urlquery - report: happy-mobi.net/2sp/mob/th/mtz28f233game/age21-btn-p-th-mc-2sp/?campaign_name=TH%20PPV%20R%20BL-m%20DTAC%202sp&lander_name=Mtz%20th/mtz28f233game/age21-btn-p-th-mc-2sp&clickid=wsj7fbmshk89n2qk2kk0lib4&source=a5810590-ab32-486f-8e0a-0372fbf9866f&cep=PJcLRTjtVnN7XGx2yw5hKWPhFpWkMbPclFn-X1rmQiJu74TnLm_LFdQgcH7glUkBmdij7w3Oy-rX5TLmmH9KbMar6Lm3lWVgnRhsINxLMg3e8M2RHelC3ok-3akErnqSe9H8VmhDwF16FNgGSnsX6v2KUemzKJMGu1TX2JjgnrWXHpedjFXPbTskAGHccXXlYUSC3z71Rg1N6g5nroNKFcW8nSr53gkK19sSQT_z_IAxHBk2A2qWd0-T28vfzqe4fFDlyIi9PtxMQSq6MtaK5xsD_l5nbmbav2VCRWZ4VDzfGYvOxCByrPNZdZk3lYkPfwMup5Dh4Tnn6V39k62MjhQDHgNwoDOYdSsXdimAtUG85vJ4i4Q5T7n6TZyD7Gfd&lptoken=16ca69c7664412f9299d

Fully Qualifying Domain Name	Rank	First Seen	Last Seen	Sent bytes	Received bytes	IP
ocsp.digicert.com (2)	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	682	1534	93.184.220.29
contile.services.mozilla.com (1)	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333	229	34.117.237.239
img-getpocket.cdn.mozilla.net (6)	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3246	55751	34.120.237.76
deefauph.com (1)	135892	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	490	304	139.45.197.251
push.services.mozilla.com (1)	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606	127	35.163.1.35
happy-mobi.net (5)	0	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	5314	40040	54.230.111.67
r3.o.lencr.org (8)	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2704	7088	23.36.77.32
firefox.settings.services.mozilla.com (2)	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782	2373	34.102.187.140
content-signature-2.cdn.mozilla.net (1)	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413	5844	34.160.144.191
ocsp.r2m02.amazontrust.com (1)	0	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	350	984	54.230.80.227

Scan Date	Severity	Indicator	Comment
2022-11-28	medium	happy-mobi.net/2sp/mob/th/mtz28f233game/age21-btn-p-th-mc-2sp/jquery-3.6.0. (...)	Phishing
2022-11-28	medium	happy-mobi.net/2sp/mob/th/mtz28f233game/age21-btn-p-th-mc-2sp/js-2rs.js	Phishing

Date	UQ / IDS / BL	URL	IP
2023-06-01 04:40:52 UTC	0 - 8 - 0	d374x37sd0waxl.cloudfront.net/hornys2.3/index (...)	54.230.111.67
2023-05-26 13:11:36 UTC	0 - 1 - 0	bcgame.top/landing/spin?i=4cxse6dr&stag=33636 (...)	54.230.111.67
2023-05-25 14:13:54 UTC	0 - 0 - 1	utweb.rainberrytv.com/gui/index.html?v=1.3.0. (...)	54.230.111.67
2023-05-25 11:31:37 UTC	0 - 1 - 0	fgha737gh509.com/	54.230.111.67
2023-05-24 16:23:41 UTC	0 - 28 - 0	www.businesstoday.com.tw/article/category/803 (...)	54.230.111.67

Date	UQ / IDS / BL	URL	IP
2023-06-01 06:44:23 UTC	0 - 2 - 0	prolific.com/app/files/prolific_windows_insta (...)	54.70.38.188
2023-06-01 06:25:59 UTC	0 - 0 - 3	3nity.xyz/	3.64.163.50
2023-06-01 06:24:21 UTC	0 - 3 - 0	alohazshop.com/	52.10.27.176
2023-06-01 06:03:12 UTC	0 - 0 - 2	gate.sc/?url=https://urllio.com/2tvofb&token= (...)	54.230.111.50
2023-06-01 06:02:50 UTC	0 - 0 - 7	1-5-1-4-7-v-1-4-k-3-5-2-i-1-3-p-t-f-z-9-e-g-l (...)	75.2.18.233

Date	UQ / IDS / BL	URL	IP
2023-05-09 04:47:43 UTC	0 - 0 - 5	happy-mobi.net/	54.230.111.51
2023-05-08 10:47:31 UTC	0 - 0 - 6	happy-mobi.net/1em/ng/ac27637joint/pl33374-84 (...)	54.230.111.70
2023-04-28 09:44:17 UTC	0 - 0 - 6	happy-mobi.net/1em/ng/ac27637joint/pl33374-84 (...)	54.230.111.51
2023-04-20 22:46:51 UTC	0 - 0 - 2	happy-mobi.net/2sp/mob/et/gg9335game/age21-bt (...)	143.204.55.5
2023-04-18 06:56:04 UTC	0 - 0 - 2	happy-mobi.net/2sp/mob/ma/gg6038game/age21-bt (...)	143.204.55.5

Date	UQ / IDS / BL	URL	IP
2023-03-24 07:45:46 UTC	0 - 1 - 0	dhvya.taitlastwebegan.com/CLOJOXH?tag_id=9594 (...)	54.162.51.18
2023-02-03 15:23:56 UTC	0 - 0 - 3	secure.stackpr0fit.com/7e3b025e-3ed4-42e1-aa5 (...)	18.195.149.11
2023-01-08 07:36:17 UTC	0 - 0 - 7	mobicubenet-env.eba-jahsrmiz.us-east-1.elasti (...)	52.0.191.71
2022-12-24 07:18:28 UTC	0 - 0 - 1	hellomobi.net/1sp/mob/glb/th/age21-btn-blk-p- (...)	54.230.111.67
2022-11-27 09:57:02 UTC	0 - 0 - 3	secure.stackpr0fit.com/8ae2b839-9367-4aa4-904 (...)	18.195.149.11

Request	Response
GET /2sp/mob/th/mtz28f233game/age21-btn-p-th-mc-2sp/?campaign_name=TH%20PPV%20R%20BL-m%20DTAC%202sp&lander_name=Mtz%20th/mtz28f233game/age21-btn-p-th-mc-2sp&clickid=wsj7fbmshk89n2qk2kk0lib4&source=a5810590-ab32-486f-8e0a-0372fbf9866f&cep=PJcLRTjtVnN7XGx2yw5hKWPhFpWkMbPclFn-X1rmQiJu74TnLm_LFdQgcH7glUkBmdij7w3Oy-rX5TLmmH9KbMar6Lm3lWVgnRhsINxLMg3e8M2RHelC3ok-3akErnqSe9H8VmhDwF16FNgGSnsX6v2KUemzKJMGu1TX2JjgnrWXHpedjFXPbTskAGHccXXlYUSC3z71Rg1N6g5nroNKFcW8nSr53gkK19sSQT_z_IAxHBk2A2qWd0-T28vfzqe4fFDlyIi9PtxMQSq6MtaK5xsD_l5nbmbav2VCRWZ4VDzfGYvOxCByrPNZdZk3lYkPfwMup5Dh4Tnn6V39k62MjhQDHgNwoDOYdSsXdimAtUG85vJ4i4Q5T7n6TZyD7Gfd&lptoken=16ca69c7664412f9299d HTTP/1.1 Host: happy-mobi.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Upgrade-Insecure-Requests: 1	54.230.111.67 HTTP/1.1 301 Moved Permanently Content-Type: text/html Server: CloudFront Date: Mon, 28 Nov 2022 18:17:19 GMT Content-Length: 167 Connection: keep-alive Location: https://happy-mobi.net/2sp/mob/th/mtz28f233game/age21-btn-p-th-mc-2sp/?campaign_name=TH%20PPV%20R%20BL-m%20DTAC%202sp&lander_name=Mtz%20th/mtz28f233game/age21-btn-p-th-mc-2sp&clickid=wsj7fbmshk89n2qk2kk0lib4&source=a5810590-ab32-486f-8e0a-0372fbf9866f&cep=PJcLRTjtVnN7XGx2yw5hKWPhFpWkMbPclFn-X1rmQiJu74TnLm_LFdQgcH7glUkBmdij7w3Oy-rX5TLmmH9KbMar6Lm3lWVgnRhsINxLMg3e8M2RHelC3ok-3akErnqSe9H8VmhDwF16FNgGSnsX6v2KUemzKJMGu1TX2JjgnrWXHpedjFXPbTskAGHccXXlYUSC3z71Rg1N6g5nroNKFcW8nSr53gkK19sSQT_z_IAxHBk2A2qWd0-T28vfzqe4fFDlyIi9PtxMQSq6MtaK5xsD_l5nbmbav2VCRWZ4VDzfGYvOxCByrPNZdZk3lYkPfwMup5Dh4Tnn6V39k62MjhQDHgNwoDOYdSsXdimAtUG85vJ4i4Q5T7n6TZyD7Gfd&lptoken=16ca69c7664412f9299d X-Cache: Redirect from cloudfront Via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront) X-Amz-Cf-Pop: OSL50-P1 X-Amz-Cf-Id: AagYYptCyknHzQ97RfpYkfOuSfuRONxHsxxTKo_ZeY_tIbhJr40MZQ== --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators Size: 167 Md5: f5d40b7259645010f9a248858ad14178 Sha1: b3051d17a6ec8c9e166bf09a62b48261ab86957b Sha256: 7f5007068d2b56ea9735e2490d60cff2e72cae312024ac1f6c91158eba47d05d
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "72937C756D3FEEAE6D04A6F445398B0436BDF559F8C7437E3A3233263943900E" Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=2807 Expires: Mon, 28 Nov 2022 19:04:06 GMT Date: Mon, 28 Nov 2022 18:17:19 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 150792cfc458af013998f4ef6bdf5f74 Sha1: d5179b2dcb11d06f82606bf6eb6648319998d63e Sha256: 72937c756d3feeae6d04a6f445398b0436bdf559f8c7437e3a3233263943900e
POST / HTTP/1.1 Host: ocsp.digicert.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	93.184.220.29 HTTP/1.1 200 OK Content-Type: application/ocsp-response Accept-Ranges: bytes Age: 5901 Cache-Control: max-age=150743 Date: Mon, 28 Nov 2022 18:17:19 GMT Etag: "63848df9-1d7" Expires: Wed, 30 Nov 2022 12:09:42 GMT Last-Modified: Mon, 28 Nov 2022 10:31:21 GMT Server: ECS (ska/F718) X-Cache: HIT Content-Length: 471 --- Additional Info --- Magic: data Size: 471 Md5: 9408cc0694fcbea57966c3a3ba906092 Sha1: fddcee1fdcf3209298e41a4b1b5560357fa165f0 Sha256: 6ef7120d9463f56e3ddfadd5766d02da8523f34061b13bdba54bf9ab72a1e979
GET /v1/ HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	34.102.187.140 HTTP/2 200 OK content-type: application/json access-control-allow-origin: * access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; strict-transport-security: max-age=31536000 x-content-type-options: nosniff content-length: 939 via: 1.1 google date: Mon, 28 Nov 2022 17:17:48 GMT cache-control: public,max-age=3600 age: 3571 alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JSON data\012- , ASCII text, with very long lines (939), with no line terminators Size: 939 Md5: 30db107dcf4380cef05efea409c2e6a3 Sha1: 96e6a306fbc07299aba64e5c14e2bfca35872fa9 Sha256: b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "5EA71CE6DD9E927F9BB3F97F59CC1AC7DC25A949024815965B29BC5835614786" Last-Modified: Sat, 26 Nov 2022 09:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=5007 Expires: Mon, 28 Nov 2022 19:40:46 GMT Date: Mon, 28 Nov 2022 18:17:19 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 71f9c681a82440fd55e76c780a20e55d Sha1: 3147768cfbcdd06e0c6e69684292e68e99917a80 Sha256: 5ea71ce6dd9e927f9bb3f97f59cc1ac7dc25a949024815965b29bc5835614786
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1 Host: content-signature-2.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site	34.160.144.191 HTTP/2 200 OK content-type: binary/octet-stream x-amz-id-2: DmSnMWqx3GzDkvJvodzjlgxMr+2D/WC2x46QaVquSasoUc/BxP5+N5YnF22T87Vdqi/20Ys1shk= x-amz-request-id: RNRRYAT40ZZXT2YF content-disposition: attachment accept-ranges: bytes server: AmazonS3 content-length: 5348 via: 1.1 google date: Mon, 28 Nov 2022 17:42:09 GMT age: 2110 last-modified: Thu, 10 Nov 2022 09:21:27 GMT etag: "9ebddc2b260d081ebbefee47c037cb28" cache-control: public,max-age=3600 alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: PEM certificate\012- , ASCII text Size: 5348 Md5: 9ebddc2b260d081ebbefee47c037cb28 Sha1: 492bad62a7ca6a74738921ef5ae6f0be5edebf39 Sha256: 74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /v1/tiles HTTP/1.1 Host: contile.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	34.117.237.239 HTTP/2 200 OK content-type: application/json server: nginx date: Mon, 28 Nov 2022 18:17:19 GMT content-length: 12 strict-transport-security: max-age=31536000 via: 1.1 google alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JSON data\012- , ASCII text, with no line terminators Size: 12 Md5: 23e88fb7b99543fb33315b29b1fad9d6 Sha1: a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
POST / HTTP/1.1 Host: ocsp.r2m02.amazontrust.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	54.230.80.227 HTTP/1.1 200 OK Content-Type: application/ocsp-response Content-Length: 471 Connection: keep-alive Accept-Ranges: bytes Cache-Control: max-age=105238 Date: Mon, 28 Nov 2022 18:17:19 GMT Etag: "6383f345-1d7" Expires: Tue, 29 Nov 2022 23:31:17 GMT Last-Modified: Sun, 27 Nov 2022 23:31:17 GMT Server: nginx X-Cache: Miss from cloudfront Via: 1.1 193a8c13b6e0a6b90db7172f6358335e.cloudfront.net (CloudFront) X-Amz-Cf-Pop: OSL50-P1 X-Amz-Cf-Id: HXQtFLZjCcPnk3jHMkCrrUEtZ4KInUXlS9AH8CdNMUiJ5r-xnrTqKw== --- Additional Info --- Magic: data Size: 471 Md5: 013dcb171d355da65fba25d7ab60b5b0 Sha1: 05ba2079956c6f1e929cec786eecfdc9ed81ffd5 Sha256: 36a1571d47e8bb85fc338f1625bfb48265039efe6388f1deff55d524e35292e7
GET /2sp/mob/th/mtz28f233game/age21-btn-p-th-mc-2sp/loading2.gif HTTP/1.1 Host: happy-mobi.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://happy-mobi.net/2sp/mob/th/mtz28f233game/age21-btn-p-th-mc-2sp/?campaign_name=TH%20PPV%20R%20BL-m%20DTAC%202sp&lander_name=Mtz%20th/mtz28f233game/age21-btn-p-th-mc-2sp&clickid=wsj7fbmshk89n2qk2kk0lib4&source=a5810590-ab32-486f-8e0a-0372fbf9866f&cep=PJcLRTjtVnN7XGx2yw5hKWPhFpWkMbPclFn-X1rmQiJu74TnLm_LFdQgcH7glUkBmdij7w3Oy-rX5TLmmH9KbMar6Lm3lWVgnRhsINxLMg3e8M2RHelC3ok-3akErnqSe9H8VmhDwF16FNgGSnsX6v2KUemzKJMGu1TX2JjgnrWXHpedjFXPbTskAGHccXXlYUSC3z71Rg1N6g5nroNKFcW8nSr53gkK19sSQT_z_IAxHBk2A2qWd0-T28vfzqe4fFDlyIi9PtxMQSq6MtaK5xsD_l5nbmbav2VCRWZ4VDzfGYvOxCByrPNZdZk3lYkPfwMup5Dh4Tnn6V39k62MjhQDHgNwoDOYdSsXdimAtUG85vJ4i4Q5T7n6TZyD7Gfd&lptoken=16ca69c7664412f9299d Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin TE: trailers	54.230.111.51 HTTP/2 200 OK content-type: image/gif content-length: 37009 server: nginx/1.20.0 last-modified: Sat, 12 Mar 2016 19:28:38 GMT accept-ranges: bytes date: Mon, 28 Nov 2022 18:17:19 GMT etag: "56e46de6-9091" vary: Accept-Encoding x-cache: Hit from cloudfront via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront) x-amz-cf-pop: OSL50-P1 x-amz-cf-id: up1ZAXBgd3-bVua5WGlKqyO0zQmn2wFE6bGM8O-Ct7hbGZpepLS40g== age: 10457 X-Firefox-Spdy: h2 --- Additional Info --- Magic: GIF image data, version 89a, 70 x 70\012- data Size: 37009 Md5: c26c3f849a5b578ed5494ade3dfb6837 Sha1: add1f2224f425c034f040973e83edd798f0727a9 Sha256: 3dfebea695e74f95113339686c6167ecd8e05afb20d69e3fd74d2acc8689e39b
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: application/json Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: application/json Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	34.102.187.140 HTTP/2 200 OK content-type: application/json access-control-allow-origin: * access-control-expose-headers: Retry-After, ETag, Alert, Expires, Cache-Control, Backoff, Content-Length, Content-Type, Pragma, Last-Modified content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; strict-transport-security: max-age=31536000 x-content-type-options: nosniff content-length: 329 via: 1.1 google date: Mon, 28 Nov 2022 18:11:12 GMT cache-control: public,max-age=3600 age: 368 last-modified: Fri, 25 Mar 2022 17:45:46 GMT etag: "1648230346554" alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JSON data\012- , ASCII text, with very long lines (329), with no line terminators Size: 329 Md5: 0333b0655111aa68de771adfcc4db243 Sha1: 63f295a144ac87a7c8e23417626724eeca68a7eb Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "CB1836B03E13C00BB3335E1E8E4ED19278A2527692D088C2FE99EE749A8DB048" Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=2502 Expires: Mon, 28 Nov 2022 18:59:02 GMT Date: Mon, 28 Nov 2022 18:17:20 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 4ae0fa597b71a4cc464cc46ce951259d Sha1: 7aa8f6c862a586341615d2d5cd89b4048ef50132 Sha256: cb1836b03e13c00bb3335e1e8e4ed19278a2527692d088c2fe99ee749a8db048
POST / HTTP/1.1 Host: ocsp.digicert.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	93.184.220.29 HTTP/1.1 200 OK Content-Type: application/ocsp-response Accept-Ranges: bytes Age: 5633 Cache-Control: 'max-age=158059' Date: Mon, 28 Nov 2022 18:17:20 GMT Last-Modified: Mon, 28 Nov 2022 16:43:28 GMT Server: ECS (ska/F718) X-Cache: HIT Content-Length: 471 --- Additional Info --- Magic: data Size: 471 Md5: 7ab2ef968cb6a3078f4b9cb2dda813d4 Sha1: e669116047ca058a2c1b2999ff0ea8682719162c Sha256: 6ddecf0b21c44f3851da8efeb6ecdc6c8e9b83d7681153c31952b4ec8c23c940
GET / HTTP/1.1 Host: push.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Sec-WebSocket-Version: 13 Origin: wss://push.services.mozilla.com/ Sec-WebSocket-Protocol: push-notification Sec-WebSocket-Extensions: permessage-deflate Sec-WebSocket-Key: KNJR/4klBKzF/gDSnuoJcA== Connection: keep-alive, Upgrade Sec-Fetch-Dest: websocket Sec-Fetch-Mode: websocket Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache Upgrade: websocket	35.163.1.35 HTTP/1.1 101 Switching Protocols Connection: Upgrade Upgrade: websocket Sec-WebSocket-Accept: MwE2kzNW6zLlrh7sX7cz9s2ifYo= --- Additional Info --- Magic: Size: 0 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB" Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=8222 Expires: Mon, 28 Nov 2022 20:34:23 GMT Date: Mon, 28 Nov 2022 18:17:21 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: aebda342a81ad83f60d2523f54ccda67 Sha1: e590d9326e4a283e0929a8ffccb13cc4308af0e6 Sha256: bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB" Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=8221 Expires: Mon, 28 Nov 2022 20:34:23 GMT Date: Mon, 28 Nov 2022 18:17:22 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: aebda342a81ad83f60d2523f54ccda67 Sha1: e590d9326e4a283e0929a8ffccb13cc4308af0e6 Sha256: bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB" Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=8221 Expires: Mon, 28 Nov 2022 20:34:23 GMT Date: Mon, 28 Nov 2022 18:17:22 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: aebda342a81ad83f60d2523f54ccda67 Sha1: e590d9326e4a283e0929a8ffccb13cc4308af0e6 Sha256: bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB" Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=8221 Expires: Mon, 28 Nov 2022 20:34:23 GMT Date: Mon, 28 Nov 2022 18:17:22 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: aebda342a81ad83f60d2523f54ccda67 Sha1: e590d9326e4a283e0929a8ffccb13cc4308af0e6 Sha256: bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB" Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=8221 Expires: Mon, 28 Nov 2022 20:34:23 GMT Date: Mon, 28 Nov 2022 18:17:22 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: aebda342a81ad83f60d2523f54ccda67 Sha1: e590d9326e4a283e0929a8ffccb13cc4308af0e6 Sha256: bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F36d8942f-c540-4112-a5a9-c7ac53a00a23.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 6376 x-amzn-requestid: 25b82353-9c15-44c0-ada5-55f4697de935 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: cR6_KGeaoAMFb_Q= x-content-type-options: nosniff x-amzn-trace-id: Root=1-6383d860-71711cca7c063030292c5e47;Sampled=0 x-amzn-remapped-date: Sun, 27 Nov 2022 21:36:32 GMT x-amz-cf-pop: HIO50-C1, SEA19-C2 x-cache: Hit from cloudfront x-amz-cf-id: odmAWkNyUMevvXStu7zRJyckokhyBjUwu7-JSvj8by-JWJ9eAm9P5Q== via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google date: Sun, 27 Nov 2022 22:01:26 GMT age: 72956 etag: "53b12a8702f7c5b7cc697e2a24da824d9434be65" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 6376 Md5: 78b1389f425425d0450c94d900404dc4 Sha1: 53b12a8702f7c5b7cc697e2a24da824d9434be65 Sha256: 0c1659ab3afc6e45f9e3acb12f8865bb99e4668f7df4501b1cc740e53f5b62ed
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa57bc6cf-beaa-443b-9756-cf26e4fe3767.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 6954 x-amzn-requestid: 94a02687-72f2-4796-a7ea-d3f28b412566 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: b1jHpGBVIAMFsSg= x-content-type-options: nosniff x-amzn-trace-id: Root=1-63787efd-22666b18283ae59b1348bf47;Sampled=0 x-amzn-remapped-date: Sat, 19 Nov 2022 07:00:13 GMT x-amz-cf-pop: SEA19-C3 x-cache: Hit from cloudfront x-amz-cf-id: feZayJeKq9jWHQ-rjutNr6buIjLVeIdY0A_ZeGo6NKgoQ6BBT3XQaw== via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 0906d4887f6625f4a4467d8d4fd268d2.cloudfront.net (CloudFront), 1.1 google date: Mon, 28 Nov 2022 08:55:37 GMT age: 33705 etag: "4b4a8c8e8aeccfff25d2748720dcef8fed287126" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 6954 Md5: 2212cf75f99dc67fd45db47f7101d754 Sha1: 4b4a8c8e8aeccfff25d2748720dcef8fed287126 Sha256: 7b2d2e302faba8f273b51031fa48b444cb7839733b90e8c9d077ca63637320d8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb4908162-9f1d-4654-8d78-fe85386ce233.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 7556 x-amzn-requestid: 1cda5313-2256-4830-bf84-2e6e15949d3e x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: cR78KFTmoAMF4yg= x-content-type-options: nosniff x-amzn-trace-id: Root=1-6383d9e7-452e36d718a298d12a2374a9;Sampled=0 x-amzn-remapped-date: Sun, 27 Nov 2022 21:43:03 GMT x-amz-cf-pop: HIO50-C1, SEA19-C2 x-cache: Hit from cloudfront x-amz-cf-id: OWVkuAw6-nRNU_CVOgvsSSenSXnfSYSmJiKa60JvSaiJgPuXjJByZw== via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google date: Sun, 27 Nov 2022 21:46:41 GMT age: 73841 etag: "1a542a53ba0b1cd0fb23257ebed8166555f16dfb" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 7556 Md5: 7e5051d8c06f69e1842a9295ce256a36 Sha1: 1a542a53ba0b1cd0fb23257ebed8166555f16dfb Sha256: a7c0dbbb4d0d9138f5ca318cc2aa44e12dadf7ed6263ec204ba756da64b29c41
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F165667de-df17-4cc6-832c-94f49703bdf2.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 9430 x-amzn-requestid: 454ca8bd-a256-45f2-8b41-feee86c5af82 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: cR7wyGCIIAMFhgw= x-content-type-options: nosniff x-amzn-trace-id: Root=1-6383d99e-1488f8ce71a91ebc3ad6b7e0;Sampled=0 x-amzn-remapped-date: Sun, 27 Nov 2022 21:41:50 GMT x-amz-cf-pop: HIO50-C1, SEA19-C2 x-cache: Miss from cloudfront x-amz-cf-id: ibLuLI6j9EWh0dgk51O7kiPBRyURZ0UdNtlgbBD-SXnDg_GT_tJm8Q== via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google date: Sun, 27 Nov 2022 22:01:16 GMT age: 72966 etag: "075531f525e625b117b2497f31139c9824d0e9c5" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 9430 Md5: 1f434933b5bd6377d299ada22d1ae7ef Sha1: 075531f525e625b117b2497f31139c9824d0e9c5 Sha256: b587a3249e4f20112088608e3651c2ccbc44225a5c9d88d3bf5884d7f0e9029c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdee4f5d4-5a5e-4a39-9681-50795cecc0f4.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 10199 x-amzn-requestid: baee3bbe-7ded-425a-ae39-fccfc8169217 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: cOo4iF1VIAMF09g= x-content-type-options: nosniff x-amzn-trace-id: Root=1-63828836-5522727b2f09b27e63b23270;Sampled=0 x-amzn-remapped-date: Sat, 26 Nov 2022 21:42:14 GMT x-amz-cf-pop: SEA19-C2 x-cache: Hit from cloudfront x-amz-cf-id: CXOqm7bjsSV0aJBTkTI7LsMovjgPeISPt3sZotEc7CjZnUL_y4_OoQ== via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google date: Sun, 27 Nov 2022 21:51:43 GMT age: 73539 etag: "ae8aa4ce6ddaccba771fe65446926b60fc5628da" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 10199 Md5: 2cd887044e91d7ed0f1a8d7119ff7dd0 Sha1: ae8aa4ce6ddaccba771fe65446926b60fc5628da Sha256: bad283c15531000b7a8c126d442154b64a880cc26196a46cbd2e6266a526db67
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f2e6328-f3c1-4a69-b0b6-73920b885144.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 8885 x-amzn-requestid: 71b8367f-f79f-42a7-bcb8-c441a154babf x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: cGDTEFSeIAMF3rg= x-content-type-options: nosniff x-amzn-trace-id: Root=1-637f18e0-631b775d3430a8c30c3b4420;Sampled=0 x-amzn-remapped-date: Thu, 24 Nov 2022 07:10:24 GMT x-amz-cf-pop: SEA19-C2 x-cache: Miss from cloudfront x-amz-cf-id: jsmd6yxjJxLMEgv1jDa87iEoZXL2OuALsmUZ9Nxx1rUN-xOTdtN1-A== via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 559326ad73233233a9e52cb9e8601ede.cloudfront.net (CloudFront), 1.1 google date: Mon, 28 Nov 2022 08:11:39 GMT age: 36343 etag: "70c2a238f06ca7e56ef80c83738e081bf0de3330" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 8885 Md5: 3a1a4e00f1f15827cf651f373863c379 Sha1: 70c2a238f06ca7e56ef80c83738e081bf0de3330 Sha256: 3d936e1f0c96297f121faece12d6f8173e12eed5087165cd4eefc0fab368419f
GET /2sp/mob/th/mtz28f233game/age21-btn-p-th-mc-2sp/?campaign_name=TH%20PPV%20R%20BL-m%20DTAC%202sp&lander_name=Mtz%20th/mtz28f233game/age21-btn-p-th-mc-2sp&clickid=wsj7fbmshk89n2qk2kk0lib4&source=a5810590-ab32-486f-8e0a-0372fbf9866f&cep=PJcLRTjtVnN7XGx2yw5hKWPhFpWkMbPclFn-X1rmQiJu74TnLm_LFdQgcH7glUkBmdij7w3Oy-rX5TLmmH9KbMar6Lm3lWVgnRhsINxLMg3e8M2RHelC3ok-3akErnqSe9H8VmhDwF16FNgGSnsX6v2KUemzKJMGu1TX2JjgnrWXHpedjFXPbTskAGHccXXlYUSC3z71Rg1N6g5nroNKFcW8nSr53gkK19sSQT_z_IAxHBk2A2qWd0-T28vfzqe4fFDlyIi9PtxMQSq6MtaK5xsD_l5nbmbav2VCRWZ4VDzfGYvOxCByrPNZdZk3lYkPfwMup5Dh4Tnn6V39k62MjhQDHgNwoDOYdSsXdimAtUG85vJ4i4Q5T7n6TZyD7Gfd&lptoken=16ca69c7664412f9299d HTTP/1.1 Host: happy-mobi.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: none Sec-Fetch-User: ?1	54.230.111.51 HTTP/2 200 OK content-type: text/html server: nginx/1.20.0 last-modified: Sat, 29 Oct 2022 15:42:34 GMT content-encoding: gzip date: Mon, 28 Nov 2022 18:17:19 GMT etag: W/"635d49ea-3364" vary: Accept-Encoding x-cache: Hit from cloudfront via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront) x-amz-cf-pop: OSL50-P1 x-amz-cf-id: nf7URC8uNns5H5uKLxE5qXRzJsY7x3aCX0NFiId1gjI1Za3H7S33Hw== age: 10457 X-Firefox-Spdy: h2 --- Additional Info --- Magic: Size: 0 Md5: Sha1: Sha256:
GET /2sp/mob/th/mtz28f233game/age21-btn-p-th-mc-2sp/jquery-3.6.0.min.js HTTP/1.1 Host: happy-mobi.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://happy-mobi.net/2sp/mob/th/mtz28f233game/age21-btn-p-th-mc-2sp/?campaign_name=TH%20PPV%20R%20BL-m%20DTAC%202sp&lander_name=Mtz%20th/mtz28f233game/age21-btn-p-th-mc-2sp&clickid=wsj7fbmshk89n2qk2kk0lib4&source=a5810590-ab32-486f-8e0a-0372fbf9866f&cep=PJcLRTjtVnN7XGx2yw5hKWPhFpWkMbPclFn-X1rmQiJu74TnLm_LFdQgcH7glUkBmdij7w3Oy-rX5TLmmH9KbMar6Lm3lWVgnRhsINxLMg3e8M2RHelC3ok-3akErnqSe9H8VmhDwF16FNgGSnsX6v2KUemzKJMGu1TX2JjgnrWXHpedjFXPbTskAGHccXXlYUSC3z71Rg1N6g5nroNKFcW8nSr53gkK19sSQT_z_IAxHBk2A2qWd0-T28vfzqe4fFDlyIi9PtxMQSq6MtaK5xsD_l5nbmbav2VCRWZ4VDzfGYvOxCByrPNZdZk3lYkPfwMup5Dh4Tnn6V39k62MjhQDHgNwoDOYdSsXdimAtUG85vJ4i4Q5T7n6TZyD7Gfd&lptoken=16ca69c7664412f9299d Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin TE: trailers	54.230.111.51 HTTP/2 200 OK content-type: application/javascript server: nginx/1.20.0 last-modified: Thu, 06 Jan 2022 15:49:08 GMT content-encoding: gzip date: Mon, 28 Nov 2022 18:17:19 GMT etag: W/"61d70f74-15d9d" vary: Accept-Encoding x-cache: Hit from cloudfront via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront) x-amz-cf-pop: OSL50-P1 x-amz-cf-id: xenFSg1Ija8VXIgA93r5W3Ak2C8IPu2UxgreSTaZ7x1yzmQmVRftnw== age: 10457 X-Firefox-Spdy: h2 --- Additional Info --- Magic: Size: 0 Md5: Sha1: Sha256: Blocklists: - fortinet: Phishing
GET /2sp/mob/th/mtz28f233game/age21-btn-p-th-mc-2sp/js-2rs.js HTTP/1.1 Host: happy-mobi.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://happy-mobi.net/2sp/mob/th/mtz28f233game/age21-btn-p-th-mc-2sp/?campaign_name=TH%20PPV%20R%20BL-m%20DTAC%202sp&lander_name=Mtz%20th/mtz28f233game/age21-btn-p-th-mc-2sp&clickid=wsj7fbmshk89n2qk2kk0lib4&source=a5810590-ab32-486f-8e0a-0372fbf9866f&cep=PJcLRTjtVnN7XGx2yw5hKWPhFpWkMbPclFn-X1rmQiJu74TnLm_LFdQgcH7glUkBmdij7w3Oy-rX5TLmmH9KbMar6Lm3lWVgnRhsINxLMg3e8M2RHelC3ok-3akErnqSe9H8VmhDwF16FNgGSnsX6v2KUemzKJMGu1TX2JjgnrWXHpedjFXPbTskAGHccXXlYUSC3z71Rg1N6g5nroNKFcW8nSr53gkK19sSQT_z_IAxHBk2A2qWd0-T28vfzqe4fFDlyIi9PtxMQSq6MtaK5xsD_l5nbmbav2VCRWZ4VDzfGYvOxCByrPNZdZk3lYkPfwMup5Dh4Tnn6V39k62MjhQDHgNwoDOYdSsXdimAtUG85vJ4i4Q5T7n6TZyD7Gfd&lptoken=16ca69c7664412f9299d Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin TE: trailers	54.230.111.51 HTTP/2 200 OK content-type: application/javascript server: nginx/1.20.0 last-modified: Sun, 25 Sep 2022 14:58:46 GMT content-encoding: br date: Mon, 28 Nov 2022 18:17:19 GMT etag: W/"63306ca6-910" vary: Accept-Encoding x-cache: Hit from cloudfront via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront) x-amz-cf-pop: OSL50-P1 x-amz-cf-id: fCjjoxYAHd4MuqwtvIzUJ4k8nuDDT-qPe0a9nLx5UNXc1ZI_HEF7nw== age: 10456 X-Firefox-Spdy: h2 --- Additional Info --- Magic: Size: 0 Md5: Sha1: Sha256: Blocklists: - fortinet: Phishing
GET /pfe/current/micro.tag.min.js?z=5101589&ymid=wsj7fbmshk89n2qk2kk0lib4&var=a5810590-ab32-486f-8e0a-0372fbf9866f&sw=/sw-check-permissions-4e1e4.js HTTP/1.1 Host: deefauph.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://happy-mobi.net/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site	139.45.197.251 HTTP/2 200 OK content-type: application/javascript server: nginx date: Mon, 28 Nov 2022 18:17:20 GMT last-modified: Thu, 24 Nov 2022 15:53:54 GMT etag: W/"637f9392-12fca" access-control-allow-credentials: true cache-control: no-cache pragma: no-cache content-encoding: gzip X-Firefox-Spdy: h2 --- Additional Info --- Magic: Size: 0 Md5: Sha1: Sha256:

                                        
                                            GET /2sp/mob/th/mtz28f233game/age21-btn-p-th-mc-2sp/?campaign_name=TH%20PPV%20R%20BL-m%20DTAC%202sp&lander_name=Mtz%20th/mtz28f233game/age21-btn-p-th-mc-2sp&clickid=wsj7fbmshk89n2qk2kk0lib4&source=a5810590-ab32-486f-8e0a-0372fbf9866f&cep=PJcLRTjtVnN7XGx2yw5hKWPhFpWkMbPclFn-X1rmQiJu74TnLm_LFdQgcH7glUkBmdij7w3Oy-rX5TLmmH9KbMar6Lm3lWVgnRhsINxLMg3e8M2RHelC3ok-3akErnqSe9H8VmhDwF16FNgGSnsX6v2KUemzKJMGu1TX2JjgnrWXHpedjFXPbTskAGHccXXlYUSC3z71Rg1N6g5nroNKFcW8nSr53gkK19sSQT_z_IAxHBk2A2qWd0-T28vfzqe4fFDlyIi9PtxMQSq6MtaK5xsD_l5nbmbav2VCRWZ4VDzfGYvOxCByrPNZdZk3lYkPfwMup5Dh4Tnn6V39k62MjhQDHgNwoDOYdSsXdimAtUG85vJ4i4Q5T7n6TZyD7Gfd&lptoken=16ca69c7664412f9299d HTTP/1.1 

                                        
                                            
Host: happy-mobi.net

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Upgrade-Insecure-Requests: 1

                                        
                                             54.230.111.67

                                            
                                                HTTP/1.1 301 Moved Permanently 

                                            
                                                
Content-Type: text/html

                                            

                                            
                                                
Server: CloudFront 

                                            
                                                
Date: Mon, 28 Nov 2022 18:17:19 GMT 

                                            
                                                
Content-Length: 167 

                                            
                                                
Connection: keep-alive 

                                            
                                                
Location: https://happy-mobi.net/2sp/mob/th/mtz28f233game/age21-btn-p-th-mc-2sp/?campaign_name=TH%20PPV%20R%20BL-m%20DTAC%202sp&lander_name=Mtz%20th/mtz28f233game/age21-btn-p-th-mc-2sp&clickid=wsj7fbmshk89n2qk2kk0lib4&source=a5810590-ab32-486f-8e0a-0372fbf9866f&cep=PJcLRTjtVnN7XGx2yw5hKWPhFpWkMbPclFn-X1rmQiJu74TnLm_LFdQgcH7glUkBmdij7w3Oy-rX5TLmmH9KbMar6Lm3lWVgnRhsINxLMg3e8M2RHelC3ok-3akErnqSe9H8VmhDwF16FNgGSnsX6v2KUemzKJMGu1TX2JjgnrWXHpedjFXPbTskAGHccXXlYUSC3z71Rg1N6g5nroNKFcW8nSr53gkK19sSQT_z_IAxHBk2A2qWd0-T28vfzqe4fFDlyIi9PtxMQSq6MtaK5xsD_l5nbmbav2VCRWZ4VDzfGYvOxCByrPNZdZk3lYkPfwMup5Dh4Tnn6V39k62MjhQDHgNwoDOYdSsXdimAtUG85vJ4i4Q5T7n6TZyD7Gfd&lptoken=16ca69c7664412f9299d 

                                            
                                                
X-Cache: Redirect from cloudfront 

                                            
                                                
Via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront) 

                                            
                                                
X-Amz-Cf-Pop: OSL50-P1 

                                            
                                                
X-Amz-Cf-Id: AagYYptCyknHzQ97RfpYkfOuSfuRONxHsxxTKo_ZeY_tIbhJr40MZQ== 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators

                                                Size:   167

                                                Md5:    f5d40b7259645010f9a248858ad14178

                                                Sha1:   b3051d17a6ec8c9e166bf09a62b48261ab86957b

                                                Sha256: 7f5007068d2b56ea9735e2490d60cff2e72cae312024ac1f6c91158eba47d05d

                                        
                                            POST / HTTP/1.1 

                                        
                                            
Host: ocsp.digicert.com

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Content-Type: application/ocsp-request 

                                        
                                            
Content-Length: 83 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Pragma: no-cache 

                                        
                                            
Cache-Control: no-cache

                                        
                                             93.184.220.29

                                            
                                                HTTP/1.1 200 OK 

                                            
                                                
Content-Type: application/ocsp-response

                                            

                                            
                                                
Accept-Ranges: bytes 

                                            
                                                
Age: 5901 

                                            
                                                
Cache-Control: max-age=150743 

                                            
                                                
Date: Mon, 28 Nov 2022 18:17:19 GMT 

                                            
                                                
Etag: "63848df9-1d7" 

                                            
                                                
Expires: Wed, 30 Nov 2022 12:09:42 GMT 

                                            
                                                
Last-Modified: Mon, 28 Nov 2022 10:31:21 GMT 

                                            
                                                
Server: ECS (ska/F718) 

                                            
                                                
X-Cache: HIT 

                                            
                                                
Content-Length: 471 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  data

                                                Size:   471

                                                Md5:    9408cc0694fcbea57966c3a3ba906092

                                                Sha1:   fddcee1fdcf3209298e41a4b1b5560357fa165f0

                                                Sha256: 6ef7120d9463f56e3ddfadd5766d02da8523f34061b13bdba54bf9ab72a1e979

                                        
                                            POST / HTTP/1.1 

                                        
                                            
Host: r3.o.lencr.org

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Content-Type: application/ocsp-request 

                                        
                                            
Content-Length: 85 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Pragma: no-cache 

                                        
                                            
Cache-Control: no-cache

                                        
                                             23.36.77.32

                                            
                                                HTTP/1.1 200 OK 

                                            
                                                
Content-Type: application/ocsp-response

                                            

                                            
                                                
Server: nginx 

                                            
                                                
Content-Length: 503 

                                            
                                                
ETag: "5EA71CE6DD9E927F9BB3F97F59CC1AC7DC25A949024815965B29BC5835614786" 

                                            
                                                
Last-Modified: Sat, 26 Nov 2022 09:00:00 UTC 

                                            
                                                
Cache-Control: public, no-transform, must-revalidate, max-age=5007 

                                            
                                                
Expires: Mon, 28 Nov 2022 19:40:46 GMT 

                                            
                                                
Date: Mon, 28 Nov 2022 18:17:19 GMT 

                                            
                                                
Connection: keep-alive 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  data

                                                Size:   503

                                                Md5:    71f9c681a82440fd55e76c780a20e55d

                                                Sha1:   3147768cfbcdd06e0c6e69684292e68e99917a80

                                                Sha256: 5ea71ce6dd9e927f9bb3f97f59cc1ac7dc25a949024815965b29bc5835614786

                                        
                                            GET /v1/tiles HTTP/1.1 

                                        
                                            
Host: contile.services.mozilla.com

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Sec-Fetch-Dest: empty 

                                        
                                            
Sec-Fetch-Mode: cors 

                                        
                                            
Sec-Fetch-Site: cross-site

                                        
                                             34.117.237.239

                                            
                                                HTTP/2 200 OK 

                                            
                                                
content-type: application/json

                                            

                                            
                                                
server: nginx 

                                            
                                                
date: Mon, 28 Nov 2022 18:17:19 GMT 

                                            
                                                
content-length: 12 

                                            
                                                
strict-transport-security: max-age=31536000 

                                            
                                                
via: 1.1 google 

                                            
                                                
alt-svc: clear 

                                            
                                                
X-Firefox-Spdy: h2 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  JSON data\012- , ASCII text, with no line terminators

                                                Size:   12

                                                Md5:    23e88fb7b99543fb33315b29b1fad9d6

                                                Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce

                                                Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

                                        
                                            GET /2sp/mob/th/mtz28f233game/age21-btn-p-th-mc-2sp/loading2.gif HTTP/1.1 

                                        
                                            
Host: happy-mobi.net

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: image/avif,image/webp,*/* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Referer: https://happy-mobi.net/2sp/mob/th/mtz28f233game/age21-btn-p-th-mc-2sp/?campaign_name=TH%20PPV%20R%20BL-m%20DTAC%202sp&lander_name=Mtz%20th/mtz28f233game/age21-btn-p-th-mc-2sp&clickid=wsj7fbmshk89n2qk2kk0lib4&source=a5810590-ab32-486f-8e0a-0372fbf9866f&cep=PJcLRTjtVnN7XGx2yw5hKWPhFpWkMbPclFn-X1rmQiJu74TnLm_LFdQgcH7glUkBmdij7w3Oy-rX5TLmmH9KbMar6Lm3lWVgnRhsINxLMg3e8M2RHelC3ok-3akErnqSe9H8VmhDwF16FNgGSnsX6v2KUemzKJMGu1TX2JjgnrWXHpedjFXPbTskAGHccXXlYUSC3z71Rg1N6g5nroNKFcW8nSr53gkK19sSQT_z_IAxHBk2A2qWd0-T28vfzqe4fFDlyIi9PtxMQSq6MtaK5xsD_l5nbmbav2VCRWZ4VDzfGYvOxCByrPNZdZk3lYkPfwMup5Dh4Tnn6V39k62MjhQDHgNwoDOYdSsXdimAtUG85vJ4i4Q5T7n6TZyD7Gfd&lptoken=16ca69c7664412f9299d 

                                        
                                            
Sec-Fetch-Dest: image 

                                        
                                            
Sec-Fetch-Mode: no-cors 

                                        
                                            
Sec-Fetch-Site: same-origin 

                                        
                                            
TE: trailers

                                        
                                             54.230.111.51

                                            
                                                HTTP/2 200 OK 

                                            
                                                
content-type: image/gif

                                            

                                            
                                                
content-length: 37009 

                                            
                                                
server: nginx/1.20.0 

                                            
                                                
last-modified: Sat, 12 Mar 2016 19:28:38 GMT 

                                            
                                                
accept-ranges: bytes 

                                            
                                                
date: Mon, 28 Nov 2022 18:17:19 GMT 

                                            
                                                
etag: "56e46de6-9091" 

                                            
                                                
vary: Accept-Encoding 

                                            
                                                
x-cache: Hit from cloudfront 

                                            
                                                
via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront) 

                                            
                                                
x-amz-cf-pop: OSL50-P1 

                                            
                                                
x-amz-cf-id: up1ZAXBgd3-bVua5WGlKqyO0zQmn2wFE6bGM8O-Ct7hbGZpepLS40g== 

                                            
                                                
age: 10457 

                                            
                                                
X-Firefox-Spdy: h2 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  GIF image data, version 89a, 70 x 70\012- data

                                                Size:   37009

                                                Md5:    c26c3f849a5b578ed5494ade3dfb6837

                                                Sha1:   add1f2224f425c034f040973e83edd798f0727a9

                                                Sha256: 3dfebea695e74f95113339686c6167ecd8e05afb20d69e3fd74d2acc8689e39b

                                        
                                            POST / HTTP/1.1 

                                        
                                            
Host: r3.o.lencr.org

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Content-Type: application/ocsp-request 

                                        
                                            
Content-Length: 85 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Pragma: no-cache 

                                        
                                            
Cache-Control: no-cache

                                        
                                             23.36.77.32

                                            
                                                HTTP/1.1 200 OK 

                                            
                                                
Content-Type: application/ocsp-response

                                            

                                            
                                                
Server: nginx 

                                            
                                                
Content-Length: 503 

                                            
                                                
ETag: "CB1836B03E13C00BB3335E1E8E4ED19278A2527692D088C2FE99EE749A8DB048" 

                                            
                                                
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC 

                                            
                                                
Cache-Control: public, no-transform, must-revalidate, max-age=2502 

                                            
                                                
Expires: Mon, 28 Nov 2022 18:59:02 GMT 

                                            
                                                
Date: Mon, 28 Nov 2022 18:17:20 GMT 

                                            
                                                
Connection: keep-alive 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  data

                                                Size:   503

                                                Md5:    4ae0fa597b71a4cc464cc46ce951259d

                                                Sha1:   7aa8f6c862a586341615d2d5cd89b4048ef50132

                                                Sha256: cb1836b03e13c00bb3335e1e8e4ed19278a2527692d088c2fe99ee749a8db048

                                        
                                            GET / HTTP/1.1 

                                        
                                            
Host: push.services.mozilla.com

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Sec-WebSocket-Version: 13 

                                        
                                            
Origin: wss://push.services.mozilla.com/ 

                                        
                                            
Sec-WebSocket-Protocol: push-notification 

                                        
                                            
Sec-WebSocket-Extensions: permessage-deflate 

                                        
                                            
Sec-WebSocket-Key: KNJR/4klBKzF/gDSnuoJcA== 

                                        
                                            
Connection: keep-alive, Upgrade 

                                        
                                            
Sec-Fetch-Dest: websocket 

                                        
                                            
Sec-Fetch-Mode: websocket 

                                        
                                            
Sec-Fetch-Site: cross-site 

                                        
                                            
Pragma: no-cache 

                                        
                                            
Cache-Control: no-cache 

                                        
                                            
Upgrade: websocket

                                        
                                             35.163.1.35

                                            
                                                HTTP/1.1 101 Switching Protocols

                                            

                                            
                                                
Connection: Upgrade 

                                            
                                                
Upgrade: websocket 

                                            
                                                
Sec-WebSocket-Accept: MwE2kzNW6zLlrh7sX7cz9s2ifYo= 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  

                                                Size:   0

                                                Md5:    d41d8cd98f00b204e9800998ecf8427e

                                                Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                        
                                            POST / HTTP/1.1 

                                        
                                            
Host: r3.o.lencr.org

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Content-Type: application/ocsp-request 

                                        
                                            
Content-Length: 85 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Pragma: no-cache 

                                        
                                            
Cache-Control: no-cache

                                        
                                             23.36.77.32

                                            
                                                HTTP/1.1 200 OK 

                                            
                                                
Content-Type: application/ocsp-response

                                            

                                            
                                                
Server: nginx 

                                            
                                                
Content-Length: 503 

                                            
                                                
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB" 

                                            
                                                
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC 

                                            
                                                
Cache-Control: public, no-transform, must-revalidate, max-age=8221 

                                            
                                                
Expires: Mon, 28 Nov 2022 20:34:23 GMT 

                                            
                                                
Date: Mon, 28 Nov 2022 18:17:22 GMT 

                                            
                                                
Connection: keep-alive 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  data

                                                Size:   503

                                                Md5:    aebda342a81ad83f60d2523f54ccda67

                                                Sha1:   e590d9326e4a283e0929a8ffccb13cc4308af0e6

                                                Sha256: bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb

                                        
                                            POST / HTTP/1.1 

                                        
                                            
Host: r3.o.lencr.org

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Content-Type: application/ocsp-request 

                                        
                                            
Content-Length: 85 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Pragma: no-cache 

                                        
                                            
Cache-Control: no-cache

                                        
                                             23.36.77.32

                                            
                                                HTTP/1.1 200 OK 

                                            
                                                
Content-Type: application/ocsp-response

                                            

                                            
                                                
Server: nginx 

                                            
                                                
Content-Length: 503 

                                            
                                                
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB" 

                                            
                                                
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC 

                                            
                                                
Cache-Control: public, no-transform, must-revalidate, max-age=8221 

                                            
                                                
Expires: Mon, 28 Nov 2022 20:34:23 GMT 

                                            
                                                
Date: Mon, 28 Nov 2022 18:17:22 GMT 

                                            
                                                
Connection: keep-alive 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  data

                                                Size:   503

                                                Md5:    aebda342a81ad83f60d2523f54ccda67

                                                Sha1:   e590d9326e4a283e0929a8ffccb13cc4308af0e6

                                                Sha256: bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F36d8942f-c540-4112-a5a9-c7ac53a00a23.jpeg HTTP/1.1 

                                        
                                            
Host: img-getpocket.cdn.mozilla.net

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: image/avif,image/webp,*/* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Origin: null 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Sec-Fetch-Dest: image 

                                        
                                            
Sec-Fetch-Mode: cors 

                                        
                                            
Sec-Fetch-Site: cross-site

                                        
                                             34.120.237.76

                                            
                                                HTTP/2 200 OK 

                                            
                                                
content-type: image/jpeg

                                            

                                            
                                                
server: nginx 

                                            
                                                
content-length: 6376 

                                            
                                                
x-amzn-requestid: 25b82353-9c15-44c0-ada5-55f4697de935 

                                            
                                                
x-xss-protection: 1; mode=block 

                                            
                                                
access-control-allow-origin: * 

                                            
                                                
strict-transport-security: max-age=63072000; includeSubdomains; preload 

                                            
                                                
x-frame-options: DENY 

                                            
                                                
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' 

                                            
                                                
x-amz-apigw-id: cR6_KGeaoAMFb_Q= 

                                            
                                                
x-content-type-options: nosniff 

                                            
                                                
x-amzn-trace-id: Root=1-6383d860-71711cca7c063030292c5e47;Sampled=0 

                                            
                                                
x-amzn-remapped-date: Sun, 27 Nov 2022 21:36:32 GMT 

                                            
                                                
x-amz-cf-pop: HIO50-C1, SEA19-C2 

                                            
                                                
x-cache: Hit from cloudfront 

                                            
                                                
x-amz-cf-id: odmAWkNyUMevvXStu7zRJyckokhyBjUwu7-JSvj8by-JWJ9eAm9P5Q== 

                                            
                                                
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google 

                                            
                                                
date: Sun, 27 Nov 2022 22:01:26 GMT 

                                            
                                                
age: 72956 

                                            
                                                
etag: "53b12a8702f7c5b7cc697e2a24da824d9434be65" 

                                            
                                                
cache-control: max-age=3600,public,public 

                                            
                                                
alt-svc: clear 

                                            
                                                
X-Firefox-Spdy: h2 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

                                                Size:   6376

                                                Md5:    78b1389f425425d0450c94d900404dc4

                                                Sha1:   53b12a8702f7c5b7cc697e2a24da824d9434be65

                                                Sha256: 0c1659ab3afc6e45f9e3acb12f8865bb99e4668f7df4501b1cc740e53f5b62ed

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb4908162-9f1d-4654-8d78-fe85386ce233.jpeg HTTP/1.1 

                                        
                                            
Host: img-getpocket.cdn.mozilla.net

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: image/avif,image/webp,*/* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Origin: null 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Sec-Fetch-Dest: image 

                                        
                                            
Sec-Fetch-Mode: cors 

                                        
                                            
Sec-Fetch-Site: cross-site

                                        
                                             34.120.237.76

                                            
                                                HTTP/2 200 OK 

                                            
                                                
content-type: image/jpeg

                                            

                                            
                                                
server: nginx 

                                            
                                                
content-length: 7556 

                                            
                                                
x-amzn-requestid: 1cda5313-2256-4830-bf84-2e6e15949d3e 

                                            
                                                
x-xss-protection: 1; mode=block 

                                            
                                                
access-control-allow-origin: * 

                                            
                                                
strict-transport-security: max-age=63072000; includeSubdomains; preload 

                                            
                                                
x-frame-options: DENY 

                                            
                                                
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' 

                                            
                                                
x-amz-apigw-id: cR78KFTmoAMF4yg= 

                                            
                                                
x-content-type-options: nosniff 

                                            
                                                
x-amzn-trace-id: Root=1-6383d9e7-452e36d718a298d12a2374a9;Sampled=0 

                                            
                                                
x-amzn-remapped-date: Sun, 27 Nov 2022 21:43:03 GMT 

                                            
                                                
x-amz-cf-pop: HIO50-C1, SEA19-C2 

                                            
                                                
x-cache: Hit from cloudfront 

                                            
                                                
x-amz-cf-id: OWVkuAw6-nRNU_CVOgvsSSenSXnfSYSmJiKa60JvSaiJgPuXjJByZw== 

                                            
                                                
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google 

                                            
                                                
date: Sun, 27 Nov 2022 21:46:41 GMT 

                                            
                                                
age: 73841 

                                            
                                                
etag: "1a542a53ba0b1cd0fb23257ebed8166555f16dfb" 

                                            
                                                
cache-control: max-age=3600,public,public 

                                            
                                                
alt-svc: clear 

                                            
                                                
X-Firefox-Spdy: h2 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

                                                Size:   7556

                                                Md5:    7e5051d8c06f69e1842a9295ce256a36

                                                Sha1:   1a542a53ba0b1cd0fb23257ebed8166555f16dfb

                                                Sha256: a7c0dbbb4d0d9138f5ca318cc2aa44e12dadf7ed6263ec204ba756da64b29c41

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdee4f5d4-5a5e-4a39-9681-50795cecc0f4.jpeg HTTP/1.1 

                                        
                                            
Host: img-getpocket.cdn.mozilla.net

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: image/avif,image/webp,*/* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Origin: null 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Sec-Fetch-Dest: image 

                                        
                                            
Sec-Fetch-Mode: cors 

                                        
                                            
Sec-Fetch-Site: cross-site

                                        
                                             34.120.237.76

                                            
                                                HTTP/2 200 OK 

                                            
                                                
content-type: image/jpeg

                                            

                                            
                                                
server: nginx 

                                            
                                                
content-length: 10199 

                                            
                                                
x-amzn-requestid: baee3bbe-7ded-425a-ae39-fccfc8169217 

                                            
                                                
x-xss-protection: 1; mode=block 

                                            
                                                
access-control-allow-origin: * 

                                            
                                                
strict-transport-security: max-age=63072000; includeSubdomains; preload 

                                            
                                                
x-frame-options: DENY 

                                            
                                                
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' 

                                            
                                                
x-amz-apigw-id: cOo4iF1VIAMF09g= 

                                            
                                                
x-content-type-options: nosniff 

                                            
                                                
x-amzn-trace-id: Root=1-63828836-5522727b2f09b27e63b23270;Sampled=0 

                                            
                                                
x-amzn-remapped-date: Sat, 26 Nov 2022 21:42:14 GMT 

                                            
                                                
x-amz-cf-pop: SEA19-C2 

                                            
                                                
x-cache: Hit from cloudfront 

                                            
                                                
x-amz-cf-id: CXOqm7bjsSV0aJBTkTI7LsMovjgPeISPt3sZotEc7CjZnUL_y4_OoQ== 

                                            
                                                
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google 

                                            
                                                
date: Sun, 27 Nov 2022 21:51:43 GMT 

                                            
                                                
age: 73539 

                                            
                                                
etag: "ae8aa4ce6ddaccba771fe65446926b60fc5628da" 

                                            
                                                
cache-control: max-age=3600,public,public 

                                            
                                                
alt-svc: clear 

                                            
                                                
X-Firefox-Spdy: h2 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

                                                Size:   10199

                                                Md5:    2cd887044e91d7ed0f1a8d7119ff7dd0

                                                Sha1:   ae8aa4ce6ddaccba771fe65446926b60fc5628da

                                                Sha256: bad283c15531000b7a8c126d442154b64a880cc26196a46cbd2e6266a526db67

                                        
                                            GET /2sp/mob/th/mtz28f233game/age21-btn-p-th-mc-2sp/?campaign_name=TH%20PPV%20R%20BL-m%20DTAC%202sp&lander_name=Mtz%20th/mtz28f233game/age21-btn-p-th-mc-2sp&clickid=wsj7fbmshk89n2qk2kk0lib4&source=a5810590-ab32-486f-8e0a-0372fbf9866f&cep=PJcLRTjtVnN7XGx2yw5hKWPhFpWkMbPclFn-X1rmQiJu74TnLm_LFdQgcH7glUkBmdij7w3Oy-rX5TLmmH9KbMar6Lm3lWVgnRhsINxLMg3e8M2RHelC3ok-3akErnqSe9H8VmhDwF16FNgGSnsX6v2KUemzKJMGu1TX2JjgnrWXHpedjFXPbTskAGHccXXlYUSC3z71Rg1N6g5nroNKFcW8nSr53gkK19sSQT_z_IAxHBk2A2qWd0-T28vfzqe4fFDlyIi9PtxMQSq6MtaK5xsD_l5nbmbav2VCRWZ4VDzfGYvOxCByrPNZdZk3lYkPfwMup5Dh4Tnn6V39k62MjhQDHgNwoDOYdSsXdimAtUG85vJ4i4Q5T7n6TZyD7Gfd&lptoken=16ca69c7664412f9299d HTTP/1.1 

                                        
                                            
Host: happy-mobi.net

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Upgrade-Insecure-Requests: 1 

                                        
                                            
Sec-Fetch-Dest: document 

                                        
                                            
Sec-Fetch-Mode: navigate 

                                        
                                            
Sec-Fetch-Site: none 

                                        
                                            
Sec-Fetch-User: ?1

                                        
                                             54.230.111.51

                                            
                                                HTTP/2 200 OK 

                                            
                                                
content-type: text/html

                                            

                                            
                                                
server: nginx/1.20.0 

                                            
                                                
last-modified: Sat, 29 Oct 2022 15:42:34 GMT 

                                            
                                                
content-encoding: gzip 

                                            
                                                
date: Mon, 28 Nov 2022 18:17:19 GMT 

                                            
                                                
etag: W/"635d49ea-3364" 

                                            
                                                
vary: Accept-Encoding 

                                            
                                                
x-cache: Hit from cloudfront 

                                            
                                                
via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront) 

                                            
                                                
x-amz-cf-pop: OSL50-P1 

                                            
                                                
x-amz-cf-id: nf7URC8uNns5H5uKLxE5qXRzJsY7x3aCX0NFiId1gjI1Za3H7S33Hw== 

                                            
                                                
age: 10457 

                                            
                                                
X-Firefox-Spdy: h2 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  

                                                Size:   0

                                                Md5:    

                                                Sha1:   

                                                Sha256:

URL	happy-mobi.net/2sp/mob/th/mtz28f233game/age21-btn-p-th-mc-2sp/?campaign_name=TH%20PPV%20R%20BL-m%20DTAC%202sp&lander_name=Mtz%20th/mtz28f233game/age21-btn-p-th-mc-2sp&clickid=wsj7fbmshk89n2qk2kk0lib4&source=a5810590-ab32-486f-8e0a-0372fbf9866f&cep=PJcLRTjtVnN7XGx2yw5hKWPhFpWkMbPclFn-X1rmQiJu74TnLm_LFdQgcH7glUkBmdij7w3Oy-rX5TLmmH9KbMar6Lm3lWVgnRhsINxLMg3e8M2RHelC3ok-3akErnqSe9H8VmhDwF16FNgGSnsX6v2KUemzKJMGu1TX2JjgnrWXHpedjFXPbTskAGHccXXlYUSC3z71Rg1N6g5nroNKFcW8nSr53gkK19sSQT_z_IAxHBk2A2qWd0-T28vfzqe4fFDlyIi9PtxMQSq6MtaK5xsD_l5nbmbav2VCRWZ4VDzfGYvOxCByrPNZdZk3lYkPfwMup5Dh4Tnn6V39k62MjhQDHgNwoDOYdSsXdimAtUG85vJ4i4Q5T7n6TZyD7Gfd&lptoken=16ca69c7664412f9299d
IP	54.230.111.67 (United States)
ASN	#16509 AMAZON-02
UserAgent	Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Access
Report completed	2022-11-28 18:17:30 UTC
Status	Loading report..
IDS alerts	0
Blocklist alert	2
urlquery alerts	No alerts detected
Tags	None

Overview

Domain Summary (10)

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Blocklists

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 54.230.111.67

Last 5 reports on ASN: AMAZON-02

Last 5 reports on domain: happy-mobi.net

Last 5 reports with similar screenshot

JavaScript

Executed Scripts (5)

Executed Evals (1)

#1 JavaScript::Eval (size: 80) - SHA256: e8f87c171c4f79a536a6c7e153a63d0aa80a31b1e9fc0f71b69bcd3ca35413eb

Executed Writes (0)

HTTP Transactions (28)

Overview

Domain Summary (10)

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro

Blocklists

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 54.230.111.67

Last 5 reports on ASN: AMAZON-02

Last 5 reports on domain: happy-mobi.net

Last 5 reports with similar screenshot

JavaScript

Executed Scripts (5)

Executed Evals (1)

#1 JavaScript::Eval (size: 80) - SHA256: e8f87c171c4f79a536a6c7e153a63d0aa80a31b1e9fc0f71b69bcd3ca35413eb

Executed Writes (0)

HTTP Transactions (28)

Network Intrusion Detection Systems