r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 3d0727e32cd103ddd4b73f28c81758aa
197a7bf43d63723fc532c23c6dced68d5cc36652
d3f75d03561d6a47d19370292e821a86e58381466f0c69386a21175de55882ff
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D3F75D03561D6A47D19370292E821A86E58381466F0C69386A21175DE55882FF"
Last-Modified: Fri, 11 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8738
Expires: Sat, 12 Nov 2022 06:31:43 GMT
Date: Sat, 12 Nov 2022 04:06:05 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 4edf853c470fcec0ab277c78527f3c2d
de93530ce15337e671c488d9fe05e7091d4956f0
b9d7976b398b1243ff8a571ddd3975d3a1317d69101061bdb1a755b3b56620e6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4873
Cache-Control: max-age=114395
Content-Type: application/ocsp-response
Date: Sat, 12 Nov 2022 04:06:05 GMT
Etag: "636e247f-1d7"
Expires: Sun, 13 Nov 2022 11:52:40 GMT
Last-Modified: Fri, 11 Nov 2022 10:31:27 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash d130218d0e2841f39c99610fe1a2ab90
29fbe1e177ee55c7a61ae0a206afff271cf5f945
6b6d74dccf10c2bc98a91c3388280d7ba1d9596bf8cadd7db0e2f63720b3d152
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Backoff, Content-Type, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 12 Nov 2022 03:43:59 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 1326
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 5076aaa9f4ccd602540286ce0590cb9a
bbf7936a8413a564478971d9e19beb6338cbc869
00e3b967c579b0ccf709b78d497a43d95646b16eb50925fef1e2694c58f290b2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "00E3B967C579B0CCF709B78D497A43D95646B16EB50925FEF1E2694C58F290B2"
Last-Modified: Fri, 11 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11053
Expires: Sat, 12 Nov 2022 07:10:18 GMT
Date: Sat, 12 Nov 2022 04:06:05 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: F4Fvb50WUzFHho6L6Sr6e0aXR/t5iBh6VmWaXafqQMwWshgqJcK8imFuM9bhffYvdp+eHfkvsGcvTlXLdnnBBA==
x-amz-request-id: CN2RPPFXNJ5GX20P
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 12 Nov 2022 03:50:05 GMT
age: 960
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
kokoom.com/
96.126.123.244200 OK 4.6 kB IP 96.126.123.244:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash e23efae1f6888dd51717284c13cbb165
6e7a06aae271b9c0545367149c4069e584298f3e
a0458280467e5115d0e7c353316b20c65b5637f7b6af9dfd87c00e22f668ec07
GET / HTTP/1.1
Host: kokoom.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
server: openresty/1.13.6.1
date: Sat, 12 Nov 2022 04:06:05 GMT
content-type: text/html; charset=utf-8
content-length: 4614
vary: Accept-Language
content-language: en
connection: close
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 04:06:05 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
kokoom.com/mtm/async/.eJxdiksOwjAMBe_iZYkalnzEWZCJ3NZqXIfUQKSqdycFVuxm5r0FHpnhBB4cYO7nipUydZQpf2XQ2a4TClUddVSVNqhs_xAoWa1GxfxgEh2mFDmgsU6-bGVX_qvE8_2yb4-OBXvy-OTuhy-6Jdf45rMfYH0DnGUz9A:1othmP:RnrjGtVzcwV2x_nUst4K5eHPmuk/1/
96.126.123.244200 OK 217 B URL HTTP/1.1 kokoom.com/mtm/async/.eJxdiksOwjAMBe_iZYkalnzEWZCJ3NZqXIfUQKSqdycFVuxm5r0FHpnhBB4cYO7nipUydZQpf2XQ2a4TClUddVSVNqhs_xAoWa1GxfxgEh2mFDmgsU6-bGVX_qvE8_2yb4-OBXvy-OTuhy-6Jdf45rMfYH0DnGUz9A:1othmP:RnrjGtVzcwV2x_nUst4K5eHPmuk/1/
IP 96.126.123.244:0
File type ASCII text, with no line terminators
Hash 94bc04074ff7634be4f82198e8354442
40f6eafe566f6604895a2212764606223db1cd0d
53f0fefc690a62fe934f897600a1ef7cdc14aec7337847770f66113ccbb35a5f
GET /mtm/async/.eJxdiksOwjAMBe_iZYkalnzEWZCJ3NZqXIfUQKSqdycFVuxm5r0FHpnhBB4cYO7nipUydZQpf2XQ2a4TClUddVSVNqhs_xAoWa1GxfxgEh2mFDmgsU6-bGVX_qvE8_2yb4-OBXvy-OTuhy-6Jdf45rMfYH0DnGUz9A:1othmP:RnrjGtVzcwV2x_nUst4K5eHPmuk/1/ HTTP/1.1
Host: kokoom.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://kokoom.com/
Connection: keep-alive
HTTP/1.1 200 OK
server: openresty/1.13.6.1
date: Sat, 12 Nov 2022 04:06:05 GMT
content-type: text/html; charset=utf-8
content-length: 217
x-mtm-path: 0
vary: Accept-Language
content-language: en
set-cookie: mtm_delivered=WyJrb2tvb20uY29tIiwiaHR0cDovL3d3dzEua29rb29tLmNvbS8_dG09MSZzdWJpZDQ9MTY2ODIyNTk2NS4wMzA5NjAwMDAwJmt3PWFkdWx0JktXMT1GcmVlJTIwTW92aWUlMjBTdHJlYW1pbmcmS1cyPUxpdmUlMjBQZXJzb24lMjBDaGF0JTIwU3lzdGVtJktXMz1FbGl0ZSUyMERhdGluZyUyMFNlcnZpY2VzJktXND1PbmxpbmUlMjBQaGFybWFjeSZzZWFyY2hib3g9MCZkb21haW5uYW1lPTAmYmFja2ZpbGw9MCIsMSwiMjAyMi0xMS0xMiAwNDowNjowNSIsMSwiMTY2ODIyNTk2NS4wMzA5NjAwMDAwIiwyMDMsbnVsbCxudWxsXQ:1othmP:vCOgHW0QeLSXfv44DD4H-7pZLf4; expires=Sat, 12-Nov-2022 05:06:05 GMT; Max-Age=3600; Path=/
connection: close
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Cache-Control, Pragma, Retry-After, ETag, Alert, Expires, Backoff, Content-Type, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 12 Nov 2022 03:44:48 GMT
cache-control: public,max-age=3600
age: 1278
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
www1.kokoom.com/?tm=1&subid4=1668225965.0309600000&kw=adult&KW1=Free%20Movie%20Streaming&KW2=Live%20Person%20Chat%20System&KW3=Elite%20Dating%20Services&KW4=Online%20Pharmacy&searchbox=0&domainname=0&backfill=0
99.83.136.84200 OK 5.2 kB URL HTTP/1.1 www1.kokoom.com/?tm=1&subid4=1668225965.0309600000&kw=adult&KW1=Free%20Movie%20Streaming&KW2=Live%20Person%20Chat%20System&KW3=Elite%20Dating%20Services&KW4=Online%20Pharmacy&searchbox=0&domainname=0&backfill=0
IP 99.83.136.84:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2822)
Hash d45b82d6697882c55861ae012fb438bf
7d663bd29d6c87c7ac2fafd16ba21afe9964e05f
fd8fa6753eb88e045a9ffad453a8254d805a1334c9cf79e252abe582074bc58c
GET /?tm=1&subid4=1668225965.0309600000&kw=adult&KW1=Free%20Movie%20Streaming&KW2=Live%20Person%20Chat%20System&KW3=Elite%20Dating%20Services&KW4=Online%20Pharmacy&searchbox=0&domainname=0&backfill=0 HTTP/1.1
Host: www1.kokoom.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kokoom.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sat, 12 Nov 2022 04:06:06 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Buckets: bucket003
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_meUH1jNa7ChAbr8WBwJEpyWDBFz32wIwFDIfQohCmkNqB6C/2q+amHGKuASJ7YK6wvlW+sR+xZ0mkyh7R63TqQ==
X-Template: tpl_CleanPeppermintBlack_twoclick
X-Language: norwegian
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Content-Encoding: gzip
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash f7ff606fbc8634c858bbc04b69f55cf6
2441de2cba649239efd0dae7a878d7ef2245c0b4
95154e0dbb7e827b8f893cc141f986c29634ead618256470d753429aa65a0548
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4340
Cache-Control: max-age=108786
Content-Type: application/ocsp-response
Date: Sat, 12 Nov 2022 04:06:06 GMT
Etag: "636e10ac-1d7"
Expires: Sun, 13 Nov 2022 10:19:12 GMT
Last-Modified: Fri, 11 Nov 2022 09:06:52 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471
d38psrni17bvxu.cloudfront.net/scripts/js3caf.js
54.230.245.22200 OK 7.0 kB URL HTTP/1.1 d38psrni17bvxu.cloudfront.net/scripts/js3caf.js
IP 54.230.245.22:0
File type ASCII text, with very long lines (316)
Hash cce7f943ec8e7b4ba13be4aba6b463d9
220f3e8ca723daa91fd040cf518991a65f2bf110
ba5b7354353b0eec1637564dae072fee662a5b9862f6bf7ed5e60a5a76f2ef44
Analyzer Verdict Alert fortinet Malware
GET /scripts/js3caf.js HTTP/1.1
Host: d38psrni17bvxu.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.kokoom.com/
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 7000
Connection: keep-alive
Server: nginx
Date: Fri, 11 Nov 2022 06:30:39 GMT
Last-Modified: Thu, 14 Jan 2021 10:54:01 GMT
Accept-Ranges: bytes
ETag: "600022c9-1b58"
X-Cache: Hit from cloudfront
Via: 1.1 6259d2cd8a5947ad41a420527bbed7a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: Nwm7bBNfckU__-HYdlICVzBKrUYv8DXNsKcuwdzhjZ8jRigDZo5-Ww==
Age: 77727
d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/style.css
54.230.245.22200 OK 648 B URL HTTP/1.1 d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/style.css
IP 54.230.245.22:0
Hash 706f944f821bc64dff4240a04251ff36
efcf7c46310be1b252baae8e2f4b5e9edfee9fe3
dc365466c780c2d5e58a10925db88facb0cae18cb5a077790c54561e8590b63b
GET /themes/cleanPeppermintBlack_657d9013/style.css HTTP/1.1
Host: d38psrni17bvxu.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.kokoom.com/
HTTP/1.1 200 OK
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Date: Fri, 11 Nov 2022 06:34:21 GMT
Last-Modified: Fri, 21 Oct 2022 11:27:37 GMT
Content-Encoding: gzip
ETag: W/"63528229-63e"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: p03X2OzCqZJdjwZYvPOdDFHdxFdxb9VntWWDpKyxjj-sedt9R2uOpQ==
Age: 77505
d38psrni17bvxu.cloudfront.net/themes/assets/style.css
54.230.245.22200 OK 343 B URL HTTP/1.1 d38psrni17bvxu.cloudfront.net/themes/assets/style.css
IP 54.230.245.22:0
Hash 03a4a8c322fc0c99b0ee7cbbcc9eabcd
6fc193276de2a3458cd853c474cb9269b900e00d
a535d2296792cb37a2bbad1d9d0546e3383a8a5bfac0d9edda15795c226bddf7
GET /themes/assets/style.css HTTP/1.1
Host: d38psrni17bvxu.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.kokoom.com/
HTTP/1.1 200 OK
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Date: Fri, 11 Nov 2022 07:34:24 GMT
Last-Modified: Tue, 12 May 2020 14:25:52 GMT
Content-Encoding: gzip
ETag: W/"5ebab1f0-33d"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: rkbiPqKblFRUZ-1vvU9uz_HwFw3uJFdz5-WMlkIrPEf1O0XLGPtDQg==
Age: 73902
www.google.com/adsense/domains/caf.js
142.250.74.164200 OK 54 kB URL HTTP/1.1 www.google.com/adsense/domains/caf.js
IP 142.250.74.164:0
File type ASCII text, with very long lines (1885)
Hash 8413497980a9c0614bb0fe15a80bba91
f14b28841a24753c880aff5f0e8cc16d750e8478
2d6ff7353d307e7bbf6f4894fb2d5b049e03e95e1d5061210ba23a275f5e51b3
GET /adsense/domains/caf.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.kokoom.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Type: text/javascript; charset=UTF-8
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="ads-afs-ui"
Report-To: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
Date: Sat, 12 Nov 2022 04:06:06 GMT
Expires: Sat, 12 Nov 2022 04:06:06 GMT
Cache-Control: private, max-age=3600
ETag: "9089615408232115983"
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: sffe
X-XSS-Protection: 0
push.services.mozilla.com/
54.149.101.24101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.149.101.24:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: IekZcvYgBrKlmnQ4PsFL7A==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: nMs8Jr2cqDBYuCu5itC8v7EWg1s=
d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/img/arrows.png
54.230.245.22200 OK 11 kB URL HTTP/1.1 d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/img/arrows.png
IP 54.230.245.22:0
File type PNG image data, 1500 x 600, 8-bit colormap, non-interlaced\012- data
Hash 0cb2e5165dc9324eb462199f04e1ffa9
9e0f89847ec8a98d98a6020bc5c4ed32b7a48bf8
67dff0aad873050f12609885f2264417ccdd0d438311000a704c89f0865f7865
GET /themes/cleanPeppermintBlack_657d9013/img/arrows.png HTTP/1.1
Host: d38psrni17bvxu.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/style.css
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 11375
Connection: keep-alive
Server: nginx
Date: Sat, 12 Nov 2022 02:14:07 GMT
Last-Modified: Thu, 23 Jun 2022 10:44:43 GMT
Accept-Ranges: bytes
ETag: "62b4441b-2c6f"
X-Cache: Hit from cloudfront
Via: 1.1 6259d2cd8a5947ad41a420527bbed7a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 3f1eaelTp-RVhROBCnY8poytssyWvQPSgbsyELd8_o1_1GTrHOS5og==
Age: 6720
www1.kokoom.com/favicon.ico
99.83.136.84200 OK 0 B URL HTTP/1.1 www1.kokoom.com/favicon.ico
IP 99.83.136.84:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: www1.kokoom.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.kokoom.com/?tm=1&subid4=1668225965.0309600000&kw=adult&KW1=Free%20Movie%20Streaming&KW2=Live%20Person%20Chat%20System&KW3=Elite%20Dating%20Services&KW4=Online%20Pharmacy&searchbox=0&domainname=0&backfill=0
HTTP/1.1 200 OK
Date: Sat, 12 Nov 2022 04:06:07 GMT
Content-Type: image/x-icon
Content-Length: 0
Connection: keep-alive
Server: nginx
Last-Modified: Tue, 12 May 2020 14:25:52 GMT
ETag: "5ebab1f0-0"
Accept-Ranges: bytes
www1.kokoom.com/track.php?domain=kokoom.com&toggle=browserjs&uid=MTY2ODIyNTk2Ni4xNzc0OmUwOWNlZTRiYjcwMjU2YTM0OWZlMWVmYzU1ODRhOThkM2YwOGNkNDdlY2RkZDE3NjQ0NzYxMjc1NmRmZDYzNDQ6NjM2ZjFiYWUyYjUxZg%3D%3D
99.83.136.84200 OK 20 B URL HTTP/1.1 www1.kokoom.com/track.php?domain=kokoom.com&toggle=browserjs&uid=MTY2ODIyNTk2Ni4xNzc0OmUwOWNlZTRiYjcwMjU2YTM0OWZlMWVmYzU1ODRhOThkM2YwOGNkNDdlY2RkZDE3NjQ0NzYxMjc1NmRmZDYzNDQ6NjM2ZjFiYWUyYjUxZg%3D%3D
IP 99.83.136.84:0
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /track.php?domain=kokoom.com&toggle=browserjs&uid=MTY2ODIyNTk2Ni4xNzc0OmUwOWNlZTRiYjcwMjU2YTM0OWZlMWVmYzU1ODRhOThkM2YwOGNkNDdlY2RkZDE3NjQ0NzYxMjc1NmRmZDYzNDQ6NjM2ZjFiYWUyYjUxZg%3D%3D HTTP/1.1
Host: www1.kokoom.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.kokoom.com/?tm=1&subid4=1668225965.0309600000&kw=adult&KW1=Free%20Movie%20Streaming&KW2=Live%20Person%20Chat%20System&KW3=Elite%20Dating%20Services&KW4=Online%20Pharmacy&searchbox=0&domainname=0&backfill=0
HTTP/1.1 200 OK
Date: Sat, 12 Nov 2022 04:06:07 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Custom-Track: browserjs
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Access-Control-Allow-Origin: *
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash a7d7a5379a732fc5eadab78de886cc31
6df8c63644e97bf57262415f24e270c718e1758b
c355159cc937a19485f62cc446530f319749237e147adbb2c5784d1d2c20ed64
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 12 Nov 2022 04:06:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/afs/ads?adtest=off&psid=6016880802&pcsa=false&channel=000001%2Cbucket003&client=dp-teaminternet12_3ph&r=m&hl=no&terms=Free%20Movie%20Streaming%2CLive%20Person%20Chat%20System%2CElite%20Dating%20Services%2COnline%20Pharmacy&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2988755830828446&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003&format=r4%7Cs&nocache=6231668225966688&num=0&output=afd_ads&domain_name=www1.kokoom.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1668225966690&u_w=1280&u_h=1024&biw=1280&bih=939&psw=1280&psh=760&frm=0&cl=486644749&uio=--&cont=tc&jsid=caf&jsv=486644749&rurl=http%3A%2F%2Fwww1.kokoom.com%2F%3Ftm%3D1%26subid4%3D1668225965.0309600000%26kw%3Dadult%26KW1%3DFree%2520Movie%2520Streaming%26KW2%3DLive%2520Person%2520Chat%2520System%26KW3%3DElite%2520Dating%2520Services%26KW4%3DOnline%2520Pharmacy%26searchbox%3D0%26domainname%3D0%26backfill%3D0&referer=http%3A%2F%2Fkokoom.com%2F&adbw=master-1%3A530
142.250.74.164200 OK 2.3 kB URL HTTP/2 www.google.com/afs/ads?adtest=off&psid=6016880802&pcsa=false&channel=000001%2Cbucket003&client=dp-teaminternet12_3ph&r=m&hl=no&terms=Free%20Movie%20Streaming%2CLive%20Person%20Chat%20System%2CElite%20Dating%20Services%2COnline%20Pharmacy&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2988755830828446&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003&format=r4%7Cs&nocache=6231668225966688&num=0&output=afd_ads&domain_name=www1.kokoom.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1668225966690&u_w=1280&u_h=1024&biw=1280&bih=939&psw=1280&psh=760&frm=0&cl=486644749&uio=--&cont=tc&jsid=caf&jsv=486644749&rurl=http%3A%2F%2Fwww1.kokoom.com%2F%3Ftm%3D1%26subid4%3D1668225965.0309600000%26kw%3Dadult%26KW1%3DFree%2520Movie%2520Streaming%26KW2%3DLive%2520Person%2520Chat%2520System%26KW3%3DElite%2520Dating%2520Services%26KW4%3DOnline%2520Pharmacy%26searchbox%3D0%26domainname%3D0%26backfill%3D0&referer=http%3A%2F%2Fkokoom.com%2F&adbw=master-1%3A530
IP 142.250.74.164:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (6508)
Hash 01bef9033597409310f2c6a5d690afed
b768d6396446f05ab65d468e086e74d5a0bde683
ceeb538dbe3afe7d18d9098f4755fddfb84c77b2f1916af2496f9c720250c759
GET /afs/ads?adtest=off&psid=6016880802&pcsa=false&channel=000001%2Cbucket003&client=dp-teaminternet12_3ph&r=m&hl=no&terms=Free%20Movie%20Streaming%2CLive%20Person%20Chat%20System%2CElite%20Dating%20Services%2COnline%20Pharmacy&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2988755830828446&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003&format=r4%7Cs&nocache=6231668225966688&num=0&output=afd_ads&domain_name=www1.kokoom.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1668225966690&u_w=1280&u_h=1024&biw=1280&bih=939&psw=1280&psh=760&frm=0&cl=486644749&uio=--&cont=tc&jsid=caf&jsv=486644749&rurl=http%3A%2F%2Fwww1.kokoom.com%2F%3Ftm%3D1%26subid4%3D1668225965.0309600000%26kw%3Dadult%26KW1%3DFree%2520Movie%2520Streaming%26KW2%3DLive%2520Person%2520Chat%2520System%26KW3%3DElite%2520Dating%2520Services%26KW4%3DOnline%2520Pharmacy%26searchbox%3D0%26domainname%3D0%26backfill%3D0&referer=http%3A%2F%2Fkokoom.com%2F&adbw=master-1%3A530 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www1.kokoom.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
content-disposition: inline
date: Sat, 12 Nov 2022 04:06:07 GMT
expires: Sat, 12 Nov 2022 04:06:07 GMT
cache-control: private, max-age=3600
content-encoding: br
server: gws
content-length: 2263
x-xss-protection: 0
set-cookie: CONSENT=PENDING+754; expires=Mon, 11-Nov-2024 04:06:07 GMT; path=/; domain=.google.com; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash c7532175bdda623cb1f7d83c236772d4
71a1540c0d3e9acb10807b74b44228af537c6785
fba2db2a9be13aebe95a85d8c7086b97794e4ebc19781a967c4d157f78c4626a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 12 Nov 2022 04:06:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
partner.googleadservices.com/gampad/cookie.js?domain=www1.kokoom.com&client=dp-teaminternet12_3ph&product=SAS&callback=__sasCookie
172.217.21.162200 OK 179 B URL HTTP/2 partner.googleadservices.com/gampad/cookie.js?domain=www1.kokoom.com&client=dp-teaminternet12_3ph&product=SAS&callback=__sasCookie
IP 172.217.21.162:0
File type ASCII text, with no line terminators
Hash 6f9eada61f9f480d03e096474ec7e3f3
5afac771c5c4e67b48c7257be8db232432b4ec14
d0cba5f6349b100da4c0bdb005a77d6fbe3bdfa8441fc18aa09bc3ad2aa47f10
GET /gampad/cookie.js?domain=www1.kokoom.com&client=dp-teaminternet12_3ph&product=SAS&callback=__sasCookie HTTP/1.1
Host: partner.googleadservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www1.kokoom.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sat, 12 Nov 2022 04:06:07 GMT
server: cafe
cache-control: private
content-length: 179
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash e569acd833d180f3c2fba0919fbeb704
60a3121c9bf8e08a8a7fe70001c24b6f8c9981f5
994bee0670c93479c3e835985d24d7ce41fbc0a3013e173d79ea1ea5f63ac85c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 12 Nov 2022 04:06:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 1db01334ecc26bd0e3dab312f266c116
d86c1a84e6439f63e61a27c1d6cc14f7d875f311
8bf2661a1d2b7438c1339559c07a782a59cd212f163f86b42bf51657d6897d96
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 12 Nov 2022 04:06:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 2b484dd308df8e6db63c8a4756196a74
67e9033dc689e7e2d85a42a8e2be90d61603e5d5
d577a50be0e13828691959a8704e414cef6fb8aa8636a1aaccf95e9165f9e788
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 12 Nov 2022 04:06:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 562149e460e7949cc1e3726ac7c854bf
90c304ab2081e4d04e1c6a176e8193787986a0b2
9f83f2b72570abc2c662aacf80e9eac0ab0410de0e147b2f786767edd4dcc4fb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 12 Nov 2022 04:06:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/search.svg?c=%23ffffff
142.250.74.33200 OK 270 B URL HTTP/2 afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/search.svg?c=%23ffffff
IP 142.250.74.33:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (390)
Hash 5100391430a00e10ce60aa159f525b5c
231a4492d73b225f441b1e9028dc33c89862e498
52b1432a6e3002e41ed1d8f4c84b258fdc4c6dac863e3c0e5c06360c81be6067
GET /ad_icons/standard/publisher_icon_image/search.svg?c=%23ffffff HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 270
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Fri, 11 Nov 2022 08:18:21 GMT
expires: Sat, 12 Nov 2022 07:18:21 GMT
cache-control: public, max-age=82800
age: 71266
last-modified: Thu, 19 Dec 2019 14:15:00 GMT
content-type: image/svg+xml
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff
142.250.74.33200 OK 174 B URL HTTP/2 afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff
IP 142.250.74.33:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with no line terminators
Hash 4de8b85c8915995b571bde50e231be7c
29c226ca7b9cbe1d44e5480ce95bbb42727b2d99
2ec9168c4507546748c5f400f5030031f0eb06f2aed8deaa11362c395bff4f7a
GET /ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 174
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Fri, 11 Nov 2022 06:02:20 GMT
expires: Sat, 12 Nov 2022 05:02:20 GMT
cache-control: public, max-age=82800
age: 79427
last-modified: Thu, 22 Oct 2020 21:45:00 GMT
content-type: image/svg+xml
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 562149e460e7949cc1e3726ac7c854bf
90c304ab2081e4d04e1c6a176e8193787986a0b2
9f83f2b72570abc2c662aacf80e9eac0ab0410de0e147b2f786767edd4dcc4fb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 12 Nov 2022 04:06:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash fb29db48daab83bcaed56b72093619cc
e0e0a09d729ffb1c41411419768896f1e1eb3346
08e24124f809f1ab7e6960355efcb419e13dd5fb6063c31caf04e11ebdb7a5cf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "08E24124F809F1AB7E6960355EFCB419E13DD5FB6063C31CAF04E11EBDB7A5CF"
Last-Modified: Fri, 11 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13872
Expires: Sat, 12 Nov 2022 07:57:19 GMT
Date: Sat, 12 Nov 2022 04:06:07 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash fb29db48daab83bcaed56b72093619cc
e0e0a09d729ffb1c41411419768896f1e1eb3346
08e24124f809f1ab7e6960355efcb419e13dd5fb6063c31caf04e11ebdb7a5cf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "08E24124F809F1AB7E6960355EFCB419E13DD5FB6063C31CAF04E11EBDB7A5CF"
Last-Modified: Fri, 11 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13872
Expires: Sat, 12 Nov 2022 07:57:19 GMT
Date: Sat, 12 Nov 2022 04:06:07 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash fb29db48daab83bcaed56b72093619cc
e0e0a09d729ffb1c41411419768896f1e1eb3346
08e24124f809f1ab7e6960355efcb419e13dd5fb6063c31caf04e11ebdb7a5cf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "08E24124F809F1AB7E6960355EFCB419E13DD5FB6063C31CAF04E11EBDB7A5CF"
Last-Modified: Fri, 11 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13872
Expires: Sat, 12 Nov 2022 07:57:19 GMT
Date: Sat, 12 Nov 2022 04:06:07 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash fb29db48daab83bcaed56b72093619cc
e0e0a09d729ffb1c41411419768896f1e1eb3346
08e24124f809f1ab7e6960355efcb419e13dd5fb6063c31caf04e11ebdb7a5cf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "08E24124F809F1AB7E6960355EFCB419E13DD5FB6063C31CAF04E11EBDB7A5CF"
Last-Modified: Fri, 11 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13872
Expires: Sat, 12 Nov 2022 07:57:19 GMT
Date: Sat, 12 Nov 2022 04:06:07 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash fb29db48daab83bcaed56b72093619cc
e0e0a09d729ffb1c41411419768896f1e1eb3346
08e24124f809f1ab7e6960355efcb419e13dd5fb6063c31caf04e11ebdb7a5cf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "08E24124F809F1AB7E6960355EFCB419E13DD5FB6063C31CAF04E11EBDB7A5CF"
Last-Modified: Fri, 11 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13872
Expires: Sat, 12 Nov 2022 07:57:19 GMT
Date: Sat, 12 Nov 2022 04:06:07 GMT
Connection: keep-alive
www1.kokoom.com/?tm=1&subid4=1668225965.0309600000&kw=adult&KW1=Free%20Movie%20Streaming&KW2=Live%20Person%20Chat%20System&KW3=Elite%20Dating%20Services&KW4=Online%20Pharmacy&searchbox=0&domainname=0&backfill=0
99.83.136.84200 OK 5.1 kB URL HTTP/1.1 www1.kokoom.com/?tm=1&subid4=1668225965.0309600000&kw=adult&KW1=Free%20Movie%20Streaming&KW2=Live%20Person%20Chat%20System&KW3=Elite%20Dating%20Services&KW4=Online%20Pharmacy&searchbox=0&domainname=0&backfill=0
IP 99.83.136.84:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2822)
Hash 27ffa3674c211b06bd7161a4f717d0e1
bea230819463f64f4afc0fa320ffc8a737b683d5
100a7e7bb05a3a5eb248ea1efe81ed43bad3a8289b15e5b1359dd61f34000168
GET /?tm=1&subid4=1668225965.0309600000&kw=adult&KW1=Free%20Movie%20Streaming&KW2=Live%20Person%20Chat%20System&KW3=Elite%20Dating%20Services&KW4=Online%20Pharmacy&searchbox=0&domainname=0&backfill=0 HTTP/1.1
Host: www1.kokoom.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: __gsas=ID=7577feaf25b28f15:T=1668225967:S=ALNI_MZKQJKnOJhDqL5Y1SALMYU1XZjBWA
Upgrade-Insecure-Requests: 1
Cache-Control: max-age=0
HTTP/1.1 200 OK
Date: Sat, 12 Nov 2022 04:06:07 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Buckets: bucket003
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_meUH1jNa7ChAbr8WBwJEpyWDBFz32wIwFDIfQohCmkNqB6C/2q+amHGKuASJ7YK6wvlW+sR+xZ0mkyh7R63TqQ==
X-Template: tpl_CleanPeppermintBlack_twoclick
X-Language: norwegian
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Content-Encoding: gzip
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F24ff4e7b-c5dd-4b3d-a4fa-a796e12dfe1e.jpeg
34.120.237.76200 OK 6.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F24ff4e7b-c5dd-4b3d-a4fa-a796e12dfe1e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4310f585904aaca1ad065e14621a4e3e
a1a2246415ff47340df17641ed2cf9c701453683
e28b55ff5e6dae8b604426557a56afc39af6ea7560ab0b4c86c0830cd5f7ab23
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F24ff4e7b-c5dd-4b3d-a4fa-a796e12dfe1e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6398
x-amzn-requestid: c86cea6c-2f2f-490d-9187-2f21df615eb8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bdNMGEQbIAMFh2A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636ec24d-23ffe10c6db644e679b581f7;Sampled=0
x-amzn-remapped-date: Fri, 11 Nov 2022 21:44:45 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: zdxcVAwuaYT330A6MGRsmIQSAfv6raiYIVl7zKzL0AnuCcjIabBG7Q==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 9c675215120a4ade8754c4357ef2f3ea.cloudfront.net (CloudFront), 1.1 google
date: Fri, 11 Nov 2022 22:29:48 GMT
age: 20179
etag: "a1a2246415ff47340df17641ed2cf9c701453683"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4af930b9-b854-4316-8425-07c6aa06477a.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4af930b9-b854-4316-8425-07c6aa06477a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash cd5bdc050716bb76afe8090fc81617e7
5109c156b180727767fc03c411190ccc0d3fb5fc
9b13e7838946c6654dda17886c2ca8d42de934acb93f4bddb1008dfa1bd1ea99
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4af930b9-b854-4316-8425-07c6aa06477a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11715
x-amzn-requestid: 20e508bd-6568-4225-9bee-c683a49d44f6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bdMhUHkpIAMFfJg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636ec13b-7dc726b94a37fc667e2e6646;Sampled=0
x-amzn-remapped-date: Fri, 11 Nov 2022 21:40:11 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Lp5eW92D8SbFtcQLk-LRSaSKNMNFYCW7XTALdNdrJxN6ebgdH8_1Dw==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 1481cc55c02c3a782ad420b6bac2cb32.cloudfront.net (CloudFront), 1.1 google
date: Fri, 11 Nov 2022 21:42:55 GMT
age: 22992
etag: "5109c156b180727767fc03c411190ccc0d3fb5fc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2eaa4311-959b-4a18-8135-b4ce754c0765.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2eaa4311-959b-4a18-8135-b4ce754c0765.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 567bcdef39653e949301b97714168c31
8669185a5f338e34026c48310c88c5a9d8caa1c2
7ecaa9ceaa0a60e608e62571108fbcf49f6fa2b3e77feacbf52d319beda40db1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2eaa4311-959b-4a18-8135-b4ce754c0765.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7533
x-amzn-requestid: 985674ba-be97-4ca3-babb-594c61f8d6c1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bdM8BEqFIAMFsxw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636ec1e6-3abc6a525f2a2bde14465b7e;Sampled=0
x-amzn-remapped-date: Fri, 11 Nov 2022 21:43:02 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: DRfYKF1_Z56kxeaprUhH1Ng8MgW0Z6Xx_yWwiO3MnswRFY482udCjg==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Fri, 11 Nov 2022 21:43:48 GMT
age: 22939
etag: "8669185a5f338e34026c48310c88c5a9d8caa1c2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1655bda0-593c-40c8-bd9d-5c094248551b.jpeg
34.120.237.76200 OK 6.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1655bda0-593c-40c8-bd9d-5c094248551b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash dea29172117b20fbba50877b6137a82c
4f059d139749207c70d8387abb5d8be54e97bca3
1a18bc2b4413225fb560a705ef5d228b6faa648f4908a51661be443d6d04001b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1655bda0-593c-40c8-bd9d-5c094248551b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6771
x-amzn-requestid: 15d0cccd-10d5-4a58-91ba-181cd48d02a2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bdMipFOqIAMFzYg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636ec143-45dc19d1418acd1261b050e5;Sampled=0
x-amzn-remapped-date: Fri, 11 Nov 2022 21:40:20 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: wAXmVLj9L-TESuUQLMk2wvi9GH_A_kesPJUDIXN-6GLywdRpeNsYJQ==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 11 Nov 2022 22:01:29 GMT
age: 21878
etag: "4f059d139749207c70d8387abb5d8be54e97bca3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60d4e929-d0bb-41b7-bdcd-0e67258b428a.webp
34.120.237.76200 OK 9.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60d4e929-d0bb-41b7-bdcd-0e67258b428a.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 516f1bfefb1c1a737ea2441f85343b32
0cc22d7bf9092fb30f31e2ca8f242c197b891669
733824d4f6f7c5b54ce4e02ecaf152cfc1e10f3f6a801d7e2c55a02460e40087
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60d4e929-d0bb-41b7-bdcd-0e67258b428a.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9012
x-amzn-requestid: 83eac9e7-5387-4e11-9769-182fa3f7fffb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bdNC6FxzoAMF80w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636ec212-5ca277b90a5a9a4c437edc1e;Sampled=0
x-amzn-remapped-date: Fri, 11 Nov 2022 21:43:46 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 7wqdiuomEgaQlE1P5gopDGXbAkmh3ohPXYDcBWczuYFEcj8nczk9_w==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google
date: Fri, 11 Nov 2022 21:52:57 GMT
age: 22390
etag: "0cc22d7bf9092fb30f31e2ca8f242c197b891669"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbae1f7e5-4deb-446b-bef2-d4185563f449.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbae1f7e5-4deb-446b-bef2-d4185563f449.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 43e4308988c320212eab6fb4d27c215e
2c2503ca7de1a0c9a4224131f9b0e4b990f7efcd
56efcb5d90ed224301384c850ec2f11317c2426fdc8ed6f88a211bbb75e6871e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbae1f7e5-4deb-446b-bef2-d4185563f449.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12578
x-amzn-requestid: 60fda47c-9518-4ab3-8f94-4e925f0b6773
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bdM8iHeHoAMFQFQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636ec1e9-62597e7b5c0f3b6b1e53bcce;Sampled=0
x-amzn-remapped-date: Fri, 11 Nov 2022 21:43:05 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: FSquX2GRcCI4_Onwfi5qm_oBKl5EvL1RZJO84zJgyoEr7tPVTMy9dQ==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 91356d2137f5a7345e93da4516c49ec4.cloudfront.net (CloudFront), 1.1 google
date: Fri, 11 Nov 2022 22:01:48 GMT
age: 21859
etag: "2c2503ca7de1a0c9a4224131f9b0e4b990f7efcd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
d38psrni17bvxu.cloudfront.net/scripts/js3caf.js
54.230.245.22304 Not Modified 0 B URL HTTP/1.1 d38psrni17bvxu.cloudfront.net/scripts/js3caf.js
IP 54.230.245.22:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET /scripts/js3caf.js HTTP/1.1
Host: d38psrni17bvxu.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.kokoom.com/
If-Modified-Since: Thu, 14 Jan 2021 10:54:01 GMT
If-None-Match: "600022c9-1b58"
Cache-Control: max-age=0
HTTP/1.1 304 Not Modified
Connection: keep-alive
Server: nginx
Date: Fri, 11 Nov 2022 06:30:39 GMT
Last-Modified: Thu, 14 Jan 2021 10:54:01 GMT
ETag: "600022c9-1b58"
X-Cache: Hit from cloudfront
Via: 1.1 6259d2cd8a5947ad41a420527bbed7a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: BFpW9PvwPGTpqx8KgqnAYXcQw9T61OwvlnPnA_bcBrFE407eeqwFjw==
Age: 77728
www.google.com/adsense/domains/caf.js
142.250.74.164200 OK 54 kB URL HTTP/1.1 www.google.com/adsense/domains/caf.js
IP 142.250.74.164:0
File type ASCII text, with very long lines (1885)
Hash c54543b67bb3e4c79770d3351ece90d3
8660e980be7f0c1e438c14454c323ccf0da2c06a
3545c907cd7b5d2d8138df89733550fbd69046295c12e4cea6a9f1b72727321c
GET /adsense/domains/caf.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.kokoom.com/
If-None-Match: "9089615408232115983"
Cache-Control: max-age=0
HTTP/1.1 200 OK
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Type: text/javascript; charset=UTF-8
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="ads-afs-ui"
Report-To: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
Date: Sat, 12 Nov 2022 04:06:07 GMT
Expires: Sat, 12 Nov 2022 04:06:07 GMT
Cache-Control: private, max-age=3600
ETag: "6389008090175607752"
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: sffe
X-XSS-Protection: 0
www1.kokoom.com/track.php?domain=kokoom.com&toggle=browserjs&uid=MTY2ODIyNTk2Ny42OTQyOjk5MWU1N2ZmZDg0ZTViNjM2NGZhNjE4MmNjYjcxYjgzZDc1NTY4OThlODg2ZWU3NjUyYjljZjA1ZTAxYjQwMjc6NjM2ZjFiYWZhOTdiYw%3D%3D
99.83.136.84200 OK 20 B URL HTTP/1.1 www1.kokoom.com/track.php?domain=kokoom.com&toggle=browserjs&uid=MTY2ODIyNTk2Ny42OTQyOjk5MWU1N2ZmZDg0ZTViNjM2NGZhNjE4MmNjYjcxYjgzZDc1NTY4OThlODg2ZWU3NjUyYjljZjA1ZTAxYjQwMjc6NjM2ZjFiYWZhOTdiYw%3D%3D
IP 99.83.136.84:0
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /track.php?domain=kokoom.com&toggle=browserjs&uid=MTY2ODIyNTk2Ny42OTQyOjk5MWU1N2ZmZDg0ZTViNjM2NGZhNjE4MmNjYjcxYjgzZDc1NTY4OThlODg2ZWU3NjUyYjljZjA1ZTAxYjQwMjc6NjM2ZjFiYWZhOTdiYw%3D%3D HTTP/1.1
Host: www1.kokoom.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.kokoom.com/?tm=1&subid4=1668225965.0309600000&kw=adult&KW1=Free%20Movie%20Streaming&KW2=Live%20Person%20Chat%20System&KW3=Elite%20Dating%20Services&KW4=Online%20Pharmacy&searchbox=0&domainname=0&backfill=0
Cookie: __gsas=ID=7577feaf25b28f15:T=1668225967:S=ALNI_MZKQJKnOJhDqL5Y1SALMYU1XZjBWA
HTTP/1.1 200 OK
Date: Sat, 12 Nov 2022 04:06:08 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Custom-Track: browserjs
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Access-Control-Allow-Origin: *
Content-Encoding: gzip
www1.kokoom.com/ls.php
99.83.136.84201 Created 0 B IP 99.83.136.84:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /ls.php HTTP/1.1
Host: www1.kokoom.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 2738
Origin: http://www1.kokoom.com
Connection: keep-alive
Referer: http://www1.kokoom.com/?tm=1&subid4=1668225965.0309600000&kw=adult&KW1=Free%20Movie%20Streaming&KW2=Live%20Person%20Chat%20System&KW3=Elite%20Dating%20Services&KW4=Online%20Pharmacy&searchbox=0&domainname=0&backfill=0
Cookie: __gsas=ID=7577feaf25b28f15:T=1668225967:S=ALNI_MZKQJKnOJhDqL5Y1SALMYU1XZjBWA; GoogleAdServingTest=Good
Cache-Control: max-age=0
HTTP/1.1 201 Created
Date: Sat, 12 Nov 2022 04:06:08 GMT
Content-Type: text/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
X-Log-Success: 636f1bb0bd18735d1c7fbcb5
Charset: utf-8
Access-Control-Allow-Origin: http://www1.kokoom.com
Access-Control-Allow-Methods: POST, OPTIONS
Access-Control-Max-Age: 86400
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_PRCU3wdRSEtw7EsIwSt5aQbvKwJCOkGOwm0pOofmW86bMbWJRDq8iXQbq5hojU3eMF5a2iJn2Z1DaGyCe3nY1Q==
www1.kokoom.com/track.php?domain=kokoom.com&caf=1&toggle=answercheck&answer=yes&uid=MTY2ODIyNTk2Ny42OTQyOjk5MWU1N2ZmZDg0ZTViNjM2NGZhNjE4MmNjYjcxYjgzZDc1NTY4OThlODg2ZWU3NjUyYjljZjA1ZTAxYjQwMjc6NjM2ZjFiYWZhOTdiYw%3D%3D
99.83.136.84200 OK 20 B URL HTTP/1.1 www1.kokoom.com/track.php?domain=kokoom.com&caf=1&toggle=answercheck&answer=yes&uid=MTY2ODIyNTk2Ny42OTQyOjk5MWU1N2ZmZDg0ZTViNjM2NGZhNjE4MmNjYjcxYjgzZDc1NTY4OThlODg2ZWU3NjUyYjljZjA1ZTAxYjQwMjc6NjM2ZjFiYWZhOTdiYw%3D%3D
IP 99.83.136.84:0
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /track.php?domain=kokoom.com&caf=1&toggle=answercheck&answer=yes&uid=MTY2ODIyNTk2Ny42OTQyOjk5MWU1N2ZmZDg0ZTViNjM2NGZhNjE4MmNjYjcxYjgzZDc1NTY4OThlODg2ZWU3NjUyYjljZjA1ZTAxYjQwMjc6NjM2ZjFiYWZhOTdiYw%3D%3D HTTP/1.1
Host: www1.kokoom.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.kokoom.com/?tm=1&subid4=1668225965.0309600000&kw=adult&KW1=Free%20Movie%20Streaming&KW2=Live%20Person%20Chat%20System&KW3=Elite%20Dating%20Services&KW4=Online%20Pharmacy&searchbox=0&domainname=0&backfill=0
Cookie: __gsas=ID=7577feaf25b28f15:T=1668225967:S=ALNI_MZKQJKnOJhDqL5Y1SALMYU1XZjBWA
HTTP/1.1 200 OK
Date: Sat, 12 Nov 2022 04:06:08 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Custom-Track: answercheck
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Access-Control-Allow-Origin: *
Content-Encoding: gzip
www.google.com/adsense/domains/caf.js
142.250.74.164200 OK 0 B URL HTTP/2 www.google.com/adsense/domains/caf.js
IP 142.250.74.164:0
GET /adsense/domains/caf.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Sat, 12 Nov 2022 04:06:07 GMT
expires: Sat, 12 Nov 2022 04:06:07 GMT
cache-control: private, max-age=3600
etag: "5610477286401618035"
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2