urlquery - report: clasroyale.com/mtm/direct/.eJxlikEKAjEMRe-S5VgmLnXEs0go0RbSaU0jdBDvbnSpu_f_e094aIYFEAKQ3rqjk_KVldVHMmsLYhTqWjcSnmMtXqTa7bJSYW_-JMXIzdwYD8NkRQK1JjmS5bri-Dy78fsWOd3P-_kYJpy-dIDXG4E

Fully Qualifying Domain Name	Rank	First Seen	Last Seen	IP	Comment
contile.services.mozilla.com (1)	1114	2021-05-27 18:32:35 UTC	2022-09-26 04:28:07 UTC	34.117.237.239
ocsp.digicert.com (1)	86	2012-05-21 07:02:23 UTC	2022-09-26 16:08:16 UTC	93.184.220.29
ocsp.pki.goog (9)	175	2017-06-14 07:23:31 UTC	2022-09-26 04:27:13 UTC	142.250.74.3
partner.googleadservices.com (1)	798	2012-10-03 01:04:21 UTC	2022-09-26 13:14:31 UTC	172.217.21.162
img-getpocket.cdn.mozilla.net (6)	1631	2017-09-01 03:40:57 UTC	2022-09-26 12:15:18 UTC	34.120.237.76
clasroyale.com (1)	0	2016-01-10 21:30:52 UTC	2022-09-26 13:42:21 UTC	173.255.194.134	Unknown ranking
r3.o.lencr.org (5)	344	2020-12-02 08:52:13 UTC	2022-09-26 04:35:11 UTC	23.36.76.226
firefox.settings.services.mozilla.com (2)	867	2020-05-28 17:26:30 UTC	2022-09-26 12:59:20 UTC	143.204.55.27
afs.googlesyndication.com (2)	0	2013-09-05 10:37:02 UTC	2022-09-26 18:29:38 UTC	142.250.74.34	Domain (googlesyndication.com) ranked at: 1586
content-signature-2.cdn.mozilla.net (1)	1152	2020-11-03 12:26:46 UTC	2022-09-26 04:26:56 UTC	34.160.144.191
d38psrni17bvxu.cloudfront.net (4)	0	2022-09-22 16:48:38 UTC	2022-09-26 16:12:03 UTC	54.230.245.138	Unknown ranking
push.services.mozilla.com (1)	2140	2015-09-03 10:29:36 UTC	2022-09-26 05:45:55 UTC	54.187.160.31
www.google.com (2)	7	2016-08-04 12:36:31 UTC	2022-09-26 14:57:55 UTC	142.250.74.164
www1.clasroyale.com (5)	0	2022-09-25 02:17:49 UTC	2022-09-26 13:42:25 UTC	99.83.136.84	Unknown ranking
afs.googleusercontent.com (2)	12123	2013-05-07 00:37:08 UTC	2022-09-26 05:05:49 UTC	142.250.74.33

Scan Date	Severity	Indicator	Comment
2022-09-26	2	clasroyale.com/mtm/direct/.eJxlikEKAjEMRe-S5VgmLnXEs0go0RbSaU0jdBDvbnSpu_f_ (...)	Malware
2022-09-26	2	www1.clasroyale.com/ls.php	Malware

Date	UQ / IDS / BL	URL	IP
2023-03-28 17:47:26 +0000	0 - 0 - 1	rozafagrill.uk/	96.126.123.244
2023-03-28 17:41:09 +0000	0 - 0 - 1	healhtysouthernneveda.org/	96.126.123.244
2023-03-27 18:09:57 +0000	0 - 1 - 0	www2.megawebfind.com/search.php?q=1234.1027.2 (...)	96.126.123.244
2023-03-27 11:03:55 +0000	0 - 0 - 5	review-payeeonline.link/Login.php	96.126.123.244
2023-03-26 15:38:01 +0000	0 - 1 - 0	www2.megawebfind.com/search.php?q=1234.1020.2 (...)	96.126.123.244

Date	UQ / IDS / BL	URL	IP
2023-03-29 03:05:44 +0000	0 - 0 - 2	filt.us-southeast-1.linodeobjects.com/meet/pi (...)	194.195.213.250
2023-03-29 02:28:18 +0000	2 - 0 - 2	pscoperations.us-southeast-1.linodeobjects.co (...)	194.195.215.57
2023-03-28 20:28:27 +0000	0 - 0 - 2	tdame.ritrade.com/mtm/direct/.eJyrViotylSyUtJ (...)	72.14.185.43
2023-03-28 19:36:36 +0000	0 - 1 - 1	ekopedia.eko.com/fedex/package/fedex/wfohbn0f (...)	45.56.127.93
2023-03-28 19:07:19 +0000	0 - 2 - 0	s7.backupsuper.cc/jack5tr.sh	194.195.211.98

Date	UQ / IDS / BL	URL	IP
2022-10-28 01:24:35 +0000	0 - 0 - 1	clasroyale.com/	198.58.118.167
2022-09-27 16:42:14 +0000	0 - 0 - 1	www1.clasroyale.com/?tm=1&subid4=1664259985.0 (...)	75.2.73.197
2022-09-26 20:06:58 +0000	0 - 0 - 2	clasroyale.com/mtm/direct/.eJxlikEKAjEMRe-S5V (...)	96.126.123.244

Date	UQ / IDS / BL	URL	IP
2023-02-22 02:36:16 +0000	0 - 0 - 2	myloannorthpointe.com/	96.126.123.244
2022-11-09 17:23:16 +0000	0 - 0 - 2	www1.afasinside.nl/?backfill=0&domainname=0&k (...)	76.223.26.96
2022-11-08 04:53:05 +0000	0 - 0 - 2	www1.starameddenefits.org/?tm=1&subid4=166788 (...)	75.2.73.197
2022-10-22 14:17:31 +0000	0 - 0 - 1	www1.payrollamazon.work/?tm=1&subid4=16664482 (...)	99.83.136.84
2022-09-24 12:48:35 +0000	0 - 0 - 2	www.chesterfiledresources.com/mtm/direct/.eJw (...)	45.33.2.79

Request	Response
GET /mtm/direct/.eJxlikEKAjEMRe-S5VgmLnXEs0go0RbSaU0jdBDvbnSpu_f_e094aIYFEAKQ3rqjk_KVldVHMmsLYhTqWjcSnmMtXqTa7bJSYW_-JMXIzdwYD8NkRQK1JjmS5bri-Dy78fsWOd3P-_kYJpy-dIDXG4E_NXc:1ocuMz:v4eCFQaJN4845Q4x57pIb5-u4i4/2 HTTP/1.1 Host: clasroyale.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Upgrade-Insecure-Requests: 1	URL: clasroyale.com/mtm/direct/.eJxlikEKAjEMRe-S5VgmLnXEs0go (...) FQDN: clasroyale.com IP: 173.255.194.134 HASH: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 173.255.194.134 HTTP/1.1 302 Found content-type: text/html; charset=utf-8 server: openresty/1.13.6.1 date: Mon, 26 Sep 2022 20:06:47 GMT content-length: 0 location: http://www1.clasroyale.com/?tm=1&subid4=1664222807.0137960000&kw=games&KW1=Play%20Mobile%20Phone%20Games&KW2=Play%20Online%20Games&KW3=Gamified%20Rewards%20Programs&KW4=How%20To%20Become%20A%20Video%20Game%20Tester&searchbox=0&domainname=0&backfill=0 x-mtm-path: 10 x-mtm-prov: 70:13.09;1:24.37 x-mtm-rd: 0.00 vary: Accept-Language content-language: en set-cookie: mtm_delivered=WyJjbGFzcm95YWxlLmNvbSIsImh0dHA6Ly93d3cxLmNsYXNyb3lhbGUuY29tLz90bT0xJnN1YmlkND0xNjY0MjIyODA3LjAxMzc5NjAwMDAma3c9Z2FtZXMmS1cxPVBsYXklMjBNb2JpbGUlMjBQaG9uZSUyMEdhbWVzJktXMj1QbGF5JTIwT25saW5lJTIwR2FtZXMmS1czPUdhbWlmaWVkJTIwUmV3YXJkcyUyMFByb2dyYW1zJktXND1Ib3clMjBUbyUyMEJlY29tZSUyMEElMjBWaWRlbyUyMEdhbWUlMjBUZXN0ZXImc2VhcmNoYm94PTAmZG9tYWlubmFtZT0wJmJhY2tmaWxsPTAiLDEsIjIwMjItMDktMjYgMjA6MDY6NDciLDEsIjE2NjQyMjI4MDcuMDEzNzk2MDAwMCIsMSxudWxsLG51bGxd:1ocuNL:h7HfRNoAJmXeG0HjMNdyiCBr1RI; expires=Mon, 26-Sep-2022 21:06:47 GMT; Max-Age=3600; Path=/ connection: close --- Additional Info --- Magic: Size: 0 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Alerts: Blocklists: - fortinet: Malware
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.76.226 HASH: 4397e6b45b5822fbab9b83abe0b96ee70efba7cd2160b51936159865ede5fdb1 23.36.76.226 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "4397E6B45B5822FBAB9B83ABE0B96EE70EFBA7CD2160B51936159865EDE5FDB1" Last-Modified: Sun, 25 Sep 2022 18:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=9118 Expires: Mon, 26 Sep 2022 22:38:45 GMT Date: Mon, 26 Sep 2022 20:06:47 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: d2560f62890e75b8de444fed96c22f52 Sha1: 334ce0c48e606ee029f31eeb1463af87b1024bb9 Sha256: 4397e6b45b5822fbab9b83abe0b96ee70efba7cd2160b51936159865ede5fdb1
GET /v1/ HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: firefox.settings.services.mozilla.com/v1/ FQDN: firefox.settings.services.mozilla.com IP: 143.204.55.27 HASH: a2427848ba35575dda8a82cf88f104978234c05389deebc3fc8279d9075eff45 143.204.55.27 HTTP/1.1 200 OK Content-Type: application/json Content-Length: 939 Connection: keep-alive Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Alert, Content-Type, Backoff, Content-Length, Retry-After Cache-Control: max-age=3600 Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; Date: Mon, 26 Sep 2022 19:15:19 GMT X-Content-Type-Options: nosniff X-Cache: Hit from cloudfront Via: 1.1 83a23d85c009b0c0e3626072e9f997fe.cloudfront.net (CloudFront) X-Amz-Cf-Pop: OSL50-C1 X-Amz-Cf-Id: 7mcaiGxP2BJOrlP5qtnOVjT0663CVfad3V0GNxgjqK8OA9dxPHmQxQ== Age: 3088 --- Additional Info --- Magic: JSON data\012- , ASCII text, with very long lines (939), with no line terminators Size: 939 Md5: 1b3053fa528e28810f8a2cc9284cc921 Sha1: cca9eb471d941881a6b9a1793aecb6c281908f6a Sha256: a2427848ba35575dda8a82cf88f104978234c05389deebc3fc8279d9075eff45
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.76.226 HASH: f35bb3a8c877dd8d3c5920f3c917722f12b157aff398e2ec30fab51fa6caa2ef 23.36.76.226 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "F35BB3A8C877DD8D3C5920F3C917722F12B157AFF398E2EC30FAB51FA6CAA2EF" Last-Modified: Mon, 26 Sep 2022 06:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=2863 Expires: Mon, 26 Sep 2022 20:54:30 GMT Date: Mon, 26 Sep 2022 20:06:47 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 1017811d25642601e984edc1676d118d Sha1: c177c4f7a897584bf91347fa4990c83d6bfd0321 Sha256: f35bb3a8c877dd8d3c5920f3c917722f12b157aff398e2ec30fab51fa6caa2ef
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1 Host: content-signature-2.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site	URL: content-signature-2.cdn.mozilla.net/chains/remote-setti (...) FQDN: content-signature-2.cdn.mozilla.net IP: 34.160.144.191 HASH: b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770 34.160.144.191 HTTP/2 200 OK content-type: binary/octet-stream x-amz-id-2: YfispacBZBNJXzwrDTqNv0iZq3QxvvgMAxN7frNg4hbiWy1S2y+uyGzfYFltVQps8qihnm/+SCq7yhy6dCOaiw== x-amz-request-id: 846DBTW7WK14Z9YF content-disposition: attachment accept-ranges: bytes server: AmazonS3 content-length: 5348 via: 1.1 google date: Mon, 26 Sep 2022 19:50:06 GMT age: 1002 last-modified: Sat, 10 Sep 2022 18:47:45 GMT etag: "6113f8408c59aebe188d6af273b90743" cache-control: public,max-age=3600 alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: PEM certificate\012- , ASCII text Size: 5348 Md5: 6113f8408c59aebe188d6af273b90743 Sha1: 7398873bf00f99944eaa77ad3ebc0d43c23dba6b Sha256: b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /v1/tiles HTTP/1.1 Host: contile.services.mozilla.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: contile.services.mozilla.com/v1/tiles FQDN: contile.services.mozilla.com IP: 34.117.237.239 HASH: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3 34.117.237.239 HTTP/2 200 OK content-type: application/json server: nginx date: Mon, 26 Sep 2022 20:06:48 GMT content-length: 12 strict-transport-security: max-age=31536000 via: 1.1 google alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JSON data\012- , ASCII text, with no line terminators Size: 12 Md5: 23e88fb7b99543fb33315b29b1fad9d6 Sha1: a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /?tm=1&subid4=1664222807.0137960000&kw=games&KW1=Play%20Mobile%20Phone%20Games&KW2=Play%20Online%20Games&KW3=Gamified%20Rewards%20Programs&KW4=How%20To%20Become%20A%20Video%20Game%20Tester&searchbox=0&domainname=0&backfill=0 HTTP/1.1 Host: www1.clasroyale.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Upgrade-Insecure-Requests: 1	URL: www1.clasroyale.com/?tm=1&subid4=1664222807.0137960000& (...) FQDN: www1.clasroyale.com IP: 99.83.136.84 HASH: 3d2221d00fac7f087c9f0f41ce30cbb8e97fd1e385f27e1e0bcc307ac8e74cf7 99.83.136.84 HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Date: Mon, 26 Sep 2022 20:06:48 GMT Transfer-Encoding: chunked Connection: keep-alive Server: nginx Vary: Accept-Encoding X-Buckets: bucket078 X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_qEDcWFRyA1XjbMMHKQAiiUOILNL1sezjkCumFUHYWczumQtwZPMCZMs5zSQ7ds/bnXV4d4BXMaKNKQC4RXMOPQ== X-Template: tpl_Regnitz_twoclick X-Language: norwegian Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile Accept-CH-Lifetime: 30 Content-Encoding: gzip --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2934) Size: 5105 Md5: 8e1181e20fbcf5be8294e26ef65aff10 Sha1: 8268a54a3e43d41e78c1819c9acfc9134fffead7 Sha256: 3d2221d00fac7f087c9f0f41ce30cbb8e97fd1e385f27e1e0bcc307ac8e74cf7
GET /scripts/js3caf.js HTTP/1.1 Host: d38psrni17bvxu.cloudfront.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://www1.clasroyale.com/	URL: d38psrni17bvxu.cloudfront.net/scripts/js3caf.js FQDN: d38psrni17bvxu.cloudfront.net IP: 54.230.245.138 HASH: ba5b7354353b0eec1637564dae072fee662a5b9862f6bf7ed5e60a5a76f2ef44 54.230.245.138 HTTP/1.1 200 OK Content-Type: application/javascript Content-Length: 7000 Connection: keep-alive Server: nginx Date: Mon, 26 Sep 2022 09:14:25 GMT Last-Modified: Thu, 14 Jan 2021 10:54:01 GMT Accept-Ranges: bytes ETag: "600022c9-1b58" X-Cache: Hit from cloudfront Via: 1.1 fc5e625db631bc657fc73f189d53fa14.cloudfront.net (CloudFront) X-Amz-Cf-Pop: OSL50-P1 X-Amz-Cf-Id: 8xyoPmboDqbCcbcEdgLaNPjhpip7PIzs57baW9c0vh83aykLeJjj2Q== Age: 39143 --- Additional Info --- Magic: ASCII text, with very long lines (316) Size: 7000 Md5: cce7f943ec8e7b4ba13be4aba6b463d9 Sha1: 220f3e8ca723daa91fd040cf518991a65f2bf110 Sha256: ba5b7354353b0eec1637564dae072fee662a5b9862f6bf7ed5e60a5a76f2ef44
GET /themes/assets/style.css HTTP/1.1 Host: d38psrni17bvxu.cloudfront.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://www1.clasroyale.com/	URL: d38psrni17bvxu.cloudfront.net/themes/assets/style.css FQDN: d38psrni17bvxu.cloudfront.net IP: 54.230.245.138 HASH: a535d2296792cb37a2bbad1d9d0546e3383a8a5bfac0d9edda15795c226bddf7 54.230.245.138 HTTP/1.1 200 OK Content-Type: text/css Transfer-Encoding: chunked Connection: keep-alive Server: nginx Date: Mon, 26 Sep 2022 09:14:25 GMT Last-Modified: Tue, 12 May 2020 14:25:52 GMT Content-Encoding: gzip ETag: W/"5ebab1f0-33d" Vary: Accept-Encoding X-Cache: Hit from cloudfront Via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront) X-Amz-Cf-Pop: OSL50-P1 X-Amz-Cf-Id: WabNo2wFgD75TITCqLGB7kK_Z1dJ6xXeAWlfMjsXsF85dPwq2fJ9Hw== Age: 39143 --- Additional Info --- Magic: ASCII text Size: 343 Md5: 03a4a8c322fc0c99b0ee7cbbcc9eabcd Sha1: 6fc193276de2a3458cd853c474cb9269b900e00d Sha256: a535d2296792cb37a2bbad1d9d0546e3383a8a5bfac0d9edda15795c226bddf7
GET /themes/regnitz_0f823431/style.css HTTP/1.1 Host: d38psrni17bvxu.cloudfront.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://www1.clasroyale.com/	URL: d38psrni17bvxu.cloudfront.net/themes/regnitz_0f823431/s (...) FQDN: d38psrni17bvxu.cloudfront.net IP: 54.230.245.138 HASH: b53565fe44fb5034ed78e704aee57c620c37819a13286af740aab63b41550d46 54.230.245.138 HTTP/1.1 200 OK Content-Type: text/css Transfer-Encoding: chunked Connection: keep-alive Server: nginx Date: Mon, 26 Sep 2022 09:14:36 GMT Last-Modified: Fri, 25 Feb 2022 11:24:01 GMT Content-Encoding: gzip ETag: W/"6218bc51-4ec" Vary: Accept-Encoding X-Cache: Hit from cloudfront Via: 1.1 e2f427863e6bdb72ad8bed72b596d81e.cloudfront.net (CloudFront) X-Amz-Cf-Pop: OSL50-P1 X-Amz-Cf-Id: nOvgByJo2szOUWhsQee74Te1Od-nzdMlRorI9LasDfqiAPG1HF0AvA== Age: 39132 --- Additional Info --- Magic: ASCII text Size: 539 Md5: 3138e35c7232f3c11463560722a0ac79 Sha1: b3e50fa997933e788c1a8800b347ba592b2ff913 Sha256: b53565fe44fb5034ed78e704aee57c620c37819a13286af740aab63b41550d46
GET /adsense/domains/caf.js HTTP/1.1 Host: www.google.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://www1.clasroyale.com/	URL: www.google.com/adsense/domains/caf.js FQDN: www.google.com IP: 142.250.74.164 HASH: 1d29e7d5e35795c39017bc2e71b85fefc463bfddb445407bb95234fdbdb7d3a1 142.250.74.164 HTTP/1.1 200 OK Content-Type: text/javascript; charset=UTF-8 Accept-Ranges: bytes Vary: Accept-Encoding Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="ads-afs-ui" Report-To: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]} Date: Mon, 26 Sep 2022 20:06:48 GMT Expires: Mon, 26 Sep 2022 20:06:48 GMT Cache-Control: private, max-age=3600 ETag: "10576084047166745669" X-Content-Type-Options: nosniff Content-Encoding: gzip Transfer-Encoding: chunked Server: sffe X-XSS-Protection: 0 --- Additional Info --- Magic: ASCII text, with very long lines (1885) Size: 53925 Md5: 7648ddd3a5177ed3286a8601181da1a4 Sha1: ea311b66b51e647caf6bc905d2cc7496c4831b09 Sha256: 1d29e7d5e35795c39017bc2e71b85fefc463bfddb445407bb95234fdbdb7d3a1
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: application/json Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: application/json Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: firefox.settings.services.mozilla.com/v1/buckets/main/c (...) FQDN: firefox.settings.services.mozilla.com IP: 143.204.55.27 HASH: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300 143.204.55.27 HTTP/1.1 200 OK Content-Type: application/json Content-Length: 329 Connection: keep-alive Access-Control-Allow-Origin: * Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT Strict-Transport-Security: max-age=31536000 X-Content-Type-Options: nosniff Date: Mon, 26 Sep 2022 19:10:46 GMT Cache-Control: max-age=3600, max-age=3600 Expires: Mon, 26 Sep 2022 19:26:17 GMT ETag: "1648230346554" X-Cache: Hit from cloudfront Via: 1.1 41dc61beb3fe8e8c2c299a2522d8330c.cloudfront.net (CloudFront) X-Amz-Cf-Pop: OSL50-C1 X-Amz-Cf-Id: d5jZz0LbYz1Qx9LQq_SIaK6lb5G86yQo_mvmNUZzT-Abj1smuLbHug== Age: 3362 --- Additional Info --- Magic: JSON data\012- , ASCII text, with very long lines (329), with no line terminators Size: 329 Md5: 0333b0655111aa68de771adfcc4db243 Sha1: 63f295a144ac87a7c8e23417626724eeca68a7eb Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
POST / HTTP/1.1 Host: ocsp.digicert.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: ocsp.digicert.com/ FQDN: ocsp.digicert.com IP: 93.184.220.29 HASH: 5c95ba48bc342887b4f7ef697bd4def50f6f2f472f654169179e5ac44df883d9 93.184.220.29 HTTP/1.1 200 OK Content-Type: application/ocsp-response Accept-Ranges: bytes Age: 412 Cache-Control: 'max-age=158059' Date: Mon, 26 Sep 2022 20:06:48 GMT Last-Modified: Mon, 26 Sep 2022 19:59:56 GMT Server: ECS (ska/F6FD) X-Cache: HIT Content-Length: 471 --- Additional Info --- Magic: data Size: 471 Md5: 5adb7eb1d103eadeeafac36e663ffdd3 Sha1: 23b784388dd634fa736cd60aed71570661e73d02 Sha256: 5c95ba48bc342887b4f7ef697bd4def50f6f2f472f654169179e5ac44df883d9
GET /themes/regnitz_0f823431/img/arrows.png HTTP/1.1 Host: d38psrni17bvxu.cloudfront.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://d38psrni17bvxu.cloudfront.net/themes/regnitz_0f823431/style.css	URL: d38psrni17bvxu.cloudfront.net/themes/regnitz_0f823431/i (...) FQDN: d38psrni17bvxu.cloudfront.net IP: 54.230.245.138 HASH: 67dff0aad873050f12609885f2264417ccdd0d438311000a704c89f0865f7865 54.230.245.138 HTTP/1.1 200 OK Content-Type: image/png Content-Length: 11375 Connection: keep-alive Server: nginx Date: Mon, 26 Sep 2022 09:14:35 GMT Last-Modified: Fri, 25 Feb 2022 11:24:01 GMT Accept-Ranges: bytes ETag: "6218bc51-2c6f" X-Cache: Hit from cloudfront Via: 1.1 fc5e625db631bc657fc73f189d53fa14.cloudfront.net (CloudFront) X-Amz-Cf-Pop: OSL50-P1 X-Amz-Cf-Id: gtfPx0MeY5QAydhe-xJYC1e69taR7PnQrQ8McMa4vJ0Fo35egVgyzQ== Age: 39133 --- Additional Info --- Magic: PNG image data, 1500 x 600, 8-bit colormap, non-interlaced\012- data Size: 11375 Md5: 0cb2e5165dc9324eb462199f04e1ffa9 Sha1: 9e0f89847ec8a98d98a6020bc5c4ed32b7a48bf8 Sha256: 67dff0aad873050f12609885f2264417ccdd0d438311000a704c89f0865f7865
GET / HTTP/1.1 Host: push.services.mozilla.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Sec-WebSocket-Version: 13 Origin: wss://push.services.mozilla.com/ Sec-WebSocket-Protocol: push-notification Sec-WebSocket-Extensions: permessage-deflate Sec-WebSocket-Key: QHzfiuUGsfTaDAq1/Jx65w== Connection: keep-alive, Upgrade Sec-Fetch-Dest: websocket Sec-Fetch-Mode: websocket Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache Upgrade: websocket	URL: push.services.mozilla.com/ FQDN: push.services.mozilla.com IP: 54.187.160.31 HASH: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 54.187.160.31 HTTP/1.1 101 Switching Protocols Connection: Upgrade Upgrade: websocket Sec-WebSocket-Accept: 6yb1dqiqtCJYilCa8W3Pb1/5Rss= --- Additional Info --- Magic: Size: 0 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1 Host: www1.clasroyale.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://www1.clasroyale.com/?tm=1&subid4=1664222807.0137960000&kw=games&KW1=Play%20Mobile%20Phone%20Games&KW2=Play%20Online%20Games&KW3=Gamified%20Rewards%20Programs&KW4=How%20To%20Become%20A%20Video%20Game%20Tester&searchbox=0&domainname=0&backfill=0	URL: www1.clasroyale.com/favicon.ico FQDN: www1.clasroyale.com IP: 99.83.136.84 HASH: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 99.83.136.84 HTTP/1.1 200 OK Content-Type: image/x-icon Date: Mon, 26 Sep 2022 20:06:49 GMT Content-Length: 0 Connection: keep-alive Server: nginx Last-Modified: Tue, 12 May 2020 14:25:52 GMT ETag: "5ebab1f0-0" Accept-Ranges: bytes --- Additional Info --- Magic: Size: 0 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /track.php?domain=clasroyale.com&toggle=browserjs&uid=MTY2NDIyMjgwOC4xMDI2OjMxMWIwZTk0MWE4ZWYxYmRiZDBkOGJlMmNlMjlkZTNmMjhkZmNkNjY1ZjQ1ZGU5NWYxY2MxOWZkY2E0NzAzNjg6NjMzMjA2NTgxOTBlMQ%3D%3D HTTP/1.1 Host: www1.clasroyale.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://www1.clasroyale.com/?tm=1&subid4=1664222807.0137960000&kw=games&KW1=Play%20Mobile%20Phone%20Games&KW2=Play%20Online%20Games&KW3=Gamified%20Rewards%20Programs&KW4=How%20To%20Become%20A%20Video%20Game%20Tester&searchbox=0&domainname=0&backfill=0	URL: www1.clasroyale.com/track.php?domain=clasroyale.com&tog (...) FQDN: www1.clasroyale.com IP: 99.83.136.84 HASH: d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf 99.83.136.84 HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Date: Mon, 26 Sep 2022 20:06:49 GMT Transfer-Encoding: chunked Connection: keep-alive Server: nginx Vary: Accept-Encoding X-Custom-Track: browserjs Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile Accept-CH-Lifetime: 30 Access-Control-Allow-Origin: * Content-Encoding: gzip --- Additional Info --- Magic: data Size: 20 Md5: a4745abc5e7fdb89cc6df3069f3c6e69 Sha1: 74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed Sha256: d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 84 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: ocsp.pki.goog/gts1c3 FQDN: ocsp.pki.goog IP: 142.250.74.3 HASH: 791ac45152415413d4af27f3dde61a021c9c57dcf7ca5b0e65300ebc3cd8815d 142.250.74.3 HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Mon, 26 Sep 2022 20:06:49 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 472 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN --- Additional Info --- Magic: data Size: 472 Md5: 1d095ec6a56142cb2084481b06881ef4 Sha1: 82ff236023008fbfb871aaa7c1e976e0cf15e91a Sha256: 791ac45152415413d4af27f3dde61a021c9c57dcf7ca5b0e65300ebc3cd8815d
POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 84 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: ocsp.pki.goog/gts1c3 FQDN: ocsp.pki.goog IP: 142.250.74.3 HASH: 18e601b130747b5b70afa4a4614e9b7d8c7f3df5cd72725e1488c5b411a452e9 142.250.74.3 HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Mon, 26 Sep 2022 20:06:49 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 472 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN --- Additional Info --- Magic: data Size: 472 Md5: 8cd97aaf3e95e1e9bbdf8b739727d7cd Sha1: 858cf438048356fc972c737cc84e1439c18dec5e Sha256: 18e601b130747b5b70afa4a4614e9b7d8c7f3df5cd72725e1488c5b411a452e9
GET /afs/ads?adtest=off&psid=1420240428&pcsa=false&channel=000001%2C000003%2C000530%2Cbucket078&client=dp-teaminternet12_3ph&r=m&hl=no&terms=Play%20Mobile%20Phone%20Games%2CPlay%20Online%20Games%2CGamified%20Rewards%20Programs%2CHow%20To%20Become%20A%20Video%20Game%20Tester&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2150633343939208&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300953%2C17300956%2C17301020%2C17301022%2C17301068%2C17301071%2C17301094%2C17301097&format=r4%7Cs&nocache=6631664222807275&num=0&output=afd_ads&domain_name=www1.clasroyale.com&v=3&bsl=8&pac=0&u_his=1&u_tz=0&dt=1664222807277&u_w=1280&u_h=1024&biw=1280&bih=939&psw=1280&psh=760&frm=0&uio=--&cont=tc&jsid=caf&jsv=475283328&rurl=http%3A%2F%2Fwww1.clasroyale.com%2F%3Ftm%3D1%26subid4%3D1664222807.0137960000%26kw%3Dgames%26KW1%3DPlay%2520Mobile%2520Phone%2520Games%26KW2%3DPlay%2520Online%2520Games%26KW3%3DGamified%2520Rewards%2520Programs%26KW4%3DHow%2520To%2520Become%2520A%2520Video%2520Game%2520Tester%26searchbox%3D0%26domainname%3D0%26backfill%3D0&adbw=master-1%3A530 HTTP/1.1 Host: afs.googlesyndication.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: http://www1.clasroyale.com/ Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: iframe Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site	URL: afs.googlesyndication.com/afs/ads?adtest=off&psid=14202 (...) FQDN: afs.googlesyndication.com IP: 142.250.74.34 HASH: c70b5b4a03cc9bdc34c021e4c0d304c3283e9946f303bc107742d3e01b3cbeb1 142.250.74.34 HTTP/2 200 OK content-type: text/html; charset=UTF-8 content-disposition: inline date: Mon, 26 Sep 2022 20:06:49 GMT expires: Mon, 26 Sep 2022 20:06:49 GMT cache-control: private, max-age=3600 content-encoding: br server: gws content-length: 2317 x-xss-protection: 0 set-cookie: CONSENT=PENDING+332; expires=Wed, 25-Sep-2024 20:06:49 GMT; path=/; domain=.googlesyndication.com; Secure p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info." alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" X-Firefox-Spdy: h2 --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (6820) Size: 2317 Md5: fa8ada2e335a56ec86baa4f7562b9af5 Sha1: 9cd9e866c02252e1273031064d7848e4bc1ae100 Sha256: c70b5b4a03cc9bdc34c021e4c0d304c3283e9946f303bc107742d3e01b3cbeb1
GET /gampad/cookie.js?domain=www1.clasroyale.com&client=dp-teaminternet12_3ph&product=SAS&callback=__sasCookie HTTP/1.1 Host: partner.googleadservices.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: http://www1.clasroyale.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site	URL: partner.googleadservices.com/gampad/cookie.js?domain=ww (...) FQDN: partner.googleadservices.com IP: 172.217.21.162 HASH: d183cd6bf16de1a732c7bfb184701d2ee6fa79d0e87353605bcaf3abd61f00a8 172.217.21.162 HTTP/2 200 OK content-type: text/javascript; charset=UTF-8 p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" timing-allow-origin: * cross-origin-resource-policy: cross-origin x-content-type-options: nosniff content-disposition: attachment; filename="f.txt" content-encoding: gzip date: Mon, 26 Sep 2022 20:06:49 GMT server: cafe cache-control: private content-length: 181 x-xss-protection: 0 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" X-Firefox-Spdy: h2 --- Additional Info --- Magic: ASCII text, with no line terminators Size: 181 Md5: 73acc4c683aa6b023a70eb82f3ad9877 Sha1: 06717b5e64eaef681ad0f02c231f985bfb2f8182 Sha256: d183cd6bf16de1a732c7bfb184701d2ee6fa79d0e87353605bcaf3abd61f00a8
POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 84 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: ocsp.pki.goog/gts1c3 FQDN: ocsp.pki.goog IP: 142.250.74.3 HASH: 791ac45152415413d4af27f3dde61a021c9c57dcf7ca5b0e65300ebc3cd8815d 142.250.74.3 HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Mon, 26 Sep 2022 20:06:49 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 472 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN --- Additional Info --- Magic: data Size: 472 Md5: 1d095ec6a56142cb2084481b06881ef4 Sha1: 82ff236023008fbfb871aaa7c1e976e0cf15e91a Sha256: 791ac45152415413d4af27f3dde61a021c9c57dcf7ca5b0e65300ebc3cd8815d
POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 84 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: ocsp.pki.goog/gts1c3 FQDN: ocsp.pki.goog IP: 142.250.74.3 HASH: 939a3899d3ba41e4868adabbfe5f0c49ecaa1bce8b1cb109327dc2dd6311ad5b 142.250.74.3 HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Mon, 26 Sep 2022 20:06:49 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 472 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN --- Additional Info --- Magic: data Size: 472 Md5: 83ce30306f9844b38a8e5d4c9146e333 Sha1: a2a8a135c949784b4d2153954593411074fd0425 Sha256: 939a3899d3ba41e4868adabbfe5f0c49ecaa1bce8b1cb109327dc2dd6311ad5b
POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: ocsp.pki.goog/gts1c3 FQDN: ocsp.pki.goog IP: 142.250.74.3 HASH: 1dde4f6f372d8e056a96129e101a31d04a0f97448c66df7175251060c6a8d0cd 142.250.74.3 HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Mon, 26 Sep 2022 20:06:49 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 471 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN --- Additional Info --- Magic: data Size: 471 Md5: b6908b750175e1c2e2af86c77945ed11 Sha1: ea6bc6f581500a0974977bbef6bd3432c181bc0f Sha256: 1dde4f6f372d8e056a96129e101a31d04a0f97448c66df7175251060c6a8d0cd
POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: ocsp.pki.goog/gts1c3 FQDN: ocsp.pki.goog IP: 142.250.74.3 HASH: 1dde4f6f372d8e056a96129e101a31d04a0f97448c66df7175251060c6a8d0cd 142.250.74.3 HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Mon, 26 Sep 2022 20:06:49 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 471 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN --- Additional Info --- Magic: data Size: 471 Md5: b6908b750175e1c2e2af86c77945ed11 Sha1: ea6bc6f581500a0974977bbef6bd3432c181bc0f Sha256: 1dde4f6f372d8e056a96129e101a31d04a0f97448c66df7175251060c6a8d0cd
GET /ad_icons/standard/publisher_icon_image/search.svg?c=%231967d2 HTTP/1.1 Host: afs.googleusercontent.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://afs.googlesyndication.com/ Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site	URL: afs.googleusercontent.com/ad_icons/standard/publisher_i (...) FQDN: afs.googleusercontent.com IP: 142.250.74.33 HASH: a3d7b37475de5a3a350d4dc4790f14a6a5f4045726d2eae4cbe9bd59aeba2fe2 142.250.74.33 HTTP/2 200 OK content-type: image/svg+xml accept-ranges: bytes vary: Accept-Encoding content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers" report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]} content-length: 272 x-content-type-options: nosniff content-encoding: gzip server: sffe x-xss-protection: 0 date: Mon, 26 Sep 2022 12:38:35 GMT expires: Tue, 27 Sep 2022 11:38:35 GMT cache-control: public, max-age=82800 age: 26894 last-modified: Thu, 19 Dec 2019 14:15:00 GMT alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" X-Firefox-Spdy: h2 --- Additional Info --- Magic: SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (390) Size: 272 Md5: bbbac37f0b6e29a6099e4aa7cb19d6ca Sha1: 0acafe95e2141f0af6109203efeb2d98e6b926c6 Sha256: a3d7b37475de5a3a350d4dc4790f14a6a5f4045726d2eae4cbe9bd59aeba2fe2
GET /ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff HTTP/1.1 Host: afs.googleusercontent.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://afs.googlesyndication.com/ Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site	URL: afs.googleusercontent.com/ad_icons/standard/publisher_i (...) FQDN: afs.googleusercontent.com IP: 142.250.74.33 HASH: 2ec9168c4507546748c5f400f5030031f0eb06f2aed8deaa11362c395bff4f7a 142.250.74.33 HTTP/2 200 OK content-type: image/svg+xml accept-ranges: bytes vary: Accept-Encoding content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers" report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]} content-length: 174 x-content-type-options: nosniff content-encoding: gzip server: sffe x-xss-protection: 0 date: Mon, 26 Sep 2022 02:03:14 GMT expires: Tue, 27 Sep 2022 01:03:14 GMT cache-control: public, max-age=82800 age: 65015 last-modified: Thu, 22 Oct 2020 21:45:00 GMT alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" X-Firefox-Spdy: h2 --- Additional Info --- Magic: SVG Scalable Vector Graphics image\012- , ASCII text, with no line terminators Size: 174 Md5: 4de8b85c8915995b571bde50e231be7c Sha1: 29c226ca7b9cbe1d44e5480ce95bbb42727b2d99 Sha256: 2ec9168c4507546748c5f400f5030031f0eb06f2aed8deaa11362c395bff4f7a
POST /ls.php HTTP/1.1 Host: www1.clasroyale.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Content-Length: 2754 Origin: http://www1.clasroyale.com Connection: keep-alive Referer: http://www1.clasroyale.com/?tm=1&subid4=1664222807.0137960000&kw=games&KW1=Play%20Mobile%20Phone%20Games&KW2=Play%20Online%20Games&KW3=Gamified%20Rewards%20Programs&KW4=How%20To%20Become%20A%20Video%20Game%20Tester&searchbox=0&domainname=0&backfill=0	URL: www1.clasroyale.com/ls.php FQDN: www1.clasroyale.com IP: 99.83.136.84 HASH: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 99.83.136.84 HTTP/1.1 201 Created Content-Type: text/javascript;charset=UTF-8 Date: Mon, 26 Sep 2022 20:06:49 GMT Transfer-Encoding: chunked Connection: keep-alive Server: nginx Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile Accept-CH-Lifetime: 30 X-Log-Success: 633206599e3bef5bfb712a38 Charset: utf-8 Access-Control-Allow-Origin: http://www1.clasroyale.com Access-Control-Allow-Methods: POST, OPTIONS Access-Control-Max-Age: 86400 X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_RQVbmBKBfVvFnczzCP9CLGkTuLKjYGWg0MuT46WRNYSbAr7FeWRiUmLzdZ/1S9DzcJ4OqpKIwV0tTMHlHMZSBg== --- Additional Info --- Magic: Size: 0 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Alerts: Blocklists: - fortinet: Malware
POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: ocsp.pki.goog/gts1c3 FQDN: ocsp.pki.goog IP: 142.250.74.3 HASH: 8d9e49545b65e314e949a0d012c664fbe8d2dae912906d1506c2e1243f154258 142.250.74.3 HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Mon, 26 Sep 2022 20:06:49 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 471 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN --- Additional Info --- Magic: data Size: 471 Md5: ffb1ee0c677f670f393bc590d5c6bd11 Sha1: 494d666d08ace557a8b22aff6045d24bd68c1844 Sha256: 8d9e49545b65e314e949a0d012c664fbe8d2dae912906d1506c2e1243f154258
GET /track.php?domain=clasroyale.com&caf=1&toggle=answercheck&answer=yes&uid=MTY2NDIyMjgwOC4xMDI2OjMxMWIwZTk0MWE4ZWYxYmRiZDBkOGJlMmNlMjlkZTNmMjhkZmNkNjY1ZjQ1ZGU5NWYxY2MxOWZkY2E0NzAzNjg6NjMzMjA2NTgxOTBlMQ%3D%3D HTTP/1.1 Host: www1.clasroyale.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://www1.clasroyale.com/?tm=1&subid4=1664222807.0137960000&kw=games&KW1=Play%20Mobile%20Phone%20Games&KW2=Play%20Online%20Games&KW3=Gamified%20Rewards%20Programs&KW4=How%20To%20Become%20A%20Video%20Game%20Tester&searchbox=0&domainname=0&backfill=0 Cookie: __gsas=ID=e779f2503f2f9cc2:T=1664222809:S=ALNI_MZcp838pseWA5j5l5aNuZRpXY3CXg	URL: www1.clasroyale.com/track.php?domain=clasroyale.com&caf (...) FQDN: www1.clasroyale.com IP: 99.83.136.84 HASH: d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf 99.83.136.84 HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Date: Mon, 26 Sep 2022 20:06:49 GMT Transfer-Encoding: chunked Connection: keep-alive Server: nginx Vary: Accept-Encoding X-Custom-Track: answercheck Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile Accept-CH-Lifetime: 30 Access-Control-Allow-Origin: * Content-Encoding: gzip --- Additional Info --- Magic: data Size: 20 Md5: a4745abc5e7fdb89cc6df3069f3c6e69 Sha1: 74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed Sha256: d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.76.226 HASH: 519e9b47ddfa1e1fe047f4dc7df88e3011817f88144fcc3853a7984a781c2070 23.36.76.226 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "519E9B47DDFA1E1FE047F4DC7DF88E3011817F88144FCC3853A7984A781C2070" Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=3133 Expires: Mon, 26 Sep 2022 20:59:03 GMT Date: Mon, 26 Sep 2022 20:06:50 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 5a6097201b7da81f6e9a6d99a7353a0c Sha1: d4240fe80c76013b9f7b6fd09963aa47151b8d6a Sha256: 519e9b47ddfa1e1fe047f4dc7df88e3011817f88144fcc3853a7984a781c2070
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.76.226 HASH: 519e9b47ddfa1e1fe047f4dc7df88e3011817f88144fcc3853a7984a781c2070 23.36.76.226 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "519E9B47DDFA1E1FE047F4DC7DF88E3011817F88144FCC3853A7984A781C2070" Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=3133 Expires: Mon, 26 Sep 2022 20:59:03 GMT Date: Mon, 26 Sep 2022 20:06:50 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 5a6097201b7da81f6e9a6d99a7353a0c Sha1: d4240fe80c76013b9f7b6fd09963aa47151b8d6a Sha256: 519e9b47ddfa1e1fe047f4dc7df88e3011817f88144fcc3853a7984a781c2070
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.76.226 HASH: 519e9b47ddfa1e1fe047f4dc7df88e3011817f88144fcc3853a7984a781c2070 23.36.76.226 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "519E9B47DDFA1E1FE047F4DC7DF88E3011817F88144FCC3853A7984A781C2070" Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=3133 Expires: Mon, 26 Sep 2022 20:59:03 GMT Date: Mon, 26 Sep 2022 20:06:50 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 5a6097201b7da81f6e9a6d99a7353a0c Sha1: d4240fe80c76013b9f7b6fd09963aa47151b8d6a Sha256: 519e9b47ddfa1e1fe047f4dc7df88e3011817f88144fcc3853a7984a781c2070
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1deb918e-bcb0-4629-aaa7-0ae0322969be.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: e665a8821b5e7b2e78787647a08d629bf70cbf4cbfee2057c8601cf0565154a1 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 12826 x-amzn-requestid: f075cf62-acfc-4bc1-be14-7c3dafb7aaed x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: YfVRNFP-oAMFgrA= x-content-type-options: nosniff x-amzn-trace-id: Root=1-6322cf3a-184b678042d64ac9266b1128;Sampled=0 x-amzn-remapped-date: Thu, 15 Sep 2022 07:07:38 GMT x-amz-cf-pop: SEA73-P1 x-cache: Hit from cloudfront x-amz-cf-id: W6ZD1652Yn1xqZG7ehDcirlYoG8Hcsrdj11Fzfgj7zb-OiU8xHj1gw== via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 91356d2137f5a7345e93da4516c49ec4.cloudfront.net (CloudFront), 1.1 google date: Sun, 25 Sep 2022 21:37:19 GMT age: 80971 etag: "b6d56333d7f1ea7ddc8838d84de498ff913c5464" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3 DIY-Thermocam raw data\012- (Lepton 2.x), scale 3-257, spot sensor temperature 0.000000, unit celsius, color scheme 0, show scale bar, calibration: offset 0.000000, slope 241253891388563521536.000000\012- data Size: 12826 Md5: b3a72e81317074689a71dac7059e4b6a Sha1: b6d56333d7f1ea7ddc8838d84de498ff913c5464 Sha256: e665a8821b5e7b2e78787647a08d629bf70cbf4cbfee2057c8601cf0565154a1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7838a122-2b2e-4e4c-9bcc-7c6b46a93b1e.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: 5ba74820ad451747c8ed25529f06b037bebf4c0616a1f2165c9197c1171db7a6 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 11728 x-amzn-requestid: bf60e58f-c4f4-45c7-923b-0d1539f720f5 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: ZCUCGGw7oAMF3wQ= x-content-type-options: nosniff x-amzn-trace-id: Root=1-6330cd40-32043c1b1411544f5d00edc0;Sampled=0 x-amzn-remapped-date: Sun, 25 Sep 2022 21:50:56 GMT x-amz-cf-pop: HIO50-C1, SEA73-P1 x-cache: Hit from cloudfront x-amz-cf-id: ZRG0Axnhc5RY5rDbnnbauco9dpPeFdkP01UxkpNYI5pgSbfGKWcikw== via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google date: Sun, 25 Sep 2022 22:16:26 GMT age: 78624 etag: "9660bb2d38079182efbd11d7a687bfc7f9d30751" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 11728 Md5: 968b9c138702fb5994d1d9eab1a697fa Sha1: 9660bb2d38079182efbd11d7a687bfc7f9d30751 Sha256: 5ba74820ad451747c8ed25529f06b037bebf4c0616a1f2165c9197c1171db7a6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9723d426-a6ee-4860-8067-0b8d98143233.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: c0e653d89656016c55aca9b198b9191620f1ae9a3c45742a90744bd74c4f9505 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 8637 x-amzn-requestid: 07dc23e0-000f-4f6c-8d2b-0e65d88be270 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: ZCSvvEenoAMFr0Q= x-content-type-options: nosniff x-amzn-trace-id: Root=1-6330cb31-520803124760abc216152d7b;Sampled=0 x-amzn-remapped-date: Sun, 25 Sep 2022 21:42:09 GMT x-amz-cf-pop: SEA19-C1, SEA73-P1 x-cache: Hit from cloudfront x-amz-cf-id: mToVKJcSAtJB1AOuQ-Y9o_EZzyhUuZJivVa3DLql5FwzK4NC82kh5Q== via: 1.1 27a84054de24e45f952ea4056a821764.cloudfront.net (CloudFront), 1.1 0d4ebcaa87ba94709def0eaac9371e5a.cloudfront.net (CloudFront), 1.1 google date: Sun, 25 Sep 2022 22:06:17 GMT age: 79233 etag: "e49306a3713cb724be024a4ddb5e90645718a718" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 8637 Md5: d02ede0c964f3346fd53ae2950bf2a62 Sha1: e49306a3713cb724be024a4ddb5e90645718a718 Sha256: c0e653d89656016c55aca9b198b9191620f1ae9a3c45742a90744bd74c4f9505
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Febd85aa2-fe15-49c2-aa3e-38b97cb99849.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: 508a1c7d350fcf82d1ece0b99f8557b2f300c7c1148f28c3ae9fece20530e4b6 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 5157 x-amzn-requestid: b5748f49-693f-4bc3-a850-cb68e770de24 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: ZCUG9GUHIAMF7pw= x-content-type-options: nosniff x-amzn-trace-id: Root=1-6330cd5f-5d2aaa212cf1be2506593746;Sampled=0 x-amzn-remapped-date: Sun, 25 Sep 2022 21:51:27 GMT x-amz-cf-pop: HIO50-C1, SEA73-P1 x-cache: Miss from cloudfront x-amz-cf-id: 4h9lb_7egxb2hBbxjcS_cpZ5lDq6Lx-c_WUZyRHdUA0YTwr6kgDuiQ== via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google date: Sun, 25 Sep 2022 22:10:16 GMT age: 78994 etag: "85e378d0fff856832a8dd01743516b9476fed8c6" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 5157 Md5: 2fe8c4f0c70fb6c1f4259eabedc7015e Sha1: 85e378d0fff856832a8dd01743516b9476fed8c6 Sha256: 508a1c7d350fcf82d1ece0b99f8557b2f300c7c1148f28c3ae9fece20530e4b6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff3689ec8-63b4-42ae-b7d5-a9b4b63af788.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: 620fe39cf421ed3a21e968570f7e863d69224113be867ec2457ed3850ea113f6 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 5980 x-amzn-requestid: fbf0c390-da24-49e2-8492-43e29e5d4bb3 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: ZCTHCGJVoAMFgxA= x-content-type-options: nosniff x-amzn-trace-id: Root=1-6330cbc6-1f9b1b7d63467c58702e6d7e;Sampled=0 x-amzn-remapped-date: Sun, 25 Sep 2022 21:44:38 GMT x-amz-cf-pop: SEA19-C1, SEA73-P1 x-cache: Hit from cloudfront x-amz-cf-id: pt7rJi8EIQFBk0gHQZ1WnjvThPba86XZCGFs83l1ZW2dj-_6bZprAA== via: 1.1 ec2a2c75c16156e4d43504606c118b90.cloudfront.net (CloudFront), 1.1 31119c39c5a6dc62dfa1fe940afd7be2.cloudfront.net (CloudFront), 1.1 google date: Sun, 25 Sep 2022 21:49:56 GMT age: 80214 etag: "12aac1bd22e675f09a220de08b4656e801c2e647" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 5980 Md5: ef17205adb2b478d3bff54b048208d22 Sha1: 12aac1bd22e675f09a220de08b4656e801c2e647 Sha256: 620fe39cf421ed3a21e968570f7e863d69224113be867ec2457ed3850ea113f6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc9985e6-5fe2-4d64-8060-3ea9e7ea528d.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: 33fe3394213e01d11c3e005cb5a678ba74511704d4132fc2bd9f7ad4e1b7dbfc 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 10318 x-amzn-requestid: 6a205445-8a9e-4f25-b144-ba6e6934d383 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: ZCSlhFNAIAMFmBA= x-content-type-options: nosniff x-amzn-trace-id: Root=1-6330caef-61ecbf9154cd56131b940ac0;Sampled=0 x-amzn-remapped-date: Sun, 25 Sep 2022 21:41:04 GMT x-amz-cf-pop: HIO50-C1, SEA73-P1 x-cache: Miss from cloudfront x-amz-cf-id: qP5-TglQAoTGc78-rIK27mKRTS_WthN0OpiiMqSF-y2rmWxVOyfNVw== via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google date: Sun, 25 Sep 2022 21:57:14 GMT age: 79776 etag: "cde7845f38c4c077f1f1cfda1d1e3b00065d3ac3" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 10318 Md5: a90590f26bae9ad9e95ffdfbfb7dd21d Sha1: cde7845f38c4c077f1f1cfda1d1e3b00065d3ac3 Sha256: 33fe3394213e01d11c3e005cb5a678ba74511704d4132fc2bd9f7ad4e1b7dbfc
POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 84 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: ocsp.pki.goog/gts1c3 FQDN: ocsp.pki.goog IP: 142.250.74.3 HASH: c3bdc9bb12c7c951ca2d861c95156de2c724acc82386e882864c464132e07ac3 142.250.74.3 HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Mon, 26 Sep 2022 20:06:51 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 472 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN --- Additional Info --- Magic: data Size: 472 Md5: bc7883d0a03d9c3559288a600fecc70a Sha1: b0e538996510ec8c861264cba4bf79fa73f6f7d6 Sha256: c3bdc9bb12c7c951ca2d861c95156de2c724acc82386e882864c464132e07ac3
GET /afs/gen_204?client=dp-teaminternet12_3ph&output=uds_ads_only&zx=5lah184f3sdl&aqid=WQYyY_79Eo7AYYX4p6AJ&psid=1420240428&pbt=bs&adbx=369&adby=97&adbh=711&adbw=530&adbah=170%2C170%2C170%2C182&adbn=master-1&eawp=partner-dp-teaminternet12_3ph&errv=475283328&csala=13%7C0%7C182%7C60%7C227&lle=0&llm=1000&ifv=1&usr=1 HTTP/1.1 Host: www.google.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: http://www1.clasroyale.com/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site	URL: www.google.com/afs/gen_204?client=dp-teaminternet12_3ph (...) FQDN: www.google.com IP: 142.250.74.164 HASH: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 142.250.74.164 HTTP/2 204 No Content content-type: text/html; charset=UTF-8 p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info." date: Mon, 26 Sep 2022 20:06:51 GMT server: gws content-length: 0 x-xss-protection: 0 x-frame-options: SAMEORIGIN set-cookie: NID=511=Lqh_Zqv6Zg4mo8EhNApuVdwAyxanBodN_nt9IHQnoFYbClajpH3XChIJP1S5O9r-aK_GVzdHk_uyaFvoy9aFO4rMLm4NH_LNx0nm-Ezjwe1JemcZvt9pyoN1UQqobX1q7zAgN_exwO6KlhpVAtj6NOljETVFQU4ZZ5q-VWA4L18; expires=Tue, 28-Mar-2023 20:06:51 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none CONSENT=PENDING+713; expires=Wed, 25-Sep-2024 20:06:51 GMT; path=/; domain=.google.com; Secure alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" X-Firefox-Spdy: h2 --- Additional Info --- Magic: Size: 0 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 84 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: ocsp.pki.goog/gts1c3 FQDN: ocsp.pki.goog IP: 142.250.74.3 HASH: 63378e949c0ea9564e7660ea0522ce7a59727a0a5232b81b77f8525899f67a2b 142.250.74.3 HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Mon, 26 Sep 2022 20:06:51 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 472 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN --- Additional Info --- Magic: data Size: 472 Md5: 4474bfba80fa3257384d1c908e1353bf Sha1: 9a2869a3888743d575e6f87d2a7479d5d97fa123 Sha256: 63378e949c0ea9564e7660ea0522ce7a59727a0a5232b81b77f8525899f67a2b
GET /adsense/domains/caf.js HTTP/1.1 Host: afs.googlesyndication.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://afs.googlesyndication.com/ Connection: keep-alive Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin TE: trailers	URL: afs.googlesyndication.com/adsense/domains/caf.js FQDN: afs.googlesyndication.com IP: 142.250.74.34 142.250.74.34 HTTP/2 200 OK content-type: text/javascript; charset=UTF-8 accept-ranges: bytes vary: Accept-Encoding content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui cross-origin-resource-policy: cross-origin cross-origin-opener-policy: same-origin; report-to="ads-afs-ui" report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]} date: Mon, 26 Sep 2022 20:06:49 GMT expires: Mon, 26 Sep 2022 20:06:49 GMT cache-control: private, max-age=3600 etag: "689739186490289194" x-content-type-options: nosniff content-encoding: gzip server: sffe x-xss-protection: 0 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" X-Firefox-Spdy: h2 --- Additional Info ---

                                        
                                            GET /v1/ HTTP/1.1 

                                        
                                            
Host: firefox.settings.services.mozilla.com

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Sec-Fetch-Dest: empty 

                                        
                                            
Sec-Fetch-Mode: cors 

                                        
                                            
Sec-Fetch-Site: cross-site

                                         143.204.55.27

                                        
                                            HTTP/1.1 200 OK 

                                        
                                            
Content-Type: application/json

                                        

                                        
                                            
Content-Length: 939 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Access-Control-Allow-Origin: * 

                                        
                                            
Access-Control-Expose-Headers: Alert, Content-Type, Backoff, Content-Length, Retry-After 

                                        
                                            
Cache-Control: max-age=3600 

                                        
                                            
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; 

                                        
                                            
Date: Mon, 26 Sep 2022 19:15:19 GMT 

                                        
                                            
X-Content-Type-Options: nosniff 

                                        
                                            
X-Cache: Hit from cloudfront 

                                        
                                            
Via: 1.1 83a23d85c009b0c0e3626072e9f997fe.cloudfront.net (CloudFront) 

                                        
                                            
X-Amz-Cf-Pop: OSL50-C1 

                                        
                                            
X-Amz-Cf-Id: 7mcaiGxP2BJOrlP5qtnOVjT0663CVfad3V0GNxgjqK8OA9dxPHmQxQ== 

                                        
                                            
Age: 3088 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators

                                                Size:   939

                                                Md5:    1b3053fa528e28810f8a2cc9284cc921

                                                Sha1:   cca9eb471d941881a6b9a1793aecb6c281908f6a

                                                Sha256: a2427848ba35575dda8a82cf88f104978234c05389deebc3fc8279d9075eff45

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1 

                                        
                                            
Host: content-signature-2.cdn.mozilla.net

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Sec-Fetch-Dest: empty 

                                        
                                            
Sec-Fetch-Mode: no-cors 

                                        
                                            
Sec-Fetch-Site: cross-site

                                         34.160.144.191

                                        
                                            HTTP/2 200 OK 

                                        
                                            
content-type: binary/octet-stream

                                        

                                        
                                            
x-amz-id-2: YfispacBZBNJXzwrDTqNv0iZq3QxvvgMAxN7frNg4hbiWy1S2y+uyGzfYFltVQps8qihnm/+SCq7yhy6dCOaiw== 

                                        
                                            
x-amz-request-id: 846DBTW7WK14Z9YF 

                                        
                                            
content-disposition: attachment 

                                        
                                            
accept-ranges: bytes 

                                        
                                            
server: AmazonS3 

                                        
                                            
content-length: 5348 

                                        
                                            
via: 1.1 google 

                                        
                                            
date: Mon, 26 Sep 2022 19:50:06 GMT 

                                        
                                            
age: 1002 

                                        
                                            
last-modified: Sat, 10 Sep 2022 18:47:45 GMT 

                                        
                                            
etag: "6113f8408c59aebe188d6af273b90743" 

                                        
                                            
cache-control: public,max-age=3600 

                                        
                                            
alt-svc: clear 

                                        
                                            
X-Firefox-Spdy: h2 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  PEM certificate\012- , ASCII text

                                                Size:   5348

                                                Md5:    6113f8408c59aebe188d6af273b90743

                                                Sha1:   7398873bf00f99944eaa77ad3ebc0d43c23dba6b

                                                Sha256: b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770

                                        
                                            GET /?tm=1&subid4=1664222807.0137960000&kw=games&KW1=Play%20Mobile%20Phone%20Games&KW2=Play%20Online%20Games&KW3=Gamified%20Rewards%20Programs&KW4=How%20To%20Become%20A%20Video%20Game%20Tester&searchbox=0&domainname=0&backfill=0 HTTP/1.1 

                                        
                                            
Host: www1.clasroyale.com

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 

                                        
                                            
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Upgrade-Insecure-Requests: 1

                                         99.83.136.84

                                        
                                            HTTP/1.1 200 OK 

                                        
                                            
Content-Type: text/html; charset=UTF-8

                                        

                                        
                                            
Date: Mon, 26 Sep 2022 20:06:48 GMT 

                                        
                                            
Transfer-Encoding: chunked 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Server: nginx 

                                        
                                            
Vary: Accept-Encoding 

                                        
                                            
X-Buckets: bucket078 

                                        
                                            
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_qEDcWFRyA1XjbMMHKQAiiUOILNL1sezjkCumFUHYWczumQtwZPMCZMs5zSQ7ds/bnXV4d4BXMaKNKQC4RXMOPQ== 

                                        
                                            
X-Template: tpl_Regnitz_twoclick 

                                        
                                            
X-Language: norwegian 

                                        
                                            
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile 

                                        
                                            
Accept-CH-Lifetime: 30 

                                        
                                            
Content-Encoding: gzip 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2934)

                                                Size:   5105

                                                Md5:    8e1181e20fbcf5be8294e26ef65aff10

                                                Sha1:   8268a54a3e43d41e78c1819c9acfc9134fffead7

                                                Sha256: 3d2221d00fac7f087c9f0f41ce30cbb8e97fd1e385f27e1e0bcc307ac8e74cf7

                                        
                                            GET /themes/assets/style.css HTTP/1.1 

                                        
                                            
Host: d38psrni17bvxu.cloudfront.net

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 

                                        
                                            
Accept: text/css,*/*;q=0.1 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Referer: http://www1.clasroyale.com/

                                         54.230.245.138

                                        
                                            HTTP/1.1 200 OK 

                                        
                                            
Content-Type: text/css

                                        

                                        
                                            
Transfer-Encoding: chunked 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Server: nginx 

                                        
                                            
Date: Mon, 26 Sep 2022 09:14:25 GMT 

                                        
                                            
Last-Modified: Tue, 12 May 2020 14:25:52 GMT 

                                        
                                            
Content-Encoding: gzip 

                                        
                                            
ETag: W/"5ebab1f0-33d" 

                                        
                                            
Vary: Accept-Encoding 

                                        
                                            
X-Cache: Hit from cloudfront 

                                        
                                            
Via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront) 

                                        
                                            
X-Amz-Cf-Pop: OSL50-P1 

                                        
                                            
X-Amz-Cf-Id: WabNo2wFgD75TITCqLGB7kK_Z1dJ6xXeAWlfMjsXsF85dPwq2fJ9Hw== 

                                        
                                            
Age: 39143 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  ASCII text

                                                Size:   343

                                                Md5:    03a4a8c322fc0c99b0ee7cbbcc9eabcd

                                                Sha1:   6fc193276de2a3458cd853c474cb9269b900e00d

                                                Sha256: a535d2296792cb37a2bbad1d9d0546e3383a8a5bfac0d9edda15795c226bddf7

                                        
                                            GET /adsense/domains/caf.js HTTP/1.1 

                                        
                                            
Host: www.google.com

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Referer: http://www1.clasroyale.com/

                                         142.250.74.164

                                        
                                            HTTP/1.1 200 OK 

                                        
                                            
Content-Type: text/javascript; charset=UTF-8

                                        

                                        
                                            
Accept-Ranges: bytes 

                                        
                                            
Vary: Accept-Encoding 

                                        
                                            
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui 

                                        
                                            
Cross-Origin-Resource-Policy: cross-origin 

                                        
                                            
Cross-Origin-Opener-Policy: same-origin; report-to="ads-afs-ui" 

                                        
                                            
Report-To: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]} 

                                        
                                            
Date: Mon, 26 Sep 2022 20:06:48 GMT 

                                        
                                            
Expires: Mon, 26 Sep 2022 20:06:48 GMT 

                                        
                                            
Cache-Control: private, max-age=3600 

                                        
                                            
ETag: "10576084047166745669" 

                                        
                                            
X-Content-Type-Options: nosniff 

                                        
                                            
Content-Encoding: gzip 

                                        
                                            
Transfer-Encoding: chunked 

                                        
                                            
Server: sffe 

                                        
                                            
X-XSS-Protection: 0 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  ASCII text, with very long lines (1885)

                                                Size:   53925

                                                Md5:    7648ddd3a5177ed3286a8601181da1a4

                                                Sha1:   ea311b66b51e647caf6bc905d2cc7496c4831b09

                                                Sha256: 1d29e7d5e35795c39017bc2e71b85fefc463bfddb445407bb95234fdbdb7d3a1

                                        
                                            POST / HTTP/1.1 

                                        
                                            
Host: ocsp.digicert.com

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Content-Type: application/ocsp-request 

                                        
                                            
Content-Length: 83 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Pragma: no-cache 

                                        
                                            
Cache-Control: no-cache

                                         93.184.220.29

                                        
                                            HTTP/1.1 200 OK 

                                        
                                            
Content-Type: application/ocsp-response

                                        

                                        
                                            
Accept-Ranges: bytes 

                                        
                                            
Age: 412 

                                        
                                            
Cache-Control: 'max-age=158059' 

                                        
                                            
Date: Mon, 26 Sep 2022 20:06:48 GMT 

                                        
                                            
Last-Modified: Mon, 26 Sep 2022 19:59:56 GMT 

                                        
                                            
Server: ECS (ska/F6FD) 

                                        
                                            
X-Cache: HIT 

                                        
                                            
Content-Length: 471 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  data

                                                Size:   471

                                                Md5:    5adb7eb1d103eadeeafac36e663ffdd3

                                                Sha1:   23b784388dd634fa736cd60aed71570661e73d02

                                                Sha256: 5c95ba48bc342887b4f7ef697bd4def50f6f2f472f654169179e5ac44df883d9

                                        
                                            GET / HTTP/1.1 

                                        
                                            
Host: push.services.mozilla.com

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Sec-WebSocket-Version: 13 

                                        
                                            
Origin: wss://push.services.mozilla.com/ 

                                        
                                            
Sec-WebSocket-Protocol: push-notification 

                                        
                                            
Sec-WebSocket-Extensions: permessage-deflate 

                                        
                                            
Sec-WebSocket-Key: QHzfiuUGsfTaDAq1/Jx65w== 

                                        
                                            
Connection: keep-alive, Upgrade 

                                        
                                            
Sec-Fetch-Dest: websocket 

                                        
                                            
Sec-Fetch-Mode: websocket 

                                        
                                            
Sec-Fetch-Site: cross-site 

                                        
                                            
Pragma: no-cache 

                                        
                                            
Cache-Control: no-cache 

                                        
                                            
Upgrade: websocket

                                         54.187.160.31

                                        
                                            HTTP/1.1 101 Switching Protocols

                                        

                                        
                                            
Connection: Upgrade 

                                        
                                            
Upgrade: websocket 

                                        
                                            
Sec-WebSocket-Accept: 6yb1dqiqtCJYilCa8W3Pb1/5Rss= 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  

                                                Size:   0

                                                Md5:    d41d8cd98f00b204e9800998ecf8427e

                                                Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                        
                                            GET /track.php?domain=clasroyale.com&toggle=browserjs&uid=MTY2NDIyMjgwOC4xMDI2OjMxMWIwZTk0MWE4ZWYxYmRiZDBkOGJlMmNlMjlkZTNmMjhkZmNkNjY1ZjQ1ZGU5NWYxY2MxOWZkY2E0NzAzNjg6NjMzMjA2NTgxOTBlMQ%3D%3D HTTP/1.1 

                                        
                                            
Host: www1.clasroyale.com

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Referer: http://www1.clasroyale.com/?tm=1&subid4=1664222807.0137960000&kw=games&KW1=Play%20Mobile%20Phone%20Games&KW2=Play%20Online%20Games&KW3=Gamified%20Rewards%20Programs&KW4=How%20To%20Become%20A%20Video%20Game%20Tester&searchbox=0&domainname=0&backfill=0

                                         99.83.136.84

                                        
                                            HTTP/1.1 200 OK 

                                        
                                            
Content-Type: text/html; charset=UTF-8

                                        

                                        
                                            
Date: Mon, 26 Sep 2022 20:06:49 GMT 

                                        
                                            
Transfer-Encoding: chunked 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Server: nginx 

                                        
                                            
Vary: Accept-Encoding 

                                        
                                            
X-Custom-Track: browserjs 

                                        
                                            
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile 

                                        
                                            
Accept-CH-Lifetime: 30 

                                        
                                            
Access-Control-Allow-Origin: * 

                                        
                                            
Content-Encoding: gzip 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  data

                                                Size:   20

                                                Md5:    a4745abc5e7fdb89cc6df3069f3c6e69

                                                Sha1:   74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed

                                                Sha256: d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf

                                        
                                            POST /gts1c3 HTTP/1.1 

                                        
                                            
Host: ocsp.pki.goog

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Content-Type: application/ocsp-request 

                                        
                                            
Content-Length: 84 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Pragma: no-cache 

                                        
                                            
Cache-Control: no-cache

                                         142.250.74.3

                                        
                                            HTTP/1.1 200 OK 

                                        
                                            
Content-Type: application/ocsp-response

                                        

                                        
                                            
Date: Mon, 26 Sep 2022 20:06:49 GMT 

                                        
                                            
Cache-Control: public, max-age=14400 

                                        
                                            
Server: ocsp_responder 

                                        
                                            
Content-Length: 472 

                                        
                                            
X-XSS-Protection: 0 

                                        
                                            
X-Frame-Options: SAMEORIGIN 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  data

                                                Size:   472

                                                Md5:    8cd97aaf3e95e1e9bbdf8b739727d7cd

                                                Sha1:   858cf438048356fc972c737cc84e1439c18dec5e

                                                Sha256: 18e601b130747b5b70afa4a4614e9b7d8c7f3df5cd72725e1488c5b411a452e9

                                        
                                            GET /gampad/cookie.js?domain=www1.clasroyale.com&client=dp-teaminternet12_3ph&product=SAS&callback=__sasCookie HTTP/1.1 

                                        
                                            
Host: partner.googleadservices.com

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Referer: http://www1.clasroyale.com/ 

                                        
                                            
Sec-Fetch-Dest: script 

                                        
                                            
Sec-Fetch-Mode: no-cors 

                                        
                                            
Sec-Fetch-Site: cross-site

                                         172.217.21.162

                                        
                                            HTTP/2 200 OK 

                                        
                                            
content-type: text/javascript; charset=UTF-8

                                        

                                        
                                            
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" 

                                        
                                            
timing-allow-origin: * 

                                        
                                            
cross-origin-resource-policy: cross-origin 

                                        
                                            
x-content-type-options: nosniff 

                                        
                                            
content-disposition: attachment; filename="f.txt" 

                                        
                                            
content-encoding: gzip 

                                        
                                            
date: Mon, 26 Sep 2022 20:06:49 GMT 

                                        
                                            
server: cafe 

                                        
                                            
cache-control: private 

                                        
                                            
content-length: 181 

                                        
                                            
x-xss-protection: 0 

                                        
                                            
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" 

                                        
                                            
X-Firefox-Spdy: h2 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  ASCII text, with no line terminators

                                                Size:   181

                                                Md5:    73acc4c683aa6b023a70eb82f3ad9877

                                                Sha1:   06717b5e64eaef681ad0f02c231f985bfb2f8182

                                                Sha256: d183cd6bf16de1a732c7bfb184701d2ee6fa79d0e87353605bcaf3abd61f00a8

                                        
                                            POST /gts1c3 HTTP/1.1 

                                        
                                            
Host: ocsp.pki.goog

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Content-Type: application/ocsp-request 

                                        
                                            
Content-Length: 84 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Pragma: no-cache 

                                        
                                            
Cache-Control: no-cache

                                         142.250.74.3

                                        
                                            HTTP/1.1 200 OK 

                                        
                                            
Content-Type: application/ocsp-response

                                        

                                        
                                            
Date: Mon, 26 Sep 2022 20:06:49 GMT 

                                        
                                            
Cache-Control: public, max-age=14400 

                                        
                                            
Server: ocsp_responder 

                                        
                                            
Content-Length: 472 

                                        
                                            
X-XSS-Protection: 0 

                                        
                                            
X-Frame-Options: SAMEORIGIN 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  data

                                                Size:   472

                                                Md5:    83ce30306f9844b38a8e5d4c9146e333

                                                Sha1:   a2a8a135c949784b4d2153954593411074fd0425

                                                Sha256: 939a3899d3ba41e4868adabbfe5f0c49ecaa1bce8b1cb109327dc2dd6311ad5b

                                        
                                            POST /gts1c3 HTTP/1.1 

                                        
                                            
Host: ocsp.pki.goog

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Content-Type: application/ocsp-request 

                                        
                                            
Content-Length: 83 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Pragma: no-cache 

                                        
                                            
Cache-Control: no-cache

                                         142.250.74.3

                                        
                                            HTTP/1.1 200 OK 

                                        
                                            
Content-Type: application/ocsp-response

                                        

                                        
                                            
Date: Mon, 26 Sep 2022 20:06:49 GMT 

                                        
                                            
Cache-Control: public, max-age=14400 

                                        
                                            
Server: ocsp_responder 

                                        
                                            
Content-Length: 471 

                                        
                                            
X-XSS-Protection: 0 

                                        
                                            
X-Frame-Options: SAMEORIGIN 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  data

                                                Size:   471

                                                Md5:    b6908b750175e1c2e2af86c77945ed11

                                                Sha1:   ea6bc6f581500a0974977bbef6bd3432c181bc0f

                                                Sha256: 1dde4f6f372d8e056a96129e101a31d04a0f97448c66df7175251060c6a8d0cd

                                        
                                            GET /ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff HTTP/1.1 

                                        
                                            
Host: afs.googleusercontent.com

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 

                                        
                                            
Accept: image/avif,image/webp,*/* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Referer: https://afs.googlesyndication.com/ 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Sec-Fetch-Dest: image 

                                        
                                            
Sec-Fetch-Mode: no-cors 

                                        
                                            
Sec-Fetch-Site: cross-site

                                         142.250.74.33

                                        
                                            HTTP/2 200 OK 

                                        
                                            
content-type: image/svg+xml

                                        

                                        
                                            
accept-ranges: bytes 

                                        
                                            
vary: Accept-Encoding 

                                        
                                            
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers 

                                        
                                            
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers" 

                                        
                                            
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]} 

                                        
                                            
content-length: 174 

                                        
                                            
x-content-type-options: nosniff 

                                        
                                            
content-encoding: gzip 

                                        
                                            
server: sffe 

                                        
                                            
x-xss-protection: 0 

                                        
                                            
date: Mon, 26 Sep 2022 02:03:14 GMT 

                                        
                                            
expires: Tue, 27 Sep 2022 01:03:14 GMT 

                                        
                                            
cache-control: public, max-age=82800 

                                        
                                            
age: 65015 

                                        
                                            
last-modified: Thu, 22 Oct 2020 21:45:00 GMT 

                                        
                                            
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" 

                                        
                                            
X-Firefox-Spdy: h2 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  SVG Scalable Vector Graphics image\012- , ASCII text, with no line terminators

                                                Size:   174

                                                Md5:    4de8b85c8915995b571bde50e231be7c

                                                Sha1:   29c226ca7b9cbe1d44e5480ce95bbb42727b2d99

                                                Sha256: 2ec9168c4507546748c5f400f5030031f0eb06f2aed8deaa11362c395bff4f7a

                                        
                                            POST /gts1c3 HTTP/1.1 

                                        
                                            
Host: ocsp.pki.goog

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Content-Type: application/ocsp-request 

                                        
                                            
Content-Length: 83 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Pragma: no-cache 

                                        
                                            
Cache-Control: no-cache

                                         142.250.74.3

                                        
                                            HTTP/1.1 200 OK 

                                        
                                            
Content-Type: application/ocsp-response

                                        

                                        
                                            
Date: Mon, 26 Sep 2022 20:06:49 GMT 

                                        
                                            
Cache-Control: public, max-age=14400 

                                        
                                            
Server: ocsp_responder 

                                        
                                            
Content-Length: 471 

                                        
                                            
X-XSS-Protection: 0 

                                        
                                            
X-Frame-Options: SAMEORIGIN 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  data

                                                Size:   471

                                                Md5:    ffb1ee0c677f670f393bc590d5c6bd11

                                                Sha1:   494d666d08ace557a8b22aff6045d24bd68c1844

                                                Sha256: 8d9e49545b65e314e949a0d012c664fbe8d2dae912906d1506c2e1243f154258

                                        
                                            POST / HTTP/1.1 

                                        
                                            
Host: r3.o.lencr.org

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Content-Type: application/ocsp-request 

                                        
                                            
Content-Length: 85 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Pragma: no-cache 

                                        
                                            
Cache-Control: no-cache

                                         23.36.76.226

                                        
                                            HTTP/1.1 200 OK 

                                        
                                            
Content-Type: application/ocsp-response

                                        

                                        
                                            
Server: nginx 

                                        
                                            
Content-Length: 503 

                                        
                                            
ETag: "519E9B47DDFA1E1FE047F4DC7DF88E3011817F88144FCC3853A7984A781C2070" 

                                        
                                            
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC 

                                        
                                            
Cache-Control: public, no-transform, must-revalidate, max-age=3133 

                                        
                                            
Expires: Mon, 26 Sep 2022 20:59:03 GMT 

                                        
                                            
Date: Mon, 26 Sep 2022 20:06:50 GMT 

                                        
                                            
Connection: keep-alive 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  data

                                                Size:   503

                                                Md5:    5a6097201b7da81f6e9a6d99a7353a0c

                                                Sha1:   d4240fe80c76013b9f7b6fd09963aa47151b8d6a

                                                Sha256: 519e9b47ddfa1e1fe047f4dc7df88e3011817f88144fcc3853a7984a781c2070

                                        
                                            POST / HTTP/1.1 

                                        
                                            
Host: r3.o.lencr.org

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Content-Type: application/ocsp-request 

                                        
                                            
Content-Length: 85 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Pragma: no-cache 

                                        
                                            
Cache-Control: no-cache

                                         23.36.76.226

                                        
                                            HTTP/1.1 200 OK 

                                        
                                            
Content-Type: application/ocsp-response

                                        

                                        
                                            
Server: nginx 

                                        
                                            
Content-Length: 503 

                                        
                                            
ETag: "519E9B47DDFA1E1FE047F4DC7DF88E3011817F88144FCC3853A7984A781C2070" 

                                        
                                            
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC 

                                        
                                            
Cache-Control: public, no-transform, must-revalidate, max-age=3133 

                                        
                                            
Expires: Mon, 26 Sep 2022 20:59:03 GMT 

                                        
                                            
Date: Mon, 26 Sep 2022 20:06:50 GMT 

                                        
                                            
Connection: keep-alive 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  data

                                                Size:   503

                                                Md5:    5a6097201b7da81f6e9a6d99a7353a0c

                                                Sha1:   d4240fe80c76013b9f7b6fd09963aa47151b8d6a

                                                Sha256: 519e9b47ddfa1e1fe047f4dc7df88e3011817f88144fcc3853a7984a781c2070

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7838a122-2b2e-4e4c-9bcc-7c6b46a93b1e.jpeg HTTP/1.1 

                                        
                                            
Host: img-getpocket.cdn.mozilla.net

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 

                                        
                                            
Accept: image/avif,image/webp,*/* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Origin: null 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Sec-Fetch-Dest: image 

                                        
                                            
Sec-Fetch-Mode: cors 

                                        
                                            
Sec-Fetch-Site: cross-site

                                         34.120.237.76

                                        
                                            HTTP/2 200 OK 

                                        
                                            
content-type: image/jpeg

                                        

                                        
                                            
server: nginx 

                                        
                                            
content-length: 11728 

                                        
                                            
x-amzn-requestid: bf60e58f-c4f4-45c7-923b-0d1539f720f5 

                                        
                                            
x-xss-protection: 1; mode=block 

                                        
                                            
access-control-allow-origin: * 

                                        
                                            
strict-transport-security: max-age=63072000; includeSubdomains; preload 

                                        
                                            
x-frame-options: DENY 

                                        
                                            
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' 

                                        
                                            
x-amz-apigw-id: ZCUCGGw7oAMF3wQ= 

                                        
                                            
x-content-type-options: nosniff 

                                        
                                            
x-amzn-trace-id: Root=1-6330cd40-32043c1b1411544f5d00edc0;Sampled=0 

                                        
                                            
x-amzn-remapped-date: Sun, 25 Sep 2022 21:50:56 GMT 

                                        
                                            
x-amz-cf-pop: HIO50-C1, SEA73-P1 

                                        
                                            
x-cache: Hit from cloudfront 

                                        
                                            
x-amz-cf-id: ZRG0Axnhc5RY5rDbnnbauco9dpPeFdkP01UxkpNYI5pgSbfGKWcikw== 

                                        
                                            
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google 

                                        
                                            
date: Sun, 25 Sep 2022 22:16:26 GMT 

                                        
                                            
age: 78624 

                                        
                                            
etag: "9660bb2d38079182efbd11d7a687bfc7f9d30751" 

                                        
                                            
cache-control: max-age=3600,public,public 

                                        
                                            
alt-svc: clear 

                                        
                                            
X-Firefox-Spdy: h2 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

                                                Size:   11728

                                                Md5:    968b9c138702fb5994d1d9eab1a697fa

                                                Sha1:   9660bb2d38079182efbd11d7a687bfc7f9d30751

                                                Sha256: 5ba74820ad451747c8ed25529f06b037bebf4c0616a1f2165c9197c1171db7a6

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Febd85aa2-fe15-49c2-aa3e-38b97cb99849.jpeg HTTP/1.1 

                                        
                                            
Host: img-getpocket.cdn.mozilla.net

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 

                                        
                                            
Accept: image/avif,image/webp,*/* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Origin: null 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Sec-Fetch-Dest: image 

                                        
                                            
Sec-Fetch-Mode: cors 

                                        
                                            
Sec-Fetch-Site: cross-site

                                         34.120.237.76

                                        
                                            HTTP/2 200 OK 

                                        
                                            
content-type: image/jpeg

                                        

                                        
                                            
server: nginx 

                                        
                                            
content-length: 5157 

                                        
                                            
x-amzn-requestid: b5748f49-693f-4bc3-a850-cb68e770de24 

                                        
                                            
x-xss-protection: 1; mode=block 

                                        
                                            
access-control-allow-origin: * 

                                        
                                            
strict-transport-security: max-age=63072000; includeSubdomains; preload 

                                        
                                            
x-frame-options: DENY 

                                        
                                            
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' 

                                        
                                            
x-amz-apigw-id: ZCUG9GUHIAMF7pw= 

                                        
                                            
x-content-type-options: nosniff 

                                        
                                            
x-amzn-trace-id: Root=1-6330cd5f-5d2aaa212cf1be2506593746;Sampled=0 

                                        
                                            
x-amzn-remapped-date: Sun, 25 Sep 2022 21:51:27 GMT 

                                        
                                            
x-amz-cf-pop: HIO50-C1, SEA73-P1 

                                        
                                            
x-cache: Miss from cloudfront 

                                        
                                            
x-amz-cf-id: 4h9lb_7egxb2hBbxjcS_cpZ5lDq6Lx-c_WUZyRHdUA0YTwr6kgDuiQ== 

                                        
                                            
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google 

                                        
                                            
date: Sun, 25 Sep 2022 22:10:16 GMT 

                                        
                                            
age: 78994 

                                        
                                            
etag: "85e378d0fff856832a8dd01743516b9476fed8c6" 

                                        
                                            
cache-control: max-age=3600,public,public 

                                        
                                            
alt-svc: clear 

                                        
                                            
X-Firefox-Spdy: h2 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

                                                Size:   5157

                                                Md5:    2fe8c4f0c70fb6c1f4259eabedc7015e

                                                Sha1:   85e378d0fff856832a8dd01743516b9476fed8c6

                                                Sha256: 508a1c7d350fcf82d1ece0b99f8557b2f300c7c1148f28c3ae9fece20530e4b6

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc9985e6-5fe2-4d64-8060-3ea9e7ea528d.jpeg HTTP/1.1 

                                        
                                            
Host: img-getpocket.cdn.mozilla.net

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 

                                        
                                            
Accept: image/avif,image/webp,*/* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Origin: null 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Sec-Fetch-Dest: image 

                                        
                                            
Sec-Fetch-Mode: cors 

                                        
                                            
Sec-Fetch-Site: cross-site

                                         34.120.237.76

                                        
                                            HTTP/2 200 OK 

                                        
                                            
content-type: image/jpeg

                                        

                                        
                                            
server: nginx 

                                        
                                            
content-length: 10318 

                                        
                                            
x-amzn-requestid: 6a205445-8a9e-4f25-b144-ba6e6934d383 

                                        
                                            
x-xss-protection: 1; mode=block 

                                        
                                            
access-control-allow-origin: * 

                                        
                                            
strict-transport-security: max-age=63072000; includeSubdomains; preload 

                                        
                                            
x-frame-options: DENY 

                                        
                                            
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' 

                                        
                                            
x-amz-apigw-id: ZCSlhFNAIAMFmBA= 

                                        
                                            
x-content-type-options: nosniff 

                                        
                                            
x-amzn-trace-id: Root=1-6330caef-61ecbf9154cd56131b940ac0;Sampled=0 

                                        
                                            
x-amzn-remapped-date: Sun, 25 Sep 2022 21:41:04 GMT 

                                        
                                            
x-amz-cf-pop: HIO50-C1, SEA73-P1 

                                        
                                            
x-cache: Miss from cloudfront 

                                        
                                            
x-amz-cf-id: qP5-TglQAoTGc78-rIK27mKRTS_WthN0OpiiMqSF-y2rmWxVOyfNVw== 

                                        
                                            
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google 

                                        
                                            
date: Sun, 25 Sep 2022 21:57:14 GMT 

                                        
                                            
age: 79776 

                                        
                                            
etag: "cde7845f38c4c077f1f1cfda1d1e3b00065d3ac3" 

                                        
                                            
cache-control: max-age=3600,public,public 

                                        
                                            
alt-svc: clear 

                                        
                                            
X-Firefox-Spdy: h2 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

                                                Size:   10318

                                                Md5:    a90590f26bae9ad9e95ffdfbfb7dd21d

                                                Sha1:   cde7845f38c4c077f1f1cfda1d1e3b00065d3ac3

                                                Sha256: 33fe3394213e01d11c3e005cb5a678ba74511704d4132fc2bd9f7ad4e1b7dbfc

                                        
                                            GET /afs/gen_204?client=dp-teaminternet12_3ph&output=uds_ads_only&zx=5lah184f3sdl&aqid=WQYyY_79Eo7AYYX4p6AJ&psid=1420240428&pbt=bs&adbx=369&adby=97&adbh=711&adbw=530&adbah=170%2C170%2C170%2C182&adbn=master-1&eawp=partner-dp-teaminternet12_3ph&errv=475283328&csala=13%7C0%7C182%7C60%7C227&lle=0&llm=1000&ifv=1&usr=1 HTTP/1.1 

                                        
                                            
Host: www.google.com

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 

                                        
                                            
Accept: image/avif,image/webp,*/* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Referer: http://www1.clasroyale.com/ 

                                        
                                            
Sec-Fetch-Dest: image 

                                        
                                            
Sec-Fetch-Mode: no-cors 

                                        
                                            
Sec-Fetch-Site: cross-site

                                         142.250.74.164

                                        
                                            HTTP/2 204 No Content 

                                        
                                            
content-type: text/html; charset=UTF-8

                                        

                                        
                                            
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info." 

                                        
                                            
date: Mon, 26 Sep 2022 20:06:51 GMT 

                                        
                                            
server: gws 

                                        
                                            
content-length: 0 

                                        
                                            
x-xss-protection: 0 

                                        
                                            
x-frame-options: SAMEORIGIN 

                                        
                                            
set-cookie: NID=511=Lqh_Zqv6Zg4mo8EhNApuVdwAyxanBodN_nt9IHQnoFYbClajpH3XChIJP1S5O9r-aK_GVzdHk_uyaFvoy9aFO4rMLm4NH_LNx0nm-Ezjwe1JemcZvt9pyoN1UQqobX1q7zAgN_exwO6KlhpVAtj6NOljETVFQU4ZZ5q-VWA4L18; expires=Tue, 28-Mar-2023 20:06:51 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+713; expires=Wed, 25-Sep-2024 20:06:51 GMT; path=/; domain=.google.com; Secure 

                                        
                                            
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" 

                                        
                                            
X-Firefox-Spdy: h2 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  

                                                Size:   0

                                                Md5:    d41d8cd98f00b204e9800998ecf8427e

                                                Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                        
                                            GET /adsense/domains/caf.js HTTP/1.1 

                                        
                                            
Host: afs.googlesyndication.com

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Referer: https://afs.googlesyndication.com/ 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Sec-Fetch-Dest: script 

                                        
                                            
Sec-Fetch-Mode: no-cors 

                                        
                                            
Sec-Fetch-Site: same-origin 

                                        
                                            
TE: trailers

                                         142.250.74.34

                                        
                                            HTTP/2 200 OK 

                                        
                                            
content-type: text/javascript; charset=UTF-8

                                        

                                        
                                            
accept-ranges: bytes 

                                        
                                            
vary: Accept-Encoding 

                                        
                                            
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui 

                                        
                                            
cross-origin-resource-policy: cross-origin 

                                        
                                            
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui" 

                                        
                                            
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]} 

                                        
                                            
date: Mon, 26 Sep 2022 20:06:49 GMT 

                                        
                                            
expires: Mon, 26 Sep 2022 20:06:49 GMT 

                                        
                                            
cache-control: private, max-age=3600 

                                        
                                            
etag: "689739186490289194" 

                                        
                                            
x-content-type-options: nosniff 

                                        
                                            
content-encoding: gzip 

                                        
                                            
server: sffe 

                                        
                                            
x-xss-protection: 0 

                                        
                                            
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" 

                                        
                                            
X-Firefox-Spdy: h2 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

URL	clasroyale.com/mtm/direct/.eJxlikEKAjEMRe-S5VgmLnXEs0go0RbSaU0jdBDvbnSpu_f_e094aIYFEAKQ3rqjk_KVldVHMmsLYhTqWjcSnmMtXqTa7bJSYW_-JMXIzdwYD8NkRQK1JjmS5bri-Dy78fsWOd3P-_kYJpy-dIDXG4E_NXc:1ocuMz:v4eCFQaJN4845Q4x57pIb5-u4i4/2
IP	96.126.123.244 (United States)
ASN	#63949 Linode, LLC
UserAgent	Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed	2022-09-26 20:06:58 UTC
Status	Loading report..
IDS alerts	0
Blocklist alert	2
urlquery alerts	No alerts detected
Tags	None

Overview

Domain Summary (15)

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Blocklists

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 96.126.123.244

Last 5 reports on ASN: Linode, LLC

Last 3 reports on domain: clasroyale.com

Last 5 reports with similar screenshot

JavaScript

Executed Scripts (19)

Executed Evals (0)

Executed Writes (0)

HTTP Transactions (43)

Overview

Domain Summary (15)

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro

Blocklists

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 96.126.123.244

Last 5 reports on ASN: Linode, LLC

Last 3 reports on domain: clasroyale.com

Last 5 reports with similar screenshot

JavaScript

Executed Scripts (19)

Executed Evals (0)

Executed Writes (0)

HTTP Transactions (43)

Network Intrusion Detection Systems