ef.vpn-access.org/48HP5T/2GMH37/
34.107.199.247302 Found 224 B URL HTTP/1.1 ef.vpn-access.org/48HP5T/2GMH37/
IP 34.107.199.247:0
File type HTML document, ASCII text
Hash 9566014c399ace28678b1e28057255cc
92ec31beaafd462f779611bae31f8e11d2e65499
ed39714e4de6249f26cb9bc73aedb2697a966afe6aa80d0c539978259baef1a5
GET /48HP5T/2GMH37/ HTTP/1.1
Host: ef.vpn-access.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
server: nginx
date: Fri, 27 Jan 2023 19:35:02 GMT
content-type: text/html; charset=utf-8
content-length: 224
location: https://www.c9ikptk.com/48HP5T/BP658/?__rpt=0&__po=30&__ptid=fd0b6b94fd4f4355a16a1b3fd9fbd41c&__rpa=0&__rc=1&sub1=&sub2=&sub3=&sub4=&sub5=&source_id=&__pcd=9
set-cookie: uniqueClick_2GMH37=2cab98fe-0eb2-4893-b797-d1d0430ca4a9:1674848102; Path=/; Expires=Fri, 10 Feb 2023 19:35:02 GMT; SameSite=None
vary: Origin
x-eflow-request-id: 54fe9da2-1dec-4247-9f82-f62247aa4f70
Via: 1.1 google
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9fbe85f42e8ae8ae41cc12df5f98b141
949fa36ff0f22f72565fd584bef094dd4de23037
184d3e4df4bce559b4d7c4836372f5fd2de9782a96b04d364230b7d695d737d8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "184D3E4DF4BCE559B4D7C4836372F5FD2DE9782A96B04D364230B7D695D737D8"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5781
Expires: Fri, 27 Jan 2023 21:11:23 GMT
Date: Fri, 27 Jan 2023 19:35:02 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 58ffdcb539c3b250fdf31ed761627fc1
5b55b1522ef84c39b5c42f9bbfbc62b806c1269f
eb783cfa8c8544b0574b345abc0bf3c150979d4efce1a013f17b6cd48076fc63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EB783CFA8C8544B0574B345ABC0BF3C150979D4EFCE1A013F17B6CD48076FC63"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5790
Expires: Fri, 27 Jan 2023 21:11:32 GMT
Date: Fri, 27 Jan 2023 19:35:02 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 69f73ac59327cd9ad7d99816ccfcc03e
c54844f82dbee0d5ee4c8ce344eb0139373e6c6b
e81c685b2d8f0e31b89e5cfc911a2c5a99a556646830ac5a8468d991b5e871a3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E81C685B2D8F0E31B89E5CFC911A2C5A99A556646830AC5A8468D991B5E871A3"
Last-Modified: Thu, 26 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13409
Expires: Fri, 27 Jan 2023 23:18:31 GMT
Date: Fri, 27 Jan 2023 19:35:02 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Retry-After, Content-Type, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 27 Jan 2023 18:35:23 GMT
content-type: application/json
age: 3579
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: SjPFzntp6SdxGBAZvQD6viFI2Ywppv1rstSyi6OaYSSRyIay2Q1JFoUJv7LStov8UNWXE2BLSpM=
x-amz-request-id: GFBXWAQPZ903CSC9
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 27 Jan 2023 19:20:39 GMT
age: 863
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 27 Jan 2023 19:35:02 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.starfieldtech.com/
192.124.249.23200 OK 1.8 kB IP 192.124.249.23:0
Hash 0d6b79ad607a138d087680dbd2acb710
29d9b67aa334ee2a3b0bdb07fb5174c65cc25513
416d086e9c995bc211df4a68ca6f3d5c6df62e780fb6822aca87b02e4f33590f
POST / HTTP/1.1
Host: ocsp.starfieldtech.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Fri, 27 Jan 2023 19:35:02 GMT
Content-Type: application/ocsp-response
Content-Length: 1845
Connection: keep-alive
X-Sucuri-ID: 19023
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Thu, 26 Jan 2023 21:49:15 GMT
Expires: Fri, 27 Jan 2023 21:49:15 GMT
ETag: "29d9b67aa334ee2a3b0bdb07fb5174c65cc25513"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Last-Modified, ETag, Content-Length, Expires, Cache-Control, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 27 Jan 2023 18:41:40 GMT
age: 3202
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
www.c9ikptk.com/48HP5T/BP658/?__rpt=0&__po=30&__ptid=fd0b6b94fd4f4355a16a1b3fd9fbd41c&__rpa=0&__rc=1&sub1=&sub2=&sub3=&sub4=&sub5=&source_id=&__pcd=9
34.107.199.247302 Found 57 B URL HTTP/2 www.c9ikptk.com/48HP5T/BP658/?__rpt=0&__po=30&__ptid=fd0b6b94fd4f4355a16a1b3fd9fbd41c&__rpa=0&__rc=1&sub1=&sub2=&sub3=&sub4=&sub5=&source_id=&__pcd=9
IP 34.107.199.247:0
File type HTML document, ASCII text
Hash fac34a702735ac79294c0ff2645951dc
bb025946516e373af1fb36abe2e300af88fda6be
a4cbd7e80e4d2c050331282c60cd52fb8af96d7f86f71c61a0da55d6d1a4e9f6
GET /48HP5T/BP658/?__rpt=0&__po=30&__ptid=fd0b6b94fd4f4355a16a1b3fd9fbd41c&__rpa=0&__rc=1&sub1=&sub2=&sub3=&sub4=&sub5=&source_id=&__pcd=9 HTTP/1.1
Host: www.c9ikptk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
server: nginx
date: Fri, 27 Jan 2023 19:35:02 GMT
content-type: text/html; charset=utf-8
content-length: 57
location: http://p.npcad.com/go/89517/482729
set-cookie: uniqueClick_BP658=975ae1c4-10bb-494d-9a30-dff786f96f9e:1674848102; Path=/; Expires=Fri, 03 Feb 2023 19:35:02 GMT; Secure; SameSite=None
transaction_id=513aea7734a44f379b28046de85e2783; Path=/; Expires=Thu, 27 Apr 2023 19:35:02 GMT; Secure; SameSite=None
vary: Origin
x-eflow-request-id: e6962d89-f5d4-425c-b76b-3043e14ab444
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.starfieldtech.com/
192.124.249.23200 OK 1.8 kB IP 192.124.249.23:0
Hash 0d6b79ad607a138d087680dbd2acb710
29d9b67aa334ee2a3b0bdb07fb5174c65cc25513
416d086e9c995bc211df4a68ca6f3d5c6df62e780fb6822aca87b02e4f33590f
POST / HTTP/1.1
Host: ocsp.starfieldtech.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Fri, 27 Jan 2023 19:35:02 GMT
Content-Type: application/ocsp-response
Content-Length: 1845
Connection: keep-alive
X-Sucuri-ID: 19023
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Thu, 26 Jan 2023 21:49:15 GMT
Expires: Fri, 27 Jan 2023 21:49:15 GMT
ETag: "29d9b67aa334ee2a3b0bdb07fb5174c65cc25513"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 16a7b6a7128312e2f985d30df18c4487
6017bff79ffb525d9c7f9f32b999b74b5dc69602
663fd12209627f08e759c2ed1c76278a5da79dae1e0b46082dd1bb44775f7a16
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "663FD12209627F08E759C2ED1C76278A5DA79DAE1E0B46082DD1BB44775F7A16"
Last-Modified: Fri, 27 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19269
Expires: Sat, 28 Jan 2023 00:56:12 GMT
Date: Fri, 27 Jan 2023 19:35:03 GMT
Connection: keep-alive
p.npcad.com/go/89517/482729
3.228.63.1200 OK 272 B URL HTTP/1.1 p.npcad.com/go/89517/482729
IP 3.228.63.1:0
File type HTML document, ASCII text
Hash aa68efb2770743a4fcf127aaa1c254fb
7321f514c385df42db3e19f9843a955b0e1e9bfe
000bc0c03da83cd6d9935b7897eaadeea816c363a117666c421fd6a1a76d1af3
Analyzer Verdict Alert fortinet Phishing
GET /go/89517/482729 HTTP/1.1
Host: p.npcad.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Encoding: gzip
Content-Type: text/html
Date: Fri, 27 Jan 2023 19:35:03 GMT
Server: nginx
Vary: Accept-Encoding
Content-Length: 272
Connection: keep-alive
push.services.mozilla.com/
52.43.158.219101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.43.158.219:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: iI4+j6uxxo2AldqTQzkHvA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: IFQHdnuRWESxtwdESlgrNTUZF1E=
p.npcad.com/ad/ad?p=89517&w=482729&t=06f3a1a9c5009619&r=&vw=1280&vh=0
3.228.63.1303 See Other 0 B URL HTTP/1.1 p.npcad.com/ad/ad?p=89517&w=482729&t=06f3a1a9c5009619&r=&vw=1280&vh=0
IP 3.228.63.1:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ad/ad?p=89517&w=482729&t=06f3a1a9c5009619&r=&vw=1280&vh=0 HTTP/1.1
Host: p.npcad.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://p.npcad.com/go/89517/482729
Upgrade-Insecure-Requests: 1
HTTP/1.1 303 See Other
Date: Fri, 27 Jan 2023 19:35:03 GMT
Location: http://xml.poprtb.pro/click?i=abW3QX0XvUE_0#pc224398
Server: nginx
Content-Length: 0
Connection: keep-alive
xml.poprtb.pro/click?i=abW3QX0XvUE_0
174.137.133.18302 Found 0 B URL HTTP/1.1 xml.poprtb.pro/click?i=abW3QX0XvUE_0
IP 174.137.133.18:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?i=abW3QX0XvUE_0 HTTP/1.1
Host: xml.poprtb.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://p.npcad.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: http://orest-vlv.com/zcvisitor/b2170d46-9e79-11ed-8366-12db35bc3e5b/1091bff0-8a8a-11ec-80f2-0a0a528900a9?campaignid=6de12c70-97e2-11ed-9150-12beee04f19b
Pragma: no-cache
orest-vlv.com/zcvisitor/b2170d46-9e79-11ed-8366-12db35bc3e5b/1091bff0-8a8a-11ec-80f2-0a0a528900a9?campaignid=6de12c70-97e2-11ed-9150-12beee04f19b
52.7.54.238200 1.1 kB URL HTTP/1.1 orest-vlv.com/zcvisitor/b2170d46-9e79-11ed-8366-12db35bc3e5b/1091bff0-8a8a-11ec-80f2-0a0a528900a9?campaignid=6de12c70-97e2-11ed-9150-12beee04f19b
IP 52.7.54.238:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a2cb946d2629dce75a6441568b13fb83
c4f59bc0c26613e0b479f8e2b34544b0b47ecb5a
18bc7cbe13017365fbfceff9bc3df907360cc03a50e02275ee3e168e7f201818
GET /zcvisitor/b2170d46-9e79-11ed-8366-12db35bc3e5b/1091bff0-8a8a-11ec-80f2-0a0a528900a9?campaignid=6de12c70-97e2-11ed-9150-12beee04f19b HTTP/1.1
Host: orest-vlv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://p.npcad.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200
Date: Fri, 27 Jan 2023 19:35:04 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Server: pcKNVqcp
orest-vlv.com/zcredirect?visitid=b2170d46-9e79-11ed-8366-12db35bc3e5b&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false
52.7.54.238200 648 B URL HTTP/1.1 orest-vlv.com/zcredirect?visitid=b2170d46-9e79-11ed-8366-12db35bc3e5b&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false
IP 52.7.54.238:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 4eb752fe8e7639c36324468edfa63adb
ca1a56441d301e7ce306eb824bbf502135c10887
e7494772e48240e7b47effeec4cb2392130b9406d8a7feef0da5d1f30f6c426d
GET /zcredirect?visitid=b2170d46-9e79-11ed-8366-12db35bc3e5b&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false HTTP/1.1
Host: orest-vlv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://orest-vlv.com/zcvisitor/b2170d46-9e79-11ed-8366-12db35bc3e5b/1091bff0-8a8a-11ec-80f2-0a0a528900a9?campaignid=6de12c70-97e2-11ed-9150-12beee04f19b
Upgrade-Insecure-Requests: 1
HTTP/1.1 200
Date: Fri, 27 Jan 2023 19:35:04 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
redirected: JS
Server: TGEFShpx
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14999
Expires: Fri, 27 Jan 2023 23:45:03 GMT
Date: Fri, 27 Jan 2023 19:35:04 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14999
Expires: Fri, 27 Jan 2023 23:45:03 GMT
Date: Fri, 27 Jan 2023 19:35:04 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14999
Expires: Fri, 27 Jan 2023 23:45:03 GMT
Date: Fri, 27 Jan 2023 19:35:04 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b7a0759c043594fbe85af422b59b8227
a05cfaad16078f42218dae233da38f6f5dff8487
e898d6ef1b3998fb9322a8fc190069ec5f7b3582bfe8397a2367497d84a27549
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11568
x-amzn-requestid: 79b70f1f-a157-4dd4-8743-825714195b3c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e9T3UGA3oAMFSlQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c86695-36e60aba09c152c73b8aefcb;Sampled=0
x-amzn-remapped-date: Wed, 18 Jan 2023 21:37:25 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: zt4bgV2C6Wb_Ufa5mZ7-UDTfCvhXJggPJw9668v5DEmyBnWZ-aNrCg==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 23:01:22 GMT
age: 74022
etag: "a05cfaad16078f42218dae233da38f6f5dff8487"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52fbb3f0-e394-4245-a542-f5d9aa7b93cc.jpeg
34.120.237.76200 OK 9.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52fbb3f0-e394-4245-a542-f5d9aa7b93cc.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash dc869235086902c4acc379733b6bfdb8
0170f6aa6bd83ddeb60cf1cb65e9f0443d8d4bae
e614e29b14e69209fd4b82a688290f7a3f541909833a6558cf480aca899bab6d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52fbb3f0-e394-4245-a542-f5d9aa7b93cc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 9056
x-amzn-requestid: 81cf473d-8dc6-49e7-b012-d0b7dfaec7f8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fB4COHTlIAMFtRg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ca3a0e-0848461c054db5c66fde9107;Sampled=0
x-amzn-remapped-date: Fri, 20 Jan 2023 06:51:58 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: fdefZSZfSJi1-C7ZTSahawckLN-To4P91H-n1cyPqw34f18VzTeHRg==
via: 1.1 23206a1c229d8877bdd053c4b05f9d12.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 12:53:58 GMT
age: 24066
etag: "0170f6aa6bd83ddeb60cf1cb65e9f0443d8d4bae"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a8a63ec-e0a4-4297-b143-649ad3968ae8.jpeg
34.120.237.76200 OK 9.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a8a63ec-e0a4-4297-b143-649ad3968ae8.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f62e9b7bdca82d18c945851912d8fea8
a7ca44d337c43bc5c6145b26778661c71cc50484
5da02cc405c1cada55813ffe376844375f1d6ad222cbb63405348b1f5132a0b1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a8a63ec-e0a4-4297-b143-649ad3968ae8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9595
x-amzn-requestid: c257bfbe-1bd7-4540-bbfa-e4c49a2624a1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fUXwfGigoAMFvBw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d1a002-226c08656eeefbfa3c2dddb6;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 21:32:50 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: k9njnQmggD7UkVJzZqSzo90HJJjTjGK0QIoPU0HWYKrSstjM6s1rOw==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 21:57:18 GMT
age: 77866
etag: "a7ca44d337c43bc5c6145b26778661c71cc50484"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F16430244-f45f-4aea-a8a8-2b1f37fa80ef.jpeg
34.120.237.76200 OK 5.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F16430244-f45f-4aea-a8a8-2b1f37fa80ef.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5e7158416f60576804ccff03307319fe
a342f94625e913fa6b8d862a59979f1e3ad80dd1
5c525df7d169cc7e033d920c11f4a0163a781c025a22b70530882b56964a9a52
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F16430244-f45f-4aea-a8a8-2b1f37fa80ef.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5737
x-amzn-requestid: 23239d1f-0228-4722-b826-40dc8c9a4af2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fVzDbEacIAMFZtA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d23215-1604c24e272fbb657b9925cc;Sampled=0
x-amzn-remapped-date: Thu, 26 Jan 2023 07:56:05 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: lkM4qVkPHqOdWwmxP2ShOgbbR6fjFtWmdavpgPyn7SQDkuggfHad7g==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 3cd7af07832481c336aa1c93c9b4a6fe.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 12:26:22 GMT
age: 25722
etag: "a342f94625e913fa6b8d862a59979f1e3ad80dd1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6418a71b-f89d-45d1-bc77-36d6312f560b.jpeg
34.120.237.76200 OK 5.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6418a71b-f89d-45d1-bc77-36d6312f560b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ba0a42dadf6a976df148f652e9cc1844
4d825b74865effa4a858ddcad1d0969671facc07
7276a38c9ba6b13a06f24ab8b802f210f98c5541df53fbcd8e879a14d2957d95
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6418a71b-f89d-45d1-bc77-36d6312f560b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5943
x-amzn-requestid: 6774f4a4-ed83-49df-868f-4517c2af914b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fUXxNF2UIAMFlYw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d1a007-75b1e8975c3f4b503e0a1c5b;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 21:32:55 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: MeE0Qrn_yZvUApGQTbOKQ14Z2ipPLbPFPyVqkKTk0Bs7ETn0UU6yMg==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 21:48:43 GMT
age: 78381
etag: "4d825b74865effa4a858ddcad1d0969671facc07"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0cc9d867-fc35-4a62-9934-4cb307d6146d.jpeg
34.120.237.76200 OK 5.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0cc9d867-fc35-4a62-9934-4cb307d6146d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 869cdfba2637cc932ce387317a3c485e
51d87a5223d87c959bf27b2a825dce0a28f52ada
6dc4247dd3110836195f9962463bd8265be89633e9e589bf19955991751c26fe
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0cc9d867-fc35-4a62-9934-4cb307d6146d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5669
x-amzn-requestid: 17f6235c-d495-4813-9453-407331e0dcad
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fR1ZSH4fIAMFxeQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d09c3b-67ff5c7f416727670e7c3b21;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 03:04:27 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: uBZkutqH9dy9U8-_i3LISu9nYOtCTP8YtgxvgZVywkDx7bRzLjqUhw==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 04:27:02 GMT
age: 54482
etag: "51d87a5223d87c959bf27b2a825dce0a28f52ada"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
orest-vlv.com/favicon.ico
52.7.54.238404 653 B URL HTTP/1.1 orest-vlv.com/favicon.ico
IP 52.7.54.238:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (649), with no line terminators
Hash ba2732b1b2fa2626ffaa15f62f9e7d66
203d4e7fbb1d80449d6e4e1f3ae7a9bf8625debe
879861cb72fe9fbb476dab246021c4c83b4066327de2529e05ec54d3afb0a1c8
GET /favicon.ico HTTP/1.1
Host: orest-vlv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://orest-vlv.com/zcredirect?visitid=b2170d46-9e79-11ed-8366-12db35bc3e5b&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false
HTTP/1.1 404
Date: Fri, 27 Jan 2023 19:35:04 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 653
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Content-Language: en
Server: APBHmGOx
ocsp.sca1b.amazontrust.com/
54.230.245.110200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.110:0
Hash 63a39758241a50accfc750a5cc2fd82d
21ebb8267fe9a73da23919d1b386f3ca8c7eb77f
03f10e24e6256f0a26145c9bc3daa8902d04c91541cc2563174f690e6b2b09cd
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=169862
Date: Fri, 27 Jan 2023 19:35:04 GMT
Etag: "63d40780-1d7"
Expires: Sun, 29 Jan 2023 18:46:06 GMT
Last-Modified: Fri, 27 Jan 2023 17:18:56 GMT
Server: ECS (dcb/7F7F)
X-Cache: Miss from cloudfront
Via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: q1F3i3lthEHG-6-2AN-L2N14Oax-Rk1CjhUyqBFCWcA-8oQkEhiePQ==
Age: 5230
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 9a156f9e1eec43fbfc3ea11e27aa3091
280292e0c5a0896c45598aa00e3fb607edf0b3a7
419b77a2c7ed19e8d086c82e3c9096d6ed2ab3032bba31afce0499ee83bc233a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 19:35:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/recaptcha/api.js
216.58.207.228200 OK 556 B URL HTTP/2 www.google.com/recaptcha/api.js
IP 216.58.207.228:0
File type ASCII text, with very long lines (850), with no line terminators
Hash f678bcfbe98b4039961065c12543bfd0
31a000bba532f910d036c24c795ef3636450e4c3
1dabb56e42c7b0a90264a0e7d8884e4111eed0e1b6321cab5f6e26440d63da8d
GET /recaptcha/api.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://smarttds.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Fri, 27 Jan 2023 19:35:05 GMT
date: Fri, 27 Jan 2023 19:35:05 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 556
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
smarttds.org/uploads/landings/en-63aacb05a1c69/public/fonts/Stolzl-Bold.woff2
18.159.164.79200 OK 24 kB URL HTTP/2 smarttds.org/uploads/landings/en-63aacb05a1c69/public/fonts/Stolzl-Bold.woff2
IP 18.159.164.79:0
File type Web Open Font Format (Version 2), TrueType, length 24012, version 1.0\012- data
Hash fd4655d12101d3452b106d9836ce49da
063309b99f53a5ece50f2484731422a50eb3f39f
62a10a7ccd37cd712bb60884224bf1ece6ccd204835bb97deb74527a6bc7c848
GET /uploads/landings/en-63aacb05a1c69/public/fonts/Stolzl-Bold.woff2 HTTP/1.1
Host: smarttds.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://smarttds.org/uploads/landings/en-63aacb05a1c69/public/css/styles.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 27 Jan 2023 19:35:05 GMT
content-type: font/woff2
content-length: 24012
server: nginx/1.20.2
last-modified: Tue, 27 Dec 2022 14:28:28 GMT
etag: "63ab010c-5dcc"
accept-ranges: bytes
X-Firefox-Spdy: h2
smarttds.org/uploads/landings/en-63aacb05a1c69/public/fonts/Stolzl-Medium.woff2
18.159.164.79200 OK 26 kB URL HTTP/2 smarttds.org/uploads/landings/en-63aacb05a1c69/public/fonts/Stolzl-Medium.woff2
IP 18.159.164.79:0
File type Web Open Font Format (Version 2), TrueType, length 26076, version 1.0\012- data
Hash 00b5a10d2904d19aaba1c32d052baf37
b0dbb5ecee9d9702c47169bccc4dd6f375507621
83e4dcc50288ef8a23c9e36089b59d0054023079c31f93fc68641049dc9d0625
GET /uploads/landings/en-63aacb05a1c69/public/fonts/Stolzl-Medium.woff2 HTTP/1.1
Host: smarttds.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://smarttds.org/uploads/landings/en-63aacb05a1c69/public/css/styles.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 27 Jan 2023 19:35:05 GMT
content-type: font/woff2
content-length: 26076
server: nginx/1.20.2
last-modified: Tue, 27 Dec 2022 14:28:28 GMT
etag: "63ab010c-65dc"
accept-ranges: bytes
X-Firefox-Spdy: h2
smarttds.org/uploads/landings/en-63aacb05a1c69/public/img/wheel-white.png
18.159.164.79200 OK 50 kB URL HTTP/2 smarttds.org/uploads/landings/en-63aacb05a1c69/public/img/wheel-white.png
IP 18.159.164.79:0
Hash 9dea45f842bb0085b4edf6d8516bfcd4
1ceb76d7f9e77370f6274e0e5c20ea8095f3a8c3
46a666fb9d761ad0dc990cb5ff1320aac03c27e458a6d1ed84dce03f52df1d69
GET /uploads/landings/en-63aacb05a1c69/public/img/wheel-white.png HTTP/1.1
Host: smarttds.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://smarttds.org/uploads/landings/en-63aacb05a1c69/public/css/styles.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 27 Jan 2023 19:35:05 GMT
content-type: image/png
server: nginx/1.20.2
last-modified: Tue, 27 Dec 2022 14:28:28 GMT
etag: W/"63ab010c-c085"
content-encoding: gzip
X-Firefox-Spdy: h2
smarttds.org/uploads/landings/en-63aacb05a1c69/public/favicon.ico
18.159.164.79200 OK 1.2 kB URL HTTP/2 smarttds.org/uploads/landings/en-63aacb05a1c69/public/favicon.ico
IP 18.159.164.79:0
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash 2d7b8bbce0a99595ce8bdc640ab8e7c3
9fcdb8cdccbc6312564c005c3d5ec4162d91d34f
218e8124c57ec7e46439c7705ca67f5544053ae6717135744673a0ac44e3fce4
GET /uploads/landings/en-63aacb05a1c69/public/favicon.ico HTTP/1.1
Host: smarttds.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://smarttds.org/r/G85L?track_id=52021986&pid=64145&geo=3144096&utm_source=heliotrope-eel&utm_medium=2328&utm_campaign=fs_zeropark_no_pops_desk_19012023&utm_term=foxtrot-sim-vzywlzze2p&utm_content=Firefox¶m1=zeropark¶m2=popup¶m3=cpm¶m4=2022-13
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 27 Jan 2023 19:35:05 GMT
content-type: image/x-icon
content-length: 1150
server: nginx/1.20.2
last-modified: Tue, 27 Dec 2022 14:28:28 GMT
etag: "63ab010c-47e"
accept-ranges: bytes
X-Firefox-Spdy: h2
smarttds.org/uploads/landings/en-63aacb05a1c69/public/img/wheel-button-glow.png
18.159.164.79200 OK 18 kB URL HTTP/2 smarttds.org/uploads/landings/en-63aacb05a1c69/public/img/wheel-button-glow.png
IP 18.159.164.79:0
Hash fa4e52fa70261643f53bcc3c8755a1e9
0a1e5b9a389b34927fcee228d5c1d04227470350
181a0bdcc65d478d677eacc810de3fe8be6d6a22fe4e50bd2310b49f5a3d4c0d
GET /uploads/landings/en-63aacb05a1c69/public/img/wheel-button-glow.png HTTP/1.1
Host: smarttds.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://smarttds.org/uploads/landings/en-63aacb05a1c69/public/css/styles.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 27 Jan 2023 19:35:05 GMT
content-type: image/png
server: nginx/1.20.2
last-modified: Tue, 27 Dec 2022 14:28:28 GMT
etag: W/"63ab010c-43d2"
content-encoding: gzip
X-Firefox-Spdy: h2
smarttds.org/uploads/landings/en-63aacb05a1c69/public/img/wheel-button-bg1b26.png
18.159.164.79200 OK 220 kB URL HTTP/2 smarttds.org/uploads/landings/en-63aacb05a1c69/public/img/wheel-button-bg1b26.png
IP 18.159.164.79:0
File type PNG image data, 308 x 308, 8-bit/color RGBA, non-interlaced\012- data
Size 220 kB (219711 bytes)
Hash 614f0fc2d24e3199ecd6e347479e9e84
d9b6c5c5cf61d0daeaddab1f4f8b55639d383b93
382554916f939b3f68b76932c731c39828aa966999f920a1a0709f49bce2b3fb
GET /uploads/landings/en-63aacb05a1c69/public/img/wheel-button-bg1b26.png HTTP/1.1
Host: smarttds.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://smarttds.org/uploads/landings/en-63aacb05a1c69/public/css/styles.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 27 Jan 2023 19:35:05 GMT
content-type: image/png
server: nginx/1.20.2
last-modified: Tue, 27 Dec 2022 14:28:28 GMT
etag: W/"63ab010c-da5b"
content-encoding: gzip
X-Firefox-Spdy: h2
smarttds.org/uploads/landings/en-63aacb05a1c69/public/js/script.js
18.159.164.79200 OK 4.0 kB URL HTTP/2 smarttds.org/uploads/landings/en-63aacb05a1c69/public/js/script.js
IP 18.159.164.79:0
Hash 8facd162329ab58a45de218e1acf2abd
85fb139e78717aae3ff7712eaef7b754e0659d40
44bfe95b4d01ed7f069205049515555c73b69e7b70b224b5669ff52b800c8800
GET /uploads/landings/en-63aacb05a1c69/public/js/script.js HTTP/1.1
Host: smarttds.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://smarttds.org/r/G85L?track_id=52021986&pid=64145&geo=3144096&utm_source=heliotrope-eel&utm_medium=2328&utm_campaign=fs_zeropark_no_pops_desk_19012023&utm_term=foxtrot-sim-vzywlzze2p&utm_content=Firefox¶m1=zeropark¶m2=popup¶m3=cpm¶m4=2022-13
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 27 Jan 2023 19:35:05 GMT
content-type: application/javascript
server: nginx/1.20.2
last-modified: Tue, 27 Dec 2022 14:28:28 GMT
etag: W/"63ab010c-2c86"
content-encoding: gzip
X-Firefox-Spdy: h2
smarttds.org/uploads/landings/en-63aacb05a1c69/public/img/lion.png
18.159.164.79200 OK 81 kB URL HTTP/2 smarttds.org/uploads/landings/en-63aacb05a1c69/public/img/lion.png
IP 18.159.164.79:0
File type PNG image data, 316 x 670, 8-bit colormap, non-interlaced\012- data
Hash b0ac31d85dc983a41d91cba1b9a84d7d
6b50ce06906cdd011b95c417310fbbd4a012f77f
8da4b54f15bb0d03bac6a7346c78426ae7e3d1bd2583527d9b45671574e9eba6
GET /uploads/landings/en-63aacb05a1c69/public/img/lion.png HTTP/1.1
Host: smarttds.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://smarttds.org/uploads/landings/en-63aacb05a1c69/public/css/styles.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 27 Jan 2023 19:35:05 GMT
content-type: image/png
server: nginx/1.20.2
last-modified: Tue, 27 Dec 2022 14:28:28 GMT
etag: W/"63ab010c-e24d"
content-encoding: gzip
X-Firefox-Spdy: h2
smarttds.org/uploads/landings/en-63aacb05a1c69/public/img/race.jpg
18.159.164.79200 OK 208 kB URL HTTP/2 smarttds.org/uploads/landings/en-63aacb05a1c69/public/img/race.jpg
IP 18.159.164.79:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 540x258, components 3\012- data
Size 208 kB (207698 bytes)
Hash 2372a920eeea44990038c4dbefad3b09
9186335b2993e93717771e102f81690d27ac6927
56847d9c7fd5d2d4c7dea974c7efa643ec902e3201751f99c9b9f772e715bc9f
GET /uploads/landings/en-63aacb05a1c69/public/img/race.jpg HTTP/1.1
Host: smarttds.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://smarttds.org/r/G85L?track_id=52021986&pid=64145&geo=3144096&utm_source=heliotrope-eel&utm_medium=2328&utm_campaign=fs_zeropark_no_pops_desk_19012023&utm_term=foxtrot-sim-vzywlzze2p&utm_content=Firefox¶m1=zeropark¶m2=popup¶m3=cpm¶m4=2022-13
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 27 Jan 2023 19:35:05 GMT
content-type: image/jpeg
server: nginx/1.20.2
last-modified: Tue, 27 Dec 2022 14:28:28 GMT
etag: W/"63ab010c-ace9"
content-encoding: gzip
X-Firefox-Spdy: h2
bonafides.club/64145/8?l=3726¶m1=zeropark¶m2=popup¶m3=cpm¶m4=2022-13&utm_medium=2328&utm_source=heliotrope-eel&utm_term=foxtrot-sim-vzywlzze2p&utm_content=Firefox&utm_campaign=fs_zeropark_no_pops_desk_19012023
52.59.124.141302 Found 0 B URL HTTP/2 bonafides.club/64145/8?l=3726¶m1=zeropark¶m2=popup¶m3=cpm¶m4=2022-13&utm_medium=2328&utm_source=heliotrope-eel&utm_term=foxtrot-sim-vzywlzze2p&utm_content=Firefox&utm_campaign=fs_zeropark_no_pops_desk_19012023
IP 52.59.124.141:0
GET /64145/8?l=3726¶m1=zeropark¶m2=popup¶m3=cpm¶m4=2022-13&utm_medium=2328&utm_source=heliotrope-eel&utm_term=foxtrot-sim-vzywlzze2p&utm_content=Firefox&utm_campaign=fs_zeropark_no_pops_desk_19012023 HTTP/1.1
Host: bonafides.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://orest-vlv.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
content-type: text/html; charset=UTF-8
location: https://smarttds.org/r/G85L?track_id=52021986&pid=64145&geo=3144096&utm_source=heliotrope-eel&utm_medium=2328&utm_campaign=fs_zeropark_no_pops_desk_19012023&utm_term=foxtrot-sim-vzywlzze2p&utm_content=Firefox¶m1=zeropark¶m2=popup¶m3=cpm¶m4=2022-13
cache-control: no-cache, private
date: Fri, 27 Jan 2023 19:35:04 GMT
set-cookie: 2b30eb962003529aa1d435285d39b1c0=Mzg3NTEzOTM%3D; path=/; httponly
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
smarttds.org/uploads/landings/en-63aacb05a1c69/public/img/wheel-bg.png
18.159.164.79200 OK 0 B URL HTTP/2 smarttds.org/uploads/landings/en-63aacb05a1c69/public/img/wheel-bg.png
IP 18.159.164.79:0
GET /uploads/landings/en-63aacb05a1c69/public/img/wheel-bg.png HTTP/1.1
Host: smarttds.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://smarttds.org/uploads/landings/en-63aacb05a1c69/public/css/styles.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 27 Jan 2023 19:35:05 GMT
content-type: image/png
server: nginx/1.20.2
last-modified: Tue, 27 Dec 2022 14:28:28 GMT
etag: W/"63ab010c-108e3"
content-encoding: gzip
X-Firefox-Spdy: h2
smarttds.org/uploads/landings/en-63aacb05a1c69/public/img/coin-mh1.png
18.159.164.79200 OK 0 B URL HTTP/2 smarttds.org/uploads/landings/en-63aacb05a1c69/public/img/coin-mh1.png
IP 18.159.164.79:0
GET /uploads/landings/en-63aacb05a1c69/public/img/coin-mh1.png HTTP/1.1
Host: smarttds.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://smarttds.org/uploads/landings/en-63aacb05a1c69/public/css/styles.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 27 Jan 2023 19:35:05 GMT
content-type: image/png
server: nginx/1.20.2
last-modified: Tue, 27 Dec 2022 14:28:28 GMT
etag: W/"63ab010c-444d"
content-encoding: gzip
X-Firefox-Spdy: h2
smarttds.org/uploads/landings/en-63aacb05a1c69/public/js/intl-tel-utils.js
18.159.164.79200 OK 0 B URL HTTP/2 smarttds.org/uploads/landings/en-63aacb05a1c69/public/js/intl-tel-utils.js
IP 18.159.164.79:0
GET /uploads/landings/en-63aacb05a1c69/public/js/intl-tel-utils.js HTTP/1.1
Host: smarttds.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://smarttds.org/r/G85L?track_id=52021986&pid=64145&geo=3144096&utm_source=heliotrope-eel&utm_medium=2328&utm_campaign=fs_zeropark_no_pops_desk_19012023&utm_term=foxtrot-sim-vzywlzze2p&utm_content=Firefox¶m1=zeropark¶m2=popup¶m3=cpm¶m4=2022-13
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 27 Jan 2023 19:35:05 GMT
content-type: application/javascript
server: nginx/1.20.2
last-modified: Tue, 27 Dec 2022 14:28:28 GMT
etag: W/"63ab010c-3cce0"
content-encoding: gzip
X-Firefox-Spdy: h2
smarttds.org/uploads/landings/en-63aacb05a1c69/public/js/jquery.min.js
18.159.164.79200 OK 0 B URL HTTP/2 smarttds.org/uploads/landings/en-63aacb05a1c69/public/js/jquery.min.js
IP 18.159.164.79:0
GET /uploads/landings/en-63aacb05a1c69/public/js/jquery.min.js HTTP/1.1
Host: smarttds.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://smarttds.org/r/G85L?track_id=52021986&pid=64145&geo=3144096&utm_source=heliotrope-eel&utm_medium=2328&utm_campaign=fs_zeropark_no_pops_desk_19012023&utm_term=foxtrot-sim-vzywlzze2p&utm_content=Firefox¶m1=zeropark¶m2=popup¶m3=cpm¶m4=2022-13
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 27 Jan 2023 19:35:05 GMT
content-type: application/javascript
server: nginx/1.20.2
last-modified: Tue, 27 Dec 2022 14:28:28 GMT
etag: W/"63ab010c-14e06"
content-encoding: gzip
X-Firefox-Spdy: h2
smarttds.org/uploads/landings/en-63aacb05a1c69/js/main.1d9f2ffaaf3ebf16d46a.bundle.js
18.159.164.79200 OK 0 B URL HTTP/2 smarttds.org/uploads/landings/en-63aacb05a1c69/js/main.1d9f2ffaaf3ebf16d46a.bundle.js
IP 18.159.164.79:0
GET /uploads/landings/en-63aacb05a1c69/js/main.1d9f2ffaaf3ebf16d46a.bundle.js HTTP/1.1
Host: smarttds.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://smarttds.org/r/G85L?track_id=52021986&pid=64145&geo=3144096&utm_source=heliotrope-eel&utm_medium=2328&utm_campaign=fs_zeropark_no_pops_desk_19012023&utm_term=foxtrot-sim-vzywlzze2p&utm_content=Firefox¶m1=zeropark¶m2=popup¶m3=cpm¶m4=2022-13
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 27 Jan 2023 19:35:05 GMT
content-type: application/javascript
server: nginx/1.20.2
last-modified: Tue, 27 Dec 2022 14:28:28 GMT
etag: W/"63ab010c-12199"
content-encoding: gzip
X-Firefox-Spdy: h2
smarttds.org/uploads/landings/en-63aacb05a1c69/public/img/coin-mh2.png
18.159.164.79200 OK 0 B URL HTTP/2 smarttds.org/uploads/landings/en-63aacb05a1c69/public/img/coin-mh2.png
IP 18.159.164.79:0
GET /uploads/landings/en-63aacb05a1c69/public/img/coin-mh2.png HTTP/1.1
Host: smarttds.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://smarttds.org/uploads/landings/en-63aacb05a1c69/public/css/styles.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 27 Jan 2023 19:35:05 GMT
content-type: image/png
server: nginx/1.20.2
last-modified: Tue, 27 Dec 2022 14:28:28 GMT
etag: W/"63ab010c-5dcc"
content-encoding: gzip
X-Firefox-Spdy: h2
smarttds.org/uploads/landings/en-63aacb05a1c69/public/apple-icon-120x120.png
18.159.164.79200 OK 0 B URL HTTP/2 smarttds.org/uploads/landings/en-63aacb05a1c69/public/apple-icon-120x120.png
IP 18.159.164.79:0
GET /uploads/landings/en-63aacb05a1c69/public/apple-icon-120x120.png HTTP/1.1
Host: smarttds.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://smarttds.org/r/G85L?track_id=52021986&pid=64145&geo=3144096&utm_source=heliotrope-eel&utm_medium=2328&utm_campaign=fs_zeropark_no_pops_desk_19012023&utm_term=foxtrot-sim-vzywlzze2p&utm_content=Firefox¶m1=zeropark¶m2=popup¶m3=cpm¶m4=2022-13
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 27 Jan 2023 19:35:05 GMT
content-type: image/png
server: nginx/1.20.2
last-modified: Tue, 27 Dec 2022 14:28:28 GMT
etag: W/"63ab010c-2242"
content-encoding: gzip
X-Firefox-Spdy: h2
smarttds.org/uploads/landings/en-63aacb05a1c69/public/img/win-frame.png
18.159.164.79200 OK 0 B URL HTTP/2 smarttds.org/uploads/landings/en-63aacb05a1c69/public/img/win-frame.png
IP 18.159.164.79:0
GET /uploads/landings/en-63aacb05a1c69/public/img/win-frame.png HTTP/1.1
Host: smarttds.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://smarttds.org/uploads/landings/en-63aacb05a1c69/public/css/styles.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 27 Jan 2023 19:35:05 GMT
content-type: image/png
server: nginx/1.20.2
last-modified: Tue, 27 Dec 2022 14:28:28 GMT
etag: W/"63ab010c-168c"
content-encoding: gzip
X-Firefox-Spdy: h2
smarttds.org/uploads/landings/en-63aacb05a1c69/007b2705c0a8f69dfdf6.png
18.159.164.79200 OK 0 B URL HTTP/2 smarttds.org/uploads/landings/en-63aacb05a1c69/007b2705c0a8f69dfdf6.png
IP 18.159.164.79:0
GET /uploads/landings/en-63aacb05a1c69/007b2705c0a8f69dfdf6.png HTTP/1.1
Host: smarttds.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://smarttds.org/uploads/landings/en-63aacb05a1c69/styles/main.01134c67fb8c3323632f.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 27 Jan 2023 19:35:05 GMT
content-type: image/png
server: nginx/1.20.2
last-modified: Tue, 27 Dec 2022 14:28:28 GMT
etag: W/"63ab010c-114c9"
content-encoding: gzip
X-Firefox-Spdy: h2
smarttds.org/r/G85L?track_id=52021986&pid=64145&geo=3144096&utm_source=heliotrope-eel&utm_medium=2328&utm_campaign=fs_zeropark_no_pops_desk_19012023&utm_term=foxtrot-sim-vzywlzze2p&utm_content=Firefox¶m1=zeropark¶m2=popup¶m3=cpm¶m4=2022-13
18.159.164.79200 OK 0 B URL HTTP/2 smarttds.org/r/G85L?track_id=52021986&pid=64145&geo=3144096&utm_source=heliotrope-eel&utm_medium=2328&utm_campaign=fs_zeropark_no_pops_desk_19012023&utm_term=foxtrot-sim-vzywlzze2p&utm_content=Firefox¶m1=zeropark¶m2=popup¶m3=cpm¶m4=2022-13
IP 18.159.164.79:0
GET /r/G85L?track_id=52021986&pid=64145&geo=3144096&utm_source=heliotrope-eel&utm_medium=2328&utm_campaign=fs_zeropark_no_pops_desk_19012023&utm_term=foxtrot-sim-vzywlzze2p&utm_content=Firefox¶m1=zeropark¶m2=popup¶m3=cpm¶m4=2022-13 HTTP/1.1
Host: smarttds.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://orest-vlv.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 27 Jan 2023 19:35:05 GMT
content-type: text/html; charset=UTF-8
server: nginx/1.20.2
cache-control: no-cache, private
X-Firefox-Spdy: h2
smarttds.org/uploads/landings/en-63aacb05a1c69/styles/main.01134c67fb8c3323632f.css
18.159.164.79200 OK 0 B URL HTTP/2 smarttds.org/uploads/landings/en-63aacb05a1c69/styles/main.01134c67fb8c3323632f.css
IP 18.159.164.79:0
GET /uploads/landings/en-63aacb05a1c69/styles/main.01134c67fb8c3323632f.css HTTP/1.1
Host: smarttds.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://smarttds.org/r/G85L?track_id=52021986&pid=64145&geo=3144096&utm_source=heliotrope-eel&utm_medium=2328&utm_campaign=fs_zeropark_no_pops_desk_19012023&utm_term=foxtrot-sim-vzywlzze2p&utm_content=Firefox¶m1=zeropark¶m2=popup¶m3=cpm¶m4=2022-13
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 27 Jan 2023 19:35:05 GMT
content-type: text/css
server: nginx/1.20.2
last-modified: Tue, 27 Dec 2022 14:28:28 GMT
etag: W/"63ab010c-7594"
content-encoding: gzip
X-Firefox-Spdy: h2
smarttds.org/uploads/landings/en-63aacb05a1c69/public/img/bg.jpg
18.159.164.79200 OK 0 B URL HTTP/2 smarttds.org/uploads/landings/en-63aacb05a1c69/public/img/bg.jpg
IP 18.159.164.79:0
GET /uploads/landings/en-63aacb05a1c69/public/img/bg.jpg HTTP/1.1
Host: smarttds.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://smarttds.org/uploads/landings/en-63aacb05a1c69/public/css/styles.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 27 Jan 2023 19:35:05 GMT
content-type: image/jpeg
server: nginx/1.20.2
last-modified: Tue, 27 Dec 2022 14:28:28 GMT
etag: W/"63ab010c-170f7"
content-encoding: gzip
X-Firefox-Spdy: h2
smarttds.org/uploads/landings/en-63aacb05a1c69/js/runtime.f55752200e33d8e90da4.bundle.js
18.159.164.79200 OK 0 B URL HTTP/2 smarttds.org/uploads/landings/en-63aacb05a1c69/js/runtime.f55752200e33d8e90da4.bundle.js
IP 18.159.164.79:0
GET /uploads/landings/en-63aacb05a1c69/js/runtime.f55752200e33d8e90da4.bundle.js HTTP/1.1
Host: smarttds.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://smarttds.org/r/G85L?track_id=52021986&pid=64145&geo=3144096&utm_source=heliotrope-eel&utm_medium=2328&utm_campaign=fs_zeropark_no_pops_desk_19012023&utm_term=foxtrot-sim-vzywlzze2p&utm_content=Firefox¶m1=zeropark¶m2=popup¶m3=cpm¶m4=2022-13
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 27 Jan 2023 19:35:05 GMT
content-type: application/javascript
server: nginx/1.20.2
last-modified: Tue, 27 Dec 2022 14:28:28 GMT
etag: W/"63ab010c-42e"
content-encoding: gzip
X-Firefox-Spdy: h2
smarttds.org/uploads/landings/en-63aacb05a1c69/public/css/styles.css
18.159.164.79200 OK 0 B URL HTTP/2 smarttds.org/uploads/landings/en-63aacb05a1c69/public/css/styles.css
IP 18.159.164.79:0
GET /uploads/landings/en-63aacb05a1c69/public/css/styles.css HTTP/1.1
Host: smarttds.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://smarttds.org/r/G85L?track_id=52021986&pid=64145&geo=3144096&utm_source=heliotrope-eel&utm_medium=2328&utm_campaign=fs_zeropark_no_pops_desk_19012023&utm_term=foxtrot-sim-vzywlzze2p&utm_content=Firefox¶m1=zeropark¶m2=popup¶m3=cpm¶m4=2022-13
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 27 Jan 2023 19:35:05 GMT
content-type: text/css
server: nginx/1.20.2
last-modified: Tue, 27 Dec 2022 14:28:28 GMT
etag: W/"63ab010c-2750"
content-encoding: gzip
X-Firefox-Spdy: h2