oxbkp.track4ref.com/redirect/index?type=script&to=aHR0cDovL294YmtwLnRyYWNrNHJlZi5jb20=&data=aHR0cHM6Ly9nZG10cmNrLmNvbS8/YT0xMTc1NjcmYz0yNzcyMzEmczE9JnMyPWxidGp0NjMyMjJmMDIwMDBmMjlmZCZzMz0mczQ9JnM1PSZzNj0=&action=action_tmp
200 OK 243 B URL HTTP/1.1 oxbkp.track4ref.com/redirect/index?type=script&to=aHR0cDovL294YmtwLnRyYWNrNHJlZi5jb20=&data=aHR0cHM6Ly9nZG10cmNrLmNvbS8/YT0xMTc1NjcmYz0yNzcyMzEmczE9JnMyPWxidGp0NjMyMjJmMDIwMDBmMjlmZCZzMz0mczQ9JnM1PSZzNj0=&action=action_tmp
IP
File type HTML document, ASCII text, with no line terminators
Hash fc0656caa9940370f529d22461b91d22
08310286497f5b33ad41546ee863534ffde28c71
22ef2b9e825327962884d7df10ff5137458fd52128f9eeabd359672912b59941
GET /redirect/index?type=script&to=aHR0cDovL294YmtwLnRyYWNrNHJlZi5jb20=&data=aHR0cHM6Ly9nZG10cmNrLmNvbS8/YT0xMTc1NjcmYz0yNzcyMzEmczE9JnMyPWxidGp0NjMyMjJmMDIwMDBmMjlmZCZzMz0mczQ9JnM1PSZzNj0=&action=action_tmp HTTP/1.1
Host: oxbkp.track4ref.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 14 Sep 2022 19:44:15 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 243
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash b593eb39329cfe060d55be5e4a5405e2
78e46c1028e9f94f8569303ad2d90d7df13a059a
08a810103557efe55ca4425ff0cf82593f1f54633df899127eaec9bee05d4d04
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Alert, Content-Length, Content-Type, Backoff
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 14 Sep 2022 19:09:41 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 6cb1d4b545e7beb4ead790454f4807c6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: r3fVWCuJY8eaIxCmg9U52X6LSCZG-jEZo72EtpHDFVbUg_VobeSFxw==
Age: 2075
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash be88d3e043e3b95b52e41812e50fb634
0318ba1ce487817ea7cba61dd9413bed29213800
b5f178d23e633283f226cca7a9ae79b01e6cab2299ff7065c980d3a9953212fd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B5F178D23E633283F226CCA7A9AE79B01E6CAB2299FF7065C980D3A9953212FD"
Last-Modified: Tue, 13 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16699
Expires: Thu, 15 Sep 2022 00:22:35 GMT
Date: Wed, 14 Sep 2022 19:44:16 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Wed, 14 Sep 2022 04:35:16 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 6a757ab2991da716151f94ca00b38098.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 06Zi5kQE7DBReWv81Ha9YMWEqWtGXMq9AnS_PDqLKfwLV1fn51KloA==
age: 54541
X-Firefox-Spdy: h2
oxbkp.track4ref.com/redirect/index?type=script&to=aHR0cDovL294YmtwLnRyYWNrNHJlZi5jb20=&data=aHR0cHM6Ly9nZG10cmNrLmNvbS8/YT0xMTc1NjcmYz0yNzcyMzEmczE9JnMyPWxidGp0NjMyMjJmMDIwMDBmMjlmZCZzMz0mczQ9JnM1PSZzNj0=&action=action_final
200 OK 121 B URL HTTP/1.1 oxbkp.track4ref.com/redirect/index?type=script&to=aHR0cDovL294YmtwLnRyYWNrNHJlZi5jb20=&data=aHR0cHM6Ly9nZG10cmNrLmNvbS8/YT0xMTc1NjcmYz0yNzcyMzEmczE9JnMyPWxidGp0NjMyMjJmMDIwMDBmMjlmZCZzMz0mczQ9JnM1PSZzNj0=&action=action_final
IP
File type HTML document, ASCII text, with no line terminators
Hash 17f659fcbed7a6c7cf5b03d61f8770d6
e36b81d02a800621c5f490967ce186cb5205ec47
d8146e3e5c0f5df839ddb61a95c8b2d72e7ce09c52d1eadcce5f690c7d242858
GET /redirect/index?type=script&to=aHR0cDovL294YmtwLnRyYWNrNHJlZi5jb20=&data=aHR0cHM6Ly9nZG10cmNrLmNvbS8/YT0xMTc1NjcmYz0yNzcyMzEmczE9JnMyPWxidGp0NjMyMjJmMDIwMDBmMjlmZCZzMz0mczQ9JnM1PSZzNj0=&action=action_final HTTP/1.1
Host: oxbkp.track4ref.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://oxbkp.track4ref.com/redirect/index?type=script&to=aHR0cDovL294YmtwLnRyYWNrNHJlZi5jb20=&data=aHR0cHM6Ly9nZG10cmNrLmNvbS8/YT0xMTc1NjcmYz0yNzcyMzEmczE9JnMyPWxidGp0NjMyMjJmMDIwMDBmMjlmZCZzMz0mczQ9JnM1PSZzNj0=&action=action_tmp
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 14 Sep 2022 19:44:16 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 121
Connection: keep-alive
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 14 Sep 2022 19:44:16 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Wed, 14 Sep 2022 19:03:22 GMT
Cache-Control: max-age=3600
Expires: Wed, 14 Sep 2022 19:37:01 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 8e6dce34fd223e0c9d89fd938d1784a2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: np6384C0FWWk5ceIeB2BM4-KMQJVV2GWM3aqe8q5dFhCcD33UIHYXA==
Age: 2454
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash 015b4faacc193a2dc775918b034b336c
028f4bd51e5b0e03d6c6b2da2e7bd5c5b08863fd
a1af9e973aefa4667b79e73cb4f22690d9871339337cacac173b3c81e2d44155
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: 'max-age=158059'
Date: Wed, 14 Sep 2022 19:44:16 GMT
Server: ECS (dcb/7F5D)
X-Cache: Miss from cloudfront
Via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: u8qsdIStopMJ9nK-DiwCQF9qi1kypCAp5UDdflAflz9FALeH6Gze3g==
ocsp.digicert.com/
200 OK 471 B IP
Hash d3ac56507d17ffff5e8b486406985d68
17d26336cd8ea65af3f23db166945f1b3fbbfbab
e7e321340eed681c1269f715b0214e1511d5762fffbe930e7c157b800afa9a39
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5150
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 14 Sep 2022 19:44:17 GMT
Last-Modified: Wed, 14 Sep 2022 18:18:27 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash b720f3b4fd865c7414e7adfd896776c7
9f05d6393e35db662553e7c7d23fa9c2a7fcd185
249a10812c88ec5ed80af97d37918e0ed939795ec9a4cf13ba7d0c35f003792e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "249A10812C88EC5ED80AF97D37918E0ED939795EC9A4CF13BA7D0C35F003792E"
Last-Modified: Mon, 12 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6692
Expires: Wed, 14 Sep 2022 21:35:49 GMT
Date: Wed, 14 Sep 2022 19:44:17 GMT
Connection: keep-alive
gdmtrck.com/?a=117567&c=277231&s1=&s2=lbtjt63222f02000f29fd&s3=&s4=&s5=&s6=
302 Found 354 B URL HTTP/2 gdmtrck.com/?a=117567&c=277231&s1=&s2=lbtjt63222f02000f29fd&s3=&s4=&s5=&s6=
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 88ce65bfc793f84da1cc69e6136d37a0
dcb9b8b3737242762f15b90ca3afe71865c89fbb
11ed075032ea5495d5722fc191f2ab2b35b7bafcb74d9d61a209db5befd89314
GET /?a=117567&c=277231&s1=&s2=lbtjt63222f02000f29fd&s3=&s4=&s5=&s6= HTTP/1.1
Host: gdmtrck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://oxbkp.track4ref.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Wed, 14 Sep 2022 19:44:16 GMT
content-type: text/html;charset=ISO-8859-1
location: https://www.jetzt-dabei-sein.com/de,flexfancy,zooloo_910.html?idPartner=85&idCampaignAd=0&subId=117567&subIdentifier=1096bc30fd724ab897dfa118255bdefae3d8&aps=&aps2=&rlmset=edeka_de
server: nginx
set-cookie: gdm_click_freq_v1_1_001=MOu8d2ETmEl8b0r21iUfyxCQRycKDroKMb/VavnwjxN43G/L5KRc1NXuZxmlGAwO; Domain=.gdmtrck.com; Expires=Tue, 13-Dec-2022 19:44:16 GMT; Path=/
gdm_uid_v2_1_001=wSfk82yghEJWfv6boy7a3J+IQ4IWMOvoYuU7n1Rw0aD5pNpwgsJdr8ffkS3S6EyP; Domain=.gdmtrck.com; Expires=Tue, 13-Dec-2022 19:44:16 GMT; Path=/; Secure; SameSite=None
gdm_suid_v1_1_001=HPfHs3OFxkaNOwO68jCjbQ==; Domain=.gdmtrck.com; Expires=Tue, 13-Dec-2022 19:44:16 GMT; Path=/
gdm_uid_v1_1_001=wSfk82yghEJWfv6boy7a3J+IQ4IWMOvoYuU7n1Rw0aD5pNpwgsJdr8ffkS3S6EyP; Domain=.gdmtrck.com; Expires=Tue, 13-Dec-2022 19:44:16 GMT; Path=/
gdm_suid_v2_1_001=HPfHs3OFxkaNOwO68jCjbQ==; Domain=.gdmtrck.com; Expires=Tue, 13-Dec-2022 19:44:16 GMT; Path=/; Secure; SameSite=None
gdm_click_adv_freq_v1_1_001=fLD5x/On/zUg7UtwirCWoMxnRD83ynI1pc8FMeLkxY+sg+DfyQ/Dh/0eFbYLRJeS; Domain=.gdmtrck.com; Expires=Tue, 13-Dec-2022 19:44:16 GMT; Path=/
gdm_sid_v2_3_001=q5+KCxyrLm60bMQ7mU5Q0np+nmLr2ecgzM3Zd5hygUbgAYnJ6F07xJGHU46s5QnqURgWhKelQ2JlQKnALM4m6txhS2ne6Z4WeiQx/lUC1zeGxSS+M20pXNwFCEc9RMa+YcsRJXhUcCM+oicIK62GPgpcLshEfWRRdNev6Kl1Fry8LZOJcUH8gp6chuUfJ5jDL6IC7uF8BDWKh1lCoYSkpLeefu9SbXc45NDQQVQljVD31/lHtRsRR/MQiNnBu6wZr8tnv+jvANEwsviuJTMTm0KH+AWJlhiXWsl/i/zO7YvQj6F8RydaW9R/0V70zMiqoAWkX1PTy0qD24EyxqHczQjya0X6KV4pTWYF7qxPHT5d9Hv0o+4Mf0uSu3ligdLqSjTgnBxUy0KEXTi4wLbcaQDD52HtIGZ9/A97gkwnSq7VVE/477ao8JSmo+KgPEozXglUNw27pCkfqKMRBKbcauoGNtDTijg0W2nNHJtERVWGtcOM2AuTVjqWCyDxisfghZXHbKGChUxlYyRHP8axSocBueoucMKRUY3t8pdbZFZ8oXlGL/LuKXUOD7jtE1rCpe/pSFsHuIGcAYL3sjEGE1mTU2IFY9M19sk4MW0oofO6ceS2p68FcR1uUNPGnnAjAYbgXzlu8K7sKS6pLoKi+dZt7oDgbzNL9z8qY+S4jDgR2e19ImAROw/KwWI695RVbJmuz6UWVDjZSN7yGx2WShV1/FAPNtl+PceuqDlNWkY7IuIYzSioxtnS+J4Z3aq8j+EsICl+Pp8WM2Vxhivs3zP2buuu5F2YBOlS5wdOOUmoq4wtv5tSXNTxxoZvtVEQPrskIrhZa4RQF4bTb2BN3uP2i4tgcXR1KG30lRCma6+QWc79S+mcpXb00UGq2yBilv6kXvBuyWL7y9OmT5zexqXqVz31qYRCT+ZmdlVpkxn9VL0qEFR/yi6/NlO8WzmMXkER5bMe2Ifff/+GeDh9deSmwRO8/b8l4R9NUF5XG12b9k+ZARcc9ngIjwPbFxO/6kPFhfxUVYvV2i16WS7vekpPA12eD9LFm/ARyhk6EXE=; Domain=.gdmtrck.com; Expires=Tue, 13-Dec-2022 19:44:16 GMT; Path=/; Secure; SameSite=None
gdm_sid_v1_3_001=q5+KCxyrLm60bMQ7mU5Q0np+nmLr2ecgzM3Zd5hygUbgAYnJ6F07xJGHU46s5QnqURgWhKelQ2JlQKnALM4m6txhS2ne6Z4WeiQx/lUC1zeGxSS+M20pXNwFCEc9RMa+YcsRJXhUcCM+oicIK62GPgpcLshEfWRRdNev6Kl1Fry8LZOJcUH8gp6chuUfJ5jDL6IC7uF8BDWKh1lCoYSkpLeefu9SbXc45NDQQVQljVD31/lHtRsRR/MQiNnBu6wZr8tnv+jvANEwsviuJTMTm0KH+AWJlhiXWsl/i/zO7YvQj6F8RydaW9R/0V70zMiqoAWkX1PTy0qD24EyxqHczQjya0X6KV4pTWYF7qxPHT5d9Hv0o+4Mf0uSu3ligdLqSjTgnBxUy0KEXTi4wLbcaQDD52HtIGZ9/A97gkwnSq7VVE/477ao8JSmo+KgPEozXglUNw27pCkfqKMRBKbcauoGNtDTijg0W2nNHJtERVWGtcOM2AuTVjqWCyDxisfghZXHbKGChUxlYyRHP8axSocBueoucMKRUY3t8pdbZFZ8oXlGL/LuKXUOD7jtE1rCpe/pSFsHuIGcAYL3sjEGE1mTU2IFY9M19sk4MW0oofO6ceS2p68FcR1uUNPGnnAjAYbgXzlu8K7sKS6pLoKi+dZt7oDgbzNL9z8qY+S4jDgR2e19ImAROw/KwWI695RVbJmuz6UWVDjZSN7yGx2WShV1/FAPNtl+PceuqDlNWkY7IuIYzSioxtnS+J4Z3aq8j+EsICl+Pp8WM2Vxhivs3zP2buuu5F2YBOlS5wdOOUmoq4wtv5tSXNTxxoZvtVEQPrskIrhZa4RQF4bTb2BN3uP2i4tgcXR1KG30lRCma6+QWc79S+mcpXb00UGq2yBilv6kXvBuyWL7y9OmT5zexqXqVz31qYRCT+ZmdlVpkxn9VL0qEFR/yi6/NlO8WzmMXkER5bMe2Ifff/+GeDh9deSmwRO8/b8l4R9NUF5XG12b9k+ZARcc9ngIjwPbFxO/6kPFhfxUVYvV2i16WS7vekpPA12eD9LFm/ARyhk6EXE=; Domain=.gdmtrck.com; Expires=Tue, 13-Dec-2022 19:44:16 GMT; Path=/
gdm_click_adv_freq_v2_1_001=fLD5x/On/zUg7UtwirCWoMxnRD83ynI1pc8FMeLkxY+sg+DfyQ/Dh/0eFbYLRJeS; Domain=.gdmtrck.com; Expires=Tue, 13-Dec-2022 19:44:16 GMT; Path=/; Secure; SameSite=None
gdm_click_freq_v2_1_001=MOu8d2ETmEl8b0r21iUfyxCQRycKDroKMb/VavnwjxN43G/L5KRc1NXuZxmlGAwO; Domain=.gdmtrck.com; Expires=Tue, 13-Dec-2022 19:44:16 GMT; Path=/; Secure; SameSite=None
content-language: en-US
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,X-Auth,Pasha-Jlob
X-Firefox-Spdy: h2
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Ap68F/BEjfy5AgiGjTe9Bg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 3WlycAp9NGFs8wDbrmoaYhNCqbg=
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 28de2610d02fcbf2cd177024482bb266
7261f9113fcc83b47ef71a8f46bc861792cc92ed
bb3acf8cdfd8cf5c699ea981ca44b10ef01101f3983a807df17871d5bd79d179
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BB3ACF8CDFD8CF5C699EA981CA44B10EF01101F3983A807DF17871D5BD79D179"
Last-Modified: Wed, 14 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3265
Expires: Wed, 14 Sep 2022 20:38:42 GMT
Date: Wed, 14 Sep 2022 19:44:17 GMT
Connection: keep-alive
mubayiro.de/campaign_1173.html?coyoteAffiliTokenId=441962330&aps=&aps2=&rlmset=edeka_de&
200 OK 16 kB URL HTTP/2 mubayiro.de/campaign_1173.html?coyoteAffiliTokenId=441962330&aps=&aps2=&rlmset=edeka_de&
IP
ASN #29141 Bradler & Krantz GmbH & Co. KG
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1905), with CRLF, LF line terminators
Hash 5a0f441603a974a7c41cd621fc823677
f480f66e3f14f925f760c6ec50c4147e170fbd18
e3bd3d78903c4d5854eb53d1e84c33366e36c4879886a6d5cbbcc129323624a9
GET /campaign_1173.html?coyoteAffiliTokenId=441962330&aps=&aps2=&rlmset=edeka_de& HTTP/1.1
Host: mubayiro.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://oxbkp.track4ref.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=qvp4egnm99ha9ohnfrg8qm9tpn; path=/
coyoteAffiliTokenId1173=441962330; expires=Wed, 14-Sep-2022 23:44:17 GMT; Max-Age=14400; path=/
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 16199
content-type: text/html; charset=UTF-8
date: Wed, 14 Sep 2022 19:44:17 GMT
server: Apache
X-Firefox-Spdy: h2
p2e9r4n9.stackpathcdn.com/__pbaseruv.min.js?ak=4419fb3582f78f4682e1fa79b67675582c6f9ece&dg=0&ci=1&gv=5&s1=85&s2=117567&s3=1173&s4=1096bc30fd724ab897dfa118255bdefae3d8&s5=edeka_de&s6=S6MACRO&s7=S7MACRO&s8=S8MACRO&s9=S9MACRO&s10=S10MACRO&s11=S11MACRO&s12=S12MACRO&s13=S13MACRO&s14=S14MACRO&s15=S15MACRO&s16=S16MACRO&s17=S17MACRO&s18=S18MACRO&s19=S19MACRO&s20=441962330
200 OK 7.0 kB URL HTTP/2 p2e9r4n9.stackpathcdn.com/__pbaseruv.min.js?ak=4419fb3582f78f4682e1fa79b67675582c6f9ece&dg=0&ci=1&gv=5&s1=85&s2=117567&s3=1173&s4=1096bc30fd724ab897dfa118255bdefae3d8&s5=edeka_de&s6=S6MACRO&s7=S7MACRO&s8=S8MACRO&s9=S9MACRO&s10=S10MACRO&s11=S11MACRO&s12=S12MACRO&s13=S13MACRO&s14=S14MACRO&s15=S15MACRO&s16=S16MACRO&s17=S17MACRO&s18=S18MACRO&s19=S19MACRO&s20=441962330
IP
File type ASCII text, with very long lines (21540)
Hash e80a23fefb099374167ad1009fea9745
8ff88527ec5a8381a5c2cc484f3b3610bcdb12b2
5c8ee1f58cbc23e451fb02bc780d8f9ac292340047093b3f90e4404f325d4e83
GET /__pbaseruv.min.js?ak=4419fb3582f78f4682e1fa79b67675582c6f9ece&dg=0&ci=1&gv=5&s1=85&s2=117567&s3=1173&s4=1096bc30fd724ab897dfa118255bdefae3d8&s5=edeka_de&s6=S6MACRO&s7=S7MACRO&s8=S8MACRO&s9=S9MACRO&s10=S10MACRO&s11=S11MACRO&s12=S12MACRO&s13=S13MACRO&s14=S14MACRO&s15=S15MACRO&s16=S16MACRO&s17=S17MACRO&s18=S18MACRO&s19=S19MACRO&s20=441962330 HTTP/1.1
Host: p2e9r4n9.stackpathcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mubayiro.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 14 Sep 2022 19:44:17 GMT
content-encoding: gzip
content-length: 6950
content-type: application/javascript
last-modified: Wed, 06 Apr 2022 08:52:13 GMT
accept-ranges: bytes
server: Apache/2.4.41 (Ubuntu)
etag: "5425-5dbf87a489dee-gzip"
access-control-allow-credentials: true
cache-control: max-age=84600, public
x-hw: 1663184657.cds246.sk1.hn,1663184657.cds257.sk1.c
access-control-allow-origin: *
X-Firefox-Spdy: h2
rlmgws-data.s3-accelerate.amazonaws.com/flexfancy/css/balloon.min.css
200 OK 5.5 kB URL HTTP/1.1 rlmgws-data.s3-accelerate.amazonaws.com/flexfancy/css/balloon.min.css
IP
File type ASCII text, with very long lines (5489), with no line terminators
Hash acd37f0b3be30c6cefff2ed8117e5938
8f90458381edc16cd7b506f6025a75632d6b3355
4122f214f47bf170342826a86092121db1a8ac7cb3c0f899a1ede8b6b96f27c8
GET /flexfancy/css/balloon.min.css HTTP/1.1
Host: rlmgws-data.s3-accelerate.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mubayiro.de/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 5489
Connection: keep-alive
x-amz-id-2: sbqgPISWvjs6jSPgmi0cpPuPYAh4NmuM9sv77qPQYR7X9C98yj3RsFGiMZBZQjgw2+a4x53lQnI=
x-amz-request-id: W6CB1DWGJ0HDP1HC
Date: Wed, 14 Sep 2022 19:44:18 GMT
Last-Modified: Wed, 14 Feb 2018 10:07:16 GMT
ETag: "acd37f0b3be30c6cefff2ed8117e5938"
Accept-Ranges: bytes
Server: AmazonS3
X-Cache: Miss from cloudfront
Via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: bG2ypQXd1_yP3ASSm5Tjkg7i8hdQyihj3kD_9NvbRiltOP4aKE7KDA==
rlmgws-data.s3-accelerate.amazonaws.com/flexfancy/css/style_new_zooloo.css
200 OK 100 kB URL HTTP/1.1 rlmgws-data.s3-accelerate.amazonaws.com/flexfancy/css/style_new_zooloo.css
IP
File type ASCII text, with CRLF line terminators
Size 100 kB (100325 bytes)
Hash 002078d5f7871ae2b9dfeb5db18658cc
ff67bfe129251afa21835d704bf836e982fbc611
08ab1e439175d1b1b24c0749dbb7dda57780b2dd4898357b06bde37c1075e507
GET /flexfancy/css/style_new_zooloo.css HTTP/1.1
Host: rlmgws-data.s3-accelerate.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mubayiro.de/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 100325
Connection: keep-alive
x-amz-id-2: xhAZpMP9w1vh8AWAoWRMkj7g7gebF2ZzzH7jji/053TGV+V0a37Hyl0qXdxcwfIUd/ykuC7lclg=
x-amz-request-id: W6C5N639WTN51MNY
Date: Wed, 14 Sep 2022 19:44:18 GMT
Last-Modified: Tue, 21 Jun 2022 07:42:30 GMT
ETag: "002078d5f7871ae2b9dfeb5db18658cc"
Accept-Ranges: bytes
Server: AmazonS3
X-Cache: Miss from cloudfront
Via: 1.1 9037b7743a833da13439f0d4e2619b52.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: FN46LenW5GGb_Op8bDzAxQZ9hI5tU4leshzJ_tq41yNFNl_CEbMltA==
rlmgws-data.s3-accelerate.amazonaws.com/flexfancy/css/spinner.css
200 OK 1.3 kB URL HTTP/1.1 rlmgws-data.s3-accelerate.amazonaws.com/flexfancy/css/spinner.css
IP
File type ASCII text, with CRLF line terminators
Hash 308609aca6938598a1390b47ec576e97
0555f403b451b7806d3e0db2d0959a5d4aab4421
54f7c8623cf0f0cf760385a22a4a5d20db7b2e3dfaecaab38ddf25ace848b171
GET /flexfancy/css/spinner.css HTTP/1.1
Host: rlmgws-data.s3-accelerate.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mubayiro.de/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 1295
Connection: keep-alive
x-amz-id-2: moHhIPBV3psVi0feKFkSzfF3JysaI7Jr3f3PUS7QTE6D4noCeEdSua4SWLRlXJldtLPtPb3tVzU=
x-amz-request-id: W6C6XDQ8AEN86EVT
Date: Wed, 14 Sep 2022 19:44:18 GMT
Last-Modified: Wed, 14 Feb 2018 10:07:16 GMT
ETag: "308609aca6938598a1390b47ec576e97"
Accept-Ranges: bytes
Server: AmazonS3
X-Cache: Miss from cloudfront
Via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: EjJsuovMy3CyN5onO9yPIwRQcdy41-3RV9iAnzLLJDJqND2lznoykg==
rlmgws-data.s3-accelerate.amazonaws.com/flexfancy/lib/jquery-3.4.1.js
200 OK 280 kB URL HTTP/1.1 rlmgws-data.s3-accelerate.amazonaws.com/flexfancy/lib/jquery-3.4.1.js
IP
Size 280 kB (280364 bytes)
Hash 11c05eb286ed576526bf4543760785b9
7faa15a054093f3b5d674e63b6567c835a6fa217
5a93a88493aa32aab228bf4571c01207d3b42b0002409a454d404b4d8395bd55
GET /flexfancy/lib/jquery-3.4.1.js HTTP/1.1
Host: rlmgws-data.s3-accelerate.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mubayiro.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 280364
Connection: keep-alive
x-amz-id-2: CDTtlAa0StwIac7WAGXXDANfNd09bqVREIJaoIBo3r8++1ZRUUeclQeR0QUOY9FrRUHPtI08Y+c=
x-amz-request-id: W6C4NNXAJPS0CSX9
Date: Wed, 14 Sep 2022 19:44:18 GMT
Last-Modified: Wed, 28 Aug 2019 14:45:01 GMT
ETag: "11c05eb286ed576526bf4543760785b9"
Accept-Ranges: bytes
Server: AmazonS3
X-Cache: Miss from cloudfront
Via: 1.1 9037b7743a833da13439f0d4e2619b52.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: BPehb9NYX6rVBBC-SkKiI-MqoWkt6ViYtQJmgoNct8HJ-lCMlkiEog==
rlmgws-data.s3-accelerate.amazonaws.com/flexfancy/lib/md5.min.js
200 OK 3.8 kB URL HTTP/1.1 rlmgws-data.s3-accelerate.amazonaws.com/flexfancy/lib/md5.min.js
IP
File type ASCII text, with very long lines (3730), with CRLF line terminators
Hash d42ff83c2d527cdab773855cfe523561
c27927a82941ba972c140abf26ad82e04c32d86a
9265ea6ee06a36211ef80e33821b309020e5c40c972cf70a07f10577c0cce549
GET /flexfancy/lib/md5.min.js HTTP/1.1
Host: rlmgws-data.s3-accelerate.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mubayiro.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 3767
Connection: keep-alive
x-amz-id-2: ClihFWOHWMgSrAg7oMMRLOrJTzdeCGVmeMoZB6HMw5bazUBWlpXDQnO7pS9bLvccjh8MO6br42A=
x-amz-request-id: W6C9CB1Z4BD8PJXB
Date: Wed, 14 Sep 2022 19:44:18 GMT
Last-Modified: Tue, 08 Oct 2019 09:23:31 GMT
ETag: "d42ff83c2d527cdab773855cfe523561"
Accept-Ranges: bytes
Server: AmazonS3
X-Cache: Miss from cloudfront
Via: 1.1 fc5e625db631bc657fc73f189d53fa14.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: _qxV4PtpZSCe2opTm9eyEcO4_9MdPEQbfQPx1ISDLXb7KbLQ0cbL3A==
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 78f8bae58862d8be3437cfe9e927011d
fb01a9cfd346f2c9b7694276c72a76e213887b06
389d233aa4b3ea23315c9d6e8d72d96fb2f802e227d24199c788a5a89e96a19e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 14 Sep 2022 19:44:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 27d48b70b53ace201820d96f34da63e2
4cf76d8518554629eb4829de51231f30f71c1e13
8cf9653d8083ba67afd5c255ae7e912238868667969d4ff235274c397c686c33
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8CF9653D8083BA67AFD5C255AE7E912238868667969D4FF235274C397C686C33"
Last-Modified: Tue, 13 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11537
Expires: Wed, 14 Sep 2022 22:56:34 GMT
Date: Wed, 14 Sep 2022 19:44:17 GMT
Connection: keep-alive
rlmgws-data.s3-accelerate.amazonaws.com/flexfancy/scripts/logic_new.js
200 OK 244 kB URL HTTP/1.1 rlmgws-data.s3-accelerate.amazonaws.com/flexfancy/scripts/logic_new.js
IP
File type Unicode text, UTF-8 text, with CRLF line terminators
Size 244 kB (243655 bytes)
Hash 178895ed599f4d5da86f99a64da9006f
53a00797b498268ff1eecff3f42ce517ff9a2998
8a3a7b082a5c56c652258fadf200df538c7a020009af8153668262db468c1bae
GET /flexfancy/scripts/logic_new.js HTTP/1.1
Host: rlmgws-data.s3-accelerate.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mubayiro.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 243655
Connection: keep-alive
x-amz-id-2: dbqKSImUZQKwGmtwOSa5F/afi9PRIOboTqL2TF3liyVgt7dIjSsTwjV0Zi62E/us+D4kdmgUsX0=
x-amz-request-id: W6C4M4PWQVFXG9A5
Date: Wed, 14 Sep 2022 19:44:18 GMT
Last-Modified: Tue, 21 Jun 2022 07:42:49 GMT
ETag: "178895ed599f4d5da86f99a64da9006f"
Accept-Ranges: bytes
Server: AmazonS3
X-Cache: Miss from cloudfront
Via: 1.1 ab09332bca1a3bd382d2e408f65b98d2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: TISuCUwlIBSxPq4u9z54rvv-BEPGRoMSv4F-x3_BJ64grEA38uCoRw==
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
200 OK 7.4 kB URL HTTP/2 maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
IP
File type ASCII text, with very long lines (30837)
Hash 2a54faaa16335b9f46cd6c9bfa0892b2
cc91e267f385b97cba96e12f634a887abe83e406
3a7376e63fbfb2e2806c0f43125866c076d2ee2a03b5ff8d8ad45473f1736a2e
GET /font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mubayiro.de/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 14 Sep 2022 19:44:17 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: SE
cdn-edgestorageid: 722, 617
last-modified: Mon, 25 Jan 2021 22:04:55 GMT
cdn-cachedat: 2021-03-10 20:26:20
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-content-type-options: nosniff
cdn-requestid: 121d365db7a9aba3915641185d93b963
cdn-cache: HIT
cf-cache-status: HIT
age: 12495464
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 74ab9dceb86db50c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash a422d9adb7f66d43f55eb08809f46502
49c88b08b79a9b96af9e73cbf04cb8592dac6e2f
bc2a9d6d6ee4a708c862dc98e3db8b19c3e4c79a0f4e6629e37cb487e9b9fb9d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BC2A9D6D6EE4A708C862DC98E3DB8B19C3E4C79A0F4E6629E37CB487E9B9FB9D"
Last-Modified: Tue, 13 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20624
Expires: Thu, 15 Sep 2022 01:28:01 GMT
Date: Wed, 14 Sep 2022 19:44:17 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 5253cbba57a344ac6c518038d6e81c46
6b437246e3545a8daa42953ae3ac0608d5d73dc8
d003839c95526769219b41d0b9be9693c20f4de0598cd9ca2b13d9926fd694db
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D003839C95526769219B41D0B9BE9693C20F4DE0598CD9CA2B13D9926FD694DB"
Last-Modified: Tue, 13 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19179
Expires: Thu, 15 Sep 2022 01:03:56 GMT
Date: Wed, 14 Sep 2022 19:44:17 GMT
Connection: keep-alive
rltools.de/rlm_analytics/scripts/rlm_stat.js
200 OK 2.9 kB URL HTTP/2 rltools.de/rlm_analytics/scripts/rlm_stat.js
IP
ASN #34788 Neue Medien Muennich GmbH
Hash dfd976d3120feb955a33887381715e89
758c2c901227120d71567ca29fb6b6de57968328
8a91c4418d5d29b657fe8ab816ede18c6f0487315622ef0e030440398d0e3daf
GET /rlm_analytics/scripts/rlm_stat.js HTTP/1.1
Host: rltools.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mubayiro.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Tue, 21 Jul 2020 16:01:32 GMT
etag: "35fa-5aaf5bca2492e-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 2918
content-type: application/javascript
date: Wed, 14 Sep 2022 19:44:17 GMT
server: Apache
X-Firefox-Spdy: h2
www.rlcontrol.de/ftp/flexblocks/scripts/lib/moment.min.js
200 OK 17 kB URL HTTP/2 www.rlcontrol.de/ftp/flexblocks/scripts/lib/moment.min.js
IP
ASN #29141 Bradler & Krantz GmbH & Co. KG
File type ASCII text, with very long lines (51679), with no line terminators
Hash 174f71b5e532bbee86b7e51ed2d11a82
abbec602df1ebf647b88d18cbd1dd162d7f1f6ad
34084291d4c3f11af71b71f00c969a81380daa917e3e90ad1a08e836ced4e5f9
GET /ftp/flexblocks/scripts/lib/moment.min.js HTTP/1.1
Host: www.rlcontrol.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mubayiro.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Tue, 24 Jul 2018 14:05:29 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Fri, 14 Oct 2022 19:44:17 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 16804
content-type: application/javascript
date: Wed, 14 Sep 2022 19:44:17 GMT
server: Apache
X-Firefox-Spdy: h2
rlmgws-data.s3-accelerate.amazonaws.com/flexfancy/images/outer_slice_top.png
200 OK 136 B URL HTTP/1.1 rlmgws-data.s3-accelerate.amazonaws.com/flexfancy/images/outer_slice_top.png
IP
File type PNG image data, 1 x 15, 8-bit/color RGB, non-interlaced\012- data
Hash b3cd71c3db91f48dfd8b00d472022dc0
5cff683bc4fe66eba2d2328f3ef9f812b6c974f0
bf37f0c405389fda13867faa69cf36ffe1b8764f3e0460f2caade056a36d2483
GET /flexfancy/images/outer_slice_top.png HTTP/1.1
Host: rlmgws-data.s3-accelerate.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rlmgws-data.s3-accelerate.amazonaws.com/flexfancy/css/style_new_zooloo.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 136
Connection: keep-alive
x-amz-id-2: Lg9eH0dNLRmQleQeTPZVqUIqUMLWLK16OJ8S1HtNRcSrdIyKExgZIoPYtEj/VTb6G380HsutsZU=
x-amz-request-id: EY4CXK62ERM7CXJ6
Date: Wed, 14 Sep 2022 19:44:19 GMT
Last-Modified: Wed, 14 Feb 2018 10:07:18 GMT
ETag: "b3cd71c3db91f48dfd8b00d472022dc0"
Accept-Ranges: bytes
Server: AmazonS3
X-Cache: Miss from cloudfront
Via: 1.1 9037b7743a833da13439f0d4e2619b52.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: OkGmFCIv-Y5N9GeMSEj92YXu6_9gJ6yyR7uJ479q_8cJLaj-i9gQUw==
rlmgws-data.s3-accelerate.amazonaws.com/flexfancy/images/outer_slice_bottom.png
200 OK 143 B URL HTTP/1.1 rlmgws-data.s3-accelerate.amazonaws.com/flexfancy/images/outer_slice_bottom.png
IP
File type PNG image data, 1 x 33, 8-bit/color RGB, non-interlaced\012- data
Hash cdfb089c7a2ffb19106f0553ad115375
99f6ab0e088971a4d07a89f55a1d204e9164669a
c86ac9a90aafd6aa025eeb2d1d6de20c03df782ef151c9d2515b23407768f134
GET /flexfancy/images/outer_slice_bottom.png HTTP/1.1
Host: rlmgws-data.s3-accelerate.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rlmgws-data.s3-accelerate.amazonaws.com/flexfancy/css/style_new_zooloo.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 143
Connection: keep-alive
x-amz-id-2: b471VMvj1HN2QeRiRi84t7DDl3z/aBVK4GBLym1X5wuUSLhQGZp/uYdxiozOcreh+e8mPhxWGnY=
x-amz-request-id: EY4079H2NR2PXSAT
Date: Wed, 14 Sep 2022 19:44:19 GMT
Last-Modified: Wed, 14 Feb 2018 10:07:18 GMT
ETag: "cdfb089c7a2ffb19106f0553ad115375"
Accept-Ranges: bytes
Server: AmazonS3
X-Cache: Miss from cloudfront
Via: 1.1 ab09332bca1a3bd382d2e408f65b98d2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: kSGXxmI86i8DoNlUAhtwCkwRSAN3f5SmppCv1c92YIkSRcNjhmYjhQ==
rlmgws-data.s3-accelerate.amazonaws.com/flexfancy/fonts/Aileron-Bold.woff
200 OK 23 kB URL HTTP/1.1 rlmgws-data.s3-accelerate.amazonaws.com/flexfancy/fonts/Aileron-Bold.woff
IP
File type Web Open Font Format, TrueType, length 23108, version 1.0\012- data
Hash 317ed94a878c8d8ea413f51e575513f4
f1554d7cbd5c2937165c5b5f1c3028681264e2a5
ac249b9af121f1a9bf29b7c611b5986a5f1088da276a72a1e96b77fec1020aad
GET /flexfancy/fonts/Aileron-Bold.woff HTTP/1.1
Host: rlmgws-data.s3-accelerate.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mubayiro.de
Connection: keep-alive
Referer: https://rlmgws-data.s3-accelerate.amazonaws.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/font-woff
Content-Length: 23108
Connection: keep-alive
x-amz-id-2: Z63wj86ZKYs8/SV2okMxac0T68tA0c18/Iz6iu2OOk3b0xLTU2TzDWMciw40CoawqrnQ++pg894=
x-amz-request-id: EY413K98BJS79VC8
Date: Wed, 14 Sep 2022 19:44:19 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
Last-Modified: Wed, 14 Feb 2018 10:07:17 GMT
ETag: "317ed94a878c8d8ea413f51e575513f4"
Accept-Ranges: bytes
Server: AmazonS3
X-Cache: Miss from cloudfront
Via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 2UmbWmS1FLe5x5UpyuUYrgMrBITBRLk_vwNL8dcZEIx0wkXftKEPGw==
rlmgws-data.s3-accelerate.amazonaws.com/flexfancy/fonts/Aileron-Regular.woff
200 OK 22 kB URL HTTP/1.1 rlmgws-data.s3-accelerate.amazonaws.com/flexfancy/fonts/Aileron-Regular.woff
IP
File type Web Open Font Format, TrueType, length 21776, version 1.0\012- data
Hash 4309f5e6504ab4404a1c909a5ef8457f
5f207e040e0244ba5fcbf7d4d9340e5833b849e1
6d6ec731c7579bb3420bdd0ec8ac80682ac44b1fbe1ffa8429b736e644f2be69
GET /flexfancy/fonts/Aileron-Regular.woff HTTP/1.1
Host: rlmgws-data.s3-accelerate.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mubayiro.de
Connection: keep-alive
Referer: https://rlmgws-data.s3-accelerate.amazonaws.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/font-woff
Content-Length: 21776
Connection: keep-alive
x-amz-id-2: 3m1zRAGXOejLKv+dysbk53MNnoLk6pHNP4yFgOE9KjH3x9kdDGjBSH+Gn2RF7Qp8QY62k1h80Ic=
x-amz-request-id: EY44WKK6GMTPC1BC
Date: Wed, 14 Sep 2022 19:44:19 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
Last-Modified: Wed, 14 Feb 2018 10:07:17 GMT
ETag: "4309f5e6504ab4404a1c909a5ef8457f"
Accept-Ranges: bytes
Server: AmazonS3
X-Cache: Miss from cloudfront
Via: 1.1 b2b04ca80b95df6bc86478a1bf96b7cc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: c2yr33HnDI-whACs-lnWtyf0TNu4pVfiDeKI3mHzrdUHNGAf5t_I4A==
rlmgws-data.s3-accelerate.amazonaws.com/flexfancy/fonts/Candal.woff
200 OK 25 kB URL HTTP/1.1 rlmgws-data.s3-accelerate.amazonaws.com/flexfancy/fonts/Candal.woff
IP
File type Web Open Font Format, TrueType, length 25000, version 1.0\012- data
Hash e29c6ae99d1f2dc8d6a607b46c082b74
9fe5da34238024f299a42910d7ef9882576bf7e3
80a2aa3ffeb789ffaa34b6a0b738e7baed24396c4656dd1224c8c0ba0f4ddf84
GET /flexfancy/fonts/Candal.woff HTTP/1.1
Host: rlmgws-data.s3-accelerate.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mubayiro.de
Connection: keep-alive
Referer: https://rlmgws-data.s3-accelerate.amazonaws.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/font-woff
Content-Length: 25000
Connection: keep-alive
x-amz-id-2: XoaSYrnBoQCBc5ZvlOXodVfeb7/SUvHu8zp4cpB32a5ix9eAV2ePM1YFO2Elrmw0VIEAmbULugc=
x-amz-request-id: EY4BE97F6WA2W254
Date: Wed, 14 Sep 2022 19:44:19 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
Last-Modified: Wed, 14 Feb 2018 10:07:18 GMT
ETag: "e29c6ae99d1f2dc8d6a607b46c082b74"
Accept-Ranges: bytes
Server: AmazonS3
X-Cache: Miss from cloudfront
Via: 1.1 ab09332bca1a3bd382d2e408f65b98d2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: cRTuTEYIIwwstK_t8ejAfDlvWn_zKEJnFg41aQmhgIbclShJqD-CtA==
mubayiro.de/ftp/flexfancy/services/resource.php?rlmset=edeka_de
200 OK 583 B URL HTTP/2 mubayiro.de/ftp/flexfancy/services/resource.php?rlmset=edeka_de
IP
ASN #29141 Bradler & Krantz GmbH & Co. KG
File type JSON data\012- , ASCII text, with very long lines (1176), with no line terminators
Hash a08f2313a50e6257424f095b7c22632a
354cb33fd4ee18bb21ea114960ab89ac5a04b0c6
daf346c3e567c0f8e4935e1db6eeca8ba7c5327c99e74ab968f15394ea0ecd85
GET /ftp/flexfancy/services/resource.php?rlmset=edeka_de HTTP/1.1
Host: mubayiro.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://mubayiro.de/campaign_1173.html?coyoteAffiliTokenId=441962330&aps=&aps2=&rlmset=edeka_de&
Cookie: PHPSESSID=qvp4egnm99ha9ohnfrg8qm9tpn; coyoteAffiliTokenId1173=441962330
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 583
content-type: application/json; charset=utf-8
date: Wed, 14 Sep 2022 19:44:18 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash ec009efbe188abd3fc0f3551eea9f059
cc42f024cd308ef7dd94cef96616d4f38eb9ea92
20d7ee2a5613ecaa92ec42ca7fc9161e60d08963cd854671d54e83101cf35480
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 14 Sep 2022 19:44:18 GMT
Last-Modified: Wed, 14 Sep 2022 18:25:20 GMT
Server: ECS (nyb/1D2F)
X-Cache: Miss from cloudfront
Via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: PDJFS1Zvdl8kXhwpNvQzVWNZXJgogSf4OYYmdFRAlPOH8bM--Z3Dng==
Age: 4738
mubayiro.de/service-worker.js
200 OK 172 B URL HTTP/2 mubayiro.de/service-worker.js
IP
ASN #29141 Bradler & Krantz GmbH & Co. KG
File type ASCII text, with CRLF line terminators
Hash 9ac9d7b3b0017e5e9febf761c449b15c
c700c119d8d0f87e21777b6e7e1fe471ea820be0
460c9c03a91f7fb3c3ab7ab86fc015f1b691cbbcb35ced6bbbeedab8d71f05f1
Analyzer Verdict Alert fortinet Phishing
GET /service-worker.js HTTP/1.1
Host: mubayiro.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: PHPSESSID=qvp4egnm99ha9ohnfrg8qm9tpn; coyoteAffiliTokenId1173=441962330
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 31 Mar 2022 12:59:56 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Fri, 14 Oct 2022 19:44:18 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 172
content-type: application/javascript
date: Wed, 14 Sep 2022 19:44:18 GMT
server: Apache
X-Firefox-Spdy: h2
rlmgws-data.s3.eu-central-1.amazonaws.com/flexfancy/images/extra/gratis_teilnahme/hinweis.png
200 OK 14 kB URL HTTP/1.1 rlmgws-data.s3.eu-central-1.amazonaws.com/flexfancy/images/extra/gratis_teilnahme/hinweis.png
IP
File type PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced\012- data
Hash 3b9545828b1e7d248235f80fa36612f3
1110613fd01a1773609d573b457b8c22b2d92d3d
fd377e3b6033fd2a541887ad00bd9a47be285fa449acf0530b825e4d16c86590
GET /flexfancy/images/extra/gratis_teilnahme/hinweis.png HTTP/1.1
Host: rlmgws-data.s3.eu-central-1.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rlmgws-data.s3-accelerate.amazonaws.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: x5lA3vzx0Rv3EoD5ezIzzb18n19K3IdUL8UGohNuuzAoucV4LqXK1a83QEYdWmCxYQhj08eiOW4=
x-amz-request-id: EY4CRPBAYWRJJBWZ
Date: Wed, 14 Sep 2022 19:44:19 GMT
Last-Modified: Wed, 28 Apr 2021 15:32:23 GMT
ETag: "3b9545828b1e7d248235f80fa36612f3"
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 14484
rlmgws-data.s3.eu-central-1.amazonaws.com/flexfancy/images/gui/confirm_dialog/confirm_checkbox.png
200 OK 2.1 kB URL HTTP/1.1 rlmgws-data.s3.eu-central-1.amazonaws.com/flexfancy/images/gui/confirm_dialog/confirm_checkbox.png
IP
File type PNG image data, 48 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash 1c3fedffbaae77cc20853e7d81115d51
f5fd9e59601190beadcf47b5a72e2a5254ef6878
6367228c6b2de1a5b23965e5bdda939f782e9f36249dc8f3b58f920dd88d8ddf
GET /flexfancy/images/gui/confirm_dialog/confirm_checkbox.png HTTP/1.1
Host: rlmgws-data.s3.eu-central-1.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mubayiro.de/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: 568S6hZxX5s/x8J1e6JJ3jeFstgdpzS6ZQtx9UqaKoE54YCFwTGzG9R60JoK8v1y9Eky/4Z8v3A=
x-amz-request-id: EY41RM6EDMYP8HRV
Date: Wed, 14 Sep 2022 19:44:19 GMT
Last-Modified: Tue, 18 May 2021 07:57:50 GMT
ETag: "1c3fedffbaae77cc20853e7d81115d51"
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 2118
rlmgws-data.s3-accelerate.amazonaws.com/flexfancy/fonts/Aileron-Heavy.woff
200 OK 23 kB URL HTTP/1.1 rlmgws-data.s3-accelerate.amazonaws.com/flexfancy/fonts/Aileron-Heavy.woff
IP
File type Web Open Font Format, TrueType, length 23280, version 1.0\012- data
Hash 977a8badf138ba0183b618103fbea86a
5082997a0716920ac661563638bede0d529f4940
67bb015ac96fd86bc355f22829c7c4e7ed5c288176c2ec013c356eef07b1ae87
GET /flexfancy/fonts/Aileron-Heavy.woff HTTP/1.1
Host: rlmgws-data.s3-accelerate.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mubayiro.de
Connection: keep-alive
Referer: https://rlmgws-data.s3-accelerate.amazonaws.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/font-woff
Content-Length: 23280
Connection: keep-alive
x-amz-id-2: LHt0cKvAzD7Lcp1gzDlXWYgER671u0aNnGFZPaTW2ea3ZeYbaVyKyjxLNFvjs3BK/BXPdTbMZxc=
x-amz-request-id: EY47WV345MPK0RJW
Date: Wed, 14 Sep 2022 19:44:19 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
Last-Modified: Wed, 14 Feb 2018 10:07:17 GMT
ETag: "977a8badf138ba0183b618103fbea86a"
Accept-Ranges: bytes
Server: AmazonS3
X-Cache: Miss from cloudfront
Via: 1.1 ab09332bca1a3bd382d2e408f65b98d2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: FYWPeptExbojEUEToMi5DIQMQMkjo1oUxvVd5V7Ax2u06ePBcyEScg==
cleanleadsonly.com/h/4835109d48c9e17ffe?url=https%3A%2F%2Fmubayiro.de%2Fcampaign_1173.html%3FcoyoteAffiliTokenId%3D441962330%26aps%3D%26aps2%3D%26rlmset%3Dedeka_de%26&response-opticks-version=v3&_t0=1663184643602&_t1=1663184643898&_t2=1663184643898&_optG8Vhq4mfGplP=23fb8f62&_m=1uc&coyoteAffiliTokenId=441962330&aps=&aps2=&rlmset=edeka_de&external_id=441962330&var1=85&subpublisher_id=117567&var2=1096bc30fd724ab897dfa118255bdefae3d8&var3=edeka_de&version=v3
200 OK 719 B URL HTTP/1.1 cleanleadsonly.com/h/4835109d48c9e17ffe?url=https%3A%2F%2Fmubayiro.de%2Fcampaign_1173.html%3FcoyoteAffiliTokenId%3D441962330%26aps%3D%26aps2%3D%26rlmset%3Dedeka_de%26&response-opticks-version=v3&_t0=1663184643602&_t1=1663184643898&_t2=1663184643898&_optG8Vhq4mfGplP=23fb8f62&_m=1uc&coyoteAffiliTokenId=441962330&aps=&aps2=&rlmset=edeka_de&external_id=441962330&var1=85&subpublisher_id=117567&var2=1096bc30fd724ab897dfa118255bdefae3d8&var3=edeka_de&version=v3
IP
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (719), with no line terminators
Hash 657b4388b5440be41c5d4e8e48827426
4ca25e03fb4da0eebdbf39f9e0ced0a845f0ef98
40be0391b30330875b3d235bc7a782bab44615be349438991afc31b992452613
POST /h/4835109d48c9e17ffe?url=https%3A%2F%2Fmubayiro.de%2Fcampaign_1173.html%3FcoyoteAffiliTokenId%3D441962330%26aps%3D%26aps2%3D%26rlmset%3Dedeka_de%26&response-opticks-version=v3&_t0=1663184643602&_t1=1663184643898&_t2=1663184643898&_optG8Vhq4mfGplP=23fb8f62&_m=1uc&coyoteAffiliTokenId=441962330&aps=&aps2=&rlmset=edeka_de&external_id=441962330&var1=85&subpublisher_id=117567&var2=1096bc30fd724ab897dfa118255bdefae3d8&var3=edeka_de&version=v3 HTTP/1.1
Host: cleanleadsonly.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1949
Origin: https://mubayiro.de
Connection: keep-alive
Referer: https://mubayiro.de/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 14 Sep 2022 19:44:18 GMT
Cache-Control: private, max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Access-Control-Allow-Origin: *
Content-Type: application/json
Vary: Accept-Encoding, User-Agent
Content-Length: 719
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash fe792a43fbfd72d158215bb5fa087c19
5b28cebdebfdd33871fa4982f39a89f5ce3cbf99
ec9ddd9d47e4cd14bd7471042ce3060c1d119038dac5d1f02a4040c617228b0d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EC9DDD9D47E4CD14BD7471042CE3060C1D119038DAC5D1F02A4040C617228B0D"
Last-Modified: Mon, 12 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5677
Expires: Wed, 14 Sep 2022 21:18:55 GMT
Date: Wed, 14 Sep 2022 19:44:18 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash fe792a43fbfd72d158215bb5fa087c19
5b28cebdebfdd33871fa4982f39a89f5ce3cbf99
ec9ddd9d47e4cd14bd7471042ce3060c1d119038dac5d1f02a4040c617228b0d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EC9DDD9D47E4CD14BD7471042CE3060C1D119038DAC5D1F02A4040C617228B0D"
Last-Modified: Mon, 12 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5677
Expires: Wed, 14 Sep 2022 21:18:55 GMT
Date: Wed, 14 Sep 2022 19:44:18 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash fe792a43fbfd72d158215bb5fa087c19
5b28cebdebfdd33871fa4982f39a89f5ce3cbf99
ec9ddd9d47e4cd14bd7471042ce3060c1d119038dac5d1f02a4040c617228b0d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EC9DDD9D47E4CD14BD7471042CE3060C1D119038DAC5D1F02A4040C617228B0D"
Last-Modified: Mon, 12 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5677
Expires: Wed, 14 Sep 2022 21:18:55 GMT
Date: Wed, 14 Sep 2022 19:44:18 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash fe792a43fbfd72d158215bb5fa087c19
5b28cebdebfdd33871fa4982f39a89f5ce3cbf99
ec9ddd9d47e4cd14bd7471042ce3060c1d119038dac5d1f02a4040c617228b0d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EC9DDD9D47E4CD14BD7471042CE3060C1D119038DAC5D1F02A4040C617228B0D"
Last-Modified: Mon, 12 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5677
Expires: Wed, 14 Sep 2022 21:18:55 GMT
Date: Wed, 14 Sep 2022 19:44:18 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash fe792a43fbfd72d158215bb5fa087c19
5b28cebdebfdd33871fa4982f39a89f5ce3cbf99
ec9ddd9d47e4cd14bd7471042ce3060c1d119038dac5d1f02a4040c617228b0d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EC9DDD9D47E4CD14BD7471042CE3060C1D119038DAC5D1F02A4040C617228B0D"
Last-Modified: Mon, 12 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5677
Expires: Wed, 14 Sep 2022 21:18:55 GMT
Date: Wed, 14 Sep 2022 19:44:18 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F77296a12-991a-4ab6-9ce0-05b3a82d6664.jpeg
200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F77296a12-991a-4ab6-9ce0-05b3a82d6664.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8c1314c7778ea0d32e8c69dae0c38b6d
c4772b9b182f9f905fead84f3761fe296073ca65
5fc8dc23f9b4d150b834aa69b358edd9f9f5f449607df07d579df66098d8aac6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F77296a12-991a-4ab6-9ce0-05b3a82d6664.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10366
x-amzn-requestid: e4d41ba8-41c5-4350-bacb-850136434eaa
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YEw28GD7IAMFjCQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63182e92-4098031d1475d45f4899654b;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 05:39:30 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: BcQa5iNJlJ_rm50BT4O-rIEayxXyD0Jb5dUq_sUccIWfv12HfBec0g==
via: 1.1 7d01bcfcfe27ce0b8979cf621dd081de.cloudfront.net (CloudFront), 1.1 989017835f43d594873bde5a7ee7fe5e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 13 Sep 2022 22:40:56 GMT
age: 75802
etag: "c4772b9b182f9f905fead84f3761fe296073ca65"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
mubayiro.de/ftp/flexfancy/build/promotion/ImageEdeka500ohneBrand.png
200 OK 361 kB URL HTTP/2 mubayiro.de/ftp/flexfancy/build/promotion/ImageEdeka500ohneBrand.png
IP
ASN #29141 Bradler & Krantz GmbH & Co. KG
File type PNG image data, 600 x 400, 8-bit/color RGBA, non-interlaced\012- data
Size 361 kB (360846 bytes)
Hash b59e4d37cd7d95055fb4d03bc7200e3c
0bbe55ee5b8af9ebdbc6796722718e5d6cd0318f
a5825dc5152a35b91c26022625aa7b0a8cbfd286b2e4073b480b429d7ad7c5be
GET /ftp/flexfancy/build/promotion/ImageEdeka500ohneBrand.png HTTP/1.1
Host: mubayiro.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mubayiro.de/campaign_1173.html?coyoteAffiliTokenId=441962330&aps=&aps2=&rlmset=edeka_de&
Cookie: PHPSESSID=qvp4egnm99ha9ohnfrg8qm9tpn; coyoteAffiliTokenId1173=441962330
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 28 Apr 2021 09:51:03 GMT
accept-ranges: bytes
content-length: 360846
cache-control: max-age=2592000
expires: Fri, 14 Oct 2022 19:44:18 GMT
content-type: image/png
date: Wed, 14 Sep 2022 19:44:18 GMT
server: Apache
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F16b1b829-b672-479c-964a-2f636f65f91e.jpeg
200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F16b1b829-b672-479c-964a-2f636f65f91e.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash fef8234ab83f6f8f8b29665f592cbc9f
a3e706d6309e4a9d7b293f2b9255f1550ba5e9b7
569c8c9736026fc310e148d4d74081e96a86245baaa1f784280d44a1cbd25ed0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F16b1b829-b672-479c-964a-2f636f65f91e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 14151
x-amzn-requestid: d5bc9be4-af3a-40fd-bfc9-1ac4769d2d3c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yauv4GhboAMF2dA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6320f7ff-375df72d2d67582635b9e4ae;Sampled=0
x-amzn-remapped-date: Tue, 13 Sep 2022 21:37:03 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: CZRpgjU_AxNYoyeSTOwhJhONl2DS4pvCLJ62RgAFp0flw-kPz3GkpQ==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Tue, 13 Sep 2022 21:48:11 GMT
age: 78967
etag: "a3e706d6309e4a9d7b293f2b9255f1550ba5e9b7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8cb650f7-1b0f-4a3d-898f-97b846afe9db.jpeg
200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8cb650f7-1b0f-4a3d-898f-97b846afe9db.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0789404fdbe3613d465d8fa89a63d7b8
0617d2e513097ca415a1d07cd39b1cb64d832ecf
80e55e383f354113c3694bbcc00fd1c544a97079bd3c462f1b90e952c0634bac
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8cb650f7-1b0f-4a3d-898f-97b846afe9db.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10138
x-amzn-requestid: bdf798d9-6729-4363-a900-f32c4041d0c7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YU5qsGZ-oAMFQ1Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631ea311-7b146c0620a83d5c00446f87;Sampled=0
x-amzn-remapped-date: Mon, 12 Sep 2022 03:10:09 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: OM9K72ukk0cuyR1ZcV5xWXnEd8U9OgeQi7bkCe0Pzn3BfdLMvSdSXg==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 01147dcc35d57fc0238a3c1700c13f16.cloudfront.net (CloudFront), 1.1 google
date: Wed, 14 Sep 2022 03:02:44 GMT
age: 60094
etag: "0617d2e513097ca415a1d07cd39b1cb64d832ecf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff2b71bb0-fd92-43d0-8cd0-b426d0b88ee8.jpeg
200 OK 16 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff2b71bb0-fd92-43d0-8cd0-b426d0b88ee8.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 56811a1a20a467464e1f3da171ef8b14
366b2090d409d694b72b4b4131df46dd65d69c5a
4c208fb88884166adf4ecc5882f75948b4a87d85c76ad6e7137e8edbd125c996
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff2b71bb0-fd92-43d0-8cd0-b426d0b88ee8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 15547
x-amzn-requestid: a78f7d90-84c3-4198-88bf-1d722c37f09f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yauv4EUDoAMF13A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6320f7ff-49535e5525606250306488ba;Sampled=0
x-amzn-remapped-date: Tue, 13 Sep 2022 21:37:03 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: yP22CSG5x3BVfq29UMdw30TZcvuaL-kUDgjBZDUEMpRVDWqlZrCgdQ==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 01147dcc35d57fc0238a3c1700c13f16.cloudfront.net (CloudFront), 1.1 google
date: Tue, 13 Sep 2022 21:42:05 GMT
age: 79333
etag: "366b2090d409d694b72b4b4131df46dd65d69c5a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b4d822c-5153-4c55-bcb3-aa6ee72e3b62.jpeg
200 OK 6.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b4d822c-5153-4c55-bcb3-aa6ee72e3b62.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f2157f7cfbdeb607f28ae51eb090f2c3
33d0dcadaa42179b2eae914c8ad16c9c088afbc9
135cd89c2c82f0f5e53d2612d5eac868c175b28a567a07e63a2073942e36a066
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b4d822c-5153-4c55-bcb3-aa6ee72e3b62.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6078
x-amzn-requestid: e09c099f-5a2d-49d7-b6ab-e16f09c28bd0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YavJEEM5IAMFreQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6320f8a0-0fbb7b3d0cd6fbfa04f5a5d2;Sampled=0
x-amzn-remapped-date: Tue, 13 Sep 2022 21:39:44 GMT
x-amz-cf-pop: SEA73-P2, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: Ur-HTN2DS8b3ojSQldJOZi6YW2wtCwRfbGqxg49ZUJ_00hC_rFxYEw==
via: 1.1 9b21fd56256eda6d1379e32829c4c446.cloudfront.net (CloudFront), 1.1 5397b304713f6301c7c94ac084b6ed08.cloudfront.net (CloudFront), 1.1 google
date: Tue, 13 Sep 2022 21:51:32 GMT
age: 78766
etag: "33d0dcadaa42179b2eae914c8ad16c9c088afbc9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F34a3d36b-806f-4fea-a370-b26c1e8473d0.jpeg
200 OK 6.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F34a3d36b-806f-4fea-a370-b26c1e8473d0.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f5befd5bb8e6d5dad2465be69d5a33e4
e5b46c3ca439a09950290cada1af5e27cede10f2
4dc0a3373fb4c1830c4e2420dddbcbe8dceecf10e969cbe8d02368e41207832c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F34a3d36b-806f-4fea-a370-b26c1e8473d0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5988
x-amzn-requestid: a0d81c7a-14e3-443d-8fb7-19241f06d3c4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yaux0H77IAMF2_g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6320f80b-0fe6fbbe75e891b925f88dc2;Sampled=0
x-amzn-remapped-date: Tue, 13 Sep 2022 21:37:15 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 1X79jBMZa4UQmWsLdg_QIg5MQeersp1O3iSgpKd6R2f8Kl7PAJh0hQ==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 2f7934de1dfe281c3e4446892eab6462.cloudfront.net (CloudFront), 1.1 google
date: Tue, 13 Sep 2022 21:49:32 GMT
etag: "e5b46c3ca439a09950290cada1af5e27cede10f2"
content-type: image/jpeg
age: 78886
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
mubayiro.de/favicon.ico
200 OK 84 B IP
ASN #29141 Bradler & Krantz GmbH & Co. KG
File type MS Windows icon resource - 1 icon, 50x50, 32 bits/pixel\012- data
Hash 3f58b7b4a090d0afb6b738089e7e25ec
19bb030057cb00b6f0b33bed77c1007879bb6ef3
40dbfde76a354cfe446ea1b114bc30af0db7823e4b15b28a8c3a46f53af52322
GET /favicon.ico HTTP/1.1
Host: mubayiro.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mubayiro.de/campaign_1173.html?coyoteAffiliTokenId=441962330&aps=&aps2=&rlmset=edeka_de&
Cookie: PHPSESSID=qvp4egnm99ha9ohnfrg8qm9tpn; coyoteAffiliTokenId1173=441962330
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 21 Jun 2022 04:37:46 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Fri, 14 Oct 2022 19:44:18 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 84
content-type: image/x-icon
date: Wed, 14 Sep 2022 19:44:18 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash b7e665b6b70fa840ee6a1417da402132
658fa05afcf7752e8cb02979c28874efb0f4ddd8
9905cee109c441b937300b368ceccd186877a0923164bf3e1eb0971a2a224400
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 14 Sep 2022 19:44:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.gstatic.com/recaptcha/releases/g8G8cw32bNQPGUVoDvt680GA/recaptcha__en.js
200 OK 157 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/g8G8cw32bNQPGUVoDvt680GA/recaptcha__en.js
IP
File type ASCII text, with very long lines (539)
Size 157 kB (157166 bytes)
Hash 026df0dfed2314af108e700900288961
51c2a55bca7d65c549ef138d1294cac2aa98dd96
24eefc59f5d298ce40bdd33c8157ad14631984159fca8e5980037366c44c2b34
GET /recaptcha/releases/g8G8cw32bNQPGUVoDvt680GA/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mubayiro.de
Connection: keep-alive
Referer: https://mubayiro.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 157166
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 13 Sep 2022 17:23:20 GMT
expires: Wed, 13 Sep 2023 17:23:20 GMT
cache-control: public, max-age=31536000
age: 94858
last-modified: Tue, 06 Sep 2022 00:04:24 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash b7e665b6b70fa840ee6a1417da402132
658fa05afcf7752e8cb02979c28874efb0f4ddd8
9905cee109c441b937300b368ceccd186877a0923164bf3e1eb0971a2a224400
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 14 Sep 2022 19:44:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
event.trk-consulatu.com/register/event_log/zngxrmn8go
200 OK 0 B URL HTTP/2 event.trk-consulatu.com/register/event_log/zngxrmn8go
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /register/event_log/zngxrmn8go HTTP/1.1
Host: event.trk-consulatu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://mubayiro.de/
Origin: https://mubayiro.de
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 14 Sep 2022 19:44:18 GMT
content-length: 0
access-control-allow-headers: content-type
access-control-expose-headers: Authorization, Link, X-Total-Count
access-control-allow-origin: https://mubayiro.de
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-max-age: 1800
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZsOKtzrDSX88EGqRCTRkETKqwBw8lJBstOTcYcSJ9uwad6xY5oFUZsYJsuLbvbBN1ofKndy8O7KVKC%2BLOZftgrBRaJxmS9bgkbdSllTfhycNrkLxpt10soLBbICEOuRgqX8iRDbYggYgmA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74ab9dd54ba0755a-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
event.trk-consulatu.com/register/event_log/zngxrmn8go
200 OK 0 B URL HTTP/2 event.trk-consulatu.com/register/event_log/zngxrmn8go
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /register/event_log/zngxrmn8go HTTP/1.1
Host: event.trk-consulatu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://mubayiro.de/
Origin: https://mubayiro.de
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 14 Sep 2022 19:44:18 GMT
content-length: 0
access-control-allow-headers: content-type
access-control-expose-headers: Authorization, Link, X-Total-Count
access-control-allow-origin: https://mubayiro.de
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-max-age: 1800
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=71Y4n3brnmOZN%2Fx6c4BuZUVM%2FGQxc0r8%2F1FAHxE6gqNSQlKgz6hM5ntki8iRnTkhcJYadt7qsX4IfSwnCzmj1EhVFAFj6HAXtl30bdqwMT0nyA4HDlr6XRu9jvETC6YJ3r9rrgdH%2Bu0wTA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74ab9dd56bca755a-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
event.trk-consulatu.com/register/event_log/zngxrmn8go
200 OK 0 B URL HTTP/2 event.trk-consulatu.com/register/event_log/zngxrmn8go
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /register/event_log/zngxrmn8go HTTP/1.1
Host: event.trk-consulatu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mubayiro.de/
Content-type: application/json
Origin: https://mubayiro.de
Content-Length: 109
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 14 Sep 2022 19:44:18 GMT
content-length: 0
expires: 0
cache-control: no-cache, no-store, max-age=0, must-revalidate
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
x-pushplatformapp-params:
content-security-policy: default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src https://* data:; font-src 'self' data:
x-pushplatformapp-alert: pushPlatformApp.pushSubscription.deleted
x-frame-options: DENY
access-control-expose-headers: Authorization, Link, X-Total-Count
access-control-allow-origin: https://mubayiro.de
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
access-control-allow-credentials: true
x-content-type-options: nosniff
feature-policy: geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; fullscreen 'self'; payment 'none'
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gb%2BWlx8EpMiPHSwoxes%2FL%2BmMr%2BjrpHy5Cg0wph%2Bihj%2B5Rrp6OsCH7%2FEE8Ntg%2B4nU0QdJAALdOD%2BCPrSCcwElpzj4Ukdo8Rz3eZQf1xRN0PlR8ASsw4hdag98bNtVv0q4eysY6ybOYS3tuA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74ab9dd5fcce755a-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
event.trk-consulatu.com/register/event_log/zngxrmn8go
200 OK 0 B URL HTTP/2 event.trk-consulatu.com/register/event_log/zngxrmn8go
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /register/event_log/zngxrmn8go HTTP/1.1
Host: event.trk-consulatu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mubayiro.de/
Content-type: application/json
Origin: https://mubayiro.de
Content-Length: 148
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 14 Sep 2022 19:44:18 GMT
content-length: 0
expires: 0
cache-control: no-cache, no-store, max-age=0, must-revalidate
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
x-pushplatformapp-params:
content-security-policy: default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src https://* data:; font-src 'self' data:
x-pushplatformapp-alert: pushPlatformApp.pushSubscription.deleted
x-frame-options: DENY
access-control-expose-headers: Authorization, Link, X-Total-Count
access-control-allow-origin: https://mubayiro.de
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
access-control-allow-credentials: true
x-content-type-options: nosniff
feature-policy: geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; fullscreen 'self'; payment 'none'
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XrLvpr8iRlXcvwxm6daD%2FwpaZ%2BDzinGRldRthSnbYeziIXSpB5jOn%2Bh3b1SjFQLKRTO8W5vZ1s%2BE5ER84fjfDZUFqPQh9eEdeHKEuvABH06n09bpCsHPIFZ6CV9Q0pvnStfAZCRBeqBvNA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74ab9dd62d0e755a-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Hash 285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 09 Sep 2022 00:48:31 GMT
expires: Sat, 09 Sep 2023 00:48:31 GMT
cache-control: public, max-age=31536000
age: 500148
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
200 OK 15 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Hash 5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 10 Sep 2022 12:31:58 GMT
expires: Sun, 10 Sep 2023 12:31:58 GMT
cache-control: public, max-age=31536000
age: 371541
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
api.botman.ninja/ic.php?ak=4419fb3582f78f4682e1fa79b67675582c6f9ece&m=AF&f=RUV&fs=SCR&v=17&vis=NA&ifp=0&burl=https%3A%2F%2Fmubayiro.de%2Fcampaign_1173.html%3FcoyoteAffiliTokenId%3D441962330%26aps%3D%26aps2%3D%26rlmset%3Dedeka_de%26&uq=UkcOFpd08sIf&ac=NA&purl=http%3A%2F%2Foxbkp.track4ref.com%2F&ih=939&iw=1280&ow=1280&oh=1024&plf=Linux%20x86_64&cpu=Linux%20x86_64&lst=234lj4kl4dXfsDfkJitY323f6d3&aver=5.0%20(X11)&uagt=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&cen=UTF-8&aname=Netscape&acod=Mozilla&cd=24&zi=NA&nlang=en-US&ndrv=false&win=true&dnt=undefined&hco=16&plg=true&layer=NA&nmt=0&nbo=UTC&fsa=false&ch=939&cw=1280&sh=1024&sw=1280&bld=24&actv=visible&acc=NA&gyro=undefined&pop=false&brl=NA&brt=NA&brh=NA&brb=NA&als=NA&cam=undefined&bt=undefined&ce=true&dlmax=undefined&ntype=undefined&ofw=NA&ofh=NA&s1=85&s2=117567&s3=1173&s4=1096bc30fd724ab897dfa118255bdefae3d8&s5=edeka_de&s6=s6macro&hless=false&s7=s7macro&s8=s8macro&s9=s9macro&s10=s10macro&s11=s11macro&s12=s12macro&s13=s13macro&s14=s14macro&s15=s15macro&s16=s16macro&s17=s17macro&s18=s18macro&s19=s19macro&s20=441962330
200 OK 41 B URL HTTP/2 api.botman.ninja/ic.php?ak=4419fb3582f78f4682e1fa79b67675582c6f9ece&m=AF&f=RUV&fs=SCR&v=17&vis=NA&ifp=0&burl=https%3A%2F%2Fmubayiro.de%2Fcampaign_1173.html%3FcoyoteAffiliTokenId%3D441962330%26aps%3D%26aps2%3D%26rlmset%3Dedeka_de%26&uq=UkcOFpd08sIf&ac=NA&purl=http%3A%2F%2Foxbkp.track4ref.com%2F&ih=939&iw=1280&ow=1280&oh=1024&plf=Linux%20x86_64&cpu=Linux%20x86_64&lst=234lj4kl4dXfsDfkJitY323f6d3&aver=5.0%20(X11)&uagt=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&cen=UTF-8&aname=Netscape&acod=Mozilla&cd=24&zi=NA&nlang=en-US&ndrv=false&win=true&dnt=undefined&hco=16&plg=true&layer=NA&nmt=0&nbo=UTC&fsa=false&ch=939&cw=1280&sh=1024&sw=1280&bld=24&actv=visible&acc=NA&gyro=undefined&pop=false&brl=NA&brt=NA&brh=NA&brb=NA&als=NA&cam=undefined&bt=undefined&ce=true&dlmax=undefined&ntype=undefined&ofw=NA&ofh=NA&s1=85&s2=117567&s3=1173&s4=1096bc30fd724ab897dfa118255bdefae3d8&s5=edeka_de&s6=s6macro&hless=false&s7=s7macro&s8=s8macro&s9=s9macro&s10=s10macro&s11=s11macro&s12=s12macro&s13=s13macro&s14=s14macro&s15=s15macro&s16=s16macro&s17=s17macro&s18=s18macro&s19=s19macro&s20=441962330
IP
File type JSON data\012- , ASCII text
Hash 003c16bbd08f0467e727f68d625eb1aa
1df344f981fdf79ae77003797fde468ab0d74a9e
9e59beba092ee2e5ea034d3b3eeb54a9d78a17b9c7f0da3f79251ffdb9480d19
GET /ic.php?ak=4419fb3582f78f4682e1fa79b67675582c6f9ece&m=AF&f=RUV&fs=SCR&v=17&vis=NA&ifp=0&burl=https%3A%2F%2Fmubayiro.de%2Fcampaign_1173.html%3FcoyoteAffiliTokenId%3D441962330%26aps%3D%26aps2%3D%26rlmset%3Dedeka_de%26&uq=UkcOFpd08sIf&ac=NA&purl=http%3A%2F%2Foxbkp.track4ref.com%2F&ih=939&iw=1280&ow=1280&oh=1024&plf=Linux%20x86_64&cpu=Linux%20x86_64&lst=234lj4kl4dXfsDfkJitY323f6d3&aver=5.0%20(X11)&uagt=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&cen=UTF-8&aname=Netscape&acod=Mozilla&cd=24&zi=NA&nlang=en-US&ndrv=false&win=true&dnt=undefined&hco=16&plg=true&layer=NA&nmt=0&nbo=UTC&fsa=false&ch=939&cw=1280&sh=1024&sw=1280&bld=24&actv=visible&acc=NA&gyro=undefined&pop=false&brl=NA&brt=NA&brh=NA&brb=NA&als=NA&cam=undefined&bt=undefined&ce=true&dlmax=undefined&ntype=undefined&ofw=NA&ofh=NA&s1=85&s2=117567&s3=1173&s4=1096bc30fd724ab897dfa118255bdefae3d8&s5=edeka_de&s6=s6macro&hless=false&s7=s7macro&s8=s8macro&s9=s9macro&s10=s10macro&s11=s11macro&s12=s12macro&s13=s13macro&s14=s14macro&s15=s15macro&s16=s16macro&s17=s17macro&s18=s18macro&s19=s19macro&s20=441962330 HTTP/1.1
Host: api.botman.ninja
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mubayiro.de
Connection: keep-alive
Referer: https://mubayiro.de/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 14 Sep 2022 19:44:18 GMT
content-type: text/html; charset=UTF-8
content-length: 41
server: Apache/2.4.41 (Ubuntu)
set-cookie: PHPSESSID=uqht2nec5v9hhj51r3cmpmbe0o; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-origin: https://mubayiro.de
access-control-allow-headers: Access-Control-Allow-Headers, Origin,Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-max-age: 86400
X-Firefox-Spdy: h2
cleanleadsonly.com/p
200 OK 0 B IP
ASN #60781 LeaseWeb Netherlands B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /p HTTP/1.1
Host: cleanleadsonly.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 820
Origin: https://mubayiro.de
Connection: keep-alive
Referer: https://mubayiro.de/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
content-length: 0
www.rltools.de/rlm_analytics/rlm_stat.php
200 OK 0 B URL HTTP/2 www.rltools.de/rlm_analytics/rlm_stat.php
IP
ASN #34788 Neue Medien Muennich GmbH
POST /rlm_analytics/rlm_stat.php HTTP/1.1
Host: www.rltools.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 73
Origin: https://mubayiro.de
Connection: keep-alive
Referer: https://mubayiro.de/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-allow-methods: GET, PUT, POST, DELETE, OPTIONS
access-control-max-age: 1000
access-control-allow-headers: Content-Type, Authorization, X-Requested-With
vary: Accept-Encoding,User-Agent
content-encoding: br
content-type: application/json; charset=utf-8
date: Wed, 14 Sep 2022 19:44:19 GMT
server: Apache
X-Firefox-Spdy: h2
www.rltools.de/rlm_analytics/rlm_stat.php
200 OK 0 B URL HTTP/2 www.rltools.de/rlm_analytics/rlm_stat.php
IP
ASN #34788 Neue Medien Muennich GmbH
POST /rlm_analytics/rlm_stat.php HTTP/1.1
Host: www.rltools.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 192
Origin: https://mubayiro.de
Connection: keep-alive
Referer: https://mubayiro.de/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-allow-methods: GET, PUT, POST, DELETE, OPTIONS
access-control-max-age: 1000
access-control-allow-headers: Content-Type, Authorization, X-Requested-With
vary: Accept-Encoding,User-Agent
content-encoding: br
content-type: application/json; charset=utf-8
date: Wed, 14 Sep 2022 19:44:19 GMT
server: Apache
X-Firefox-Spdy: h2
rltools.de/traffic_check01/check.php?click_id=track_20220914194417_c174fe98_f275_4813_a43f_fd265b283a2a
200 OK 0 B URL HTTP/2 rltools.de/traffic_check01/check.php?click_id=track_20220914194417_c174fe98_f275_4813_a43f_fd265b283a2a
IP
ASN #34788 Neue Medien Muennich GmbH
GET /traffic_check01/check.php?click_id=track_20220914194417_c174fe98_f275_4813_a43f_fd265b283a2a HTTP/1.1
Host: rltools.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mubayiro.de
Connection: keep-alive
Referer: https://mubayiro.de/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
vary: Accept-Encoding,User-Agent
content-encoding: br
content-type: application/json
date: Wed, 14 Sep 2022 19:44:19 GMT
server: Apache
X-Firefox-Spdy: h2
trk-consulatu.com/scripts/push/script/l4ev3xvd1w?url=mubayiro.de
200 OK 0 B URL HTTP/2 trk-consulatu.com/scripts/push/script/l4ev3xvd1w?url=mubayiro.de
IP
GET /scripts/push/script/l4ev3xvd1w?url=mubayiro.de HTTP/1.1
Host: trk-consulatu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mubayiro.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 14 Sep 2022 19:44:18 GMT
content-type: application/javascript;charset=UTF-8
expires: 0
cache-control: no-cache, no-store, max-age=0, must-revalidate
x-xss-protection: 1; mode=block
pragma: no-cache
x-frame-options: DENY
referrer-policy: strict-origin-when-cross-origin
content-security-policy: default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src https://* data:; font-src 'self' data:
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-content-type-options: nosniff
feature-policy: geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; fullscreen 'self'; payment 'none'
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m2%2BngBygttVWc6q5SSFjZKeri1JCpvR5HuIMbgqP29gzHNEWtIcsWi7LGFtEYF4SUcDADIaFX1pZLunHvjYM3hZG8BninMIr335QVDjRJVtz4Ix4cmtaqipdme6VfA4%2B3qm8nA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74ab9dd0deafe64c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cleanleadsonly.com/j/4835109d48c9e17ffe
200 OK 0 B URL HTTP/1.1 cleanleadsonly.com/j/4835109d48c9e17ffe
IP
ASN #60781 LeaseWeb Netherlands B.V.
GET /j/4835109d48c9e17ffe HTTP/1.1
Host: cleanleadsonly.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mubayiro.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Connection: close
Date: Wed, 14 Sep 2022 19:44:17 GMT
ETag: 3681ff7663222f113f80b544876cd02d--gzip
Cache-Control: private, max-age=0, no-cache, must-revalidate
Pragma: no-cache
Accept-CH: Width, Viewport-Width, Viewport-Height, Device-Memory, Content-DPR, DPR, Save-Data, Downlink, ECT, RTT, Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List
Content-Type: text/javascript;charset=utf-8
Vary: Accept-Encoding, User-Agent
Content-Encoding: gzip
www.rltools.de/rlm_analytics/rlm_stat.php
200 OK 0 B URL HTTP/2 www.rltools.de/rlm_analytics/rlm_stat.php
IP
ASN #34788 Neue Medien Muennich GmbH
POST /rlm_analytics/rlm_stat.php HTTP/1.1
Host: www.rltools.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 16
Origin: https://mubayiro.de
Connection: keep-alive
Referer: https://mubayiro.de/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-allow-methods: GET, PUT, POST, DELETE, OPTIONS
access-control-max-age: 1000
access-control-allow-headers: Content-Type, Authorization, X-Requested-With
vary: Accept-Encoding,User-Agent
content-encoding: br
content-type: application/json; charset=utf-8
date: Wed, 14 Sep 2022 19:44:18 GMT
server: Apache
X-Firefox-Spdy: h2
52.19.101.114
52.52.79.220
104.18.11.207
52.219.171.2
62.212.87.244
23.36.76.226
93.184.220.29