firefox.settings.services.mozilla.com/v1/
143.204.55.27200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Alert, Backoff, Retry-After, Content-Length
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 28 Sep 2022 02:15:37 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 a2b4f68a89fc87406bff22c95fc07fba.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: -KfT7isSXz6y0KWDbS5hwup_vgJgc8SCFjBRfQHPCBoGh1GAADVG2Q==
Age: 2327
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7fb7c70f7f4e2cee27eb0e7d875931f7
98fca3817a551b1daecebae103a48e718b8b5a53
2a40f957a6b1734aa3f87cff51b673f0536732db15b09033dd604879692df349
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A40F957A6B1734AA3F87CFF51B673F0536732DB15B09033DD604879692DF349"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4181
Expires: Wed, 28 Sep 2022 04:04:06 GMT
Date: Wed, 28 Sep 2022 02:54:25 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
143.204.55.25200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 143.204.55.25:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Tue, 27 Sep 2022 09:24:14 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 6a757ab2991da716151f94ca00b38098.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 8pijoclhiwMv_bhK9gpKbaOVz1j7IvcmymmPpSy-G1-qYzCLo4cqKA==
age: 63012
X-Firefox-Spdy: h2
bcbsde.com/
185.53.179.170200 OK 2.4 kB IP 185.53.179.170:0
ASN #61969 Team Internet AG
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2170)
Hash 5359297667be3feaf52289182c27733c
d927eeda6ca085efd0c067dc0c71f521efeed0c3
4a5d15dd8957ee590c5e813c3dfd884fed883ade1c3aa159c4e56cd8b252ac64
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: bcbsde.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 28 Sep 2022 02:54:25 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Redirect: zeropark_zeroclick
X-Template: tpl_CleanPeppermintBlack_twoclick
X-Language: norwegian
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Content-Encoding: gzip
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 02:54:25 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
d38psrni17bvxu.cloudfront.net/scripts/js3.js
54.230.245.22200 OK 1.1 kB URL HTTP/1.1 d38psrni17bvxu.cloudfront.net/scripts/js3.js
IP 54.230.245.22:0
File type ASCII text, with very long lines (506)
Hash 64b79b43df8fbf2c5d082964b9116a68
dc3c763519baf0f4c32bb60bfc429651a491ea01
c57e9feec209e3ea5eb1d75a1ba6fa277242a3df250055be8446052b51e58637
GET /scripts/js3.js HTTP/1.1
Host: d38psrni17bvxu.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bcbsde.com/
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 1134
Connection: keep-alive
Server: nginx
Date: Tue, 27 Sep 2022 09:14:30 GMT
Last-Modified: Tue, 17 Aug 2021 09:17:22 GMT
Accept-Ranges: bytes
ETag: "611b7ea2-46e"
X-Cache: Hit from cloudfront
Via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: B72A6y0KFOkiXMx1Oc4Z2yXpn1G0ArjTQdAhalEw2Few5bDs5LUBqA==
Age: 63595
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.27200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Wed, 28 Sep 2022 02:10:46 GMT
Expires: Wed, 28 Sep 2022 02:12:27 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 80d21802b1b80c40e55ccf83433b8eac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: GDWnvT3lhjgmuvr2ctNt2PNZT8cG2fxoe1oXMZC_aDITWN3VPP4k1g==
Age: 2619
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash c18823050f86339eaa73ddb1bf80d64c
ac4ee81f59f706cee8a74458d498bbc20d8d351a
9a505647517bd02d8ff994fd4ad98dc2f4b519916145b0c327691420c1084c46
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5652
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 02:54:25 GMT
Last-Modified: Wed, 28 Sep 2022 01:20:13 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471
bcbsde.com/track.php?domain=bcbsde.com&toggle=browserjs&uid=MTY2NDMzMzY2NC44NTQyOjU0ODc3OTdhNDcxODE5NjdhMzczOWRhNDY2YzhmZmMwOTUzZGU0NDE3Y2Q5YTMwZDI2ZDNhZDhlMGIzNWNiYTE6NjMzM2I3NjBkMDg5OA%3D%3D
185.53.179.170200 OK 20 B URL HTTP/1.1 bcbsde.com/track.php?domain=bcbsde.com&toggle=browserjs&uid=MTY2NDMzMzY2NC44NTQyOjU0ODc3OTdhNDcxODE5NjdhMzczOWRhNDY2YzhmZmMwOTUzZGU0NDE3Y2Q5YTMwZDI2ZDNhZDhlMGIzNWNiYTE6NjMzM2I3NjBkMDg5OA%3D%3D
IP 185.53.179.170:0
ASN #61969 Team Internet AG
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /track.php?domain=bcbsde.com&toggle=browserjs&uid=MTY2NDMzMzY2NC44NTQyOjU0ODc3OTdhNDcxODE5NjdhMzczOWRhNDY2YzhmZmMwOTUzZGU0NDE3Y2Q5YTMwZDI2ZDNhZDhlMGIzNWNiYTE6NjMzM2I3NjBkMDg5OA%3D%3D HTTP/1.1
Host: bcbsde.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bcbsde.com/
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 28 Sep 2022 02:54:25 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Custom-Track: browserjs
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Access-Control-Allow-Origin: *
Content-Encoding: gzip
bcbsde.com/ls.php
185.53.179.170201 Created 0 B IP 185.53.179.170:0
ASN #61969 Team Internet AG
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
POST /ls.php HTTP/1.1
Host: bcbsde.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 2122
Origin: http://bcbsde.com
Connection: keep-alive
Referer: http://bcbsde.com/
HTTP/1.1 201 Created
Server: nginx
Date: Wed, 28 Sep 2022 02:54:25 GMT
Content-Type: text/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
X-Log-Success: 6333b761b66f5f54a343046c
Charset: utf-8
Access-Control-Allow-Origin: http://bcbsde.com
Access-Control-Allow-Methods: POST, OPTIONS
Access-Control-Max-Age: 86400
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_Z8KiYSjDkeREKYBmTd5H7HlLRUQtrv6lqno7WoMgRuYp9xTPA3LuLe5HLqkHLGk1I4RAjXZIWsu3UEKEPhgxHw==
bcbsde.com/favicon.ico
185.53.179.170200 OK 0 B IP 185.53.179.170:0
ASN #61969 Team Internet AG
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: bcbsde.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bcbsde.com/
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 28 Sep 2022 02:54:26 GMT
Content-Type: image/x-icon
Content-Length: 0
Connection: keep-alive
Last-Modified: Tue, 12 May 2020 14:25:52 GMT
ETag: "5ebab1f0-0"
Accept-Ranges: bytes
push.services.mozilla.com/
52.89.136.7101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.89.136.7:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: vWJ328HATLXgjxNfs/o3Gg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: u3K8ql2sNxGSXmaClcx6NZXzmeQ=
bcbsde.com/track.php?click=7d905f613654ea9b70e255b7bdd643a73d525fe6&domain=bcbsde.com&uid=MTY2NDMzMzY2NC44NTQyOjU0ODc3OTdhNDcxODE5NjdhMzczOWRhNDY2YzhmZmMwOTUzZGU0NDE3Y2Q5YTMwZDI2ZDNhZDhlMGIzNWNiYTE6NjMzM2I3NjBkMDg5OA%3D%3D&ts=fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMTF8fHx8fHw2MzMzYjc2MGQwODZmfHx8MTY2NDMzMzY2NS4xMjU0fDNhNGNjZjFlYjE4NzQwODEyOTdmODM4ZjQ2OWQwZmQ5OWNkZGIyNTR8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fHx8MHwwfHwwfHx8MHwwfFcxMD18fDF8VzEwPXw0ZmY4NmEyNmU0Y2M2OTY2MmQ4NTI2YzgzYjRiZTJjZjQwYWI2NDgyfDB8ZHAtdGVhbWludGVybmV0MDF8MHww&kw=&search=&pcat=&rxid=&bucket=&clientID=&adtest=off
185.53.179.170200 OK 20 B URL HTTP/1.1 bcbsde.com/track.php?click=7d905f613654ea9b70e255b7bdd643a73d525fe6&domain=bcbsde.com&uid=MTY2NDMzMzY2NC44NTQyOjU0ODc3OTdhNDcxODE5NjdhMzczOWRhNDY2YzhmZmMwOTUzZGU0NDE3Y2Q5YTMwZDI2ZDNhZDhlMGIzNWNiYTE6NjMzM2I3NjBkMDg5OA%3D%3D&ts=fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMTF8fHx8fHw2MzMzYjc2MGQwODZmfHx8MTY2NDMzMzY2NS4xMjU0fDNhNGNjZjFlYjE4NzQwODEyOTdmODM4ZjQ2OWQwZmQ5OWNkZGIyNTR8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fHx8MHwwfHwwfHx8MHwwfFcxMD18fDF8VzEwPXw0ZmY4NmEyNmU0Y2M2OTY2MmQ4NTI2YzgzYjRiZTJjZjQwYWI2NDgyfDB8ZHAtdGVhbWludGVybmV0MDF8MHww&kw=&search=&pcat=&rxid=&bucket=&clientID=&adtest=off
IP 185.53.179.170:0
ASN #61969 Team Internet AG
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /track.php?click=7d905f613654ea9b70e255b7bdd643a73d525fe6&domain=bcbsde.com&uid=MTY2NDMzMzY2NC44NTQyOjU0ODc3OTdhNDcxODE5NjdhMzczOWRhNDY2YzhmZmMwOTUzZGU0NDE3Y2Q5YTMwZDI2ZDNhZDhlMGIzNWNiYTE6NjMzM2I3NjBkMDg5OA%3D%3D&ts=fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMTF8fHx8fHw2MzMzYjc2MGQwODZmfHx8MTY2NDMzMzY2NS4xMjU0fDNhNGNjZjFlYjE4NzQwODEyOTdmODM4ZjQ2OWQwZmQ5OWNkZGIyNTR8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fHx8MHwwfHwwfHx8MHwwfFcxMD18fDF8VzEwPXw0ZmY4NmEyNmU0Y2M2OTY2MmQ4NTI2YzgzYjRiZTJjZjQwYWI2NDgyfDB8ZHAtdGVhbWludGVybmV0MDF8MHww&kw=&search=&pcat=&rxid=&bucket=&clientID=&adtest=off HTTP/1.1
Host: bcbsde.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bcbsde.com/
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 28 Sep 2022 02:54:26 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-View-Match: true
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Access-Control-Allow-Origin: *
Content-Encoding: gzip
irene-eux.com/zcvisitor/dc6a85a0-3ed8-11ed-8cbb-0a64941d2f6f/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=48292fd0-a8f7-11ec-b756-0a918cbcbb97
34.194.66.161200 996 B URL HTTP/1.1 irene-eux.com/zcvisitor/dc6a85a0-3ed8-11ed-8cbb-0a64941d2f6f/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=48292fd0-a8f7-11ec-b756-0a918cbcbb97
IP 34.194.66.161:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash ae0e0cafae3ded26628081b542c15564
f57cc7472aa99cab9ecf9fc1fb1b43fdd685643e
91307f46cd406817d95a66a2fbb8cc6ce23ac9efa0c45d274b98d58b2963af11
GET /zcvisitor/dc6a85a0-3ed8-11ed-8cbb-0a64941d2f6f/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=48292fd0-a8f7-11ec-b756-0a918cbcbb97 HTTP/1.1
Host: irene-eux.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bcbsde.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200
Date: Wed, 28 Sep 2022 02:54:26 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Server: xdooPevm
irene-eux.com/zcredirect?visitid=dc6a85a0-3ed8-11ed-8cbb-0a64941d2f6f&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false
34.194.66.161200 678 B URL HTTP/1.1 irene-eux.com/zcredirect?visitid=dc6a85a0-3ed8-11ed-8cbb-0a64941d2f6f&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false
IP 34.194.66.161:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 311afdb902e42b02fc8daf2c3466d79e
4022ee0b02e5b8b4d81f75881eb9f04aaf78e80f
439da5dd6e97b8873ee0323b094e01eeb6c678540d92580a1c2032cf3775f803
GET /zcredirect?visitid=dc6a85a0-3ed8-11ed-8cbb-0a64941d2f6f&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false HTTP/1.1
Host: irene-eux.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://irene-eux.com/zcvisitor/dc6a85a0-3ed8-11ed-8cbb-0a64941d2f6f/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=48292fd0-a8f7-11ec-b756-0a918cbcbb97
Upgrade-Insecure-Requests: 1
HTTP/1.1 200
Date: Wed, 28 Sep 2022 02:54:26 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
redirected: JS
Server: tQOLENWR
phygical-questall.icu/6be64591-2149-4be9-bf60-0855af35dc55?sourceid=foxtrot-saw-7l6nbj07a&match=&carrier=unknown&mob_pf=desktop_others&cpc=0.005000&clickid=zrdc6a85a03ed811ed8cbb0a64941d2f6fa2aea6f2bbd34354b1a90b0b02bab999067850c56352932573
18.193.235.10302 Found 0 B URL HTTP/2 phygical-questall.icu/6be64591-2149-4be9-bf60-0855af35dc55?sourceid=foxtrot-saw-7l6nbj07a&match=&carrier=unknown&mob_pf=desktop_others&cpc=0.005000&clickid=zrdc6a85a03ed811ed8cbb0a64941d2f6fa2aea6f2bbd34354b1a90b0b02bab999067850c56352932573
IP 18.193.235.10:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /6be64591-2149-4be9-bf60-0855af35dc55?sourceid=foxtrot-saw-7l6nbj07a&match=&carrier=unknown&mob_pf=desktop_others&cpc=0.005000&clickid=zrdc6a85a03ed811ed8cbb0a64941d2f6fa2aea6f2bbd34354b1a90b0b02bab999067850c56352932573 HTTP/1.1
Host: phygical-questall.icu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://irene-eux.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Wed, 28 Sep 2022 02:54:26 GMT
content-length: 0
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://yourxfriend.com/P/Norway.pink/index.html?cep=MUqJHHreez3kBA2_ScgYeC6eoutAaJglfBYtcfoqQAojX7ezhS8zv9numlrAR03Pu9LUdJor5aB7jtDI57c2bAelGlLE7lp3SSRAEfb5M8pBzoTNLRBH6TqGAr6TzBDIbF7Vvqgp-JjFMF8R9CFRwveWNUjYnB5jMrGKYz9n-TQEtMPs0KUuNXhARBSA0uaLYhX65Y4payB1oAG9e84cnmdiIaPSg2NM-JSSphUyfuwmleRbScPeLMibiTgTwci_ev1CpHMrtvG1t_rAhMiEi2oK3OeGE2EGhWMlJKxbBbnS04SjfDkRuCeb3T1bnppbs_a11sK_EyfoPjpQtLWIwMxkv2FR7jxCsHxhjXx_MoIcjIRFdPHf8A4XykAxE8LvrrOWqlogvlNJTkmm4wgbMHnS8ljYnb2is2zTKLOgk2F_aQH2I-d7ZTFrPX_gonRQj1ehxMvcKkpUNLr-FY9hCEmTs3pwUAnvLVCZmPOMSjgpgfueniAo166-4v0kZ5J3TqJCMb-euW6S7U9pl-qgeOWq3J45H9XslBbGHbXhGm-KK-24OP5NH_mX9-B8dJHzQamfagKS4L1je-c46ZJtnqAK1FgGQV1uiI-q5cV9ObY&lptoken=16a1648d337c54eb66c9&sourceid=foxtrot-saw-7l6nbj07a&match=&carrier=unknown&mob_pf=desktop_others&cpc=0.005000&clickid=zrdc6a85a03ed811ed8cbb0a64941d2f6fa2aea6f2bbd34354b1a90b0b02bab999067850c56352932573
pragma: no-cache
set-cookie: 6be64591-2149-4be9-bf60-0855af35dc55-v4=Y7SRx31NqltCHf707RsnyaNEg1RlmuXZGnfM0sNf4LA; Max-Age=86400; Expires=Thu, 29-Sep-2022 02:54:26 GMT; Domain=phygical-questall.icu; Path=/; Secure; HttpOnly;SameSite=None
cep-v4=qoqJOSdGcyk2NP81PQOecnMjfF52h3kvP_Pi4PlMyBTr31ODioHTfFm1LKVmmHyBvGYt3StCSjYU2QK--lp7y0gG3nFUI02xmCh_7zL4p0yRIsDaJrFrT4p1z4kK16qs9eAlxJmWEYIM4OCsVgWkSthz74_qX1n2Wo4xa4QdOltImhusHbScx4rtg1J9XE9ED2LlG-jbJkOZxdFx1huVre_88-gnklK7DKar1aWD0qswlE0CpSwx7YfP8Zl_zXmqIwVub_YY6JvyoInmG0BhFA_u8Gr3a9pP9SbmidqsUZPYhty_dE6Pu9oh3lgrM5EvBI_WQJXkCXo3FmQiHAXDv_ZUWHkOAYtZJhykzPklmoG8F9PV0BWTEXDIhKI2wl7QHckLAmRqocKjw5-nulMpASUyVieKTByEhvvqcn9am-LKXT0Tt4UeXUC4krvq536YWnP4-nMKq1X7uBwBpCa3bJZEY7f3oA0qU8uyV-6qBAGv7_yn09lSsgISaB4SPMQCTLyoRvFEDuhaLGcaBg4YVSwBwDrB8zXR1LVL6R5uYEkBnWZAHUpegTXCw7D4FYTDlISVho0KzI2Hh-RuzpOflv4hH7SKb6bdoy0djIwS7VI; Max-Age=86400; Expires=Thu, 29-Sep-2022 02:54:26 GMT; Domain=phygical-questall.icu; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8a6a84be45a996a741521a7247cfe886
a2a51de0d3c2295d2b5ca52d5bea022775bea2b3
f6dcd8a8159870d5945f7dddbed7e24b73187c50170e8b112bfe824d6d51eb7e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F6DCD8A8159870D5945F7DDDBED7E24B73187C50170E8B112BFE824D6D51EB7E"
Last-Modified: Tue, 27 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18463
Expires: Wed, 28 Sep 2022 08:02:09 GMT
Date: Wed, 28 Sep 2022 02:54:26 GMT
Connection: keep-alive
irene-eux.com/favicon.ico
34.194.66.161404 653 B URL HTTP/1.1 irene-eux.com/favicon.ico
IP 34.194.66.161:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (649), with no line terminators
Hash ba2732b1b2fa2626ffaa15f62f9e7d66
203d4e7fbb1d80449d6e4e1f3ae7a9bf8625debe
879861cb72fe9fbb476dab246021c4c83b4066327de2529e05ec54d3afb0a1c8
GET /favicon.ico HTTP/1.1
Host: irene-eux.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://irene-eux.com/zcredirect?visitid=dc6a85a0-3ed8-11ed-8cbb-0a64941d2f6f&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false
HTTP/1.1 404
Date: Wed, 28 Sep 2022 02:54:26 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 653
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Content-Language: en
Server: xyxHoeDY
yourxfriend.com/P/Norway.pink/index_files/showHide.js
178.79.185.229200 OK 968 B URL HTTP/2 yourxfriend.com/P/Norway.pink/index_files/showHide.js
IP 178.79.185.229:0
File type ASCII text, with CRLF line terminators
Hash 7109f78452f6397cd56fd73ffa527edc
15c7ed88f6cd5f9386f5d611b87a587405a5a550
b27bfc55915f79b6e29c951a31369870aee0ee6d11bbf738983121e9e9aff969
Analyzer Verdict Alert fortinet Phishing
GET /P/Norway.pink/index_files/showHide.js HTTP/1.1
Host: yourxfriend.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yourxfriend.com/P/Norway.pink/index.html?cep=MUqJHHreez3kBA2_ScgYeC6eoutAaJglfBYtcfoqQAojX7ezhS8zv9numlrAR03Pu9LUdJor5aB7jtDI57c2bAelGlLE7lp3SSRAEfb5M8pBzoTNLRBH6TqGAr6TzBDIbF7Vvqgp-JjFMF8R9CFRwveWNUjYnB5jMrGKYz9n-TQEtMPs0KUuNXhARBSA0uaLYhX65Y4payB1oAG9e84cnmdiIaPSg2NM-JSSphUyfuwmleRbScPeLMibiTgTwci_ev1CpHMrtvG1t_rAhMiEi2oK3OeGE2EGhWMlJKxbBbnS04SjfDkRuCeb3T1bnppbs_a11sK_EyfoPjpQtLWIwMxkv2FR7jxCsHxhjXx_MoIcjIRFdPHf8A4XykAxE8LvrrOWqlogvlNJTkmm4wgbMHnS8ljYnb2is2zTKLOgk2F_aQH2I-d7ZTFrPX_gonRQj1ehxMvcKkpUNLr-FY9hCEmTs3pwUAnvLVCZmPOMSjgpgfueniAo166-4v0kZ5J3TqJCMb-euW6S7U9pl-qgeOWq3J45H9XslBbGHbXhGm-KK-24OP5NH_mX9-B8dJHzQamfagKS4L1je-c46ZJtnqAK1FgGQV1uiI-q5cV9ObY&lptoken=16a1648d337c54eb66c9&sourceid=foxtrot-saw-7l6nbj07a&match=&carrier=unknown&mob_pf=desktop_others&cpc=0.005000&clickid=zrdc6a85a03ed811ed8cbb0a64941d2f6fa2aea6f2bbd34354b1a90b0b02bab999067850c56352932573
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 02:54:26 GMT
content-type: application/javascript
content-length: 968
last-modified: Mon, 22 Jun 2020 06:43:26 GMT
etag: "5ef0530e-3c8"
expires: Wed, 28 Sep 2022 14:54:26 GMT
cache-control: max-age=43200
accept-ranges: bytes
X-Firefox-Spdy: h2
yourxfriend.com/P/Norway.pink/index_files/202.gif
178.79.185.229200 OK 97 kB URL HTTP/2 yourxfriend.com/P/Norway.pink/index_files/202.gif
IP 178.79.185.229:0
File type GIF image data, version 89a, 300 x 500\012- data
Hash 25ebb1627ad5dbb997f9297e356c2d79
117e5fa1a0f3c277bc3daa2904f783e1179c3bff
ea4983c79201cb0347324267f55230935a8901d7a39ff3d87d0a41c711f1dde1
GET /P/Norway.pink/index_files/202.gif HTTP/1.1
Host: yourxfriend.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yourxfriend.com/P/Norway.pink/index.html?cep=MUqJHHreez3kBA2_ScgYeC6eoutAaJglfBYtcfoqQAojX7ezhS8zv9numlrAR03Pu9LUdJor5aB7jtDI57c2bAelGlLE7lp3SSRAEfb5M8pBzoTNLRBH6TqGAr6TzBDIbF7Vvqgp-JjFMF8R9CFRwveWNUjYnB5jMrGKYz9n-TQEtMPs0KUuNXhARBSA0uaLYhX65Y4payB1oAG9e84cnmdiIaPSg2NM-JSSphUyfuwmleRbScPeLMibiTgTwci_ev1CpHMrtvG1t_rAhMiEi2oK3OeGE2EGhWMlJKxbBbnS04SjfDkRuCeb3T1bnppbs_a11sK_EyfoPjpQtLWIwMxkv2FR7jxCsHxhjXx_MoIcjIRFdPHf8A4XykAxE8LvrrOWqlogvlNJTkmm4wgbMHnS8ljYnb2is2zTKLOgk2F_aQH2I-d7ZTFrPX_gonRQj1ehxMvcKkpUNLr-FY9hCEmTs3pwUAnvLVCZmPOMSjgpgfueniAo166-4v0kZ5J3TqJCMb-euW6S7U9pl-qgeOWq3J45H9XslBbGHbXhGm-KK-24OP5NH_mX9-B8dJHzQamfagKS4L1je-c46ZJtnqAK1FgGQV1uiI-q5cV9ObY&lptoken=16a1648d337c54eb66c9&sourceid=foxtrot-saw-7l6nbj07a&match=&carrier=unknown&mob_pf=desktop_others&cpc=0.005000&clickid=zrdc6a85a03ed811ed8cbb0a64941d2f6fa2aea6f2bbd34354b1a90b0b02bab999067850c56352932573
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 02:54:26 GMT
content-type: image/gif
content-length: 97168
last-modified: Wed, 18 Nov 2015 03:59:46 GMT
etag: "564bf7b2-17b90"
expires: Fri, 28 Oct 2022 02:54:26 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2
yourxfriend.com/P/Norway.pink/index_files/favicon.ico
178.79.185.229200 OK 1.2 kB URL HTTP/2 yourxfriend.com/P/Norway.pink/index_files/favicon.ico
IP 178.79.185.229:0
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash 8661b45538e3d8b664dd584cadc799ea
e1bd23cc6745f7c0f652434b0f1c29c62cd6345b
d97e8723706e1aa2d9bf203541f652df24527f48fc71238e2b3c1a50b5865fc4
GET /P/Norway.pink/index_files/favicon.ico HTTP/1.1
Host: yourxfriend.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yourxfriend.com/P/Norway.pink/index.html?cep=MUqJHHreez3kBA2_ScgYeC6eoutAaJglfBYtcfoqQAojX7ezhS8zv9numlrAR03Pu9LUdJor5aB7jtDI57c2bAelGlLE7lp3SSRAEfb5M8pBzoTNLRBH6TqGAr6TzBDIbF7Vvqgp-JjFMF8R9CFRwveWNUjYnB5jMrGKYz9n-TQEtMPs0KUuNXhARBSA0uaLYhX65Y4payB1oAG9e84cnmdiIaPSg2NM-JSSphUyfuwmleRbScPeLMibiTgTwci_ev1CpHMrtvG1t_rAhMiEi2oK3OeGE2EGhWMlJKxbBbnS04SjfDkRuCeb3T1bnppbs_a11sK_EyfoPjpQtLWIwMxkv2FR7jxCsHxhjXx_MoIcjIRFdPHf8A4XykAxE8LvrrOWqlogvlNJTkmm4wgbMHnS8ljYnb2is2zTKLOgk2F_aQH2I-d7ZTFrPX_gonRQj1ehxMvcKkpUNLr-FY9hCEmTs3pwUAnvLVCZmPOMSjgpgfueniAo166-4v0kZ5J3TqJCMb-euW6S7U9pl-qgeOWq3J45H9XslBbGHbXhGm-KK-24OP5NH_mX9-B8dJHzQamfagKS4L1je-c46ZJtnqAK1FgGQV1uiI-q5cV9ObY&lptoken=16a1648d337c54eb66c9&sourceid=foxtrot-saw-7l6nbj07a&match=&carrier=unknown&mob_pf=desktop_others&cpc=0.005000&clickid=zrdc6a85a03ed811ed8cbb0a64941d2f6fa2aea6f2bbd34354b1a90b0b02bab999067850c56352932573
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 02:54:26 GMT
content-type: image/x-icon
content-length: 1150
last-modified: Tue, 23 Jun 2020 07:30:53 GMT
etag: "5ef1afad-47e"
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 639785692dc29802e484e1e1d0ec86c4
cf81784351ce6302f540f491f893b44496809677
0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2450
Expires: Wed, 28 Sep 2022 03:35:16 GMT
Date: Wed, 28 Sep 2022 02:54:26 GMT
Connection: keep-alive
yourxfriend.com/P/Norway.pink/index_files/jquery.min.js
178.79.185.229200 OK 38 kB URL HTTP/2 yourxfriend.com/P/Norway.pink/index_files/jquery.min.js
IP 178.79.185.229:0
Hash b7243ce6ecd5f04189ca7a9ee2e3eba2
d8419d1f4a8787f7adf171d4d62eb925ea4e8a92
82bdee8c0f01752f501067f76e891fe7aa82d71ea5682fa5f270c3763a9bdd78
Analyzer Verdict Alert fortinet Phishing
GET /P/Norway.pink/index_files/jquery.min.js HTTP/1.1
Host: yourxfriend.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yourxfriend.com/P/Norway.pink/index.html?cep=MUqJHHreez3kBA2_ScgYeC6eoutAaJglfBYtcfoqQAojX7ezhS8zv9numlrAR03Pu9LUdJor5aB7jtDI57c2bAelGlLE7lp3SSRAEfb5M8pBzoTNLRBH6TqGAr6TzBDIbF7Vvqgp-JjFMF8R9CFRwveWNUjYnB5jMrGKYz9n-TQEtMPs0KUuNXhARBSA0uaLYhX65Y4payB1oAG9e84cnmdiIaPSg2NM-JSSphUyfuwmleRbScPeLMibiTgTwci_ev1CpHMrtvG1t_rAhMiEi2oK3OeGE2EGhWMlJKxbBbnS04SjfDkRuCeb3T1bnppbs_a11sK_EyfoPjpQtLWIwMxkv2FR7jxCsHxhjXx_MoIcjIRFdPHf8A4XykAxE8LvrrOWqlogvlNJTkmm4wgbMHnS8ljYnb2is2zTKLOgk2F_aQH2I-d7ZTFrPX_gonRQj1ehxMvcKkpUNLr-FY9hCEmTs3pwUAnvLVCZmPOMSjgpgfueniAo166-4v0kZ5J3TqJCMb-euW6S7U9pl-qgeOWq3J45H9XslBbGHbXhGm-KK-24OP5NH_mX9-B8dJHzQamfagKS4L1je-c46ZJtnqAK1FgGQV1uiI-q5cV9ObY&lptoken=16a1648d337c54eb66c9&sourceid=foxtrot-saw-7l6nbj07a&match=&carrier=unknown&mob_pf=desktop_others&cpc=0.005000&clickid=zrdc6a85a03ed811ed8cbb0a64941d2f6fa2aea6f2bbd34354b1a90b0b02bab999067850c56352932573
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 02:54:26 GMT
content-type: application/javascript
last-modified: Wed, 18 Nov 2015 03:59:46 GMT
vary: Accept-Encoding
etag: W/"564bf7b2-176f8"
expires: Wed, 28 Sep 2022 14:54:26 GMT
cache-control: max-age=43200
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 639785692dc29802e484e1e1d0ec86c4
cf81784351ce6302f540f491f893b44496809677
0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2450
Expires: Wed, 28 Sep 2022 03:35:16 GMT
Date: Wed, 28 Sep 2022 02:54:26 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8ffa6dde-b51e-43f8-bfcb-3f442d674928.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8ffa6dde-b51e-43f8-bfcb-3f442d674928.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6139c878a7d2bd32c61fc8287996eb5b
9c4692ea64832895fbd107d91f879728b6a440c7
3839df92f0a10c1433d5b576df50c9f7953912ae4f425012262f08ee8a59ce2e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8ffa6dde-b51e-43f8-bfcb-3f442d674928.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8500
x-amzn-requestid: af82c8d6-950c-4933-87e3-7bbb15cb1ac8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3e3HOaoAMFoPQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c5e-77e0ecc522de575e40f429b3;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:34:22 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: rD5LsVDLQkaomG1nCGZGihbdlWKMCjUYNC2kRyAjJesJEOEBSj8Q3A==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 0d4ebcaa87ba94709def0eaac9371e5a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:47:03 GMT
age: 18443
etag: "9c4692ea64832895fbd107d91f879728b6a440c7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5653a1a-a7d7-4b1e-a27e-4eb6b032901d.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5653a1a-a7d7-4b1e-a27e-4eb6b032901d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ee83d08d024d127fad5918e1ffacb78b
8ad289a77705358ab660b6123e9d90de991b6c13
aaab3590ef3777ce8b7a9a34f18866fa20ecaa554cbcdcdb3f1fa3c34c88ceb4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5653a1a-a7d7-4b1e-a27e-4eb6b032901d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11314
x-amzn-requestid: 9f410158-cd1a-45a9-9e86-4005b25577e4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3e4Hw7oAMFpAg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c5f-70683c681f22a3b6103fcb4a;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:34:23 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: l9IinQYCcQV_iymSArIEnOWgbmLlmVqz94402zcsmga5Bp3Sty7QRg==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 2f7934de1dfe281c3e4446892eab6462.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:40:49 GMT
age: 18817
etag: "8ad289a77705358ab660b6123e9d90de991b6c13"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c254fe7-b89c-4a2c-a79c-4a6a0fe2d17c.jpeg
34.120.237.76200 OK 7.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c254fe7-b89c-4a2c-a79c-4a6a0fe2d17c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ccfb4931d41ca01aa55b4b8e9ef6b4e1
2351d2547f4bd0aac45bb21a5aa8277e80ef15f2
89de9954ee2874b476c907810189812efe13234a46910180f34f68082429260f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c254fe7-b89c-4a2c-a79c-4a6a0fe2d17c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7020
x-amzn-requestid: 1258ee7b-987a-4454-8963-e76b7c1470f3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3e4EVxIAMFrmA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c5f-7a1fbaa251600686757f9583;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:34:23 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: VLZucSrpwv4p9vPso373WdFZsbrj-savmu1WPx7nkUuTDaZJ6NWzwg==
via: 1.1 d0387b833e3ca8cb748a1296b4b4bf2a.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:47:03 GMT
age: 18443
etag: "2351d2547f4bd0aac45bb21a5aa8277e80ef15f2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fad593ee0-d404-46e3-b129-229e09b263b0.png
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fad593ee0-d404-46e3-b129-229e09b263b0.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4b794c6812cb546de0295e087ebe66a7
a54803cca7d3c509c195f65961e1110c8ec56f55
6a207f75eb3951f3dea5252bc8d185cd604d3d657f15b838774e8087e91f37f5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fad593ee0-d404-46e3-b129-229e09b263b0.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12016
x-amzn-requestid: ec1b3715-5d0f-4045-aa5b-b70a55c81d72
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3e3EtyIAMFdZg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c5e-201dd1ef1426a09965c68dab;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:34:22 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: y3DefdcXJyoDHpJXwz460gfWcv2JUboOFExNQmTFgy30B4mn54Xvuw==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:44:30 GMT
age: 18596
etag: "a54803cca7d3c509c195f65961e1110c8ec56f55"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F02722822-e024-44b9-8ec1-48ec9500ca58.jpeg
34.120.237.76200 OK 9.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F02722822-e024-44b9-8ec1-48ec9500ca58.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f3e1fd3401c5e635a8dbeec5f78b721d
2142075b27d0d355c51231ab06fea46e25eb9c59
2e17a43985b624e6b6592d402c36dd45b915cd6e1ac84e187c18c46420eb9a1d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F02722822-e024-44b9-8ec1-48ec9500ca58.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9733
x-amzn-requestid: fff8214b-48f7-4b45-bd91-69ea4db871d6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZCAWhG9HIAMFloQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6330adc3-1cffa63711378c525e49e11d;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 19:36:35 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Vak91l2UKRnX0Go62y1yPwJ8E-Af7XBurmQATw5MSZXBqhUJrIgOCQ==
via: 1.1 0dc4feb22bb4657ce2bb95fd05ec7122.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 04:55:01 GMT
age: 79165
etag: "2142075b27d0d355c51231ab06fea46e25eb9c59"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff14e2acf-9d43-48bc-ab80-1dc73fa7dfc8.webp
34.120.237.76200 OK 5.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff14e2acf-9d43-48bc-ab80-1dc73fa7dfc8.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c301dff6ddda16fd64692c19173cfa8c
2afdfb716192540a61327137706462c53588bf23
fd0f33a778fec87dbfa323ffa6b24ca5f94aa16d102e62683ad54b759208058b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff14e2acf-9d43-48bc-ab80-1dc73fa7dfc8.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5377
x-amzn-requestid: 28ddd5cd-c299-4b36-98be-b6dbeaadc1ac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI4KRGo7oAMFUiQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336d74-27ebe6e974ee5b7d06227fca;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:39:00 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: _yH8kTWHHDU-LcnNz0fjoHkPhf6dRP7p7QydoE3DNu4fJhDpEkxPrg==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:50:17 GMT
age: 18249
etag: "2afdfb716192540a61327137706462c53588bf23"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc40456fc-e6ad-484b-8754-8b2b0e7abc7c.jpeg
34.120.237.76200 OK 5.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc40456fc-e6ad-484b-8754-8b2b0e7abc7c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1fa8cb4f4be5057788cd1a2a4d0e76d6
1aec1d67a36867bee8069a144fb1b0d95ff2cb54
5193131db8040ef254554d59109002ec7b8cfc2eab1e872b63e5f65db7cf5105
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc40456fc-e6ad-484b-8754-8b2b0e7abc7c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 5944
x-amzn-requestid: 040b4452-4120-4ae5-9ad2-c5b341abbb13
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI34BFdmIAMFmew=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336cff-103adde82b57535e4f3fb16a;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:37:04 GMT
x-amz-cf-pop: SEA73-P2, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: q03mXCSikJcsTBGqk1Xq7452EiDz4t9PFbp5Qj4xwobiFgqtPwGCBw==
via: 1.1 d2575afea3774df33dcf5e5ff475025e.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 23:06:54 GMT
age: 13659
etag: "1aec1d67a36867bee8069a144fb1b0d95ff2cb54"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
yourxfriend.com/P/Norway.pink/index_files/style.css
178.79.185.229200 OK 0 B URL HTTP/2 yourxfriend.com/P/Norway.pink/index_files/style.css
IP 178.79.185.229:0
GET /P/Norway.pink/index_files/style.css HTTP/1.1
Host: yourxfriend.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yourxfriend.com/P/Norway.pink/index.html?cep=MUqJHHreez3kBA2_ScgYeC6eoutAaJglfBYtcfoqQAojX7ezhS8zv9numlrAR03Pu9LUdJor5aB7jtDI57c2bAelGlLE7lp3SSRAEfb5M8pBzoTNLRBH6TqGAr6TzBDIbF7Vvqgp-JjFMF8R9CFRwveWNUjYnB5jMrGKYz9n-TQEtMPs0KUuNXhARBSA0uaLYhX65Y4payB1oAG9e84cnmdiIaPSg2NM-JSSphUyfuwmleRbScPeLMibiTgTwci_ev1CpHMrtvG1t_rAhMiEi2oK3OeGE2EGhWMlJKxbBbnS04SjfDkRuCeb3T1bnppbs_a11sK_EyfoPjpQtLWIwMxkv2FR7jxCsHxhjXx_MoIcjIRFdPHf8A4XykAxE8LvrrOWqlogvlNJTkmm4wgbMHnS8ljYnb2is2zTKLOgk2F_aQH2I-d7ZTFrPX_gonRQj1ehxMvcKkpUNLr-FY9hCEmTs3pwUAnvLVCZmPOMSjgpgfueniAo166-4v0kZ5J3TqJCMb-euW6S7U9pl-qgeOWq3J45H9XslBbGHbXhGm-KK-24OP5NH_mX9-B8dJHzQamfagKS4L1je-c46ZJtnqAK1FgGQV1uiI-q5cV9ObY&lptoken=16a1648d337c54eb66c9&sourceid=foxtrot-saw-7l6nbj07a&match=&carrier=unknown&mob_pf=desktop_others&cpc=0.005000&clickid=zrdc6a85a03ed811ed8cbb0a64941d2f6fa2aea6f2bbd34354b1a90b0b02bab999067850c56352932573
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 02:54:26 GMT
content-type: text/css
last-modified: Wed, 18 Nov 2015 03:59:44 GMT
vary: Accept-Encoding
etag: W/"564bf7b0-a71"
expires: Wed, 28 Sep 2022 14:54:26 GMT
cache-control: max-age=43200
content-encoding: gzip
X-Firefox-Spdy: h2
yourxfriend.com/P/Norway.pink/index.html?cep=MUqJHHreez3kBA2_ScgYeC6eoutAaJglfBYtcfoqQAojX7ezhS8zv9numlrAR03Pu9LUdJor5aB7jtDI57c2bAelGlLE7lp3SSRAEfb5M8pBzoTNLRBH6TqGAr6TzBDIbF7Vvqgp-JjFMF8R9CFRwveWNUjYnB5jMrGKYz9n-TQEtMPs0KUuNXhARBSA0uaLYhX65Y4payB1oAG9e84cnmdiIaPSg2NM-JSSphUyfuwmleRbScPeLMibiTgTwci_ev1CpHMrtvG1t_rAhMiEi2oK3OeGE2EGhWMlJKxbBbnS04SjfDkRuCeb3T1bnppbs_a11sK_EyfoPjpQtLWIwMxkv2FR7jxCsHxhjXx_MoIcjIRFdPHf8A4XykAxE8LvrrOWqlogvlNJTkmm4wgbMHnS8ljYnb2is2zTKLOgk2F_aQH2I-d7ZTFrPX_gonRQj1ehxMvcKkpUNLr-FY9hCEmTs3pwUAnvLVCZmPOMSjgpgfueniAo166-4v0kZ5J3TqJCMb-euW6S7U9pl-qgeOWq3J45H9XslBbGHbXhGm-KK-24OP5NH_mX9-B8dJHzQamfagKS4L1je-c46ZJtnqAK1FgGQV1uiI-q5cV9ObY&lptoken=16a1648d337c54eb66c9&sourceid=foxtrot-saw-7l6nbj07a&match=&carrier=unknown&mob_pf=desktop_others&cpc=0.005000&clickid=zrdc6a85a03ed811ed8cbb0a64941d2f6fa2aea6f2bbd34354b1a90b0b02bab999067850c56352932573
178.79.185.229200 OK 0 B URL HTTP/2 yourxfriend.com/P/Norway.pink/index.html?cep=MUqJHHreez3kBA2_ScgYeC6eoutAaJglfBYtcfoqQAojX7ezhS8zv9numlrAR03Pu9LUdJor5aB7jtDI57c2bAelGlLE7lp3SSRAEfb5M8pBzoTNLRBH6TqGAr6TzBDIbF7Vvqgp-JjFMF8R9CFRwveWNUjYnB5jMrGKYz9n-TQEtMPs0KUuNXhARBSA0uaLYhX65Y4payB1oAG9e84cnmdiIaPSg2NM-JSSphUyfuwmleRbScPeLMibiTgTwci_ev1CpHMrtvG1t_rAhMiEi2oK3OeGE2EGhWMlJKxbBbnS04SjfDkRuCeb3T1bnppbs_a11sK_EyfoPjpQtLWIwMxkv2FR7jxCsHxhjXx_MoIcjIRFdPHf8A4XykAxE8LvrrOWqlogvlNJTkmm4wgbMHnS8ljYnb2is2zTKLOgk2F_aQH2I-d7ZTFrPX_gonRQj1ehxMvcKkpUNLr-FY9hCEmTs3pwUAnvLVCZmPOMSjgpgfueniAo166-4v0kZ5J3TqJCMb-euW6S7U9pl-qgeOWq3J45H9XslBbGHbXhGm-KK-24OP5NH_mX9-B8dJHzQamfagKS4L1je-c46ZJtnqAK1FgGQV1uiI-q5cV9ObY&lptoken=16a1648d337c54eb66c9&sourceid=foxtrot-saw-7l6nbj07a&match=&carrier=unknown&mob_pf=desktop_others&cpc=0.005000&clickid=zrdc6a85a03ed811ed8cbb0a64941d2f6fa2aea6f2bbd34354b1a90b0b02bab999067850c56352932573
IP 178.79.185.229:0
GET /P/Norway.pink/index.html?cep=MUqJHHreez3kBA2_ScgYeC6eoutAaJglfBYtcfoqQAojX7ezhS8zv9numlrAR03Pu9LUdJor5aB7jtDI57c2bAelGlLE7lp3SSRAEfb5M8pBzoTNLRBH6TqGAr6TzBDIbF7Vvqgp-JjFMF8R9CFRwveWNUjYnB5jMrGKYz9n-TQEtMPs0KUuNXhARBSA0uaLYhX65Y4payB1oAG9e84cnmdiIaPSg2NM-JSSphUyfuwmleRbScPeLMibiTgTwci_ev1CpHMrtvG1t_rAhMiEi2oK3OeGE2EGhWMlJKxbBbnS04SjfDkRuCeb3T1bnppbs_a11sK_EyfoPjpQtLWIwMxkv2FR7jxCsHxhjXx_MoIcjIRFdPHf8A4XykAxE8LvrrOWqlogvlNJTkmm4wgbMHnS8ljYnb2is2zTKLOgk2F_aQH2I-d7ZTFrPX_gonRQj1ehxMvcKkpUNLr-FY9hCEmTs3pwUAnvLVCZmPOMSjgpgfueniAo166-4v0kZ5J3TqJCMb-euW6S7U9pl-qgeOWq3J45H9XslBbGHbXhGm-KK-24OP5NH_mX9-B8dJHzQamfagKS4L1je-c46ZJtnqAK1FgGQV1uiI-q5cV9ObY&lptoken=16a1648d337c54eb66c9&sourceid=foxtrot-saw-7l6nbj07a&match=&carrier=unknown&mob_pf=desktop_others&cpc=0.005000&clickid=zrdc6a85a03ed811ed8cbb0a64941d2f6fa2aea6f2bbd34354b1a90b0b02bab999067850c56352932573 HTTP/1.1
Host: yourxfriend.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://irene-eux.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 02:54:26 GMT
content-type: text/html
last-modified: Wed, 04 Nov 2020 03:33:59 GMT
vary: Accept-Encoding
etag: W/"5fa22127-264a"
content-encoding: gzip
X-Firefox-Spdy: h2