sfile.mobi/download/1147585/16476/61c07c92e0ac23583192f8402023c1d7/am-cc-10july-satriyaid.apk&is=632c5978638a6a87eda378c2d0c88ee8
104.26.4.191301 Moved Permanently 0 B URL HTTP/1.1 sfile.mobi/download/1147585/16476/61c07c92e0ac23583192f8402023c1d7/am-cc-10july-satriyaid.apk&is=632c5978638a6a87eda378c2d0c88ee8
IP 104.26.4.191:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /download/1147585/16476/61c07c92e0ac23583192f8402023c1d7/am-cc-10july-satriyaid.apk&is=632c5978638a6a87eda378c2d0c88ee8 HTTP/1.1
Host: sfile.mobi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sat, 28 Jan 2023 11:45:24 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 28 Jan 2023 12:45:24 GMT
Location: https://sfile.mobi/download/1147585/16476/61c07c92e0ac23583192f8402023c1d7/am-cc-10july-satriyaid.apk&is=632c5978638a6a87eda378c2d0c88ee8
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jvYZsn%2F59LDMlWGLWMHC4GCBXfDjpSnbGeDLX7TiVSEjHLQE410J9lpfezJLOYjUW%2FTrezvhjBketQn%2BP5JT9Hww9%2Fyco4XPg8z5e3JB%2BoOAIXfCmrsxnwKLfjI%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79097b4e9bb3b509-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9fbe85f42e8ae8ae41cc12df5f98b141
949fa36ff0f22f72565fd584bef094dd4de23037
184d3e4df4bce559b4d7c4836372f5fd2de9782a96b04d364230b7d695d737d8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "184D3E4DF4BCE559B4D7C4836372F5FD2DE9782A96B04D364230B7D695D737D8"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6834
Expires: Sat, 28 Jan 2023 13:39:18 GMT
Date: Sat, 28 Jan 2023 11:45:24 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 81dd5c5cc5b3278876cb44dcb520a60f
c0511a59e9eccdcdda98717b87c89c5d59974808
41736c303afdb3d31e48724b107dcb22883cae02f3562308eb52d9164001a2de
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "41736C303AFDB3D31E48724B107DCB22883CAE02F3562308EB52D9164001A2DE"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6010
Expires: Sat, 28 Jan 2023 13:25:34 GMT
Date: Sat, 28 Jan 2023 11:45:24 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Backoff, Content-Length, Alert, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 28 Jan 2023 11:43:05 GMT
content-type: application/json
age: 139
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 69f73ac59327cd9ad7d99816ccfcc03e
c54844f82dbee0d5ee4c8ce344eb0139373e6c6b
e81c685b2d8f0e31b89e5cfc911a2c5a99a556646830ac5a8468d991b5e871a3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E81C685B2D8F0E31B89E5CFC911A2C5A99A556646830AC5A8468D991B5E871A3"
Last-Modified: Thu, 26 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15010
Expires: Sat, 28 Jan 2023 15:55:34 GMT
Date: Sat, 28 Jan 2023 11:45:24 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: CQsB60GDRwganphirA3TuIg3QjZk5plkWrUX8RkRwWBTc6eX/MHtY0YnVklBEEd4ItG146DQtsE=
x-amz-request-id: GBFFB9MWDDS7DS6M
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 28 Jan 2023 11:20:57 GMT
age: 1467
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 11:45:24 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 3af1eafd1b3167f6f41ad3af37c9f688
2e88a3a8ae01e09ad4c1aee9332a4e817f7640b7
91e675b9e96d525d03b2fa484870c7b78c67273e1a22c0615c27e6d85df8fcb5
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "91E675B9E96D525D03B2FA484870C7B78C67273E1A22C0615C27E6D85DF8FCB5"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21569
Expires: Sat, 28 Jan 2023 17:44:53 GMT
Date: Sat, 28 Jan 2023 11:45:24 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Last-Modified, Pragma, ETag, Retry-After, Content-Type, Content-Length, Expires, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 28 Jan 2023 10:49:03 GMT
age: 3382
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 16a7b6a7128312e2f985d30df18c4487
6017bff79ffb525d9c7f9f32b999b74b5dc69602
663fd12209627f08e759c2ed1c76278a5da79dae1e0b46082dd1bb44775f7a16
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "663FD12209627F08E759C2ED1C76278A5DA79DAE1E0B46082DD1BB44775F7A16"
Last-Modified: Fri, 27 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19341
Expires: Sat, 28 Jan 2023 17:07:46 GMT
Date: Sat, 28 Jan 2023 11:45:25 GMT
Connection: keep-alive
sfile.mobi/includes/adsby.js
104.26.4.191200 OK 13 B URL HTTP/2 sfile.mobi/includes/adsby.js
IP 104.26.4.191:0
File type ASCII text, with no line terminators
Hash c5f96fbf51ae71c2ab29237fa415bbf8
5f9cbbf13fe8e1775c3b8a99a7cc92ba5a32b81f
4b788930a60496876be01bf2dbc9e79d1ce226545438697f5333a4bf57f952d4
GET /includes/adsby.js HTTP/1.1
Host: sfile.mobi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sfile.mobi/DdcUkwKlO07
Cookie: PHPSESSID=2c08mhlomrp9q1o17gd44bqorb
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 11:45:25 GMT
content-type: application/javascript; charset=utf-8
content-length: 13
cache-control: max-age=604800
cf-bgj: minify
cf-polished: origSize=15
etag: "f-5b3f44e345d40"
expires: Thu, 02 Feb 2023 20:03:35 GMT
last-modified: Fri, 13 Nov 2020 03:05:49 GMT
vary: User-Agent, Accept-Encoding
x-frame-options: DENY
cf-cache-status: HIT
age: 142910
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3K8lN%2BgHyEZjhP6yudKb9ZmSL0p12xMT71fWLY97qs%2BcQuki%2FtY%2BtykBbnxRkW3PMPiU4Of4sCJllcWV7ubpfpuI5YZ3yc7nMW5Xevf1fO4sBucutiS2oeSx0oI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79097b55ddc50b51-OSL
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
104.17.24.14200 OK 5.6 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
IP 104.17.24.14:0
File type ASCII text, with very long lines (30837)
Hash 109d1ed85cd01f9cdab73a4cac5bf80d
d6c6498ad46de2d8e2008a8ff68e364ae7f16b32
8b3a74fe462f5b3c0635995fd721a60eb640e237680b0b532b96711f2823e8bc
GET /ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sfile.mobi/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 11:45:25 GMT
content-type: text/css; charset=utf-8
content-length: 5631
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e5f-7918"
last-modified: Mon, 04 May 2020 16:10:07 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 133361
expires: Thu, 18 Jan 2024 11:45:25 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7hbwfvBHKakEykWKBYCwYKVC3LGlUPukQD47OB8SShFOynAgaOU51Wcg0HnXghyYWg3Mu8%2BSqxZJLfMZWnzwpWDzBJ5orH9fGUsvyi0rzS%2FGmiLMP3w9Wjpn67bqVGrlkTlLpQhY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 79097b560cc2b509-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
sfile.mobi/icon/smallicon/apk.svg
104.26.4.191200 OK 78 kB URL HTTP/2 sfile.mobi/icon/smallicon/apk.svg
IP 104.26.4.191:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (2453), with no line terminators
Hash e9d1e7bdd63d0dfcab8c65013be2e50d
7c3ae7535b5bf481804c9635af84f57ee50c2e5e
0a557a20ef9c26141ea9c6f0b71074c036971814b0643d640b8b76379183a5cb
Analyzer Verdict Alert fortinet Malware
GET /icon/smallicon/apk.svg HTTP/1.1
Host: sfile.mobi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sfile.mobi/DdcUkwKlO07
Cookie: PHPSESSID=2c08mhlomrp9q1o17gd44bqorb
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 11:45:25 GMT
content-type: image/svg+xml
last-modified: Sun, 23 Jul 2017 05:51:20 GMT
etag: W/"995-554f5afff0600-gzip"
cache-control: max-age=604800
expires: Sun, 29 Jan 2023 02:02:21 GMT
vary: Accept-Encoding,User-Agent
x-frame-options: DENY
cf-cache-status: HIT
age: 553383
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g7w7oBN2xScr03ausEkFwIoF3fe2ufG4WiyCXRtX%2Bw8x3opV%2B4umBvye%2FHpCWZ3PNOzjYROEUAUdtG6mDYf2r653I1bsXeWQu%2BvBCfoTArK38eDL1owpUA5lVDU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79097b55ddc90b51-OSL
content-encoding: br
X-Firefox-Spdy: h2
push.services.mozilla.com/
44.237.169.181101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 44.237.169.181:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: jMxhhAFdCj8C6EWKYm5T9g==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: kxVXZXVHut6BbekUjQtWMKHbwsw=
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 36147c185553851c38547798733a9fb2
912ec40237eae2ed558d09103c86c41f87896eca
a4fd9090983c75e1b7faf5ea9439532f51d747faf1853138ac13bdaafa490246
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 11:45:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/j/collect?v=1&_v=j99&a=1077288958&t=pageview&_s=1&dl=https%3A%2F%2Fsfile.mobi%2FDdcUkwKlO07&ul=en-us&de=UTF-8&dt=AM%20CC%2010July%20SatriyaID%20.%20apk&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=IEBAAEABAAAAACAAI~&jid=623682138&gjid=1709976023&cid=512150257.1674906328&tid=UA-103187360-1&_gid=634900834.1674906328&_r=1&_slc=1&z=467713931
216.239.36.178200 OK 2 B URL HTTP/2 www.google-analytics.com/j/collect?v=1&_v=j99&a=1077288958&t=pageview&_s=1&dl=https%3A%2F%2Fsfile.mobi%2FDdcUkwKlO07&ul=en-us&de=UTF-8&dt=AM%20CC%2010July%20SatriyaID%20.%20apk&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=IEBAAEABAAAAACAAI~&jid=623682138&gjid=1709976023&cid=512150257.1674906328&tid=UA-103187360-1&_gid=634900834.1674906328&_r=1&_slc=1&z=467713931
IP 216.239.36.178:0
File type ASCII text, with no line terminators
Hash 38684612f0c6bb6dfa16da92f4a6878f
6fe62d0dd7db314b7f9bb945672f078e01d27f0f
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
POST /j/collect?v=1&_v=j99&a=1077288958&t=pageview&_s=1&dl=https%3A%2F%2Fsfile.mobi%2FDdcUkwKlO07&ul=en-us&de=UTF-8&dt=AM%20CC%2010July%20SatriyaID%20.%20apk&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=IEBAAEABAAAAACAAI~&jid=623682138&gjid=1709976023&cid=512150257.1674906328&tid=UA-103187360-1&_gid=634900834.1674906328&_r=1&_slc=1&z=467713931 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://sfile.mobi
Connection: keep-alive
Referer: https://sfile.mobi/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://sfile.mobi
date: Sat, 28 Jan 2023 11:45:25 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 36147c185553851c38547798733a9fb2
912ec40237eae2ed558d09103c86c41f87896eca
a4fd9090983c75e1b7faf5ea9439532f51d747faf1853138ac13bdaafa490246
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 11:45:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
sfile.mobi/includes/fonts/raleway-v14-latin-regular.woff2
104.26.4.191200 OK 21 kB URL HTTP/2 sfile.mobi/includes/fonts/raleway-v14-latin-regular.woff2
IP 104.26.4.191:0
File type Web Open Font Format (Version 2), TrueType, length 20724, version 1.0\012- data
Hash 43c849ea0258ce0d23a480e840881f16
5222f2283ff9eed9c05025b15dcca453a43cb8c3
b3287a4018a220fe4a205c68bbb34a847fe5038c5dfbe575dd538df025b0497a
GET /includes/fonts/raleway-v14-latin-regular.woff2 HTTP/1.1
Host: sfile.mobi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://sfile.mobi/DdcUkwKlO07
Cookie: PHPSESSID=2c08mhlomrp9q1o17gd44bqorb
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 11:45:25 GMT
content-length: 20724
last-modified: Mon, 26 Aug 2019 01:13:52 GMT
etag: "50f4-590fade753400"
cache-control: max-age=604800
expires: Sat, 04 Feb 2023 11:45:25 GMT
x-frame-options: DENY
vary: User-Agent, Accept-Encoding
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IM8mh9XtHI72pot4sdDX9dCR%2Fy%2BadMIjRVZvscNTiniWOW3UZjPoyStn8FgHQAUxdC3pDikVowghVhlFe2gB7LhZgGwVIfiT5E2dThNvKqJCkqBH3QuAkkJEOa8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79097b564e250b51-OSL
X-Firefox-Spdy: h2
sfile.mobi/icon/sfile-icon-192x192.png
104.26.4.191200 OK 10 kB URL HTTP/2 sfile.mobi/icon/sfile-icon-192x192.png
IP 104.26.4.191:0
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash c657c0b27e6a3e98ae2736eab216cdb3
2eab135276b13dc87bdd3314ad8d7462e8246d35
5c9d9f4629d28f3fda7ccf4bae7bf6c53285686854a238b9ac0f2bac00836cb3
GET /icon/sfile-icon-192x192.png HTTP/1.1
Host: sfile.mobi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sfile.mobi/DdcUkwKlO07
Cookie: PHPSESSID=2c08mhlomrp9q1o17gd44bqorb; _ga=GA1.2.512150257.1674906328; _gid=GA1.2.634900834.1674906328; _gat=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 11:45:26 GMT
content-type: image/png
content-length: 10001
cache-control: max-age=2592000
cf-bgj: imgq:100,h2pri
cf-polished: origSize=11566, status=vary_header_present
etag: "2d2e-572ecea29a780"
expires: Sat, 18 Feb 2023 04:02:02 GMT
last-modified: Wed, 08 Aug 2018 13:59:10 GMT
vary: User-Agent, Accept-Encoding
x-frame-options: DENY
cf-cache-status: HIT
age: 805404
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VcQQ%2B2zvZ8zWTMA3WzVY9y5DZD53r0vS0icTMJn8dubyj6Gq9cYAozBrL0Dpy6DoKxhI2nbq6nWGcGBI1qCdChPJHnWK59PDIVmQChkRc0Pj%2FxA3i53%2FXfTHDAU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79097b5978a70b51-OSL
X-Firefox-Spdy: h2
sfile.mobi/icon/sfile-favicon.png
104.26.4.191200 OK 1.6 kB URL HTTP/2 sfile.mobi/icon/sfile-favicon.png
IP 104.26.4.191:0
File type PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash 5c95ba8563fa6c88c0a431fc97b8175b
52d10299240136ff498c6dae3847662f9953d150
3438b8c9e88b10b9ea2cd353929ab4d345d679a842313c78123b25c290bb7902
GET /icon/sfile-favicon.png HTTP/1.1
Host: sfile.mobi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sfile.mobi/DdcUkwKlO07
Cookie: PHPSESSID=2c08mhlomrp9q1o17gd44bqorb; _ga=GA1.2.512150257.1674906328; _gid=GA1.2.634900834.1674906328; _gat=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 11:45:26 GMT
content-type: image/png
content-length: 1626
cache-control: max-age=2592000
cf-bgj: imgq:100,h2pri
cf-polished: origSize=2055, status=vary_header_present
etag: "807-554f42e2ce1c0"
expires: Thu, 02 Feb 2023 20:24:21 GMT
last-modified: Sun, 23 Jul 2017 04:03:27 GMT
vary: User-Agent, Accept-Encoding
x-frame-options: DENY
cf-cache-status: HIT
age: 2128865
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qYImFYAIDAOX0p96BqqqCEE7hCrkY6ouXqiFBkrlnzLJqcQBuUatwlFuxs2e3eB5WyiDOLM%2BOv62UjjENHIxyIVXFO13l4rHWqqLMkWMpgEq4IpZBE2zM85koik%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79097b5978a80b51-OSL
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash e7ebbff54ced2c07469b302fc6d44078
f59983c844c398bd37705051ca685b2d07d85726
04eb3bd7658c1112bfc1d0098e8d7f5fafdb10459e3290c0d4e6a17e65a5494f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 11:45:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash e7ebbff54ced2c07469b302fc6d44078
f59983c844c398bd37705051ca685b2d07d85726
04eb3bd7658c1112bfc1d0098e8d7f5fafdb10459e3290c0d4e6a17e65a5494f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 11:45:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8624516704918086
142.250.74.130200 OK 50 kB URL HTTP/2 pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8624516704918086
IP 142.250.74.130:0
File type ASCII text, with very long lines (3642)
Hash 3b02f0432679ea5ed651a8b4083fcfe0
25e4b4966e0101b3a1543b036548211b67c0cd8a
ca96db4e999d3f8a9145e0ab6c7c17adab25202b97b5305b56cceb76920cf2de
GET /pagead/js/adsbygoogle.js?client=ca-pub-8624516704918086 HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://sfile.mobi
Connection: keep-alive
Referer: https://sfile.mobi/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sat, 28 Jan 2023 11:45:26 GMT
expires: Sat, 28 Jan 2023 11:45:26 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 6372453721985578587
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 50316
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
sfile.mobi/icon/smallicon/txt.svg
104.26.4.191200 OK 5.3 kB URL HTTP/2 sfile.mobi/icon/smallicon/txt.svg
IP 104.26.4.191:0
File type SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash ffb8dc9b77838b6686d7c17060ef1db4
43e07b6951032a528107a8b14454ff7f392bf0ba
8dc99a07c1d9401bf6d2f61b22be1e376c047dee4a9d476d9d4a9b68a48817a7
Analyzer Verdict Alert fortinet Malware
GET /icon/smallicon/txt.svg HTTP/1.1
Host: sfile.mobi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sfile.mobi/DdcUkwKlO07
Cookie: PHPSESSID=2c08mhlomrp9q1o17gd44bqorb
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 11:45:25 GMT
content-type: image/svg+xml
last-modified: Sun, 23 Jul 2017 04:35:21 GMT
etag: W/"c81-554f4a0423440-gzip"
cache-control: max-age=604800
expires: Thu, 02 Feb 2023 18:31:55 GMT
vary: Accept-Encoding,User-Agent
x-frame-options: DENY
cf-cache-status: HIT
age: 148409
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bK6Yl2CFiewCdLjL3fCnyQhCoTP%2FqUaPSUBQ8e13dQenevFjLIquj7b5Ryd4av7M6iuX1b3wFKsLLTJ7BhWDP5LNMkadf1R%2FZCbrRO%2FATcFluy7Kw6%2BjGpUorKM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79097b55fde20b51-OSL
content-encoding: br
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&url=https%3A%2F%2Fsfile.mobi%2FDdcUkwKlO07&tn=DIV&cls=w3-top&ign=false&pw=1280&ph=939&x=0&y=0
142.250.74.130204 No Content 0 B URL HTTP/2 pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&url=https%3A%2F%2Fsfile.mobi%2FDdcUkwKlO07&tn=DIV&cls=w3-top&ign=false&pw=1280&ph=939&x=0&y=0
IP 142.250.74.130:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pagead/gen_204?id=ach_evt&url=https%3A%2F%2Fsfile.mobi%2FDdcUkwKlO07&tn=DIV&cls=w3-top&ign=false&pw=1280&ph=939&x=0&y=0 HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sfile.mobi/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 28 Jan 2023 11:45:26 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 4abb97e5fd107cb87b896feb33a2159b
757fc267c534b8f5191f97d4c6dce60753e965f2
88d691d314752499a884e54232b88c0d19e4c8163236851b99a0b0d3ac0d7f8a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 11:45:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash c083fb68af37d6c700a3fa4eb04a29cb
9b3ff3c9c0bd7dc448eb18e74ddc029f7c18dc9a
3ea0d4252ad90ee13a6b23ebd1144639f7bb73e4d96ef2590b21a155809e65e2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 11:45:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash ab04da9bc46246cc0001464e7f6b5e19
01ce4f7004aec7a24d4545a1e742ab6a1e639b48
22e519a39cb2e7e5f6da23d35f4498aa7a2d00e06613fd3bbf8de8a62ed2d354
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 11:45:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
partner.googleadservices.com/gampad/cookie.js?domain=sfile.mobi&callback=_gfp_s_&client=ca-pub-8624516704918086
216.58.207.226200 OK 250 B URL HTTP/2 partner.googleadservices.com/gampad/cookie.js?domain=sfile.mobi&callback=_gfp_s_&client=ca-pub-8624516704918086
IP 216.58.207.226:0
File type ASCII text, with very long lines (387), with no line terminators
Hash e80e5a096c2bcd827fce2336b63dff62
4fd540bbd23774f4ee35f0d40159aad8cd9d53a3
4a278390e1a2987f5605ca418845f485979da505f29e097641a52671c5001d5a
GET /gampad/cookie.js?domain=sfile.mobi&callback=_gfp_s_&client=ca-pub-8624516704918086 HTTP/1.1
Host: partner.googleadservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sfile.mobi/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sat, 28 Jan 2023 11:45:26 GMT
server: cafe
cache-control: private
content-length: 250
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
adservice.google.no/adsid/integrator.js?domain=sfile.mobi
142.250.74.2200 OK 100 B URL HTTP/2 adservice.google.no/adsid/integrator.js?domain=sfile.mobi
IP 142.250.74.2:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=sfile.mobi HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sfile.mobi/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sat, 28 Jan 2023 11:45:26 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
adservice.google.com/adsid/integrator.js?domain=sfile.mobi
142.250.74.2200 OK 100 B URL HTTP/2 adservice.google.com/adsid/integrator.js?domain=sfile.mobi
IP 142.250.74.2:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=sfile.mobi HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sfile.mobi/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sat, 28 Jan 2023 11:45:26 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 4abb97e5fd107cb87b896feb33a2159b
757fc267c534b8f5191f97d4c6dce60753e965f2
88d691d314752499a884e54232b88c0d19e4c8163236851b99a0b0d3ac0d7f8a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 11:45:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash c083fb68af37d6c700a3fa4eb04a29cb
9b3ff3c9c0bd7dc448eb18e74ddc029f7c18dc9a
3ea0d4252ad90ee13a6b23ebd1144639f7bb73e4d96ef2590b21a155809e65e2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 11:45:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash ab04da9bc46246cc0001464e7f6b5e19
01ce4f7004aec7a24d4545a1e742ab6a1e639b48
22e519a39cb2e7e5f6da23d35f4498aa7a2d00e06613fd3bbf8de8a62ed2d354
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 11:45:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11553
Expires: Sat, 28 Jan 2023 14:57:59 GMT
Date: Sat, 28 Jan 2023 11:45:26 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11553
Expires: Sat, 28 Jan 2023 14:57:59 GMT
Date: Sat, 28 Jan 2023 11:45:26 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11553
Expires: Sat, 28 Jan 2023 14:57:59 GMT
Date: Sat, 28 Jan 2023 11:45:26 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg
34.120.237.76200 OK 4.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4205d8106659e00fff1cbe9262918b8c
ab4f6528594a1725934727dc7d834c028a79c609
31f1a28602a194bd0856495d4d81d5c72cd7ff4e5bad6bdd1a31ec3041f4a2cc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4475
x-amzn-requestid: b7b272d6-3089-4f33-89b5-5cb388640e10
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_e6HsaIAMF5Lg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d445f8-1789f7f4264270916da323db;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:45:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hAzO-IMqc1CFpiBAlRl8seIYL9UonyrBMATibovyFq5kEuaweY_VyA==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:56:46 GMT
age: 49720
etag: "ab4f6528594a1725934727dc7d834c028a79c609"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb781854-72d1-4a71-a095-0416f886f570.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb781854-72d1-4a71-a095-0416f886f570.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 131eb343c5abd61939457d69bd371348
ffb2035cf64fc83f01db5c6f26ffa264b6aac95b
8486eb9dc6325018f8721bc6f37408f260b6e652b145280f2d778d860d3ec2d5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb781854-72d1-4a71-a095-0416f886f570.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7538
x-amzn-requestid: 113924cc-a196-4dbd-91d9-68c213265afe
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e3fobF-ZoAMFjjA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c61302-6b24941a642b22cf21e47dc0;Sampled=0
x-amzn-remapped-date: Tue, 17 Jan 2023 03:16:18 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 2P09wOtKPDHjxxAuzcLFMQJwmGN1zNJcH9LA6IJpeaGiaPVRF4y-TA==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 22:14:23 GMT
age: 48663
etag: "ffb2035cf64fc83f01db5c6f26ffa264b6aac95b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdeb12df7-074b-4044-bdbe-0e07bccbc8e9.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdeb12df7-074b-4044-bdbe-0e07bccbc8e9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0ed1a0bd725b2078b4cfe4ed83877901
62493ca03be9870aac2341e033611a6d56bd322a
706e84bc63fd98acaeb72789239af3210ae6e3910e6589d92a25899dc9059dfc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdeb12df7-074b-4044-bdbe-0e07bccbc8e9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12397
x-amzn-requestid: e8436997-696d-483a-b03a-a84e7ca614ea
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_T5HbzoAMFXsw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d445b2-1c2ccd0a187d0a3e2f6a59cc;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:44:18 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: lmLHc8fKQYUpq9B-GyOQ0FKzhxi0ToTEPA7cu6JnQftgDFDNV8USvw==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:56:37 GMT
etag: "62493ca03be9870aac2341e033611a6d56bd322a"
content-type: image/jpeg
age: 49729
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe3237aa3-30cf-4312-861c-8d923987ed4b.jpeg
34.120.237.76200 OK 8.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe3237aa3-30cf-4312-861c-8d923987ed4b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 335cb821617fe98e993190c93c616f86
130b6f6d592f3ab052015656653a1b3ac259599d
ee90912b731ff31e52ccd404bf45ec6b6d3802247a29f9397eed153ab709df96
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe3237aa3-30cf-4312-861c-8d923987ed4b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8569
x-amzn-requestid: d97c9436-5e2d-42a2-ad40-84c7776cdac3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_rVFA_oAMF-2A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d44648-03ff23d6072683a067472191;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:46:48 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: FuvSHsmeURS0TVrB-5IPYpmsovQh5OWzvsmlT2nzkDGfO2Q8gwP3Xw==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 22:15:45 GMT
age: 48581
etag: "130b6f6d592f3ab052015656653a1b3ac259599d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22cc3f55-9811-4ec2-a57e-a3e71a3f0554.jpeg
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22cc3f55-9811-4ec2-a57e-a3e71a3f0554.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ea24bcba583bd8bd139559448a343e68
b9d37c2b14f890d41983a59f352e8f7caa9c94bb
e5ef5975eec964ae1684deb424f00833f2d217bdc7e6c385320ed3adeb6bc1c4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22cc3f55-9811-4ec2-a57e-a3e71a3f0554.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7585
x-amzn-requestid: bfb52acb-e0d7-482d-8be9-be5db1c16cac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_vkE5roAMF0Hw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d44663-2d38d314177e0ac40d4c8240;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:47:15 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: K9YWM9eaEc1DQ6wtEEuADnG1U-ahRBXDaiHIAm20dkWMOxPWBlJidw==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 22:46:13 GMT
age: 46753
etag: "b9d37c2b14f890d41983a59f352e8f7caa9c94bb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f884785-3b60-4d1a-b7b9-f58e73d6d819.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f884785-3b60-4d1a-b7b9-f58e73d6d819.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b4afa01d2ffe17f8378e4c0b5afd4608
f5c7e2137efa07a207427a6b6fe1df541f85ea25
84fc0c05d25d674b5594b54720017332b86d391f66c7136d76cfce3e884e8e12
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f884785-3b60-4d1a-b7b9-f58e73d6d819.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13375
x-amzn-requestid: 372fcbe8-85a1-4be2-a006-31fb9289c5e9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa-CxF6BoAMFyGg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d443ab-4b9860545c612cc416cbe599;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:35:39 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: otEuPlfCL7DeVwGZiGJuMjxjVyGdMwxPWeCz5T_mpXboi-oRujKhBw==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:48:58 GMT
age: 50188
etag: "f5c7e2137efa07a207427a6b6fe1df541f85ea25"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202301170101/reactive_library_fy2021.js?bust=31071931
142.250.74.130200 OK 52 kB URL HTTP/2 pagead2.googlesyndication.com/pagead/managed/js/adsense/m202301170101/reactive_library_fy2021.js?bust=31071931
IP 142.250.74.130:0
File type ASCII text, with very long lines (3642)
Hash b5efb042c883d4b5cf27e3dc00c6536f
9385bcf53478f86dca2dcd3275640483c2826e10
59892ad270c8bb2470d9896750262b0a671decaee44d3a30d5e9da47ba32ce49
GET /pagead/managed/js/adsense/m202301170101/reactive_library_fy2021.js?bust=31071931 HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sfile.mobi/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sat, 28 Jan 2023 11:45:26 GMT
expires: Sat, 28 Jan 2023 11:45:26 GMT
cache-control: private, max-age=1209600
content-type: text/javascript; charset=UTF-8
etag: 2258530557130928129
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 52190
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 7da8f9a23d8c05f64f248e4e3427c76e
e2d001c2909cd9403173cbb0e288d55fbc8e4d0a
db8790004124a0eeb0676860170ad9c37250b2ba697a27dee62c99b64c67b4b8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 11:45:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 7da8f9a23d8c05f64f248e4e3427c76e
e2d001c2909cd9403173cbb0e288d55fbc8e4d0a
db8790004124a0eeb0676860170ad9c37250b2ba697a27dee62c99b64c67b4b8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 11:45:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 17504951994384b5dfa3387f5e8b684f
d76ab271cbc580a05222ec155fbc0e82545ae97c
f7e09c196a20bed2d1c1f6fada5eb982e04880a2f1c8c24d7fdce87e46152c3d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 11:45:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 17504951994384b5dfa3387f5e8b684f
d76ab271cbc580a05222ec155fbc0e82545ae97c
f7e09c196a20bed2d1c1f6fada5eb982e04880a2f1c8c24d7fdce87e46152c3d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 11:45:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
pagead2.googlesyndication.com/pagead/js/dv3.js
142.250.74.130200 OK 27 kB URL HTTP/2 pagead2.googlesyndication.com/pagead/js/dv3.js
IP 142.250.74.130:0
File type ASCII text, with very long lines (2097)
Hash 8a28e64749071e59eb63574a46c3cd52
ae93a882fe7de22d8445409ec7bd033340ed04d8
b74a8a34a9fa56407f411ef3f041339997c867be4493e7fade037d65f935edee
GET /pagead/js/dv3.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sat, 28 Jan 2023 11:45:27 GMT
expires: Sat, 28 Jan 2023 11:45:27 GMT
cache-control: private, max-age=600
content-type: text/javascript; charset=UTF-8
etag: 10506132538256102613
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 27384
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 17504951994384b5dfa3387f5e8b684f
d76ab271cbc580a05222ec155fbc0e82545ae97c
f7e09c196a20bed2d1c1f6fada5eb982e04880a2f1c8c24d7fdce87e46152c3d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 11:45:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
sfile.mobi/img/Sfile-Logo.svg
104.26.4.191200 OK 11 kB URL HTTP/2 sfile.mobi/img/Sfile-Logo.svg
IP 104.26.4.191:0
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (831)
Hash db8671f932a8578ebd4ab99df996895f
ff91cf7ec5fd5c893c46e72e5134897a76cc9028
61dcfc870d01f56a1be41ca872b92de031fca1734006e59055c79b9d8c0b120c
Analyzer Verdict Alert fortinet Malware
GET /img/Sfile-Logo.svg HTTP/1.1
Host: sfile.mobi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sfile.mobi/DdcUkwKlO07
Cookie: PHPSESSID=2c08mhlomrp9q1o17gd44bqorb
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 11:45:25 GMT
content-type: image/svg+xml
last-modified: Mon, 05 Oct 2020 09:51:24 GMT
etag: W/"15b1-5b0e96cdf5f00-gzip"
cache-control: max-age=604800
expires: Sat, 04 Feb 2023 02:26:34 GMT
vary: Accept-Encoding,User-Agent
x-frame-options: DENY
cf-cache-status: HIT
age: 33531
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qdlnuHRGo%2BCFIkfR3LwcWF3fjQ6%2FPMKDxb3nboGeXiuFeAlQFdAfATel5x1LJnxdmKBhgkh7UbU%2FQ6Oo%2BWZjYLaTJa2Zj1dS6sEGgx2mNnUAaXlykskSjmkBH6w%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79097b55ddc80b51-OSL
content-encoding: br
X-Firefox-Spdy: h2
tpc.googlesyndication.com/pagead/js/r20230124/r20110914/elements/html/interstitial_ad_frame_fy2021.js
216.58.207.193200 OK 8.2 kB URL HTTP/2 tpc.googlesyndication.com/pagead/js/r20230124/r20110914/elements/html/interstitial_ad_frame_fy2021.js
IP 216.58.207.193:0
File type ASCII text, with very long lines (2256)
Hash 836ec93411a2fe5be80da9529bd4311b
d6775e2f91e6b97c0ae0219b893f9756bf113ded
7bcd6a3c780093b5baf75974ba43ddd38d9a81e0e24eaa675318a59e20479212
GET /pagead/js/r20230124/r20110914/elements/html/interstitial_ad_frame_fy2021.js HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 8242
x-xss-protection: 0
date: Fri, 27 Jan 2023 21:10:34 GMT
expires: Fri, 10 Feb 2023 21:10:34 GMT
cache-control: public, max-age=1209600
age: 52493
etag: 13932103368176740555
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
tpc.googlesyndication.com/pagead/js/r20230124/r20110914/client/qs_click_protection_fy2021.js
216.58.207.193200 OK 7.5 kB URL HTTP/2 tpc.googlesyndication.com/pagead/js/r20230124/r20110914/client/qs_click_protection_fy2021.js
IP 216.58.207.193:0
File type ASCII text, with very long lines (1506)
Hash c8e19ab58d75eb01fd735f016f55201f
e3d257ad917d19ae463c29907f36e31e856cad37
52207b7bc66270e84d6bb6c05c6d5a2d2b0d511138073a3d3fe15d7c08119932
GET /pagead/js/r20230124/r20110914/client/qs_click_protection_fy2021.js HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 7523
x-xss-protection: 0
date: Fri, 27 Jan 2023 20:39:56 GMT
expires: Fri, 10 Feb 2023 20:39:56 GMT
cache-control: public, max-age=1209600
age: 54331
etag: 641023367890010850
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 7da8f9a23d8c05f64f248e4e3427c76e
e2d001c2909cd9403173cbb0e288d55fbc8e4d0a
db8790004124a0eeb0676860170ad9c37250b2ba697a27dee62c99b64c67b4b8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 11:45:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.doubleverify.com/dvbs_src.js?ctx=1828362&cmp=115750&plc=5182811&sid=18330&dvregion=0&unit=728x90&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&prr=1&DVP_DV_CT=1&DVP_PP_IMP_ID=ABAjH0hsFYzBSpHqSQBD4XE3R7_q&DVP_DBM_1=3060631&DVP_DBM_2=24779287&DVP_DBM_3=15170491623&DVP_DBM_4=396449270&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=340867850770&turl=https://sfile.mobi/DdcUkwKlO07&DVP_PP_BUNDLE_ID=
95.101.11.123200 OK 1.9 kB URL HTTP/1.1 cdn.doubleverify.com/dvbs_src.js?ctx=1828362&cmp=115750&plc=5182811&sid=18330&dvregion=0&unit=728x90&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&prr=1&DVP_DV_CT=1&DVP_PP_IMP_ID=ABAjH0hsFYzBSpHqSQBD4XE3R7_q&DVP_DBM_1=3060631&DVP_DBM_2=24779287&DVP_DBM_3=15170491623&DVP_DBM_4=396449270&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=340867850770&turl=https://sfile.mobi/DdcUkwKlO07&DVP_PP_BUNDLE_ID=
IP 95.101.11.123:0
ASN #20940 Akamai International B.V.
File type HTML document, ASCII text, with very long lines (536)
Hash 87b6182d03ee779aa68e37632f67656e
fac511e36df5215ae95ad7d03c4984e5ffcb7f6e
e189eb8fb761166a6d657a8dbea2c5d73e224e565716f36406ec7f7b68cd78c7
GET /dvbs_src.js?ctx=1828362&cmp=115750&plc=5182811&sid=18330&dvregion=0&unit=728x90&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&prr=1&DVP_DV_CT=1&DVP_PP_IMP_ID=ABAjH0hsFYzBSpHqSQBD4XE3R7_q&DVP_DBM_1=3060631&DVP_DBM_2=24779287&DVP_DBM_3=15170491623&DVP_DBM_4=396449270&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=340867850770&turl=https://sfile.mobi/DdcUkwKlO07&DVP_PP_BUNDLE_ID= HTTP/1.1
Host: cdn.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
X-GUploader-UploadID: ADPycds6p1jm1dM37ZrGE7degj1PHtVHSCOhkWg3tNxtDa8jls04Qf_pWilJX59SK2PF90mCXMWOvLDiSS4yJ4B9Ex0-uw
Cache-Control: max-age=86400
Expires: Wed, 18 Jan 2023 15:48:02 GMT
Last-Modified: Tue, 10 Jan 2023 11:02:09 GMT
ETag: "87b6182d03ee779aa68e37632f67656e"
x-goog-generation: 1673348529482061
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 1922
x-goog-meta-pipeline-id: 742670731
x-goog-meta-previous-generation-number: 1673253614982549
Content-Type: application/javascript
x-goog-hash: crc32c=lOOx4w==, md5=h7YYLQPud5qmjjdjL2dlbg==
x-goog-storage-class: STANDARD
Accept-Ranges: bytes
Content-Length: 1922
Server: UploadServer
Date: Sat, 28 Jan 2023 11:45:27 GMT
Connection: keep-alive
cdn.doubleverify.com/dvtp_src.js?ctx=3397726&cmp=3398513&sid=pp3&plc=33985131&advid=3398311&adsrv=0&btreg=&btadsrv=&tagtype=&dvtagver=6.1.src&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&DVP_DV_CT=1&DVPX_PP_IMP_ID=ABAjH0hsFYzBSpHqSQBD4XE3R7_q&DVP_DBM_1=3060631&DVP_DBM_2=24779287&DVP_DBM_3=15170491623&DVP_DBM_4=396449270&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=340867850770&turl=https://sfile.mobi/DdcUkwKlO07&DVP_PP_BUNDLE_ID=
95.101.11.123200 OK 3.3 kB URL HTTP/1.1 cdn.doubleverify.com/dvtp_src.js?ctx=3397726&cmp=3398513&sid=pp3&plc=33985131&advid=3398311&adsrv=0&btreg=&btadsrv=&tagtype=&dvtagver=6.1.src&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&DVP_DV_CT=1&DVPX_PP_IMP_ID=ABAjH0hsFYzBSpHqSQBD4XE3R7_q&DVP_DBM_1=3060631&DVP_DBM_2=24779287&DVP_DBM_3=15170491623&DVP_DBM_4=396449270&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=340867850770&turl=https://sfile.mobi/DdcUkwKlO07&DVP_PP_BUNDLE_ID=
IP 95.101.11.123:0
ASN #20940 Akamai International B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (8016)
Hash c130b6fbb443e8aedc3088d6e002cb18
993b47a1da2bfb78ef33b7fce7d2a8ef034033da
b37b66a9b9a7b0f362460c1efb62f50e14052b9f374654a94d85b4261e7111a4
GET /dvtp_src.js?ctx=3397726&cmp=3398513&sid=pp3&plc=33985131&advid=3398311&adsrv=0&btreg=&btadsrv=&tagtype=&dvtagver=6.1.src&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&DVP_DV_CT=1&DVPX_PP_IMP_ID=ABAjH0hsFYzBSpHqSQBD4XE3R7_q&DVP_DBM_1=3060631&DVP_DBM_2=24779287&DVP_DBM_3=15170491623&DVP_DBM_4=396449270&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=340867850770&turl=https://sfile.mobi/DdcUkwKlO07&DVP_PP_BUNDLE_ID= HTTP/1.1
Host: cdn.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=900
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Tue, 24 Jan 2023 16:47:29 GMT
Accept-Ranges: bytes
ETag: "80a6ac8b1330d91:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Content-Length: 3337
Date: Sat, 28 Jan 2023 11:45:27 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash cbe94bc7052911313fffd1cdad964a74
a96a6606f1d20baeeb4040c9ced3ba2f7bd1aada
430d90ac0a39038dbb5336cf29baf6786ac29491c5a8e4dcce04e93d9fceb5e1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 11:45:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash cbe94bc7052911313fffd1cdad964a74
a96a6606f1d20baeeb4040c9ced3ba2f7bd1aada
430d90ac0a39038dbb5336cf29baf6786ac29491c5a8e4dcce04e93d9fceb5e1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 11:45:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png
142.250.74.35200 OK 205 B URL HTTP/2 www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png
IP 142.250.74.35:0
File type PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced\012- data
Hash 4087858e2c9db9aa8f6a840aedcfb533
d1ffe861da6bd0e95fd1a365b0c3d3ceb6cd58a3
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
GET /images/icons/material/system/2x/feedback_grey600_24dp.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Origin
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 205
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 28 Jan 2023 06:50:06 GMT
expires: Sun, 28 Jan 2024 06:50:06 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
content-type: image/png
age: 17721
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png
142.250.74.35200 OK 604 B URL HTTP/2 www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png
IP 142.250.74.35:0
File type PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced\012- data
Hash 7bd42e5a35b5fb3ff852d6ea9191ca83
8a141eb392a05a2dea3dcd83b97940ef70a81ebc
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
GET /images/icons/material/system/2x/settings_grey600_24dp.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Origin
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 604
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 25 Jan 2023 13:30:57 GMT
expires: Thu, 25 Jan 2024 13:30:57 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
content-type: image/png
age: 252870
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash cbe94bc7052911313fffd1cdad964a74
a96a6606f1d20baeeb4040c9ced3ba2f7bd1aada
430d90ac0a39038dbb5336cf29baf6786ac29491c5a8e4dcce04e93d9fceb5e1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 11:45:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.doubleverify.com/dvbs_src_internal117.js
95.101.11.123200 OK 19 kB URL HTTP/1.1 cdn.doubleverify.com/dvbs_src_internal117.js
IP 95.101.11.123:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (2636), with CRLF, LF line terminators
Hash cf93b15de9d1c76c1bc6fdaee5382496
26e52f0a242bff375cc54d8d33a1a416d89e2813
c290ae68279e0685c13650d1534a0cd86997420399bb67288046e61b13defb53
GET /dvbs_src_internal117.js HTTP/1.1
Host: cdn.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=946080000
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Tue, 10 Jan 2023 11:00:18 GMT
Accept-Ranges: bytes
ETag: "0cda5b9e224d91:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Content-Length: 18840
Date: Sat, 28 Jan 2023 11:45:27 GMT
Connection: keep-alive
pagead2.googlesyndication.com/bg/V3SsRWZOfA-pKEWNVYsb3GaVjAUiaK0X1iPK6a1PXlU.js
142.250.74.130200 OK 14 kB URL HTTP/2 pagead2.googlesyndication.com/bg/V3SsRWZOfA-pKEWNVYsb3GaVjAUiaK0X1iPK6a1PXlU.js
IP 142.250.74.130:0
File type ASCII text, with very long lines (35919)
Hash 9c4d98a05d87a2f96a5fdf4e1d245e31
b18eefe1c4140845b80225411f631f959831ce20
f36daa66f69510ecf68327c96697ff61c7fdfd052501b5d04483e02d5bd7251a
GET /bg/V3SsRWZOfA-pKEWNVYsb3GaVjAUiaK0X1iPK6a1PXlU.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-length: 14206
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 26 Jan 2023 05:06:00 GMT
expires: Fri, 26 Jan 2024 05:06:00 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 19 Jan 2023 11:48:00 GMT
content-type: text/javascript
age: 196767
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
encrypted-tbn1.gstatic.com/shopping?q=tbn:ANd9GcROaCgYuOEwhGHGz-p3oI4_bZUOKN9clbc8qoW8McLC2ybbcW1UDnDqE9ZmugQ&usqp=CAI
142.250.74.46200 OK 13 kB URL HTTP/2 encrypted-tbn1.gstatic.com/shopping?q=tbn:ANd9GcROaCgYuOEwhGHGz-p3oI4_bZUOKN9clbc8qoW8McLC2ybbcW1UDnDqE9ZmugQ&usqp=CAI
IP 142.250.74.46:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 820x699, components 3\012- data
Hash 82bedb104fa59f1f22f3dd8dd3e58a9e
2882f2ba322a37d6e56ff06e5d66cd711c5f0e88
438ea45825ac5dd6f78157cc9e7ace7c69ae0cb1d4cb5b8e9e188723e83f7e61
GET /shopping?q=tbn:ANd9GcROaCgYuOEwhGHGz-p3oI4_bZUOKN9clbc8qoW8McLC2ybbcW1UDnDqE9ZmugQ&usqp=CAI HTTP/1.1
Host: encrypted-tbn1.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-length: 13046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 26 Jan 2023 19:56:17 GMT
expires: Fri, 26 Jan 2024 19:56:17 GMT
cache-control: public, max-age=31536000
last-modified: Sat, 10 Dec 2022 09:33:46 GMT
content-type: image/jpeg
age: 143350
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
encrypted-tbn1.gstatic.com/shopping?q=tbn:ANd9GcTGl30_EL2CcgRueoAEXg1vzYI0LWkZ506sgADCxzyqZgud0Gao&usqp=CAI
142.250.74.46200 OK 9.8 kB URL HTTP/2 encrypted-tbn1.gstatic.com/shopping?q=tbn:ANd9GcTGl30_EL2CcgRueoAEXg1vzYI0LWkZ506sgADCxzyqZgud0Gao&usqp=CAI
IP 142.250.74.46:0
File type PNG image data, 1200 x 600, 8-bit colormap, non-interlaced\012- data
Hash 8015aef4be1b2604586606a79f0eecca
19d0db1ddbbe7f61608c792ff37c3b33671a15a4
fcbbdeca1b77bf2dac62d02509832dc0173fc515b3029c08fe426e957646b8bd
GET /shopping?q=tbn:ANd9GcTGl30_EL2CcgRueoAEXg1vzYI0LWkZ506sgADCxzyqZgud0Gao&usqp=CAI HTTP/1.1
Host: encrypted-tbn1.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-length: 9829
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 28 Jan 2023 09:43:55 GMT
expires: Sun, 28 Jan 2024 09:43:55 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 08 Nov 2021 15:12:09 GMT
content-type: image/png
age: 7292
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
encrypted-tbn0.gstatic.com/shopping?q=tbn:ANd9GcT99RBIuvxghe70jPVNzArryTz_sqO39b91LY0jSd8o5YvS0-5eX2-ztmuc6Q&usqp=CAI
142.250.74.174200 OK 15 kB URL HTTP/2 encrypted-tbn0.gstatic.com/shopping?q=tbn:ANd9GcT99RBIuvxghe70jPVNzArryTz_sqO39b91LY0jSd8o5YvS0-5eX2-ztmuc6Q&usqp=CAI
IP 142.250.74.174:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1100x700, components 3\012- data
Hash 412ddadde6d2cbbf419caa4eddbe17e0
11814f023ccd3e842c453def7e8ca013c09c0111
c4e330e124c3d5a903d930fad81b0ef40079d60d264e021d47f3e3bbbbf2c6a1
GET /shopping?q=tbn:ANd9GcT99RBIuvxghe70jPVNzArryTz_sqO39b91LY0jSd8o5YvS0-5eX2-ztmuc6Q&usqp=CAI HTTP/1.1
Host: encrypted-tbn0.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-length: 15328
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 27 Jan 2023 07:03:27 GMT
expires: Sat, 27 Jan 2024 07:03:27 GMT
cache-control: public, max-age=31536000
last-modified: Sat, 10 Dec 2022 03:27:27 GMT
content-type: image/jpeg
age: 103320
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
encrypted-tbn1.gstatic.com/shopping?q=tbn:ANd9GcSmIQFVQbXJGwMaT92db9Nmi1sNrY6Jq_3D926ErC_ve4a_7t5wc-DF85KpXjM&usqp=CAI
142.250.74.46200 OK 14 kB URL HTTP/2 encrypted-tbn1.gstatic.com/shopping?q=tbn:ANd9GcSmIQFVQbXJGwMaT92db9Nmi1sNrY6Jq_3D926ErC_ve4a_7t5wc-DF85KpXjM&usqp=CAI
IP 142.250.74.46:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 857x699, components 3\012- data
Hash f5833a5707ba353edef5a89acde54a19
6030e6d7529f35b71e4bb38b4e15456efc7babf9
3a0c4ec9fe11ff3132edfd34fc3285b77fbed6dd8804f2f711ec4e3d36e17f4a
GET /shopping?q=tbn:ANd9GcSmIQFVQbXJGwMaT92db9Nmi1sNrY6Jq_3D926ErC_ve4a_7t5wc-DF85KpXjM&usqp=CAI HTTP/1.1
Host: encrypted-tbn1.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-length: 14135
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 27 Jan 2023 03:48:38 GMT
expires: Sat, 27 Jan 2024 03:48:38 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 02 Jan 2023 08:31:51 GMT
content-type: image/jpeg
age: 115009
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
encrypted-tbn0.gstatic.com/shopping?q=tbn:ANd9GcRrzXNHS0TQ-rTePQ13qG6OqOdrtlW_9381dvvxGGbbqZ8FpZEOvStDM-TvBw&usqp=CAI
142.250.74.174200 OK 24 kB URL HTTP/2 encrypted-tbn0.gstatic.com/shopping?q=tbn:ANd9GcRrzXNHS0TQ-rTePQ13qG6OqOdrtlW_9381dvvxGGbbqZ8FpZEOvStDM-TvBw&usqp=CAI
IP 142.250.74.174:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 850x850, components 3\012- data
Hash 4d77aeb4447b4659bd90221a18715222
1277887302790b56f3fb95c298f32a6f6ab5ba35
2eb3ac797141ed036cf2052f9ef50f0157d733d50f7356456fd302e0d9400b4b
GET /shopping?q=tbn:ANd9GcRrzXNHS0TQ-rTePQ13qG6OqOdrtlW_9381dvvxGGbbqZ8FpZEOvStDM-TvBw&usqp=CAI HTTP/1.1
Host: encrypted-tbn0.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-length: 24051
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 27 Jan 2023 05:39:52 GMT
expires: Sat, 27 Jan 2024 05:39:52 GMT
cache-control: public, max-age=31536000
last-modified: Fri, 27 May 2022 20:07:00 GMT
content-type: image/jpeg
age: 108335
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/googlesansdisplay/v21/ea8FacM9Wef3EJPWRrHjgE4B6CnlZxHVDv79oQ.woff2
216.58.207.227200 OK 21 kB URL HTTP/2 fonts.gstatic.com/s/googlesansdisplay/v21/ea8FacM9Wef3EJPWRrHjgE4B6CnlZxHVDv79oQ.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 20784, version 1.0\012- data
Hash e11c810c086df83c0876dd59ed32ebcb
b89fe2ed6d016f81af13b35797ad2b0e2e5c6822
acc5497e76f832d950d14fcfa047dc3c864f7a0aae4c7a20521c0c655a53033b
GET /s/googlesansdisplay/v21/ea8FacM9Wef3EJPWRrHjgE4B6CnlZxHVDv79oQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://googleads.g.doubleclick.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 20784
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 25 Jan 2023 14:34:41 GMT
expires: Thu, 25 Jan 2024 14:34:41 GMT
cache-control: public, max-age=31536000
age: 249046
last-modified: Tue, 19 Apr 2022 19:21:31 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
216.58.207.227200 OK 28 kB URL HTTP/2 fonts.gstatic.com/s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 28288, version 1.0\012- data
Hash 53b5e785dfdca21fa7adf7119fa1f8cc
a3a86dfd216ad29183ba5493ae39d45b62f9d8b8
4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08
GET /s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://googleads.g.doubleclick.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 28288
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 26 Jan 2023 14:34:21 GMT
expires: Fri, 26 Jan 2024 14:34:21 GMT
cache-control: public, max-age=31536000
age: 162666
last-modified: Wed, 01 Jun 2022 19:05:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.starfieldtech.com/
192.124.249.36200 OK 1.8 kB IP 192.124.249.36:0
Hash 5fcfa57252f62fc373f057a85a8e3fda
96623f3f223d893a657787a535662bb2286aa885
1e4a25b9ddd7c8f0378fb7ddea22e6c428dac1fe4c34a17d317686f20f0ec103
POST / HTTP/1.1
Host: ocsp.starfieldtech.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sat, 28 Jan 2023 11:45:27 GMT
Content-Type: application/ocsp-response
Content-Length: 1845
Connection: keep-alive
X-Sucuri-ID: 19036
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Fri, 27 Jan 2023 20:40:17 GMT
Expires: Sat, 28 Jan 2023 20:40:17 GMT
ETag: "96623f3f223d893a657787a535662bb2286aa885"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
rtb0.doubleverify.com/verify.js?flvr=0&jsCallback=__verify_callback_337831986690&jsTagObjCallback=__tagObject_callback_337831986690&num=6&ctx=1828362&cmp=115750&plc=5182811&sid=18330&advid=&adsrv=&unit=728x90&isdvvid=&uid=337831986690&tagtype=&adID=&app=&sup=&isovv=0&gmnpo=&crt=&nav_pltfrm=Linux%20x86_64&dvp_strhd=1.00&dvpx_strhd=1.00&brid=0&brver=&bridua=2&dup=null&turl=https://sfile.mobi/DdcUkwKlO07&chro=0&hist=1&winh=90&winw=728&wouh=1024&wouw=1280&scah=1002&scaw=1280&srcurlD=0&ssl=1&refD=2&htmlmsging=1&tstype=128&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&DVP_DV_CT=1&DVP_PP_IMP_ID=ABAjH0hsFYzBSpHqSQBD4XE3R7_q&DVP_DBM_1=3060631&DVP_DBM_2=24779287&DVP_DBM_3=15170491623&DVP_DBM_4=396449270&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=340867850770&DVP_PP_BUNDLE_ID=&prr=1&aUrlD=-1&m1=13&noc=16&fcifrms=6&brh=1&vavbkt=&lvvn=28&dvp_idcerr=undefined&ver=165&eparams=DC4FC%3Dl9EEADTbpTauTauD7%3A%3D6%5D%3E%403%3ATauU2%26C%3Dl9EEADTbpTauTauD7%3A%3D6%5D%3E%403%3ATaus54%26%3CHz%3D~_f&dvp_exetime=11.00&callbackName=__verify_callback_337831986690
34.149.12.213200 OK 265 B URL HTTP/1.1 rtb0.doubleverify.com/verify.js?flvr=0&jsCallback=__verify_callback_337831986690&jsTagObjCallback=__tagObject_callback_337831986690&num=6&ctx=1828362&cmp=115750&plc=5182811&sid=18330&advid=&adsrv=&unit=728x90&isdvvid=&uid=337831986690&tagtype=&adID=&app=&sup=&isovv=0&gmnpo=&crt=&nav_pltfrm=Linux%20x86_64&dvp_strhd=1.00&dvpx_strhd=1.00&brid=0&brver=&bridua=2&dup=null&turl=https://sfile.mobi/DdcUkwKlO07&chro=0&hist=1&winh=90&winw=728&wouh=1024&wouw=1280&scah=1002&scaw=1280&srcurlD=0&ssl=1&refD=2&htmlmsging=1&tstype=128&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&DVP_DV_CT=1&DVP_PP_IMP_ID=ABAjH0hsFYzBSpHqSQBD4XE3R7_q&DVP_DBM_1=3060631&DVP_DBM_2=24779287&DVP_DBM_3=15170491623&DVP_DBM_4=396449270&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=340867850770&DVP_PP_BUNDLE_ID=&prr=1&aUrlD=-1&m1=13&noc=16&fcifrms=6&brh=1&vavbkt=&lvvn=28&dvp_idcerr=undefined&ver=165&eparams=DC4FC%3Dl9EEADTbpTauTauD7%3A%3D6%5D%3E%403%3ATauU2%26C%3Dl9EEADTbpTauTauD7%3A%3D6%5D%3E%403%3ATaus54%26%3CHz%3D~_f&dvp_exetime=11.00&callbackName=__verify_callback_337831986690
IP 34.149.12.213:0
Hash 8114f2996d832f59340c621f5bd5bafc
374cea57fc090ebdb17ab58daac89621c2eb02ce
bf2ae3ff2858e6c8189d60ffb98150fe31b9964053ae2efc317493ce2d8f7c2b
GET /verify.js?flvr=0&jsCallback=__verify_callback_337831986690&jsTagObjCallback=__tagObject_callback_337831986690&num=6&ctx=1828362&cmp=115750&plc=5182811&sid=18330&advid=&adsrv=&unit=728x90&isdvvid=&uid=337831986690&tagtype=&adID=&app=&sup=&isovv=0&gmnpo=&crt=&nav_pltfrm=Linux%20x86_64&dvp_strhd=1.00&dvpx_strhd=1.00&brid=0&brver=&bridua=2&dup=null&turl=https://sfile.mobi/DdcUkwKlO07&chro=0&hist=1&winh=90&winw=728&wouh=1024&wouw=1280&scah=1002&scaw=1280&srcurlD=0&ssl=1&refD=2&htmlmsging=1&tstype=128&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&DVP_DV_CT=1&DVP_PP_IMP_ID=ABAjH0hsFYzBSpHqSQBD4XE3R7_q&DVP_DBM_1=3060631&DVP_DBM_2=24779287&DVP_DBM_3=15170491623&DVP_DBM_4=396449270&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=340867850770&DVP_PP_BUNDLE_ID=&prr=1&aUrlD=-1&m1=13&noc=16&fcifrms=6&brh=1&vavbkt=&lvvn=28&dvp_idcerr=undefined&ver=165&eparams=DC4FC%3Dl9EEADTbpTauTauD7%3A%3D6%5D%3E%403%3ATauU2%26C%3Dl9EEADTbpTauTauD7%3A%3D6%5D%3E%403%3ATaus54%26%3CHz%3D~_f&dvp_exetime=11.00&callbackName=__verify_callback_337831986690 HTTP/1.1
Host: rtb0.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 11:45:27 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=0
Content-Encoding: br
Expires: 01/27/2023 11:45:27
Pragma: no-cache
Vary: Accept-Encoding
X-DV-Response: 0
cdn.doubleverify.com/dv-measurements3438.js
95.101.11.123200 OK 109 kB URL HTTP/1.1 cdn.doubleverify.com/dv-measurements3438.js
IP 95.101.11.123:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Size 109 kB (109055 bytes)
Hash 9d818853909334b5c8790966cd9db9b4
99745be6a2f1e709fb5e9af2609585a72d0f75b0
45824500b50b592cd7918071004b4422b98bd45b3737dad87f0da61334d41feb
GET /dv-measurements3438.js HTTP/1.1
Host: cdn.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=946080900
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Mon, 23 Jan 2023 08:55:06 GMT
Accept-Ranges: bytes
ETag: "051846382fd91:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Content-Length: 109055
Date: Sat, 28 Jan 2023 11:45:28 GMT
Connection: keep-alive
pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=4723817237366814292&x=1&ct=77
142.250.74.130204 No Content 0 B URL HTTP/2 pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=4723817237366814292&x=1&ct=77
IP 142.250.74.130:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pagead/gen_204?id=dv3-render&msg=fetch&cor=4723817237366814292&x=1&ct=77 HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 28 Jan 2023 11:45:28 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=9866860975181&version=m202209210101
142.250.74.130204 No Content 0 B URL HTTP/2 pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=9866860975181&version=m202209210101
IP 142.250.74.130:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pagead/gen_204?id=dv3-render&msg=running&ord=9866860975181&version=m202209210101 HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 28 Jan 2023 11:45:28 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=9866860975181&version=m202209210101&ct=77&x=1&cor=4723817237366815000
142.250.74.130204 No Content 0 B URL HTTP/2 pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=9866860975181&version=m202209210101&ct=77&x=1&cor=4723817237366815000
IP 142.250.74.130:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pagead/gen_204?id=dv3-render&msg=tlbr&ord=9866860975181&version=m202209210101&ct=77&x=1&cor=4723817237366815000 HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 28 Jan 2023 11:45:28 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AQ_Qy0A-FYm8FWi6Yf9hwoNhX3Bt4q5RP1O94t9ImFayleZB-7K228V6KewjIqBVVBLIG2teZ9Cfm32xDaZN2XIYrdd2r3CRWxvgEqxXF3F20J4_8
142.250.74.130200 OK 42 B URL HTTP/2 pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AQ_Qy0A-FYm8FWi6Yf9hwoNhX3Bt4q5RP1O94t9ImFayleZB-7K228V6KewjIqBVVBLIG2teZ9Cfm32xDaZN2XIYrdd2r3CRWxvgEqxXF3F20J4_8
IP 142.250.74.130:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/gen_204?id=xbid&dbm_b=AKAmf-AQ_Qy0A-FYm8FWi6Yf9hwoNhX3Bt4q5RP1O94t9ImFayleZB-7K228V6KewjIqBVVBLIG2teZ9Cfm32xDaZN2XIYrdd2r3CRWxvgEqxXF3F20J4_8 HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 28 Jan 2023 11:45:28 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
servedby.flashtalking.com/imp/8/115750;5182811;201;jsappend;DV360;DV360FY20AcrobatCTXCustomAffinityBlendedNODSKBAN728x90/?ftOBA=1&ft_agentEnv=0&ft_referrer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20230124%2Fr20110914%2Fzrt_lookup.html%3Ffsb%3D1%23RS-1-%26adk%3D1812271801%26client%3Dca-pub-8624516704918086%26fa%3D1%26ifi%3D5%26uci%3Da!5%26btvi%3D1%26xpc%3Dtbz3pZJZ6w%26p%3Dhttps%253A%2F%2Fsfile.mobi&us_privacy=${US_PRIVACY}&cachebuster=847769.5720782029&ft_dv=%5B%25ft_dv%25%5D
2.23.132.54200 OK 908 B URL HTTP/1.1 servedby.flashtalking.com/imp/8/115750;5182811;201;jsappend;DV360;DV360FY20AcrobatCTXCustomAffinityBlendedNODSKBAN728x90/?ftOBA=1&ft_agentEnv=0&ft_referrer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20230124%2Fr20110914%2Fzrt_lookup.html%3Ffsb%3D1%23RS-1-%26adk%3D1812271801%26client%3Dca-pub-8624516704918086%26fa%3D1%26ifi%3D5%26uci%3Da!5%26btvi%3D1%26xpc%3Dtbz3pZJZ6w%26p%3Dhttps%253A%2F%2Fsfile.mobi&us_privacy=${US_PRIVACY}&cachebuster=847769.5720782029&ft_dv=%5B%25ft_dv%25%5D
IP 2.23.132.54:0
ASN #1299 Telia Company AB
File type ASCII text, with very long lines (402), with CRLF, CR, LF line terminators
Hash 36db563f97de9f69ad7d90a8b3792ed4
bffa7b0137922c73be30adddfdef9f0c344d9608
55e65a981bd6ccbe3943196d2c3f27fdf1edc7c82c86ec74b5728b01bfa1f04e
GET /imp/8/115750;5182811;201;jsappend;DV360;DV360FY20AcrobatCTXCustomAffinityBlendedNODSKBAN728x90/?ftOBA=1&ft_agentEnv=0&ft_referrer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20230124%2Fr20110914%2Fzrt_lookup.html%3Ffsb%3D1%23RS-1-%26adk%3D1812271801%26client%3Dca-pub-8624516704918086%26fa%3D1%26ifi%3D5%26uci%3Da!5%26btvi%3D1%26xpc%3Dtbz3pZJZ6w%26p%3Dhttps%253A%2F%2Fsfile.mobi&us_privacy=${US_PRIVACY}&cachebuster=847769.5720782029&ft_dv=%5B%25ft_dv%25%5D HTTP/1.1
Host: servedby.flashtalking.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/javascript;charset=ISO-8859-1
Server: prod-xre-app12.frk11
Vary: Accept-Encoding
Content-Encoding: gzip
Expires: Sat, 28 Jan 2023 11:45:28 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 28 Jan 2023 11:45:28 GMT
Content-Length: 908
Connection: keep-alive
Strict-Transport-Security: max-age=86400
cdn.flashtalking.com/xre/518/5182811/3801681/js/j-5182811-3801681.js
23.38.200.44200 OK 15 kB URL HTTP/1.1 cdn.flashtalking.com/xre/518/5182811/3801681/js/j-5182811-3801681.js
IP 23.38.200.44:0
File type ASCII text, with very long lines (2897), with CRLF, CR, LF line terminators
Hash 7dd168286e0511daf8d992c91f484f83
bc3266fb65c412f299731eab222e2b59c0434bd8
4c798b6fae0670f6be0e2ba45d34bbd2194249a17d37beb1e7d99702eb51f8ce
GET /xre/518/5182811/3801681/js/j-5182811-3801681.js HTTP/1.1
Host: cdn.flashtalking.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Last-Modified: Wed, 05 Oct 2022 10:58:21 GMT
Content-Type: text/javascript; charset=utf-8
ETag: W/"f775f77073a3b9f83b812757b1a3a925"
X-Varnish: 439498034
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=1114
Expires: Sat, 28 Jan 2023 12:04:02 GMT
Date: Sat, 28 Jan 2023 11:45:28 GMT
Content-Length: 15216
Connection: keep-alive
Server: Flashtalking (AKA)
cdn.doubleverify.com/dvtp_src.js?ctx=1828362&cmp=115750&sid=18330&plc=5182811&num=&adid=&advid=&adsrv=29&btreg=5182811&btadsrv=flashtalking&crt=3801681&crtname=&chnl=&unit=&pid=&uid=&dvtagver=6.1.src&dvp_ftimpid=2A5FACBD-7A26-E404-8396-06C4B3AA9254&auevent=&283181428
95.101.11.123200 OK 3.3 kB URL HTTP/1.1 cdn.doubleverify.com/dvtp_src.js?ctx=1828362&cmp=115750&sid=18330&plc=5182811&num=&adid=&advid=&adsrv=29&btreg=5182811&btadsrv=flashtalking&crt=3801681&crtname=&chnl=&unit=&pid=&uid=&dvtagver=6.1.src&dvp_ftimpid=2A5FACBD-7A26-E404-8396-06C4B3AA9254&auevent=&283181428
IP 95.101.11.123:0
ASN #20940 Akamai International B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (8016)
Hash c130b6fbb443e8aedc3088d6e002cb18
993b47a1da2bfb78ef33b7fce7d2a8ef034033da
b37b66a9b9a7b0f362460c1efb62f50e14052b9f374654a94d85b4261e7111a4
GET /dvtp_src.js?ctx=1828362&cmp=115750&sid=18330&plc=5182811&num=&adid=&advid=&adsrv=29&btreg=5182811&btadsrv=flashtalking&crt=3801681&crtname=&chnl=&unit=&pid=&uid=&dvtagver=6.1.src&dvp_ftimpid=2A5FACBD-7A26-E404-8396-06C4B3AA9254&auevent=&283181428 HTTP/1.1
Host: cdn.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=900
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Tue, 24 Jan 2023 16:47:29 GMT
Accept-Ranges: bytes
ETag: "80a6ac8b1330d91:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Content-Length: 3337
Date: Sat, 28 Jan 2023 11:45:28 GMT
Connection: keep-alive
cdn.flashtalking.com/xre/518/5182811/3801681/image/3801681.gif?878201542
23.38.200.44200 OK 16 kB URL HTTP/1.1 cdn.flashtalking.com/xre/518/5182811/3801681/image/3801681.gif?878201542
IP 23.38.200.44:0
File type JPEG image data, progressive, precision 8, 728x90, components 3\012- data
Hash eb35e98e3926392abf8c605e1d9f4511
8c2909a70d32ff02513f92468723c754ba77672d
2327217d364f6c612041682eb84372d236c121b9eb6cdedb0c5c02013b266f57
GET /xre/518/5182811/3801681/image/3801681.gif?878201542 HTTP/1.1
Host: cdn.flashtalking.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Last-Modified: Wed, 05 Oct 2022 10:58:21 GMT
Content-Type: image/gif
ETag: W/"eb35e98e3926392abf8c605e1d9f4511"
X-Varnish: 721960178
Accept-Ranges: bytes
Content-Length: 15510
Cache-Control: max-age=814
Expires: Sat, 28 Jan 2023 11:59:02 GMT
Date: Sat, 28 Jan 2023 11:45:28 GMT
Connection: keep-alive
Server: Flashtalking (AKA)
secure.flashtalking.com/oba/icon/iconc.png?EDAA_icon=y
23.38.200.44200 OK 1.3 kB URL HTTP/1.1 secure.flashtalking.com/oba/icon/iconc.png?EDAA_icon=y
IP 23.38.200.44:0
File type PNG image data, 19 x 15, 8-bit/color RGBA, non-interlaced\012- data
Hash db320ef6f3c45ab5c90887ef618de2bb
7d4bd175166545ea775fcb69b406eba11f7fa3ec
f75ada33b07cb31e16a0a0d3325961a22dc9526edb49bff04c31d7b7611f7025
GET /oba/icon/iconc.png?EDAA_icon=y HTTP/1.1
Host: secure.flashtalking.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Last-Modified: Sat, 12 Apr 2014 19:14:32 GMT
Content-Type: image/png
ETag: W/"db320ef6f3c45ab5c90887ef618de2bb"
X-Varnish: 440713868 434560932
Accept-Ranges: bytes
Content-Length: 1308
Cache-Control: max-age=2238591
Expires: Thu, 23 Feb 2023 09:35:19 GMT
Date: Sat, 28 Jan 2023 11:45:28 GMT
Connection: keep-alive
Server: Flashtalking (AKA)
pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BziPR1wrVY96mEILQYoP2vCgAAAAAOAHgBAI&bg=!JCelJ2PNAAZSrDxfcqw7ACkAdvg8Wk_qQ4Dr5WyCfVdnMqomr7OuP_6AMTjQjn2Ne7fUmnEPrF345AIAAADYUgAAAARoAQcKAGdujpLnFWrrQMXB0LxZAUXBsneA18bmRvDLEUifNd6rabG0ROyWwDtM1GaxGCasdd3b1Tz1xguKPMhGLcBp6ZHn_rwbtqOEBfqjEKcgS6sTttqkoEl6J67p-EFiIB4nx0ZNOWXBWZ0hmQKGu4bat6ztwPw2kR-oDZgQq0C5gCE87hBDcSKgIbsLp8FPcKg-Ui-VMvL3pnd1nEL40AmVaUtGEKL3EAFHoaPi9MPDyx4ngpRIdhlyPuUwLeljKjD2BRPnBW9lIh6IFB9RhZsLAWzirALb-nyb2zQP4UB_5rKLMHorl2eEfsUN4MvkeQ0Uag98JypsVbmJmGCcZezr2UXl7PqXrARs3G1UQ9Hoci7JI8imDZj-D_TCI6t84SZNUpSPz0ftX5J1ftreX2s-qfYOdo2hjnGexIoOPuPk_ED_CX5H83_K0t7YRS-i7BxhM3_6IZGHcUBvXV1B_-ska9f6pn3FoxcEgFznPEmxa_BEgkNNGcJjLNvPivDbDQTEoVwjI0cG64cWPxxnei7vFgc7VfnxtOQvnBr3FVckgThEPImYSMzCKBkzA3bWaXdo0MUT9QU5FYqkwRDpdz-bAwNzX9rHRj8PlPk07M5YaT4p6tJ2Znrc020_s9HS5u-_ZJrj22lM7quIkNUYSKJ5-RlcWHv7la5twPYPTC3ZIoA8JZ83gukdbLr-CpvosXQbklv4fdhfoM977hSXlTxayBeyN-bELl15v0kmDS_SFK8OEOxJGfRfG2Rb0s_ugJEGfU7CmoImN1S23aXsbUb_XSaGl7BDoctg1o5keirzoFV3D3R9MAnIz9T3he7bnIEgGUFj0XMDHTvBsMSAIO0Bc3RvjBEPLIu6pRgHenCUo-CA4GsVloLGtF1-nr8Wk5IKfFc5Lid2orta_Q2yX8Ivs67H3vringkSpRv3UzqoFTVe3tl9SjJKpG8vNYlOTatsM2ct3B3uG9Lhrn8DA8A3JYDyB7caDV7xkpqKEI-3cDm2PA
142.250.74.130204 No Content 0 B URL HTTP/2 pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BziPR1wrVY96mEILQYoP2vCgAAAAAOAHgBAI&bg=!JCelJ2PNAAZSrDxfcqw7ACkAdvg8Wk_qQ4Dr5WyCfVdnMqomr7OuP_6AMTjQjn2Ne7fUmnEPrF345AIAAADYUgAAAARoAQcKAGdujpLnFWrrQMXB0LxZAUXBsneA18bmRvDLEUifNd6rabG0ROyWwDtM1GaxGCasdd3b1Tz1xguKPMhGLcBp6ZHn_rwbtqOEBfqjEKcgS6sTttqkoEl6J67p-EFiIB4nx0ZNOWXBWZ0hmQKGu4bat6ztwPw2kR-oDZgQq0C5gCE87hBDcSKgIbsLp8FPcKg-Ui-VMvL3pnd1nEL40AmVaUtGEKL3EAFHoaPi9MPDyx4ngpRIdhlyPuUwLeljKjD2BRPnBW9lIh6IFB9RhZsLAWzirALb-nyb2zQP4UB_5rKLMHorl2eEfsUN4MvkeQ0Uag98JypsVbmJmGCcZezr2UXl7PqXrARs3G1UQ9Hoci7JI8imDZj-D_TCI6t84SZNUpSPz0ftX5J1ftreX2s-qfYOdo2hjnGexIoOPuPk_ED_CX5H83_K0t7YRS-i7BxhM3_6IZGHcUBvXV1B_-ska9f6pn3FoxcEgFznPEmxa_BEgkNNGcJjLNvPivDbDQTEoVwjI0cG64cWPxxnei7vFgc7VfnxtOQvnBr3FVckgThEPImYSMzCKBkzA3bWaXdo0MUT9QU5FYqkwRDpdz-bAwNzX9rHRj8PlPk07M5YaT4p6tJ2Znrc020_s9HS5u-_ZJrj22lM7quIkNUYSKJ5-RlcWHv7la5twPYPTC3ZIoA8JZ83gukdbLr-CpvosXQbklv4fdhfoM977hSXlTxayBeyN-bELl15v0kmDS_SFK8OEOxJGfRfG2Rb0s_ugJEGfU7CmoImN1S23aXsbUb_XSaGl7BDoctg1o5keirzoFV3D3R9MAnIz9T3he7bnIEgGUFj0XMDHTvBsMSAIO0Bc3RvjBEPLIu6pRgHenCUo-CA4GsVloLGtF1-nr8Wk5IKfFc5Lid2orta_Q2yX8Ivs67H3vringkSpRv3UzqoFTVe3tl9SjJKpG8vNYlOTatsM2ct3B3uG9Lhrn8DA8A3JYDyB7caDV7xkpqKEI-3cDm2PA
IP 142.250.74.130:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pagead/gen_204?id=sodar&v=30&t=2&bgai=BziPR1wrVY96mEILQYoP2vCgAAAAAOAHgBAI&bg=!JCelJ2PNAAZSrDxfcqw7ACkAdvg8Wk_qQ4Dr5WyCfVdnMqomr7OuP_6AMTjQjn2Ne7fUmnEPrF345AIAAADYUgAAAARoAQcKAGdujpLnFWrrQMXB0LxZAUXBsneA18bmRvDLEUifNd6rabG0ROyWwDtM1GaxGCasdd3b1Tz1xguKPMhGLcBp6ZHn_rwbtqOEBfqjEKcgS6sTttqkoEl6J67p-EFiIB4nx0ZNOWXBWZ0hmQKGu4bat6ztwPw2kR-oDZgQq0C5gCE87hBDcSKgIbsLp8FPcKg-Ui-VMvL3pnd1nEL40AmVaUtGEKL3EAFHoaPi9MPDyx4ngpRIdhlyPuUwLeljKjD2BRPnBW9lIh6IFB9RhZsLAWzirALb-nyb2zQP4UB_5rKLMHorl2eEfsUN4MvkeQ0Uag98JypsVbmJmGCcZezr2UXl7PqXrARs3G1UQ9Hoci7JI8imDZj-D_TCI6t84SZNUpSPz0ftX5J1ftreX2s-qfYOdo2hjnGexIoOPuPk_ED_CX5H83_K0t7YRS-i7BxhM3_6IZGHcUBvXV1B_-ska9f6pn3FoxcEgFznPEmxa_BEgkNNGcJjLNvPivDbDQTEoVwjI0cG64cWPxxnei7vFgc7VfnxtOQvnBr3FVckgThEPImYSMzCKBkzA3bWaXdo0MUT9QU5FYqkwRDpdz-bAwNzX9rHRj8PlPk07M5YaT4p6tJ2Znrc020_s9HS5u-_ZJrj22lM7quIkNUYSKJ5-RlcWHv7la5twPYPTC3ZIoA8JZ83gukdbLr-CpvosXQbklv4fdhfoM977hSXlTxayBeyN-bELl15v0kmDS_SFK8OEOxJGfRfG2Rb0s_ugJEGfU7CmoImN1S23aXsbUb_XSaGl7BDoctg1o5keirzoFV3D3R9MAnIz9T3he7bnIEgGUFj0XMDHTvBsMSAIO0Bc3RvjBEPLIu6pRgHenCUo-CA4GsVloLGtF1-nr8Wk5IKfFc5Lid2orta_Q2yX8Ivs67H3vringkSpRv3UzqoFTVe3tl9SjJKpG8vNYlOTatsM2ct3B3uG9Lhrn8DA8A3JYDyB7caDV7xkpqKEI-3cDm2PA HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tpc.googlesyndication.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 204 No Content
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 28 Jan 2023 11:45:28 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
secure.flashtalking.com/oba/icon/consumer-privacy-logo.png
23.38.200.44200 OK 6.0 kB URL HTTP/1.1 secure.flashtalking.com/oba/icon/consumer-privacy-logo.png
IP 23.38.200.44:0
File type PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced\012- data
Hash d675694ab4d4d2eb56cca854c25d9c36
34174b9397a3cb289f892f1f98ccc51a63698360
49b19f7f2d3d0fc9d2270cd1ebd79d468ca86cf308f33b063595863e3f392e98
GET /oba/icon/consumer-privacy-logo.png HTTP/1.1
Host: secure.flashtalking.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Last-Modified: Thu, 11 Feb 2021 15:39:51 GMT
Content-Type: image/png
ETag: W/"d675694ab4d4d2eb56cca854c25d9c36"
X-Varnish: 721542519 721664610
Accept-Ranges: bytes
Content-Length: 5953
Cache-Control: max-age=471
Expires: Sat, 28 Jan 2023 11:53:19 GMT
Date: Sat, 28 Jan 2023 11:45:28 GMT
Connection: keep-alive
Server: Flashtalking (AKA)
ocsp.godaddy.com/
192.124.249.22200 OK 1.8 kB IP 192.124.249.22:0
Hash f12689cf8f085a2a43dedb00591eed6a
41a9584666dead5c1ecff916bcd21a7af30c6cbe
6ab479ba5fa4cfc6e41e5e5049aef4a1575728ede9fc3fe8a634a5c38800e383
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sat, 28 Jan 2023 11:45:28 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19022
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sat, 28 Jan 2023 02:52:34 GMT
Expires: Sun, 29 Jan 2023 02:52:34 GMT
ETag: "41a9584666dead5c1ecff916bcd21a7af30c6cbe"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsussnSeA4OYSfLfmauB6dKb4n7vRmzWSJz6fvOUkiHbwmpPmgtRiTs9cVT-ubBNOB4lUnnhuG9SGMPLaSZR74Kt-Yx-pQ9H4Dg_tzecxKv2NymaB7UzAOx8wdIhPUHLijxak46rjg&sai=AMfl-YRyukk7gI7i6VRI_EFbNuUI3opA_wstxqvDJpUC-Pd4Ou4g4DOL13vOGW4Mji6eu4Iz2rxmesZNtA4A4aylZJrH268aaOJ6iZwH1zL51oF9NQ49lecQoGywUaFivZgQdPaGkikcr1BhSdFZq_s&sig=Cg0ArKJSzHRuPttHoP9QEAE&cid=CAQSSwDUE5ymiAJqTmajS-s6VyRaK_lY5t_eXqv-eWtpYA9YrSA7S0GUKO-dcRXmVDT7CLQRIcaJQsTCEoPno_lPKV4dDpC5jW0GRgAiBRgBIBM&id=lidar2&mcvt=1000&p=0,0,280,980&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230125&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=878858194&rs=2&la=1&cr=0&vs=4&r=v&rst=1674906328974&rpt=1363&met=mue&wmsd=0&pbe=0&vae=0&spb=0
142.250.74.130200 OK 42 B URL HTTP/2 pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsussnSeA4OYSfLfmauB6dKb4n7vRmzWSJz6fvOUkiHbwmpPmgtRiTs9cVT-ubBNOB4lUnnhuG9SGMPLaSZR74Kt-Yx-pQ9H4Dg_tzecxKv2NymaB7UzAOx8wdIhPUHLijxak46rjg&sai=AMfl-YRyukk7gI7i6VRI_EFbNuUI3opA_wstxqvDJpUC-Pd4Ou4g4DOL13vOGW4Mji6eu4Iz2rxmesZNtA4A4aylZJrH268aaOJ6iZwH1zL51oF9NQ49lecQoGywUaFivZgQdPaGkikcr1BhSdFZq_s&sig=Cg0ArKJSzHRuPttHoP9QEAE&cid=CAQSSwDUE5ymiAJqTmajS-s6VyRaK_lY5t_eXqv-eWtpYA9YrSA7S0GUKO-dcRXmVDT7CLQRIcaJQsTCEoPno_lPKV4dDpC5jW0GRgAiBRgBIBM&id=lidar2&mcvt=1000&p=0,0,280,980&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230125&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=878858194&rs=2&la=1&cr=0&vs=4&r=v&rst=1674906328974&rpt=1363&met=mue&wmsd=0&pbe=0&vae=0&spb=0
IP 142.250.74.130:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pcs/activeview?xai=AKAOjsussnSeA4OYSfLfmauB6dKb4n7vRmzWSJz6fvOUkiHbwmpPmgtRiTs9cVT-ubBNOB4lUnnhuG9SGMPLaSZR74Kt-Yx-pQ9H4Dg_tzecxKv2NymaB7UzAOx8wdIhPUHLijxak46rjg&sai=AMfl-YRyukk7gI7i6VRI_EFbNuUI3opA_wstxqvDJpUC-Pd4Ou4g4DOL13vOGW4Mji6eu4Iz2rxmesZNtA4A4aylZJrH268aaOJ6iZwH1zL51oF9NQ49lecQoGywUaFivZgQdPaGkikcr1BhSdFZq_s&sig=Cg0ArKJSzHRuPttHoP9QEAE&cid=CAQSSwDUE5ymiAJqTmajS-s6VyRaK_lY5t_eXqv-eWtpYA9YrSA7S0GUKO-dcRXmVDT7CLQRIcaJQsTCEoPno_lPKV4dDpC5jW0GRgAiBRgBIBM&id=lidar2&mcvt=1000&p=0,0,280,980&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230125&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=878858194&rs=2&la=1&cr=0&vs=4&r=v&rst=1674906328974&rpt=1363&met=mue&wmsd=0&pbe=0&vae=0&spb=0 HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://googleads.g.doubleclick.net/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-type: image/gif
date: Sat, 28 Jan 2023 11:45:28 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstsoIRAuYHC6Y9eYAlm3lmmGpyTzNJhgGGuJKXezN4tAPP3yBrKJT5DsGhF0lxLKG6hCByVI51bDxfgwDLdM3ond2GbwNTC7lnJht1GB5eNxwqBRtT0tHgu0VGCuHVheMvr8xDM4Q&sai=AMfl-YRC25UFVqaJyPSyy3UO9JqF-osJm4msVkbFYgTdSyBbo3eADyrzTHCsGbC4ptd-OwC6hXd2NnXFrEE-cO6g_X15LGcnT7edypKCWySoE90tC-Wa5jZUpN9e5RsrhXIeq637p5TmezfM8wqiSXI&sig=Cg0ArKJSzMpz2djOLQDlEAE&cid=CAQSSwDUE5ymh3jCQQVUYDJQg8wCKTQJp9XECBNaqKzas1xCVbKuVEJiFK1_E9pyMqQg_jKbxgSUjbZWa1x1gsRpAt5F9r7E064GapreThgBIBM&id=lidar2&mcvt=1015&p=0,0,280,980&mtos=0,1015,1015,1015,1015&tos=0,1015,0,0,0&v=20230125&bin=7&avms=nio&bs=0,0&mc=0.95&if=1&vu=1&app=0&itpl=22&adk=1699950786&rs=2&la=1&cr=0&vs=4&r=v&rst=1674906328981&rpt=1327&met=mue&wmsd=0&pbe=0&vae=0&spb=0
142.250.74.130200 OK 42 B URL HTTP/2 pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstsoIRAuYHC6Y9eYAlm3lmmGpyTzNJhgGGuJKXezN4tAPP3yBrKJT5DsGhF0lxLKG6hCByVI51bDxfgwDLdM3ond2GbwNTC7lnJht1GB5eNxwqBRtT0tHgu0VGCuHVheMvr8xDM4Q&sai=AMfl-YRC25UFVqaJyPSyy3UO9JqF-osJm4msVkbFYgTdSyBbo3eADyrzTHCsGbC4ptd-OwC6hXd2NnXFrEE-cO6g_X15LGcnT7edypKCWySoE90tC-Wa5jZUpN9e5RsrhXIeq637p5TmezfM8wqiSXI&sig=Cg0ArKJSzMpz2djOLQDlEAE&cid=CAQSSwDUE5ymh3jCQQVUYDJQg8wCKTQJp9XECBNaqKzas1xCVbKuVEJiFK1_E9pyMqQg_jKbxgSUjbZWa1x1gsRpAt5F9r7E064GapreThgBIBM&id=lidar2&mcvt=1015&p=0,0,280,980&mtos=0,1015,1015,1015,1015&tos=0,1015,0,0,0&v=20230125&bin=7&avms=nio&bs=0,0&mc=0.95&if=1&vu=1&app=0&itpl=22&adk=1699950786&rs=2&la=1&cr=0&vs=4&r=v&rst=1674906328981&rpt=1327&met=mue&wmsd=0&pbe=0&vae=0&spb=0
IP 142.250.74.130:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pcs/activeview?xai=AKAOjstsoIRAuYHC6Y9eYAlm3lmmGpyTzNJhgGGuJKXezN4tAPP3yBrKJT5DsGhF0lxLKG6hCByVI51bDxfgwDLdM3ond2GbwNTC7lnJht1GB5eNxwqBRtT0tHgu0VGCuHVheMvr8xDM4Q&sai=AMfl-YRC25UFVqaJyPSyy3UO9JqF-osJm4msVkbFYgTdSyBbo3eADyrzTHCsGbC4ptd-OwC6hXd2NnXFrEE-cO6g_X15LGcnT7edypKCWySoE90tC-Wa5jZUpN9e5RsrhXIeq637p5TmezfM8wqiSXI&sig=Cg0ArKJSzMpz2djOLQDlEAE&cid=CAQSSwDUE5ymh3jCQQVUYDJQg8wCKTQJp9XECBNaqKzas1xCVbKuVEJiFK1_E9pyMqQg_jKbxgSUjbZWa1x1gsRpAt5F9r7E064GapreThgBIBM&id=lidar2&mcvt=1015&p=0,0,280,980&mtos=0,1015,1015,1015,1015&tos=0,1015,0,0,0&v=20230125&bin=7&avms=nio&bs=0,0&mc=0.95&if=1&vu=1&app=0&itpl=22&adk=1699950786&rs=2&la=1&cr=0&vs=4&r=v&rst=1674906328981&rpt=1327&met=mue&wmsd=0&pbe=0&vae=0&spb=0 HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://googleads.g.doubleclick.net/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-type: image/gif
date: Sat, 28 Jan 2023 11:45:28 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
tps.doubleverify.com/visit.js?gdpr=&gdpr_consent=&flvr=0&ttmms=125&ttfrms=20&bridua=2&tstype=128&eparams=DC4FC%3Dl9EEADTbpTauTauD7%3A%3D6%5D%3E%403%3ATauU2%26C%3Dl9EEADTbpTauTauD7%3A%3D6%5D%3E%403%3ATaus54%26%3CHz%3D~_f&srcurlD=0&aUrlD=-1&ssl=https:&dfs=1360&ddur=7&uid=1674906331098280&jsCallback=dvCallback_1674906331098839&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&htmlmsging=1&chro=0&hist=1&winh=90&winw=728&wouh=1024&wouw=1280&scah=1002&scaw=1280&jsver=3438&tgjsver=3438&lvvn=28&m1=13&refD=2&fcifrms=6&brh=1&sdf=2&dvp_epl=114&noc=16&nav_pltfrm=Linux%20x86_64&ctx=1828362&cmp=115750&sid=18330&plc=5182811&crt=3801681&btreg=5182811&btadsrv=flashtalking&adsrv=29&errorURL=https://tps.doubleverify.com/visit.jpg&mib=0&dvp_ftimpid=2A5FACBD-7A26-E404-8396-06C4B3AA9254&dvp_rcp=2&dvp_htec=2&dvp_seem=2&dvp_tuk=1&dvp_tcnt=2&dvp_sukv=437939142.42477006&dvp_tukv=620471642.4295067&dvp_uuid=1390090986552.3135&dvp_strhd=1&dvpx_strhd=1&dvp_tuid=998016494655&jurtd=2803904701
213.254.244.26200 OK 1.2 kB URL HTTP/1.1 tps.doubleverify.com/visit.js?gdpr=&gdpr_consent=&flvr=0&ttmms=125&ttfrms=20&bridua=2&tstype=128&eparams=DC4FC%3Dl9EEADTbpTauTauD7%3A%3D6%5D%3E%403%3ATauU2%26C%3Dl9EEADTbpTauTauD7%3A%3D6%5D%3E%403%3ATaus54%26%3CHz%3D~_f&srcurlD=0&aUrlD=-1&ssl=https:&dfs=1360&ddur=7&uid=1674906331098280&jsCallback=dvCallback_1674906331098839&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&htmlmsging=1&chro=0&hist=1&winh=90&winw=728&wouh=1024&wouw=1280&scah=1002&scaw=1280&jsver=3438&tgjsver=3438&lvvn=28&m1=13&refD=2&fcifrms=6&brh=1&sdf=2&dvp_epl=114&noc=16&nav_pltfrm=Linux%20x86_64&ctx=1828362&cmp=115750&sid=18330&plc=5182811&crt=3801681&btreg=5182811&btadsrv=flashtalking&adsrv=29&errorURL=https://tps.doubleverify.com/visit.jpg&mib=0&dvp_ftimpid=2A5FACBD-7A26-E404-8396-06C4B3AA9254&dvp_rcp=2&dvp_htec=2&dvp_seem=2&dvp_tuk=1&dvp_tcnt=2&dvp_sukv=437939142.42477006&dvp_tukv=620471642.4295067&dvp_uuid=1390090986552.3135&dvp_strhd=1&dvpx_strhd=1&dvp_tuid=998016494655&jurtd=2803904701
IP 213.254.244.26:0
File type ASCII text, with very long lines (3044), with no line terminators
Hash 1543268215f9afd32e098c6f11805745
c7081271d4adfa971f534f46c61bfa04c8d41a00
b695988d8dbe022c5d8041f0aa39d690d70e80c5cb382d8304630500b04d530d
GET /visit.js?gdpr=&gdpr_consent=&flvr=0&ttmms=125&ttfrms=20&bridua=2&tstype=128&eparams=DC4FC%3Dl9EEADTbpTauTauD7%3A%3D6%5D%3E%403%3ATauU2%26C%3Dl9EEADTbpTauTauD7%3A%3D6%5D%3E%403%3ATaus54%26%3CHz%3D~_f&srcurlD=0&aUrlD=-1&ssl=https:&dfs=1360&ddur=7&uid=1674906331098280&jsCallback=dvCallback_1674906331098839&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&htmlmsging=1&chro=0&hist=1&winh=90&winw=728&wouh=1024&wouw=1280&scah=1002&scaw=1280&jsver=3438&tgjsver=3438&lvvn=28&m1=13&refD=2&fcifrms=6&brh=1&sdf=2&dvp_epl=114&noc=16&nav_pltfrm=Linux%20x86_64&ctx=1828362&cmp=115750&sid=18330&plc=5182811&crt=3801681&btreg=5182811&btadsrv=flashtalking&adsrv=29&errorURL=https://tps.doubleverify.com/visit.jpg&mib=0&dvp_ftimpid=2A5FACBD-7A26-E404-8396-06C4B3AA9254&dvp_rcp=2&dvp_htec=2&dvp_seem=2&dvp_tuk=1&dvp_tcnt=2&dvp_sukv=437939142.42477006&dvp_tukv=620471642.4295067&dvp_uuid=1390090986552.3135&dvp_strhd=1&dvpx_strhd=1&dvp_tuid=998016494655&jurtd=2803904701 HTTP/1.1
Host: tps.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 11:45:26 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Cache-Control: max-age=0
Content-Encoding: br
Expires: 01/27/2023 11:45:28
Pragma: no-cache
Vary: Accept-Encoding
cdn.doubleverify.com/redirect/?host=tpsc-frc¶m=akipv6&impid=1bb7110b588043fea1b16ccb5a97235b&dup=&eoid=1000&cbust=1674906331417239
95.101.11.123302 Moved Temporarily 0 B URL HTTP/1.1 cdn.doubleverify.com/redirect/?host=tpsc-frc¶m=akipv6&impid=1bb7110b588043fea1b16ccb5a97235b&dup=&eoid=1000&cbust=1674906331417239
IP 95.101.11.123:0
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect/?host=tpsc-frc¶m=akipv6&impid=1bb7110b588043fea1b16ccb5a97235b&dup=&eoid=1000&cbust=1674906331417239 HTTP/1.1
Host: cdn.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
Server: AkamaiGHost
Content-Length: 0
Location: https://tpsc-frc.doubleverify.com/event.png?impid=1bb7110b588043fea1b16ccb5a97235b&akipv6=&dup=&eoid=1000
Date: Sat, 28 Jan 2023 11:45:28 GMT
Connection: keep-alive
tpsc-frc.doubleverify.com/event.png?impid=1bb7110b588043fea1b16ccb5a97235b&akipv6=&dup=&eoid=1000
213.254.244.26204 No Content 0 B URL HTTP/1.1 tpsc-frc.doubleverify.com/event.png?impid=1bb7110b588043fea1b16ccb5a97235b&akipv6=&dup=&eoid=1000
IP 213.254.244.26:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /event.png?impid=1bb7110b588043fea1b16ccb5a97235b&akipv6=&dup=&eoid=1000 HTTP/1.1
Host: tpsc-frc.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://googleads.g.doubleclick.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Date: Sat, 28 Jan 2023 11:45:29 GMT
Cache-Control: max-age=0
Expires: 01/27/2023 11:45:29
Pragma: no-cache
pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsskvZ-fQvqdqgm_n77JZ1MZ-IroeloKX2kWB9gDgdoRHmSUFa7gZG9QzfBG4TDaTwEx1qHQOhdqXydutWYoPnLVDknNnscERZ3gZzrp9IDwgOYSI_nhU48zVx4qAuPq0-P23_VuOg&sai=AMfl-YQ2SAqsBJj4_cJh95m7hz5k6ieiXYRoRlRMRw3QFLXp_R5wLpVorchT7O8YSeAehe6zj6oggeidFR2gYzvZ-falqVMbKgDQbnNDJ8qYD5tdifwEfCFclAkiMVDAZ7KEDnyIkBcum9OjObw-rOE&sig=Cg0ArKJSzMuKxveUiV4cEAE&cid=CAQSSwDUE5ymezkjo_b0n3D3f0gK-Gx_oIlh9mrDiqALWmYRBQJ7t4HOo7zFgSm28UtPdASfajnFOYI7xObNX6mRpxHX7C6pMGTh0YeURRgBIBM&id=lidar2&mcvt=1001&p=0,0,90,728&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20230125&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=1812271801&rs=2&la=0&cr=0&vs=4&r=v&rst=1674906329572&rpt=1050&met=ce&wmsd=0&pbe=0&vae=0&spb=0
142.250.74.130200 OK 42 B URL HTTP/2 pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsskvZ-fQvqdqgm_n77JZ1MZ-IroeloKX2kWB9gDgdoRHmSUFa7gZG9QzfBG4TDaTwEx1qHQOhdqXydutWYoPnLVDknNnscERZ3gZzrp9IDwgOYSI_nhU48zVx4qAuPq0-P23_VuOg&sai=AMfl-YQ2SAqsBJj4_cJh95m7hz5k6ieiXYRoRlRMRw3QFLXp_R5wLpVorchT7O8YSeAehe6zj6oggeidFR2gYzvZ-falqVMbKgDQbnNDJ8qYD5tdifwEfCFclAkiMVDAZ7KEDnyIkBcum9OjObw-rOE&sig=Cg0ArKJSzMuKxveUiV4cEAE&cid=CAQSSwDUE5ymezkjo_b0n3D3f0gK-Gx_oIlh9mrDiqALWmYRBQJ7t4HOo7zFgSm28UtPdASfajnFOYI7xObNX6mRpxHX7C6pMGTh0YeURRgBIBM&id=lidar2&mcvt=1001&p=0,0,90,728&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20230125&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=1812271801&rs=2&la=0&cr=0&vs=4&r=v&rst=1674906329572&rpt=1050&met=ce&wmsd=0&pbe=0&vae=0&spb=0
IP 142.250.74.130:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pcs/activeview?xai=AKAOjsskvZ-fQvqdqgm_n77JZ1MZ-IroeloKX2kWB9gDgdoRHmSUFa7gZG9QzfBG4TDaTwEx1qHQOhdqXydutWYoPnLVDknNnscERZ3gZzrp9IDwgOYSI_nhU48zVx4qAuPq0-P23_VuOg&sai=AMfl-YQ2SAqsBJj4_cJh95m7hz5k6ieiXYRoRlRMRw3QFLXp_R5wLpVorchT7O8YSeAehe6zj6oggeidFR2gYzvZ-falqVMbKgDQbnNDJ8qYD5tdifwEfCFclAkiMVDAZ7KEDnyIkBcum9OjObw-rOE&sig=Cg0ArKJSzMuKxveUiV4cEAE&cid=CAQSSwDUE5ymezkjo_b0n3D3f0gK-Gx_oIlh9mrDiqALWmYRBQJ7t4HOo7zFgSm28UtPdASfajnFOYI7xObNX6mRpxHX7C6pMGTh0YeURRgBIBM&id=lidar2&mcvt=1001&p=0,0,90,728&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20230125&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=1812271801&rs=2&la=0&cr=0&vs=4&r=v&rst=1674906329572&rpt=1050&met=ce&wmsd=0&pbe=0&vae=0&spb=0 HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://googleads.g.doubleclick.net/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-type: image/gif
date: Sat, 28 Jan 2023 11:45:29 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
tps.doubleverify.com/visit.js?gdpr=&gdpr_consent=&flvr=0&ttmms=178&ttfrms=40&bridua=2&tstype=128&eparams=DC4FC%3Dl9EEADTbpTauTauD7%3A%3D6%5D%3E%403%3ATauU2%26C%3Dl9EEADTbpTauTauD7%3A%3D6%5D%3E%403%3ATaus54%26%3CHz%3D~_f&srcurlD=0&aUrlD=-1&ssl=https:&uid=1674906330777227&jsCallback=dvCallback_1674906330777462&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&htmlmsging=1&chro=0&hist=1&winh=90&winw=728&wouh=1024&wouw=1280&scah=1002&scaw=1280&jsver=3438&tgjsver=3438&lvvn=28&m1=13&refD=2&fcifrms=6&brh=1&sdf=2&dvp_epl=114&noc=16&nav_pltfrm=Linux%20x86_64&ctx=3397726&cmp=3398513&sid=pp3&plc=33985131&adsrv=0&advid=3398311&turl=https://sfile.mobi/DdcUkwKlO07&errorURL=https://tps.doubleverify.com/visit.jpg&mib=0&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&DVP_DV_CT=1&DVPX_PP_IMP_ID=ABAjH0hsFYzBSpHqSQBD4XE3R7_q&DVP_DBM_1=3060631&DVP_DBM_2=24779287&DVP_DBM_3=15170491623&DVP_DBM_4=396449270&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=340867850770&dvp_rcp=2&dvp_htec=2&dvp_seem=2&dvp_tuk=1&dvp_sukv=437939142.42477006&dvp_tukv=32181456142.702465&dvp_uuid=22090894132.46857&dvp_tuid=42588670930&jurtd=1173966648
213.254.244.26200 OK 681 B URL HTTP/1.1 tps.doubleverify.com/visit.js?gdpr=&gdpr_consent=&flvr=0&ttmms=178&ttfrms=40&bridua=2&tstype=128&eparams=DC4FC%3Dl9EEADTbpTauTauD7%3A%3D6%5D%3E%403%3ATauU2%26C%3Dl9EEADTbpTauTauD7%3A%3D6%5D%3E%403%3ATaus54%26%3CHz%3D~_f&srcurlD=0&aUrlD=-1&ssl=https:&uid=1674906330777227&jsCallback=dvCallback_1674906330777462&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&htmlmsging=1&chro=0&hist=1&winh=90&winw=728&wouh=1024&wouw=1280&scah=1002&scaw=1280&jsver=3438&tgjsver=3438&lvvn=28&m1=13&refD=2&fcifrms=6&brh=1&sdf=2&dvp_epl=114&noc=16&nav_pltfrm=Linux%20x86_64&ctx=3397726&cmp=3398513&sid=pp3&plc=33985131&adsrv=0&advid=3398311&turl=https://sfile.mobi/DdcUkwKlO07&errorURL=https://tps.doubleverify.com/visit.jpg&mib=0&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&DVP_DV_CT=1&DVPX_PP_IMP_ID=ABAjH0hsFYzBSpHqSQBD4XE3R7_q&DVP_DBM_1=3060631&DVP_DBM_2=24779287&DVP_DBM_3=15170491623&DVP_DBM_4=396449270&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=340867850770&dvp_rcp=2&dvp_htec=2&dvp_seem=2&dvp_tuk=1&dvp_sukv=437939142.42477006&dvp_tukv=32181456142.702465&dvp_uuid=22090894132.46857&dvp_tuid=42588670930&jurtd=1173966648
IP 213.254.244.26:0
File type ASCII text, with very long lines (1184), with no line terminators
Hash bbd33948250599a02c3112d629c1b318
8b290dace16889f2252066c39dbb927a695a7b87
dc0ab3834a77183040b3cda70bff85260ec9c18e428dedf394e0ad039690685c
GET /visit.js?gdpr=&gdpr_consent=&flvr=0&ttmms=178&ttfrms=40&bridua=2&tstype=128&eparams=DC4FC%3Dl9EEADTbpTauTauD7%3A%3D6%5D%3E%403%3ATauU2%26C%3Dl9EEADTbpTauTauD7%3A%3D6%5D%3E%403%3ATaus54%26%3CHz%3D~_f&srcurlD=0&aUrlD=-1&ssl=https:&uid=1674906330777227&jsCallback=dvCallback_1674906330777462&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&htmlmsging=1&chro=0&hist=1&winh=90&winw=728&wouh=1024&wouw=1280&scah=1002&scaw=1280&jsver=3438&tgjsver=3438&lvvn=28&m1=13&refD=2&fcifrms=6&brh=1&sdf=2&dvp_epl=114&noc=16&nav_pltfrm=Linux%20x86_64&ctx=3397726&cmp=3398513&sid=pp3&plc=33985131&adsrv=0&advid=3398311&turl=https://sfile.mobi/DdcUkwKlO07&errorURL=https://tps.doubleverify.com/visit.jpg&mib=0&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&DVP_DV_CT=1&DVPX_PP_IMP_ID=ABAjH0hsFYzBSpHqSQBD4XE3R7_q&DVP_DBM_1=3060631&DVP_DBM_2=24779287&DVP_DBM_3=15170491623&DVP_DBM_4=396449270&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=340867850770&dvp_rcp=2&dvp_htec=2&dvp_seem=2&dvp_tuk=1&dvp_sukv=437939142.42477006&dvp_tukv=32181456142.702465&dvp_uuid=22090894132.46857&dvp_tuid=42588670930&jurtd=1173966648 HTTP/1.1
Host: tps.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 11:45:31 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Cache-Control: max-age=0
Content-Encoding: br
Expires: 01/27/2023 11:45:29
Pragma: no-cache
Vary: Accept-Encoding
cdn.doubleverify.com/redirect/?host=tpsc-frc¶m=akipv6&impid=c47338341100472eaa7096bb79419ed3&dup=&eoid=1000&cbust=1674906332314220
95.101.11.123302 Moved Temporarily 0 B URL HTTP/1.1 cdn.doubleverify.com/redirect/?host=tpsc-frc¶m=akipv6&impid=c47338341100472eaa7096bb79419ed3&dup=&eoid=1000&cbust=1674906332314220
IP 95.101.11.123:0
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect/?host=tpsc-frc¶m=akipv6&impid=c47338341100472eaa7096bb79419ed3&dup=&eoid=1000&cbust=1674906332314220 HTTP/1.1
Host: cdn.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
Server: AkamaiGHost
Content-Length: 0
Location: https://tpsc-frc.doubleverify.com/event.png?impid=c47338341100472eaa7096bb79419ed3&akipv6=&dup=&eoid=1000
Date: Sat, 28 Jan 2023 11:45:29 GMT
Connection: keep-alive
tpsc-frc.doubleverify.com/event.png?impid=c47338341100472eaa7096bb79419ed3&akipv6=&dup=&eoid=1000
213.254.244.26204 No Content 0 B URL HTTP/1.1 tpsc-frc.doubleverify.com/event.png?impid=c47338341100472eaa7096bb79419ed3&akipv6=&dup=&eoid=1000
IP 213.254.244.26:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /event.png?impid=c47338341100472eaa7096bb79419ed3&akipv6=&dup=&eoid=1000 HTTP/1.1
Host: tpsc-frc.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://googleads.g.doubleclick.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Date: Sat, 28 Jan 2023 11:44:34 GMT
Cache-Control: max-age=0
Expires: 01/27/2023 11:45:29
Pragma: no-cache
pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230124&st=env
142.250.74.130200 OK 11 kB URL HTTP/2 pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230124&st=env
IP 142.250.74.130:0
File type JSON data\012- , ASCII text, with very long lines (14750), with no line terminators
Hash 0e8536d5018d2d196e16225a85a5e1c5
1c267ddff354f0c3260a64c41681535c90fb365d
c810febb5f5b6737eaca95dfb30cf6c5748fc732e66d00dcfbce577db718b431
GET /getconfig/sodar?sv=200&tid=gda&tv=r20230124&st=env HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://sfile.mobi
Connection: keep-alive
Referer: https://sfile.mobi/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-type: application/json; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
date: Sat, 28 Jan 2023 11:45:29 GMT
server: cafe
content-length: 11131
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 622311873d3819b9911301b09bc2d43c
9f08d648e40479aa12da033da15b80a15017c739
6138674cec17da8b7bb02bf0686bf3e7aefa2bce6a5f844ebd80e10b665818b8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 11:45:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/recaptcha/api2/aframe
216.58.207.228200 OK 513 B URL HTTP/2 www.google.com/recaptcha/api2/aframe
IP 216.58.207.228:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (783), with no line terminators
Hash 3dffea01c611c514ce5beec1641b185a
b930789a232e61facbafb26e67df9d7248ccd7e4
681ce7ba22fb3bab1b60e6dcd17bb5677266f60ddd4c864c395f59cab4fff78d
GET /recaptcha/api2/aframe HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sfile.mobi/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Sat, 28 Jan 2023 11:45:30 GMT
date: Sat, 28 Jan 2023 11:45:30 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'nonce-l3_R2lKF3BTKNzmxBoPmKQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230124&jk=3908449896374843&rc=
142.250.74.130204 No Content 0 B URL HTTP/2 pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230124&jk=3908449896374843&rc=
IP 142.250.74.130:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pagead/sodar?id=sodar2&v=225&li=gda_r20230124&jk=3908449896374843&rc= HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 28 Jan 2023 11:45:30 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.godaddy.com/
192.124.249.22200 OK 1.8 kB IP 192.124.249.22:0
Hash f12689cf8f085a2a43dedb00591eed6a
41a9584666dead5c1ecff916bcd21a7af30c6cbe
6ab479ba5fa4cfc6e41e5e5049aef4a1575728ede9fc3fe8a634a5c38800e383
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sat, 28 Jan 2023 11:45:30 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19022
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sat, 28 Jan 2023 02:52:34 GMT
Expires: Sun, 29 Jan 2023 02:52:34 GMT
ETag: "41a9584666dead5c1ecff916bcd21a7af30c6cbe"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=9866860975181&version=m202209210101&ct=77&x=1&cor=4723817237366815000
142.250.74.130204 No Content 0 B URL HTTP/2 pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=9866860975181&version=m202209210101&ct=77&x=1&cor=4723817237366815000
IP 142.250.74.130:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pagead/gen_204?id=dv3-render&msg=tler&ord=9866860975181&version=m202209210101&ct=77&x=1&cor=4723817237366815000 HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 28 Jan 2023 11:45:30 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230124&jk=3908449896374843&bg=!oKOlo-fNAAZSrDxfcqw7ACkAdvg8Wk1SncmTV-6kcCnAKz6JRUtiQkQE_Z2czCEjkPfH8QZGJWKfmAIAAADaUgAAAARoAQcKAHe4AmpmQ4uTcJDlwZh4Ty3g-8t8O34lMOLBR823fcfn0G3TJE1YSt8uMTbdVKMvzH0NhgaRFdS9bShssXkL1qcnZFQCCVhK3c_5gHSL1OtsIf7dH9l_4QKHnkySrUodlSr35QympDV6VMYknon2vwH0D9tY0lc6hZkCgYi-A_DlpRkJbK36G-w5PEXeRoxbGzxUFjukYfxPNVlJ90EamB_QyGShYkTx2bHILxUAUtCUMA9hYeBXPiIKuocg_HSrzMJSnjqYPK6AmpBtMq7tHEdcm03YRi8g7BwvGuvbFc7YJUJDu1uJt9Pb55Q21P54GwaklG6R_cF60K8QPHIiFX0i3m4pLtN2zbmQW0Gjb6FLdqXkY1eSlpaV0B6DpiJkb_wR7SYrYpfpx4yY6MTrkKngusHebmQ8BhS1QcgQYaO7ry1Gmcn24BzTakrBFDCAtO3FfSGxXgqsm92JZAVK6mirRJczgdlytSJlIN3ZOHgUmVzEJwkdeJRgIGF4-caqhkK1ATN7nXAfTrZhDxsfCNtWiTWX7wanCI5TrYgXL0Gb74c50XtxeWxp9mCDb9PQwK3GbvX99QSBRGfjGDBnc5D8Xu4-kEmfn8oz4eYJndvK9tL301m4Yzav1wJmwqOumNzRu0wDEdgCoDVjOMkpZwR9hnbVBS9uIPLd0W8dV2vmR1pI6yxopBWMksONyWghITvWISY5IraXZY7UPjlP_TVbE4zEWyoCuFrjH8T0ITJWeorhZTOqqtcmprX6gawT7ZrLDQgTHQhkjcjPYheXvHcswr-NCE7YiXDhKdB5Qbi2rFZ-eCr6pypCcJC3IIu2opj28ZlvCdwIgcVKK_2FlTAHOdPvP7kcnw-VdkHcRErHWOx1u63IUf6Gj8Ed3twxNjfohi8w5tQT9Hc4hFo2DYU1j6EPQ5V4TAC16i2FVrpzCJ0HJ2QBmpNA_PRlzFmBScAyuFgTtQjYEoaOPtrO2OUMHKhAE42nGg_77A2eMTJfsZ0SrxUhgQDXZeV1
142.250.74.130204 No Content 0 B URL HTTP/2 pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230124&jk=3908449896374843&bg=!oKOlo-fNAAZSrDxfcqw7ACkAdvg8Wk1SncmTV-6kcCnAKz6JRUtiQkQE_Z2czCEjkPfH8QZGJWKfmAIAAADaUgAAAARoAQcKAHe4AmpmQ4uTcJDlwZh4Ty3g-8t8O34lMOLBR823fcfn0G3TJE1YSt8uMTbdVKMvzH0NhgaRFdS9bShssXkL1qcnZFQCCVhK3c_5gHSL1OtsIf7dH9l_4QKHnkySrUodlSr35QympDV6VMYknon2vwH0D9tY0lc6hZkCgYi-A_DlpRkJbK36G-w5PEXeRoxbGzxUFjukYfxPNVlJ90EamB_QyGShYkTx2bHILxUAUtCUMA9hYeBXPiIKuocg_HSrzMJSnjqYPK6AmpBtMq7tHEdcm03YRi8g7BwvGuvbFc7YJUJDu1uJt9Pb55Q21P54GwaklG6R_cF60K8QPHIiFX0i3m4pLtN2zbmQW0Gjb6FLdqXkY1eSlpaV0B6DpiJkb_wR7SYrYpfpx4yY6MTrkKngusHebmQ8BhS1QcgQYaO7ry1Gmcn24BzTakrBFDCAtO3FfSGxXgqsm92JZAVK6mirRJczgdlytSJlIN3ZOHgUmVzEJwkdeJRgIGF4-caqhkK1ATN7nXAfTrZhDxsfCNtWiTWX7wanCI5TrYgXL0Gb74c50XtxeWxp9mCDb9PQwK3GbvX99QSBRGfjGDBnc5D8Xu4-kEmfn8oz4eYJndvK9tL301m4Yzav1wJmwqOumNzRu0wDEdgCoDVjOMkpZwR9hnbVBS9uIPLd0W8dV2vmR1pI6yxopBWMksONyWghITvWISY5IraXZY7UPjlP_TVbE4zEWyoCuFrjH8T0ITJWeorhZTOqqtcmprX6gawT7ZrLDQgTHQhkjcjPYheXvHcswr-NCE7YiXDhKdB5Qbi2rFZ-eCr6pypCcJC3IIu2opj28ZlvCdwIgcVKK_2FlTAHOdPvP7kcnw-VdkHcRErHWOx1u63IUf6Gj8Ed3twxNjfohi8w5tQT9Hc4hFo2DYU1j6EPQ5V4TAC16i2FVrpzCJ0HJ2QBmpNA_PRlzFmBScAyuFgTtQjYEoaOPtrO2OUMHKhAE42nGg_77A2eMTJfsZ0SrxUhgQDXZeV1
IP 142.250.74.130:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230124&jk=3908449896374843&bg=!oKOlo-fNAAZSrDxfcqw7ACkAdvg8Wk1SncmTV-6kcCnAKz6JRUtiQkQE_Z2czCEjkPfH8QZGJWKfmAIAAADaUgAAAARoAQcKAHe4AmpmQ4uTcJDlwZh4Ty3g-8t8O34lMOLBR823fcfn0G3TJE1YSt8uMTbdVKMvzH0NhgaRFdS9bShssXkL1qcnZFQCCVhK3c_5gHSL1OtsIf7dH9l_4QKHnkySrUodlSr35QympDV6VMYknon2vwH0D9tY0lc6hZkCgYi-A_DlpRkJbK36G-w5PEXeRoxbGzxUFjukYfxPNVlJ90EamB_QyGShYkTx2bHILxUAUtCUMA9hYeBXPiIKuocg_HSrzMJSnjqYPK6AmpBtMq7tHEdcm03YRi8g7BwvGuvbFc7YJUJDu1uJt9Pb55Q21P54GwaklG6R_cF60K8QPHIiFX0i3m4pLtN2zbmQW0Gjb6FLdqXkY1eSlpaV0B6DpiJkb_wR7SYrYpfpx4yY6MTrkKngusHebmQ8BhS1QcgQYaO7ry1Gmcn24BzTakrBFDCAtO3FfSGxXgqsm92JZAVK6mirRJczgdlytSJlIN3ZOHgUmVzEJwkdeJRgIGF4-caqhkK1ATN7nXAfTrZhDxsfCNtWiTWX7wanCI5TrYgXL0Gb74c50XtxeWxp9mCDb9PQwK3GbvX99QSBRGfjGDBnc5D8Xu4-kEmfn8oz4eYJndvK9tL301m4Yzav1wJmwqOumNzRu0wDEdgCoDVjOMkpZwR9hnbVBS9uIPLd0W8dV2vmR1pI6yxopBWMksONyWghITvWISY5IraXZY7UPjlP_TVbE4zEWyoCuFrjH8T0ITJWeorhZTOqqtcmprX6gawT7ZrLDQgTHQhkjcjPYheXvHcswr-NCE7YiXDhKdB5Qbi2rFZ-eCr6pypCcJC3IIu2opj28ZlvCdwIgcVKK_2FlTAHOdPvP7kcnw-VdkHcRErHWOx1u63IUf6Gj8Ed3twxNjfohi8w5tQT9Hc4hFo2DYU1j6EPQ5V4TAC16i2FVrpzCJ0HJ2QBmpNA_PRlzFmBScAyuFgTtQjYEoaOPtrO2OUMHKhAE42nGg_77A2eMTJfsZ0SrxUhgQDXZeV1 HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sfile.mobi/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 28 Jan 2023 11:45:30 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash af1c521d29c662e208d80836c19fa58a
64e18dcf8f3ea43f6aeb1c66299bd37121cdfe14
57fe9c6dbb637c6090c7110234fb9d3aadb75850d6d5ed5c668376ebd121c1f6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 11:45:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash af1c521d29c662e208d80836c19fa58a
64e18dcf8f3ea43f6aeb1c66299bd37121cdfe14
57fe9c6dbb637c6090c7110234fb9d3aadb75850d6d5ed5c668376ebd121c1f6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 11:45:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ad.doubleclick.net/ddm/activity/src=1295336;type=custom;cat=viewa2;u1=%5BTOTALPAGETIME%5D;u2=%5BBUCKET_0%5D;u3=%5BBUCKET_1_9%5D;u4=%5BBUCKET_10_19%5D;u5=%5BBUCKET_20_29%5D;u6=%5BBUCKET_30_39%5D;u7=%5BBUCKET_40_49%5D;u8=%5BBUCKET_50_59%5D;u9=%5BBUCKET_60_69%5D;u10=%5BBUCKET_70_79%5D;u11=%5BBUCKET_80_89%5D;u12=%5BBUCKET_90_99%5D;u13=%5BBUCKET_100%5D;u14=115750;u15=18330;u16=%5BDVP_ADID%5D;u17=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1|https://ad.doubleclick.net/ddm/activity/src=1295336;type=custom;cat=viewa2;u1=%5BTOTALPAGETIME%5D;u2=%5BBUCKET_0%5D;u3=%5BBUCKET_1_9%5D;u4=%5BBUCKET_10_19%5D;u5=%5BBUCKET_20_29%5D;u6=%5BBUCKET_30_39%5D;u7=%5BBUCKET_40_49%5D;u8=%5BBUCKET_50_59%5D;u9=%5BBUCKET_60_69%5D;u10=%5BBUCKET_70_79%5D;u11=%5BBUCKET_80_89%5D;u12=%5BBUCKET_90_99%5D;u13=%5BBUCKET_100%5D;u14=115750;u15=18330;u16=%5BDVP_ADID%5D;u17=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1?cbust=1674906333522702
216.58.207.230302 Found 0 B URL HTTP/2 ad.doubleclick.net/ddm/activity/src=1295336;type=custom;cat=viewa2;u1=%5BTOTALPAGETIME%5D;u2=%5BBUCKET_0%5D;u3=%5BBUCKET_1_9%5D;u4=%5BBUCKET_10_19%5D;u5=%5BBUCKET_20_29%5D;u6=%5BBUCKET_30_39%5D;u7=%5BBUCKET_40_49%5D;u8=%5BBUCKET_50_59%5D;u9=%5BBUCKET_60_69%5D;u10=%5BBUCKET_70_79%5D;u11=%5BBUCKET_80_89%5D;u12=%5BBUCKET_90_99%5D;u13=%5BBUCKET_100%5D;u14=115750;u15=18330;u16=%5BDVP_ADID%5D;u17=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1|https://ad.doubleclick.net/ddm/activity/src=1295336;type=custom;cat=viewa2;u1=%5BTOTALPAGETIME%5D;u2=%5BBUCKET_0%5D;u3=%5BBUCKET_1_9%5D;u4=%5BBUCKET_10_19%5D;u5=%5BBUCKET_20_29%5D;u6=%5BBUCKET_30_39%5D;u7=%5BBUCKET_40_49%5D;u8=%5BBUCKET_50_59%5D;u9=%5BBUCKET_60_69%5D;u10=%5BBUCKET_70_79%5D;u11=%5BBUCKET_80_89%5D;u12=%5BBUCKET_90_99%5D;u13=%5BBUCKET_100%5D;u14=115750;u15=18330;u16=%5BDVP_ADID%5D;u17=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1?cbust=1674906333522702
IP 216.58.207.230:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ddm/activity/src=1295336;type=custom;cat=viewa2;u1=%5BTOTALPAGETIME%5D;u2=%5BBUCKET_0%5D;u3=%5BBUCKET_1_9%5D;u4=%5BBUCKET_10_19%5D;u5=%5BBUCKET_20_29%5D;u6=%5BBUCKET_30_39%5D;u7=%5BBUCKET_40_49%5D;u8=%5BBUCKET_50_59%5D;u9=%5BBUCKET_60_69%5D;u10=%5BBUCKET_70_79%5D;u11=%5BBUCKET_80_89%5D;u12=%5BBUCKET_90_99%5D;u13=%5BBUCKET_100%5D;u14=115750;u15=18330;u16=%5BDVP_ADID%5D;u17=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1|https://ad.doubleclick.net/ddm/activity/src=1295336;type=custom;cat=viewa2;u1=%5BTOTALPAGETIME%5D;u2=%5BBUCKET_0%5D;u3=%5BBUCKET_1_9%5D;u4=%5BBUCKET_10_19%5D;u5=%5BBUCKET_20_29%5D;u6=%5BBUCKET_30_39%5D;u7=%5BBUCKET_40_49%5D;u8=%5BBUCKET_50_59%5D;u9=%5BBUCKET_60_69%5D;u10=%5BBUCKET_70_79%5D;u11=%5BBUCKET_80_89%5D;u12=%5BBUCKET_90_99%5D;u13=%5BBUCKET_100%5D;u14=115750;u15=18330;u16=%5BDVP_ADID%5D;u17=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1?cbust=1674906333522702 HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 28 Jan 2023 11:45:31 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
location: https://adservice.google.com/ddm/fls/p/src=1295336;type=custom;cat=viewa2;u1=%5BTOTALPAGETIME%5D;u2=%5BBUCKET_0%5D;u3=%5BBUCKET_1_9%5D;u4=%5BBUCKET_10_19%5D;u5=%5BBUCKET_20_29%5D;u6=%5BBUCKET_30_39%5D;u7=%5BBUCKET_40_49%5D;u8=%5BBUCKET_50_59%5D;u9=%5BBUCKET_60_69%5D;u10=%5BBUCKET_70_79%5D;u11=%5BBUCKET_80_89%5D;u12=%5BBUCKET_90_99%5D;u13=%5BBUCKET_100%5D;u14=115750;u15=18330;u16=%5BDVP_ADID%5D;u17=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1%7Chttps://ad.doubleclick.net/ddm/activity/src=1295336;type=custom;cat=viewa2;u1=%5BTOTALPAGETIME%5D;u2=%5BBUCKET_0%5D;u3=%5BBUCKET_1_9%5D;u4=%5BBUCKET_10_19%5D;u5=%5BBUCKET_20_29%5D;u6=%5BBUCKET_30_39%5D;u7=%5BBUCKET_40_49%5D;u8=%5BBUCKET_50_59%5D;u9=%5BBUCKET_60_69%5D;u10=%5BBUCKET_70_79%5D;u11=%5BBUCKET_80_89%5D;u12=%5BBUCKET_90_99%5D;u13=%5BBUCKET_100%5D;u14=115750;u15=18330;u16=%5BDVP_ADID%5D;u17=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1?cbust=1674906333522702&~oref=https://googleads.g.doubleclick.net/
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 28-Jan-2023 12:00:31 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ad.doubleclick.net/activity;src=1295336;type=cs;cat=Viewa0;u14=115750;u15=18330;u16=%5BDVP_ADID%5D;ord=1|https://ad.doubleclick.net/activity;src=1295336;type=cs;cat=Viewa0;u14=115750;u15=18330;u16=%5BDVP_ADID%5D;ord=1?cbust=1674906333521555
216.58.207.230302 Found 0 B URL HTTP/2 ad.doubleclick.net/activity;src=1295336;type=cs;cat=Viewa0;u14=115750;u15=18330;u16=%5BDVP_ADID%5D;ord=1|https://ad.doubleclick.net/activity;src=1295336;type=cs;cat=Viewa0;u14=115750;u15=18330;u16=%5BDVP_ADID%5D;ord=1?cbust=1674906333521555
IP 216.58.207.230:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /activity;src=1295336;type=cs;cat=Viewa0;u14=115750;u15=18330;u16=%5BDVP_ADID%5D;ord=1|https://ad.doubleclick.net/activity;src=1295336;type=cs;cat=Viewa0;u14=115750;u15=18330;u16=%5BDVP_ADID%5D;ord=1?cbust=1674906333521555 HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 28 Jan 2023 11:45:31 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
location: https://adservice.google.com/ddm/fls/p/src=1295336;type=cs;cat=Viewa0;u14=115750;u15=18330;u16=%5BDVP_ADID%5D;ord=1%7Chttps://ad.doubleclick.net/activity;src=1295336;type=cs;cat=Viewa0;u14=115750;u15=18330;u16=%5BDVP_ADID%5D;ord=1?cbust=1674906333521555&~oref=https://googleads.g.doubleclick.net/
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 28-Jan-2023 12:00:31 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash af1c521d29c662e208d80836c19fa58a
64e18dcf8f3ea43f6aeb1c66299bd37121cdfe14
57fe9c6dbb637c6090c7110234fb9d3aadb75850d6d5ed5c668376ebd121c1f6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 11:45:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
tpsc-frc.doubleverify.com/event.png?impid=1bb7110b588043fea1b16ccb5a97235b&flavor=0&gdpr=&gdpr_consent=&dvp_gdpr_Error=3&dvp_gdv2_Error=3&dvp_ealrgx=1&dvp_ealmp=1&dvp_ealslr=1&vdur=312&eoid=14&msrjs=3438&sdf=67108870&vit=2&isvelg=1&rmi=16&tltms=7&tetms=4&msltms=15&vltms=312&sei=146&vetms=7&engms=1&engisel=1&dvp_dtcov=4&msrcanlm=262536&msrcannum=3&ismms=27&isumms=26&nvr=6&isgmmims=27&isgmv4mims=27&elmtp=6&isbxdms=2408&b0=100&b11=2384&adhgt=90&adwdth=728&norwdth=728&norhgt=90&vsos=5&dvp_vsosnmr=16&lftb=2484&sftb=2484&msrdp=1&naral=262272&vct=512&vphgt=1024&vpwdth=1280&chgt=90&cwdth=728&invcs=false&scrhgt=1024&scrwdth=1280&strp=0&advisonl=false&isiabvms=1092&isuiabvms=1092&isgmpims=149&isgmv4dpims=1092&ispmxpms=1092&engalms=24&dvp_dpr=1&ee_dp_cvcmeeid=1&metp=1&meeid=1&ttfurm=3337&cbust=1674906334417940
213.254.244.26204 No Content 0 B URL HTTP/1.1 tpsc-frc.doubleverify.com/event.png?impid=1bb7110b588043fea1b16ccb5a97235b&flavor=0&gdpr=&gdpr_consent=&dvp_gdpr_Error=3&dvp_gdv2_Error=3&dvp_ealrgx=1&dvp_ealmp=1&dvp_ealslr=1&vdur=312&eoid=14&msrjs=3438&sdf=67108870&vit=2&isvelg=1&rmi=16&tltms=7&tetms=4&msltms=15&vltms=312&sei=146&vetms=7&engms=1&engisel=1&dvp_dtcov=4&msrcanlm=262536&msrcannum=3&ismms=27&isumms=26&nvr=6&isgmmims=27&isgmv4mims=27&elmtp=6&isbxdms=2408&b0=100&b11=2384&adhgt=90&adwdth=728&norwdth=728&norhgt=90&vsos=5&dvp_vsosnmr=16&lftb=2484&sftb=2484&msrdp=1&naral=262272&vct=512&vphgt=1024&vpwdth=1280&chgt=90&cwdth=728&invcs=false&scrhgt=1024&scrwdth=1280&strp=0&advisonl=false&isiabvms=1092&isuiabvms=1092&isgmpims=149&isgmv4dpims=1092&ispmxpms=1092&engalms=24&dvp_dpr=1&ee_dp_cvcmeeid=1&metp=1&meeid=1&ttfurm=3337&cbust=1674906334417940
IP 213.254.244.26:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /event.png?impid=1bb7110b588043fea1b16ccb5a97235b&flavor=0&gdpr=&gdpr_consent=&dvp_gdpr_Error=3&dvp_gdv2_Error=3&dvp_ealrgx=1&dvp_ealmp=1&dvp_ealslr=1&vdur=312&eoid=14&msrjs=3438&sdf=67108870&vit=2&isvelg=1&rmi=16&tltms=7&tetms=4&msltms=15&vltms=312&sei=146&vetms=7&engms=1&engisel=1&dvp_dtcov=4&msrcanlm=262536&msrcannum=3&ismms=27&isumms=26&nvr=6&isgmmims=27&isgmv4mims=27&elmtp=6&isbxdms=2408&b0=100&b11=2384&adhgt=90&adwdth=728&norwdth=728&norhgt=90&vsos=5&dvp_vsosnmr=16&lftb=2484&sftb=2484&msrdp=1&naral=262272&vct=512&vphgt=1024&vpwdth=1280&chgt=90&cwdth=728&invcs=false&scrhgt=1024&scrwdth=1280&strp=0&advisonl=false&isiabvms=1092&isuiabvms=1092&isgmpims=149&isgmv4dpims=1092&ispmxpms=1092&engalms=24&dvp_dpr=1&ee_dp_cvcmeeid=1&metp=1&meeid=1&ttfurm=3337&cbust=1674906334417940 HTTP/1.1
Host: tpsc-frc.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://googleads.g.doubleclick.net
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/1.1 204 No Content
Date: Sat, 28 Jan 2023 11:44:37 GMT
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Cache-Control: max-age=0
Expires: 01/27/2023 11:45:32
Pragma: no-cache
tpsc-frc.doubleverify.com/event.png?impid=c47338341100472eaa7096bb79419ed3&flavor=0&gdpr=&gdpr_consent=&dvp_gdpr_Error=3&dvp_gdv2_Error=3&dvp_ealrgx=1&dvp_ealmp=1&dvp_ealslr=1&vdur=1530&eoid=14&msrjs=3438&sdf=67108870&vit=2&isvelg=1&rmi=16&tltms=7&tetms=4&msltms=16&vltms=1530&sei=145&vetms=11&engms=1&engisel=1&dvp_dtcov=4&msrcanlm=392&msrcannum=3&ismms=1055&isumms=1054&nvr=6&isgmmims=1055&isgmv4mims=1055&elmtp=6&isbxdms=3592&b0=100&b11=2540&adhgt=90&adwdth=728&norwdth=728&norhgt=90&vsos=5&dvp_vsosnmr=16&lftb=2640&sftb=2640&msrdp=3&naral=128&vct=512&vphgt=1024&vpwdth=1280&chgt=90&cwdth=728&invcs=false&scrhgt=1024&scrwdth=1280&strp=0&advisonl=false&isiabvms=2089&isuiabvms=2089&isgmpims=1156&isgmv4dpims=2089&ispmxpms=2089&engalms=1054&dvp_dpr=1&ee_dp_cvcmeeid=1&metp=1&meeid=1&ttfurm=4576&cbust=1674906335314808
213.254.244.26204 No Content 0 B URL HTTP/1.1 tpsc-frc.doubleverify.com/event.png?impid=c47338341100472eaa7096bb79419ed3&flavor=0&gdpr=&gdpr_consent=&dvp_gdpr_Error=3&dvp_gdv2_Error=3&dvp_ealrgx=1&dvp_ealmp=1&dvp_ealslr=1&vdur=1530&eoid=14&msrjs=3438&sdf=67108870&vit=2&isvelg=1&rmi=16&tltms=7&tetms=4&msltms=16&vltms=1530&sei=145&vetms=11&engms=1&engisel=1&dvp_dtcov=4&msrcanlm=392&msrcannum=3&ismms=1055&isumms=1054&nvr=6&isgmmims=1055&isgmv4mims=1055&elmtp=6&isbxdms=3592&b0=100&b11=2540&adhgt=90&adwdth=728&norwdth=728&norhgt=90&vsos=5&dvp_vsosnmr=16&lftb=2640&sftb=2640&msrdp=3&naral=128&vct=512&vphgt=1024&vpwdth=1280&chgt=90&cwdth=728&invcs=false&scrhgt=1024&scrwdth=1280&strp=0&advisonl=false&isiabvms=2089&isuiabvms=2089&isgmpims=1156&isgmv4dpims=2089&ispmxpms=2089&engalms=1054&dvp_dpr=1&ee_dp_cvcmeeid=1&metp=1&meeid=1&ttfurm=4576&cbust=1674906335314808
IP 213.254.244.26:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /event.png?impid=c47338341100472eaa7096bb79419ed3&flavor=0&gdpr=&gdpr_consent=&dvp_gdpr_Error=3&dvp_gdv2_Error=3&dvp_ealrgx=1&dvp_ealmp=1&dvp_ealslr=1&vdur=1530&eoid=14&msrjs=3438&sdf=67108870&vit=2&isvelg=1&rmi=16&tltms=7&tetms=4&msltms=16&vltms=1530&sei=145&vetms=11&engms=1&engisel=1&dvp_dtcov=4&msrcanlm=392&msrcannum=3&ismms=1055&isumms=1054&nvr=6&isgmmims=1055&isgmv4mims=1055&elmtp=6&isbxdms=3592&b0=100&b11=2540&adhgt=90&adwdth=728&norwdth=728&norhgt=90&vsos=5&dvp_vsosnmr=16&lftb=2640&sftb=2640&msrdp=3&naral=128&vct=512&vphgt=1024&vpwdth=1280&chgt=90&cwdth=728&invcs=false&scrhgt=1024&scrwdth=1280&strp=0&advisonl=false&isiabvms=2089&isuiabvms=2089&isgmpims=1156&isgmv4dpims=2089&ispmxpms=2089&engalms=1054&dvp_dpr=1&ee_dp_cvcmeeid=1&metp=1&meeid=1&ttfurm=4576&cbust=1674906335314808 HTTP/1.1
Host: tpsc-frc.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://googleads.g.doubleclick.net
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/1.1 204 No Content
Date: Sat, 28 Jan 2023 11:45:34 GMT
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Cache-Control: max-age=0
Expires: 01/27/2023 11:45:33
Pragma: no-cache
fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
142.250.74.106200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
IP 142.250.74.106:0
GET /css?family=Google%20Sans%3A400%2C500 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 28 Jan 2023 11:45:27 GMT
date: Sat, 28 Jan 2023 11:45:27 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
sfile.mobi/download/1147585/16476/61c07c92e0ac23583192f8402023c1d7/am-cc-10july-satriyaid.apk&is=632c5978638a6a87eda378c2d0c88ee8
104.26.4.191302 Found 0 B URL HTTP/2 sfile.mobi/download/1147585/16476/61c07c92e0ac23583192f8402023c1d7/am-cc-10july-satriyaid.apk&is=632c5978638a6a87eda378c2d0c88ee8
IP 104.26.4.191:0
GET /download/1147585/16476/61c07c92e0ac23583192f8402023c1d7/am-cc-10july-satriyaid.apk&is=632c5978638a6a87eda378c2d0c88ee8 HTTP/1.1
Host: sfile.mobi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
date: Sat, 28 Jan 2023 11:45:25 GMT
content-type: text/html; charset=UTF-8
location: https://sfile.mobi/DdcUkwKlO07
set-cookie: PHPSESSID=2c08mhlomrp9q1o17gd44bqorb; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-frame-options: DENY
vary: User-Agent
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5nAwhbEyHu913KGmknv5tXfPCuxe4LUZMXT3fJ3tqxiIMeLe9u2kIY8%2BnrHnUTYTrFqcZLWMZJoSc%2BOdozqxo2ACGCOOTENIoHhjse8VQ3GZdrV%2B4OZR4Rmv50o%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79097b525ae60b51-OSL
X-Firefox-Spdy: h2
sfile.mobi/DdcUkwKlO07
104.26.4.191200 OK 0 B IP 104.26.4.191:0
GET /DdcUkwKlO07 HTTP/1.1
Host: sfile.mobi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: PHPSESSID=2c08mhlomrp9q1o17gd44bqorb
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 11:45:25 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: _v1147585=1; expires=Sun, 29-Jan-2023 11:45:25 GMT; Max-Age=86400; path=/DdcUkwKlO07
vary: Accept-Encoding,User-Agent
x-frame-options: DENY
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8GZtCv6gt%2F2%2BCPHY%2B19JOGV5zXyJ2hk%2F%2BjEYEaRSe9cjAgL3NWWiNtqV0qkxb%2FbY61PrpHkRpAkRN1aFAHk1l8iw87kOS3PVwy4A8sPy7fOqaqNC%2F4ZvnWRi%2Br4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79097b548c880b51-OSL
content-encoding: br
X-Firefox-Spdy: h2
sfile.mobi/icon/smallicon/npv4.svg
104.26.4.191200 OK 0 B URL HTTP/2 sfile.mobi/icon/smallicon/npv4.svg
IP 104.26.4.191:0
Analyzer Verdict Alert fortinet Malware
GET /icon/smallicon/npv4.svg HTTP/1.1
Host: sfile.mobi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sfile.mobi/DdcUkwKlO07
Cookie: PHPSESSID=2c08mhlomrp9q1o17gd44bqorb
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 11:45:25 GMT
content-type: image/svg+xml
last-modified: Wed, 23 Jun 2021 01:54:25 GMT
etag: W/"6a8-5c5652fa0f640-gzip"
cache-control: max-age=604800
expires: Fri, 03 Feb 2023 16:17:59 GMT
vary: Accept-Encoding,User-Agent
x-frame-options: DENY
cf-cache-status: HIT
age: 70046
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mexuH3ab6pgaEyWNwWWskM9EfBTlUG371qnRAakKkwqanaTPXlm3VVB48vTMHJZcipKY%2FB0qd26SiqEz7XSzG2atCfPW2ai8TLbH45%2BRt8Xj0WR%2B%2BrgI5%2F7bPjg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79097b55edd90b51-OSL
content-encoding: br
X-Firefox-Spdy: h2
fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap
142.250.74.106200 OK 0 B URL HTTP/2 fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap
IP 142.250.74.106:0
GET /css2?family=Roboto:wght@400;700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 28 Jan 2023 11:45:27 GMT
date: Sat, 28 Jan 2023 11:45:27 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
sfile.mobi/icon/smallicon/file.svg
104.26.4.191200 OK 0 B URL HTTP/2 sfile.mobi/icon/smallicon/file.svg
IP 104.26.4.191:0
Analyzer Verdict Alert fortinet Malware
GET /icon/smallicon/file.svg HTTP/1.1
Host: sfile.mobi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sfile.mobi/DdcUkwKlO07
Cookie: PHPSESSID=2c08mhlomrp9q1o17gd44bqorb
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 11:45:25 GMT
content-type: image/svg+xml
last-modified: Sun, 23 Jul 2017 04:59:39 GMT
etag: W/"274-554f4f72984c0-gzip"
cache-control: max-age=604800
expires: Thu, 02 Feb 2023 22:25:38 GMT
vary: Accept-Encoding,User-Agent
x-frame-options: DENY
cf-cache-status: HIT
age: 134387
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5%2Bbg2VyKLw9EVFjeyGRENzIlvgXrbW2u7rBfPYop0Hf44NW%2B%2Bugb7SDrR%2BYxlW5%2FB74DPwB%2Bcga3rbzFBcEArQSStZn8D5vYw%2BBpOcqa9W5oqL6bf4WZDOr%2FoK8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79097b55ede00b51-OSL
content-encoding: br
X-Firefox-Spdy: h2
sfile.mobi/includes/main-min.css
104.26.4.191200 OK 0 B URL HTTP/2 sfile.mobi/includes/main-min.css
IP 104.26.4.191:0
GET /includes/main-min.css HTTP/1.1
Host: sfile.mobi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sfile.mobi/DdcUkwKlO07
Cookie: PHPSESSID=2c08mhlomrp9q1o17gd44bqorb
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 11:45:25 GMT
content-type: text/css; charset=utf-8
last-modified: Sat, 05 Nov 2022 06:53:42 GMT
etag: W/"68ea-5ecb3a69a8980-gzip"
cache-control: max-age=2592000
expires: Sat, 18 Feb 2023 21:45:02 GMT
vary: Accept-Encoding,User-Agent
x-frame-options: DENY
cf-cache-status: HIT
age: 741623
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xOz5VT2NqE%2B4rtDMULlhIfxrEAnL2uAsFc0cSiR5AhZvB30kmJdHTUnk4FHb6LYTtdy3RCGyVjufUyJa79eOKq5E2w6GMzhhjmMaWzk5qfR9Eaj3PaoH2XnXYCc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79097b55ddc40b51-OSL
content-encoding: br
X-Firefox-Spdy: h2
sfile.mobi/icon/smallicon/hc.svg
104.26.4.191200 OK 0 B URL HTTP/2 sfile.mobi/icon/smallicon/hc.svg
IP 104.26.4.191:0
Analyzer Verdict Alert fortinet Malware
GET /icon/smallicon/hc.svg HTTP/1.1
Host: sfile.mobi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sfile.mobi/DdcUkwKlO07
Cookie: PHPSESSID=2c08mhlomrp9q1o17gd44bqorb
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 11:45:25 GMT
content-type: image/svg+xml
last-modified: Mon, 07 Sep 2020 16:11:11 GMT
etag: W/"77a-5aebb7786e5c0-gzip"
cache-control: max-age=604800
expires: Sat, 04 Feb 2023 11:45:25 GMT
vary: Accept-Encoding,User-Agent
x-frame-options: DENY
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v73NwhrFPbnQC168WxNP67EkwUExppabzJfM5VU%2FKKeNtEdOxGu628xyl0WwKwdbMGfwYyeDYWxLZexTUCVzGa1AZVEWJgnNjEs3M%2BXXAdEI7CSYW2KP2Zz%2FX9A%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79097b55ddd00b51-OSL
content-encoding: br
X-Firefox-Spdy: h2
sfile.mobi/icon/smallicon/pdf.svg
104.26.4.191200 OK 0 B URL HTTP/2 sfile.mobi/icon/smallicon/pdf.svg
IP 104.26.4.191:0
Analyzer Verdict Alert fortinet Malware
GET /icon/smallicon/pdf.svg HTTP/1.1
Host: sfile.mobi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sfile.mobi/DdcUkwKlO07
Cookie: PHPSESSID=2c08mhlomrp9q1o17gd44bqorb
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 11:45:25 GMT
content-type: image/svg+xml
last-modified: Sun, 23 Jul 2017 04:55:06 GMT
etag: W/"ea8-554f4e6e3de80-gzip"
cache-control: max-age=604800
expires: Sun, 29 Jan 2023 06:08:37 GMT
vary: Accept-Encoding,User-Agent
x-frame-options: DENY
cf-cache-status: HIT
age: 538608
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZPLktPCRCntrMOTkZQ7DQX3aDVfqt35apA4ydWYRQxHIG9Z1e%2FAuN6HKprZl6mjH%2BSA7FE909QzVLgEAWzFYz3SN8vVGIR380WxfZGuSxyk334%2BZZ0mCRBiCbO4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79097b55edd20b51-OSL
content-encoding: br
X-Firefox-Spdy: h2