www.mobilegoodies4you.com/bemob/iframe/albanian/albania/vodafone/survey-lander/?click_id=KGGtvn3cdJfHzRGV5cTeY7&bemobdata=c=6a790a1f-d777-4cbe-96c2-a7d798586f17..l=d7f6c465-f9c5-4ee8-a999-2e4ede987384..a=0..b=0..r=n1sav.bemobtrcks.com..ts=1679544599540
159.69.224.3301 Moved Permanently 547 B URL HTTP/1.1 www.mobilegoodies4you.com/bemob/iframe/albanian/albania/vodafone/survey-lander/?click_id=KGGtvn3cdJfHzRGV5cTeY7&bemobdata=c=6a790a1f-d777-4cbe-96c2-a7d798586f17..l=d7f6c465-f9c5-4ee8-a999-2e4ede987384..a=0..b=0..r=n1sav.bemobtrcks.com..ts=1679544599540
IP 159.69.224.3:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (314)
Hash cd7c5bf403a3964607765a15b91868a7
0ffdd0cc612deeb9d21f712147bd335f09c55f3b
bd8a3f00954c4fa523f3aef165f18ae042816c32e712ee63d255b2df9075131f
GET /bemob/iframe/albanian/albania/vodafone/survey-lander/?click_id=KGGtvn3cdJfHzRGV5cTeY7&bemobdata=c=6a790a1f-d777-4cbe-96c2-a7d798586f17..l=d7f6c465-f9c5-4ee8-a999-2e4ede987384..a=0..b=0..r=n1sav.bemobtrcks.com..ts=1679544599540 HTTP/1.1
Host: www.mobilegoodies4you.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Thu, 23 Mar 2023 04:10:23 GMT
Server: Apache
Location: https://www.mobilegoodies4you.com/bemob/iframe/albanian/albania/vodafone/survey-lander/?click_id=KGGtvn3cdJfHzRGV5cTeY7&bemobdata=c=6a790a1f-d777-4cbe-96c2-a7d798586f17..l=d7f6c465-f9c5-4ee8-a999-2e4ede987384..a=0..b=0..r=n1sav.bemobtrcks.com..ts=1679544599540
Content-Length: 547
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash bea3185dd820a31c1981317f37c3456d
1a548a5d27270fc11df9011837a7149571cedd78
469b97bf9f57401b3c9571039483589f2815f4794212b75c7c85cfefe0ae71e9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "469B97BF9F57401B3C9571039483589F2815F4794212B75C7C85CFEFE0AE71E9"
Last-Modified: Wed, 22 Mar 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2664
Expires: Thu, 23 Mar 2023 04:54:47 GMT
Date: Thu, 23 Mar 2023 04:10:23 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 210a2a42cfc4f4aced144f5de9babcc6
ece6ecfb2db8d036c3bfc7f02f8ea387e3f965db
59553a312d3fb34f1f0aea469f7e7cc810ff9993481ddbd73ea5d461cf97ed51
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "59553A312D3FB34F1F0AEA469F7E7CC810FF9993481DDBD73EA5D461CF97ED51"
Last-Modified: Wed, 22 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12325
Expires: Thu, 23 Mar 2023 07:35:48 GMT
Date: Thu, 23 Mar 2023 04:10:23 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bc86ef2a0cee04915bc360f5821adc8f
3658f9028cce204d38f7f48fcfaa2a8e4f54383a
aeecd718d03811322457de4f20828bdba86b277e7e0e328cae9c0a8075638454
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Backoff, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 23 Mar 2023 03:15:05 GMT
content-type: application/json
age: 3318
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 51a5d4696a6090c295850554508b51ce
c44e143c2223546e64b19f543b8101aaf3b11e97
8794223d5e8d4d276c35e2fdcc24bf99694240634dd749cd9b5bf874dec055cf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8794223D5E8D4D276C35E2FDCC24BF99694240634DD749CD9B5BF874DEC055CF"
Last-Modified: Wed, 22 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15170
Expires: Thu, 23 Mar 2023 08:23:13 GMT
Date: Thu, 23 Mar 2023 04:10:23 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e7bace7c1e04d44012e37ddffe36e5d5
3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2
6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: wJFUEDZS4EduDQJ/ie+xrUOUZVWZ99uHI5tQF2XaHZl/DEAuwV8eUa6cSpRl/78XVFraUnnFzT0=
x-amz-request-id: WJ1GTPJQXSYRVMRD
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 23 Mar 2023 03:59:47 GMT
age: 636
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 04:10:23 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
www.mobilegoodies4you.com/bemob/iframe/albanian/albania/vodafone/survey-lander/?click_id=KGGtvn3cdJfHzRGV5cTeY7&bemobdata=c=6a790a1f-d777-4cbe-96c2-a7d798586f17..l=d7f6c465-f9c5-4ee8-a999-2e4ede987384..a=0..b=0..r=n1sav.bemobtrcks.com..ts=1679544599540
159.69.224.3200 OK 6.0 kB URL HTTP/2 www.mobilegoodies4you.com/bemob/iframe/albanian/albania/vodafone/survey-lander/?click_id=KGGtvn3cdJfHzRGV5cTeY7&bemobdata=c=6a790a1f-d777-4cbe-96c2-a7d798586f17..l=d7f6c465-f9c5-4ee8-a999-2e4ede987384..a=0..b=0..r=n1sav.bemobtrcks.com..ts=1679544599540
IP 159.69.224.3:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (387)
Hash 74e11ce3a3f2e862d474e09bb9e0705e
f0a3965be80eaa0ff7c077bc7b8aec02e8e1d1af
cf2293b458220b37d42b6c046ff51815c1fef40cda612fc6cba333d931e30442
GET /bemob/iframe/albanian/albania/vodafone/survey-lander/?click_id=KGGtvn3cdJfHzRGV5cTeY7&bemobdata=c=6a790a1f-d777-4cbe-96c2-a7d798586f17..l=d7f6c465-f9c5-4ee8-a999-2e4ede987384..a=0..b=0..r=n1sav.bemobtrcks.com..ts=1679544599540 HTTP/1.1
Host: www.mobilegoodies4you.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
last-modified: Mon, 13 Feb 2023 14:45:49 GMT
etag: "1795-5f495e732a358"
accept-ranges: bytes
content-length: 6037
content-type: text/html
date: Thu, 23 Mar 2023 04:10:23 GMT
server: Apache
X-Firefox-Spdy: h2
www.mobilegoodies4you.com/bemob/iframe/albanian/albania/vodafone/survey-lander/css/app.css?id=2fbe2d9a9a40ca9b2489
159.69.224.3200 OK 69 B URL HTTP/2 www.mobilegoodies4you.com/bemob/iframe/albanian/albania/vodafone/survey-lander/css/app.css?id=2fbe2d9a9a40ca9b2489
IP 159.69.224.3:0
ASN #24940 Hetzner Online GmbH
Hash 2fbe2d9a9a40ca9b2489f46d1b5520c1
a8b5e5629deabf1912d969b4036ed3c9159756bb
94d8599586a5ee9c62dc15b45ca083b69d060d0c12bf2be3673b19a9820216ea
Analyzer Verdict Alert fortinet Malware
GET /bemob/iframe/albanian/albania/vodafone/survey-lander/css/app.css?id=2fbe2d9a9a40ca9b2489 HTTP/1.1
Host: www.mobilegoodies4you.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mobilegoodies4you.com/bemob/iframe/albanian/albania/vodafone/survey-lander/?click_id=KGGtvn3cdJfHzRGV5cTeY7&bemobdata=c=6a790a1f-d777-4cbe-96c2-a7d798586f17..l=d7f6c465-f9c5-4ee8-a999-2e4ede987384..a=0..b=0..r=n1sav.bemobtrcks.com..ts=1679544599540
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 13 Feb 2023 14:46:56 GMT
etag: "45-5f495eb2dae80"
accept-ranges: bytes
content-length: 69
content-type: text/css
date: Thu, 23 Mar 2023 04:10:23 GMT
server: Apache
X-Firefox-Spdy: h2
www.mobilegoodies4you.com/bemob/iframe/albanian/albania/vodafone/survey-lander/css/landers/survey/app.css?id=b58f517ccb85236317fa
159.69.224.3200 OK 3.5 kB URL HTTP/2 www.mobilegoodies4you.com/bemob/iframe/albanian/albania/vodafone/survey-lander/css/landers/survey/app.css?id=b58f517ccb85236317fa
IP 159.69.224.3:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (3508)
Hash b58f517ccb85236317faed6f2f276f94
f8036bae79943dc93ef568342f103690ebe6b331
4c95a2c7c370e3ea727269117605e6911a440309feab22ce29641fb4e561a8ad
Analyzer Verdict Alert fortinet Malware
GET /bemob/iframe/albanian/albania/vodafone/survey-lander/css/landers/survey/app.css?id=b58f517ccb85236317fa HTTP/1.1
Host: www.mobilegoodies4you.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mobilegoodies4you.com/bemob/iframe/albanian/albania/vodafone/survey-lander/?click_id=KGGtvn3cdJfHzRGV5cTeY7&bemobdata=c=6a790a1f-d777-4cbe-96c2-a7d798586f17..l=d7f6c465-f9c5-4ee8-a999-2e4ede987384..a=0..b=0..r=n1sav.bemobtrcks.com..ts=1679544599540
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 13 Feb 2023 14:49:30 GMT
etag: "dd8-5f495f459185c"
accept-ranges: bytes
content-length: 3544
content-type: text/css
date: Thu, 23 Mar 2023 04:10:23 GMT
server: Apache
X-Firefox-Spdy: h2
www.mobilegoodies4you.com/bemob/iframe/albanian/albania/vodafone/survey-lander/img/landers/survey/logo/default.svg
159.69.224.3200 OK 689 B URL HTTP/2 www.mobilegoodies4you.com/bemob/iframe/albanian/albania/vodafone/survey-lander/img/landers/survey/logo/default.svg
IP 159.69.224.3:0
ASN #24940 Hetzner Online GmbH
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (506)
Hash 2a33561218183651c3f4b59be76f67bd
5cf5f8634c85a4f43201d8dc6aef8198ec624186
5d1f3eba861b3b61a94974c291157f6087eeb1aecd5adaf2b5d07a2257b12c96
Analyzer Verdict Alert fortinet Malware
GET /bemob/iframe/albanian/albania/vodafone/survey-lander/img/landers/survey/logo/default.svg HTTP/1.1
Host: www.mobilegoodies4you.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mobilegoodies4you.com/bemob/iframe/albanian/albania/vodafone/survey-lander/?click_id=KGGtvn3cdJfHzRGV5cTeY7&bemobdata=c=6a790a1f-d777-4cbe-96c2-a7d798586f17..l=d7f6c465-f9c5-4ee8-a999-2e4ede987384..a=0..b=0..r=n1sav.bemobtrcks.com..ts=1679544599540
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 13 Feb 2023 14:52:07 GMT
etag: "2b1-5f495fdb035b9"
accept-ranges: bytes
content-length: 689
content-type: image/svg+xml
date: Thu, 23 Mar 2023 04:10:23 GMT
server: Apache
X-Firefox-Spdy: h2
www.mobilegoodies4you.com/bemob/iframe/albanian/albania/vodafone/survey-lander/img/prizes/iphone-14/default@0.25x.png
159.69.224.3200 OK 2.0 kB URL HTTP/2 www.mobilegoodies4you.com/bemob/iframe/albanian/albania/vodafone/survey-lander/img/prizes/iphone-14/default@0.25x.png
IP 159.69.224.3:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 100 x 100, 8-bit colormap, non-interlaced\012- data
Hash 2fe88a27040960f597c68d1f9335b02c
2b1bc98fd78a95a99fd313e9ad6cb7b7214c1752
de9465f6c25951dadf01fe6ecb439206f1211aebcbe367cfabd6bfc5604c8df4
GET /bemob/iframe/albanian/albania/vodafone/survey-lander/img/prizes/iphone-14/default@0.25x.png HTTP/1.1
Host: www.mobilegoodies4you.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mobilegoodies4you.com/bemob/iframe/albanian/albania/vodafone/survey-lander/?click_id=KGGtvn3cdJfHzRGV5cTeY7&bemobdata=c=6a790a1f-d777-4cbe-96c2-a7d798586f17..l=d7f6c465-f9c5-4ee8-a999-2e4ede987384..a=0..b=0..r=n1sav.bemobtrcks.com..ts=1679544599540
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 13 Feb 2023 14:49:30 GMT
etag: "7b5-5f495f45fa03c"
accept-ranges: bytes
content-length: 1973
content-type: image/png
date: Thu, 23 Mar 2023 04:10:23 GMT
server: Apache
X-Firefox-Spdy: h2
www.mobilegoodies4you.com/bemob/iframe/albanian/albania/vodafone/survey-lander/js/app.js?id=d75b4cfe9b4f0f2f3a56
159.69.224.3200 OK 19 kB URL HTTP/2 www.mobilegoodies4you.com/bemob/iframe/albanian/albania/vodafone/survey-lander/js/app.js?id=d75b4cfe9b4f0f2f3a56
IP 159.69.224.3:0
ASN #24940 Hetzner Online GmbH
File type Unicode text, UTF-8 text, with very long lines (18544)
Hash d75b4cfe9b4f0f2f3a56f5dad32d6c7d
7c462194003560634a65f7725b8bd553b9fdce41
0a9b16afee4ee7fa81b369cfe3d69c3a6d4ff580726b9d9c10f398deb2fc3c22
Analyzer Verdict Alert fortinet Malware
GET /bemob/iframe/albanian/albania/vodafone/survey-lander/js/app.js?id=d75b4cfe9b4f0f2f3a56 HTTP/1.1
Host: www.mobilegoodies4you.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mobilegoodies4you.com/bemob/iframe/albanian/albania/vodafone/survey-lander/?click_id=KGGtvn3cdJfHzRGV5cTeY7&bemobdata=c=6a790a1f-d777-4cbe-96c2-a7d798586f17..l=d7f6c465-f9c5-4ee8-a999-2e4ede987384..a=0..b=0..r=n1sav.bemobtrcks.com..ts=1679544599540
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 13 Feb 2023 14:46:56 GMT
etag: "4891-5f495eb2e0c40"
accept-ranges: bytes
content-length: 18577
content-type: application/javascript
date: Thu, 23 Mar 2023 04:10:23 GMT
server: Apache
X-Firefox-Spdy: h2
www.mobilegoodies4you.com/bemob/iframe/albanian/albania/vodafone/survey-lander/js/landers/survey/app.js?id=69fbb25d755eb585731d
159.69.224.3200 OK 150 kB URL HTTP/2 www.mobilegoodies4you.com/bemob/iframe/albanian/albania/vodafone/survey-lander/js/landers/survey/app.js?id=69fbb25d755eb585731d
IP 159.69.224.3:0
ASN #24940 Hetzner Online GmbH
File type Unicode text, UTF-8 text, with very long lines (65443)
Size 150 kB (150547 bytes)
Hash 69fbb25d755eb585731d9b8ed1a693df
035fc99035f2a0a9c342cd28ee835edda9450dd8
4e4aae7e2f13eded03adc8223b55cd86ce0bd09e31d4c67fdbf550bc7da2a0e6
Analyzer Verdict Alert fortinet Malware
GET /bemob/iframe/albanian/albania/vodafone/survey-lander/js/landers/survey/app.js?id=69fbb25d755eb585731d HTTP/1.1
Host: www.mobilegoodies4you.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mobilegoodies4you.com/bemob/iframe/albanian/albania/vodafone/survey-lander/?click_id=KGGtvn3cdJfHzRGV5cTeY7&bemobdata=c=6a790a1f-d777-4cbe-96c2-a7d798586f17..l=d7f6c465-f9c5-4ee8-a999-2e4ede987384..a=0..b=0..r=n1sav.bemobtrcks.com..ts=1679544599540
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 13 Feb 2023 14:49:30 GMT
etag: "24c13-5f495f45ce11c"
accept-ranges: bytes
content-length: 150547
content-type: application/javascript
date: Thu, 23 Mar 2023 04:10:23 GMT
server: Apache
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash fffe621085ec017db3ea63bc0bb7bb54
79beb0c719d60bb34ff239f561a3cbaa453004a2
405c3d6480b95dadf68fbea6b7b3b4593f55d20ffe53ad2462eaa68eb7f57bb0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "405C3D6480B95DADF68FBEA6B7B3B4593F55D20FFE53AD2462EAA68EB7F57BB0"
Last-Modified: Wed, 22 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Thu, 23 Mar 2023 10:10:23 GMT
Date: Thu, 23 Mar 2023 04:10:23 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, ETag, Content-Type, Cache-Control, Pragma, Alert, Last-Modified, Retry-After, Backoff, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 23 Mar 2023 03:17:23 GMT
age: 3180
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
psothoms.com/pfe/current/micro.tag.min.js?z=5653160&sw=/sw-check-permissions-d1fba.js
139.45.197.251200 OK 15 kB URL HTTP/2 psothoms.com/pfe/current/micro.tag.min.js?z=5653160&sw=/sw-check-permissions-d1fba.js
IP 139.45.197.251:0
File type C source, ASCII text, with very long lines (41313), with no line terminators
Hash dcd19cf25949bf1a35809fa63335b48b
2b03bb4636f8f41323a163e98f1c0b29a08831ba
e3fb360d7e372c224499b9858c6686c7fae772c7d6e9ec4480334204b89dd478
GET /pfe/current/micro.tag.min.js?z=5653160&sw=/sw-check-permissions-d1fba.js HTTP/1.1
Host: psothoms.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mobilegoodies4you.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 04:10:23 GMT
content-type: application/javascript
last-modified: Thu, 16 Mar 2023 15:32:57 GMT
etag: W/"641336a9-a161"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 18b877ebbad1529e4bd91e12220d91c4
a3d64fb3d9cc1fe3a29b261c4ec9acfe134dfedc
7001d3ef847c7002ac15155f0dfcc0a369f19860e85c8e90530f1e7b2dd88f09
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7001D3EF847C7002AC15155F0DFCC0A369F19860E85C8E90530F1E7B2DD88F09"
Last-Modified: Wed, 22 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3277
Expires: Thu, 23 Mar 2023 05:05:01 GMT
Date: Thu, 23 Mar 2023 04:10:24 GMT
Connection: keep-alive
push.services.mozilla.com/
52.34.238.244101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.34.238.244:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 26TiOJQ4jAfFU92GbomXuw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: tVReHQW6M+EI5m4FaDQdYyJJfkc=
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a0d3d7099bbc5fed74a6e78e1a3096bf
96afaf8b3ac053577c56aca5f4a20d8655ecb771
c8ff32c6809a506d4c656d3200dbfc6682c156c3de0647d13ab8f07a6f9a38ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C8FF32C6809A506D4C656D3200DBFC6682C156C3DE0647D13AB8F07A6F9A38BA"
Last-Modified: Tue, 21 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6394
Expires: Thu, 23 Mar 2023 05:56:59 GMT
Date: Thu, 23 Mar 2023 04:10:25 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a0d3d7099bbc5fed74a6e78e1a3096bf
96afaf8b3ac053577c56aca5f4a20d8655ecb771
c8ff32c6809a506d4c656d3200dbfc6682c156c3de0647d13ab8f07a6f9a38ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C8FF32C6809A506D4C656D3200DBFC6682C156C3DE0647D13AB8F07A6F9A38BA"
Last-Modified: Tue, 21 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6394
Expires: Thu, 23 Mar 2023 05:56:59 GMT
Date: Thu, 23 Mar 2023 04:10:25 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a0d3d7099bbc5fed74a6e78e1a3096bf
96afaf8b3ac053577c56aca5f4a20d8655ecb771
c8ff32c6809a506d4c656d3200dbfc6682c156c3de0647d13ab8f07a6f9a38ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C8FF32C6809A506D4C656D3200DBFC6682C156C3DE0647D13AB8F07A6F9A38BA"
Last-Modified: Tue, 21 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6394
Expires: Thu, 23 Mar 2023 05:56:59 GMT
Date: Thu, 23 Mar 2023 04:10:25 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a0d3d7099bbc5fed74a6e78e1a3096bf
96afaf8b3ac053577c56aca5f4a20d8655ecb771
c8ff32c6809a506d4c656d3200dbfc6682c156c3de0647d13ab8f07a6f9a38ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C8FF32C6809A506D4C656D3200DBFC6682C156C3DE0647D13AB8F07A6F9A38BA"
Last-Modified: Tue, 21 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6394
Expires: Thu, 23 Mar 2023 05:56:59 GMT
Date: Thu, 23 Mar 2023 04:10:25 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a0d3d7099bbc5fed74a6e78e1a3096bf
96afaf8b3ac053577c56aca5f4a20d8655ecb771
c8ff32c6809a506d4c656d3200dbfc6682c156c3de0647d13ab8f07a6f9a38ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C8FF32C6809A506D4C656D3200DBFC6682C156C3DE0647D13AB8F07A6F9A38BA"
Last-Modified: Tue, 21 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6394
Expires: Thu, 23 Mar 2023 05:56:59 GMT
Date: Thu, 23 Mar 2023 04:10:25 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffed036ca-a43b-426f-a0f3-fb8f2e221171.jpeg
34.120.237.76200 OK 6.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffed036ca-a43b-426f-a0f3-fb8f2e221171.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 27bd1bd539c3711ff340f243098cab93
4860b7e75775fe187a9253a4d38222e36552f529
34278c150d0686e999228226d0d92e3e7ed1116978ab94fd21b3047c44a69972
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffed036ca-a43b-426f-a0f3-fb8f2e221171.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6430
x-amzn-requestid: abbe5dc0-5218-46ef-b264-30aa5d0a87b3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BzanbGRCIAMF96g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64113e2f-3c198b4a31aaa8f263ec8db5;Sampled=0
x-amzn-remapped-date: Wed, 15 Mar 2023 03:40:31 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: eETIf_ygzcHX6nt_w_o0UXc5Myk3aCUzDfWf4LhwILPkeAWkd4yctA==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 de2dd11312f7d5ad3bcd0cb112c7fd0e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 22 Mar 2023 13:48:21 GMT
age: 51724
etag: "4860b7e75775fe187a9253a4d38222e36552f529"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F93c300c4-e707-428c-9ae5-d4699c20a7ef.jpeg
34.120.237.76200 OK 6.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F93c300c4-e707-428c-9ae5-d4699c20a7ef.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 800c2662fd6ab8829a02b7d63084c38d
0917d2c376f8d2af2a436a33ce2bfe1cbdb8b239
76545e9f75dc558fdb7b54550934c7775318fb4150a9309f60e65d982d2e576e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F93c300c4-e707-428c-9ae5-d4699c20a7ef.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5950
x-amzn-requestid: ce85112e-428d-4ca1-9dac-1d6c8c6dc74a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CKyF9EI3oAMFtyQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641a96f2-05c5948d6f74948b1c67d68c;Sampled=0
x-amzn-remapped-date: Wed, 22 Mar 2023 05:49:38 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: tu0ENc_6tfykYc23nLfwYEMsi5HIfaDWF6dvzVTfX5rfjr3JrmMrCA==
via: 1.1 59456abf79b201034ab5c9cfef7355e2.cloudfront.net (CloudFront), 1.1 aabd01c4a20dae837d162bd972422efc.cloudfront.net (CloudFront), 1.1 google
date: Wed, 22 Mar 2023 22:02:44 GMT
age: 57605
etag: "0917d2c376f8d2af2a436a33ce2bfe1cbdb8b239"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F00ac1765-db6c-42e3-99bf-d857d27a34b9.jpeg
34.120.237.76200 OK 5.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F00ac1765-db6c-42e3-99bf-d857d27a34b9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c831201ad81f55c63c1b101ce854a810
0e9b952f6489f0a5f4862d3bea2fbe0ecdd379e5
c854489720d2ca4a95eef00addda0fcdaf481402d044df7725282654a97eb54a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F00ac1765-db6c-42e3-99bf-d857d27a34b9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5556
x-amzn-requestid: dd5a8417-ddd5-469d-aa84-e880f4b84464
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CHqKFGRsoAMFTGQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6419570d-3f28a7502b56eda47dd82ba7;Sampled=0
x-amzn-remapped-date: Tue, 21 Mar 2023 07:04:45 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: JImqyag05jmvEwsJSvKFVuisuS5KNKfr7xRuN0YPyneNXvVxKkFMzg==
via: 1.1 ee6ea1e4552345de209d26f9ffb35d4a.cloudfront.net (CloudFront), 1.1 5292c0d5844327feadb38f1efe42ebc6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 22 Mar 2023 05:35:55 GMT
age: 81270
etag: "0e9b952f6489f0a5f4862d3bea2fbe0ecdd379e5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F340c6dd8-fc2f-45fc-9318-44a28c249325.jpeg
34.120.237.76200 OK 9.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F340c6dd8-fc2f-45fc-9318-44a28c249325.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6de676f6856031e5c1baebe9166a8269
d81a4852f956999fa28a5f667ed73506843d0731
71f282ba594e454a2abf1c3700ade4d9461d6d48ac2726f746f3da5a63e29c38
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F340c6dd8-fc2f-45fc-9318-44a28c249325.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9687
x-amzn-requestid: b7c8cd8c-6103-4aa4-9016-f02cf368908d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CM8JGHyEoAMFzJw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641b73d3-2fb1fd1b5be3289047f8aed4;Sampled=0
x-amzn-remapped-date: Wed, 22 Mar 2023 21:32:03 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: pwTgv5KbsBUYyFFmAaQkVuceVkWmy6S5-JrC5QptjI6eZYMu23hopg==
via: 1.1 773bf3616e85ce2b187fa78710a6beb2.cloudfront.net (CloudFront), 1.1 efcf7b9d0f917f9ebf314db03e52d9b6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 22 Mar 2023 21:47:44 GMT
age: 22961
etag: "d81a4852f956999fa28a5f667ed73506843d0731"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae396653-384e-48e4-9824-4bf9d53f211b.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae396653-384e-48e4-9824-4bf9d53f211b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 90be67fd11de3a169f4de942f6418f3f
55bd99cc5490b60e7a653ffa5f2a8c288ef66e87
b07e34257bbaa41c941650a839adad82d4999d92ee62402dbec969d9464c89b0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae396653-384e-48e4-9824-4bf9d53f211b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10959
x-amzn-requestid: a7e3f891-6f0e-48af-9a37-3cb8f9cae223
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: B9xD8G-pIAMFagQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64156218-3334d770691739b77f855b0b;Sampled=0
x-amzn-remapped-date: Sat, 18 Mar 2023 07:02:48 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: RmTQewe6KB0ictxZUj2umye1wlB6l5FkLEoXfGsR2adHPRU9KyXxWQ==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 331202b5b8aab67acbf389883133f256.cloudfront.net (CloudFront), 1.1 google
date: Thu, 23 Mar 2023 03:55:26 GMT
age: 899
etag: "55bd99cc5490b60e7a653ffa5f2a8c288ef66e87"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fea5d4e17-e42c-49fb-a54b-d7d97ad50ba4.jpeg
34.120.237.76200 OK 7.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fea5d4e17-e42c-49fb-a54b-d7d97ad50ba4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 40d24dfcd9f0afe0e4077384f16cc494
76213c7d5c759471ed3823888860f918ac7e8f13
fbbbef0498ddf14bc9b204273a3cd416c357dceed20339c3e8c64a16b0be3caf
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fea5d4e17-e42c-49fb-a54b-d7d97ad50ba4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7083
x-amzn-requestid: 52c38747-4a30-4831-87ca-7e72e5602ed0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CHY_gFu8IAMFh9g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64193b96-49c53b7c2e5ed4fc0217e357;Sampled=0
x-amzn-remapped-date: Tue, 21 Mar 2023 05:07:34 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: XUrSSF8TgZSClR4MqJ0kuXGO-8KIguNmGe5lmVwzKXZO6CN0F9mimg==
via: 1.1 f3802d173009698413044360f84de06c.cloudfront.net (CloudFront), 1.1 f313d3df80c4dab8f5399614116801cc.cloudfront.net (CloudFront), 1.1 google
date: Wed, 22 Mar 2023 21:51:03 GMT
age: 22762
etag: "76213c7d5c759471ed3823888860f918ac7e8f13"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2