detectportal.firefox.com/success.txt?ipv4
34.107.221.82200 OK 8 B URL HTTP/1.1 detectportal.firefox.com/success.txt?ipv4
IP 34.107.221.82:0
Hash ae780585f49b94ce1444eb7d28906123
7d5ca8c0c03e883c56c4eb1ef6f6bb9bccad4d86
81b2bd4ea98c8db66554fbc8d7637a1a69a130f331feb732b75caab4c4868fd5
GET /success.txt?ipv4 HTTP/1.1
Host: detectportal.firefox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Length: 8
Via: 1.1 google
Date: Wed, 22 Feb 2023 15:24:39 GMT
Age: 57946
Content-Type: text/plain
Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
1wrcnz.top/
190.115.24.78301 Moved Permanently 175 B IP 190.115.24.78:0
ASN #262254 DDOS-GUARD CORP.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 27d3037d4815f88b7bb724cb258524e1
092678ca1f61e13d97f37f7be9438e7b32b722e9
0c0a343c76a265d5b6b5b3708383afaf77f187eaa7f3fa8f1fec18cdf4ebe198
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.top domain
GET / HTTP/1.1
Host: 1wrcnz.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: openresty/1.19.9.1
Date: Thu, 23 Feb 2023 07:31:12 GMT
Content-Type: text/html
Content-Length: 175
Connection: keep-alive
Location: https://1wrcnz.top
X-Frame-Options: DENY
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 67fc460ed2f69dde3c410ec607ef3510
ba9f582ec321351e5c06c9b2c381f06b685ef274
85df74fac7d59d76840b6359bac24648fede201c0048f2a8382af6468225ffb8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "85DF74FAC7D59D76840B6359BAC24648FEDE201C0048F2A8382AF6468225FFB8"
Last-Modified: Wed, 22 Feb 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3376
Expires: Thu, 23 Feb 2023 08:26:42 GMT
Date: Thu, 23 Feb 2023 07:30:26 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3bf2985444924fcb7c28583d95fe3e07
95b5b25c5e28758f16327475be944d68ba858b4d
1e1b4f9fd2e5b5c38916cea3f07edc4abe897defb9db47123d374bc979cad933
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1E1B4F9FD2E5B5C38916CEA3F07EDC4ABE897DEFB9DB47123D374BC979CAD933"
Last-Modified: Wed, 22 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5024
Expires: Thu, 23 Feb 2023 08:54:10 GMT
Date: Thu, 23 Feb 2023 07:30:26 GMT
Connection: keep-alive
getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US®ion=NO&count=30
34.120.5.221200 OK 47 kB URL HTTP/2 getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US®ion=NO&count=30
IP 34.120.5.221:0
File type JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Hash 337da99fcc276f212ae80a9b0f0dcb61
dc7b6dfe8236a0c31d609f0cb1dfe6c464c32a68
97ad36dce13795fd46603336a49e04c6b50ea9d87ce23ac4bef386a286010425
GET /v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US®ion=NO&count=30 HTTP/1.1
Host: getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-location: global-recs.php
tcn: choice
x-frame-options: SAMEORIGIN
status: 200 OK
x-source: Pocket
pragma: cache
p3p: policyref="/w3c/p3p.xml", CP="ALL CURa ADMa DEVa OUR IND UNI COM NAV INT STA PRE"
x-cache: Miss from cloudfront
x-amz-cf-pop: SEA73-P2
x-amz-cf-id: tvzCS0vr7pP1BH4T1OTAVgw6WA5t9I78UVCkoCKlTcF6iN79prANlw==
content-encoding: gzip
via: 1.1 7f06047c304d80ea094816a27c933914.cloudfront.net (CloudFront), 1.1 google
date: Thu, 23 Feb 2023 07:29:41 GMT
content-type: application/json
vary: Accept-Encoding
content-length: 47027
age: 45
cache-control: s-maxage=900,public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7fb59e5d3cdf08b94e5f41fdeb9aec6c
ff644039db3b9f74d7e2fab10f93581bea10614a
861573a00d75364e15783c5e448c4f8b4da48b38d9beba3ebd33a87f993489a5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "861573A00D75364E15783C5E448C4F8B4DA48B38D9BEBA3EBD33A87F993489A5"
Last-Modified: Wed, 22 Feb 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20690
Expires: Thu, 23 Feb 2023 13:15:16 GMT
Date: Thu, 23 Feb 2023 07:30:26 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: VTxVKnkxWwM493nohhCb2IgizogQjumiOlaXQzkoAFkLJKyA4tBU3fIKf8alC7NfG8vJtRYI5V4=
x-amz-request-id: T2HD28SX7KVEY8KB
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 23 Feb 2023 07:13:23 GMT
age: 1023
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6eb0a77aa4a20639a06d9621742007c2
d2d03beeb111049117b70d5f3dff3698a671ef8a
62c2da0800bf8efb6bb985b2eb046fa863e0b394681fb2ab187a9c4836fbd320
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62C2DA0800BF8EFB6BB985B2EB046FA863E0B394681FB2AB187A9C4836FBD320"
Last-Modified: Wed, 22 Feb 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21525
Expires: Thu, 23 Feb 2023 13:29:11 GMT
Date: Thu, 23 Feb 2023 07:30:26 GMT
Connection: keep-alive
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 23 Feb 2023 07:30:26 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash b44c4b5daa307a355e7bab1c83c1ca82
dbd14cd873f1dd4502f277b3f51cb7bc8da0c080
fd4604461cfa002c8a261bb14eb8dda56817db231b9012b2eb38d6dbc2674df5
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Content-Length, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 23 Feb 2023 06:38:18 GMT
content-type: application/json
age: 3128
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 836108e1bbb7b033c537df908101968e
f33be0cc06ed65735a06529f34d54e2f3683a5a5
356960f884af0a575572f8b80fb3919d58a2c56dc7bc3fedc869265694285104
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "356960F884AF0A575572F8B80FB3919D58A2C56DC7BC3FEDC869265694285104"
Last-Modified: Thu, 23 Feb 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Thu, 23 Feb 2023 13:30:26 GMT
Date: Thu, 23 Feb 2023 07:30:26 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 5aa46280b9f4ef8602f5e1b6864d898f
f1b8d2278116c2873ec0683122818fc186c74392
bb61e1178bc48dc26984f63f54d2621706fe49faa6f9a5651b06befa53cea9a0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4118
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 23 Feb 2023 07:30:26 GMT
Last-Modified: Thu, 23 Feb 2023 06:21:48 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 5fa728a339ca32e616d483e61d0aebcd
6a63966de94d16390c8f1e47e5b67fe5bb67f7cd
7e83729d554404e59f1f1ff809ac776d3596487e2b062a1e38af8e29f33c0686
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7E83729D554404E59F1F1FF809AC776D3596487E2B062A1E38AF8E29F33C0686"
Last-Modified: Wed, 22 Feb 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14169
Expires: Thu, 23 Feb 2023 11:26:35 GMT
Date: Thu, 23 Feb 2023 07:30:26 GMT
Connection: keep-alive
ocsp.pki.goog/s/gts1p5/m7Q96l8rCKM
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/m7Q96l8rCKM
IP 142.250.74.131:0
Hash cf662a9839c077afea151efe987dbcc1
8e26bb1413a623c2083e5002c682adb910c6f94f
50cd159dffd3532a0f06ab817d7b5a6bc1b7cdeeed59be671ca5800d6b2b6cd1
POST /s/gts1p5/m7Q96l8rCKM HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 23 Feb 2023 07:30:26 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1p5/m7Q96l8rCKM
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/m7Q96l8rCKM
IP 142.250.74.131:0
Hash cf662a9839c077afea151efe987dbcc1
8e26bb1413a623c2083e5002c682adb910c6f94f
50cd159dffd3532a0f06ab817d7b5a6bc1b7cdeeed59be671ca5800d6b2b6cd1
POST /s/gts1p5/m7Q96l8rCKM HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 23 Feb 2023 07:30:26 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1p5/m7Q96l8rCKM
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/m7Q96l8rCKM
IP 142.250.74.131:0
Hash cf662a9839c077afea151efe987dbcc1
8e26bb1413a623c2083e5002c682adb910c6f94f
50cd159dffd3532a0f06ab817d7b5a6bc1b7cdeeed59be671ca5800d6b2b6cd1
POST /s/gts1p5/m7Q96l8rCKM HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 23 Feb 2023 07:30:26 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1p5/m7Q96l8rCKM
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/m7Q96l8rCKM
IP 142.250.74.131:0
Hash cf662a9839c077afea151efe987dbcc1
8e26bb1413a623c2083e5002c682adb910c6f94f
50cd159dffd3532a0f06ab817d7b5a6bc1b7cdeeed59be671ca5800d6b2b6cd1
POST /s/gts1p5/m7Q96l8rCKM HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 23 Feb 2023 07:30:26 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1p5/m7Q96l8rCKM
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/m7Q96l8rCKM
IP 142.250.74.131:0
Hash cf662a9839c077afea151efe987dbcc1
8e26bb1413a623c2083e5002c682adb910c6f94f
50cd159dffd3532a0f06ab817d7b5a6bc1b7cdeeed59be671ca5800d6b2b6cd1
POST /s/gts1p5/m7Q96l8rCKM HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 23 Feb 2023 07:30:26 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
1win-cdn.com/css/6610.4f034e44.css
104.26.5.11200 OK 0 B URL HTTP/2 1win-cdn.com/css/6610.4f034e44.css
IP 104.26.5.11:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /css/6610.4f034e44.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1wrcnz.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:26 GMT
content-type: text/css
content-length: 0
cache-control: max-age=315360000
cf-bgj: minify
access-control-allow-origin: *
etag: "63c7c775-0"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Wed, 18 Jan 2023 10:18:29 GMT
cf-cache-status: HIT
age: 3032687
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Mrj4cSHm3N4FSRpgtCBpDVWQCvilRaSVR67YwBqhAhDtY4WISc7vQ6FlXFidu9UFoTYk9wn9T1r4exHQKqjNP%2FsNyoaybZeKpzBoxBgvfRVv9C%2FgFH00keAgRuCCcw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de4195c946b521-OSL
X-Firefox-Spdy: h2
shavar.services.mozilla.com/downloads?client=Firefox&appver=96.0a&pver=2.2
54.68.195.169200 OK 8 B URL HTTP/1.1 shavar.services.mozilla.com/downloads?client=Firefox&appver=96.0a&pver=2.2
IP 54.68.195.169:0
Hash 29fc57841962e407cb50c1be60284bf7
ce968a77e2996da5eee8925182318f171ccdce47
ae7e7075247dcfad763f1e131aeac3d2e756bb03d48b0d315a50c69636e5dc8b
POST /downloads?client=Firefox&appver=96.0a&pver=2.2 HTTP/1.1
Host: shavar.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 773
Connection: close
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: none
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Date: Thu, 23 Feb 2023 07:30:26 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Length: 8
Connection: Close
1wrcnz.top/img/logo/1w_logo.webp
190.115.24.78200 OK 4.2 kB URL HTTP/2 1wrcnz.top/img/logo/1w_logo.webp
IP 190.115.24.78:0
ASN #262254 DDOS-GUARD CORP.
File type RIFF (little-endian) data, Web/P image\012- data
Hash 290ac463251c4079d15ef3fb016bdd9b
8f7013ea3afe0ad8efe6c4afa2bf8fa8e2d61e66
7cc723ed1487f56d1be3f59e23498248d5ad2329d13df59e8f3e2da251d4e900
GET /img/logo/1w_logo.webp HTTP/1.1
Host: 1wrcnz.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1wrcnz.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty/1.19.9.1
date: Thu, 23 Feb 2023 07:31:13 GMT
content-type: image/webp
content-length: 4160
last-modified: Wed, 22 Feb 2023 10:12:40 GMT
etag: "63f5ea98-1040"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: DENY
accept-ranges: bytes
X-Firefox-Spdy: h2
push.services.mozilla.com/
35.81.108.147101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.81.108.147:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Lt6bXvvfbiAb3xRhxP3BMQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: a+inrZAaMX3dw98pxRdN/9p+XBg=
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Content-Type, Alert, Content-Length, Backoff, ETag, Cache-Control, Retry-After, Last-Modified, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 23 Feb 2023 07:20:35 GMT
age: 592
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expected=%221677121036546%22
35.241.9.150200 OK 22 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expected=%221677121036546%22
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (21681), with no line terminators
Hash accef8a81ca596001ad5a8fd66ed4bc2
f7167c5429485e973fa1a14646dd4b50eef53caf
71fbf95a3cfbc0f51e2860cd25fa87fc2cdfd9df9b5f5dbe29fa42bdce4d19e0
GET /v1/buckets/monitor/collections/changes/changeset?_expected=%221677121036546%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Content-Length, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 21681
via: 1.1 google
date: Thu, 23 Feb 2023 07:02:02 GMT
age: 1705
last-modified: Thu, 23 Feb 2023 02:57:16 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/blocklists/collections/addons-bloomfilters/changeset?_expected=1677069440866&_since=%221666204638208%22
35.241.9.150200 OK 33 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/blocklists/collections/addons-bloomfilters/changeset?_expected=1677069440866&_since=%221666204638208%22
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (32643), with no line terminators
Hash 111a124bfe0fcca1d00eacc4056304c0
09f7b2abd4d09de09db0e11add552e995346c23c
3dfc4c61e3f4a5d95c359d2914ec2dcf4bfc413116dec9b98bc104ecc9f446bf
GET /v1/buckets/blocklists/collections/addons-bloomfilters/changeset?_expected=1677069440866&_since=%221666204638208%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Alert, Content-Length, Backoff, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 32643
via: 1.1 google
date: Thu, 23 Feb 2023 07:10:15 GMT
age: 1212
last-modified: Wed, 22 Feb 2023 12:37:20 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
1wrcnz.top/affiliate:link_visit?visit_domain=1wrcnz.top&sub_ids=undefined
190.115.24.78200 OK 15 B URL HTTP/2 1wrcnz.top/affiliate:link_visit?visit_domain=1wrcnz.top&sub_ids=undefined
IP 190.115.24.78:0
ASN #262254 DDOS-GUARD CORP.
File type JSON data\012- , ASCII text, with no line terminators
Hash 0f0479874bf6f4a7281099b15df27c27
55a490e280d48996e564d00492437eb17faadd28
a29ee2b15c494311c52521766e44af56a3ad2248e7a8ab465e5206463c13d288
GET /affiliate:link_visit?visit_domain=1wrcnz.top&sub_ids=undefined HTTP/1.1
Host: 1wrcnz.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1wrcnz.top/
Connection: keep-alive
Cookie: visit_domain=1wrcnz.top
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty/1.19.9.1
date: Thu, 23 Feb 2023 07:31:13 GMT
content-type: application/json; charset=utf-8
content-length: 15
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: undefined
access-control-expose-headers: Authorization
etag: W/"f-VaSQ4oDUiZblZNAEkkN+sX+q3Sg"
set-cookie: core-sticky=http://10.233.72.195:80; Path=/; HttpOnly
x-powered-by: Express
x-frame-options: DENY
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Backoff, Content-Type, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 23 Feb 2023 06:53:54 GMT
content-type: application/json
age: 2193
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 135606a5e990506b3e92eda82ef79170
a3de3c800534ad64b2e2198941e3911a4e51df8e
558ce08e84a4581859ae4302371540e4240e0b85866e37fb03174786388d5546
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "558CE08E84A4581859AE4302371540E4240E0B85866E37FB03174786388D5546"
Last-Modified: Wed, 22 Feb 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2912
Expires: Thu, 23 Feb 2023 08:18:59 GMT
Date: Thu, 23 Feb 2023 07:30:27 GMT
Connection: keep-alive
1wrcnz.top/firebase/8.1.1/firebase-app.js
190.115.24.78200 OK 36 kB URL HTTP/2 1wrcnz.top/firebase/8.1.1/firebase-app.js
IP 190.115.24.78:0
ASN #262254 DDOS-GUARD CORP.
Hash fe6a411a477695b5b69371b7fab568a9
82bdb41a9edb8d8859661b56b9630f7ea01be884
3801f4ce720d28e324d460a53459558a7ab396981dd3e34fb15afbf1f7af56ca
GET /firebase/8.1.1/firebase-app.js HTTP/1.1
Host: 1wrcnz.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1wrcnz.top/sw.db344b25.js
Cookie: visit_domain=1wrcnz.top; core-sticky=http://10.233.72.195:80
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: openresty/1.19.9.1
date: Thu, 23 Feb 2023 07:31:13 GMT
content-type: application/javascript
last-modified: Wed, 22 Feb 2023 10:12:39 GMT
etag: W/"63f5ea97-4ded"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: DENY
content-encoding: gzip
X-Firefox-Spdy: h2
1win-cdn.com/js/1895.ba9c11b9.js
104.26.5.11200 OK 13 kB URL HTTP/2 1win-cdn.com/js/1895.ba9c11b9.js
IP 104.26.5.11:0
Hash f565a56a815c6322f8afcc6ddcd337a5
6d88b8d68513b3e103f180ae3c415ac4bb6f8c8e
a12016b11959954616c6d01b93a117d0eac3944d043c681b44b7e58aacb96e8e
GET /js/1895.ba9c11b9.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1wrcnz.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:27 GMT
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-bgj: minify
cf-polished: origSize=60809
access-control-allow-origin: *
etag: W/"63f37b40-ed89"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Mon, 20 Feb 2023 13:53:04 GMT
cf-cache-status: HIT
age: 236173
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dZINN4AiFlA%2B%2FMExIf%2BcMNNM12VERNrocwR9ob8GzOfBdg6Rzk2n8dnNuLtW%2BPzgnKHhnyQorS3O2TyT4f5Yat0N5QRwtoW8iTJfcD9sZkr3gvYJ91ZT0pHIx6dcxA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de4198ed3fb521-OSL
content-encoding: br
X-Firefox-Spdy: h2
1win-cdn.com/fonts/SFNSText.c652402c.woff2
104.26.5.11200 OK 379 kB URL HTTP/2 1win-cdn.com/fonts/SFNSText.c652402c.woff2
IP 104.26.5.11:0
File type Web Open Font Format (Version 2), TrueType, length 379312, version 1.0\012- data
Size 379 kB (379312 bytes)
Hash 78c04126100e27b652681e2e225f0303
fe601d94aeed79691f4cb7bc3b741f5263d488e9
49073903870a8bb345c24e632270bc480dde66725f0af85c66df5cb7269c4214
GET /fonts/SFNSText.c652402c.woff2 HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wrcnz.top
Connection: keep-alive
Referer: https://1win-cdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:27 GMT
content-type: application/octet-stream
content-length: 379312
last-modified: Wed, 22 Feb 2023 10:11:58 GMT
etag: "63f5ea6e-5c9b0"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iJ1Dxphyr7jI6Kj12LnywlhveN0j6oA2w8ILugYjGq6miBWniAp7MhiESeTkQwnkbtxdTcr%2BKgy9cuOfjqBrvT4X8fnWoGvyHEEpnx0UJh5LgERRiL7vd6%2B8LynzCw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de4198f983b500-OSL
X-Firefox-Spdy: h2
firefox-settings-attachments.cdn.mozilla.net/staging/addons-bloomfilters/8038652a-6557-460a-858c-84f19a5a0987.bin
34.111.73.144200 OK 807 kB URL HTTP/2 firefox-settings-attachments.cdn.mozilla.net/staging/addons-bloomfilters/8038652a-6557-460a-858c-84f19a5a0987.bin
IP 34.111.73.144:0
Size 807 kB (807180 bytes)
Hash 914be443bdfbe8a1c3ded61e1c114bd6
4fe7c5ff83f6a29e6699f4cebc17550891504661
41b036d0c889509d547296b238027a063c313261ad52d5f7bb81922011791857
GET /staging/addons-bloomfilters/8038652a-6557-460a-858c-84f19a5a0987.bin HTTP/1.1
Host: firefox-settings-attachments.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: l+MCtFOuLKzOPj71ctV6p21ZnEwlje3OMs98dDmBuOF/9BlFn9tKisO1m/95doEjfl++IkG0uWc=
x-amz-request-id: VKZJ774KPQ4B1SPR
x-amz-version-id: K1ODzappZsD35qeu0OM5zvs_BP1eybj7
accept-ranges: bytes
server: AmazonS3
content-length: 807180
via: 1.1 google
date: Thu, 16 Feb 2023 11:49:05 GMT
last-modified: Tue, 10 Jan 2023 12:38:46 GMT
etag: "914be443bdfbe8a1c3ded61e1c114bd6"
content-type: application/octet-stream
age: 589282
cache-control: public,max-age=604800
alt-svc: clear
X-Firefox-Spdy: h2
detectportal.firefox.com/success.txt?ipv4
34.107.221.82200 OK 8 B URL HTTP/1.1 detectportal.firefox.com/success.txt?ipv4
IP 34.107.221.82:0
Hash ae780585f49b94ce1444eb7d28906123
7d5ca8c0c03e883c56c4eb1ef6f6bb9bccad4d86
81b2bd4ea98c8db66554fbc8d7637a1a69a130f331feb732b75caab4c4868fd5
GET /success.txt?ipv4 HTTP/1.1
Host: detectportal.firefox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Length: 8
Via: 1.1 google
Date: Wed, 22 Feb 2023 15:24:39 GMT
Age: 57948
Content-Type: text/plain
Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
firefox.settings.services.mozilla.com/v1/buckets/blocklists/collections/gfx/changeset?_expected=1676781773899&_since=%221643818378440%22
35.241.9.150200 OK 6.0 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/blocklists/collections/gfx/changeset?_expected=1676781773899&_since=%221643818378440%22
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (5951), with no line terminators
Hash 84c45909a46631dec23c78a3a547ca95
b511f80ad0abe7a6f0ce8988a0b9275573665c9a
ce6af1c28962645f13129411c11c7f156f0cd9e282f5ef0146d5cbd84a4e2b7e
GET /v1/buckets/blocklists/collections/gfx/changeset?_expected=1676781773899&_since=%221643818378440%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Backoff, Content-Type, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 5951
via: 1.1 google
date: Thu, 23 Feb 2023 06:48:56 GMT
age: 2491
last-modified: Sun, 19 Feb 2023 04:42:53 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/hijack-blocklists?_expected=1605801189258
35.241.9.150200 OK 681 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/hijack-blocklists?_expected=1605801189258
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (681), with no line terminators
Hash b3c57c4bb39f0c7541d93ba82a5cd4c9
be92fd1cee01b4a8bb4174b0b11e53be649cd1a3
98e848e13f44cb1595f2f1882c734fd25761a0e8facae4e0c3dcff6f322a4000
GET /v1/buckets/main/collections/hijack-blocklists?_expected=1605801189258 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Last-Modified, Content-Length, Content-Type, Cache-Control, Pragma, Retry-After, ETag, Expires, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 681
via: 1.1 google
date: Thu, 23 Feb 2023 06:55:06 GMT
age: 2121
last-modified: Wed, 22 Feb 2023 16:36:55 GMT
etag: "1677083815772"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 67d0353e59411ba1f85c492efa548d94
2bb48dd2638abb14217de43ca03d2485a31eb7e7
c50c81dc979238b0bfea29f69cc5b4e6277e06c407025412430c190acf1e8d29
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 23 Feb 2023 07:30:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtm.js?id=GTM-KGKQDC7
142.250.74.40200 OK 60 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-KGKQDC7
IP 142.250.74.40:0
File type ASCII text, with very long lines (15455)
Hash 1605f15be14904947e7a0c23ba9570af
b8d279595ec5cac98016b639e88f12a8a9347033
25b6fccc661856f45ad4458efece8a4a2df89f0500681fc1b22524c7e41c9eef
GET /gtm.js?id=GTM-KGKQDC7 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1wrcnz.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 23 Feb 2023 07:30:27 GMT
expires: Thu, 23 Feb 2023 07:30:27 GMT
cache-control: private, max-age=900
last-modified: Thu, 23 Feb 2023 06:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 59516
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 67d0353e59411ba1f85c492efa548d94
2bb48dd2638abb14217de43ca03d2485a31eb7e7
c50c81dc979238b0bfea29f69cc5b4e6277e06c407025412430c190acf1e8d29
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 23 Feb 2023 07:30:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
firefox.settings.services.mozilla.com/v1/buckets/main/collections/language-dictionaries/changeset?_expected=1673270322227&_since=%221569410800356%22
35.241.9.150200 OK 1.3 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/language-dictionaries/changeset?_expected=1673270322227&_since=%221569410800356%22
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (1250), with no line terminators
Hash c9f7f64ea0e8fd2d1098afb18806601b
fac82a10d89a339d7970db44b47633465d7b16f8
e0ed15ed986855d3c7eec307e2333aeea9211c5c3d8849dabaa56395dbaec026
GET /v1/buckets/main/collections/language-dictionaries/changeset?_expected=1673270322227&_since=%221569410800356%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Alert, Content-Length, Backoff, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 1250
via: 1.1 google
date: Thu, 23 Feb 2023 07:02:27 GMT
age: 1680
last-modified: Wed, 22 Feb 2023 16:36:45 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/password-recipes/changeset?_expected=1674595048726&_since=%221642005109349%22
35.241.9.150200 OK 1.7 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/password-recipes/changeset?_expected=1674595048726&_since=%221642005109349%22
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (1743), with no line terminators
Hash 8d7098a815bd465cf003589b0703c6b0
202cba221e952763f4ccf8e16df65693d9098b44
8cf3d3a8263ffc0df70842cb3968feef260daaa2977cd450819a346d48712114
GET /v1/buckets/main/collections/password-recipes/changeset?_expected=1674595048726&_since=%221642005109349%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Content-Length, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 1743
via: 1.1 google
date: Thu, 23 Feb 2023 06:38:38 GMT
age: 3110
last-modified: Wed, 22 Feb 2023 16:36:45 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/fxmonitor-breaches/changeset?_expected=1675734066429&_since=%221662044085942%22
35.241.9.150200 OK 5.6 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/fxmonitor-breaches/changeset?_expected=1675734066429&_since=%221662044085942%22
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (5628), with no line terminators
Hash c2aaf121f79032d2dbef3b6bbebc5bda
9aea63df55fe7bbf0337658087da5679e68fff39
570d0386b573c64a975e5ce952c25a81ad35b59a114e7d86f9a85d2a0d4c5c62
GET /v1/buckets/main/collections/fxmonitor-breaches/changeset?_expected=1675734066429&_since=%221662044085942%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Content-Length, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 5628
via: 1.1 google
date: Thu, 23 Feb 2023 07:06:46 GMT
age: 1422
last-modified: Wed, 22 Feb 2023 16:36:43 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 99833367490dd4a0b1fe074db23fbaa0
f5195f40f27dc45e7dfc323a8f5e0c546be2f6ca
0e4a4c91d19b35385a72a41c0b2b9bf64ec4e9b064c6230de863985d935239c8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 23 Feb 2023 07:30:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 99833367490dd4a0b1fe074db23fbaa0
f5195f40f27dc45e7dfc323a8f5e0c546be2f6ca
0e4a4c91d19b35385a72a41c0b2b9bf64ec4e9b064c6230de863985d935239c8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 23 Feb 2023 07:30:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
12688802.fls.doubleclick.net/activityi;src=12688802;type=actio0;cat=allpa0;ord=1;num=5100281094676;gtm=45He32m0h2;auiddc=1846652071.1677137437;~oref=https%3A%2F%2F1wrcnz.top%2F?
142.250.74.70200 OK 237 B URL HTTP/2 12688802.fls.doubleclick.net/activityi;src=12688802;type=actio0;cat=allpa0;ord=1;num=5100281094676;gtm=45He32m0h2;auiddc=1846652071.1677137437;~oref=https%3A%2F%2F1wrcnz.top%2F?
IP 142.250.74.70:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (452), with no line terminators
Hash 1af88bde856db95481bf64bafa614eb4
3a0b746336e4df37dcc27e82dfcfa1c9a1a558df
6951cdc42e899348f84b57330b239fbf8a3458e4854c58de6c1e881027a64a62
GET /activityi;src=12688802;type=actio0;cat=allpa0;ord=1;num=5100281094676;gtm=45He32m0h2;auiddc=1846652071.1677137437;~oref=https%3A%2F%2F1wrcnz.top%2F? HTTP/1.1
Host: 12688802.fls.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1wrcnz.top/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 23 Feb 2023 07:30:28 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 237
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 23-Feb-2023 07:45:28 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
12572451.fls.doubleclick.net/activityi;src=12572451;type=1m0c10;cat=all_p0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=1;num=5374613386682.51?
142.250.74.70200 OK 274 B URL HTTP/2 12572451.fls.doubleclick.net/activityi;src=12572451;type=1m0c10;cat=all_p0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=1;num=5374613386682.51?
IP 142.250.74.70:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (519), with no line terminators
Hash 90f5d5e2ee4797cee64a6eebd365fe47
25b44a00efe7904644896a75008f29bed80d133c
482a393b1ec680f37b915ed3e09b8dbcbbe728c07bc0ee9c7b1e068d7d75fdbd
GET /activityi;src=12572451;type=1m0c10;cat=all_p0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=1;num=5374613386682.51? HTTP/1.1
Host: 12572451.fls.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1wrcnz.top/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 23 Feb 2023 07:30:28 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 274
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 23-Feb-2023 07:45:28 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 99833367490dd4a0b1fe074db23fbaa0
f5195f40f27dc45e7dfc323a8f5e0c546be2f6ca
0e4a4c91d19b35385a72a41c0b2b9bf64ec4e9b064c6230de863985d935239c8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 23 Feb 2023 07:30:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 99833367490dd4a0b1fe074db23fbaa0
f5195f40f27dc45e7dfc323a8f5e0c546be2f6ca
0e4a4c91d19b35385a72a41c0b2b9bf64ec4e9b064c6230de863985d935239c8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 23 Feb 2023 07:30:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
1wrcnz.top/get-authorization?random=1677137436656-0.14973793446331718
190.115.24.78200 OK 19 B URL HTTP/2 1wrcnz.top/get-authorization?random=1677137436656-0.14973793446331718
IP 190.115.24.78:0
ASN #262254 DDOS-GUARD CORP.
File type JSON data\012- , ASCII text, with no line terminators
Hash 97816351479ac35375c10e73546c9459
b388abc5b856b3cb65032cf68d12cdee27073fc7
759315d5ae8c31136d2a7bc803e591554894987559325cdf7e0b5965bec0eaca
GET /get-authorization?random=1677137436656-0.14973793446331718 HTTP/1.1
Host: 1wrcnz.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1wrcnz.top/
Cookie: visit_domain=1wrcnz.top; core-sticky=http://10.233.72.195:80; amp_494ccc=0jLQyK9s7WVauTGSitWWN8...1gpuisnrh.1gpuisnrh.0.0.0; amplitude-device-id=23d207a2-2af7-4eba-9f41-19599a058d79; 1w_lang=en
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty/1.19.9.1
date: Thu, 23 Feb 2023 07:31:14 GMT
content-type: application/json; charset=utf-8
content-length: 19
access-control-allow-origin: https://1wrcnz.top
access-control-allow-credentials: true
x-frame-options: DENY
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/nimbus-desktop-experiments/changeset?_expected=1677079981951&_since=%221666279968541%22
35.241.9.150200 OK 106 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/nimbus-desktop-experiments/changeset?_expected=1677079981951&_since=%221666279968541%22
IP 35.241.9.150:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 106 kB (106535 bytes)
Hash 44317bc4f401543ba080c8b77e2aff54
ae769488dfa10cd08cf730a63ac64b0a29246a8a
167da22ccd9986da793ecdc27155152f073ca124306a599050be0c55cba79678
GET /v1/buckets/main/collections/nimbus-desktop-experiments/changeset?_expected=1677079981951&_since=%221666279968541%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Content-Length, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 106535
via: 1.1 google
date: Thu, 23 Feb 2023 06:24:38 GMT
age: 3950
last-modified: Wed, 22 Feb 2023 15:33:02 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 5a9e54f54243639a31020050bfc7fb55
c49766d67bea2ce07bd3c925d42897ab992f94e2
26b96bbdd02ca9498d5c7a4b970ebbec31039db95a2ce6e5a6ff665c73023a8d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 23 Feb 2023 07:30:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
1win-cdn.com/js/index.dcfba266.js
104.26.5.11200 OK 31 kB URL HTTP/2 1win-cdn.com/js/index.dcfba266.js
IP 104.26.5.11:0
File type Unicode text, UTF-8 text, with very long lines (65528), with no line terminators
Hash 257550e27e5283f5558c324444fbefeb
3561397f7ffd377f0aa11c433d2b963a3f5fa80d
d3000f22d7412461df75eef6e736429637ddec70269a28fe5b01ac701e61fe1b
GET /js/index.dcfba266.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wrcnz.top
Connection: keep-alive
Referer: https://1wrcnz.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:27 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 22 Feb 2023 10:11:57 GMT
etag: W/"63f5ea6d-164ea"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TAT5zOjkI9lTNmGfsy%2Fl9ApYWt7tYTfaGefKwEFcMZ4PoNBxngBEnez6Z%2BkVuEdtyzIoQg%2BneOueSkMvXiA2cjxL2fXd%2FfQk8HERoHBIp7utOubB5zFsbEGjEDgK%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de4195cd1fb500-OSL
content-encoding: br
X-Firefox-Spdy: h2
adservice.google.com/ddm/fls/i/src=12688802;type=actio0;cat=allpa0;ord=1;num=5100281094676;gtm=45He32m0h2;auiddc=1846652071.1677137437;~oref=https%3A%2F%2F1wrcnz.top%2F
142.250.74.66200 OK 239 B URL HTTP/2 adservice.google.com/ddm/fls/i/src=12688802;type=actio0;cat=allpa0;ord=1;num=5100281094676;gtm=45He32m0h2;auiddc=1846652071.1677137437;~oref=https%3A%2F%2F1wrcnz.top%2F
IP 142.250.74.66:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (451), with no line terminators
Hash e189eeeda58382f208848466b70c4822
7ffac8267745647438f3c22cb4b15a56043f78e9
be35c5d0596ecbf8a1099fb0eb0fb769d8ea9f8822f10b42f34b08d271ba5ed3
GET /ddm/fls/i/src=12688802;type=actio0;cat=allpa0;ord=1;num=5100281094676;gtm=45He32m0h2;auiddc=1846652071.1677137437;~oref=https%3A%2F%2F1wrcnz.top%2F HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://12688802.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 23 Feb 2023 07:30:28 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 239
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
adservice.google.com/ddm/fls/i/src=12572451;type=1m0c10;cat=all_p0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=1;num=5374613386682.51;~oref=https://1wrcnz.top/
142.250.74.66200 OK 274 B URL HTTP/2 adservice.google.com/ddm/fls/i/src=12572451;type=1m0c10;cat=all_p0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=1;num=5374613386682.51;~oref=https://1wrcnz.top/
IP 142.250.74.66:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (518), with no line terminators
Hash 7a5c6f6d16b17e3414497b27aa53daa1
182e1dfa196440203598a268ba092cebd9b4fc32
7829d2e61428eaed691a86f17c01d181f21a0ca58e4c628cfcbf694bfc6a8fe5
GET /ddm/fls/i/src=12572451;type=1m0c10;cat=all_p0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=1;num=5374613386682.51;~oref=https://1wrcnz.top/ HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://12572451.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 23 Feb 2023 07:30:28 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 274
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 5a9e54f54243639a31020050bfc7fb55
c49766d67bea2ce07bd3c925d42897ab992f94e2
26b96bbdd02ca9498d5c7a4b970ebbec31039db95a2ce6e5a6ff665c73023a8d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 23 Feb 2023 07:30:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
api.lab.amplitude.com/sdk/vardata
151.101.194.132200 OK 2 B URL HTTP/2 api.lab.amplitude.com/sdk/vardata
IP 151.101.194.132:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
GET /sdk/vardata HTTP/1.1
Host: api.lab.amplitude.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1wrcnz.top/
Authorization: Api-Key client-Ss5BFx7UDrTj948TJHfc5ZUoTW67EjvZ
X-Amp-Exp-User: eyJsaWJyYXJ5IjoiZXhwZXJpbWVudC1qcy1jbGllbnQvMS43LjEiLCJkZXZpY2VfaWQiOiIyM2QyMDdhMi0yYWY3LTRlYmEtOWY0MS0xOTU5OWEwNThkNzkiLCJ1c2VyX3Byb3BlcnRpZXMiOnt9fQ
Origin: https://1wrcnz.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json;charset=utf-8
access-control-allow-origin: https://1wrcnz.top
access-control-allow-credentials: true
x-amzn-trace-id: Root=1-63f71614-01bbbe5958bb198a1a7f5de1
x-content-type-options: nosniff
accept-ranges: bytes
date: Thu, 23 Feb 2023 07:30:28 GMT
age: 0
x-served-by: cache-bma1648-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1677137428.081638,VS0,VE216
vary: Origin, Origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 2
X-Firefox-Spdy: h2
script.hotjar.com/modules.7cafb00353603cadd6c4.js
54.230.111.73200 OK 68 kB URL HTTP/2 script.hotjar.com/modules.7cafb00353603cadd6c4.js
IP 54.230.111.73:0
File type Unicode text, UTF-8 text, with very long lines (48737)
Hash 75f1519020fb26b2d79428053cef7ce8
b5969580970cbbb41b623bd2e6693b5836f02573
38523b468cf2ca24900805c7ca98f9dbe7b422442f35f6cad0afddebe03409de
GET /modules.7cafb00353603cadd6c4.js HTTP/1.1
Host: script.hotjar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
HTTP/2 200 OK
content-type: application/javascript
content-length: 68446
date: Wed, 22 Feb 2023 15:55:06 GMT
accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=31536000
content-encoding: br
cross-origin-resource-policy: cross-origin
etag: "75f1519020fb26b2d79428053cef7ce8"
last-modified: Wed, 22 Feb 2023 15:54:32 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: dVMi0WaqkqU5FQobEyIfB2mQgGVOonxVdFcdDCfH3uWvHFU-rI1D2Q==
age: 56122
X-Firefox-Spdy: h2
1win-cdn.com/css/desktop.50f0f5ef.css
104.26.5.11200 OK 23 kB URL HTTP/2 1win-cdn.com/css/desktop.50f0f5ef.css
IP 104.26.5.11:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 04a076dd16fe5bc7824874f152ed1db7
55adc1e3b1caaaac4caf0c97be8cd8211d991286
5d927a1480088159238fade7982e66e54993c3d1feeead598e2f05571aec8e88
GET /css/desktop.50f0f5ef.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1wrcnz.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:26 GMT
content-type: text/css
cache-control: max-age=315360000
cf-bgj: minify
cf-polished: origSize=113921
access-control-allow-origin: *
etag: W/"63ef2d10-1bd01"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Fri, 17 Feb 2023 07:30:24 GMT
cf-cache-status: HIT
age: 518166
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6xosla%2BnFJLPqbronVfM5Opg3GJWB2aE27V5LI32j5eKneR0sE4Xs579kkTHX9c%2BihacGAKZRilJ44FbjfkhDTIosUUX6LadGIjjldgPxrTJ7giqFesdLYcqDKlPnw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de4195c950b521-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 00fc3b5f1c0bf75bad8c142109720834
050f2d14da16248ead53d3996d88aacd18e5041a
b5f65aaa770693ab60c9c5342fa5aff03408055071e73a7c08c89fb5faf143c7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 23 Feb 2023 07:30:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 5c79f7689efb3e9384d23c012fbb7459
6383d131dec112059c3bb88971dc23ce47bc98f2
4bc466ff7e5773f11ef30dba2c57bb6b76b05964622a087f0fba48686b6b85f4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 23 Feb 2023 07:30:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.no/ddm/fls/i/src=12688802;type=actio0;cat=allpa0;ord=1;num=5100281094676;gtm=45He32m0h2;auiddc=1846652071.1677137437;~oref=https%3A%2F%2F1wrcnz.top%2F
216.58.211.2200 OK 85 B URL HTTP/2 adservice.google.no/ddm/fls/i/src=12688802;type=actio0;cat=allpa0;ord=1;num=5100281094676;gtm=45He32m0h2;auiddc=1846652071.1677137437;~oref=https%3A%2F%2F1wrcnz.top%2F
IP 216.58.211.2:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Hash 4a3b3637744caa4a0b08fabbd76cc830
755e5626762ecf38f55012da892a227bf50f15f1
6a12009f3d99f10dd5acb27389beefed79eddd7fa55ddcc591baf92861d51bfb
GET /ddm/fls/i/src=12688802;type=actio0;cat=allpa0;ord=1;num=5100281094676;gtm=45He32m0h2;auiddc=1846652071.1677137437;~oref=https%3A%2F%2F1wrcnz.top%2F HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 23 Feb 2023 07:30:28 GMT
expires: Thu, 23 Feb 2023 07:30:28 GMT
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 85
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
adservice.google.no/ddm/fls/i/src=12572451;type=1m0c10;cat=all_p0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=1;num=5374613386682.51;~oref=https://1wrcnz.top/
216.58.211.2200 OK 85 B URL HTTP/2 adservice.google.no/ddm/fls/i/src=12572451;type=1m0c10;cat=all_p0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=1;num=5374613386682.51;~oref=https://1wrcnz.top/
IP 216.58.211.2:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Hash 4a3b3637744caa4a0b08fabbd76cc830
755e5626762ecf38f55012da892a227bf50f15f1
6a12009f3d99f10dd5acb27389beefed79eddd7fa55ddcc591baf92861d51bfb
GET /ddm/fls/i/src=12572451;type=1m0c10;cat=all_p0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=1;num=5374613386682.51;~oref=https://1wrcnz.top/ HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 23 Feb 2023 07:30:28 GMT
expires: Thu, 23 Feb 2023 07:30:28 GMT
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 85
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 00fc3b5f1c0bf75bad8c142109720834
050f2d14da16248ead53d3996d88aacd18e5041a
b5f65aaa770693ab60c9c5342fa5aff03408055071e73a7c08c89fb5faf143c7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 23 Feb 2023 07:30:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
firefox.settings.services.mozilla.com/v1/buckets/main/collections/cfr/changeset?_expected=1666894461944&_since=%221659547595259%22
35.241.9.150200 OK 1.5 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/cfr/changeset?_expected=1666894461944&_since=%221659547595259%22
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (1505), with no line terminators
Hash 8c387573e466da58de34efecea89a4a1
3bee30f48f21c082dee7ce7b52ebd7b4e30edca8
019686dbf2b110ba2e746777c3539cf842f44eeb333ec45af0f41d785a2c9272
GET /v1/buckets/main/collections/cfr/changeset?_expected=1666894461944&_since=%221659547595259%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Alert, Content-Length, Backoff, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 1505
via: 1.1 google
date: Thu, 23 Feb 2023 06:38:21 GMT
age: 3127
last-modified: Mon, 20 Feb 2023 16:36:46 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
mc.yandex.ru/metrika/tag.js
77.88.21.119200 OK 74 kB URL HTTP/2 mc.yandex.ru/metrika/tag.js
IP 77.88.21.119:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (659)
Hash 6a599c9bd605553d6e8ea26b240017e5
ce6de2eaa815569841f1b16de3de7aa841ac7e88
8ee4a7bf51b198d826a7320c21965e73d95fd1642d9071a1a840e566ee9303de
GET /metrika/tag.js HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
HTTP/2 200 OK
content-length: 73790
date: Thu, 23 Feb 2023 07:30:28 GMT
access-control-allow-origin: *
etag: "63f47caa-1203e"
expires: Thu, 23 Feb 2023 08:30:28 GMT
last-modified: Tue, 21 Feb 2023 11:11:22 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: max-age=3600
content-type: application/javascript
content-encoding: br
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/message-groups/changeset?_expected=1670425599656&_since=%221665698079854%22
35.241.9.150200 OK 935 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/message-groups/changeset?_expected=1670425599656&_since=%221665698079854%22
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (935), with no line terminators
Hash 6c796237d371d417e638a02a0cd932e7
6d289d3a27964ab953e0dd0d0d771ce754bc8851
b8d634496126a0452c5b9443293308160c29efffa1462027e0161876494982e8
GET /v1/buckets/main/collections/message-groups/changeset?_expected=1670425599656&_since=%221665698079854%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Content-Length, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 935
via: 1.1 google
date: Thu, 23 Feb 2023 06:40:59 GMT
age: 2969
last-modified: Mon, 20 Feb 2023 16:36:44 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/search-config/changeset?_expected=1675353179510&_since=%221661199949574%22
35.241.9.150200 OK 22 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/search-config/changeset?_expected=1675353179510&_since=%221661199949574%22
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (22469), with no line terminators
Hash 17717d070272f82b3d1e5ea83e8cb663
71c48b44180dd2fa42c9506df93de407f8ad3362
e9499f291df345def3e65b7c951365247357ba986c5c4aaf74c24bae96402a23
GET /v1/buckets/main/collections/search-config/changeset?_expected=1675353179510&_since=%221661199949574%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Content-Length, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 22469
via: 1.1 google
date: Thu, 23 Feb 2023 07:07:08 GMT
age: 1400
last-modified: Thu, 16 Feb 2023 16:36:44 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
vc.hotjar.io/sessions/2606090?s=0.25&r=0.18154952020182802
54.230.111.91204 No Content 0 B URL HTTP/2 vc.hotjar.io/sessions/2606090?s=0.25&r=0.18154952020182802
IP 54.230.111.91:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sessions/2606090?s=0.25&r=0.18154952020182802 HTTP/1.1
Host: vc.hotjar.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wrcnz.top
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
HTTP/2 204 No Content
access-control-allow-origin: *
cache-control: no-store
date: Thu, 23 Feb 2023 07:30:28 GMT
server: Python/3.7 aiohttp/3.5.4
x-cache: Miss from cloudfront
via: 1.1 8ac66e1d6983a0f44cf391b1ec3b1cce.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: OGVKh6vKr0rR_PGmih7Wjthm6jccPDQ9Um4g2KIIzKtynPrNz2MeOA==
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e76071a28ee566dababb3834f46d68ed
aebb4e68c1ba2de0f90025283e8ed8470944fde0
78b6df2627172e5b35476bc31020f02898cdc412aaf4337af2c3b049a60912b6
GET /chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: HOyG+RxnDUwQGPyhAhDrb3PMd3e4K3NLeEER7L+k56tJX1Cwg7BiLP5hUiQULA5UQ8r4jnn63+c=
x-amz-request-id: 8HAX3BJSEBY29X7Z
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 23 Feb 2023 07:23:32 GMT
age: 416
last-modified: Sun, 29 Jan 2023 18:44:47 GMT
etag: "e76071a28ee566dababb3834f46d68ed"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/partitioning-exempt-urls/changeset?_expected=1675943045406&_since=%221657747510534%22
35.241.9.150200 OK 2.4 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/partitioning-exempt-urls/changeset?_expected=1675943045406&_since=%221657747510534%22
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (2387), with no line terminators
Hash ffc6488079ed80a847550c9639a3dcbb
c605ae42b2e5f24edd322ff3dedcdb59487e3ffe
54185fa9e3158fc0bf16e9fc85b801f488dec533221128b5e00a12425d22b9b2
GET /v1/buckets/main/collections/partitioning-exempt-urls/changeset?_expected=1675943045406&_since=%221657747510534%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Alert, Content-Length, Backoff, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 2387
via: 1.1 google
date: Thu, 23 Feb 2023 06:39:21 GMT
age: 3067
last-modified: Thu, 16 Feb 2023 16:36:43 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.comodoca.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 46326506506bbba7bad0eafebb6a7f50
43cd7fdddb89c6686f37405b73fe91486dc3c164
5d2d05168a6744b92819f749b0f7b6dddb69e584390a8b9b4c174493148b6c9d
POST / HTTP/1.1
Host: ocsp.comodoca.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 23 Feb 2023 07:30:28 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 21 Feb 2023 16:47:32 GMT
Expires: Tue, 28 Feb 2023 16:47:31 GMT
Etag: "43cd7fdddb89c6686f37405b73fe91486dc3c164"
Cache-Control: max-age=602132,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 481
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79de41a0ef2c0b45-OSL
ocsp.comodoca.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 46326506506bbba7bad0eafebb6a7f50
43cd7fdddb89c6686f37405b73fe91486dc3c164
5d2d05168a6744b92819f749b0f7b6dddb69e584390a8b9b4c174493148b6c9d
POST / HTTP/1.1
Host: ocsp.comodoca.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 23 Feb 2023 07:30:28 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 21 Feb 2023 16:47:32 GMT
Expires: Tue, 28 Feb 2023 16:47:31 GMT
Etag: "43cd7fdddb89c6686f37405b73fe91486dc3c164"
Cache-Control: max-age=602132,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 481
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79de41a0e98fb4ed-OSL
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash cd04d923e6b3cbd7cac3c56d18ca9016
7d3205fb454124635afcbfcf2265ce504c778ef1
fc857fad800eb3c6f2a3f28007b1b81f2a95e4968d376f47238a681f9c958475
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FC857FAD800EB3C6F2A3F28007B1B81F2A95E4968D376F47238A681F9C958475"
Last-Modified: Wed, 22 Feb 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2730
Expires: Thu, 23 Feb 2023 08:15:58 GMT
Date: Thu, 23 Feb 2023 07:30:28 GMT
Connection: keep-alive
1win-cdn.com/js/icons-common.d0f378f6.js
104.26.5.11200 OK 65 kB URL HTTP/2 1win-cdn.com/js/icons-common.d0f378f6.js
IP 104.26.5.11:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 85c23421ab8e29116c133cfb73edd7de
727bace810eec518cfc6662fb094af08bbcdab25
0f6f290d8e6763f4f80d8d666550c0bb2c71d2cab33ab4d9266587aadcdf9658
GET /js/icons-common.d0f378f6.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1wrcnz.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:27 GMT
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-bgj: minify
cf-polished: origSize=236345
access-control-allow-origin: *
etag: W/"63f37b3f-39b39"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Mon, 20 Feb 2023 13:53:03 GMT
cf-cache-status: HIT
age: 236173
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VHfR6vC501j2YOuO9n6lBmOxKXB%2BYSkBO1TYwVhHmxFxSGO%2B8MpVE%2B8azHsLo1VTsjiVuV9ghSM3YsWloGrjvyLpiTDTPNhrD1fWedCUJRww%2FzjNToJucvkdSpslZg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de4198ed3cb521-OSL
content-encoding: br
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash cd04d923e6b3cbd7cac3c56d18ca9016
7d3205fb454124635afcbfcf2265ce504c778ef1
fc857fad800eb3c6f2a3f28007b1b81f2a95e4968d376f47238a681f9c958475
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FC857FAD800EB3C6F2A3F28007B1B81F2A95E4968D376F47238A681F9C958475"
Last-Modified: Wed, 22 Feb 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2730
Expires: Thu, 23 Feb 2023 08:15:58 GMT
Date: Thu, 23 Feb 2023 07:30:28 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash cd04d923e6b3cbd7cac3c56d18ca9016
7d3205fb454124635afcbfcf2265ce504c778ef1
fc857fad800eb3c6f2a3f28007b1b81f2a95e4968d376f47238a681f9c958475
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FC857FAD800EB3C6F2A3F28007B1B81F2A95E4968D376F47238A681F9C958475"
Last-Modified: Wed, 22 Feb 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2730
Expires: Thu, 23 Feb 2023 08:15:58 GMT
Date: Thu, 23 Feb 2023 07:30:28 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash cd04d923e6b3cbd7cac3c56d18ca9016
7d3205fb454124635afcbfcf2265ce504c778ef1
fc857fad800eb3c6f2a3f28007b1b81f2a95e4968d376f47238a681f9c958475
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FC857FAD800EB3C6F2A3F28007B1B81F2A95E4968D376F47238A681F9C958475"
Last-Modified: Wed, 22 Feb 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2730
Expires: Thu, 23 Feb 2023 08:15:58 GMT
Date: Thu, 23 Feb 2023 07:30:28 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F07a7f783-b830-48ee-af41-9e919bf61c16.jpeg
34.120.237.76200 OK 7.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F07a7f783-b830-48ee-af41-9e919bf61c16.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e767c4b566f75c2e5c384d79c874a982
3aa715f0e3a2fbc2a6be06a1284610be50685023
eb40b67d33ffb31a5acb809c4da06e3a82c49990b78f34407d56d22c444cf11c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F07a7f783-b830-48ee-af41-9e919bf61c16.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7286
x-amzn-requestid: 3c5826ab-c99d-41c0-8145-561cab4d1d01
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AwqTQFtaIAMFW3A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63f68a7a-4e4d07a87e805c5c16837dfe;Sampled=0
x-amzn-remapped-date: Wed, 22 Feb 2023 21:34:50 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: anJcs_dDaqQi_kTT67paSKY90nqjll-QXuFboe1wV_26pr5WK5iNtw==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Wed, 22 Feb 2023 21:45:02 GMT
age: 35126
etag: "3aa715f0e3a2fbc2a6be06a1284610be50685023"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faaed7132-17d0-4617-b3f8-f713aec9243a.jpeg
34.120.237.76200 OK 5.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faaed7132-17d0-4617-b3f8-f713aec9243a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 25600c45164795c721b8cc679e1c00b2
1b5a850ab8518b01cd1c37d22abd0a835bfc7cc8
39e57a7d1101cff67274a0bcdbb20faed021c38679f833613a7165804fa11d86
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faaed7132-17d0-4617-b3f8-f713aec9243a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5786
x-amzn-requestid: ea349af3-40dd-41e1-97fe-a809f6d5eee5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AuruGHcJoAMF6Mw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63f5bff3-19724f456dc7624217b24550;Sampled=0
x-amzn-remapped-date: Wed, 22 Feb 2023 07:10:43 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: USRXxr5x55UUBScc_mpikrEIIBB2xN0Z72vZzUAyxRuNUwYUqrqvXg==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 22 Feb 2023 07:33:19 GMT
age: 86229
etag: "1b5a850ab8518b01cd1c37d22abd0a835bfc7cc8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F04e67897-b0ef-4c04-a8de-f6f092510d32.jpeg
34.120.237.76200 OK 5.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F04e67897-b0ef-4c04-a8de-f6f092510d32.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b71d2b327e4b858ce631d4d3d7ebeb4a
d35b46e26cab53baf794abc95a9796fc681f8d6d
e69798f5c9b6b1e33b8e7b3dc2ea1c463f06d4ba4fbc3b08e1fdd13d19b4756b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F04e67897-b0ef-4c04-a8de-f6f092510d32.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5894
x-amzn-requestid: 70cc1517-7f08-4576-ba9a-2d049ce63647
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AwqgqHB5oAMFcXw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63f68ad0-7d8e36ec44432c5a69c0662c;Sampled=0
x-amzn-remapped-date: Wed, 22 Feb 2023 21:36:16 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: XjhltuUdm4owh8FuXWiT6hh0ov_GuQHpbMnDxm2cCaWrwq3rrvJZJw==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Wed, 22 Feb 2023 21:55:57 GMT
age: 34471
etag: "d35b46e26cab53baf794abc95a9796fc681f8d6d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1585e234-d4e0-4e4e-8699-70831e5a915e.jpeg
34.120.237.76200 OK 9.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1585e234-d4e0-4e4e-8699-70831e5a915e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e4016fa20fa2642f89d375fcc2855d4b
f1733be34a214e9565208f814dd3990f89cafbcb
74686e6a674433c436bce8c70cecc1a2cde51e82241e8251188ebd587fd4ee18
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1585e234-d4e0-4e4e-8699-70831e5a915e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9721
x-amzn-requestid: 5ddea3ff-b6e2-4528-8e71-eade54612b4f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AwqR3HJpoAMF5LQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63f68a72-413219251feae2e32b9e6857;Sampled=0
x-amzn-remapped-date: Wed, 22 Feb 2023 21:34:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: iHR9N5OPgY8mjpsZowY-Ipeq62c8O_QQorpNmIOa68_vmWyY0eqt-A==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 22 Feb 2023 21:44:15 GMT
age: 35173
etag: "f1733be34a214e9565208f814dd3990f89cafbcb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7713f4b5-c3f3-4d1b-b482-207e7dba9b9f.jpeg
34.120.237.76200 OK 6.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7713f4b5-c3f3-4d1b-b482-207e7dba9b9f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 74dd13a48eb1b654aa657ac1b50abd24
4b5a935ba7d60b1f68e89d56115a91bd90fef982
c2edd14bfbfcce7e37c6226b47f31a133e9e51efcd0dcbc2a33bc89c564446d9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7713f4b5-c3f3-4d1b-b482-207e7dba9b9f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6136
x-amzn-requestid: a2466096-4fbe-43aa-8f32-b4bd90d8a0d7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Auq1HFb2oAMFS9Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63f5be86-453b0b3210b8885f0b64abda;Sampled=0
x-amzn-remapped-date: Wed, 22 Feb 2023 07:04:38 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: BRkPt2338yZWlb7HpFKHHk8N2p_U2nr2X0iXcBbdNeViMpw_eNkbyQ==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 23 Feb 2023 07:17:08 GMT
age: 800
etag: "4b5a935ba7d60b1f68e89d56115a91bd90fef982"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f9477dd-9700-4cbd-8d0e-37bd76c53a93.jpeg
34.120.237.76200 OK 7.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f9477dd-9700-4cbd-8d0e-37bd76c53a93.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e7cd1e9feb9abc7f7d7f0d5fc7b181f0
cf3ce1808c48e1a86910e16731a044f6cb26275d
426c90298d5a0807b7820d803ce2907268df1195e15d5582eb0ff2f3deeb318c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f9477dd-9700-4cbd-8d0e-37bd76c53a93.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7734
x-amzn-requestid: fe4dc342-33b6-45f6-984c-2c71dfa0ec13
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AtX-lGiJoAMFW3A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63f539f6-489049413f3cb63c537f20d0;Sampled=0
x-amzn-remapped-date: Tue, 21 Feb 2023 21:39:02 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: KyUqB4zqsHWgCv7C3-PymFep4oVmPy4ZHFf75lYOfWbb4qgvVRqoLg==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Wed, 22 Feb 2023 21:51:47 GMT
age: 34721
etag: "cf3ce1808c48e1a86910e16731a044f6cb26275d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
api.amplitude.com/
35.83.236.67200 OK 0 B IP 35.83.236.67:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS / HTTP/1.1
Host: api.amplitude.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: cross-origin-resource-policy
Referer: https://1wrcnz.top/
Origin: https://1wrcnz.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:28 GMT
content-length: 0
access-control-allow-origin: *
access-control-allow-methods: GET, POST
access-control-allow-headers: cross-origin-resource-policy
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
region1.google-analytics.com/g/collect?v=2&tid=G-548949LWLW>m=45je32m0h2&_p=932505347&cid=585520935.1677137437&ul=en-us&sr=1280x1024&_s=1&sid=1677137437&sct=1&seg=0&dl=https%3A%2F%2F1wrcnz.top%2F&dt=1win%20-%20Loading&en=page_view&_fv=1&_nsi=1&_ss=1
216.239.34.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-548949LWLW>m=45je32m0h2&_p=932505347&cid=585520935.1677137437&ul=en-us&sr=1280x1024&_s=1&sid=1677137437&sct=1&seg=0&dl=https%3A%2F%2F1wrcnz.top%2F&dt=1win%20-%20Loading&en=page_view&_fv=1&_nsi=1&_ss=1
IP 216.239.34.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-548949LWLW>m=45je32m0h2&_p=932505347&cid=585520935.1677137437&ul=en-us&sr=1280x1024&_s=1&sid=1677137437&sct=1&seg=0&dl=https%3A%2F%2F1wrcnz.top%2F&dt=1win%20-%20Loading&en=page_view&_fv=1&_nsi=1&_ss=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wrcnz.top
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://1wrcnz.top
date: Thu, 23 Feb 2023 07:30:28 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
1win-cdn.com/js/10.fff54e18.js
104.26.5.11200 OK 4.7 kB URL HTTP/2 1win-cdn.com/js/10.fff54e18.js
IP 104.26.5.11:0
File type ASCII text, with very long lines (11261), with no line terminators
Hash de7ecef9617c087841f8e667105b9473
8ae3dd8d0dfd4a5630178045de86479a30d50b0c
aafe07b9113f16aa35a3fcaee119454d45e2bce3ebd50948992fb176619be968
GET /js/10.fff54e18.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:28 GMT
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-bgj: minify
cf-polished: origSize=11301
access-control-allow-origin: *
etag: W/"63f343d8-2c25"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Mon, 20 Feb 2023 09:56:40 GMT
cf-cache-status: HIT
age: 250334
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B6L2iFCKFn2zu2GDqpbW6fEYyKsmF99hPSLXF4BwcBqyqeUOZvv1YhYG22dh7yueslh%2BelWgcV5RVCyfwXGc8fmIsAkVW0UilslJYlF5MbXL9VD5cziYvE3SMeq2iQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de41a27fcbb521-OSL
content-encoding: br
X-Firefox-Spdy: h2
mc.yandex.ru/metrika/advert.gif
77.88.21.119200 OK 43 B URL HTTP/2 mc.yandex.ru/metrika/advert.gif
IP 77.88.21.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /metrika/advert.gif HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Thu, 23 Feb 2023 07:30:28 GMT
access-control-allow-origin: *
etag: "63f47caa-2b"
expires: Thu, 23 Feb 2023 08:30:28 GMT
accept-ranges: bytes
last-modified: Tue, 21 Feb 2023 11:11:22 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: max-age=3600
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
1win-cdn.com/js/8266.261fb911.js
104.26.5.11200 OK 18 kB URL HTTP/2 1win-cdn.com/js/8266.261fb911.js
IP 104.26.5.11:0
File type Unicode text, UTF-8 text, with very long lines (65533), with no line terminators
Hash 4745f095909858e6c8cce85bb3685e8e
86323d9409553ec3295e5885f8d2cc359e2ab293
71cfc8c018412dc5dec8d3dcdb0dac78614642b6843f523823bc668cf2dbc706
GET /js/8266.261fb911.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:28 GMT
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-bgj: minify
cf-polished: origSize=95323
access-control-allow-origin: *
etag: W/"63f493bb-1745b"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Tue, 21 Feb 2023 09:49:47 GMT
cf-cache-status: HIT
age: 163135
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YZ3bXLOrpxQr%2F47wq4YYk7rOvN%2FGT1lUrtq4EyqhkMfKsC3R39mH%2BD%2FjIw6FqoetqrZAtSJ5GZ2NDkci91QquQ27zu1FmcraELlvxD5QSr5s20bFwDwwUGD2O%2BMRlQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de41a26fc3b521-OSL
content-encoding: br
X-Firefox-Spdy: h2
1win-cdn.com/js/541.a9d4d7c3.js
104.26.5.11200 OK 3.9 kB URL HTTP/2 1win-cdn.com/js/541.a9d4d7c3.js
IP 104.26.5.11:0
File type Unicode text, UTF-8 text, with very long lines (11173), with no line terminators
Hash b1ad2ef9d7430f1e915a6b4d2be8fb07
b08694c377e0026025ace8f2e7cd959cd50d9724
7313eaae5b17c7c87aa42157a184f4ac2d60569af10fbc147616caaf803b7e50
GET /js/541.a9d4d7c3.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:28 GMT
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-bgj: minify
cf-polished: origSize=11217
access-control-allow-origin: *
etag: W/"63f37b40-2bd1"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Mon, 20 Feb 2023 13:53:04 GMT
cf-cache-status: HIT
age: 236120
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ww3tF%2B2a4r4kv6NOkXi0CkITrs%2F7o2KEdI6SvPS8c5ZvJqMcqocmJ5FaUzJEPl16gqfEY78XVIg9zxbprvFsGvzmMqJ2%2BA69njzIT8IJq%2FRtp1KC9WT1o9kRi4ai8A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de41a26fc4b521-OSL
content-encoding: br
X-Firefox-Spdy: h2
1win.direct/socket.io/?Language=en&EIO=3&transport=websocket
134.122.54.186101 Switching Protocols 0 B URL HTTP/1.1 1win.direct/socket.io/?Language=en&EIO=3&transport=websocket
IP 134.122.54.186:0
ASN #14061 DIGITALOCEAN-ASN
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /socket.io/?Language=en&EIO=3&transport=websocket HTTP/1.1
Host: 1win.direct
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://1wrcnz.top
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Kls1CShprrWICYx6fohQQg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Sec-Websocket-Accept: +98hzQZrBidmv+i4KjXDzF/sygI=
Sec-Websocket-Extensions: permessage-deflate
Set-Cookie: core-sticky=448e39fa50c791cb; Path=/; HttpOnly
Upgrade: websocket
mc.yandex.ru/watch/92006234?wmode=7&page-url=https%3A%2F%2F1wrcnz.top%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3Asm0eap24cmhk4ozkpnx0n%3Afp%3A1194%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A970%3Acn%3A1%3Adp%3A0%3Als%3A736808800002%3Ahid%3A178057334%3Az%3A0%3Ai%3A20230223073037%3Aet%3A1677137438%3Ac%3A1%3Arn%3A305922831%3Arqn%3A1%3Au%3A1677137438210485216%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C261%2C112%2C0%2C322%2C0%2C%2C460%2C1%2C%2C%2C%2C1468%3Aco%3A0%3Ans%3A1677137434733%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1677137438%3At%3A1win%20-%20Loading&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2)
77.88.21.119302 Found 275 B URL HTTP/2 mc.yandex.ru/watch/92006234?wmode=7&page-url=https%3A%2F%2F1wrcnz.top%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3Asm0eap24cmhk4ozkpnx0n%3Afp%3A1194%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A970%3Acn%3A1%3Adp%3A0%3Als%3A736808800002%3Ahid%3A178057334%3Az%3A0%3Ai%3A20230223073037%3Aet%3A1677137438%3Ac%3A1%3Arn%3A305922831%3Arqn%3A1%3Au%3A1677137438210485216%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C261%2C112%2C0%2C322%2C0%2C%2C460%2C1%2C%2C%2C%2C1468%3Aco%3A0%3Ans%3A1677137434733%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1677137438%3At%3A1win%20-%20Loading&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2)
IP 77.88.21.119:0
Hash 519022b7f9c99d78c402a12108d8ceea
6c1e0658190f5f674217e8578e062e34c1895619
655a365f72718d604810adbe5ef2f12e0f7598ee46105721d92095abf56b5d86
GET /watch/92006234?wmode=7&page-url=https%3A%2F%2F1wrcnz.top%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3Asm0eap24cmhk4ozkpnx0n%3Afp%3A1194%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A970%3Acn%3A1%3Adp%3A0%3Als%3A736808800002%3Ahid%3A178057334%3Az%3A0%3Ai%3A20230223073037%3Aet%3A1677137438%3Ac%3A1%3Arn%3A305922831%3Arqn%3A1%3Au%3A1677137438210485216%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C261%2C112%2C0%2C322%2C0%2C%2C460%2C1%2C%2C%2C%2C1468%3Aco%3A0%3Ans%3A1677137434733%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1677137438%3At%3A1win%20-%20Loading&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wrcnz.top
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers
HTTP/2 302 Found
location: /watch/92006234/1?wmode=7&page-url=https%3A%2F%2F1wrcnz.top%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3Asm0eap24cmhk4ozkpnx0n%3Afp%3A1194%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A970%3Acn%3A1%3Adp%3A0%3Als%3A736808800002%3Ahid%3A178057334%3Az%3A0%3Ai%3A20230223073037%3Aet%3A1677137438%3Ac%3A1%3Arn%3A305922831%3Arqn%3A1%3Au%3A1677137438210485216%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C261%2C112%2C0%2C322%2C0%2C%2C460%2C1%2C%2C%2C%2C1468%3Aco%3A0%3Ans%3A1677137434733%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1677137438%3At%3A1win%20-%20Loading&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
date: Thu, 23 Feb 2023 07:30:28 GMT
access-control-allow-origin: https://1wrcnz.top
set-cookie: yabs-sid=856678491677137428; Path=/; SameSite=None; Secure
i=HHCg1J3mdEVe1Pv0+YteYThacrVx6qAGBg54+TG1jISTUY5NDE4GNns83GarmGbygqvt9rzD/l8O87GmHQL43kWZW+s=; Expires=Sun, 20-Feb-2033 07:30:22 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
yandexuid=8038426811677137428; Expires=Fri, 23-Feb-2024 07:30:28 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=8038426811677137428; Expires=Fri, 23-Feb-2024 07:30:28 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
ymex=1708673428.yc.1677137428#1708673428.yrts.1677137428#1708673428.yrtsi.1677137428; Expires=Fri, 23-Feb-2024 07:30:28 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Thu, 23-Feb-2023 07:30:28 GMT
last-modified: Thu, 23-Feb-2023 07:30:28 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
api.amplitude.com/
35.83.236.67200 OK 7 B IP 35.83.236.67:0
File type ASCII text, with no line terminators
Hash 260ca9dd8a4577fc00b7bd5810298076
53a5687cb26dc41f2ab4033e97e13adefd3740d6
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
POST / HTTP/1.1
Host: api.amplitude.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 1099
Cross-Origin-Resource-Policy: cross-origin
Origin: https://1wrcnz.top
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:29 GMT
content-type: text/html;charset=utf-8
content-length: 7
access-control-allow-origin: *
access-control-allow-methods: GET, POST
trace-id: Root=1-63f71614-7d42492170237b155e58432b
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
1wrcnz.top/1.txt?1677137437676
190.115.24.78200 OK 8 B URL HTTP/2 1wrcnz.top/1.txt?1677137437676
IP 190.115.24.78:0
ASN #262254 DDOS-GUARD CORP.
Hash 48cfef8b3001a8c220dc815870f9916e
b77e871e72a3083c4bb31d6bcb5a257557181269
3d2c759213949af96fbdcd756a5146f64a9acadf9625bd7a9feb04bb4517b4f9
GET /1.txt?1677137437676 HTTP/1.1
Host: 1wrcnz.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1wrcnz.top/sw.db344b25.js
Connection: keep-alive
Cookie: visit_domain=1wrcnz.top; core-sticky=http://10.233.72.195:80; amp_494ccc=0jLQyK9s7WVauTGSitWWN8...1gpuisnrh.1gpuiso6c.0.3.3; amplitude-device-id=23d207a2-2af7-4eba-9f41-19599a058d79; 1w_lang=en; _gcl_au=1.1.1846652071.1677137437; _ga_548949LWLW=GS1.1.1677137437.1.0.1677137437.0.0.0; _ga=GA1.1.585520935.1677137437; _hjSessionUser_2606090=eyJpZCI6IjAwYzBkNDQxLTcwNmYtNWZhMC04Mzg3LWIyMWYyMzZiZDM5YSIsImNyZWF0ZWQiOjE2NzcxMzc0MzcyNjYsImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjIncludedInSessionSample_2606090=0; _hjSession_2606090=eyJpZCI6IjZiYzI3ZDcyLTg2YjItNDhjNy1iNDhlLTRlNjJiZjVjNDUwZSIsImNyZWF0ZWQiOjE2NzcxMzc0MzcyNjksImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=1; _hjHasCachedUserAttributes=true; _ym_uid=1677137438210485216; _ym_d=1677137438
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty/1.19.9.1
date: Thu, 23 Feb 2023 07:31:15 GMT
content-type: text/plain
content-length: 8
last-modified: Wed, 22 Feb 2023 10:12:40 GMT
etag: "63f5ea98-8"
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
1win-cdn.com/css/5616.80aa74eb.css
104.26.5.11200 OK 2.9 kB URL HTTP/2 1win-cdn.com/css/5616.80aa74eb.css
IP 104.26.5.11:0
File type ASCII text, with very long lines (20616), with no line terminators
Hash d999dc148234bbd64fb4abf9396c1c45
26eec0ce997b1610c168fb0436f97210e659708c
e9de330a51855e818aa5f61a0350375e815cf2166701256637239697795e56ff
GET /css/5616.80aa74eb.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:28 GMT
content-type: text/css
cache-control: max-age=315360000
cf-bgj: minify
access-control-allow-origin: *
etag: W/"63a42a53-5088"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Thu, 22 Dec 2022 09:58:43 GMT
cf-cache-status: HIT
age: 5434135
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1f1VJRTEqX%2F8nF2nHUbvv1xWfAB8NSFDVyzoo3kccVeb8m3RgBOchMbFtPYO1u5Bbo4RyubTgvwp61aQClxVN8uoFDBYvOVW%2Fl%2F8StKAmqbLdBsN70kcMDgMU%2Bo4gA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de41a27fccb521-OSL
content-encoding: br
X-Firefox-Spdy: h2
1win-cdn.com/img/present-with-light.bd57fb06-151.png
104.26.5.11200 OK 6.7 kB URL HTTP/2 1win-cdn.com/img/present-with-light.bd57fb06-151.png
IP 104.26.5.11:0
File type PNG image data, 151 x 161, 8-bit colormap, non-interlaced\012- data
Hash 6e2f4fff39b3a495fecefe5fee863c51
d358f1c8d7fe7298feea325c7ea6d145a3634026
4800fa860802fd0e46629776201afccd5adc1bf6b8b5a45a5e7c46d8d3b2a690
GET /img/present-with-light.bd57fb06-151.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:29 GMT
content-type: image/png
content-length: 6732
last-modified: Thu, 22 Dec 2022 09:58:43 GMT
etag: "63a42a53-1a4c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 5434118
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GvcfUwrtjdCZnWTpDM4Q3l0vA0BQ%2FbVhje3sxr0pLRuOSOXZy3mwsP7g%2F%2Fttk1gzeTDsL%2F4OL1zma0I85z%2F0wdykktqN%2BR5%2B9yCrE%2FiFMx4YfF1m5iWQzfefemudxQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de41a76d82b521-OSL
X-Firefox-Spdy: h2
1wrcnz.top/img/logo/1w_logo.png
190.115.24.78200 OK 4.8 kB URL HTTP/2 1wrcnz.top/img/logo/1w_logo.png
IP 190.115.24.78:0
ASN #262254 DDOS-GUARD CORP.
File type PNG image data, 323 x 164, 8-bit colormap, non-interlaced\012- data
Hash e7d8fcc746006b1abde034aaaeee2e82
b97e142443e0ac2f4f76e48da17805cbfe5bba9b
f747b621f083b8057bc6cac94a48be972e710b5ff250c15aa7edda226d1a2e3a
GET /img/logo/1w_logo.png HTTP/1.1
Host: 1wrcnz.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1wrcnz.top/bets/home
Connection: keep-alive
Cookie: visit_domain=1wrcnz.top; core-sticky=http://10.233.72.195:80; amp_494ccc=0jLQyK9s7WVauTGSitWWN8...1gpuisnrh.1gpuiso6c.0.3.3; amplitude-device-id=23d207a2-2af7-4eba-9f41-19599a058d79; 1w_lang=en; _gcl_au=1.1.1846652071.1677137437; _ga_548949LWLW=GS1.1.1677137437.1.0.1677137437.0.0.0; _ga=GA1.1.585520935.1677137437; _hjSessionUser_2606090=eyJpZCI6IjAwYzBkNDQxLTcwNmYtNWZhMC04Mzg3LWIyMWYyMzZiZDM5YSIsImNyZWF0ZWQiOjE2NzcxMzc0MzcyNjYsImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjIncludedInSessionSample_2606090=0; _hjSession_2606090=eyJpZCI6IjZiYzI3ZDcyLTg2YjItNDhjNy1iNDhlLTRlNjJiZjVjNDUwZSIsImNyZWF0ZWQiOjE2NzcxMzc0MzcyNjksImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=1; _hjHasCachedUserAttributes=true; _ym_uid=1677137438210485216; _ym_d=1677137438; 1w_locale=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty/1.19.9.1
date: Thu, 23 Feb 2023 07:31:15 GMT
content-type: image/png
content-length: 4799
last-modified: Wed, 22 Feb 2023 10:12:40 GMT
etag: "63f5ea98-12bf"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: DENY
accept-ranges: bytes
X-Firefox-Spdy: h2
1wrcnz.top/common/title?path=bets&lang=en
190.115.24.78200 OK 16 B URL HTTP/2 1wrcnz.top/common/title?path=bets&lang=en
IP 190.115.24.78:0
ASN #262254 DDOS-GUARD CORP.
File type JSON data\012- , ASCII text, with no line terminators
Hash 7363e85fe9edee6f053a4b319588c086
a15e2127145548437173fc17f3e980e3f3dee2d0
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
GET /common/title?path=bets&lang=en HTTP/1.1
Host: 1wrcnz.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1wrcnz.top/
Connection: keep-alive
Cookie: visit_domain=1wrcnz.top; core-sticky=http://10.233.72.195:80; amp_494ccc=0jLQyK9s7WVauTGSitWWN8...1gpuisnrh.1gpuiso6c.0.3.3; amplitude-device-id=23d207a2-2af7-4eba-9f41-19599a058d79; 1w_lang=en; _gcl_au=1.1.1846652071.1677137437; _ga_548949LWLW=GS1.1.1677137437.1.0.1677137437.0.0.0; _ga=GA1.1.585520935.1677137437; _hjSessionUser_2606090=eyJpZCI6IjAwYzBkNDQxLTcwNmYtNWZhMC04Mzg3LWIyMWYyMzZiZDM5YSIsImNyZWF0ZWQiOjE2NzcxMzc0MzcyNjYsImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjIncludedInSessionSample_2606090=0; _hjSession_2606090=eyJpZCI6IjZiYzI3ZDcyLTg2YjItNDhjNy1iNDhlLTRlNjJiZjVjNDUwZSIsImNyZWF0ZWQiOjE2NzcxMzc0MzcyNjksImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=1; _hjHasCachedUserAttributes=true; _ym_uid=1677137438210485216; _ym_d=1677137438; 1w_locale=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty/1.19.9.1
date: Thu, 23 Feb 2023 07:31:15 GMT
content-type: application/json; charset=utf-8
content-length: 16
vary: Origin
x-frame-options: DENY
X-Firefox-Spdy: h2
1win-cdn.com/img/best-bitcoin-casino.9c1716b1-50.png
104.26.5.11200 OK 1.0 kB URL HTTP/2 1win-cdn.com/img/best-bitcoin-casino.9c1716b1-50.png
IP 104.26.5.11:0
File type PNG image data, 50 x 50, 8-bit colormap, non-interlaced\012- data
Hash d17d9ae707b485a356eec325e36aa505
650fc9b7790343d87eacfa5f5466ecf659f3b9a7
5bca66d0040f92e3f15089ebc1f46687cf7bde68d46db0fb286113aaba9ac57f
GET /img/best-bitcoin-casino.9c1716b1-50.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:29 GMT
content-type: image/png
content-length: 1035
last-modified: Wed, 21 Dec 2022 11:04:29 GMT
etag: "63a2e83d-40b"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 5502158
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K0jvgd4MZ6i5JopvKxQm%2FrTfDHefggdeoV%2FWL7yiueyvBg6SBqd6b5D%2F1%2Bk%2FWWvDAAk1tBt5ZH%2Brjb6kIqVV%2FFZ8c1NwPX3ZS%2BOW92eeW18DWpXdPExDp6kOw2Q75w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de41a7bddab521-OSL
X-Firefox-Spdy: h2
1win-cdn.com/img/casinos-analyzer.896bc525-182.png
104.26.5.11200 OK 2.0 kB URL HTTP/2 1win-cdn.com/img/casinos-analyzer.896bc525-182.png
IP 104.26.5.11:0
File type PNG image data, 182 x 50, 8-bit colormap, non-interlaced\012- data
Hash 75b2e733b195a4dc9229efa156e5a67a
f1755917d01bb31e56ab6e68c16656f6ffa9c38a
58a6718ce885d0923e0c0cdf64b8017396068f6c4c7ebda40fe951221dfb7475
GET /img/casinos-analyzer.896bc525-182.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:29 GMT
content-type: image/png
content-length: 2047
last-modified: Wed, 21 Dec 2022 11:04:29 GMT
etag: "63a2e83d-7ff"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 5502158
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ij6ty9eB8XsPj7Fqa5tqSt6WY2P3s%2BkI9TuwCyWJc5bqGAB%2FvVpyHSSLCroSBxyrhEBFbZ8%2Bacw8KxVlPsFWDUk%2F4mWJR2faeCcRt7%2F3AAtm3zM9ALx3IHEnbKTj0w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de41a7bddcb521-OSL
X-Firefox-Spdy: h2
1win-cdn.com/img/casino-mentor.f6b6387a-172.png
104.26.5.11200 OK 2.0 kB URL HTTP/2 1win-cdn.com/img/casino-mentor.f6b6387a-172.png
IP 104.26.5.11:0
File type PNG image data, 172 x 50, 8-bit colormap, non-interlaced\012- data
Hash 1c8fa7ed406056b760b1171b49f8fd73
601643736f0c6bdce0531f5bc5252a96879d1ad1
c4ff5a6ee1315f5e5eeb287189912baaae7e032f178ccad3c575d6f8d99d4916
GET /img/casino-mentor.f6b6387a-172.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:29 GMT
content-type: image/png
content-length: 1976
last-modified: Wed, 21 Dec 2022 11:04:29 GMT
etag: "63a2e83d-7b8"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 5502158
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lFKLZPOjucSpkC6by6g%2Bfqbt1%2BJ3EsfK7s8%2FnBdgxaWPL4z6UGxdJaVQmFz5G0XB2L8eY3fmF2r4pmcljqm23TcAeR5%2BJkbgurxzYrL%2FCIYmSv3%2FFhwHsURI5%2BVSFA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de41a7bdd9b521-OSL
X-Firefox-Spdy: h2
1win-cdn.com/img/cricket-betting-wali.1863d1d9-43.png
104.26.5.11200 OK 2.5 kB URL HTTP/2 1win-cdn.com/img/cricket-betting-wali.1863d1d9-43.png
IP 104.26.5.11:0
File type PNG image data, 43 x 50, 8-bit colormap, non-interlaced\012- data
Hash f4d8e1bf9ee6fb80b23760cae020a174
008045648a3c542d9ffb296b9ab7f57dce550274
207d2b3d3be139912aef09fc9c5f794a8853c2c3526ab30a3603b8767d7cd07e
GET /img/cricket-betting-wali.1863d1d9-43.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:29 GMT
content-type: image/png
content-length: 2508
last-modified: Wed, 21 Dec 2022 11:04:29 GMT
etag: "63a2e83d-9cc"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 5502158
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bPvh4M10gPCXUIoU3PZB5lW4xPqelOX0RLYkIqx5yuiz1GrPZv%2FNFpLjWMEFsd2RW4DkK48bac%2FRhc41FeEzNFIQtgp9dcxDTWfRKHvpOiVxb1YbUnqx9wT43u96tQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de41a7bdddb521-OSL
X-Firefox-Spdy: h2
1win-cdn.com/img/cricket-betting-guru.cfe7d426-500.png
104.26.5.11200 OK 9.2 kB URL HTTP/2 1win-cdn.com/img/cricket-betting-guru.cfe7d426-500.png
IP 104.26.5.11:0
File type PNG image data, 500 x 500, 8-bit colormap, non-interlaced\012- data
Hash 3c6da1041cc0873ff73533fd0e03f5a0
0666e13970c0698cf09ffafc9467ea705258c552
dfeed2cdb884b7769b5ee0fde60457b4b5380b7608c296b67e26c48dc1ca3f08
GET /img/cricket-betting-guru.cfe7d426-500.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:29 GMT
content-type: image/png
content-length: 9249
last-modified: Thu, 22 Dec 2022 09:58:43 GMT
etag: "63a42a53-2421"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 5434118
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y1A5hiVob3yjF%2FviutRd4dHM9aB3dzpNYndP2nBJ0ltThRf5YrsTlIXIjkbSGw6eO%2BYUkoKvqb5IMAYqDUMzGORLh5zR9fVpm%2BwAvzFGBuFf3u9U84a1tgKy2mDZFw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de41a7bde1b521-OSL
X-Firefox-Spdy: h2
1win-cdn.com/img/free-money-link-image.4433e497-120.png
104.26.5.11200 OK 6.3 kB URL HTTP/2 1win-cdn.com/img/free-money-link-image.4433e497-120.png
IP 104.26.5.11:0
File type PNG image data, 120 x 97, 8-bit colormap, non-interlaced\012- data
Hash 8c77c77c33189721a876fefeadf5ca83
0b197aa9e55fe824b28e55b9e0591f8631b6c3c8
b2a4295182c1f7c9619a4d2f842be12f4cbc6c4bb8d2ea607f06ff3bc4099486
GET /img/free-money-link-image.4433e497-120.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:29 GMT
content-type: image/png
content-length: 6292
last-modified: Thu, 22 Dec 2022 09:58:43 GMT
etag: "63a42a53-1894"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 5432220
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=srG0wjDAcu9wgJthD6TGupvNlK6DYATpztr04oVaw1hRaU5O2ZMEyX%2F3geWulyZ%2B4JliRHxJJJruFk7MgaAKaGjfDk%2BVXIjQNAX8YP4%2Fl44xS1GN90WYId9VjWeUVw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de41a7bde3b521-OSL
X-Firefox-Spdy: h2
1win-cdn.com/img/sprite-roulette-frame@2.76ea5a24-256.png
104.26.5.11200 OK 30 kB URL HTTP/2 1win-cdn.com/img/sprite-roulette-frame@2.76ea5a24-256.png
IP 104.26.5.11:0
File type PNG image data, 256 x 256, 8-bit colormap, non-interlaced\012- data
Hash fa83f73358ed73cbd8a0faf0d8e6c019
586b95f1e5e1945abd0248e995f79274463c1cd8
ede3848497b96e7defd4c5d53133cf2e374487411186a66a6146191ae5692f77
GET /img/sprite-roulette-frame@2.76ea5a24-256.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:29 GMT
content-type: image/png
content-length: 29770
last-modified: Thu, 22 Dec 2022 09:58:43 GMT
etag: "63a42a53-744a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 5432219
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zJeJciWkGR5wYvm7j9sH%2Bw5TV6Vqzi7JeYQGO5VTe5Cnjk%2BDBuU5GxZqeQvyji4V5Reosm%2BJ%2FAvlSYaRo5wuJRWBfM1uzJ04802Y6B6kQKletuT7D%2Fm9wt4KbqgNNQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de41a7cdecb521-OSL
X-Firefox-Spdy: h2
1win-cdn.com/img/sprite-tvbet-frame@2.52cde99d-256.png
104.26.5.11200 OK 4.5 kB URL HTTP/2 1win-cdn.com/img/sprite-tvbet-frame@2.52cde99d-256.png
IP 104.26.5.11:0
File type PNG image data, 256 x 256, 8-bit colormap, non-interlaced\012- data
Hash 40212134fb58f842529fa66647f1b7d2
e6d355ea609129942cde7b9d47e587ae5cc8596c
c04666bc555dfa0fbd2b5da4984cb813b58eab772e1fa1efa2fd2e62c6d11f7b
GET /img/sprite-tvbet-frame@2.52cde99d-256.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:29 GMT
content-type: image/png
content-length: 4458
last-modified: Thu, 22 Dec 2022 09:58:43 GMT
etag: "63a42a53-116a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 5432220
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BckE2WJFmvcEMwS%2FbVGgO6nkJ0tmb9CkTKl%2BNFIBfMKTCQVQxgctBlo8Ykar4njiOWQdts%2BJ29eDZc0gefskfJ6OilTrNmOCGad2cA7RmpQGFjMpRavJKBsFVk1fGg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de41a7cde9b521-OSL
X-Firefox-Spdy: h2
1win-cdn.com/img/sprite-dice-frame@2.8e0d7067-256.png
104.26.5.11200 OK 17 kB URL HTTP/2 1win-cdn.com/img/sprite-dice-frame@2.8e0d7067-256.png
IP 104.26.5.11:0
File type PNG image data, 256 x 256, 8-bit colormap, non-interlaced\012- data
Hash b5469917695caf597285ce3e08c0e314
8d6b57a1590baf7531d688d5dde729ede7d02108
3353862bc343fe2f92faf7e59595d9aa80d2fbdc90c6677437daf3a9acd84b32
GET /img/sprite-dice-frame@2.8e0d7067-256.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:29 GMT
content-type: image/png
content-length: 17269
last-modified: Thu, 22 Dec 2022 09:58:43 GMT
etag: "63a42a53-4375"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 5432220
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XiU%2FY1IX5U2o6KLWhnaTjPtHKrIIyTlr2%2FUxQb39n7r9MaMDTvbCwwLCU7OvMDSQaWnNKgpZVgR0L5MeJKiQ4T9jRffHCrjRLKFNQPR39pLyqAp%2FbxmO%2FMju02XkiQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de41a7cdf1b521-OSL
X-Firefox-Spdy: h2
1win-cdn.com/img/sprite-tvbet@2.888adc8e-256.webp
104.26.5.11200 OK 354 kB URL HTTP/2 1win-cdn.com/img/sprite-tvbet@2.888adc8e-256.webp
IP 104.26.5.11:0
File type RIFF (little-endian) data, Web/P image\012- data
Size 354 kB (353842 bytes)
Hash 8df817e5ef0af5dc8279d3f20cae9bc3
12c85bcc74a48053c92f3f75ce3c14e1a19e46d3
61a0f98511e6c60430ab044d1f80e1c9eff83f577064d465cc5f893ba3ce0fee
GET /img/sprite-tvbet@2.888adc8e-256.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:29 GMT
content-type: image/webp
content-length: 353842
last-modified: Wed, 22 Feb 2023 10:11:58 GMT
etag: "63f5ea6e-56632"
x-frame-options: DENY
cache-control: max-age=14400
cf-cache-status: HIT
age: 4772
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=87hcvyHkosqKtwMTtLDsJkS4W7M2A4JL0xA2N1Q%2BYSvhjMaAWVBti98RceZATS4%2BJj%2B4gi8%2FyXGK3DH5NY0wRisizmgZ1duFfs9SKyJuzz3BL7IciMa2PO1uFs8h8g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de41a7cdebb521-OSL
X-Firefox-Spdy: h2
1win-cdn.com/img/sprite-poker-frame@2.1caa31af-256.png
104.26.5.11200 OK 10 kB URL HTTP/2 1win-cdn.com/img/sprite-poker-frame@2.1caa31af-256.png
IP 104.26.5.11:0
File type PNG image data, 256 x 256, 8-bit colormap, non-interlaced\012- data
Hash 74023900d89b98987ea3248f4a89a218
4ea53a2415cf89647c40a32c69b50bde861a40ed
484183c9f4d5b2d68649d3025af4d2b95a5cb71f40a1cf960d62e0e3560162ab
GET /img/sprite-poker-frame@2.1caa31af-256.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:29 GMT
content-type: image/png
content-length: 10453
last-modified: Thu, 22 Dec 2022 09:58:43 GMT
etag: "63a42a53-28d5"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 5432219
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aI8uk3GIJRfZOaUdKFiz5GnflC7M8dGDE48NTas8j9XNyNcD8pcUwSUANpv7TvP93%2BhK9FiCYxx%2BHTG1YPZvJ%2FqMf2ECql0lafSjc%2B2zB%2BmmQ1DXvmt%2Fj7ZRjO3rwA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de41a7cdf7b521-OSL
X-Firefox-Spdy: h2
1win-cdn.com/img/pwa_android_en.b229a444-690.png
104.26.5.11200 OK 38 kB URL HTTP/2 1win-cdn.com/img/pwa_android_en.b229a444-690.png
IP 104.26.5.11:0
File type PNG image data, 690 x 450, 8-bit colormap, non-interlaced\012- data
Hash 8b6daeaca5784288934eb5c3dbc3401d
2df52222cb03510733d5f5c616278143e7f93f2d
53ee238e1169d7940016da0159e72a214403576447cf1b8cb384942a6200d191
GET /img/pwa_android_en.b229a444-690.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:29 GMT
content-type: image/png
content-length: 37637
last-modified: Thu, 22 Dec 2022 11:20:11 GMT
etag: "63a43d6b-9305"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 5427890
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dPLAWufZnXdJ76gAMxc7LerZObYND9JO6RToSICEWBkfRaw8bkSzXJYY9GJCVeA7hmj7agtvv9ZXXdwlhX4XeqgdFNWipyw2Zu6bQ5IT6jQnbCooPVJhShmasIyF9g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de41a7cdf9b521-OSL
X-Firefox-Spdy: h2
1win-cdn.com/img/home-poker-banner-bg.87d81897-600.webp
104.26.5.11200 OK 12 kB URL HTTP/2 1win-cdn.com/img/home-poker-banner-bg.87d81897-600.webp
IP 104.26.5.11:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash d42d6b091c917baad89cc62f34b1ef8d
6915e60ae50f4b00af5083ce1217a7dab04df42d
9ac95cc43cf590f1f9a5dd85b5b0bf04d98e38d3005b6e4b436f8c04d09a66e9
GET /img/home-poker-banner-bg.87d81897-600.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:29 GMT
content-type: image/webp
content-length: 11812
last-modified: Wed, 22 Feb 2023 10:11:58 GMT
etag: "63f5ea6e-2e24"
x-frame-options: DENY
cache-control: max-age=14400
cf-cache-status: HIT
age: 6778
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o52CVBxOAa9GCkjb%2BRz0kYVmo8YmbOi7aMDfDmquDU9S6a74lFwns89Kg8P2oYX1tCPh1CK84iYna7y%2FA7CR8UIip0Hp5wH59rPjjBs9M4YLRZ25ZrIjyxLBmtNp%2BA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de41a7ddfdb521-OSL
X-Firefox-Spdy: h2
1win-cdn.com/img/pwa_ios_en.f08ddb1e-690.png
104.26.5.11200 OK 39 kB URL HTTP/2 1win-cdn.com/img/pwa_ios_en.f08ddb1e-690.png
IP 104.26.5.11:0
File type PNG image data, 690 x 450, 8-bit colormap, non-interlaced\012- data
Hash 2b063a8e2fb87b84cbf377d7a7fd389e
5c12f02ca086902c7fd9a5bd5de9eabce82c22a1
aa8f787e4db589a38a5c5a56bdb03f69329bfedc64649454f9fd370b78820b49
GET /img/pwa_ios_en.f08ddb1e-690.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:29 GMT
content-type: image/png
content-length: 39066
last-modified: Thu, 22 Dec 2022 11:20:11 GMT
etag: "63a43d6b-989a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 5427889
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M3hfuzEbhOJdwSJOuPRuqcM9kqESylytcubBM5egGCWQzwM63NldNRMLcmZS7Y8pkMxQCpkHkYJdqHW41rkdjo9CjgcuY2TnCHD%2FnLwHAWi%2BkFawDcWjFagun%2F0lyA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de41a7de00b521-OSL
X-Firefox-Spdy: h2
1win-cdn.com/img/sprite-roulette@2.25507485-256.webp
104.26.5.11200 OK 720 kB URL HTTP/2 1win-cdn.com/img/sprite-roulette@2.25507485-256.webp
IP 104.26.5.11:0
File type RIFF (little-endian) data, Web/P image\012- data
Size 720 kB (719644 bytes)
Hash 344d71695bd0f387fedd84fba6ace2c1
1d37e2d66ab1098072febc0a0dc3769d44090048
7775854f4b641fa2c9f954c79de9d4bd51ffea8b9bc74d8e01768718cc438003
GET /img/sprite-roulette@2.25507485-256.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:29 GMT
content-type: image/webp
content-length: 719644
last-modified: Wed, 22 Feb 2023 10:11:58 GMT
etag: "63f5ea6e-afb1c"
x-frame-options: DENY
cache-control: max-age=14400
cf-cache-status: HIT
age: 6778
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B2IEgJWF4YnpfyJHrpNH96LsQF7L3Ju63LGPADyCOlur%2BbsLGkGl05h7sr8Wc%2BSXaEdI2xC056iDsmF4zNyuUV%2BW%2F4vrch9LNOlCJCYy4UUNghQZ9lPMoc8RM08mvQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de41a7cdefb521-OSL
X-Firefox-Spdy: h2
1win-cdn.com/img/sprite-dice@2.6e1ac0ed-256.webp
104.26.5.11200 OK 430 kB URL HTTP/2 1win-cdn.com/img/sprite-dice@2.6e1ac0ed-256.webp
IP 104.26.5.11:0
File type RIFF (little-endian) data, Web/P image\012- data
Size 430 kB (429680 bytes)
Hash abaa6833958bdc5427e6fa573cbfa70a
d43989916cc382e4e3d983933d9cd52a7d1dbeb2
51ba8ea694483e38020360731af53be7cd411671786008119b70b2a320e3bd92
GET /img/sprite-dice@2.6e1ac0ed-256.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:29 GMT
content-type: image/webp
content-length: 429680
last-modified: Wed, 22 Feb 2023 10:11:58 GMT
etag: "63f5ea6e-68e70"
x-frame-options: DENY
cache-control: max-age=14400
cf-cache-status: HIT
age: 6778
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PWD9YjsjHFzbQZfuwtAbLgfWi7OtJJQvgbw6fiHS8YRWlfQEPoIWZI7liwmD8VCJDSNnl7q9Hcku9Mnz7vmaFVPYqBHjg%2BmqVnHEbgRyvyCPjs6LsBLGr%2BGWtAz7BQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de41a7cdf4b521-OSL
X-Firefox-Spdy: h2
1win-cdn.com/img/sprite-poker@2.a38733e7-256.webp
104.26.5.11200 OK 361 kB URL HTTP/2 1win-cdn.com/img/sprite-poker@2.a38733e7-256.webp
IP 104.26.5.11:0
File type RIFF (little-endian) data, Web/P image\012- data
Size 361 kB (360930 bytes)
Hash 3da44652926631bc4fc847cfcbad6c71
a5f7955272162e543d5db897e200d00d3af22b22
354fe37cee669fe141e1e1dcb3b5a12df1ff2b9b34be38b4f2e20dd46fdb7d2a
GET /img/sprite-poker@2.a38733e7-256.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:29 GMT
content-type: image/webp
content-length: 360930
last-modified: Wed, 22 Feb 2023 10:11:58 GMT
etag: "63f5ea6e-581e2"
x-frame-options: DENY
cache-control: max-age=14400
cf-cache-status: HIT
age: 6778
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2rK%2FszHx7f4cSHI%2FpOUTXRXrHGp7ZWSso3RercnMHysoESORmyVIqUS1ydSO%2FfyeAeW2fPkhkzpsJd00WvqhqgWkZtzteFASDBqjPx2oT%2FnqRZx2BiYbneHMTWvZTA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de41a7cdf8b521-OSL
X-Firefox-Spdy: h2
imgproxy.1win-cdn.com/unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/banner-files/bonus-banner-cashback-casino.png@avif
104.26.5.11200 OK 7.9 kB URL HTTP/2 imgproxy.1win-cdn.com/unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/banner-files/bonus-banner-cashback-casino.png@avif
IP 104.26.5.11:0
File type ISO Media, AVIF Image\012- data
Hash f86f39dc44e8f92cc5658a394e833352
54093f2e69f448e122e771ec7c63d3cce35ffbdf
3fded209043aa6ec28cdff6321cff18c41238215a062dc02fab1af3915c637fe
GET /unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/banner-files/bonus-banner-cashback-casino.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:29 GMT
content-type: image/avif
content-length: 7940
cache-control: public, max-age=604800
content-disposition: inline; filename="bonus-banner-cashback-casino.avif"
etag: "afr-jhlkuoDx_XrwjiuFbkzj6HdVsjvDmAeQvV8BbYs/RIjYxYTRlY2U4LTYzNWI4Ig"
expires: Fri, 24 Feb 2023 20:03:56 GMT
x-request-id: qdjXGVU6ABNNu9DaVfOre
x-cache-status: HIT
cf-cache-status: HIT
age: 441603
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a6%2BNsvnGcXk41nF0eC7Go8Rs2i81UMwEWCiT8UaDViDEOVsPmrG4X5jZcy7VGdS5b2tdUPyr5YlRprngAV6Bfak4ShXruBa0zEDjF7iYBZaxu1QiOQ9LylYwhLapJgTv0Trbe9yXCw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de41a81e5ab521-OSL
X-Firefox-Spdy: h2
imgproxy.1win-cdn.com/unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/banner-files/bonus-banner-deposit.png@avif
104.26.5.11200 OK 4.3 kB URL HTTP/2 imgproxy.1win-cdn.com/unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/banner-files/bonus-banner-deposit.png@avif
IP 104.26.5.11:0
File type ISO Media, AVIF Image\012- data
Hash 22a160f55908549771f823852d5eaeea
267d86356fc72824681f08d9fd1207b77530c08d
bb19dc50ecc9dd60ce8760b73843ce465df86b78a76de6a924c813fc770a2f23
GET /unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/banner-files/bonus-banner-deposit.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:29 GMT
content-type: image/avif
content-length: 4323
cache-control: public, max-age=604800
content-disposition: inline; filename="bonus-banner-deposit.avif"
etag: "afr-jhlkuoDx_XrwjiuFbkzj6HdVsjvDmAeQvV8BbYs/RIjYxYTRlY2UwLTU0YWIyIg"
expires: Fri, 24 Feb 2023 20:03:56 GMT
x-request-id: k_UiPjjC7eUn-KF9U943Q
x-cache-status: HIT
cf-cache-status: HIT
age: 150434
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aiWWW%2Fo79gsP2HYcv1P9lZ%2F1g6Z%2FvnhtlZTzAezAOa26Ag9KMNV77NCmqzYzvTtwPNh3jsoDLJ%2BJBqFf%2FRN0J%2FZ1tUtMw4szK73AJM1c0piuTSK65%2BJWddESS8MbK71Z71VSJ2iqWg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de41a83e7eb521-OSL
X-Firefox-Spdy: h2
1win.direct/microservice/ask
134.122.54.186200 OK 2 B URL HTTP/2 1win.direct/microservice/ask
IP 134.122.54.186:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
OPTIONS /microservice/ask HTTP/1.1
Host: 1win.direct
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://1wrcnz.top/
Origin: https://1wrcnz.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://1wrcnz.top
access-control-expose-headers: Authorization
content-type: text/plain; charset=utf-8
date: Thu, 23 Feb 2023 07:30:29 GMT
etag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
set-cookie: core-sticky=ccfc3a7afaf3bea5; Path=/; HttpOnly
x-powered-by: Express
content-length: 2
X-Firefox-Spdy: h2
1win.direct/microservice/ask
134.122.54.186200 OK 2 B URL HTTP/2 1win.direct/microservice/ask
IP 134.122.54.186:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
OPTIONS /microservice/ask HTTP/1.1
Host: 1win.direct
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://1wrcnz.top/
Origin: https://1wrcnz.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://1wrcnz.top
access-control-expose-headers: Authorization
content-type: text/plain; charset=utf-8
date: Thu, 23 Feb 2023 07:30:29 GMT
etag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
set-cookie: core-sticky=34ef6545137c396b; Path=/; HttpOnly
x-powered-by: Express
content-length: 2
X-Firefox-Spdy: h2
1win.direct/microservice/ask
134.122.54.186200 OK 2 B URL HTTP/2 1win.direct/microservice/ask
IP 134.122.54.186:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
OPTIONS /microservice/ask HTTP/1.1
Host: 1win.direct
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://1wrcnz.top/
Origin: https://1wrcnz.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://1wrcnz.top
access-control-expose-headers: Authorization
content-type: text/plain; charset=utf-8
date: Thu, 23 Feb 2023 07:30:29 GMT
etag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
set-cookie: core-sticky=354749fb4b21f999; Path=/; HttpOnly
x-powered-by: Express
content-length: 2
X-Firefox-Spdy: h2
1win.direct/microservice/ask
134.122.54.186200 OK 2 B URL HTTP/2 1win.direct/microservice/ask
IP 134.122.54.186:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
OPTIONS /microservice/ask HTTP/1.1
Host: 1win.direct
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://1wrcnz.top/
Origin: https://1wrcnz.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://1wrcnz.top
access-control-expose-headers: Authorization
content-type: text/plain; charset=utf-8
date: Thu, 23 Feb 2023 07:30:29 GMT
etag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
set-cookie: core-sticky=7d82a5442138bb2; Path=/; HttpOnly
x-powered-by: Express
content-length: 2
X-Firefox-Spdy: h2
1win.direct/microservice/ask
134.122.54.186200 OK 2 B URL HTTP/2 1win.direct/microservice/ask
IP 134.122.54.186:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
OPTIONS /microservice/ask HTTP/1.1
Host: 1win.direct
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://1wrcnz.top/
Origin: https://1wrcnz.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://1wrcnz.top
access-control-expose-headers: Authorization
content-type: text/plain; charset=utf-8
date: Thu, 23 Feb 2023 07:30:29 GMT
etag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
set-cookie: core-sticky=8b4c1a5e1c326075; Path=/; HttpOnly
x-powered-by: Express
content-length: 2
X-Firefox-Spdy: h2
1win.direct/microservice/ask
134.122.54.186200 OK 2 B URL HTTP/2 1win.direct/microservice/ask
IP 134.122.54.186:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
OPTIONS /microservice/ask HTTP/1.1
Host: 1win.direct
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://1wrcnz.top/
Origin: https://1wrcnz.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://1wrcnz.top
access-control-expose-headers: Authorization
content-type: text/plain; charset=utf-8
date: Thu, 23 Feb 2023 07:30:29 GMT
etag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
set-cookie: core-sticky=f5992271f47acd88; Path=/; HttpOnly
x-powered-by: Express
content-length: 2
X-Firefox-Spdy: h2
1win.direct/microservice/ask
134.122.54.186200 OK 2 B URL HTTP/2 1win.direct/microservice/ask
IP 134.122.54.186:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
OPTIONS /microservice/ask HTTP/1.1
Host: 1win.direct
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://1wrcnz.top/
Origin: https://1wrcnz.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://1wrcnz.top
access-control-expose-headers: Authorization
content-type: text/plain; charset=utf-8
date: Thu, 23 Feb 2023 07:30:29 GMT
etag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
set-cookie: core-sticky=dd3a264ee44979d7; Path=/; HttpOnly
x-powered-by: Express
content-length: 2
X-Firefox-Spdy: h2
1win.direct/microservice/ask
134.122.54.186200 OK 2 B URL HTTP/2 1win.direct/microservice/ask
IP 134.122.54.186:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
OPTIONS /microservice/ask HTTP/1.1
Host: 1win.direct
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://1wrcnz.top/
Origin: https://1wrcnz.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://1wrcnz.top
access-control-expose-headers: Authorization
content-type: text/plain; charset=utf-8
date: Thu, 23 Feb 2023 07:30:29 GMT
etag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
set-cookie: core-sticky=8dc2a9b990732965; Path=/; HttpOnly
x-powered-by: Express
content-length: 2
X-Firefox-Spdy: h2
1win.direct/microservice/ask
134.122.54.186200 OK 2.7 kB URL HTTP/2 1win.direct/microservice/ask
IP 134.122.54.186:0
ASN #14061 DIGITALOCEAN-ASN
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (43897), with no line terminators
Hash 2f0d65832b38510812c17e643451d78e
5ca72f36ae8f1c28aaa52ec83e138a063c56c33d
a36a74165ce3cea1fa85f48e7cb83c5a058f53f4b820e478e2b478596e3a4c99
POST /microservice/ask HTTP/1.1
Host: 1win.direct
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 71
Origin: https://1wrcnz.top
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://1wrcnz.top
access-control-expose-headers: Authorization
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Thu, 23 Feb 2023 07:30:29 GMT
etag: W/"a91-XKcvNq6PHCiqpS7IPhOKBjxWwz0"
set-cookie: core-sticky=c44be665c5d4d5a8; Path=/; HttpOnly
x-powered-by: Express
content-length: 2705
X-Firefox-Spdy: h2
1win.direct/microservice/ask
134.122.54.186200 OK 3.4 kB URL HTTP/2 1win.direct/microservice/ask
IP 134.122.54.186:0
ASN #14061 DIGITALOCEAN-ASN
File type JSON data\012- , ASCII text, with very long lines (17749), with no line terminators
Hash b1da0f55def6bae6eca720e54c5b8a1d
206692db7f4b3e76399da513e790f6fa7b18633b
2fbed773e4d7a4e04c956ed38b8f2f667b452cb4b6add9df05e91463314c5af5
POST /microservice/ask HTTP/1.1
Host: 1win.direct
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 88
Origin: https://1wrcnz.top
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://1wrcnz.top
access-control-expose-headers: Authorization
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Thu, 23 Feb 2023 07:30:29 GMT
etag: W/"d22-IGaS239LPnY5naUT55D2+nsYYzs"
set-cookie: core-sticky=1eeac66bc30bb187; Path=/; HttpOnly
x-powered-by: Express
content-length: 3362
X-Firefox-Spdy: h2
1win.direct/microservice/ask
134.122.54.186200 OK 2.7 kB URL HTTP/2 1win.direct/microservice/ask
IP 134.122.54.186:0
ASN #14061 DIGITALOCEAN-ASN
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (43897), with no line terminators
Hash 2f0d65832b38510812c17e643451d78e
5ca72f36ae8f1c28aaa52ec83e138a063c56c33d
a36a74165ce3cea1fa85f48e7cb83c5a058f53f4b820e478e2b478596e3a4c99
POST /microservice/ask HTTP/1.1
Host: 1win.direct
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 71
Origin: https://1wrcnz.top
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://1wrcnz.top
access-control-expose-headers: Authorization
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Thu, 23 Feb 2023 07:30:29 GMT
etag: W/"a91-XKcvNq6PHCiqpS7IPhOKBjxWwz0"
set-cookie: core-sticky=9a930a5d21d7f8a7; Path=/; HttpOnly
x-powered-by: Express
content-length: 2705
X-Firefox-Spdy: h2
1win.direct/microservice/ask
134.122.54.186200 OK 3.4 kB URL HTTP/2 1win.direct/microservice/ask
IP 134.122.54.186:0
ASN #14061 DIGITALOCEAN-ASN
File type JSON data\012- , ASCII text, with very long lines (17749), with no line terminators
Hash b1da0f55def6bae6eca720e54c5b8a1d
206692db7f4b3e76399da513e790f6fa7b18633b
2fbed773e4d7a4e04c956ed38b8f2f667b452cb4b6add9df05e91463314c5af5
POST /microservice/ask HTTP/1.1
Host: 1win.direct
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 101
Origin: https://1wrcnz.top
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://1wrcnz.top
access-control-expose-headers: Authorization
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Thu, 23 Feb 2023 07:30:29 GMT
etag: W/"d22-IGaS239LPnY5naUT55D2+nsYYzs"
set-cookie: core-sticky=a4d32a3c17245593; Path=/; HttpOnly
x-powered-by: Express
content-length: 3362
X-Firefox-Spdy: h2
1win.direct/microservice/ask
134.122.54.186200 OK 50 kB URL HTTP/2 1win.direct/microservice/ask
IP 134.122.54.186:0
ASN #14061 DIGITALOCEAN-ASN
File type JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Hash 47d16dd88693ec6c4125c739a947590f
def4715cdaa272050e43a50f1a7b211037b19049
659d4dc350a12fcd1379d308769e3ee5b4d2df77be300b47cc7b5abd5e91c8a5
POST /microservice/ask HTTP/1.1
Host: 1win.direct
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 80
Origin: https://1wrcnz.top
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://1wrcnz.top
access-control-expose-headers: Authorization
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Thu, 23 Feb 2023 07:30:29 GMT
etag: W/"c511-3vRxXNqicgUOQ6UPGnshEDexkEk"
set-cookie: core-sticky=9baefe6ecc4dc6c5; Path=/; HttpOnly
x-powered-by: Express
content-length: 50449
X-Firefox-Spdy: h2
1win-cdn.com/js/icons-pack-social.11d06b0b.js
104.26.5.11200 OK 45 kB URL HTTP/2 1win-cdn.com/js/icons-pack-social.11d06b0b.js
IP 104.26.5.11:0
File type ASCII text, with very long lines (20091), with no line terminators
Hash 6554385ae7c27cd06be96966eb40f44e
df0890e3c3a94a988251735cab5c00dff98b393f
ae236837a919689e95d1f3e7ec9e46e8d588eee7ffe127a0cb92e8e0deb6f3de
GET /js/icons-pack-social.11d06b0b.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:29 GMT
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-bgj: minify
cf-polished: origSize=20146
access-control-allow-origin: *
etag: W/"63f343d8-4eb2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Mon, 20 Feb 2023 09:56:40 GMT
cf-cache-status: HIT
age: 250321
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4NY%2Fg8SOvoq1knevz7Olp%2BqYxP1XCqoEY%2Bq2KvJR1%2FIWNq0cnghIWxwwespd0RRGgJQUGHWADUUOuAtO%2FdRTouiVSSYOo5AE2TJQOEEMw3%2BSzIvVvuX6SDbl5v%2Fuvw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de41a8cf29b521-OSL
content-encoding: br
X-Firefox-Spdy: h2
1win-cdn.com/fonts/SFNSDisplay.2b5dc965.woff2
104.26.5.11200 OK 295 kB URL HTTP/2 1win-cdn.com/fonts/SFNSDisplay.2b5dc965.woff2
IP 104.26.5.11:0
File type Web Open Font Format (Version 2), TrueType, length 295048, version 1.0\012- data
Size 295 kB (295048 bytes)
Hash a54910c24518869ec095d604c76adb74
cd8ed32dd18b7f672bf502847242b0a9eee4c2c8
efdc0e9caf5e1b3f650e8ecd022ecd000bb070e1b0cf359eeb228603c325384b
GET /fonts/SFNSDisplay.2b5dc965.woff2 HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wrcnz.top
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Referer: https://1win-cdn.com/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:29 GMT
content-type: application/octet-stream
content-length: 295048
last-modified: Wed, 22 Feb 2023 10:11:58 GMT
etag: "63f5ea6e-48088"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ujlp8GzmBO5dupx6kf0KoDquqpRcMxZ%2FJB0B%2FEK1ylKGFVSEq8jFLyWmyKpFsEQIxOO2RDZWNqZkg6FwwyjpPKctyT7lx5v8QrwRyn%2Fn%2FWA4Sd%2BuVydT8cPYE3NJzA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de41a7cb4ab500-OSL
X-Firefox-Spdy: h2
1win.direct/microservice/ask
134.122.54.186200 OK 39 kB URL HTTP/2 1win.direct/microservice/ask
IP 134.122.54.186:0
ASN #14061 DIGITALOCEAN-ASN
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (65534), with no line terminators
Hash 2e5fcd1f0e4e683c4fe0589b1ba4e559
2daaaf2a2205268b4d386b4d764cbafa5efa0127
c99ec2ba9e1903f17c880145614e69c70648db2ab71d91e9562826a7e982e70a
POST /microservice/ask HTTP/1.1
Host: 1win.direct
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 85
Origin: https://1wrcnz.top
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://1wrcnz.top
access-control-expose-headers: Authorization
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Thu, 23 Feb 2023 07:30:29 GMT
etag: W/"9727-LaqvKiIFJotNOGtNdky6+l76ASc"
set-cookie: core-sticky=e92dc62ddb0844c3; Path=/; HttpOnly
x-powered-by: Express
content-length: 38695
X-Firefox-Spdy: h2
1win.direct/microservice/ask
134.122.54.186200 OK 50 kB URL HTTP/2 1win.direct/microservice/ask
IP 134.122.54.186:0
ASN #14061 DIGITALOCEAN-ASN
File type JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Hash 47d16dd88693ec6c4125c739a947590f
def4715cdaa272050e43a50f1a7b211037b19049
659d4dc350a12fcd1379d308769e3ee5b4d2df77be300b47cc7b5abd5e91c8a5
POST /microservice/ask HTTP/1.1
Host: 1win.direct
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 67
Origin: https://1wrcnz.top
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://1wrcnz.top
access-control-expose-headers: Authorization
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Thu, 23 Feb 2023 07:30:30 GMT
etag: W/"c511-3vRxXNqicgUOQ6UPGnshEDexkEk"
set-cookie: core-sticky=896172513760bb74; Path=/; HttpOnly
x-powered-by: Express
content-length: 50449
X-Firefox-Spdy: h2
api.amplitude.com/
35.83.236.67200 OK 7 B IP 35.83.236.67:0
File type ASCII text, with no line terminators
Hash 260ca9dd8a4577fc00b7bd5810298076
53a5687cb26dc41f2ab4033e97e13adefd3740d6
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
POST / HTTP/1.1
Host: api.amplitude.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 2065
Cross-Origin-Resource-Policy: cross-origin
Origin: https://1wrcnz.top
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:30 GMT
content-type: text/html;charset=utf-8
content-length: 7
access-control-allow-origin: *
access-control-allow-methods: GET, POST
trace-id: Root=1-63f71616-4a189cc40ca73dd815b7c75e
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
1win-cdn.com/common/banners/all-v2?lang=en&type=desktop&bannersType=main
104.26.5.11200 OK 2.1 kB URL HTTP/2 1win-cdn.com/common/banners/all-v2?lang=en&type=desktop&bannersType=main
IP 104.26.5.11:0
File type JSON data\012- , ASCII text, with very long lines (3937), with no line terminators
Hash 8282773b0ed9451cee6932d923bb5139
62877199fabd763c080a5d3607aa24ddc6297b21
a8841b9b87ca59f6c1cc5846e5ac3e800d0847a24975b96a22e9d89a3d3a6d22
GET /common/banners/all-v2?lang=en&type=desktop&bannersType=main HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wrcnz.top
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:29 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://1wrcnz.top
vary: Origin
x-frame-options: DENY
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LbW0R0MNvqPsu4Wn4AsfTeIHXSDiUEJCyZwsRDdkqbeEB4hnjwJX34T%2B8KQAdc3%2F7ppzhZGYFbtE0Q0Uf3Y78w4ee%2F6AWx3bczKaEAbmZYpgB38hpvK05T9sch1rNA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79de41a7cb59b500-OSL
content-encoding: br
X-Firefox-Spdy: h2
ps250.1win-service.com/push-server-v2/?Language=en&snapshot_time=1677137436651&shouldCompress=true&EIO=3&transport=websocket
172.67.209.1101 Switching Protocols 0 B URL HTTP/1.1 ps250.1win-service.com/push-server-v2/?Language=en&snapshot_time=1677137436651&shouldCompress=true&EIO=3&transport=websocket
IP 172.67.209.1:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /push-server-v2/?Language=en&snapshot_time=1677137436651&shouldCompress=true&EIO=3&transport=websocket HTTP/1.1
Host: ps250.1win-service.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://1wrcnz.top
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Wqj5TB9md3b2bc4qySmJbA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Date: Thu, 23 Feb 2023 07:30:32 GMT
Connection: upgrade
upgrade: websocket
sec-websocket-accept: 2y6f6SZ9tqISFY0g+clCgwVJ6+c=
sec-websocket-extensions: permessage-deflate
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pSKnLtBc%2BjFny5KVif0Gn%2B9HWU23LX07kZw7yISV8Sv8UhVL1%2Bl%2FWS79DTrZnHb2DpDHeOWJbpFZi3qiXqsLymnUQiX9xXQxdUrT1xWKK9RUrR8Bx%2FtNOwvjbR9Id%2FI4Z0UnIkbhCsHE"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 79de41b90f81b4f4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
ocsp.pki.goog/s/gts1p5/bD9xEdP9SoU
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/bD9xEdP9SoU
IP 142.250.74.131:0
Hash 2ab72ca8d633e7df4aa232f626282e38
509af593368ed576ed0af971b3ca177aad965b92
6f5b4e6f868d40ae901ea61d7691bcbcd691fbbce6ffa10866bcb275cb8c9245
POST /s/gts1p5/bD9xEdP9SoU HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 23 Feb 2023 07:30:32 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
1win-cdn.com/img/fire.47bc0337.svg
104.26.5.11200 OK 0 B URL HTTP/2 1win-cdn.com/img/fire.47bc0337.svg
IP 104.26.5.11:0
GET /img/fire.47bc0337.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:29 GMT
content-type: image/svg+xml
last-modified: Thu, 22 Dec 2022 09:58:43 GMT
etag: W/"63a42a53-244"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 5432219
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=afFBOW8r6mgEm2E3at88bqXZ5nosCPdoJ%2B5IWR6u0Z7rfd%2FxpsFxSF3Q26Dtqbo15J7z2v8exMqRne3h22GSxC7XZH9NHi1kb6YTHCnSpFkZnuIBln4COAOsHs5XYQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de41a7add2b521-OSL
content-encoding: br
X-Firefox-Spdy: h2
1win-cdn.com/js/1705.d306728f.js
104.26.5.11200 OK 0 B URL HTTP/2 1win-cdn.com/js/1705.d306728f.js
IP 104.26.5.11:0
GET /js/1705.d306728f.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1wrcnz.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:27 GMT
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-bgj: minify
cf-polished: origSize=29313
access-control-allow-origin: *
etag: W/"63f343d8-7281"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Mon, 20 Feb 2023 09:56:40 GMT
cf-cache-status: HIT
age: 250337
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=snkjcD6EhWnBrb5G9Wk9XJKy4mTSoSUTx8BBib4kp3AeSdGzR82M9Ge2i609h4OkNnFObFQFZMsPcyQmjCFr1u9%2FWWIR4iZud7oUovX2ERFkKKTh77WQ9i0sayEiDQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de4198ed3db521-OSL
content-encoding: br
X-Firefox-Spdy: h2
1win-cdn.com/js/icons-pack-sports-promotion.9bb32256.js
104.26.5.11200 OK 0 B URL HTTP/2 1win-cdn.com/js/icons-pack-sports-promotion.9bb32256.js
IP 104.26.5.11:0
GET /js/icons-pack-sports-promotion.9bb32256.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:29 GMT
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-bgj: minify
cf-polished: origSize=19260
access-control-allow-origin: *
etag: W/"63f343d8-4b3c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Mon, 20 Feb 2023 09:56:40 GMT
cf-cache-status: HIT
age: 250331
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aED7VKUfD7IEdKMIjZyENmKq65%2FipE1PndgCE5KL%2F0BCWXMkvqKBW532mcsgbEBdzxiLLBuMDNrtQrBGyGMU5n6i2Pk3ffEsq0mv6yn3inLVlH%2Fdw5JyS2lK0qJ07w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de41a7add4b521-OSL
content-encoding: br
X-Firefox-Spdy: h2
1win-cdn.com/common/banners/all-v2?lang=en&type=desktop&bannersType=main&localeId=1
104.26.5.11200 OK 0 B URL HTTP/2 1win-cdn.com/common/banners/all-v2?lang=en&type=desktop&bannersType=main&localeId=1
IP 104.26.5.11:0
GET /common/banners/all-v2?lang=en&type=desktop&bannersType=main&localeId=1 HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wrcnz.top
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:30 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://1wrcnz.top
vary: Origin
x-frame-options: DENY
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n7d120%2FPcsB8J%2FDFlx5O%2B1pd6445K29VvWlD7pdiQXU0xSXhqz3kB3kkyy4wOExiYjhuoz2O8tReM%2FgEl9y%2BW1wLx9IShgn9Jasx9DGETsr%2BjKk9qj6IjpkVsDZM7A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79de41a8cca4b500-OSL
content-encoding: br
X-Firefox-Spdy: h2
1win-cdn.com/js/desktop.aa1ef28f.js
104.26.5.11200 OK 0 B URL HTTP/2 1win-cdn.com/js/desktop.aa1ef28f.js
IP 104.26.5.11:0
GET /js/desktop.aa1ef28f.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1wrcnz.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:26 GMT
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-bgj: minify
cf-polished: origSize=120067
access-control-allow-origin: *
etag: W/"63f5d9e5-1d503"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Wed, 22 Feb 2023 09:01:25 GMT
cf-cache-status: HIT
age: 80602
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OtUpancxWEdi7H4CKXzf123VGGN13nPhFYoWPzVnVtLJZu6EoyQ9%2By7qZl%2Fxw62jyAXH1MzWb%2Bwct93yAIolvpEEhcyfXY4euL4f8unXIBz7mc1fnK29Ubr0ws%2FkDg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de4195e969b521-OSL
content-encoding: br
X-Firefox-Spdy: h2
1win-cdn.com/js/chunk-vendors.e69609d4.js
104.26.5.11200 OK 0 B URL HTTP/2 1win-cdn.com/js/chunk-vendors.e69609d4.js
IP 104.26.5.11:0
GET /js/chunk-vendors.e69609d4.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wrcnz.top
Connection: keep-alive
Referer: https://1wrcnz.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:27 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 22 Feb 2023 10:11:57 GMT
etag: W/"63f5ea6d-6851e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HrMWJ9DVHVNJ62tCeVyrmb1fwJDb%2FUJioDBBzGmL4aqCMeOn2ui5zRRGvBsd66pSDh4Hw4YqIspO3KQ0Vbc4zw7slZWINMRvmvYlGKPOMTwgZkjF%2BygKkDZ3J36Zqw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de4195cd1db500-OSL
content-encoding: br
X-Firefox-Spdy: h2
1win-cdn.com/img/flags/en.svg
104.26.5.11200 OK 0 B URL HTTP/2 1win-cdn.com/img/flags/en.svg
IP 104.26.5.11:0
GET /img/flags/en.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:29 GMT
content-type: image/svg+xml
last-modified: Mon, 23 Jan 2023 10:56:34 GMT
etag: W/"63ce67e2-8ae"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 2665019
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EXUv7uyZZHixULwmItkwlef3XJjEsjXO6oXBTSCyybnto%2FRvTc15le8Jz%2FKjA6%2BE781g5HzBGFDymNO3PxMGGJnmeqVV9Xu3fr19Aa%2F4T%2BpKd%2BRXUhDykx10MezmLg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de41a7adcbb521-OSL
content-encoding: br
X-Firefox-Spdy: h2
1wrcnz.top/sw.db344b25.js
190.115.24.78200 OK 0 B URL HTTP/2 1wrcnz.top/sw.db344b25.js
IP 190.115.24.78:0
ASN #262254 DDOS-GUARD CORP.
GET /sw.db344b25.js HTTP/1.1
Host: 1wrcnz.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: openresty/1.19.9.1
date: Thu, 23 Feb 2023 07:31:13 GMT
content-type: application/javascript
last-modified: Wed, 22 Feb 2023 10:12:40 GMT
etag: W/"63f5ea98-18bf"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: DENY
content-encoding: gzip
X-Firefox-Spdy: h2
1win-cdn.com/js/9670.f36427a1.js
104.26.5.11200 OK 0 B URL HTTP/2 1win-cdn.com/js/9670.f36427a1.js
IP 104.26.5.11:0
GET /js/9670.f36427a1.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1wrcnz.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:27 GMT
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-bgj: minify
cf-polished: origSize=612256
access-control-allow-origin: *
etag: W/"63f5ea6d-957a0"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Wed, 22 Feb 2023 10:11:57 GMT
cf-cache-status: HIT
age: 76372
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CcHhS4bATGZtLAUgqnpoc2vGrBdUyLCRg2lKDIGv1pyeN0v9YwzCGQ3jfiqeYTpj3di%2BwlxHQYebkrTiElqiOTpLrz03EOSUHg4SBMYlPdq%2FrxEE2mGtiTomSg03EQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de4198ed41b521-OSL
content-encoding: br
X-Firefox-Spdy: h2
api.lab.amplitude.com/sdk/vardata
151.101.194.132200 OK 0 B URL HTTP/2 api.lab.amplitude.com/sdk/vardata
IP 151.101.194.132:0
OPTIONS /sdk/vardata HTTP/1.1
Host: api.lab.amplitude.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization,x-amp-exp-user
Referer: https://1wrcnz.top/
Origin: https://1wrcnz.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://1wrcnz.top
access-control-allow-credentials: true
access-control-max-age: 1800
access-control-allow-methods: GET,POST,HEAD
access-control-allow-headers: authorization,x-amp-exp-user
x-amzn-trace-id: Root=1-63f71613-665fffac49e0eb300572e62f
x-content-type-options: nosniff
accept-ranges: bytes
date: Thu, 23 Feb 2023 07:30:28 GMT
x-served-by: cache-bma1648-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1677137428.892014,VS0,VE171
vary: Origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
1win-cdn.com/css/3998.93747433.css
104.26.5.11200 OK 0 B URL HTTP/2 1win-cdn.com/css/3998.93747433.css
IP 104.26.5.11:0
GET /css/3998.93747433.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:28 GMT
content-type: text/css
cache-control: max-age=315360000
cf-bgj: minify
cf-polished: origSize=68681
access-control-allow-origin: *
etag: W/"63eb7496-10c49"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Tue, 14 Feb 2023 11:46:30 GMT
cf-cache-status: HIT
age: 760154
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JZId4YwN0k2rP7Rghb0bgfFrZKun6LfBNiC2EgGQkBgSGYWQebhroWocpEgHAYTnHGnORjRv63R%2BY6hiPwHc26iFP12GArnOhEUJ4lj%2BqsXiPe2g65fjqsoaARm1CQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de41a28fd9b521-OSL
content-encoding: br
X-Firefox-Spdy: h2
1win-cdn.com/js/836.63a0cc43.js
104.26.5.11200 OK 0 B URL HTTP/2 1win-cdn.com/js/836.63a0cc43.js
IP 104.26.5.11:0
GET /js/836.63a0cc43.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:28 GMT
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-bgj: minify
cf-polished: origSize=22631
access-control-allow-origin: *
etag: W/"63f5d9e5-5867"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Wed, 22 Feb 2023 09:01:25 GMT
cf-cache-status: HIT
age: 80600
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7R2ph2soh5mqUX9xqypXb%2F%2FP%2FN4cX7Gfcoh%2BCW0dXInJvzlTaJa69azmVEOmucCtQHcRn9qr3xWdtwK7W8PFv6oOrTYq2rS3Jwc3%2Bfo7x7eNC8cD4J1OnXURWLwOpg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de41a28fe1b521-OSL
content-encoding: br
X-Firefox-Spdy: h2
1win-cdn.com/img/aviator-game-logo.2fb50dc0.svg
104.26.5.11200 OK 0 B URL HTTP/2 1win-cdn.com/img/aviator-game-logo.2fb50dc0.svg
IP 104.26.5.11:0
GET /img/aviator-game-logo.2fb50dc0.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:29 GMT
content-type: image/svg+xml
last-modified: Thu, 22 Dec 2022 09:58:43 GMT
etag: W/"63a42a53-bfa"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 5434117
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7nGqK7BFFJm%2BaKGZQ64QVZ2T4N4LyNSd4HiF7%2BH3lFiPs2uzXrxs9vPzcQSUho1weqUbI6Uz5EpRYPqtrJYAcKko3FBMWNu6xALouXS2sKVXYyvsv2bDLh9sAyNLUg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de41a7adcdb521-OSL
content-encoding: br
X-Firefox-Spdy: h2
1win-cdn.com/js/icons-pack-payment-full.6272cc58.js
104.26.5.11200 OK 0 B URL HTTP/2 1win-cdn.com/js/icons-pack-payment-full.6272cc58.js
IP 104.26.5.11:0
GET /js/icons-pack-payment-full.6272cc58.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:29 GMT
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-bgj: minify
cf-polished: origSize=112398
access-control-allow-origin: *
etag: W/"63f343d9-1b70e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Mon, 20 Feb 2023 09:56:41 GMT
cf-cache-status: HIT
age: 250331
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YZvTLXNQoS0HS1AKh7nq3F44NT4P4ou1rlretbYbJxXRadImZlv4kD%2FkMURfWbYG2HyH7qAOhzLuq4QmK1uygW1JeWNz6AiiF5NcFM8Pz8MetL2kCWqwQ9TfxZtjvQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de41a7bdd6b521-OSL
content-encoding: br
X-Firefox-Spdy: h2
1wrcnz.top/
190.115.24.78200 OK 0 B IP 190.115.24.78:0
ASN #262254 DDOS-GUARD CORP.
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.top domain
GET / HTTP/1.1
Host: 1wrcnz.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: openresty/1.19.9.1
date: Thu, 23 Feb 2023 07:31:12 GMT
content-type: text/html; charset=utf-8
x-frame-options: DENY
content-encoding: gzip
X-Firefox-Spdy: h2
1win-cdn.com/js/chunk-common.4ca56327.js
104.26.5.11200 OK 0 B URL HTTP/2 1win-cdn.com/js/chunk-common.4ca56327.js
IP 104.26.5.11:0
GET /js/chunk-common.4ca56327.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wrcnz.top
Connection: keep-alive
Referer: https://1wrcnz.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:27 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 22 Feb 2023 10:11:57 GMT
etag: W/"63f5ea6d-41ab"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WCzxOfSHzse%2B7nazmbwLyesrSWeTgj%2BCkLzglb7vhDihqs6%2Bap2krIlO9qrsFrGK13ASDFpbLnLA%2BJrpBUl2UyvGDniFLLItHr9QKUbFbpBg4vk16ZKm8vxr41V9kg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de4195cd1ab500-OSL
content-encoding: br
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/normandy-recipes-capabilities/changeset?_expected=1677012027435&_since=%221666483264567%22
35.241.9.150200 OK 0 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/normandy-recipes-capabilities/changeset?_expected=1677012027435&_since=%221666483264567%22
IP 35.241.9.150:0
GET /v1/buckets/main/collections/normandy-recipes-capabilities/changeset?_expected=1677012027435&_since=%221666483264567%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Alert, Content-Length, Backoff, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 59855
via: 1.1 google
date: Thu, 23 Feb 2023 06:38:22 GMT
age: 3126
last-modified: Tue, 21 Feb 2023 20:40:27 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
1win-cdn.com/js/1883.ce7803cd.js
104.26.5.11200 OK 0 B URL HTTP/2 1win-cdn.com/js/1883.ce7803cd.js
IP 104.26.5.11:0
GET /js/1883.ce7803cd.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:28 GMT
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-bgj: minify
cf-polished: origSize=13732
access-control-allow-origin: *
etag: W/"63f343d9-35a4"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Mon, 20 Feb 2023 09:56:41 GMT
cf-cache-status: HIT
age: 250334
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FF%2FiUBCySqtt1vUuqanKY%2B94kQkM9dnP8B8kgOsylRVSgKplqDPcNINDLnV8b%2BKkX9bp%2Fn2lSHfp71onrrmWqMY6p%2Foxl53%2BVTWyVQF2Fs9Twta1moxdAsLynWtp0Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de41a28fd7b521-OSL
content-encoding: br
X-Firefox-Spdy: h2
1win-cdn.com/css/8629.f10717d0.css
104.26.5.11200 OK 0 B URL HTTP/2 1win-cdn.com/css/8629.f10717d0.css
IP 104.26.5.11:0
GET /css/8629.f10717d0.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:28 GMT
content-type: text/css
cache-control: max-age=315360000
cf-bgj: minify
access-control-allow-origin: *
etag: W/"63eb7496-2bb4"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Tue, 14 Feb 2023 11:46:30 GMT
cf-cache-status: HIT
age: 760154
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N%2BlNtZ5Ii5Gpn2yRkZFRPEa%2B4NtK60ameOLI8m%2FALTZF49fxA1trKii0yRbOcQrKYHDbL1i00QRUK8A2rtwMLSjCK5ez1k1SOAP3t0woVH8dOr0jed34D4iG9mUWyA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de41a28fe6b521-OSL
content-encoding: br
X-Firefox-Spdy: h2
static.hotjar.com/c/hotjar-2606090.js?sv=6
54.230.111.66200 OK 0 B URL HTTP/2 static.hotjar.com/c/hotjar-2606090.js?sv=6
IP 54.230.111.66:0
GET /c/hotjar-2606090.js?sv=6 HTTP/1.1
Host: static.hotjar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1wrcnz.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
content-encoding: br
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=2592000; includeSubDomains
x-cache-hit: 1
x-content-type-options: nosniff
date: Thu, 23 Feb 2023 07:29:52 GMT
cache-control: max-age=60
etag: W/853b8e050a3948a6422c02bd57be067c
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: -r1rs8-6Biv22-ohPgVuHerNIdWFSGf2WLglPe_sL3aTMZ0yl3IQDA==
age: 36
X-Firefox-Spdy: h2
1win-cdn.com/js/icons-pack-home.e8bf03cf.js
104.26.5.11200 OK 0 B URL HTTP/2 1win-cdn.com/js/icons-pack-home.e8bf03cf.js
IP 104.26.5.11:0
GET /js/icons-pack-home.e8bf03cf.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:29 GMT
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-bgj: minify
cf-polished: origSize=80069
access-control-allow-origin: *
etag: W/"63f343d8-138c5"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Mon, 20 Feb 2023 09:56:40 GMT
cf-cache-status: HIT
age: 250331
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s26P1PKrZnOv5VgOh7RLVfXpDv%2FuaSbZFco4HgnvyfQ6ZqqeBOECdbMqoWucev68conibNGWnaGJ%2FBslmPdZs8HF%2FhI8MJgk94F%2BwMvlKVG499%2ByRXgpt8KmFWt4DQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de41a7adceb521-OSL
content-encoding: br
X-Firefox-Spdy: h2