6.0.3
83.166.138.58200 OK 381 B URL HTTP/1.1 www.regionic.info/jmb/wp-content/plugins/cardoza-facebook-like-box/cardozafacebook.js?ver=6.0.3
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
File type ASCII text, with CRLF line terminators
Hash c26c1149a61b90738434f96a6eb566be
60b7efad2c1852b4e66737965e2edd6afc8af2e9
5e3dba55cd599aefa42c63e6726f3c2e95cf14b077c7f1a8195f9788d77207d8
Analyzer Verdict Alert fortinet Phishing
GET /jmb/wp-content/plugins/cardoza-facebook-like-box/cardozafacebook.js?ver=6.0.3 HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/?p=128992
HTTP/1.1 200 OK
Date: Sat, 12 Nov 2022 08:38:32 GMT
Server: Apache
Last-Modified: Tue, 21 Jun 2022 06:45:11 GMT
ETag: "b1f-5e1ef8fedeb50-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 381
Content-Type: application/javascript
www.regionic.info/jmb/wp-content/plugins/fb-social-reader/js/sr.min.js?ver=1.6.0.6
83.166.138.58200 OK 16 kB URL HTTP/1.1 www.regionic.info/jmb/wp-content/plugins/fb-social-reader/js/sr.min.js?ver=1.6.0.6
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
File type Unicode text, UTF-8 text, with very long lines (56742)
Hash 44ee5d1989ce366ebf46a1977c0b4524
89b21bc7b7fcf4d0ab95df2d0d2aea997ca3fa5e
89eb529dbfefcb00a30a74bf8d13f414f37a27bcfcbe8537b62c1d6ca0f55d7c
Analyzer Verdict Alert fortinet Phishing
GET /jmb/wp-content/plugins/fb-social-reader/js/sr.min.js?ver=1.6.0.6 HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/?p=128992
HTTP/1.1 200 OK
Date: Sat, 12 Nov 2022 08:38:32 GMT
Server: Apache
Last-Modified: Fri, 04 Mar 2016 14:13:08 GMT
ETag: "dec1-52d39b6dee500-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 16453
Content-Type: application/javascript
www.regionic.info/jmb/wp-content/plugins/srizon-facebook-album/resources/js/mag-popup.js?ver=6.0.3
83.166.138.58200 OK 7.7 kB URL HTTP/1.1 www.regionic.info/jmb/wp-content/plugins/srizon-facebook-album/resources/js/mag-popup.js?ver=6.0.3
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
File type ASCII text, with very long lines (20844)
Hash dbfe5bc7c17594ecb1c525e501da9564
f65f4f1d4f7043b85898ee231dfb9aba3e4220a1
86688bb51a8303ea530de4fafb4c91d3885e0447f7c10b45b3f1eb44091d558a
Analyzer Verdict Alert fortinet Phishing
GET /jmb/wp-content/plugins/srizon-facebook-album/resources/js/mag-popup.js?ver=6.0.3 HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/?p=128992
HTTP/1.1 200 OK
Date: Sat, 12 Nov 2022 08:38:32 GMT
Server: Apache
Last-Modified: Fri, 04 Mar 2016 14:16:25 GMT
ETag: "5270-52d39c29ce040-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 7677
Content-Type: application/javascript
www.regionic.info/jmb/wp-content/plugins/srizon-facebook-album/resources/js/jquery.collagePlus.min.js?ver=6.0.3
83.166.138.58200 OK 2.2 kB URL HTTP/1.1 www.regionic.info/jmb/wp-content/plugins/srizon-facebook-album/resources/js/jquery.collagePlus.min.js?ver=6.0.3
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
File type ASCII text, with very long lines (6470), with no line terminators
Hash fa84b21a34f2d58c03aef662ae5abd67
7959d25dde0b746fb99b88728aa9f9b6e24de072
2daef4f3fae6b8a14be7374b5358e2a70ca7b82486627b73f94edfab41f054be
GET /jmb/wp-content/plugins/srizon-facebook-album/resources/js/jquery.collagePlus.min.js?ver=6.0.3 HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/?p=128992
HTTP/1.1 200 OK
Date: Sat, 12 Nov 2022 08:38:32 GMT
Server: Apache
Last-Modified: Wed, 21 Nov 2018 20:29:03 GMT
ETag: "1946-57b3299de8183-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2159
Content-Type: application/javascript
www.regionic.info/jmb/wp-content/plugins/fb-social-reader/js/lib/require.js?ver=1.6.0.6
83.166.138.58200 OK 20 kB URL HTTP/1.1 www.regionic.info/jmb/wp-content/plugins/fb-social-reader/js/lib/require.js?ver=1.6.0.6
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
Hash a90955a13115bcf2a0a18e5e5051b670
294f5e6ae3a8a187c890d8388356ce631c72f2e0
c66d608e487e67cfc925c3399a0db7438e59d7c48676f44e1266ee20455ec1d8
Analyzer Verdict Alert fortinet Phishing
GET /jmb/wp-content/plugins/fb-social-reader/js/lib/require.js?ver=1.6.0.6 HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/?p=128992
HTTP/1.1 200 OK
Date: Sat, 12 Nov 2022 08:38:32 GMT
Server: Apache
Last-Modified: Fri, 04 Mar 2016 14:13:08 GMT
ETag: "13706-52d39b6dee500-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 19494
Content-Type: application/javascript
www.regionic.info/jmb/wp-content/plugins/srizon-facebook-album/resources/js/jquery.elastislide.min.js?ver=6.0.3
83.166.138.58200 OK 4.1 kB URL HTTP/1.1 www.regionic.info/jmb/wp-content/plugins/srizon-facebook-album/resources/js/jquery.elastislide.min.js?ver=6.0.3
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
File type ASCII text, with very long lines (13599), with no line terminators
Hash c37425cd901572f8f757e6a36627f2c6
e5810a1f9fb0be1ef033a26296ca3bdb38bdecbc
2e6289be6d9fc69faaf37cc4614af6f6ee9b8bff60259d419e08dc2fa19bcf8f
GET /jmb/wp-content/plugins/srizon-facebook-album/resources/js/jquery.elastislide.min.js?ver=6.0.3 HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/?p=128992
HTTP/1.1 200 OK
Date: Sat, 12 Nov 2022 08:38:33 GMT
Server: Apache
Last-Modified: Wed, 21 Nov 2018 20:29:03 GMT
ETag: "351f-57b3299de8183-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4142
Content-Type: application/javascript
www.regionic.info/jmb/wp-content/plugins/srizon-facebook-album/resources/js/srizon.custom.min.js?ver=2.3.2
83.166.138.58200 OK 3.4 kB URL HTTP/1.1 www.regionic.info/jmb/wp-content/plugins/srizon-facebook-album/resources/js/srizon.custom.min.js?ver=2.3.2
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
File type HTML document, ASCII text, with very long lines (11853), with no line terminators
Hash 15522215729c753f7b3723e5abf2028b
ef370e5c588147a02076ea9ff496ff510e36e39f
e9a438f36dc15af555a2bf372a222715f96a8959d62888b386858e53c5c336d3
Analyzer Verdict Alert fortinet Phishing
GET /jmb/wp-content/plugins/srizon-facebook-album/resources/js/srizon.custom.min.js?ver=2.3.2 HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/?p=128992
HTTP/1.1 200 OK
Date: Sat, 12 Nov 2022 08:38:33 GMT
Server: Apache
Last-Modified: Fri, 04 Mar 2016 14:16:25 GMT
ETag: "2e4d-52d39c29ce040-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 3448
Content-Type: application/javascript
www.regionic.info/jmb/wp-includes/js/comment-reply.min.js?ver=6.0.3
83.166.138.58200 OK 1.4 kB URL HTTP/1.1 www.regionic.info/jmb/wp-includes/js/comment-reply.min.js?ver=6.0.3
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
File type ASCII text, with very long lines (2946)
Hash 28214bc78b9edfcfbc9c7b651fb4f56c
fb0847abdb33dd943a2dcda4c4b905fb5cdd116c
11691bc1acc1f3a7ab8ef7c67fb720ca58fb72e52f510009f7b0cbc2589d45e0
Analyzer Verdict Alert fortinet Phishing
GET /jmb/wp-includes/js/comment-reply.min.js?ver=6.0.3 HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/?p=128992
HTTP/1.1 200 OK
Date: Sat, 12 Nov 2022 08:38:33 GMT
Server: Apache
Last-Modified: Tue, 21 Jun 2022 06:43:55 GMT
ETag: "ba5-5e1ef8b691eb3-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1351
Content-Type: application/javascript
www.regionic.info/jmb/wp-content/plugins/add-link-to-facebook/add-link-to-facebook.css?ver=6.0.3
83.166.138.58200 OK 220 B URL HTTP/1.1 www.regionic.info/jmb/wp-content/plugins/add-link-to-facebook/add-link-to-facebook.css?ver=6.0.3
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
Hash 5960fb646f4ac405f4ec6c2c9ad2a027
0356668a2cf0a15628a6d1d0bea992a4264fc275
6e680f53135a6d4b2b75ffe9c7f687b33c4fe34abc1395e5d0e5acde4aaa595b
GET /jmb/wp-content/plugins/add-link-to-facebook/add-link-to-facebook.css?ver=6.0.3 HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/?p=128992
HTTP/1.1 200 OK
Date: Sat, 12 Nov 2022 08:38:33 GMT
Server: Apache
Last-Modified: Fri, 04 Mar 2016 14:12:02 GMT
ETag: "10f-52d39b2efd080-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 220
Content-Type: text/css
www.regionic.info/jmb/wp-includes/css/dist/block-library/style.min.css?ver=6.0.3
83.166.138.58200 OK 12 kB URL HTTP/1.1 www.regionic.info/jmb/wp-includes/css/dist/block-library/style.min.css?ver=6.0.3
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
File type ASCII text, with very long lines (43771)
Hash e5548800176e913a9084f47a3e1e04f6
eff4604acc5c26ae82a19188de2f98bf5b79d80c
a2569c768eaca09f2483b971fcebb97badd57c9a16b5ae3e16b8cdcd8c688b07
Analyzer Verdict Alert fortinet Phishing
GET /jmb/wp-includes/css/dist/block-library/style.min.css?ver=6.0.3 HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/?p=128992
HTTP/1.1 200 OK
Date: Sat, 12 Nov 2022 08:38:33 GMT
Server: Apache
Last-Modified: Wed, 13 Jul 2022 04:18:35 GMT
ETag: "15b64-5e3a8141f38c3-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 11681
Content-Type: text/css
platform.tumblr.com/v1/share.js?ver=6.0.3
74.114.154.15302 Moved Temporarily 142 B URL HTTP/1.1 platform.tumblr.com/v1/share.js?ver=6.0.3
IP 74.114.154.15:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 82c98e8e012b79c922655461171cc2fa
0828d79135573276005b04be42d79a8a3291292b
745173bcc5c57ce9751dd019606e877e0aae13b60372fdb090f3db0470c3a43c
GET /v1/share.js?ver=6.0.3 HTTP/1.1
Host: platform.tumblr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/
HTTP/1.1 302 Moved Temporarily
Server: openresty
Date: Sat, 12 Nov 2022 08:38:33 GMT
Content-Type: text/html
Content-Length: 142
Connection: keep-alive
Location: https://platform.tumblr.com/v1/share.js?ver=6.0.3
api.flattr.com/js/0.6/load.js?mode=auto&ver=6.0.3
104.26.11.251301 Moved Permanently 178 B URL HTTP/2 api.flattr.com/js/0.6/load.js?mode=auto&ver=6.0.3
IP 104.26.11.251:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
GET /js/0.6/load.js?mode=auto&ver=6.0.3 HTTP/1.1
Host: api.flattr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.regionic.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Sat, 12 Nov 2022 08:38:33 GMT
content-type: text/html
content-length: 178
location: https://button.flattr.com/loader.js?mode=auto&ver=6.0.3
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4gHc550YkQBsRtRvgezDeBbMpe8tIM%2FtbIDkg6lKbMCVnGNJP1nmpvioaS2Tzg1IM2SKQhZY%2BLaW7nk8bEz3ztNXZusXUZ7Lw8iYBUQl08DzsOTTaPfaMEVZsT%2BqqowM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 768df3b75f8bb511-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
push.services.mozilla.com/
44.238.3.246101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 44.238.3.246:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: tdj1DylQPuPZ20mSLbFLRQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: r67ZhqO2t6Cg1xb73JFl0sRIydY=
www.regionic.info/jmb/wp-content/plugins/really-simple-facebook-twitter-share-buttons/images/email.png
83.166.138.58200 OK 2.0 kB URL HTTP/1.1 www.regionic.info/jmb/wp-content/plugins/really-simple-facebook-twitter-share-buttons/images/email.png
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
File type PNG image data, 30 x 20, 8-bit/color RGBA, non-interlaced\012- data
Hash 49e12c71bf7fc34e81b089e93cb24e97
6dbacc6dbc4e218bfecd3667027ac60f0f5f2ad8
6716dbbcf4c38a706abf0b7ad4398ca2f1d471c647ea8ef588fe680a1494501a
GET /jmb/wp-content/plugins/really-simple-facebook-twitter-share-buttons/images/email.png HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/?p=128992
HTTP/1.1 200 OK
Date: Sat, 12 Nov 2022 08:38:33 GMT
Server: Apache
Last-Modified: Fri, 04 Mar 2016 14:16:19 GMT
ETag: "7be-52d39c24152c0"
Accept-Ranges: bytes
Content-Length: 1982
Content-Type: image/png
www.regionic.info/jmb/wp-content/plugins/really-simple-facebook-twitter-share-buttons/images/specificfeeds_follow.png
83.166.138.58200 OK 714 B URL HTTP/1.1 www.regionic.info/jmb/wp-content/plugins/really-simple-facebook-twitter-share-buttons/images/specificfeeds_follow.png
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
File type PNG image data, 26 x 13, 8-bit/color RGBA, non-interlaced\012- data
Hash 346c3031219692aa036b3f70a049357e
1be1d28a7fd3c97ec06bd5acc0c1965975904dff
8eed0123cea1bc7373855ce7371d01f5c4bfbf58d0f70d9c9f2b945940f48c61
GET /jmb/wp-content/plugins/really-simple-facebook-twitter-share-buttons/images/specificfeeds_follow.png HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/?p=128992
HTTP/1.1 200 OK
Date: Sat, 12 Nov 2022 08:38:33 GMT
Server: Apache
Last-Modified: Fri, 04 Mar 2016 14:16:19 GMT
ETag: "2ca-52d39c24152c0"
Accept-Ranges: bytes
Content-Length: 714
Content-Type: image/png
www.regionic.info/jmb/wp-content/plugins/really-simple-facebook-twitter-share-buttons/images/rss.png
83.166.138.58200 OK 1.0 kB URL HTTP/1.1 www.regionic.info/jmb/wp-content/plugins/really-simple-facebook-twitter-share-buttons/images/rss.png
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
File type PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced\012- data
Hash 05e27acef3866d11912ffd5f5a8082e6
21fdfecf0185d7006dda0ca426926b3ed4d2b2b4
91eebabc35aac7ff6bc31bd78f5bba8ae01a1621dbee807f2fe26aec8076db45
GET /jmb/wp-content/plugins/really-simple-facebook-twitter-share-buttons/images/rss.png HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/?p=128992
HTTP/1.1 200 OK
Date: Sat, 12 Nov 2022 08:38:33 GMT
Server: Apache
Last-Modified: Fri, 04 Mar 2016 14:16:19 GMT
ETag: "407-52d39c24152c0"
Accept-Ranges: bytes
Content-Length: 1031
Content-Type: image/png
www.tipy.com/button_compact.gif
3.74.170.143301 Moved Permanently 185 B URL HTTP/1.1 www.tipy.com/button_compact.gif
IP 3.74.170.143:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4c555068310076e85908835c721911f5
9ec990aabb4391e139034f68e5e657e0f1d0b74d
568b4de0ad30e85670e724dc30ccb675924353b77807356c5ad7f29c8c38f510
GET /button_compact.gif HTTP/1.1
Host: www.tipy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/
HTTP/1.1 301 Moved Permanently
Server: nginx/1.14.2
Date: Sat, 12 Nov 2022 08:38:33 GMT
Content-Type: text/html
Content-Length: 185
Connection: keep-alive
Location: https://www.tipy.com/button_compact.gif
www.regionic.info/jmb/wp-content/uploads/2013/05/cropped-Carte_regions_Kamerun_Allemand_Batscham_mark_jmb2012N.jpg
83.166.138.58200 OK 106 kB URL HTTP/1.1 www.regionic.info/jmb/wp-content/uploads/2013/05/cropped-Carte_regions_Kamerun_Allemand_Batscham_mark_jmb2012N.jpg
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90", baseline, precision 8, 940x198, components 3\012- data
Size 106 kB (106068 bytes)
Hash ec53ed4bf2c9c19af19954b5f0dd3aaa
0d99b1707f02398171141abf1fd4ef106547cd36
bb16a4f2a4fa5fd5c218dd791144a197269bdf8afbbadabed8c8c10ff0cc71ad
GET /jmb/wp-content/uploads/2013/05/cropped-Carte_regions_Kamerun_Allemand_Batscham_mark_jmb2012N.jpg HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/?p=128992
HTTP/1.1 200 OK
Date: Sat, 12 Nov 2022 08:38:33 GMT
Server: Apache
Last-Modified: Thu, 23 May 2013 11:07:30 GMT
ETag: "19e54-4dd60b0398080"
Accept-Ranges: bytes
Content-Length: 106068
Content-Type: image/jpeg
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 5d04eb25d6a5732e1313a344ccd8a556
14d3a1d09f4623547766ec9c2b6a6271ae473802
ab5f078e6eebcdf9cf893553091a36546a3ff261217e2a906d4a6c50c63b03eb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AB5F078E6EEBCDF9CF893553091A36546A3FF261217E2A906D4A6C50C63B03EB"
Last-Modified: Sat, 12 Nov 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Sat, 12 Nov 2022 14:38:33 GMT
Date: Sat, 12 Nov 2022 08:38:33 GMT
Connection: keep-alive
www.reddit.com/static/button/button1.js?newwindow=1&url=http://www.regionic.info/jmb/?p=128992
151.101.85.140200 OK 1.1 kB URL HTTP/2 www.reddit.com/static/button/button1.js?newwindow=1&url=http://www.regionic.info/jmb/?p=128992
IP 151.101.85.140:0
Hash 610788fd4961c058cee1869f473c374c
43c8308946d4f121b91aae5fb1a688392a234d01
fdc2e23dcb6a6ce8f2ada0e9933e7edbda5f15d450165c71482eb752c7c5ae24
GET /static/button/button1.js?newwindow=1&url=http://www.regionic.info/jmb/?p=128992 HTTP/1.1
Host: www.reddit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.regionic.info/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Mon, 22 Sep 2014 16:25:05 GMT
etag: "610788fd4961c058cee1869f473c374c"
content-type: application/javascript
accept-ranges: bytes
date: Sat, 12 Nov 2022 08:38:33 GMT
via: 1.1 varnish
strict-transport-security: max-age=31536000; includeSubdomains
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
cache-control: private, max-age=3600
server: snooserv
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.2, "failure_fraction": 0.2}
content-length: 1074
X-Firefox-Spdy: h2
www.tipy.com/button_compact.gif
3.74.170.143404 Not Found 232 B URL HTTP/1.1 www.tipy.com/button_compact.gif
IP 3.74.170.143:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 328f87671c7c5a894d4f38b85b3d326b
8fea1b85bc8727669266925e412d94b74a07da38
d3dad34c1bffe93e3ec8a432f171db4a1da94b103966c11f277da95157a08ec5
GET /button_compact.gif HTTP/1.1
Host: www.tipy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.regionic.info/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 404 Not Found
Server: nginx/1.14.2
Date: Sat, 12 Nov 2022 08:38:33 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
button.flattr.com/loader.js?mode=auto&ver=6.0.3
104.26.11.251301 Moved Permanently 178 B URL HTTP/2 button.flattr.com/loader.js?mode=auto&ver=6.0.3
IP 104.26.11.251:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
GET /loader.js?mode=auto&ver=6.0.3 HTTP/1.1
Host: button.flattr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.regionic.info/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
date: Sat, 12 Nov 2022 08:38:33 GMT
content-type: text/html
content-length: 178
location: https://flattr.com
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AHUKXFLyT4gJyidvhBlPSd1OXiZoCZhcYVUnLNEFeeyUPffr53JS5yJQQqarRfo6jQ6KEM28Yew9VapjzVCOd7bATbMD1TCscoQ2i3h0T%2F61Kpocrq9KrbNQssroGO8w8uWi"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 768df3b8d93bb511-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 4620c4f56b7559f1327d6349b6efc0d4
83adfabcf83a2506fd301defd82b160ff0ef00f3
daf76338ebf69cc82601f4eb3b6a126ed0159d10dcc407a87a2c4b594a0f3979
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 12 Nov 2022 08:38:33 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 10 Nov 2022 20:43:22 GMT
Expires: Thu, 17 Nov 2022 20:43:21 GMT
Etag: "83adfabcf83a2506fd301defd82b160ff0ef00f3"
Cache-Control: max-age=474887,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 768df3ba2851b4fd-OSL
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2692df8fe9b65b25ffbfb22e4b10cadd
33838e121d3ff03dc754064fe163a08d8a6643b3
3f9c5326ec7e2ba4f01b4bff17cfa8c5e327e888f01cfd9f44f063f916b3cd51
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3F9C5326EC7E2BA4F01B4BFF17CFA8C5E327E888F01CFD9F44F063F916B3CD51"
Last-Modified: Fri, 11 Nov 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21582
Expires: Sat, 12 Nov 2022 14:38:15 GMT
Date: Sat, 12 Nov 2022 08:38:33 GMT
Connection: keep-alive
www.learningtoolkit.club/link.php?zzz=4
54.67.93.101301 Moved Permanently 0 B URL HTTP/1.1 www.learningtoolkit.club/link.php?zzz=4
IP 54.67.93.101:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET /link.php?zzz=4 HTTP/1.1
Host: www.learningtoolkit.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.regionic.info
Connection: keep-alive
Referer: http://www.regionic.info/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Date: Sat, 12 Nov 2022 8:38:29 GMT
Connection: Keep-Alive
Content-Length: 0
X-Frame-Options: SAMEORIGIN
Cache-Control: private, no-cache, no-store, max-age=0
Expires: Mon, 01 Jan 1990 0:00:00 GMT
Location: https://www.businessmagazine.org
www.regionic.info/jmb/wp-includes/js/wp-emoji-release.min.js?ver=6.0.3
83.166.138.58200 OK 5.0 kB URL HTTP/1.1 www.regionic.info/jmb/wp-includes/js/wp-emoji-release.min.js?ver=6.0.3
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
File type ASCII text, with very long lines (15660)
Hash e6624e0b978e6ddba476be41aaaa82df
822e920d8233072110ed7c8a7f379e5b13209b18
dac86a9ce08e4d8cded47b4fa900a664b0c997d8910c2a1be54a423678925a41
Analyzer Verdict Alert fortinet Phishing
GET /jmb/wp-includes/js/wp-emoji-release.min.js?ver=6.0.3 HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/?p=128992
HTTP/1.1 200 OK
Date: Sat, 12 Nov 2022 08:38:33 GMT
Server: Apache
Last-Modified: Tue, 21 Jun 2022 06:43:55 GMT
ETag: "48b9-5e1ef8b690f13-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5009
Content-Type: application/javascript
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 5823b629e86542b63f4355ec5e67a126
97cbdbbb6b03e6ef7f3f45449245470ad8bd8292
96d8e39efb6eebd1413a4bc0fa6800781f636e70dc0ccadf6a546f26fa022755
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "96D8E39EFB6EEBD1413A4BC0FA6800781F636E70DC0CCADF6A546F26FA022755"
Last-Modified: Thu, 10 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5423
Expires: Sat, 12 Nov 2022 10:08:57 GMT
Date: Sat, 12 Nov 2022 08:38:34 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 5823b629e86542b63f4355ec5e67a126
97cbdbbb6b03e6ef7f3f45449245470ad8bd8292
96d8e39efb6eebd1413a4bc0fa6800781f636e70dc0ccadf6a546f26fa022755
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "96D8E39EFB6EEBD1413A4BC0FA6800781F636E70DC0CCADF6A546F26FA022755"
Last-Modified: Thu, 10 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5423
Expires: Sat, 12 Nov 2022 10:08:57 GMT
Date: Sat, 12 Nov 2022 08:38:34 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 5823b629e86542b63f4355ec5e67a126
97cbdbbb6b03e6ef7f3f45449245470ad8bd8292
96d8e39efb6eebd1413a4bc0fa6800781f636e70dc0ccadf6a546f26fa022755
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "96D8E39EFB6EEBD1413A4BC0FA6800781F636E70DC0CCADF6A546F26FA022755"
Last-Modified: Thu, 10 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5423
Expires: Sat, 12 Nov 2022 10:08:57 GMT
Date: Sat, 12 Nov 2022 08:38:34 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffe8955e1-907b-43ed-a437-d4ad1f5fe742.jpeg
34.120.237.76200 OK 5.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffe8955e1-907b-43ed-a437-d4ad1f5fe742.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 38e32fc94c445ff47da5d2907e61e3a4
c76588ccaf97fdfd6e73833083200cb49a01a4af
e4e3947b2248206c9dacfd35ff5619ca3b3ae56a7bcd565d40ed048839ffa075
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffe8955e1-907b-43ed-a437-d4ad1f5fe742.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5478
x-amzn-requestid: c06e47c6-da2a-4a70-af2a-c1268557b913
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bdM67FEEIAMF-pA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636ec1df-0628d00244323ddf727e0b80;Sampled=0
x-amzn-remapped-date: Fri, 11 Nov 2022 21:42:55 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 3zeJU6wVmWDIbVDBlTYvTh8e78isxbmNC0GKWdKqdI5abbdERoyzpA==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 89791e6b21b9a30cc51cac1bc51cf098.cloudfront.net (CloudFront), 1.1 google
date: Fri, 11 Nov 2022 21:45:13 GMT
age: 39201
etag: "c76588ccaf97fdfd6e73833083200cb49a01a4af"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.stumbleupon.com/hostedbadge.php?s=1&r=http://www.regionic.info/jmb/?p=128992
76.76.21.93404 Not Found 15 kB URL HTTP/2 www.stumbleupon.com/hostedbadge.php?s=1&r=http://www.regionic.info/jmb/?p=128992
IP 76.76.21.93:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (5822)
Hash b4f0c317bbb0db52cfc839fc552490c8
ae53299879c2ad79f0fdbfdb465eacc2f051da5b
5ade8c17b55af1998a6a64946d9f0d0f014f835380a06b8c464df3c95d2997eb
GET /hostedbadge.php?s=1&r=http://www.regionic.info/jmb/?p=128992 HTTP/1.1
Host: www.stumbleupon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.regionic.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
access-control-allow-origin: *
age: 1270447
cache-control: public, max-age=0, must-revalidate
content-disposition: inline; filename="404"
content-encoding: br
content-type: text/html; charset=utf-8
date: Sat, 12 Nov 2022 08:38:32 GMT
etag: W/"1a30bd62d0e7d6b9c85d90d076391f09"
server: Vercel
strict-transport-security: max-age=63072000
x-matched-path: /404
x-vercel-cache: HIT
x-vercel-id: arn1:arn1::l4nkn-1668242312960-fc9b693d74f2
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc9f88d70-47ed-4a86-9b90-ea63f189df00.jpeg
34.120.237.76200 OK 5.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc9f88d70-47ed-4a86-9b90-ea63f189df00.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 94a390953f36bf9902cb9f04007c36c1
13535f16f207d4c19c1b6019757f6739a4531eeb
37d73300955a979e5b9d3dabc6e924c4e9734c6c63d92c42c709f8cb0d5aeabb
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc9f88d70-47ed-4a86-9b90-ea63f189df00.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5902
x-amzn-requestid: 9c8be25c-9c96-4861-89c8-8b7bf06ffc16
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bdNBrH2DoAMFqbg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636ec20a-6c770a86581d1f7f4599684f;Sampled=0
x-amzn-remapped-date: Fri, 11 Nov 2022 21:43:38 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: ncUYc6gH2CYjxAwoVCC4MEj8Va5GGn1ZAg-gBmFtm5gzYIe898Ittg==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 ead78c395f4bede3ec6cd7ea180e3d3a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 11 Nov 2022 21:45:12 GMT
age: 39202
etag: "13535f16f207d4c19c1b6019757f6739a4531eeb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4af930b9-b854-4316-8425-07c6aa06477a.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4af930b9-b854-4316-8425-07c6aa06477a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash cd5bdc050716bb76afe8090fc81617e7
5109c156b180727767fc03c411190ccc0d3fb5fc
9b13e7838946c6654dda17886c2ca8d42de934acb93f4bddb1008dfa1bd1ea99
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4af930b9-b854-4316-8425-07c6aa06477a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11715
x-amzn-requestid: 20e508bd-6568-4225-9bee-c683a49d44f6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bdMhUHkpIAMFfJg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636ec13b-7dc726b94a37fc667e2e6646;Sampled=0
x-amzn-remapped-date: Fri, 11 Nov 2022 21:40:11 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: X3SUo1LP97TxraRav0ftskBhzWkTJInHaS44PW26yloF-dgD-bHBuA==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 d01e7742f82df0bbc1fb681d709ed69c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 11 Nov 2022 21:45:12 GMT
etag: "5109c156b180727767fc03c411190ccc0d3fb5fc"
content-type: image/jpeg
age: 39202
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2eaa4311-959b-4a18-8135-b4ce754c0765.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2eaa4311-959b-4a18-8135-b4ce754c0765.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 567bcdef39653e949301b97714168c31
8669185a5f338e34026c48310c88c5a9d8caa1c2
7ecaa9ceaa0a60e608e62571108fbcf49f6fa2b3e77feacbf52d319beda40db1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2eaa4311-959b-4a18-8135-b4ce754c0765.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7533
x-amzn-requestid: 985674ba-be97-4ca3-babb-594c61f8d6c1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bdM8BEqFIAMFsxw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636ec1e6-3abc6a525f2a2bde14465b7e;Sampled=0
x-amzn-remapped-date: Fri, 11 Nov 2022 21:43:02 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: DRfYKF1_Z56kxeaprUhH1Ng8MgW0Z6Xx_yWwiO3MnswRFY482udCjg==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Fri, 11 Nov 2022 21:43:48 GMT
age: 39286
etag: "8669185a5f338e34026c48310c88c5a9d8caa1c2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60d4e929-d0bb-41b7-bdcd-0e67258b428a.webp
34.120.237.76200 OK 9.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60d4e929-d0bb-41b7-bdcd-0e67258b428a.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 516f1bfefb1c1a737ea2441f85343b32
0cc22d7bf9092fb30f31e2ca8f242c197b891669
733824d4f6f7c5b54ce4e02ecaf152cfc1e10f3f6a801d7e2c55a02460e40087
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60d4e929-d0bb-41b7-bdcd-0e67258b428a.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9012
x-amzn-requestid: 83eac9e7-5387-4e11-9769-182fa3f7fffb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bdNC6FxzoAMF80w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636ec212-5ca277b90a5a9a4c437edc1e;Sampled=0
x-amzn-remapped-date: Fri, 11 Nov 2022 21:43:46 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: PrJoEROPymrtc0egNlWRoOMjohiCo3zReD01qAHwByaSiXarfRS0XQ==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 11 Nov 2022 22:00:43 GMT
age: 38271
etag: "0cc22d7bf9092fb30f31e2ca8f242c197b891669"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.learningtoolkit.club/link.php?zzz=5
54.67.93.101301 Moved Permanently 0 B URL HTTP/1.1 www.learningtoolkit.club/link.php?zzz=5
IP 54.67.93.101:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET /link.php?zzz=5 HTTP/1.1
Host: www.learningtoolkit.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.regionic.info
Connection: keep-alive
Referer: http://www.regionic.info/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Date: Sat, 12 Nov 2022 8:38:29 GMT
Connection: Keep-Alive
Content-Length: 0
X-Frame-Options: SAMEORIGIN
Cache-Control: private, no-cache, no-store, max-age=0
Expires: Mon, 01 Jan 1990 0:00:00 GMT
Location: https://www.businessmagazine.org
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e6638dbf20a4664423ad235d5f63b009
7591f75beea4f05a4774b30ba9a531c3f3a9aaea
52f6fba186dca70ec0b8ad0ed7b67008b020ec2c72d61e1a41a82ac3717baa98
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "52F6FBA186DCA70EC0B8AD0ED7B67008B020EC2C72D61E1A41A82AC3717BAA98"
Last-Modified: Fri, 11 Nov 2022 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21312
Expires: Sat, 12 Nov 2022 14:33:46 GMT
Date: Sat, 12 Nov 2022 08:38:34 GMT
Connection: keep-alive
www.learningtoolkit.club/link.php?zzz=5
54.67.93.101301 Moved Permanently 0 B URL HTTP/1.1 www.learningtoolkit.club/link.php?zzz=5
IP 54.67.93.101:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET /link.php?zzz=5 HTTP/1.1
Host: www.learningtoolkit.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.regionic.info
Connection: keep-alive
Referer: http://www.regionic.info/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Date: Sat, 12 Nov 2022 8:38:29 GMT
Connection: Keep-Alive
Content-Length: 0
X-Frame-Options: SAMEORIGIN
Cache-Control: private, no-cache, no-store, max-age=0
Expires: Mon, 01 Jan 1990 0:00:00 GMT
Location: https://www.businessmagazine.org
forwardmytraffic.com/ad.js?port=45
192.102.6.94200 OK 1.6 kB URL HTTP/1.1 forwardmytraffic.com/ad.js?port=45
IP 192.102.6.94:0
Hash 90c65fd30fb140e1765f80b12b47f4f6
56510f8ffb254ab6213ac908b74151f0e200d4be
9a6f69e7b9295aae2f0e06e047ac4f86cffe183852fef0a7fcd0121505d329bb
GET /ad.js?port=45 HTTP/1.1
Host: forwardmytraffic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.regionic.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.14.1
Date: Sat, 12 Nov 2022 08:38:34 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.3.4
www.learningtoolkit.club/link.php?zzz=4
54.67.93.101301 Moved Permanently 0 B URL HTTP/1.1 www.learningtoolkit.club/link.php?zzz=4
IP 54.67.93.101:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET /link.php?zzz=4 HTTP/1.1
Host: www.learningtoolkit.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.regionic.info
Connection: keep-alive
Referer: http://www.regionic.info/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Date: Sat, 12 Nov 2022 8:38:29 GMT
Connection: Keep-Alive
Content-Length: 0
X-Frame-Options: SAMEORIGIN
Cache-Control: private, no-cache, no-store, max-age=0
Expires: Mon, 01 Jan 1990 0:00:00 GMT
Location: https://www.businessmagazine.org
cdnjs.cloudflare.com/ajax/libs/json2/20121008/json2.min.js
104.17.25.14200 OK 1.3 kB URL HTTP/1.1 cdnjs.cloudflare.com/ajax/libs/json2/20121008/json2.min.js
IP 104.17.25.14:0
File type ASCII text, with very long lines (3385), with no line terminators
Hash 9dcd98b378b18da87ab0b80928cab48a
2daa54c68961571f76c9cf230f2c469079ba4629
1766ef15d29039deb1168ca7e34a98cc3b094f7a0d74475216c3696af5d6d6b9
GET /ajax/libs/json2/20121008/json2.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/
HTTP/1.1 200 OK
Date: Sat, 12 Nov 2022 08:38:34 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 1347
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=30672000
Content-Encoding: gzip
ETag: "5eb03ec8-d39"
Last-Modified: Mon, 04 May 2020 16:11:52 GMT
cf-cdnjs-via: cfworker/kv
Cross-Origin-Resource-Policy: cross-origin
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
CF-Cache-Status: HIT
Age: 127415
Expires: Thu, 02 Nov 2023 08:38:34 GMT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TTdqLSKd1CN6ummUyxgz3J44rzD2nZrrm3fkct4j%2BPrhhEqAoFJTj6qkEWFVahS36ThSprvMR4R1QHZDoY4E0Z%2F2TXDTgbCd%2Fb59CFzKzA1dC7wYxUzzHTsZ8Np%2F8vsfUlImcyjW"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 768df3c28971b4f9-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
www.stumbleupon.com/hostedbadge.php?s=1&r=http://www.regionic.info/jmb/?p=128992
76.76.21.93404 Not Found 2.1 kB URL HTTP/2 www.stumbleupon.com/hostedbadge.php?s=1&r=http://www.regionic.info/jmb/?p=128992
IP 76.76.21.93:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (5822)
Hash 6be4499256f23350a0eca5eb0682e77d
e948b498923135cf5fe9bd69cfdc89a2aaab9734
d97ba4079b09d7a33ec646c8d807a0368976310ecaf801281c47eeb93f3b1bfd
GET /hostedbadge.php?s=1&r=http://www.regionic.info/jmb/?p=128992 HTTP/1.1
Host: www.stumbleupon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.regionic.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 404 Not Found
access-control-allow-origin: *
age: 1270449
cache-control: public, max-age=0, must-revalidate
content-disposition: inline; filename="404"
content-encoding: br
content-type: text/html; charset=utf-8
date: Sat, 12 Nov 2022 08:38:34 GMT
etag: W/"1a30bd62d0e7d6b9c85d90d076391f09"
server: Vercel
strict-transport-security: max-age=63072000
x-matched-path: /404
x-vercel-cache: HIT
x-vercel-id: arn1:arn1::l4nkn-1668242314649-25ff82f39a1c
X-Firefox-Spdy: h2
www.tipy.com/button.js
3.74.170.143404 Not Found 232 B IP 3.74.170.143:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 328f87671c7c5a894d4f38b85b3d326b
8fea1b85bc8727669266925e412d94b74a07da38
d3dad34c1bffe93e3ec8a432f171db4a1da94b103966c11f277da95157a08ec5
GET /button.js HTTP/1.1
Host: www.tipy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.regionic.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 404 Not Found
Server: nginx/1.14.2
Date: Sat, 12 Nov 2022 08:38:34 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
www.hyves.nl/respect/button?url=http://www.regionic.info/jmb/?p=128992
172.67.161.202301 Moved Permanently 0 B URL HTTP/1.1 www.hyves.nl/respect/button?url=http://www.regionic.info/jmb/?p=128992
IP 172.67.161.202:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /respect/button?url=http://www.regionic.info/jmb/?p=128992 HTTP/1.1
Host: www.hyves.nl
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sat, 12 Nov 2022 08:38:34 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 12 Nov 2022 09:38:34 GMT
Location: https://hyvesgames.nl/forwarded
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rXU9WWHNz6pOibfQYjW97kQhlnTFBZLpH5pK6s40Q6V163fwYwuePAs1lBmVL4ITGl2YyjAYcBHX0Wac9fI8vN2TZTftvVvSL9ZNdZ3Q0Z9P2P9vfbDEhMPaC3vcLN0%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 768df3c2eb38b511-OSL
alt-svc: h2=":443"; ma=60
www.tipy.com/button_compact.gif
3.74.170.143404 Not Found 232 B URL HTTP/1.1 www.tipy.com/button_compact.gif
IP 3.74.170.143:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 328f87671c7c5a894d4f38b85b3d326b
8fea1b85bc8727669266925e412d94b74a07da38
d3dad34c1bffe93e3ec8a432f171db4a1da94b103966c11f277da95157a08ec5
GET /button_compact.gif HTTP/1.1
Host: www.tipy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.regionic.info/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 404 Not Found
Server: nginx/1.14.2
Date: Sat, 12 Nov 2022 08:38:34 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
odnaknopka.ru/ok9.js
142.132.202.70200 OK 143 B IP 142.132.202.70:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with CRLF line terminators
Hash 01d104f1d2a961f6fc241ec08ba1af54
2e9f73a9137283c94c79bff44fd10f5b1a2738b6
f70c6e0720a4769e224d4ceb25d9908ae0f9da93dac347971cac311be73b1022
GET /ok9.js HTTP/1.1
Host: odnaknopka.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 12 Nov 2022 08:38:34 GMT
Content-Type: text/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
ETag: 71123493836cac91460903ad2f0538eb
www.regionic.info/jmb/wp-content/plugins/really-simple-facebook-twitter-share-buttons/images/facebook-share.png
83.166.138.58200 OK 838 B URL HTTP/1.1 www.regionic.info/jmb/wp-content/plugins/really-simple-facebook-twitter-share-buttons/images/facebook-share.png
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash 95f675e77a2c67a004771ee5d7dce1ee
74151d65e20475ac234287288c56ab2f370f502b
6a0b082d7f6c52899ed6d19d85676486c4a9a37894b7e0daaaeaf065929ab026
GET /jmb/wp-content/plugins/really-simple-facebook-twitter-share-buttons/images/facebook-share.png HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/wp-content/plugins/really-simple-facebook-twitter-share-buttons/style.css?ver=6.0.3
HTTP/1.1 200 OK
Date: Sat, 12 Nov 2022 08:38:34 GMT
Server: Apache
Last-Modified: Fri, 04 Mar 2016 14:16:19 GMT
ETag: "346-52d39c24152c0"
Accept-Ranges: bytes
Content-Length: 838
Content-Type: image/png
www.regionic.info/jmb/wp-content/themes/twentyten/images/wordpress.png
83.166.138.58200 OK 794 B URL HTTP/1.1 www.regionic.info/jmb/wp-content/themes/twentyten/images/wordpress.png
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
File type PNG image data, 16 x 16, 8-bit colormap, non-interlaced\012- data
Hash f51375d00e7d0a70c801c6256d432d3b
313aff1fffa73433673203db25ff4154d07511e2
61d00189e16b4ae467e9f3283ccf459d666950277c866c82f337534951b50f51
GET /jmb/wp-content/themes/twentyten/images/wordpress.png HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/wp-content/themes/twentyten/style.css
HTTP/1.1 200 OK
Date: Sat, 12 Nov 2022 08:38:34 GMT
Server: Apache
Last-Modified: Fri, 04 Mar 2016 14:18:20 GMT
ETag: "31a-52d39c977a300"
Accept-Ranges: bytes
Content-Length: 794
Content-Type: image/png
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 15a6e45a8f5702a03b66b41501e4a520
0a325b0dbd0f17619eaeaafa7fd4f53106afb6dc
28ed90fad2603f0e5acc7d04123c7654565bdf425509b7bf04b140ac10d2b596
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=137074
Content-Type: application/ocsp-response
Date: Sat, 12 Nov 2022 08:38:34 GMT
Etag: "636ecffc-118"
Expires: Sun, 13 Nov 2022 22:43:08 GMT
Last-Modified: Fri, 11 Nov 2022 22:43:08 GMT
Server: nginx
Content-Length: 280
odnaknopka.ru/stat.js
142.132.202.70200 OK 358 B IP 142.132.202.70:0
ASN #24940 Hetzner Online GmbH
Hash f5c3d96c1d423c74a127cac2e0a58597
066d46aa9dc0959abb54f2cf805ce9af30c3fde1
8d3d75a202bfeacc981a2bfae3e215e2d137afc6f7d8cc31a955505bf5411bc3
GET /stat.js HTTP/1.1
Host: odnaknopka.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 12 Nov 2022 08:38:34 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
www.regionic.info/jmb/wp-content/uploads/2012/03/bmask_pedjo_blanc_301.png
83.166.138.58200 OK 61 kB URL HTTP/1.1 www.regionic.info/jmb/wp-content/uploads/2012/03/bmask_pedjo_blanc_301.png
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
File type PNG image data, 138 x 237, 8-bit/color RGB, non-interlaced\012- data
Hash b74ef2596fd00a4b03c23aa91d9c92cf
4f5bc4506d9d95e1999b9088bd2acbe529c20707
ebb9cb51888811438828a39576992f273077047babbb1951c6a666b913fffcad
GET /jmb/wp-content/uploads/2012/03/bmask_pedjo_blanc_301.png HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/?p=128992
HTTP/1.1 200 OK
Date: Sat, 12 Nov 2022 08:38:34 GMT
Server: Apache
Last-Modified: Fri, 09 Mar 2012 17:32:38 GMT
ETag: "eda1-4bad2c7649980"
Accept-Ranges: bytes
Content-Length: 60833
Content-Type: image/png
www.redditstatic.com/button/button1.html?url=http%3A%2F%2Fwww.regionic.info%2Fjmb%2F%3Fp%3D128992
151.101.85.140200 OK 1.7 kB URL HTTP/1.1 www.redditstatic.com/button/button1.html?url=http%3A%2F%2Fwww.regionic.info%2Fjmb%2F%3Fp%3D128992
IP 151.101.85.140:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1522)
Hash 4a408b7d64f2c0937eb0d1b944e3229e
e9edc11acdf9d5ae0357b680590d3dc719bf0adc
91aee29aee50d42c1a027a0c9b82f759847e37b6027af3d7b96ccf68db3fe685
GET /button/button1.html?url=http%3A%2F%2Fwww.regionic.info%2Fjmb%2F%3Fp%3D128992 HTTP/1.1
Host: www.redditstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 1709
Last-Modified: Wed, 30 Jul 2014 19:09:19 GMT
ETag: "ce91c4f683d32f8907f0e97f3fb93696"
Expires: Thu, 31 Dec 2037 23:59:59 GMT
Content-Type: text/html
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Sat, 12 Nov 2022 08:38:34 GMT
Vary: Accept-Encoding,Origin
Server: snooserv
Report-To: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}
NEL: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
assets.pinterest.com/images/pidgets/pin_it_button.png
23.38.200.197200 OK 909 B URL HTTP/2 assets.pinterest.com/images/pidgets/pin_it_button.png
IP 23.38.200.197:0
File type PNG image data, 40 x 20, 8-bit/color RGBA, non-interlaced\012- data
Hash cf5ce2d2dcfa060f6032b0af60d45aa2
7a2370ff54f007a20d64d57c9547736136612869
f942d5999c18b372d0c74273c936fce1723b0761e67d56dfa80abac87eff864e
GET /images/pidgets/pin_it_button.png HTTP/1.1
Host: assets.pinterest.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.regionic.info/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
etag: "cf5ce2d2dcfa060f6032b0af60d45aa2"
accept-ranges: bytes
content-type: image/png
content-length: 909
cache-control: max-age=83028
vary: Accept-Encoding, Origin
x-cdn: akamai
access-control-max-age: 86400
access-control-expose-headers: X-CDN
access-control-allow-methods: GET
access-control-allow-origin: *
X-Firefox-Spdy: h2
www.redditstatic.com/button/button-embed.js
151.101.85.140200 OK 983 B URL HTTP/1.1 www.redditstatic.com/button/button-embed.js
IP 151.101.85.140:0
Hash 894ad3ef79db45d25e29d456dc0d4749
44560c5236cc799ab5cb2e9aa39dfe85d2d9b120
d61a96c13920a9de38d7d426dde2c890535856bda84a26845dc0272f05b33e2d
GET /button/button-embed.js HTTP/1.1
Host: www.redditstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.redditstatic.com/button/button1.html?url=http%3A%2F%2Fwww.regionic.info%2Fjmb%2F%3Fp%3D128992
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 983
Last-Modified: Wed, 22 Oct 2014 17:47:37 GMT
ETag: "f6e79e0098bfda54ca2e0e02da223645"
Expires: Thu, 31 Dec 2037 23:59:59 GMT
Content-Type: application/javascript
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Sat, 12 Nov 2022 08:38:34 GMT
Vary: Accept-Encoding,Origin
Server: snooserv
Report-To: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}
NEL: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
connect.facebook.net/fr_FR/sdk.js
31.13.72.12200 OK 1.7 kB URL HTTP/1.1 connect.facebook.net/fr_FR/sdk.js
IP 31.13.72.12:0
File type ASCII text, with very long lines (1961)
Hash ae8ef774ee63bf94de29b4d1bd1a2c7a
c31edc6b9f8e9d629a51891057f3d28a32c9db03
f942276ae613a2ee9017ae114acc11518482d237c9f52fce7fe60e949ebb8b6d
GET /fr_FR/sdk.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/
HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Expose-Headers: X-FB-Content-MD5
x-fb-content-md5: a588436f91be43999652146d0bf94b06
ETag: "6e34d6d37304941cb9d902fb4ad4c154"
Content-Type: application/x-javascript; charset=utf-8
timing-allow-origin: *
Access-Control-Allow-Origin: *
cross-origin-resource-policy: cross-origin
Expires: Sat, 12 Nov 2022 08:46:58 GMT
Cache-Control: public,max-age=1200,stale-while-revalidate=3600
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
X-Content-Type-Options: nosniff
x-fb-rlafr: 0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=31536000; preload; includeSubDomains
Content-MD5: ro73dO5jv5TeKbTRvRoseg==
X-FB-Debug: wLxh25vKS/xIStkKx6gK1ipUjg4+Wn2o7Abspo8Ryckx6rKfDAuV9WiuXaShZeQscfoqp4eNFuN9XmWbggqudA==
Priority: u=1,i
X-FB-TRIP-ID: 1904183273
Date: Sat, 12 Nov 2022 08:38:34 GMT
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 1687
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 15a6e45a8f5702a03b66b41501e4a520
0a325b0dbd0f17619eaeaafa7fd4f53106afb6dc
28ed90fad2603f0e5acc7d04123c7654565bdf425509b7bf04b140ac10d2b596
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 0
Cache-Control: max-age=137074
Content-Type: application/ocsp-response
Date: Sat, 12 Nov 2022 08:38:34 GMT
Etag: "636ecffc-118"
Expires: Sun, 13 Nov 2022 22:43:08 GMT
Last-Modified: Fri, 11 Nov 2022 22:43:08 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 280
www.regionic.info/favicon.ico
83.166.138.58404 Not Found 513 B URL HTTP/1.1 www.regionic.info/favicon.ico
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Hash e0640c95d0fc6b7a735a5d2baf676660
e6d90be255108401c93d14421bc8a4d29112b52f
b01e87d193e77bc8cde43397dfb7892b153ce6aab744f4bc6406d854c97e6265
GET /favicon.ico HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/?p=128992
HTTP/1.1 404 Not Found
Date: Sat, 12 Nov 2022 08:38:34 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade
Last-Modified: Wed, 18 Apr 2007 14:03:27 GMT
ETag: "201-42e638ce069c0;5ecea8926fca6
Accept-Ranges: bytes
Content-Length: 513
Content-Type: text/html
platform.twitter.com/widgets.js
93.184.220.66200 OK 29 kB URL HTTP/1.1 platform.twitter.com/widgets.js
IP 93.184.220.66:0
File type Unicode text, UTF-8 text, with very long lines (33915)
Hash 7899fffaf0046efb7f9be2495d9dc928
d4c60d88e8deea577a50f9d20e1b6b3a20cba2cf
07d50450f22df0588cc1b67f5a124cb91d99a032a229586eb7dc490cce9f7f30
GET /widgets.js HTTP/1.1
Host: platform.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.regionic.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 3000
Age: 97
Cache-Control: public, max-age=1800
Content-Type: application/javascript; charset=utf-8
Date: Sat, 12 Nov 2022 08:38:34 GMT
Etag: "6633f9603c759c40d9b200995454f17c+gzip"
Last-Modified: Wed, 02 Nov 2022 19:43:37 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (ska/F716)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=1
Vary: Accept-Encoding
x-amzn-internal-status: 304
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 29221
buttons.reddit.com/button_info.json?jsonp=buttonEmbed.parseSubmission&url=http%3A%2F%2Fwww.regionic.info%2Fjmb%2F%3Fp%3D128992
151.101.85.140404 Not Found 13 B URL HTTP/1.1 buttons.reddit.com/button_info.json?jsonp=buttonEmbed.parseSubmission&url=http%3A%2F%2Fwww.regionic.info%2Fjmb%2F%3Fp%3D128992
IP 151.101.85.140:0
File type ASCII text, with no line terminators
Hash 1e6cd917ed71a1241e4bedc29264bd98
5b65037351caeb0e5a48d963d7ffa88d0271d546
7d04f7431bbfa41a04bcc7e6b98b9de0d919756c4c671c5785c99fff45f16402
GET /button_info.json?jsonp=buttonEmbed.parseSubmission&url=http%3A%2F%2Fwww.regionic.info%2Fjmb%2F%3Fp%3D128992 HTTP/1.1
Host: buttons.reddit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.redditstatic.com/
HTTP/1.1 404 Not Found
Connection: close
Content-Length: 13
Server: Varnish
Retry-After: 0
Content-Type: text/plain
Accept-Ranges: bytes
Date: Sat, 12 Nov 2022 08:38:34 GMT
Via: 1.1 varnish
X-Served-By: cache-bma1678-BMA
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1668242315.990543,VS0,VE0
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 1bdc0d3182afffc26756814099dea1c3
b3e3251f344a0071add89db9ea82d1f019fa8334
5d3a05c522d504a5af14203720ad3b9a6ab28e15d73fd02f83c67a0a948cc5fc
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 12 Nov 2022 08:38:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash cb32b093a48fe0c49faa51535b19b4e7
61a7411693d449bd8469d60c4168599f488ff2c0
45306773dde44ac69f1fe0c160ef74686b0d57ad4b9c2be099498149171e4f3a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "45306773DDE44AC69F1FE0C160EF74686B0D57AD4B9C2BE099498149171E4F3A"
Last-Modified: Fri, 11 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3957
Expires: Sat, 12 Nov 2022 09:44:32 GMT
Date: Sat, 12 Nov 2022 08:38:35 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 4b46bbcd35c85c4678b0e3e409bba3bc
bb0705335e28414345ad5fcdd61104cf2fbbbbc4
6c3df7e6d0a8491fe24c03df2ccba059ba2f84155a680a4a22f217d3870cff95
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 12 Nov 2022 08:38:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash f3db15f7288b39b54336d77f5a8ee2f6
181ae6b8f413d128cf1f612dd79c032cf57c46da
4cf03d974d8b68f89a73382df63af8ed9239b87c996080cde68f9d9c40880fce
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5072
Cache-Control: max-age=170919
Content-Type: application/ocsp-response
Date: Sat, 12 Nov 2022 08:38:35 GMT
Etag: "636f4062-116"
Expires: Mon, 14 Nov 2022 08:07:14 GMT
Last-Modified: Sat, 12 Nov 2022 06:42:42 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 278
platform.tumblr.com/v1/share_2.png
74.114.154.15302 Moved Temporarily 142 B URL HTTP/1.1 platform.tumblr.com/v1/share_2.png
IP 74.114.154.15:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 82c98e8e012b79c922655461171cc2fa
0828d79135573276005b04be42d79a8a3291292b
745173bcc5c57ce9751dd019606e877e0aae13b60372fdb090f3db0470c3a43c
GET /v1/share_2.png HTTP/1.1
Host: platform.tumblr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/
HTTP/1.1 302 Moved Temporarily
Server: openresty
Date: Sat, 12 Nov 2022 08:38:34 GMT
Content-Type: text/html
Content-Length: 142
Connection: keep-alive
Location: https://platform.tumblr.com/v1/share_2.png
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 1bb279167832b97b5e80041e8975740c
48d5f288978ea6717b16e0f96974a23603361cc2
894d4dd927851fb6078c3bd527e3f424c4e3ad3f6ebdfa7c0fee089e0ce044cd
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4649
Cache-Control: max-age=158609
Content-Type: application/ocsp-response
Date: Sat, 12 Nov 2022 08:38:35 GMT
Etag: "636f11f3-1d7"
Expires: Mon, 14 Nov 2022 04:42:04 GMT
Last-Modified: Sat, 12 Nov 2022 03:24:35 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 471
ajax.googleapis.com/ajax/libs/jquery/1.9.0/jquery.min.js
216.58.207.234200 OK 33 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/1.9.0/jquery.min.js
IP 216.58.207.234:0
File type ASCII text, with very long lines (32132)
Hash 19367efa6245eafdd8c6111a367da696
901ec681692d88afa09c28cee299ba120ca33a8b
cb11ee5a06892d5ffea634705118e1cc48f276c6d18fa20605c9bf5b9c33dc32
GET /ajax/libs/jquery/1.9.0/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.regionic.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33140
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 11 Nov 2022 01:59:17 GMT
expires: Sat, 11 Nov 2023 01:59:17 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
age: 110358
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
platform.twitter.com/widgets/widget_iframe.644279d1635fd969e87af94a98bd232b.html?origin=http%3A%2F%2Fwww.regionic.info
93.184.220.66200 OK 105 kB URL HTTP/1.1 platform.twitter.com/widgets/widget_iframe.644279d1635fd969e87af94a98bd232b.html?origin=http%3A%2F%2Fwww.regionic.info
IP 93.184.220.66:0
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (56168)
Size 105 kB (105445 bytes)
Hash 2b4968b185495eddda0d85b2351ebb71
c665785ca0f4039f8c71d94631cd50a879d866b5
eb8af089d8082a58a6e90fedc23007f17a9e89ddbc6a29b6e535e4847ba94160
GET /widgets/widget_iframe.644279d1635fd969e87af94a98bd232b.html?origin=http%3A%2F%2Fwww.regionic.info HTTP/1.1
Host: platform.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.regionic.info/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 814662
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Sat, 12 Nov 2022 08:38:35 GMT
Etag: "50d73c0b4a4c7e4697b9c6ac6f1ecd75+gzip"
Last-Modified: Wed, 02 Nov 2022 19:36:59 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (ska/F71D)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=,edge;dur=1
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 105445
apis.google.com/js/plusone.js
142.250.74.174200 OK 21 kB URL HTTP/2 apis.google.com/js/plusone.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1279)
Hash 557a84e1a4b4a45f586fb72599df1ad0
78eec98dcefee53f24a6684e407c81676e7952b4
a488b14f67aa02c62eb30b758d1eb76155478e3af0b2fd78dc52de4e28ed4014
GET /js/plusone.js HTTP/1.1
Host: apis.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.regionic.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
access-control-allow-origin: *
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="gapi-team"
report-to: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
timing-allow-origin: *
content-length: 20987
date: Sat, 12 Nov 2022 08:38:35 GMT
expires: Sat, 12 Nov 2022 08:38:35 GMT
cache-control: private, max-age=1800, stale-while-revalidate=1800
etag: "c1b020d722de3a38"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
resistcorrectly.com/stat
176.9.60.211302 Moved Temporarily 0 B IP 176.9.60.211:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /stat HTTP/1.1
Host: resistcorrectly.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.regionic.info/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
Server: nginx/1.12.2
Date: Sat, 12 Nov 2022 08:38:35 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Access-Control-Allow-Origin: *
Set-Cookie: qwerty_stat=0; expires=Sat, 12-Nov-2022 09:38:35 GMT; Max-Age=3600; path=/
Location: https://hlmiq.com/vu/a/
connect.facebook.net/fr_FR/sdk.js?hash=9ef9f5c9e4c60c9fc585559be2a4432e
31.13.72.12200 OK 88 kB URL HTTP/2 connect.facebook.net/fr_FR/sdk.js?hash=9ef9f5c9e4c60c9fc585559be2a4432e
IP 31.13.72.12:0
File type ASCII text, with very long lines (18530)
Hash 1dc90ffa769e8046bf0014319b915d24
9e81487f1487b1b2fbac4ff174c4b907336aa23b
183b529b929c5718ef67d200646884f696979dc17a77766262ffcb78b2a9731d
GET /fr_FR/sdk.js?hash=9ef9f5c9e4c60c9fc585559be2a4432e HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.regionic.info
Connection: keep-alive
Referer: http://www.regionic.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: 7655eb0a18294ef557515df97759e795
etag: "9ed8c5fa8b31b6e2ea1490a90fe50a0d"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Sun, 12 Nov 2023 06:36:49 GMT
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-fb-rlafr: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: HckP+naegEa/ABQxm5FdJA==
x-fb-debug: cyCVsHfOA/nrUfTzOdHzBb3gMTqPyQJRIX3XTFJgfXUnfh+bUiDXVygbxIL+6H5wKin4e3VD2v2IlTRFL+h5ZA==
priority: u=3,i
content-length: 88416
x-fb-trip-id: 1904183273
date: Sat, 12 Nov 2022 08:38:35 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 4b46bbcd35c85c4678b0e3e409bba3bc
bb0705335e28414345ad5fcdd61104cf2fbbbbc4
6c3df7e6d0a8491fe24c03df2ccba059ba2f84155a680a4a22f217d3870cff95
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 12 Nov 2022 08:38:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 1bb279167832b97b5e80041e8975740c
48d5f288978ea6717b16e0f96974a23603361cc2
894d4dd927851fb6078c3bd527e3f424c4e3ad3f6ebdfa7c0fee089e0ce044cd
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4649
Cache-Control: max-age=158609
Content-Type: application/ocsp-response
Date: Sat, 12 Nov 2022 08:38:35 GMT
Etag: "636f11f3-1d7"
Expires: Mon, 14 Nov 2022 04:42:04 GMT
Last-Modified: Sat, 12 Nov 2022 03:24:35 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 471
assets.pinterest.com/js/pinit.js
23.38.200.197200 OK 290 B URL HTTP/1.1 assets.pinterest.com/js/pinit.js
IP 23.38.200.197:0
File type ASCII text, with very long lines (361), with no line terminators
Hash 82bfd941d2c9b3b9e0650a27c9d11737
2eb742a101e79067c9df4d15b518bde85e8eeb2e
3f6e9b85ad3ee165ec6c9587d98d2a43588f7ba0f63d31ad019a0d4cbfd3f3d1
GET /js/pinit.js HTTP/1.1
Host: assets.pinterest.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/
HTTP/1.1 200 OK
ETag: "82bfd941d2c9b3b9e0650a27c9d11737"
Content-Encoding: gzip
Accept-Ranges: bytes
Content-Type: application/javascript; charset=utf-8
Content-Length: 290
Cache-Control: max-age=300
Connection: keep-alive
Vary: Accept-Encoding, Origin
X-CDN: akamai
Access-Control-Max-Age: 86400
Access-Control-Expose-Headers: X-CDN
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.P0B2vZm_jJk.O/m=plusone/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_nmCaDbrwZCe_WiNZEgKVKQ-FnSA/cb=gapi.loaded_0?le=scs
142.250.74.174200 OK 56 kB URL HTTP/2 apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.P0B2vZm_jJk.O/m=plusone/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_nmCaDbrwZCe_WiNZEgKVKQ-FnSA/cb=gapi.loaded_0?le=scs
IP 142.250.74.174:0
Hash d52670aeaefadc71f049b74d95062b66
725be117b394024d22e67a42787d82e308b69d91
413e5b5f64e458b68ada73bb5ea931b656906287417637ad9df29ae89d86b253
GET /_/scs/abc-static/_/js/k=gapi.lb.en.P0B2vZm_jJk.O/m=plusone/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_nmCaDbrwZCe_WiNZEgKVKQ-FnSA/cb=gapi.loaded_0?le=scs HTTP/1.1
Host: apis.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.regionic.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-length: 51265
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 09 Nov 2022 18:59:14 GMT
expires: Thu, 09 Nov 2023 18:59:14 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 04 Oct 2022 15:24:13 GMT
content-type: text/javascript; charset=UTF-8
age: 221961
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash e569acd833d180f3c2fba0919fbeb704
60a3121c9bf8e08a8a7fe70001c24b6f8c9981f5
994bee0670c93479c3e835985d24d7ce41fbc0a3013e173d79ea1ea5f63ac85c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 12 Nov 2022 08:38:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
apis.google.com/u/0/se/0/_/+1/fastbutton?usegapi=1&size=medium&hl=fr&origin=http%3A%2F%2Fwww.regionic.info&url=http%3A%2F%2Fwww.regionic.info%2Fjmb%2F%3Fp%3D128992&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.P0B2vZm_jJk.O%2Fd%3D1%2Frs%3DAHpOoo_nmCaDbrwZCe_WiNZEgKVKQ-FnSA%2Fm%3D__features__
142.250.74.174301 Moved Permanently 226 B URL HTTP/2 apis.google.com/u/0/se/0/_/+1/fastbutton?usegapi=1&size=medium&hl=fr&origin=http%3A%2F%2Fwww.regionic.info&url=http%3A%2F%2Fwww.regionic.info%2Fjmb%2F%3Fp%3D128992&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.P0B2vZm_jJk.O%2Fd%3D1%2Frs%3DAHpOoo_nmCaDbrwZCe_WiNZEgKVKQ-FnSA%2Fm%3D__features__
IP 142.250.74.174:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 4df07581948280a6e769a24c5d99d775
843a2c95362347eb8894a6acb607f139be65ded4
3561b93a48d81fac116ccd6e60163bd382abb1d594c81240f5718feb1f197f73
GET /u/0/se/0/_/+1/fastbutton?usegapi=1&size=medium&hl=fr&origin=http%3A%2F%2Fwww.regionic.info&url=http%3A%2F%2Fwww.regionic.info%2Fjmb%2F%3Fp%3D128992&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.P0B2vZm_jJk.O%2Fd%3D1%2Frs%3DAHpOoo_nmCaDbrwZCe_WiNZEgKVKQ-FnSA%2Fm%3D__features__ HTTP/1.1
Host: apis.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.regionic.info/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
location: http://developers.google.com/
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 12 Nov 2022 08:38:35 GMT
expires: Sat, 12 Nov 2022 09:08:35 GMT
cache-control: public, max-age=1800
server: sffe
content-length: 226
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
hyvesgames.nl/forwarded
104.21.86.44301 Moved Permanently 988 B IP 104.21.86.44:0
Hash 594a3f3edd4aae3ce0549351800beeba
710d06bd3c52db5fe0c423908d1af1147ecad379
79162dc1dfde2512413ad66863758c570e152e019292e9e1c7c4ca574263ddc9
GET /forwarded HTTP/1.1
Host: hyvesgames.nl
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.regionic.info/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Sat, 12 Nov 2022 08:38:34 GMT
content-type: text/html; charset=iso-8859-1
location: https://hyvesgames.nl/forwarded/
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qrLMsC%2FHpQ5u5%2Btt9tZZiEckXC4c2kyMxPX7WidzqzaDMPshZ1WQmZ50OrWNZZr%2BobpMbBSBlr8prohmB1QIAQfwyWZFL1JPgpNpjjqnfCssz5tH7fQFfPcNmNfboRmN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 768df3c38833b527-OSL
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 313 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 41a10410d6ca4659e3c4ada0a14652df
6b572f54f09333353469ef69d5daaa729a890739
174ab981862e63b34c4460200ca3440b3aef2eabd599df84a69e89abe36354e2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "21175866DC220302CAE50C6502726A4FB815D898BD38680B07DCDE4B449EA9BA"
Last-Modified: Fri, 11 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7283
Expires: Sat, 12 Nov 2022 10:39:58 GMT
Date: Sat, 12 Nov 2022 08:38:35 GMT
Connection: keep-alive
assets.pinterest.com/js/pinit_main.js?0.9535647310331781
23.38.200.197200 OK 19 kB URL HTTP/2 assets.pinterest.com/js/pinit_main.js?0.9535647310331781
IP 23.38.200.197:0
File type Unicode text, UTF-8 text, with very long lines (32016)
Hash 3725764cf05d1a0938de73d398772331
abdc742d760ca9c8f28c8d44ca9796d9ad6c0bc7
f8c41f2f59fc9e9d088bc9002eef583c3cf256b4cd371619b18107b4abd92812
GET /js/pinit_main.js?0.9535647310331781 HTTP/1.1
Host: assets.pinterest.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.regionic.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "3725764cf05d1a0938de73d398772331"
content-encoding: br
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
content-length: 18679
cache-control: max-age=225
vary: Accept-Encoding, Origin
x-cdn: akamai
access-control-max-age: 86400
access-control-expose-headers: X-CDN
access-control-allow-methods: GET
access-control-allow-origin: *
X-Firefox-Spdy: h2
hlmiq.com/vu/a/
142.132.202.70200 OK 1.1 kB IP 142.132.202.70:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a2a34a2d5c3a5faa33124cdc87c45624
156dba70d8eecd71ebaddbdee8226ea29ab41f12
7463b97c35eff3a2011afa6fab8c3ad83df342cf08bcb8b7c54281e5b5524915
GET /vu/a/ HTTP/1.1
Host: hlmiq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.regionic.info/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 12 Nov 2022 08:38:35 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
developers.google.com/
142.250.74.14301 Moved Permanently 0 B IP 142.250.74.14:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: developers.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.regionic.info/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Location: https://developers.google.com/
X-Cloud-Trace-Context: 3afbcae3137b915c86cbcb559d48dd46
Date: Sat, 12 Nov 2022 08:38:35 GMT
Content-Type: text/html
Server: Google Frontend
Content-Length: 0
accounts.google.com/o/oauth2/postmessageRelay?parent=http%3A%2F%2Fwww.regionic.info&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.P0B2vZm_jJk.O%2Fd%3D1%2Frs%3DAHpOoo_nmCaDbrwZCe_WiNZEgKVKQ-FnSA%2Fm%3D__features__
216.58.207.237200 OK 831 B URL HTTP/2 accounts.google.com/o/oauth2/postmessageRelay?parent=http%3A%2F%2Fwww.regionic.info&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.P0B2vZm_jJk.O%2Fd%3D1%2Frs%3DAHpOoo_nmCaDbrwZCe_WiNZEgKVKQ-FnSA%2Fm%3D__features__
IP 216.58.207.237:0
Hash e2b15fe044e715f52fb62ff646dc1fd3
03d3aa0cac8c33a5d3113e09f323e6966750e828
2c1e9eb9fd2075787572d081dda2a4c7eea1e4ecd71b2cb357ca28893ea5fcb2
GET /o/oauth2/postmessageRelay?parent=http%3A%2F%2Fwww.regionic.info&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.P0B2vZm_jJk.O%2Fd%3D1%2Frs%3DAHpOoo_nmCaDbrwZCe_WiNZEgKVKQ-FnSA%2Fm%3D__features__ HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.regionic.info/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 12 Nov 2022 08:38:35 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /o/cspreport, script-src 'nonce-aqWRHTVvrX64VHHZwRYMNQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
syndication.twitter.com/settings?session_id=92f3e8c7dbbdb94979f20c46abd7f4721fe44baf
104.244.42.8200 OK 374 B URL HTTP/2 syndication.twitter.com/settings?session_id=92f3e8c7dbbdb94979f20c46abd7f4721fe44baf
IP 104.244.42.8:0
File type JSON data\012- , ASCII text, with very long lines (913), with no line terminators
Hash 925c2a7587f39436ea29513221652474
695b7f2f3d99f407bcdfd0b372db0e28193cc60c
62e36e14e5c219119cb51c3cdf43a2005512a1bd6ebf2d68d0c610a2e6e3ef0f
GET /settings?session_id=92f3e8c7dbbdb94979f20c46abd7f4721fe44baf HTTP/1.1
Host: syndication.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://platform.twitter.com/
Origin: https://platform.twitter.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Sat, 12 Nov 2022 08:38:34 GMT
perf: 7626143928
vary: Origin
server: tsa_o
content-type: application/json; charset=utf-8
cache-control: must-revalidate, max-age=600
last-modified: Sat, 12 Nov 2022 08:38:35 GMT
content-length: 374
content-encoding: gzip
x-transaction-id: 7619d519df448e8e
strict-transport-security: max-age=631138519
access-control-allow-origin: https://platform.twitter.com
access-control-allow-credentials: true
x-response-time: 108
x-connection-hash: 1b6dfd1b68ac8472e6827fe15e76d4c8fc4e5394209a5494b56ff6823aae0f8b
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash e3f9965225cba49c71506d7dee4c1647
d1d30248236cfe679fa182860d69634d30f5b0ca
8a2641a2fa1026f8893b4acf7f7c78c633a1408779f3063c87ad292729300d97
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 12 Nov 2022 08:38:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
hlmiq.com/vu/krug.gif
142.132.202.70200 OK 35 kB IP 142.132.202.70:0
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 64 x 64\012- data
Hash 4c01f48cbe445f3260ced97a71140a40
4d914378ba1aa9fe1b8bc44c381cc103260399cb
519d0ca82b0c49dd4a9de05072353e64e8d65fc8677d936ae5aea476c1397f81
GET /vu/krug.gif HTTP/1.1
Host: hlmiq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hlmiq.com/vu/a/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 12 Nov 2022 08:38:35 GMT
Content-Type: image/gif
Content-Length: 34904
Last-Modified: Thu, 26 Nov 2020 10:21:52 GMT
Connection: keep-alive
ETag: "5fbf81c0-8858"
Accept-Ranges: bytes
ssl.gstatic.com/accounts/o/1832714284-postmessagerelay.js
142.250.74.99200 OK 4.3 kB URL HTTP/2 ssl.gstatic.com/accounts/o/1832714284-postmessagerelay.js
IP 142.250.74.99:0
File type ASCII text, with very long lines (2267)
Hash 3f7502705229ccec9d066c5cd75e6c31
ede1663155afaa5a5213d075e6295c6d839b05c3
2be5113d3022d1819a19f327235d287a2538a03741fc08ccd9d55cc1d78b6282
GET /accounts/o/1832714284-postmessagerelay.js HTTP/1.1
Host: ssl.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://accounts.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/federated-signon-mpm-access
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="federated-signon-mpm-access"
report-to: {"group":"federated-signon-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/federated-signon-mpm-access"}]}
content-length: 4294
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 09 Nov 2022 18:48:12 GMT
expires: Thu, 09 Nov 2023 18:48:12 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 08 Nov 2022 01:07:49 GMT
content-type: text/javascript
age: 222623
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2c59405362663d2ba8c623aad419b16f
1151c76731af0f649103cf56824aab6387185cb8
7cc32830ffa73c7af57fc6ea6261cc26ce6cde62d7efe4351436648192acbc4d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7CC32830FFA73C7AF57FC6EA6261CC26CE6CDE62D7EFE4351436648192ACBC4D"
Last-Modified: Fri, 11 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10732
Expires: Sat, 12 Nov 2022 11:37:27 GMT
Date: Sat, 12 Nov 2022 08:38:35 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash e3f9965225cba49c71506d7dee4c1647
d1d30248236cfe679fa182860d69634d30f5b0ca
8a2641a2fa1026f8893b4acf7f7c78c633a1408779f3063c87ad292729300d97
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 12 Nov 2022 08:38:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
platform.twitter.com/js/button.d2f864f87f544dc0c11d7d712a191c1f.js
93.184.220.66200 OK 2.4 kB URL HTTP/1.1 platform.twitter.com/js/button.d2f864f87f544dc0c11d7d712a191c1f.js
IP 93.184.220.66:0
File type ASCII text, with very long lines (7017), with no line terminators
Hash 83616664e4155f8af0efb0576f8920cf
1277b0f4f935bec3ada0f87c45395bb6d9b2efbc
bb19d85932c5e8a952b6fc28c1df42aed6d6920f79ee3f2217d2484294d575d3
GET /js/button.d2f864f87f544dc0c11d7d712a191c1f.js HTTP/1.1
Host: platform.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.regionic.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 814658
Cache-Control: public, max-age=315360000
Content-Type: application/javascript; charset=utf-8
Date: Sat, 12 Nov 2022 08:38:35 GMT
Etag: "7bb2d17ac20be3bd6ec1079356afecd9+gzip"
Last-Modified: Wed, 02 Nov 2022 19:36:52 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (ska/F716)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=1
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 2362
platform.twitter.com/widgets/tweet_button.644279d1635fd969e87af94a98bd232b.fr.html
93.184.220.66200 OK 14 kB URL HTTP/1.1 platform.twitter.com/widgets/tweet_button.644279d1635fd969e87af94a98bd232b.fr.html
IP 93.184.220.66:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (32033)
Hash b4287f5f4e7144060cb7d55976a0dc7f
c5dc72929f46eb40fa323f073d832eb8b489ee0a
847bd24756126b49ffe04182885b0640e7d38a6888656ef850d962571e6b602b
GET /widgets/tweet_button.644279d1635fd969e87af94a98bd232b.fr.html HTTP/1.1
Host: platform.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.regionic.info/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 814627
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Sat, 12 Nov 2022 08:38:35 GMT
Etag: "53819b01f65edf7b7866e434b2c6ea89+gzip"
Last-Modified: Wed, 02 Nov 2022 19:36:56 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (ska/F716)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=1
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 13993
syndication.twitter.com/i/jot/embeds?l=%7B%22widget_origin%22%3A%22http%3A%2F%2Fwww.regionic.info%2Fjmb%2F%3Fp%3D128992%22%2C%22widget_frame%22%3Afalse%2C%22language%22%3A%22fr%22%2C%22message%22%3A%22m%3Anocount%3A%22%2C%22context%22%3A%22rufous-eol%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1668242315051%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%22a3525f077c700%3A1667415560940%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22share%22%2C%22action%22%3A%22impression%22%7D%7D&session_id=92f3e8c7dbbdb94979f20c46abd7f4721fe44baf
104.244.42.8200 OK 43 B URL HTTP/2 syndication.twitter.com/i/jot/embeds?l=%7B%22widget_origin%22%3A%22http%3A%2F%2Fwww.regionic.info%2Fjmb%2F%3Fp%3D128992%22%2C%22widget_frame%22%3Afalse%2C%22language%22%3A%22fr%22%2C%22message%22%3A%22m%3Anocount%3A%22%2C%22context%22%3A%22rufous-eol%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1668242315051%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%22a3525f077c700%3A1667415560940%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22share%22%2C%22action%22%3A%22impression%22%7D%7D&session_id=92f3e8c7dbbdb94979f20c46abd7f4721fe44baf
IP 104.244.42.8:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 377d257f2d2e294916143c069141c1c5
b7cae69682cf31dd670b65088db8395acda6ed3e
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
GET /i/jot/embeds?l=%7B%22widget_origin%22%3A%22http%3A%2F%2Fwww.regionic.info%2Fjmb%2F%3Fp%3D128992%22%2C%22widget_frame%22%3Afalse%2C%22language%22%3A%22fr%22%2C%22message%22%3A%22m%3Anocount%3A%22%2C%22context%22%3A%22rufous-eol%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1668242315051%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%22a3525f077c700%3A1667415560940%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22share%22%2C%22action%22%3A%22impression%22%7D%7D&session_id=92f3e8c7dbbdb94979f20c46abd7f4721fe44baf HTTP/1.1
Host: syndication.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.regionic.info/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 12 Nov 2022 08:38:35 GMT
perf: 7626143928
vary: Origin
server: tsa_o
content-type: image/gif
cache-control: must-revalidate, max-age=600
last-modified: Sat, 12 Nov 2022 08:38:35 GMT
content-length: 43
x-transaction-id: 81a1840f862d9905
strict-transport-security: max-age=631138519
x-response-time: 114
x-connection-hash: 1b6dfd1b68ac8472e6827fe15e76d4c8fc4e5394209a5494b56ff6823aae0f8b
X-Firefox-Spdy: h2
experience.tripster.ru/partner/geo_detect/
51.250.76.213200 OK 0 B URL HTTP/2 experience.tripster.ru/partner/geo_detect/
IP 51.250.76.213:0
ASN #200350 Yandex.Cloud LLC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /partner/geo_detect/ HTTP/1.1
Host: experience.tripster.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://hlmiq.com/
Origin: https://hlmiq.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 12 Nov 2022 08:38:36 GMT
content-type: text/html; charset=utf-8
content-length: 0
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Origin,X-Requested-With,Content-Type,Accept,X-Auth-Token,X-CSRF-Token,x-requested-with
access-control-max-age: 84600
vary: Accept-Language
content-language: ru
set-cookie: device_id=9954fe35-39e4-4172-8c19-0f4e35504027; Domain=.tripster.ru; expires=Sun, 12 Nov 2023 08:38:36 GMT; HttpOnly; Max-Age=31536000; Path=/
x-request-id: e90571279725415be47ddcf27bed9855
X-Firefox-Spdy: h2
www.facebook.com/v2.0/plugins/like.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2b3c00955b19cc%26domain%3Dwww.regionic.info%26is_canvas%3Dfalse%26origin%3Dhttp%253A%252F%252Fwww.regionic.info%252Ff1226660c1de8b4%26relation%3Dparent.parent&container_width=0&href=http%3A%2F%2Fwww.regionic.info%2Fjmb%2F%3Fp%3D128992&layout=button_count&locale=fr_FR&sdk=joey&share=true&width=100
31.13.72.36200 OK 0 B URL HTTP/2 www.facebook.com/v2.0/plugins/like.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2b3c00955b19cc%26domain%3Dwww.regionic.info%26is_canvas%3Dfalse%26origin%3Dhttp%253A%252F%252Fwww.regionic.info%252Ff1226660c1de8b4%26relation%3Dparent.parent&container_width=0&href=http%3A%2F%2Fwww.regionic.info%2Fjmb%2F%3Fp%3D128992&layout=button_count&locale=fr_FR&sdk=joey&share=true&width=100
IP 31.13.72.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v2.0/plugins/like.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2b3c00955b19cc%26domain%3Dwww.regionic.info%26is_canvas%3Dfalse%26origin%3Dhttp%253A%252F%252Fwww.regionic.info%252Ff1226660c1de8b4%26relation%3Dparent.parent&container_width=0&href=http%3A%2F%2Fwww.regionic.info%2Fjmb%2F%3Fp%3D128992&layout=button_count&locale=fr_FR&sdk=joey&share=true&width=100 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.regionic.info/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html;charset=utf-8
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-xss-protection: 0
x-fb-debug: pPGM2p80RJQy5U6cm5eB4ZwORqx2qdsysWp6/gzsX5osixlJRQnHFmwAMu34/+6l8oZM/AZiuVIt1o010kV7Ug==
content-length: 0
date: Sat, 12 Nov 2022 08:38:36 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
experience.tripster.ru/partner/widget_iframe.js?debug=false&iframe_id=tripster-widget-158313&mode=plug&content_suffix=horizontal-list-common.common&partner=touristiktales&experiment=&widget_info_string=
51.250.76.213200 OK 18 kB URL HTTP/2 experience.tripster.ru/partner/widget_iframe.js?debug=false&iframe_id=tripster-widget-158313&mode=plug&content_suffix=horizontal-list-common.common&partner=touristiktales&experiment=&widget_info_string=
IP 51.250.76.213:0
ASN #200350 Yandex.Cloud LLC
Hash ac45b8167523b0298fbdfeea8e95dd97
076cd360e9033904d9416f0d897009f5f91e7cff
e40c008bb1d7d3a73987a1d9efaad0aecb3ab357670b21627e58b6f110a40f60
GET /partner/widget_iframe.js?debug=false&iframe_id=tripster-widget-158313&mode=plug&content_suffix=horizontal-list-common.common&partner=touristiktales&experiment=&widget_info_string= HTTP/1.1
Host: experience.tripster.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://experience.tripster.ru/partner/?template=horizontal-list&partner=touristiktales&order=top&num=1&font_size=small&features=nolistbutton%2Cnotitle&script_id=tripster-widget-158313&version=2&is_context=true
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 12 Nov 2022 08:38:36 GMT
content-type: application/javascript
last-modified: Fri, 11 Nov 2022 08:07:57 GMT
vary: Accept-Encoding
etag: W/"636e02dd-bf74"
cache-control: max-age=0, private, must-revalidate
content-encoding: gzip
x-request-id: 9a356b01775f79165bd44cc75d6da3e9
X-Firefox-Spdy: h2
experience.tripster.ru/partner/?template=horizontal-list&partner=touristiktales&order=top&num=1&font_size=small&features=nolistbutton%2Cnotitle&script_id=tripster-widget-158313&version=2&is_context=true
51.250.76.213200 OK 106 kB URL HTTP/2 experience.tripster.ru/partner/?template=horizontal-list&partner=touristiktales&order=top&num=1&font_size=small&features=nolistbutton%2Cnotitle&script_id=tripster-widget-158313&version=2&is_context=true
IP 51.250.76.213:0
ASN #200350 Yandex.Cloud LLC
Size 106 kB (106234 bytes)
Hash 4f108057dc08ace8490e6a263d3f0100
f58f9149d27ca7e389411281fce94f5891457c5a
2de7ab55aca4992f61dcea4bfcfea79805261b723eb9ff99783c0237af9c0fdd
GET /partner/?template=horizontal-list&partner=touristiktales&order=top&num=1&font_size=small&features=nolistbutton%2Cnotitle&script_id=tripster-widget-158313&version=2&is_context=true HTTP/1.1
Host: experience.tripster.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hlmiq.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 12 Nov 2022 08:38:36 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding, Accept-Language
content-language: ru
cache-control: max-age=0, private, must-revalidate
content-encoding: gzip
x-request-id: 6041a2ba40d5caf1592e0317b5761d1f
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash e7dc2623cb841be51d3e8857e015d8e1
cbfdb2a7b965598de893fef89d47e17763501acf
df1fc0809a603469e6abcf1f07a13d792550d68c862f80e38c00e47e9b233a5b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 12 Nov 2022 08:38:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash e7dc2623cb841be51d3e8857e015d8e1
cbfdb2a7b965598de893fef89d47e17763501acf
df1fc0809a603469e6abcf1f07a13d792550d68c862f80e38c00e47e9b233a5b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 12 Nov 2022 08:38:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.regionic.info/jmb/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
83.166.138.58200 OK 0 B URL HTTP/1.1 www.regionic.info/jmb/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
IP 83.166.138.58:0
ASN #29222 Infomaniak Network SA
Analyzer Verdict Alert fortinet Phishing
GET /jmb/wp-includes/js/jquery/jquery.min.js?ver=3.6.0 HTTP/1.1
Host: www.regionic.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.regionic.info/jmb/?p=128992
HTTP/1.1 200 OK
Date: Sat, 12 Nov 2022 08:38:32 GMT
Server: Apache
Last-Modified: Tue, 21 Jun 2022 06:43:55 GMT
ETag: "15db1-5e1ef8b65f233-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 30908
Content-Type: application/javascript
static.buffer.com/js/button.js
104.16.141.52200 OK 0 B URL HTTP/2 static.buffer.com/js/button.js
IP 104.16.141.52:0
GET /js/button.js HTTP/1.1
Host: static.buffer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.regionic.info/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 12 Nov 2022 08:38:33 GMT
content-type: text/javascript
x-amz-id-2: Ez4lz1aR1yMYZHegBAJ5vo0CmbjWEJDT1L7iuTPXlEI15UkH8cOSAh+JlIzIVKpOc5SOw7ZdQLw=
x-amz-request-id: PR1Y3NMPESV3ARMJ
last-modified: Sat, 01 Apr 2017 01:06:37 GMT
etag: W/"c8686dc19498aa717127b1d47a53a912"
cf-cache-status: HIT
age: 5898
expires: Sat, 12 Nov 2022 12:38:33 GMT
cache-control: public, max-age=14400
set-cookie: __cf_bm=O.L6JGTtdBez.B.uiu0MJNY2dqAuAm8DkVHf0mPcWqQ-1668242313-0-ATyPZaCPs/vP3jg6Dnysxr2tyHrOsnPMvoZnpHyPDMrutwl4sAJg2Le83gZpF85XjqBcb63MXjne4mnI0JO51rc=; path=/; expires=Sat, 12-Nov-22 09:08:33 GMT; domain=.buffer.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
strict-transport-security: max-age=15552000
x-content-type-options: nosniff
server: cloudflare
cf-ray: 768df3b84819b50c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
hyvesgames.nl/forwarded/
104.21.86.44200 OK 0 B IP 104.21.86.44:0
GET /forwarded/ HTTP/1.1
Host: hyvesgames.nl
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.regionic.info/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 12 Nov 2022 08:38:34 GMT
content-type: text/html
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
last-modified: Fri, 11 Nov 2022 16:08:12 GMT
vary: Accept-Encoding
p3p: CP="IDC DSP DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS UNI NAV INT PRE", CP="NOI DSP COR NID PSA ADM OUR IND NAV COM"
content-security-policy: sandbox allow-same-origin allow-scripts allow-orientation-lock allow-pointer-lock allow-forms allow-popups allow-top-navigation-by-user-activation;
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r7PoTKK8j7oCiPnTQDdQegAy7z6xipqF%2BX1hkvZcgVwWiCLQ5czfldyDyxvt%2BhOLIKL8Q6Ypp6yKMEaBDTpMr4tkVIQxPyRFu1LMxZYVlk0r547ym%2Bf2RKANHWgtSEv3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 768df3c438f2b527-OSL
content-encoding: br
X-Firefox-Spdy: h2
static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993
104.16.56.101200 OK 0 B URL HTTP/2 static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993
IP 104.16.56.101:0
GET /beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://button.buffer.com
Connection: keep-alive
Referer: https://button.buffer.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 12 Nov 2022 08:38:35 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/2022.10.1
last-modified: Fri, 21 Oct 2022 01:56:09 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 768df3c4ebedb503-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
developers.google.com/
142.250.74.14200 OK 0 B IP 142.250.74.14:0
GET / HTTP/1.1
Host: developers.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.regionic.info/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Thu, 10 Nov 2022 18:10:23 GMT
content-type: text/html; charset=utf-8
set-cookie: _ga_devsite=GA1.3.1493772611.1668242316; Expires=Mon, 11 Nov 2024 08:38:36 GMT; Max-Age=63072000; Path=/
content-security-policy: base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-11Aqdez1bHyRyuyfLgk8OZEGRkwNaN' 'unsafe-eval'; report-uri https://csp.withgoogle.com/csp/devsite/v2
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 0
x-content-type-options: nosniff
cache-control: no-cache, must-revalidate
expires: 0
pragma: no-cache
content-encoding: gzip
x-cloud-trace-context: 7f44b74a44300e0bd7a7267c0eeb0a2d
vary: Accept-Encoding
date: Sat, 12 Nov 2022 08:38:36 GMT
server: Google Frontend
content-length: 22422
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
widgets.pinterest.com/v1/urls/count.json?url=http%3A%2F%2Fwww.regionic.info%2Fjmb%2F%3Fp%3D128992&callback=PIN_1668242314712.f.callback[0]
151.101.84.84200 OK 0 B URL HTTP/2 widgets.pinterest.com/v1/urls/count.json?url=http%3A%2F%2Fwww.regionic.info%2Fjmb%2F%3Fp%3D128992&callback=PIN_1668242314712.f.callback[0]
IP 151.101.84.84:0
GET /v1/urls/count.json?url=http%3A%2F%2Fwww.regionic.info%2Fjmb%2F%3Fp%3D128992&callback=PIN_1668242314712.f.callback[0] HTTP/1.1
Host: widgets.pinterest.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.regionic.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-content-type-options: nosniff
access-control-allow-origin: *
content-type: application/javascript
cache-control: must-revalidate, max-age=887
expires: Sat, 12 Nov 2022 08:53:35 GMT
x-envoy-upstream-service-time: 4
x-pinterest-rid: 4607700813651915
date: Sat, 12 Nov 2022 08:38:35 GMT
age: 0
content-encoding: br
vary: accept-encoding
accept-ranges: none
X-Firefox-Spdy: h2
platform.tumblr.com/v1/share.js?ver=6.0.3
74.114.154.15200 OK 0 B URL HTTP/2 platform.tumblr.com/v1/share.js?ver=6.0.3
IP 74.114.154.15:0
GET /v1/share.js?ver=6.0.3 HTTP/1.1
Host: platform.tumblr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.regionic.info/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty
date: Sat, 12 Nov 2022 08:38:33 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sun, 21 Aug 2022 06:27:38 GMT
vary: Accept-Encoding
etag: W/"6301d05a-60"
expires: Sat, 12 Nov 2022 09:38:33 GMT
pragma: public
content-encoding: br
cache-control: max-age=3600, immutable
timing-allow-origin: *
access-control-allow-origin: *
X-Firefox-Spdy: h2
experience.tripster.ru/partner/widget.js?template=horizontal-list&order=top&width=100%25&num=1&font_size=small&version=2&partner=touristiktales&features=nolistbutton%2Cnotitle&script_id=tripster-widget-158313
51.250.76.213200 OK 0 B URL HTTP/2 experience.tripster.ru/partner/widget.js?template=horizontal-list&order=top&width=100%25&num=1&font_size=small&version=2&partner=touristiktales&features=nolistbutton%2Cnotitle&script_id=tripster-widget-158313
IP 51.250.76.213:0
ASN #200350 Yandex.Cloud LLC
GET /partner/widget.js?template=horizontal-list&order=top&width=100%25&num=1&font_size=small&version=2&partner=touristiktales&features=nolistbutton%2Cnotitle&script_id=tripster-widget-158313 HTTP/1.1
Host: experience.tripster.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hlmiq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 12 Nov 2022 08:38:35 GMT
content-type: application/javascript
last-modified: Fri, 11 Nov 2022 08:07:57 GMT
vary: Accept-Encoding
etag: W/"636e02dd-14121"
cache-control: max-age=0, private, must-revalidate
content-encoding: gzip
x-request-id: f2c71e0dc8d0f992bf48859b60f8071d
X-Firefox-Spdy: h2