Report - cima-club.bar/episode/%D9%85%D8%B3%D9%84%D8%B3%D9%84-stranger-things-%D8%A7%D9%84%D9%85%D9%88%D8%B3%D9%85-1-%D8%A7%D9%84%D8%A7%D9%88%D9%84-%D8%A7%D9%84%D8%AD%D9%84%D9%82%D8%A9-3-%D8%A7%D9%84%D8%AB%D8%A7%D9%84%D8%AB%D8%A9

Report Overview

Submitted URL
cima-club.bar/episode/%D9%85%D8%B3%D9%84%D8%B3%D9%84-stranger-things-%D8%A7%D9%84%D9%85%D9%88%D8%B3%D9%85-1-%D8%A7%D9%84%D8%A7%D9%88%D9%84-%D8%A7%D9%84%D8%AD%D9%84%D9%82%D8%A9-3-%D8%A7%D9%84%D8%AB%D8%A7%D9%84%D8%AB%D8%A9
IP
172.67.128.201
ASN
#13335 CLOUDFLARENET
Submitted
2022-09-06 22:46:38
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
6

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	321 B	229 B	34.117.237.239
stackpath.bootstrapcdn.com	2467	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	946 B	95 kB	104.18.11.207
marinegruffexpecting.com	423448	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	390 B	21 kB	192.243.61.227
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	54 kB	34.120.237.76
e1.o.lencr.org	6159	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	4.4 kB	23.36.77.32
ocsp.globalsign.com	2075	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	356 B	1.9 kB	104.18.21.226
ocsp.sca1b.amazontrust.com	1015	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	338 B	944 B	54.230.245.100
fonts.googleapis.com	8877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	824 B	1.5 kB	142.250.74.10
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.6 kB	38 kB	23.36.77.32
banquetunarmedgrater.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	360 B	327 B	192.243.59.20
addresseepaper.com	18169	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	346 B	956 B	104.21.234.254
cima-club.bar	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.2 kB	2.1 kB	172.67.128.201
cdn.rawgit.com	8186	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	395 B	1.1 kB	194.242.11.186
cdn4.iconfinder.com	80930	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	397 B	2.8 kB	172.66.40.94
deividmarques.github.io	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	425 B	13 kB	185.199.111.153
www.google-analytics.com	40	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.6 kB	21 kB	142.250.74.174
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	758 B	2.7 kB	143.204.55.35
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	5.8 kB	143.204.55.49
fonts.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.9 kB	55 kB	142.250.74.163
cdn.jsdelivr.net	439	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	392 B	1.2 kB	151.101.85.229
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.6 kB	54 kB	142.250.74.3
www.googletagmanager.com	75	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	371 B	44 kB	142.250.74.72
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594 B	127 B	54.149.101.24
perryvolleyball.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	431 B	467 B	192.243.59.12
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	329 B	797 B	93.184.220.29
unseenreport.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	680 B	423 B	192.243.61.227
simplewebanalysis.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	375 B	406 B	18.195.40.233
region1.google-analytics.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.2 kB	560 B	216.239.32.36

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-09-06	medium	perryvolleyball.com	Sinkholed
2022-09-06	medium	banquetunarmedgrater.com	Sinkholed
2022-09-06	medium	unseenreport.com	Sinkholed

JavaScript (16)

	URL	Size	First Seen	Last Seen
	cima-club.bar/episode/%D9%85%D8%B3%D9%84%D8%B3%D9%84-stranger-things-%D8%A7%D9%84%D9%85%D9%88%D8%B3%D9%85-1-%D8%A7%D9%84%D8%A7%D9%88%D9%84-%D8%A7%D9%84%D8%AD%D9%84%D9%82%D8%A9-3-%D8%A7%D9%84%D8%AB%D8%A7%D9%84%D8%AB%D8%A9	155 B	2023-03-07	2023-11-17
Pretty URL cima-club.bar/episode/%D9%85%D8%B3%D9%84%D8%B3%D9%84-stranger-things-%D8%A7%D9%84%D9%85%D9%88%D8%B3%D9%85-1-%D8%A7%D9%84%D8%A7%D9%88%D9%84-%D8%A7%D9%84%D8%AD%D9%84%D9%82%D8%A9-3-%D8%A7%D9%84%D8%AB%D8%A7%D9%84%D8%AB%D8%A9 IP 172.67.128.201 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:26:30 Last Seen2023-11-17 18:46:40 Times Seen38 Hash 6897055a2e11901f9cecdb136f9a08c6 52e4b9691e2fb8a85c29c6a5c50dd77016f3f64c d732616e065bd7c2fe648b5e1ff8dc61e544f203a88b10d2d39121717fa44844 Loading...

	cima-club.bar/episode/%D9%85%D8%B3%D9%84%D8%B3%D9%84-stranger-things-%D8%A7%D9%84%D9%85%D9%88%D8%B3%D9%85-1-%D8%A7%D9%84%D8%A7%D9%88%D9%84-%D8%A7%D9%84%D8%AD%D9%84%D9%82%D8%A9-3-%D8%A7%D9%84%D8%AB%D8%A7%D9%84%D8%AB%D8%A9	157 B	2023-03-07	2023-11-17
Pretty URL cima-club.bar/episode/%D9%85%D8%B3%D9%84%D8%B3%D9%84-stranger-things-%D8%A7%D9%84%D9%85%D9%88%D8%B3%D9%85-1-%D8%A7%D9%84%D8%A7%D9%88%D9%84-%D8%A7%D9%84%D8%AD%D9%84%D9%82%D8%A9-3-%D8%A7%D9%84%D8%AB%D8%A7%D9%84%D8%AB%D8%A9 IP 172.67.128.201 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:26:31 Last Seen2023-11-17 18:46:40 Times Seen42 Hash e43fb1125f506ed60746b6c113f30278 21beef3b222ef281dafcd843f1c478bd74edba61 814167bdd05519757e8bbbca40f425b0785312206d271ae49e9f0bab8f3ed0f0 Loading...

	www.google-analytics.com/analytics.js	50 kB	2023-03-07	2024-04-18
Pretty URL www.google-analytics.com/analytics.js IP 142.250.74.174 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-04-18 21:14:10 Times Seen840 Hash d40531c5e99a6f84e42535859476fe35 a901817d77b2fe5259c298c91bc65c54d7f8a1a9 a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210 Loading...

	banquetunarmedgrater.com/advertisers.js	0 B	2023-03-07	2024-04-19
Pretty URL banquetunarmedgrater.com/advertisers.js IP 192.243.59.20 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-19 01:46:30 Times Seen36950630 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	cima-club.bar/themes/CimaClub/js/jquery-3.3.1.min.js?v=1.1.7	87 kB	2023-03-07	2024-04-18
Pretty URL cima-club.bar/themes/CimaClub/js/jquery-3.3.1.min.js?v=1.1.7 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:26 Last Seen2024-04-18 11:28:16 Times Seen12137 Hash af4078402c5e090d3f81d1abd71e2250 9592732de681f4365e9b7016dc5cf76e2a55ee9b 8603b20b548270423fb03c2138c16f5f863ead4c48eb0999167df869e2eef8a6 Loading...

	cima-club.bar/episode/%D9%85%D8%B3%D9%84%D8%B3%D9%84-stranger-things-%D8%A7%D9%84%D9%85%D9%88%D8%B3%D9%85-1-%D8%A7%D9%84%D8%A7%D9%88%D9%84-%D8%A7%D9%84%D8%AD%D9%84%D9%82%D8%A9-3-%D8%A7%D9%84%D8%AB%D8%A7%D9%84%D8%AB%D8%A9	922 B	2023-03-07	2023-03-07
Pretty URL cima-club.bar/episode/%D9%85%D8%B3%D9%84%D8%B3%D9%84-stranger-things-%D8%A7%D9%84%D9%85%D9%88%D8%B3%D9%85-1-%D8%A7%D9%84%D8%A7%D9%88%D9%84-%D8%A7%D9%84%D8%AD%D9%84%D9%82%D8%A9-3-%D8%A7%D9%84%D8%AB%D8%A7%D9%84%D8%AB%D8%A9 IP 172.67.128.201 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:16:09 Last Seen2023-03-07 15:23:26 Times Seen1 Hash 1839576df54cfe5a4313035685bd8d28 40df61ef71329bf7b4f8ffae2e6bdb9d526dc403 e70d11d8404c21a2f32d772abad6839232fe3e8d4acd3a780b5b183fd197bcc7 Loading...

	cima-club.bar/episode/%D9%85%D8%B3%D9%84%D8%B3%D9%84-stranger-things-%D8%A7%D9%84%D9%85%D9%88%D8%B3%D9%85-1-%D8%A7%D9%84%D8%A7%D9%88%D9%84-%D8%A7%D9%84%D8%AD%D9%84%D9%82%D8%A9-3-%D8%A7%D9%84%D8%AB%D8%A7%D9%84%D8%AB%D8%A9	377 B	2023-03-07	2023-03-07
Pretty URL cima-club.bar/episode/%D9%85%D8%B3%D9%84%D8%B3%D9%84-stranger-things-%D8%A7%D9%84%D9%85%D9%88%D8%B3%D9%85-1-%D8%A7%D9%84%D8%A7%D9%88%D9%84-%D8%A7%D9%84%D8%AD%D9%84%D9%82%D8%A9-3-%D8%A7%D9%84%D8%AB%D8%A7%D9%84%D8%AB%D8%A9 IP 172.67.128.201 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:16:09 Last Seen2023-03-07 15:23:26 Times Seen1 Hash 219e28316b94a010ea2b2b94f5b771dc 22acc8c90404c6ad8dfd248e846b5299ed153f03 f5d8ba03b7124bdac313c5402137db02b8d6509e4959bdd6b7162206c7a910e3 Loading...

	marinegruffexpecting.com/d3/18/fa/d318fa08f9d0af3f53ed4dad0b4564e8.js	59 kB	2023-03-07	2023-03-07
Pretty URL marinegruffexpecting.com/d3/18/fa/d318fa08f9d0af3f53ed4dad0b4564e8.js IP 192.243.61.227 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:16:09 Last Seen2023-03-07 13:16:09 Times Seen1 Hash 64908dbb0679d5aa8970178a71a32e0e 9e8a676b0c71c0206b3d55ea907a782c308e1a67 ab6a60db4363ef3bfff8b39ce08297f3b57a584a4a60a4cf603a26ccf9ab71a8 Loading...

	cima-club.bar/episode/%D9%85%D8%B3%D9%84%D8%B3%D9%84-stranger-things-%D8%A7%D9%84%D9%85%D9%88%D8%B3%D9%85-1-%D8%A7%D9%84%D8%A7%D9%88%D9%84-%D8%A7%D9%84%D8%AD%D9%84%D9%82%D8%A9-3-%D8%A7%D9%84%D8%AB%D8%A7%D9%84%D8%AB%D8%A9	6.5 kB	2023-03-07	2023-03-07
Pretty URL cima-club.bar/episode/%D9%85%D8%B3%D9%84%D8%B3%D9%84-stranger-things-%D8%A7%D9%84%D9%85%D9%88%D8%B3%D9%85-1-%D8%A7%D9%84%D8%A7%D9%88%D9%84-%D8%A7%D9%84%D8%AD%D9%84%D9%82%D8%A9-3-%D8%A7%D9%84%D8%AB%D8%A7%D9%84%D8%AB%D8%A9 IP 172.67.128.201 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:16:09 Last Seen2023-03-07 13:16:09 Times Seen1 Hash d20991b231a76b1e37fb666688e4c7c8 2b8f98dd7719caa9603f7269b9839a4cfcf28ce4 81243aec546005e1ef0da7f89ab21b0505bdcb2d28ba39ddd55f9f1743816b41 Loading...

	cima-club.bar/themes/CimaClub/js/tornado.min.js?v=1.2.2	191 kB	2023-03-07	2023-11-17
Pretty URL cima-club.bar/themes/CimaClub/js/tornado.min.js?v=1.2.2 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:26:31 Last Seen2023-11-17 18:46:40 Times Seen69 Hash d93607ad1efbc2acd5e443ecf43135ef c2af80e2e9cf2c1599b17f8bbe8fca0a48008789 7b06f659aacaa1af97c624506d4a055993ebbcc15f04061b2e02272706420fef Loading...

	cima-club.bar/themes/CimaClub/js/pusher.min.js?v=1.1.7	62 kB	2023-03-07	2023-11-17
Pretty URL cima-club.bar/themes/CimaClub/js/pusher.min.js?v=1.1.7 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:26:31 Last Seen2023-11-17 18:46:41 Times Seen79 Hash ddef184b18bce04e19c5701fb3334ebd 8dd020f03a0e9eb28d7babfb78ef6c8113ed223f ce1bd1df2dd32d3ad07cd5776fd9bd3deb3681b4cc4755be8ff32c13d5fe1569 Loading...

	www.googletagmanager.com/gtag/js?id=UA-174083888-1	110 kB	2023-03-07	2023-03-07
Pretty URL www.googletagmanager.com/gtag/js?id=UA-174083888-1 IP 142.250.74.72 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:16:09 Last Seen2023-03-07 13:16:09 Times Seen1 Hash 1a9aeb05cd62ba23fc36f41cdfc1fbf0 237f5fb4eb2fde01c56d58e361edc7cb717ece06 2f4b40bce2e944f1b1e5deb324c22d81f4443e3237e1ab0843c5661c4f9d56fb Loading...

	cima-club.bar/episode/%D9%85%D8%B3%D9%84%D8%B3%D9%84-stranger-things-%D8%A7%D9%84%D9%85%D9%88%D8%B3%D9%85-1-%D8%A7%D9%84%D8%A7%D9%88%D9%84-%D8%A7%D9%84%D8%AD%D9%84%D9%82%D8%A9-3-%D8%A7%D9%84%D8%AB%D8%A7%D9%84%D8%AB%D8%A9	218 B	2023-03-07	2023-11-17
Pretty URL cima-club.bar/episode/%D9%85%D8%B3%D9%84%D8%B3%D9%84-stranger-things-%D8%A7%D9%84%D9%85%D9%88%D8%B3%D9%85-1-%D8%A7%D9%84%D8%A7%D9%88%D9%84-%D8%A7%D9%84%D8%AD%D9%84%D9%82%D8%A9-3-%D8%A7%D9%84%D8%AB%D8%A7%D9%84%D8%AB%D8%A9 IP 172.67.128.201 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:26:30 Last Seen2023-11-17 18:46:40 Times Seen38 Hash e617d950d83cb7a312b714f359461914 e71866431339ad9357158ad2362ae0b22d15602c c00f4d4acc26499f5d3e4fb49593de3313439f9231856263591f3caca99fd68b Loading...

	cima-club.bar/episode/%D9%85%D8%B3%D9%84%D8%B3%D9%84-stranger-things-%D8%A7%D9%84%D9%85%D9%88%D8%B3%D9%85-1-%D8%A7%D9%84%D8%A7%D9%88%D9%84-%D8%A7%D9%84%D8%AD%D9%84%D9%82%D8%A9-3-%D8%A7%D9%84%D8%AB%D8%A7%D9%84%D8%AB%D8%A9	21 B	2023-03-07	2024-04-02
Pretty URL cima-club.bar/episode/%D9%85%D8%B3%D9%84%D8%B3%D9%84-stranger-things-%D8%A7%D9%84%D9%85%D9%88%D8%B3%D9%85-1-%D8%A7%D9%84%D8%A7%D9%88%D9%84-%D8%A7%D9%84%D8%AD%D9%84%D9%82%D8%A9-3-%D8%A7%D9%84%D8%AB%D8%A7%D9%84%D8%AB%D8%A9 IP 172.67.128.201 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:26:30 Last Seen2024-04-02 09:37:41 Times Seen71 Hash caa8c05baf500ec297cb1352469cd469 66e9ea1d9cf60ef075d3d2205519b8260873a0bd b2da0e6cfe1d9aaa7375529d7ab56a39eecfc39b2a13bc90048590e17e3e4600 Loading...

	www.googletagmanager.com/gtag/js?id=G-J0QQKPLZPB&l=dataLayer&cx=c	208 kB	2023-03-07	2023-03-07
Pretty URL www.googletagmanager.com/gtag/js?id=G-J0QQKPLZPB&l=dataLayer&cx=c IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:16:09 Last Seen2023-03-07 13:16:09 Times Seen1 Hash 17a1ae4b4e49473b68b88ffb234f12c4 1eaae6f406d83f3fffa9914fd94de864cdf0d2fd 18be1e6d68cdf646ad90d52163c78420514ff9a81823d7de9dda5214b609fcb3 Loading...

	cdn.rawgit.com/admsev/jquery-play-sound/master/jquery.playSound.js?v=1.1.7	912 B	2023-03-07	2024-02-25
Pretty URL cdn.rawgit.com/admsev/jquery-play-sound/master/jquery.playSound.js?v=1.1.7 IP 194.242.11.186 ASN #34989 ServeTheWorld AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:26:30 Last Seen2024-02-25 04:02:19 Times Seen16 Hash b3dd33db12b77a70fdfc3901894d65dd e5c388dea3ca196fc956f07269fd87fa8a5d6259 f1240c5e81a12bb4e90be775a237f76c9e54f0e9251cf4dede4621911bb23927 Loading...

HTTP Transactions (63)

URL IP Response Size

cima-club.bar/episode/%D9%85%D8%B3%D9%84%D8%B3%D9%84-stranger-things-%D8%A7%D9%84%D9%85%D9%88%D8%B3%D9%85-1-%D8%A7%D9%84%D8%A7%D9%88%D9%84-%D8%A7%D9%84%D8%AD%D9%84%D9%82%D8%A9-3-%D8%A7%D9%84%D8%AB%D8%A7%D9%84%D8%AB%D8%A9

172.67.128.201

301 Moved Permanently

0 B

URL HTTP/1.1
cima-club.bar/episode/%D9%85%D8%B3%D9%84%D8%B3%D9%84-stranger-things-%D8%A7%D9%84%D9%85%D9%88%D8%B3%D9%85-1-%D8%A7%D9%84%D8%A7%D9%88%D9%84-%D8%A7%D9%84%D8%AD%D9%84%D9%82%D8%A9-3-%D8%A7%D9%84%D8%AB%D8%A7%D9%84%D8%AB%D8%A9
IP
172.67.128.201:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /episode/%D9%85%D8%B3%D9%84%D8%B3%D9%84-stranger-things-%D8%A7%D9%84%D9%85%D9%88%D8%B3%D9%85-1-%D8%A7%D9%84%D8%A7%D9%88%D9%84-%D8%A7%D9%84%D8%AD%D9%84%D9%82%D8%A9-3-%D8%A7%D9%84%D8%AB%D8%A7%D9%84%D8%AB%D8%A9 HTTP/1.1
Host: cima-club.bar
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Date: Tue, 06 Sep 2022 22:46:27 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Tue, 06 Sep 2022 23:46:27 GMT
Location: https://cima-club.bar/episode/%D9%85%D8%B3%D9%84%D8%B3%D9%84-stranger-things-%D8%A7%D9%84%D9%85%D9%88%D8%B3%D9%85-1-%D8%A7%D9%84%D8%A7%D9%88%D9%84-%D8%A7%D9%84%D8%AD%D9%84%D9%82%D8%A9-3-%D8%A7%D9%84%D8%AB%D8%A7%D9%84%D8%AB%D8%A9
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E9KepBvd2yFWAujLtKXOSC7Sj5SSS3H2%2F4P65Gc%2B0ZJW2zZ9Tg2rmlNgnGnmUU%2F%2FymXqrdcEjFbNQ17tdvncI7m8wvDoZOnWzibWgibln4gr6TH8p1cnFyUNKKLLluz4"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 746abda5ec830b69-OSL
alt-svc: h2=":443"; ma=60

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b9adda4796e3cda8d92753c46964621c
5f1eba1f6085b23dea088a91fe6f8947172f9f62
a0577a8fcfa81b3f86d99566eb4429655b93a238ffd1a3752bc9aae3d969deea

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A0577A8FCFA81B3F86D99566EB4429655B93A238FFD1A3752BC9AAE3D969DEEA"
Last-Modified: Tue, 06 Sep 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2707
Expires: Tue, 06 Sep 2022 23:31:34 GMT
Date: Tue, 06 Sep 2022 22:46:27 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

143.204.55.35

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
143.204.55.35:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
b593eb39329cfe060d55be5e4a5405e2
78e46c1028e9f94f8569303ad2d90d7df13a059a
08a810103557efe55ca4425ff0cf82593f1f54633df899127eaec9bee05d4d04

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Alert, Content-Length, Content-Type, Backoff
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 06 Sep 2022 22:04:31 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 475d4ecb64796af058573c6f1048e898.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: q-l2tIuo9LInYxidRdtXP8cQWwz9VfFVkseuZlA6MJ7VGIuac7EJdg==
Age: 2516

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain

143.204.55.49

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP
143.204.55.49:0
ASN
#16509 AMAZON-02

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Tue, 06 Sep 2022 01:15:18 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 185768229530368be94556dcab1c486a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: i91GztqE14_vTBkAVuXTdhZonm2q1Xt-wMiTqp87omYBHgvAiQFqgQ==
age: 77470
X-Firefox-Spdy: h2

e1.o.lencr.org/

23.36.77.32

200 OK

344 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
344 B (344 bytes)
Hash
5ba306ef48cd9fca0c94edd8184ce322
97a84822b6859936e4341bb135d8b487b78b5916
04dfe2b1109c4df6301f8ce7b45b3eb652f2c60b4b290ddc52221fff708eca13

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "04DFE2B1109C4DF6301F8CE7B45B3EB652F2C60B4B290DDC52221FFF708ECA13"
Last-Modified: Tue, 06 Sep 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8055
Expires: Wed, 07 Sep 2022 01:00:42 GMT
Date: Tue, 06 Sep 2022 22:46:27 GMT
Connection: keep-alive

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Tue, 06 Sep 2022 22:46:27 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

e1.o.lencr.org/

23.36.77.32

200 OK

344 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
344 B (344 bytes)
Hash
5ba306ef48cd9fca0c94edd8184ce322
97a84822b6859936e4341bb135d8b487b78b5916
04dfe2b1109c4df6301f8ce7b45b3eb652f2c60b4b290ddc52221fff708eca13

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "04DFE2B1109C4DF6301F8CE7B45B3EB652F2C60B4B290DDC52221FFF708ECA13"
Last-Modified: Tue, 06 Sep 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8055
Expires: Wed, 07 Sep 2022 01:00:42 GMT
Date: Tue, 06 Sep 2022 22:46:27 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

32 kB

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
32 kB (31740 bytes)
Hash
564e4d4ddd0ec17acece42ed29521c7f
d47ebaa8b07176911298c510f0e0900530781e23
8d12f4ebf4b49d6a896095a79222ebc17ee34b5b95b00b4aa3ef27c5ad35a144

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0D9FB9A043FA98450ACB71A830DAB2F5E905683ADFC126F31C4FA092CA74D9E2"
Last-Modified: Mon, 05 Sep 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20457
Expires: Wed, 07 Sep 2022 04:27:25 GMT
Date: Tue, 06 Sep 2022 22:46:28 GMT
Connection: keep-alive

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

47 kB

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
47 kB (46913 bytes)
Hash
5f0ce3781ca0493a5f7aa524120d9258
ed792b70ae327d9b683d29f487956085524c2632
8bf7324c68564d884ee763391c90f108b7089aef310234571eebdac6bb112754

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 22:46:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googletagmanager.com/gtag/js?id=UA-174083888-1

142.250.74.72

200 OK

43 kB

URL HTTP/2
www.googletagmanager.com/gtag/js?id=UA-174083888-1
IP
142.250.74.72:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1615)
Size
43 kB (42879 bytes)
Hash
e314d7f21cd12eab7a13f34fdc78f42f
ddc140d94d6884cf44eb52d17d2554ae725d2221
52e97f7daf6431764a8dc3e6936575ebd30cfdce0999e53132fcdc2d0d4c2723

HTTP Headers

GET /gtag/js?id=UA-174083888-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cima-club.bar/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 06 Sep 2022 22:46:28 GMT
expires: Tue, 06 Sep 2022 22:46:28 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 42879
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c0498832f97967e1fbaa64eba7c65094
2dcaaa99759c7b3279d75f4f934bf05a1c4ca8e7
63621ee746f1a80c3c6167ca190e5008e3e79db0bc8f0e5cb0e5dccc11ceb822

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 22:46:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c0498832f97967e1fbaa64eba7c65094
2dcaaa99759c7b3279d75f4f934bf05a1c4ca8e7
63621ee746f1a80c3c6167ca190e5008e3e79db0bc8f0e5cb0e5dccc11ceb822

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 22:46:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c0498832f97967e1fbaa64eba7c65094
2dcaaa99759c7b3279d75f4f934bf05a1c4ca8e7
63621ee746f1a80c3c6167ca190e5008e3e79db0bc8f0e5cb0e5dccc11ceb822

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 22:46:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
62c739a1335c5cf0fd4e783db6cdf14b
4f4a2acf32a7b7d8d86f7d0b037cdd16d59704ff
de1d42a2f47b8a7f1fed1880f1b485f63a5e07ede87fee3194cabeab056cf6f9

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 22:46:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

cdn.rawgit.com/admsev/jquery-play-sound/master/jquery.playSound.js?v=1.1.7

194.242.11.186

301 Moved Permanently

113 B

URL HTTP/2
cdn.rawgit.com/admsev/jquery-play-sound/master/jquery.playSound.js?v=1.1.7
IP
194.242.11.186:0
ASN
#34989 ServeTheWorld AS

File type
ASCII text, with no line terminators
Size
113 B (113 bytes)
Hash
e33d1c21496843349c928437d8678e87
329312ddae6e7a41dfdbac4c2bec5b12e064ca60
69534e7cdbdcafaabb5d69439c71adaf2d98061eed7d21db1345d58235b855ab

HTTP Headers

GET /admsev/jquery-play-sound/master/jquery.playSound.js?v=1.1.7 HTTP/1.1
Host: cdn.rawgit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cima-club.bar/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 301 Moved Permanently
date: Tue, 06 Sep 2022 22:46:28 GMT
content-type: text/plain; charset=utf-8
content-length: 113
location: https://cdn.jsdelivr.net/gh/admsev/jquery-play-sound@master/jquery.playSound.js
server: BunnyCDN-NO-830
cdn-pullzone: 201235
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: NO
vary: Accept-Encoding
access-control-allow-origin: *
access-control-expose-headers: *
age: 60122
alt-svc: h3=":443", h3-29=":443", h3-27=":443"
cache-control: public, max-age=2592000
cdn-cachedat: 09/06/2022 22:46:28
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-served-by: cache-fra19173-FRA, cache-chi-kigq8000106-CHI
x-cache: MISS, HIT
cdn-proxyver: 1.02
cdn-requestpullcode: 301
cdn-requestpullsuccess: True
cdn-edgestorageid: 830
cdn-status: 301
cdn-requestid: 82f310dc3b2462efc93702aacbad1fd5
cdn-cache: EXPIRED
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c0498832f97967e1fbaa64eba7c65094
2dcaaa99759c7b3279d75f4f934bf05a1c4ca8e7
63621ee746f1a80c3c6167ca190e5008e3e79db0bc8f0e5cb0e5dccc11ceb822

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 22:46:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

143.204.55.35

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
143.204.55.35:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, ETag, Backoff, Last-Modified, Pragma, Cache-Control, Expires, Content-Type, Content-Length, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Tue, 06 Sep 2022 22:38:18 GMT
Expires: Tue, 06 Sep 2022 22:48:13 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 d4fd24ae65d4d2b97cfdea8d2f0c21a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: C2cxm2tARPQhLQY_qxiBEZjWZzupide5aU7NjixS4xd0ZixAvx1nug==
Age: 490

e1.o.lencr.org/

23.36.77.32

200 OK

344 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
344 B (344 bytes)
Hash
1d2cfea6253564a0b7571a9e938d92a1
8793f89a22d8ba13c7418a3ed844b950c71c5abb
fa1259092142d21d1794922b167af9f556fa2bb5c443bb96f708485bf092d3f3

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "FA1259092142D21D1794922B167AF9F556FA2BB5C443BB96F708485BF092D3F3"
Last-Modified: Mon, 05 Sep 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2066
Expires: Tue, 06 Sep 2022 23:20:54 GMT
Date: Tue, 06 Sep 2022 22:46:28 GMT
Connection: keep-alive

stackpath.bootstrapcdn.com/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0

104.18.11.207

200 OK

77 kB

URL HTTP/2
stackpath.bootstrapcdn.com/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0
IP
104.18.11.207:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format (Version 2), TrueType, length 77160, version 4.459\012- data
Size
77 kB (77160 bytes)
Hash
af7ae505a9eed503f8b8e6982036873e
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

HTTP Headers

GET /font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1
Host: stackpath.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://cima-club.bar
Connection: keep-alive
Referer: https://stackpath.bootstrapcdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Tue, 06 Sep 2022 22:46:28 GMT
content-type: font/woff2
content-length: 77160
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: "af7ae505a9eed503f8b8e6982036873e"
last-modified: Mon, 25 Jan 2021 22:04:55 GMT
cdn-cachedat: 04/09/2022 08:19:45
cdn-proxyver: 1.02
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 601
cdn-status: 200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-requestid: 50379ca81d2bdbe3320482a2c1795566
cdn-cache: HIT
cf-cache-status: HIT
age: 13389
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 746abdac0d22b4f3-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
eb53024bbd41c1d8f88fa7b9becb704a
c87f5ac53cff6e3436c15551f8092f1e0215cb79
f2f589c71f9426ead1c60e4707982aa501b785a6040c95214db905a5cff8a777

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 22:46:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
eb53024bbd41c1d8f88fa7b9becb704a
c87f5ac53cff6e3436c15551f8092f1e0215cb79
f2f589c71f9426ead1c60e4707982aa501b785a6040c95214db905a5cff8a777

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 22:46:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

cdn4.iconfinder.com/data/icons/facebook-likes/100/1.png

172.66.40.94

200 OK

2.0 kB

URL HTTP/2
cdn4.iconfinder.com/data/icons/facebook-likes/100/1.png
IP
172.66.40.94:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image\012- data
Size
2.0 kB (2022 bytes)
Hash
ba618fb8765085ad3ca4093b61fad795
2283485a4a72a1af53bee3a48767052f80bcb1ce
ccbc26780629558c4da16363f1ab569078a9ddb7ed2f93bea25cbfb0744a2a6a

HTTP Headers

GET /data/icons/facebook-likes/100/1.png HTTP/1.1
Host: cdn4.iconfinder.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cima-club.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Tue, 06 Sep 2022 22:46:28 GMT
content-type: image/webp
content-length: 2022
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=3377
content-disposition: inline; filename="1.webp"
expires: Wed, 06 Sep 2023 22:46:28 GMT
vary: Accept
via: 1.1 vegur
x-request-id: b5b408ee-b770-4955-b382-107ec2b260d1
last-modified: Wed, 03 Aug 2022 17:22:13 GMT
cf-cache-status: HIT
age: 2515369
accept-ranges: bytes
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 746abdac6da7b4e8-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

deividmarques.github.io/facebook-reactions-css/assets/images/facebook-reactions.png

185.199.111.153

200 OK

12 kB

URL HTTP/2
deividmarques.github.io/facebook-reactions-css/assets/images/facebook-reactions.png
IP
185.199.111.153:0
ASN
#54113 FASTLY

File type
PNG image data, 288 x 48, 8-bit/color RGBA, non-interlaced\012- data
Size
12 kB (12234 bytes)
Hash
bd72eb93f3238add18697d62d1bc9deb
4d8a67c3fcc20590acc396ac7a77d12ba0ee2dc9
a76ec54b08be2c3ddb4b3d8466816fb37e79c117602e742c123e16638b2f7467

HTTP Headers

GET /facebook-reactions-css/assets/images/facebook-reactions.png HTTP/1.1
Host: deividmarques.github.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cima-club.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: GitHub.com
content-type: image/png
permissions-policy: interest-cohort=()
last-modified: Fri, 22 Feb 2019 05:44:20 GMT
access-control-allow-origin: *
etag: "5c6f8c34-2fca"
expires: Mon, 05 Sep 2022 13:15:54 GMT
cache-control: max-age=600
x-proxy-cache: MISS
x-github-request-id: 49B8:3C0F:4D16C3:E0217B:6315F432
accept-ranges: bytes
date: Tue, 06 Sep 2022 22:46:28 GMT
via: 1.1 varnish
age: 314
x-served-by: cache-bma1626-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1662504389.547697,VS0,VE1
vary: Accept-Encoding
x-fastly-request-id: 2d01253f22b90ee3999a6482f06857ac4a17ef65
content-length: 12234
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
eb53024bbd41c1d8f88fa7b9becb704a
c87f5ac53cff6e3436c15551f8092f1e0215cb79
f2f589c71f9426ead1c60e4707982aa501b785a6040c95214db905a5cff8a777

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 22:46:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
eb53024bbd41c1d8f88fa7b9becb704a
c87f5ac53cff6e3436c15551f8092f1e0215cb79
f2f589c71f9426ead1c60e4707982aa501b785a6040c95214db905a5cff8a777

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 22:46:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/tajawal/v9/Iurf6YBj_oCad4k1l5anHrRpiYlJ.woff2

142.250.74.163

200 OK

9.0 kB

URL HTTP/2
fonts.gstatic.com/s/tajawal/v9/Iurf6YBj_oCad4k1l5anHrRpiYlJ.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 9032, version 1.0\012- data
Size
9.0 kB (9032 bytes)
Hash
1420b4cb8aaedb5607ef10763bd4f608
430ab060799bb992c542d7f0d262cb685d3b921b
f35be424a435340fa1b6bf36b2482ed2178092f777824f6b00f03cad010fd44f

HTTP Headers

GET /s/tajawal/v9/Iurf6YBj_oCad4k1l5anHrRpiYlJ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://cima-club.bar
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 9032
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 31 Aug 2022 19:53:37 GMT
expires: Thu, 31 Aug 2023 19:53:37 GMT
cache-control: public, max-age=31536000
age: 528771
last-modified: Wed, 27 Apr 2022 16:02:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/tajawal/v9/Iurf6YBj_oCad4k1l5anHrFpiQ.woff2

142.250.74.163

200 OK

11 kB

URL HTTP/2
fonts.gstatic.com/s/tajawal/v9/Iurf6YBj_oCad4k1l5anHrFpiQ.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 10584, version 1.0\012- data
Size
11 kB (10584 bytes)
Hash
316fa1995ea53f41426fa3a7f3b2df39
0bda75704bc7d985f7b934b74f433c53299e06b2
00241262004f96088a827ad4c5d423dbbc0648224e1cd990e5e5ff8e912157c9

HTTP Headers

GET /s/tajawal/v9/Iurf6YBj_oCad4k1l5anHrFpiQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://cima-club.bar
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 10584
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 01 Sep 2022 00:21:13 GMT
expires: Fri, 01 Sep 2023 00:21:13 GMT
cache-control: public, max-age=31536000
age: 512715
last-modified: Wed, 27 Apr 2022 16:02:06 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
63712aa85bb3fb83f080ba335701d30e
5c80a64fd59313f437e9047cc07c94638fce18c2
5441ac8f1fd69fbf05b677b0427b01c226b9150c80bcc6859ecdd355d32039bb

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5441AC8F1FD69FBF05B677B0427B01C226B9150C80BCC6859ECDD355D32039BB"
Last-Modified: Tue, 06 Sep 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=997
Expires: Tue, 06 Sep 2022 23:03:05 GMT
Date: Tue, 06 Sep 2022 22:46:28 GMT
Connection: keep-alive

stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css

104.18.11.207

200 OK

16 kB

URL HTTP/2
stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
IP
104.18.11.207:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (30837)
Size
16 kB (15848 bytes)
Hash
8ce3ba45e6bf76350678868ed1ac55a0
59199cdc967303e6142c86a22a84c315bea827a7
f6a7c0bedee94534b18c1f2d434ccffbee45c83083e3f66aa6281bdcf4c4b750

HTTP Headers

GET /font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1
Host: stackpath.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cima-club.bar
Connection: keep-alive
Referer: https://cima-club.bar/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Tue, 06 Sep 2022 22:46:28 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"269550530cc127b6aa5a35925a7de6ce"
last-modified: Mon, 25 Jan 2021 22:04:55 GMT
cdn-cachedat: 08/20/2022 02:30:56
cdn-proxyver: 1.02
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 601
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 5550256a765142dae8e9482ad3c15c36
cdn-cache: HIT
cf-cache-status: HIT
age: 13390
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 746abda98bc4b4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.gstatic.com/s/tajawal/v9/Iurf6YBj_oCad4k1l8KiHrFpiQ.woff2

142.250.74.163

200 OK

9.9 kB

URL HTTP/2
fonts.gstatic.com/s/tajawal/v9/Iurf6YBj_oCad4k1l8KiHrFpiQ.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 9900, version 1.0\012- data
Size
9.9 kB (9900 bytes)
Hash
7256be46335261573e1ab1dc7f6539f0
abeac1b7890a903ac951c522bc9b3039ec6fa1f8
9986de5db80ec050300f1cea25d651a5779ae62b91a39b5667ac23d0c7668cbb

HTTP Headers

GET /s/tajawal/v9/Iurf6YBj_oCad4k1l8KiHrFpiQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://cima-club.bar
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 9900
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 31 Aug 2022 19:57:50 GMT
expires: Thu, 31 Aug 2023 19:57:50 GMT
cache-control: public, max-age=31536000
age: 528518
last-modified: Wed, 27 Apr 2022 16:01:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/changa/v20/2-cm9JNi2YuVOUckZpy-.woff2

142.250.74.163

200 OK

22 kB

URL HTTP/2
fonts.gstatic.com/s/changa/v20/2-cm9JNi2YuVOUckZpy-.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 22056, version 1.0\012- data
Size
22 kB (22056 bytes)
Hash
6837d478d967d755114a1e1cd66da217
26095c8e77890874b47ee5e897627c51776afaa7
d830e0afba0d363cc75a59792bab42fb2420073c59623135a291a25c10493bee

HTTP Headers

GET /s/changa/v20/2-cm9JNi2YuVOUckZpy-.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://cima-club.bar
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 22056
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 03 Sep 2022 05:05:11 GMT
expires: Sun, 03 Sep 2023 05:05:11 GMT
cache-control: public, max-age=31536000
age: 322877
last-modified: Fri, 24 Jun 2022 18:40:46 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

e1.o.lencr.org/

23.36.77.32

200 OK

344 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
344 B (344 bytes)
Hash
1d2cfea6253564a0b7571a9e938d92a1
8793f89a22d8ba13c7418a3ed844b950c71c5abb
fa1259092142d21d1794922b167af9f556fa2bb5c443bb96f708485bf092d3f3

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "FA1259092142D21D1794922B167AF9F556FA2BB5C443BB96F708485BF092D3F3"
Last-Modified: Mon, 05 Sep 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20616
Expires: Wed, 07 Sep 2022 04:30:04 GMT
Date: Tue, 06 Sep 2022 22:46:28 GMT
Connection: keep-alive

cdn.jsdelivr.net/gh/admsev/jquery-play-sound@master/jquery.playSound.js

151.101.85.229

200 OK

437 B

URL HTTP/2
cdn.jsdelivr.net/gh/admsev/jquery-play-sound@master/jquery.playSound.js
IP
151.101.85.229:0
ASN
#54113 FASTLY

File type
ASCII text
Size
437 B (437 bytes)
Hash
4361936cf4c73b5a0c339b4be6ab6d3d
9695e1df7a7b0e8903d8f208f00d4056e10a4a4d
d31acb89066775afec071ee65c05ae0649d544ba0b4c93e5300fbf9c1adbcf16

HTTP Headers

GET /gh/admsev/jquery-play-sound@master/jquery.playSound.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cima-club.bar/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: master
x-jsd-version-type: branch
etag: W/"390-5cOI3qPKGW/JVvByaf2H+opdYlk"
content-encoding: gzip
accept-ranges: bytes
date: Tue, 06 Sep 2022 22:46:28 GMT
age: 28195
x-served-by: cache-fra19130-FRA, cache-bma1674-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
content-length: 437
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
e8952752ad4a452a575522a7eb737217
c5554fa2af05d7a7117032b0f99352de08988346
8c182bed7bbd843774a2136823b30a4cb707e2a5386f71d01640aa3558888bf7

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5422
Cache-Control: max-age=125438
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 22:46:28 GMT
Etag: "6316ff94-1d7"
Expires: Thu, 08 Sep 2022 09:37:06 GMT
Last-Modified: Tue, 06 Sep 2022 08:06:44 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 471

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
eb53024bbd41c1d8f88fa7b9becb704a
c87f5ac53cff6e3436c15551f8092f1e0215cb79
f2f589c71f9426ead1c60e4707982aa501b785a6040c95214db905a5cff8a777

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 22:46:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1

104.18.21.226

200 OK

1.5 kB

URL HTTP/1.1
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
IP
104.18.21.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.5 kB (1462 bytes)
Hash
c5ad00a2cad4093421e8f7fe57e255dc
0166254fa34a84fd01d2d76e98302af18861c369
d5ea4930aee38a48f435e2dc7882f7ff71328a72f6bbca15490d669bd3a06563

HTTP Headers

POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 22:46:28 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "1D61FD87E97CAE3774B9919B306CC1784990533A"
Expires: Wed, 07 Sep 2022 09:00:00 GMT
Last-Modified: Tue, 06 Sep 2022 21:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 1872
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 746abdad3813b512-OSL

marinegruffexpecting.com/d3/18/fa/d318fa08f9d0af3f53ed4dad0b4564e8.js

192.243.61.227

200 OK

20 kB

URL HTTP/1.1
marinegruffexpecting.com/d3/18/fa/d318fa08f9d0af3f53ed4dad0b4564e8.js
IP
192.243.61.227:0
ASN
#39572 DataWeb Global Group B.V.

File type
ASCII text, with very long lines (59388), with no line terminators
Size
20 kB (20323 bytes)
Hash
43a5062268b7789be55b1c7fc84ae82e
7511fe4e31b4b30bef9cec70c7a2951a9f3b2f25
728ae9b0d6a1340ec627e5df03d162a1346647e45699b9dc8aae05793904a953

HTTP Headers

GET /d3/18/fa/d318fa08f9d0af3f53ed4dad0b4564e8.js HTTP/1.1
Host: marinegruffexpecting.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cima-club.bar/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Tue, 06 Sep 2022 22:46:28 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b46eafde5eec3a42fc60b889d97bbef5
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

push.services.mozilla.com/

54.149.101.24

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.149.101.24:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: +ujNzxmw/uLFBWb8IgO4lA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: H6ADsQuVQjjMppcKeOemEgbTW/4=

e1.o.lencr.org/

23.36.77.32

200 OK

344 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
344 B (344 bytes)
Hash
61a1d49aa535963841c587d8263dd108
0efb6da29383ab32455f2df3490eb3cb2c27ae81
604f30f23d59dfe745af62dfe586c0135acd11f5c369298abca51ed81a20a2a2

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "604F30F23D59DFE745AF62DFE586C0135ACD11F5C369298ABCA51ED81A20A2A2"
Last-Modified: Mon, 05 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20779
Expires: Wed, 07 Sep 2022 04:32:47 GMT
Date: Tue, 06 Sep 2022 22:46:28 GMT
Connection: keep-alive

ocsp.sca1b.amazontrust.com/

54.230.245.100

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
54.230.245.100:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
bb439f59c8d155bc837839ed089c527d
36c9258bd9882ebf12a46b04439f6b50d4be5b46
9928d01dd1e2c94b3dd9803cce428a5926cf0ad1196bae92c266022e8ef4ee4e

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Tue, 06 Sep 2022 22:46:29 GMT
Last-Modified: Tue, 06 Sep 2022 21:36:29 GMT
Server: ECS (nyb/1D2E)
X-Cache: Miss from cloudfront
Via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: fCGU9-2g1CMszjyX-LE4uiKyYZcUSyig2KxqcRGtU6W2re3BYL3rSA==
Age: 4200

simplewebanalysis.com/stats

18.195.40.233

200 OK

40 B

URL HTTP/2
simplewebanalysis.com/stats
IP
18.195.40.233:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
6c7964ad79537596cda16d9213e5b364
8855250ea883f796c671285ed55b01105e30a451
96772327b70f25d73555def0b69b488feb5c33865f729f8faa87ff84a9a5ce2d

HTTP Headers

GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cima-club.bar
Connection: keep-alive
Referer: https://cima-club.bar/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Tue, 06 Sep 2022 22:46:29 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://cima-club.bar
access-control-allow-credentials: true
set-cookie: uid_id2=2d92efff-6907-42f6-b076-3332c60f99e1:2:1; expires=Fri, 03 Sep 2032 22:46:29 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

e1.o.lencr.org/

23.36.77.32

200 OK

344 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
344 B (344 bytes)
Hash
61a1d49aa535963841c587d8263dd108
0efb6da29383ab32455f2df3490eb3cb2c27ae81
604f30f23d59dfe745af62dfe586c0135acd11f5c369298abca51ed81a20a2a2

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "604F30F23D59DFE745AF62DFE586C0135ACD11F5C369298ABCA51ED81A20A2A2"
Last-Modified: Mon, 05 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20778
Expires: Wed, 07 Sep 2022 04:32:47 GMT
Date: Tue, 06 Sep 2022 22:46:29 GMT
Connection: keep-alive

region1.google-analytics.com/g/collect?v=2&tid=G-J0QQKPLZPB&gtm=2oe8v0&_p=839528986&cid=922052654.1662504383&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1662504382&sct=1&seg=0&dl=https%3A%2F%2Fcima-club.bar%2Fepisode%2F%25D9%2585%25D8%25B3%25D9%2584%25D8%25B3%25D9%2584-stranger-things-%25D8%25A7%25D9%2584%25D9%2585%25D9%2588%25D8%25B3%25D9%2585-1-%25D8%25A7%25D9%2584%25D8%25A7%25D9%2588%25D9%2584-%25D8%25A7%25D9%2584%25D8%25AD%25D9%2584%25D9%2582%25D8%25A9-3-%25D8%25A7%25D9%2584%25D8%25AB%25D8%25A7%25D9%2584%25D8%25AB%25D8%25A9&dt=%D9%85%D8%B3%D9%84%D8%B3%D9%84%20Stranger%20Things%20%D8%A7%D9%84%D9%85%D9%88%D8%B3%D9%85%201%20%D8%A7%D9%84%D8%A7%D9%88%D9%84%20%D8%A7%D9%84%D8%AD%D9%84%D9%82%D8%A9%203%20%D8%A7%D9%84%D8%AB%D8%A7%D9%84%D8%AB%D8%A9&en=page_view&_fv=1&_nsi=1&_ss=1

216.239.32.36

204 No Content

0 B

URL HTTP/2
region1.google-analytics.com/g/collect?v=2&tid=G-J0QQKPLZPB&gtm=2oe8v0&_p=839528986&cid=922052654.1662504383&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1662504382&sct=1&seg=0&dl=https%3A%2F%2Fcima-club.bar%2Fepisode%2F%25D9%2585%25D8%25B3%25D9%2584%25D8%25B3%25D9%2584-stranger-things-%25D8%25A7%25D9%2584%25D9%2585%25D9%2588%25D8%25B3%25D9%2585-1-%25D8%25A7%25D9%2584%25D8%25A7%25D9%2588%25D9%2584-%25D8%25A7%25D9%2584%25D8%25AD%25D9%2584%25D9%2582%25D8%25A9-3-%25D8%25A7%25D9%2584%25D8%25AB%25D8%25A7%25D9%2584%25D8%25AB%25D8%25A9&dt=%D9%85%D8%B3%D9%84%D8%B3%D9%84%20Stranger%20Things%20%D8%A7%D9%84%D9%85%D9%88%D8%B3%D9%85%201%20%D8%A7%D9%84%D8%A7%D9%88%D9%84%20%D8%A7%D9%84%D8%AD%D9%84%D9%82%D8%A9%203%20%D8%A7%D9%84%D8%AB%D8%A7%D9%84%D8%AB%D8%A9&en=page_view&_fv=1&_nsi=1&_ss=1
IP
216.239.32.36:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-J0QQKPLZPB&gtm=2oe8v0&_p=839528986&cid=922052654.1662504383&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1662504382&sct=1&seg=0&dl=https%3A%2F%2Fcima-club.bar%2Fepisode%2F%25D9%2585%25D8%25B3%25D9%2584%25D8%25B3%25D9%2584-stranger-things-%25D8%25A7%25D9%2584%25D9%2585%25D9%2588%25D8%25B3%25D9%2585-1-%25D8%25A7%25D9%2584%25D8%25A7%25D9%2588%25D9%2584-%25D8%25A7%25D9%2584%25D8%25AD%25D9%2584%25D9%2582%25D8%25A9-3-%25D8%25A7%25D9%2584%25D8%25AB%25D8%25A7%25D9%2584%25D8%25AB%25D8%25A9&dt=%D9%85%D8%B3%D9%84%D8%B3%D9%84%20Stranger%20Things%20%D8%A7%D9%84%D9%85%D9%88%D8%B3%D9%85%201%20%D8%A7%D9%84%D8%A7%D9%88%D9%84%20%D8%A7%D9%84%D8%AD%D9%84%D9%82%D8%A9%203%20%D8%A7%D9%84%D8%AB%D8%A7%D9%84%D8%AB%D8%A9&en=page_view&_fv=1&_nsi=1&_ss=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cima-club.bar
Connection: keep-alive
Referer: https://cima-club.bar/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://cima-club.bar
date: Tue, 06 Sep 2022 22:46:29 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e02a16b54a4a13e714a8bff0538ca51a
18679ff8fe6518fe755e8b3e963a7eca7b6dc99b
6f189cfe320869367e84fe961239385303e6fcf4ed7e8837bd9809a459332627

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6F189CFE320869367E84FE961239385303E6FCF4ED7E8837BD9809A459332627"
Last-Modified: Sun, 04 Sep 2022 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20308
Expires: Wed, 07 Sep 2022 04:24:57 GMT
Date: Tue, 06 Sep 2022 22:46:29 GMT
Connection: keep-alive

www.google-analytics.com/analytics.js

142.250.74.174

200 OK

20 kB

URL HTTP/2
www.google-analytics.com/analytics.js
IP
142.250.74.174:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1325)
Size
20 kB (20006 bytes)
Hash
56f5d7f608e25d64207135f045f988cb
901eb59372ae330ae85e1384da93479b21ae1082
1910daea79e5a9d04829a91e432dfa56f45a80a3e14a8cf667fec73af9fd3d29

HTTP Headers

GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cima-club.bar/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20006
date: Tue, 06 Sep 2022 22:41:12 GMT
expires: Wed, 07 Sep 2022 00:41:12 GMT
cache-control: public, max-age=7200
age: 317
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google-analytics.com/j/collect?v=1&_v=j96&a=839528986&t=pageview&_s=1&dl=https%3A%2F%2Fcima-club.bar%2Fepisode%2F%25D9%2585%25D8%25B3%25D9%2584%25D8%25B3%25D9%2584-stranger-things-%25D8%25A7%25D9%2584%25D9%2585%25D9%2588%25D8%25B3%25D9%2585-1-%25D8%25A7%25D9%2584%25D8%25A7%25D9%2588%25D9%2584-%25D8%25A7%25D9%2584%25D8%25AD%25D9%2584%25D9%2582%25D8%25A9-3-%25D8%25A7%25D9%2584%25D8%25AB%25D8%25A7%25D9%2584%25D8%25AB%25D8%25A9&ul=en-us&de=UTF-8&dt=%D9%85%D8%B3%D9%84%D8%B3%D9%84%20Stranger%20Things%20%D8%A7%D9%84%D9%85%D9%88%D8%B3%D9%85%201%20%D8%A7%D9%84%D8%A7%D9%88%D9%84%20%D8%A7%D9%84%D8%AD%D9%84%D9%82%D8%A9%203%20%D8%A7%D9%84%D8%AB%D8%A7%D9%84%D8%AB%D8%A9&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=YADAAUABAAAAAC~&jid=1620029752&gjid=34720297&cid=922052654.1662504383&tid=UA-174083888-1&_gid=285341378.1662504384&_r=1&gtm=2ou8v0&z=2094296919

142.250.74.174

200 OK

1 B

URL HTTP/2
www.google-analytics.com/j/collect?v=1&_v=j96&a=839528986&t=pageview&_s=1&dl=https%3A%2F%2Fcima-club.bar%2Fepisode%2F%25D9%2585%25D8%25B3%25D9%2584%25D8%25B3%25D9%2584-stranger-things-%25D8%25A7%25D9%2584%25D9%2585%25D9%2588%25D8%25B3%25D9%2585-1-%25D8%25A7%25D9%2584%25D8%25A7%25D9%2588%25D9%2584-%25D8%25A7%25D9%2584%25D8%25AD%25D9%2584%25D9%2582%25D8%25A9-3-%25D8%25A7%25D9%2584%25D8%25AB%25D8%25A7%25D9%2584%25D8%25AB%25D8%25A9&ul=en-us&de=UTF-8&dt=%D9%85%D8%B3%D9%84%D8%B3%D9%84%20Stranger%20Things%20%D8%A7%D9%84%D9%85%D9%88%D8%B3%D9%85%201%20%D8%A7%D9%84%D8%A7%D9%88%D9%84%20%D8%A7%D9%84%D8%AD%D9%84%D9%82%D8%A9%203%20%D8%A7%D9%84%D8%AB%D8%A7%D9%84%D8%AB%D8%A9&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=YADAAUABAAAAAC~&jid=1620029752&gjid=34720297&cid=922052654.1662504383&tid=UA-174083888-1&_gid=285341378.1662504384&_r=1&gtm=2ou8v0&z=2094296919
IP
142.250.74.174:0
ASN
#15169 GOOGLE

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

HTTP Headers

POST /j/collect?v=1&_v=j96&a=839528986&t=pageview&_s=1&dl=https%3A%2F%2Fcima-club.bar%2Fepisode%2F%25D9%2585%25D8%25B3%25D9%2584%25D8%25B3%25D9%2584-stranger-things-%25D8%25A7%25D9%2584%25D9%2585%25D9%2588%25D8%25B3%25D9%2585-1-%25D8%25A7%25D9%2584%25D8%25A7%25D9%2588%25D9%2584-%25D8%25A7%25D9%2584%25D8%25AD%25D9%2584%25D9%2582%25D8%25A9-3-%25D8%25A7%25D9%2584%25D8%25AB%25D8%25A7%25D9%2584%25D8%25AB%25D8%25A9&ul=en-us&de=UTF-8&dt=%D9%85%D8%B3%D9%84%D8%B3%D9%84%20Stranger%20Things%20%D8%A7%D9%84%D9%85%D9%88%D8%B3%D9%85%201%20%D8%A7%D9%84%D8%A7%D9%88%D9%84%20%D8%A7%D9%84%D8%AD%D9%84%D9%82%D8%A9%203%20%D8%A7%D9%84%D8%AB%D8%A7%D9%84%D8%AB%D8%A9&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=YADAAUABAAAAAC~&jid=1620029752&gjid=34720297&cid=922052654.1662504383&tid=UA-174083888-1&_gid=285341378.1662504384&_r=1&gtm=2ou8v0&z=2094296919 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://cima-club.bar
Connection: keep-alive
Referer: https://cima-club.bar/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: https://cima-club.bar
date: Tue, 06 Sep 2022 22:46:29 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

perryvolleyball.com/pixel/purst?dl=0&th=0&sc=0&rs=1484&rd=1484&fd=958&bv=22.8.v.1&tmpl=70

192.243.59.12

200 OK

0 B

URL HTTP/1.1
perryvolleyball.com/pixel/purst?dl=0&th=0&sc=0&rs=1484&rd=1484&fd=958&bv=22.8.v.1&tmpl=70
IP
192.243.59.12:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pixel/purst?dl=0&th=0&sc=0&rs=1484&rd=1484&fd=958&bv=22.8.v.1&tmpl=70 HTTP/1.1
Host: perryvolleyball.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cima-club.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Tue, 06 Sep 2022 22:46:29 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
77cb90c1bcc1626dc5f002b309ed6c8e
adca42d0c7a341166c081fc698ec37c3174988ec
9903ef9c78c0f9f12357b418c5a2233f8a97401aa5a9cafa64a99153715b95fb

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9903EF9C78C0F9F12357B418C5A2233F8A97401AA5A9CAFA64A99153715B95FB"
Last-Modified: Tue, 06 Sep 2022 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1644
Expires: Tue, 06 Sep 2022 23:13:53 GMT
Date: Tue, 06 Sep 2022 22:46:29 GMT
Connection: keep-alive

banquetunarmedgrater.com/advertisers.js

192.243.59.20

200 OK

0 B

URL HTTP/1.1
banquetunarmedgrater.com/advertisers.js
IP
192.243.59.20:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /advertisers.js HTTP/1.1
Host: banquetunarmedgrater.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cima-club.bar/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Tue, 06 Sep 2022 22:46:29 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 05fdddb33765cd10008e54d5da4838d1
Strict-Transport-Security: max-age=0; includeSubdomains

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
bc70b1691dd339e8120b92ba393ffb69
99118be3645b3182ccdc5f9da149a97c220a3929
da94f53f998808b2b187d6c265722e95e4cdce9f0a4b23ff0bf6c96d2cdf2bd8

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17459
Expires: Wed, 07 Sep 2022 03:37:29 GMT
Date: Tue, 06 Sep 2022 22:46:30 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
bc70b1691dd339e8120b92ba393ffb69
99118be3645b3182ccdc5f9da149a97c220a3929
da94f53f998808b2b187d6c265722e95e4cdce9f0a4b23ff0bf6c96d2cdf2bd8

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17459
Expires: Wed, 07 Sep 2022 03:37:29 GMT
Date: Tue, 06 Sep 2022 22:46:30 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F40a1a34b-bd31-4f00-a8cf-f11e2616a5f6.jpeg

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F40a1a34b-bd31-4f00-a8cf-f11e2616a5f6.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (12412 bytes)
Hash
1c2d4c01e5231b1b06ee38b6f9049993
a6ebf37cf2f7f4b2ba54a566f8dd283cef97f411
a3cba7153f46f6592cd393d246a8c231f6bc73d3a96946b0422274982ff0bc67

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F40a1a34b-bd31-4f00-a8cf-f11e2616a5f6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12412
x-amzn-requestid: 0ad5e36e-b0f9-40fd-8a33-a0b4ceb72e93
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X0Eo_FbhoAMFukQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6311816c-573560f36cc49c941c5b2d6e;Sampled=0
x-amzn-remapped-date: Fri, 02 Sep 2022 04:07:08 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: sgq8LYAkIXXP8x3Fg7LZqoP2DLiZd4truPgaIqCYOg-WfETJkngm3Q==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Sep 2022 07:45:02 GMT
age: 54088
etag: "a6ebf37cf2f7f4b2ba54a566f8dd283cef97f411"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2d353f8d-bf6d-4c0f-b163-e9d32c54839f.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.1 kB (8101 bytes)
Hash
6194a9684f17743754ea625caecf9d46
90fa1c2a82eca9b0a37c665e8f50a4c54520e12f
4d4e16a9aee766d73e4ac96e1f099ec01e8285d69c4a33f99ade5f49378ca73e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2d353f8d-bf6d-4c0f-b163-e9d32c54839f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8101
x-amzn-requestid: d108dfd6-c4da-49c9-955d-03a526797a29
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Xgt-SFK_IAMFfVg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6309c38e-0e3603717adf3c0d45762306;Sampled=0
x-amzn-remapped-date: Sat, 27 Aug 2022 07:11:10 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Nd_ePo3cXQZelhKPxTblpWIX-EoB_ekUQsWOaH8n6DopQYdtwlhg9Q==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 91356d2137f5a7345e93da4516c49ec4.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Sep 2022 22:20:21 GMT
age: 1569
etag: "90fa1c2a82eca9b0a37c665e8f50a4c54520e12f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fde9352b2-4ab5-48d0-9676-61bf3275b779.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.0 kB (7002 bytes)
Hash
489429fc4af7d245f194596e975d1e49
ab455b8abde4309f365d55508794a8cf8c85d8b6
112f3ed8114c9a10d897af2d083a71f10ec68442d5896487f12259ed676ae017

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fde9352b2-4ab5-48d0-9676-61bf3275b779.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7002
x-amzn-requestid: 0752310a-7ca0-4ea8-a678-8f049b75ad51
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X5xa4HedIAMF4pw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6313c912-22f168ab60f17c4b671d6370;Sampled=0
x-amzn-remapped-date: Sat, 03 Sep 2022 21:37:22 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: -d0fBEUietExakJOgudzXyCpL-T2WstDUoOaVnutZTF0PUrrzPTL3A==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Sep 2022 22:14:32 GMT
age: 1918
etag: "ab455b8abde4309f365d55508794a8cf8c85d8b6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

3.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F544c97ea-c914-4fdc-82af-945cb0832cde.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
3.5 kB (3529 bytes)
Hash
edcd025faafbf7161d4d606f47304c2b
a99519726bc82f2cc0541c79f47ddd15c7362669
ed7b147e3ea371ea4b014805d9c2f45407918924bb2ec540ea6f7cd0a8b1b698

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F544c97ea-c914-4fdc-82af-945cb0832cde.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 3529
x-amzn-requestid: 7c3c10fd-ce94-4d39-9fc0-de3f30d307c4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XkARtEI8oAMFqjQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630b140a-396d466a114b14592f68c813;Sampled=0
x-amzn-remapped-date: Sun, 28 Aug 2022 07:06:50 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: PCqO2_8gh8yq-POB4jnsRNA0xRULJBB3n8-_Kz7nWQrxqbMPykbfkw==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 d01e7742f82df0bbc1fb681d709ed69c.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Sep 2022 21:42:16 GMT
age: 3854
etag: "a99519726bc82f2cc0541c79f47ddd15c7362669"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2e9b3424-a7df-4a41-82c2-4baf4813509c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (11464 bytes)
Hash
fcf56e65178e3bdb802a8215b48d11f0
6ca14b815e1446172a72f28f58fbbf97272a512b
42a88966c46e9670786e171700f403805f1a278aef0edfee233afb8fd5e41e46

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2e9b3424-a7df-4a41-82c2-4baf4813509c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11464
x-amzn-requestid: 5a4d63f8-dd44-4003-bd90-4ebcdf4517e2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XdbBcECroAMFrFA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63087209-22f3a6a174d32fd11f863106;Sampled=0
x-amzn-remapped-date: Fri, 26 Aug 2022 07:11:05 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: hvJEdV6JLI2wSnHo_y3lhjaS0p0-tXpeedn_z3BuRuz7xfqBun_ntw==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Sep 2022 21:55:58 GMT
age: 3032
etag: "6ca14b815e1446172a72f28f58fbbf97272a512b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faba86944-df9f-4d50-9b10-d50644b978e3.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.8 kB (4805 bytes)
Hash
4f29d8aaae2d67c27c58001e7553dea7
5200b601017ce86614783b76fd2a775c1c48d4e9
6b55c4d692cf584e0319b07251d9845749fe8954062dab66e003dd2706451504

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faba86944-df9f-4d50-9b10-d50644b978e3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4805
x-amzn-requestid: 270858f2-c94d-4047-8e3b-c49a5a603610
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XjbiJHuZoAMFpSg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630ad940-3ba2164762e4f74227b6a23b;Sampled=0
x-amzn-remapped-date: Sun, 28 Aug 2022 02:56:00 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: do30zKZmrP_j4feGGu8G39ibskE4dXxTL8YzpAR7PCFpQuJalYeJqA==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 e80693c02cfdfd081110512210d57840.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Sep 2022 21:57:13 GMT
age: 2957
etag: "5200b601017ce86614783b76fd2a775c1c48d4e9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
601d02860a32cd0667c2b4b6d5746e29
cd419b7dbf9f54edca0ceca468d14627d70f0764
18b245d8cf9427a2fab1793342ec08d8b1967083aad465785540d7f6bbc1af01

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "18B245D8CF9427A2FAB1793342EC08D8B1967083AAD465785540D7F6BBC1AF01"
Last-Modified: Mon, 05 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20623
Expires: Wed, 07 Sep 2022 04:30:13 GMT
Date: Tue, 06 Sep 2022 22:46:30 GMT
Connection: keep-alive

unseenreport.com/pxf.gif?uuid=2d92efff-6907-42f6-b076-3332c60f99e1&eb=da08d6844107154a138edda4653a0f4b&te=f6ce28b9ffd697cd2ee52a12f20448bb&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.31&b_frame=0&pk=d318fa08f9d0af3f53ed4dad0b4564e8&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=22

192.243.61.227

200 OK

1 B

URL HTTP/1.1
unseenreport.com/pxf.gif?uuid=2d92efff-6907-42f6-b076-3332c60f99e1&eb=da08d6844107154a138edda4653a0f4b&te=f6ce28b9ffd697cd2ee52a12f20448bb&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.31&b_frame=0&pk=d318fa08f9d0af3f53ed4dad0b4564e8&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=22
IP
192.243.61.227:0
ASN
#39572 DataWeb Global Group B.V.

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=2d92efff-6907-42f6-b076-3332c60f99e1&eb=da08d6844107154a138edda4653a0f4b&te=f6ce28b9ffd697cd2ee52a12f20448bb&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.31&b_frame=0&pk=d318fa08f9d0af3f53ed4dad0b4564e8&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=22 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cima-club.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Tue, 06 Sep 2022 22:46:30 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4d24d168aadf809652ea731b46d9ed2d
Strict-Transport-Security: max-age=0; includeSubdomains

104.21.1.78

200 OK

0 B

URL HTTP/2
cima-club.bar/episode/%D9%85%D8%B3%D9%84%D8%B3%D9%84-stranger-things-%D8%A7%D9%84%D9%85%D9%88%D8%B3%D9%85-1-%D8%A7%D9%84%D8%A7%D9%88%D9%84-%D8%A7%D9%84%D8%AD%D9%84%D9%82%D8%A9-3-%D8%A7%D9%84%D8%AB%D8%A7%D9%84%D8%AB%D8%A9
IP
104.21.1.78:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /episode/%D9%85%D8%B3%D9%84%D8%B3%D9%84-stranger-things-%D8%A7%D9%84%D9%85%D9%88%D8%B3%D9%85-1-%D8%A7%D9%84%D8%A7%D9%88%D9%84-%D8%A7%D9%84%D8%AD%D9%84%D9%82%D8%A9-3-%D8%A7%D9%84%D8%AB%D8%A7%D9%84%D8%AB%D8%A9 HTTP/1.1
Host: cima-club.bar
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
date: Tue, 06 Sep 2022 22:46:27 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6IlhtRjd1OFwvbXhQSkROQkJEY2F5eHRRPT0iLCJ2YWx1ZSI6IjRIUGVnQ2xyWXhNdmhtQWtcL3Zta1wvaEVEMG5qSFJBbVBLeXYwOURkZXpVcmI2V2k5MzhQbXlxejRSY2NUXC9Nd2UiLCJtYWMiOiJiYjBhYzE0YTZlY2E2N2M2OWY1NWMwOTZkNTU1NDIxODZiZWYyYzdjYzc1MDlkM2FjMTUyOGQ4ZDc2YmU4MTc2In0%3D; expires=Wed, 07-Sep-2022 08:46:27 GMT; Max-Age=36000; path=/
cimaclub_session=eyJpdiI6IjFCNFFEWDRBSnRvaWRUdFI1UHVuSmc9PSIsInZhbHVlIjoiK052c0h3V1hmcFBKTFwvQlwvbVB3RHdObExqaVlPMENcL0ExRmxlYmh3aUkxT2hwQXJFVWlcL1ZyU09EdHVFNE9hWDAiLCJtYWMiOiI1ODVmMWNiMTY0YjYwMTUyYTNiZGU5ZTc1MTA0YmY2YjA5ODcxNWZkZjRiYWVmODI3ZWNkYmY2OWVjMzZkN2E5In0%3D; expires=Wed, 07-Sep-2022 08:46:27 GMT; Max-Age=36000; path=/; httponly
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=00O3%2B3U8n3Wbp6bluomcScKxg%2FTlY383OSjY%2BBgzgoalP81JOanhvv1xGj5F7bVIl4Ro7MelJd9ukKD9RrtZhuAM7tvXuMivw83IntuJJtGJhYoCzFy3w2vkZNl0Kpv8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 746abda7ccbbb4fd-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

addresseepaper.com/sfp.js

104.21.234.254

200 OK

0 B

URL HTTP/2
addresseepaper.com/sfp.js
IP
104.21.234.254:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sfp.js HTTP/1.1
Host: addresseepaper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cima-club.bar/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Tue, 06 Sep 2022 22:46:29 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 678d44cdde24a6a53ebd690581ce1373
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Tue, 06 Sep 2022 22:46:28 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bSr284Clbh2VBZ8vwLegMz34MK8XtzY97gQdrv8eCYKmLVtgVMuuWCkZTARGJFU0I%2B1GCjzb7IZc526552Q7B50l273X2DTYBfBOg73sjPM9e%2B9r3Chr5qpOh5OWTFPKahd5C5A%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 746abdaf4db58867-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Tajawal:500,800&subset=arabic

142.250.74.10

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css?family=Tajawal:500,800&subset=arabic
IP
142.250.74.10:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css?family=Tajawal:500,800&subset=arabic HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cima-club.bar/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 06 Sep 2022 22:46:28 GMT
date: Tue, 06 Sep 2022 22:46:28 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Changa:200,300,400,500,600,700,800&display=swap&subset=arabic

142.250.74.10

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css?family=Changa:200,300,400,500,600,700,800&display=swap&subset=arabic
IP
142.250.74.10:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css?family=Changa:200,300,400,500,600,700,800&display=swap&subset=arabic HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cima-club.bar/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 06 Sep 2022 22:46:28 GMT
date: Tue, 06 Sep 2022 22:46:28 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (16)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations