Overview

URL app.secads.club/subu8870195e4983687bb781f16f35da1fe0
IP20.113.187.208
ASNMICROSOFT-CORP-MSN-AS-BLOCK
Location Germany
Report completed2022-11-25 10:57:10 UTC
StatusLoading report..
urlquery Alerts Scam - Fake AntiVirus


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-11-25 2 app.secads.club/subu8870195e4983687bb781f16f35da1fe0 Phishing
mnemonic secure dns  No alerts detected
Quad9 DNS  No alerts detected


Files

No files detected



Passive DNS (12)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS detectportal.firefox.com (1) 1601 2018-08-30 09:52:03 UTC 2020-04-29 19:46:30 UTC 34.107.221.82
mnemonic passive DNS ocsp.digicert.com (3) 86 2012-05-21 07:02:23 UTC 2020-05-02 20:58:10 UTC 93.184.220.29
mnemonic passive DNS firefox.settings.services.mozilla.com (10) 867 2020-06-04 20:08:41 UTC 2022-11-25 06:03:02 UTC 34.102.187.140
mnemonic passive DNS push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2020-05-03 10:09:39 UTC 35.162.125.72
mnemonic passive DNS img-getpocket.cdn.mozilla.net (6) 1631 2018-06-21 23:36:00 UTC 2020-02-19 04:43:25 UTC 34.120.237.76
mnemonic passive DNS app.secads.club (1) 449868 No data No data 20.113.187.208
mnemonic passive DNS r3.o.lencr.org (6) 344 No data No data 23.36.77.32
mnemonic passive DNS getpocket.cdn.mozilla.net (1) 1369 2018-08-28 13:15:36 UTC 2020-03-21 16:37:27 UTC 34.120.5.221
mnemonic passive DNS content-signature-2.cdn.mozilla.net (2) 1152 No data No data 34.160.144.191
mnemonic passive DNS nine3app.xyz (4) 0 2022-09-19 16:03:41 UTC 2022-11-24 05:21:25 UTC 104.21.8.187 Unknown ranking
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-11-25 05:51:47 UTC 34.117.237.239
mnemonic passive DNS shavar.services.mozilla.com (1) 3602 2015-09-28 06:30:01 UTC 2020-05-04 00:48:21 UTC 52.36.92.75


Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 20.113.187.208

Date UQ / IDS / BL URL IP
2022-12-01 23:12:16 +0000
4 - 0 - 0 firstappad.me/15GPrj 20.113.187.208
2022-12-01 01:57:47 +0000
1 - 0 - 1 app.secads.club/subucbe35065a48de8ec1998b7bef (...) 20.113.187.208
2022-11-30 13:42:43 +0000
1 - 0 - 1 app.secads.club/subu41a423a86b15e938a3ad22c51 (...) 20.113.187.208
2022-11-30 09:02:58 +0000
1 - 0 - 1 app.secads.club/subu8870195e4983687bb781f16f3 (...) 20.113.187.208
2022-11-29 07:22:25 +0000
0 - 0 - 1 app.secads.club/15GlG1 20.113.187.208

Last 5 reports on ASN: MICROSOFT-CORP-MSN-AS-BLOCK

Date UQ / IDS / BL URL IP
2022-12-02 03:11:46 +0000
0 - 0 - 1 biyttrex.me/ 20.222.170.235
2022-12-02 03:02:24 +0000
0 - 0 - 1 52.98.43.130/ 52.98.43.130
2022-12-02 02:58:03 +0000
0 - 0 - 2 hgs.dvrlists.com/login/mail.php 40.76.140.221
2022-12-02 02:51:00 +0000
9 - 0 - 15 pubgspin107.duckdns.org/ 20.9.70.76
2022-12-02 00:56:25 +0000
0 - 0 - 0 outlook.office.com/findtime/vote?getrequestur (...) 132.245.231.0

Last 5 reports on domain: secads.club

Date UQ / IDS / BL URL IP
2022-12-01 18:04:54 +0000
5 - 0 - 1 app.secads.club/subucbe35065a48de8ec1998b7bef (...) 20.113.188.243
2022-12-01 11:18:55 +0000
0 - 0 - 1 app.secads.club/subu6b55e49dabd34bf604f495abb (...) 20.113.188.243
2022-12-01 10:43:14 +0000
0 - 0 - 1 app.secads.club/subueb0641bc36dc87d07ff344202 (...) 20.113.188.243
2022-12-01 01:57:47 +0000
1 - 0 - 1 app.secads.club/subucbe35065a48de8ec1998b7bef (...) 20.113.187.208
2022-11-30 20:52:55 +0000
6 - 0 - 1 app.secads.club/15GBdn 20.113.67.50

Last 5 reports with similar screenshot

Date UQ / IDS / BL URL IP
2022-11-30 20:52:55 +0000
6 - 0 - 1 app.secads.club/15GBdn 20.113.67.50
2022-11-30 09:02:58 +0000
1 - 0 - 1 app.secads.club/subu8870195e4983687bb781f16f3 (...) 20.113.187.208
2022-11-26 20:51:05 +0000
1 - 0 - 1 app.secads.club/subuf3d09230024c8907646099612 (...) 20.113.187.208
2022-11-26 12:02:58 +0000
1 - 0 - 1 app.secads.club/subuf3d09230024c8907646099612 (...) 20.113.188.243
2022-11-26 04:00:26 +0000
1 - 0 - 1 app.secads.club/subu8870195e4983687bb781f16f3 (...) 20.113.187.208


JavaScript

Executed Scripts (6)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (37)


Request Response
                                        
                                            GET /success.txt?ipv4 HTTP/1.1 
Host: detectportal.firefox.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         34.107.221.82
HTTP/1.1 200 OK
Content-Type: text/plain
                                        
Server: nginx
Content-Length: 8
Via: 1.1 google
Date: Fri, 25 Nov 2022 05:15:31 GMT
Age: 20482
Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600


--- Additional Info ---
Magic:  ASCII text
Size:   8
Md5:    ae780585f49b94ce1444eb7d28906123
Sha1:   7d5ca8c0c03e883c56c4eb1ef6f6bb9bccad4d86
Sha256: 81b2bd4ea98c8db66554fbc8d7637a1a69a130f331feb732b75caab4c4868fd5
                                        
                                            GET /subu8870195e4983687bb781f16f35da1fe0 HTTP/1.1 
Host: app.secads.club
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         20.113.187.208
HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
                                        
Server: nginx/1.23.0
Date: Fri, 25 Nov 2022 10:56:54 GMT
Content-Length: 490
Connection: keep-alive
Location: http://nine3app.xyz/ef494c32/?clickid=aadfde1bf35f8b96ed8e5ab235f76057-10342-1125&device_name=Desktop&device_brand=Desktop&device_model=Desktop&domain=app.secads.club&pr_key=33a0daf79e8a7f6e772a31fab7cdd548$PtOxAGGVeDx2RNMVJ0INMg--uQTMu3On_wyRSygOQHdJE9x.KvVSEreiPuQpU0836I3xOfXQKfnZYjndDY_oJZ4VFfNKVltZH86xHTRq_8FUBq8ozb67KJOEWZOHByzTcBH7DYoBQIb6FcyNcg8kFTPWktVFRLF2YHqXvCQfpoqSm6a_EjK7Becl9vmhySmRM9p9WMjmOibUeq0as6U40hu6wwa6UHMem87iRSHrSQ9rJg--
Set-Cookie: subu8870195e4983687bb781f16f35da1fe0l=1; Path=/; Domain=app.secads.club; Max-Age=1669460214; SameSite=Lax pc-cid=aadfde1bf35f8b96ed8e5ab235f76057-10342-1125; Path=/; Domain=app.secads.club; Max-Age=1669460214; SameSite=Lax pc-campaign=subu8870195e4983687bb781f16f35da1fe0; Path=/; Domain=app.secads.club; Max-Age=1669460214; SameSite=Lax pc-linf=eyIxIjoic3VidTg4NzAxOTVlNDk4MzY4N2JiNzgxZjE2ZjM1ZGExZmUwIiwiMTIiOjc3MzMsIjIiOjExMzMzNTUsIjMiOiJXaXRob3V0IHJlZmVyZXIiLCI0Ijp7fSwiNSI6MjI3MTAwLCIxMSI6MjM5OTY0LCI5IjoxNjY5MzczODE0MTAyMzY5MDkyLCIxMCI6MCwiMTMiOjAsIjE0IjoxLCI2IjoxLCI3IjowLCIxNSI6MCwiQ2lkIjoiYWFkZmRlMWJmMzVmOGI5NmVkOGU1YWIyMzVmNzYwNTctMTAzNDItMTEyNSJ9; Path=/; Domain=app.secads.club; Max-Age=1669460214; SameSite=Lax


--- Additional Info ---
Magic:  HTML document, ASCII text, with very long lines (488)
Size:   490
Md5:    027a4ac7c1b3f9aea17242f836fa24a5
Sha1:   df2c8125d4637ccbb16837f474230b3af9f0f83c
Sha256: eca26c61b522b35da6a81976ecc43d21487fbbf87090ff854f7aa7785638289d

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "7A0E3C0ED7C9CE558E091F945F748B0AD14A4F32FF16CE66CD0EE20A493B6707"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5790
Expires: Fri, 25 Nov 2022 12:33:24 GMT
Date: Fri, 25 Nov 2022 10:56:54 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "164D11173045B569CAFB32E300E4C1EC6D6AB177FD34D0414CC40C541268779F"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6028
Expires: Fri, 25 Nov 2022 12:37:22 GMT
Date: Fri, 25 Nov 2022 10:56:54 GMT
Connection: keep-alive

                                        
                                            GET /v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=NO&count=30 HTTP/1.1 
Host: getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.5.221
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
vary: Accept-Encoding
content-location: global-recs.php
tcn: choice
x-frame-options: SAMEORIGIN
status: 200 OK
x-source: Pocket
pragma: cache
p3p: policyref="/w3c/p3p.xml", CP="ALL CURa ADMa DEVa OUR IND UNI COM NAV INT STA PRE"
x-cache: Miss from cloudfront
x-amz-cf-pop: SEA73-P2
x-amz-cf-id: 7jMYko9BZN2Rb5NvMTB_K55n5mFsGfIynj3LvuJtCjHMpaf5tLgHeg==
content-encoding: gzip
via: 1.1 a8e5d5aeee6eacca5c379e5059b1f68c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 10:50:06 GMT
content-length: 42176
age: 408
cache-control: s-maxage=900,public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Size:   42176
Md5:    acdbd8655a0681714e46a0f6d685108d
Sha1:   ac304f6473c119972b891455c11e3502d329b719
Sha256: 52f31b431eb8c2db5535992dbab79619daeb534d355373128fadfb14bdc54e0d
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C9951A909F354174F0075A01C01C3C3AA6960983040E328BFBBBEA81AEB405C2"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16690
Expires: Fri, 25 Nov 2022 15:35:04 GMT
Date: Fri, 25 Nov 2022 10:56:54 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: WQRA+QE+rRtHzsBRgKO4y+3ymafselblY54Nf5PfQovgMuCcp3OQluDQ4Mpnh4dO9ZpEFWVVYPw=
x-amz-request-id: 6AQ54DG30WJFBY63
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 25 Nov 2022 10:21:35 GMT
age: 2119
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    67d5a988edcda47bc3b3b3f65d32b4b6
Sha1:   d4f0e0da8b3690cc7da925026d3414b68c7d954f
Sha256: 55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5890
Cache-Control: 'max-age=158059'
Date: Fri, 25 Nov 2022 10:56:54 GMT
Last-Modified: Fri, 25 Nov 2022 09:18:44 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /ef494c32/?clickid=aadfde1bf35f8b96ed8e5ab235f76057-10342-1125&device_name=Desktop&device_brand=Desktop&device_model=Desktop&domain=app.secads.club&pr_key=33a0daf79e8a7f6e772a31fab7cdd548$PtOxAGGVeDx2RNMVJ0INMg--uQTMu3On_wyRSygOQHdJE9x.KvVSEreiPuQpU0836I3xOfXQKfnZYjndDY_oJZ4VFfNKVltZH86xHTRq_8FUBq8ozb67KJOEWZOHByzTcBH7DYoBQIb6FcyNcg8kFTPWktVFRLF2YHqXvCQfpoqSm6a_EjK7Becl9vmhySmRM9p9WMjmOibUeq0as6U40hu6wwa6UHMem87iRSHrSQ9rJg-- HTTP/1.1 
Host: nine3app.xyz
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         104.21.8.187
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Fri, 25 Nov 2022 10:56:54 GMT
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=411r9TEEnb%2BxXqs6uHG9xoxoCM%2BHWeyVZ9VKcSDP%2Fa0PvWbmvpMfh7dryF0lm3YsY5lsfn%2BV9V71SJJrvZwUDQQ6W8I47LDo7lU5ulTBgdifCk8dRCf9dJ0oh7RS77Q%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 76f9dc432943b512-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- assembler source, Unicode text, UTF-8 text
Size:   6945
Md5:    2e829f123b0c9d85f74b0f7732e4292c
Sha1:   c4283c096e8c725fc49347f2580279c684c191fd
Sha256: 3dda0a02a3cc0c404b297e729411a3d08480dca6a98819e086b10e8847a6ca0c
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Backoff, Alert, Content-Type, Retry-After, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 25 Nov 2022 10:17:26 GMT
cache-control: public,max-age=3600
age: 2368
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    d130218d0e2841f39c99610fe1a2ab90
Sha1:   29fbe1e177ee55c7a61ae0a206afff271cf5f945
Sha256: 6b6d74dccf10c2bc98a91c3388280d7ba1d9596bf8cadd7db0e2f63720b3d152
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Fri, 25 Nov 2022 10:56:54 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /ef494c32/gp2.png HTTP/1.1 
Host: nine3app.xyz
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://nine3app.xyz/ef494c32/?clickid=aadfde1bf35f8b96ed8e5ab235f76057-10342-1125&device_name=Desktop&device_brand=Desktop&device_model=Desktop&domain=app.secads.club&pr_key=33a0daf79e8a7f6e772a31fab7cdd548$PtOxAGGVeDx2RNMVJ0INMg--uQTMu3On_wyRSygOQHdJE9x.KvVSEreiPuQpU0836I3xOfXQKfnZYjndDY_oJZ4VFfNKVltZH86xHTRq_8FUBq8ozb67KJOEWZOHByzTcBH7DYoBQIb6FcyNcg8kFTPWktVFRLF2YHqXvCQfpoqSm6a_EjK7Becl9vmhySmRM9p9WMjmOibUeq0as6U40hu6wwa6UHMem87iRSHrSQ9rJg--

                                         
                                         104.21.8.187
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Fri, 25 Nov 2022 10:56:54 GMT
Content-Length: 6567
Connection: keep-alive
Last-Modified: Thu, 16 Jun 2022 15:00:17 GMT
ETag: "62ab4581-19a7"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QhrN1aye7kZp1oN6pTHEXypTmnzsBdpYRmduo6Z8OjycL7sAGLl8qgsfY6Lmj3Hs1mkIzD1hDOKGM7AmS%2FfjTO6AAswZEgLCx2qEADTqYqs5eDsi7wyiBaaBwWNO24g%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76f9dc44bb630afe-OSL
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  PNG image data, 646 x 250, 8-bit colormap, non-interlaced\012- data
Size:   6567
Md5:    1f12a6762bc48d9b8718238d2da2c41d
Sha1:   c349b997c783fcefe385f1c5e88c4836d2a84cd5
Sha256: decc3938dfd47c68d5dfbd2e9e30286b4664382d3938145ed7e16bb1b33fb08f
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3944
Cache-Control: 'max-age=158059'
Date: Fri, 25 Nov 2022 10:56:54 GMT
Etag: "637fb00a-1d7"
Last-Modified: Fri, 25 Nov 2022 09:51:10 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /ef494c32/icon.png HTTP/1.1 
Host: nine3app.xyz
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://nine3app.xyz/ef494c32/?clickid=aadfde1bf35f8b96ed8e5ab235f76057-10342-1125&device_name=Desktop&device_brand=Desktop&device_model=Desktop&domain=app.secads.club&pr_key=33a0daf79e8a7f6e772a31fab7cdd548$PtOxAGGVeDx2RNMVJ0INMg--uQTMu3On_wyRSygOQHdJE9x.KvVSEreiPuQpU0836I3xOfXQKfnZYjndDY_oJZ4VFfNKVltZH86xHTRq_8FUBq8ozb67KJOEWZOHByzTcBH7DYoBQIb6FcyNcg8kFTPWktVFRLF2YHqXvCQfpoqSm6a_EjK7Becl9vmhySmRM9p9WMjmOibUeq0as6U40hu6wwa6UHMem87iRSHrSQ9rJg--

                                         
                                         104.21.8.187
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Fri, 25 Nov 2022 10:56:54 GMT
Content-Length: 8730
Connection: keep-alive
Last-Modified: Thu, 16 Jun 2022 15:00:17 GMT
ETag: "62ab4581-221a"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DOpch8frJ%2BJuiOnRBN9YmqoExsj98nHbJed93GiDoDAWERjQcB09R3Eb0p0uKkM4B7%2BxWCEbnlYZ3oI90qzReyCLlgGtxW%2FoFgHdWyEI%2BA2e2zmpF0rJnUtsQDAPF3s%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76f9dc459c560afe-OSL
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  PNG image data, 250 x 250, 8-bit/color RGBA, non-interlaced\012- data
Size:   8730
Md5:    db0156e7646f17debf44c9ce4e79b3f1
Sha1:   a0dbacd714b52e9d360b21ea47022dc6124be88c
Sha256: 935bea814a879495307745976751ff1e1003721c4d2e0d5e3487a5111fb2efff
                                        
                                            POST /downloads?client=Firefox&appver=96.0a&pver=2.2 HTTP/1.1 
Host: shavar.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 773
Connection: close
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: none
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         52.36.92.75
HTTP/1.1 200 OK
Content-Type: application/octet-stream
                                        
Date: Fri, 25 Nov 2022 10:56:54 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Length: 8
Connection: Close


--- Additional Info ---
Magic:  ASCII text
Size:   8
Md5:    29fc57841962e407cb50c1be60284bf7
Sha1:   ce968a77e2996da5eee8925182318f171ccdce47
Sha256: ae7e7075247dcfad763f1e131aeac3d2e756bb03d48b0d315a50c69636e5dc8b
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: ETag, Content-Type, Content-Length, Last-Modified, Alert, Backoff, Pragma, Expires, Retry-After, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 25 Nov 2022 10:08:53 GMT
cache-control: public,max-age=3600
age: 2882
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3734
Cache-Control: max-age=169930
Date: Fri, 25 Nov 2022 10:56:55 GMT
Etag: "638085ab-1d7"
Expires: Sun, 27 Nov 2022 10:09:05 GMT
Last-Modified: Fri, 25 Nov 2022 09:06:51 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: i2nqs2/DGvoaT2hysnjQ6A==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         35.162.125.72
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: UMbos9EsfmMpe3d+Hnw1GOw+pA4=

                                        
                                            GET /v1/buckets/monitor/collections/changes/changeset?_expected=%221669371719839%22 HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Length, Alert, Backoff, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 21675
via: 1.1 google
date: Fri, 25 Nov 2022 10:26:57 GMT
cache-control: public,max-age=3600
last-modified: Fri, 25 Nov 2022 10:21:59 GMT
age: 1798
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (21675), with no line terminators
Size:   21675
Md5:    0f70a7f7123505113a104cfeb4eaea57
Sha1:   3c5b93a19674aec4658bcebe39c22f92888b59bf
Sha256: aa349a9acc094813980bf6f6a0a1f833267f7da799d31c825b2a2bbd26ef7b31
                                        
                                            GET /v1/buckets/blocklists/collections/addons-bloomfilters/changeset?_expected=1669055838363&_since=%221666204638208%22 HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 6593
via: 1.1 google
date: Fri, 25 Nov 2022 10:39:48 GMT
cache-control: public,max-age=3600
age: 1027
last-modified: Mon, 21 Nov 2022 18:37:18 GMT
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (6593), with no line terminators
Size:   6593
Md5:    173414a662e4d0d6c29b893819284fcc
Sha1:   e7823586afc7d40c1ffd732e3f0f98d22f9cb6b6
Sha256: 28a589a49cbca81692eb7cc6bb2725f5d56b11238143a58c97f33260a81eb750
                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: EdkR7pVPZUdNkP6lePB3F/74bjHHKuLPRUwUaWuwVL38xvTOjWZISxcnKSNf8hfQV2qij5VY7XU=
x-amz-request-id: SDQ849EMKB37HX8J
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 25 Nov 2022 10:40:46 GMT
age: 969
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    9ebddc2b260d081ebbefee47c037cb28
Sha1:   492bad62a7ca6a74738921ef5ae6f0be5edebf39
Sha256: 74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
                                        
                                            GET /v1/buckets/main/collections/nimbus-desktop-experiments/changeset?_expected=1669315595212&_since=%221666279968541%22 HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Backoff, Alert, Content-Type, Retry-After, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 27155
via: 1.1 google
date: Fri, 25 Nov 2022 10:29:52 GMT
cache-control: public,max-age=3600
age: 1623
last-modified: Thu, 24 Nov 2022 18:46:35 GMT
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (27155), with no line terminators
Size:   27155
Md5:    ac619cf3864a0cc124ef2d8917355b2c
Sha1:   e7deb60297e8951331382468d8ad9b1804e51139
Sha256: 5c5aad45a1d663bbb00d9021e9920bfa636f15fd04fbf35fd58bffc22ef865aa
                                        
                                            GET /v1/buckets/main/collections/query-stripping/changeset?_expected=1667238122278&_since=%221656585893704%22 HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 1719
via: 1.1 google
date: Fri, 25 Nov 2022 10:40:12 GMT
cache-control: public,max-age=3600
age: 1004
last-modified: Mon, 31 Oct 2022 17:42:02 GMT
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (1719), with no line terminators
Size:   1719
Md5:    673c0c8594251318f6ddab69439200f0
Sha1:   dfdfdbaa6ea4d5e1f2b58917573fa74c84b73f96
Sha256: 26808cb3b91051a2e383451dad0b069836788756c6a97faba58fc23d11a88477
                                        
                                            GET /v1/buckets/main/collections/partitioning-exempt-urls/changeset?_expected=1668607340435&_since=%221657747510534%22 HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Backoff, Alert, Content-Type, Retry-After, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 1482
via: 1.1 google
date: Fri, 25 Nov 2022 10:28:06 GMT
cache-control: public,max-age=3600
age: 1730
last-modified: Wed, 16 Nov 2022 14:02:20 GMT
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (1482), with no line terminators
Size:   1482
Md5:    151df207a4786253007ead8264c7a9fe
Sha1:   ef39481d3f610c25b27836fb375e24ac0f3c6b47
Sha256: 352e05fd634451861f76ed1790e01b4f9f8d8fe3993464263f846ada17eb343e
                                        
                                            GET /v1/buckets/main/collections/normandy-recipes-capabilities/changeset?_expected=1669130965213&_since=%221666483264567%22 HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Length, Alert, Backoff, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 50071
via: 1.1 google
date: Fri, 25 Nov 2022 10:08:01 GMT
cache-control: public,max-age=3600
age: 2935
last-modified: Tue, 22 Nov 2022 15:29:25 GMT
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (50071), with no line terminators
Size:   50071
Md5:    d9ea64a811de02c385592b0c8a699105
Sha1:   a357c79823836a300e146ea0b0d00b8e48776f62
Sha256: d495fbe8147ca0a17ed795da8571489396433b89dd26491684848d24404f11b9
                                        
                                            GET /v1/buckets/main/collections/hijack-blocklists?_expected=1605801189258 HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: ETag, Content-Type, Content-Length, Last-Modified, Alert, Backoff, Pragma, Expires, Retry-After, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 681
via: 1.1 google
date: Fri, 25 Nov 2022 10:17:05 GMT
cache-control: public,max-age=3600
age: 2391
last-modified: Sun, 20 Nov 2022 16:36:52 GMT
etag: "1668962212585"
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (681), with no line terminators
Size:   681
Md5:    eaee4fcc2a30b5cb65768e7228765063
Sha1:   a618faa6e4c7c412584de1dbc760a8067e32b7d7
Sha256: 20565fc5642a0bc063da8706ee310dd2512ee2a096a39976c34056a13a2bc2f6
                                        
                                            GET /v1/buckets/main/collections/cfr/changeset?_expected=1666894461944&_since=%221659547595259%22 HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Length, Alert, Backoff, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 1506
via: 1.1 google
date: Fri, 25 Nov 2022 09:59:41 GMT
cache-control: public,max-age=3600
age: 3435
last-modified: Thu, 27 Oct 2022 18:14:21 GMT
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (1506), with no line terminators
Size:   1506
Md5:    202f8030219491c4a368c475aaa98861
Sha1:   b3f7120107465db6e1eb7a21efb451253a30e31e
Sha256: 379786244e20b5c0d5ed80b9f3c03e9a964615c7df36764c9d96528290754de4
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14104
Expires: Fri, 25 Nov 2022 14:52:00 GMT
Date: Fri, 25 Nov 2022 10:56:56 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14104
Expires: Fri, 25 Nov 2022 14:52:00 GMT
Date: Fri, 25 Nov 2022 10:56:56 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14104
Expires: Fri, 25 Nov 2022 14:52:00 GMT
Date: Fri, 25 Nov 2022 10:56:56 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa9e23502-5ace-42f4-a990-42412dc7e04e.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6385
x-amzn-requestid: 4c2a84f7-f038-4f5a-86c2-5c8ce1a48c6e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cI5NVFMAoAMFn7g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63803bee-45c6411c2430e2375f530dd8;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 03:52:14 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Fj82i9qJmEiUy2DOkkowq8WRyzupMwNyQqu110sJ3o72HEW4yb7bjQ==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 07:35:26 GMT
age: 12090
etag: "9b8aafcda0e22edcc16d3048f4b88659d3b42419"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6385
Md5:    f6292a2988fb4505d0098553b8e99ddc
Sha1:   9b8aafcda0e22edcc16d3048f4b88659d3b42419
Sha256: 16b7b473229c5e519ab81b385c50277424f3f3b2a5d7647035e84ba58e44f3be
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fca5cb469-21a0-420a-875c-a81635b33f53.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7993
x-amzn-requestid: 9f0ff853-4819-47cd-959d-658401ea5748
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cEvCsG5mIAMFqAQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637e9211-1c48b9223684f2942f8dd42d;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 21:35:13 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 7YSXUV-LZpsI7vciFhuqt1EVr6YRkhxcOgMg8z8bxLcOE01_baf6Gg==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 21:47:53 GMT
age: 47343
etag: "43d1dec7fc06879988c9c3cadd800cc8145df988"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7993
Md5:    92c78302bcce1568eb6a5563100b932c
Sha1:   43d1dec7fc06879988c9c3cadd800cc8145df988
Sha256: 0dda9914306c8e3a7ea75eade8e762652d93907dd6c5a8cc81707d6d8098b60a
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F80e95b58-6cf9-4974-a4ce-f8515ca995ee.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 11743
x-amzn-requestid: 9ab0aba7-5cd1-4f6c-8984-dc221e1cbf8e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cICD-F7joAMFqmA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637fe3b2-152ba5f1495a44447356cdab;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 21:35:46 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: oWSNdsrz59sJC2znLnFqa_Zm3T14_d6j-rjzDQe4yV22Dy2Qc4Swaw==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 21:54:45 GMT
age: 46931
etag: "b0ddc1555d2506177adcdcea77864d75f1245d07"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   11743
Md5:    8784bb7a8b88736a6016f712e3183bf3
Sha1:   b0ddc1555d2506177adcdcea77864d75f1245d07
Sha256: 8e331713b0ad0b5670dd33dfdadde665e076a40ddb80905d4df89876d49803d8
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fac98a873-8b46-43f5-9ac0-fc1cc1a0cd81.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 11249
x-amzn-requestid: 8f679d7f-2ea5-4e47-b78d-79af59435a62
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cFPHYHkAIAMFpBg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637ec562-26108a785e910dc3355d58f1;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 01:14:10 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: NKwpIdw2RZNZNh69AF5GNvunA_QfRGClvzcRP3zYwn7c8BLBlt097g==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 07:46:20 GMT
age: 11436
etag: "85d3baad9217af2b5d75c019d2ef95dbb919a788"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   11249
Md5:    481c033b9ffd030ff0de6e35cf788b47
Sha1:   85d3baad9217af2b5d75c019d2ef95dbb919a788
Sha256: 02443c7869914c2b29892deb0c645395bcf4e8379da3cf20974614ff9c92893b
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F44e0daff-bc52-4621-aa2f-d9c59da29c1c.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 3955
x-amzn-requestid: 42c8d309-a8d2-47cc-8d97-c7fa3a63f8cd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cCM9NGJHoAMF4sQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637d8eba-2a06cda9346bd02c46955444;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 03:08:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 5MlzpHpq7auKLSAYikINuPAylXI11VJL3xxIJ9Dyub-7rjQaPfg0WQ==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 04:23:00 GMT
age: 23636
etag: "74cb2ccd6ae38b171bfbe5a74f0eccb09aa3836b"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   3955
Md5:    4006a9037ab5f28dca62b0aa7a704c41
Sha1:   74cb2ccd6ae38b171bfbe5a74f0eccb09aa3836b
Sha256: 556ae6516a1f272a96569a3637858292731a34e82672b682f6e7442ca68f4b1d
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F00e89fb5-5cb3-4f68-936b-5ee31d6061bc.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8006
x-amzn-requestid: 78aab013-df11-464b-a1c7-ee41b7e77b40
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cIB-AHSrIAMFvKw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637fe38c-4d795f410a57fc2c21d7075d;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 21:35:08 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: NntLZ3wUdcX9kEo-afFLU0TPKgqAlSK3bToNh2mmoqoyLBJINNk7ow==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 21:54:39 GMT
age: 46937
etag: "5d15fd672e968d59b541e4d5d0d01cd5e69f4075"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8006
Md5:    8b6ee13d43732f7c764a49500d092865
Sha1:   5d15fd672e968d59b541e4d5d0d01cd5e69f4075
Sha256: fc3623d527147e1c6aab399251ed8d527e6eefdee6ad7183f00df2613498bfe4
                                        
                                            GET /ef494c32/logo.gif HTTP/1.1 
Host: nine3app.xyz
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://nine3app.xyz/ef494c32/?clickid=aadfde1bf35f8b96ed8e5ab235f76057-10342-1125&device_name=Desktop&device_brand=Desktop&device_model=Desktop&domain=app.secads.club&pr_key=33a0daf79e8a7f6e772a31fab7cdd548$PtOxAGGVeDx2RNMVJ0INMg--uQTMu3On_wyRSygOQHdJE9x.KvVSEreiPuQpU0836I3xOfXQKfnZYjndDY_oJZ4VFfNKVltZH86xHTRq_8FUBq8ozb67KJOEWZOHByzTcBH7DYoBQIb6FcyNcg8kFTPWktVFRLF2YHqXvCQfpoqSm6a_EjK7Becl9vmhySmRM9p9WMjmOibUeq0as6U40hu6wwa6UHMem87iRSHrSQ9rJg--

                                         
                                         104.21.8.187
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Date: Fri, 25 Nov 2022 10:56:54 GMT
Content-Length: 576506
Connection: keep-alive
Last-Modified: Thu, 16 Jun 2022 15:00:17 GMT
ETag: "62ab4581-8cbfa"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BM65jHEvOq7iAAiI81oN9a%2BhGicyGnY8jgnGUVl8yRL2XiMx%2BQj3u0O4ILnejMhxXPn5v5HnYuF1nAl7cfJ7XGTzabmsKEyVeYKaQBDtm%2Bl3QhwTmVqnJlijNamFvqw%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76f9dc44bb64b512-OSL
alt-svc: h2=":443"; ma=60


--- Additional Info ---