qv.ag/Y_DTFX
302 Found 0 B IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET /Y_DTFX HTTP/1.1
Host: qv.ag
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Date: Sun, 06 Nov 2022 22:23:49 GMT
Content-Length: 0
Connection: keep-alive
Location: https://tu01.net/l/?s6=6&s7=TINY
Content-Language: en-US
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RnFuxn3AfedDu9Pfu3CO9mPD7Kax%2FzYBWiZaekaAN9%2FrastLMk6o7FdllpWlv3xdzhOgkjB3huvE92r9qcLsFBPqjPBO6FFD3sOqaBhpX3mV2WuohnBpOw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 76613c5d0985b51b-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 9e164a845d32db8fa51fdb5b1aa218d9
169099b4d2f8e119ab6cf6fca279b6fb535b1759
402ffbf1404cf05c0516c5a8cd5344bd53537ac5150d387730a90c81c17dc9e4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "402FFBF1404CF05C0516C5A8CD5344BD53537AC5150D387730A90C81C17DC9E4"
Last-Modified: Sun, 06 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7130
Expires: Mon, 07 Nov 2022 00:22:39 GMT
Date: Sun, 06 Nov 2022 22:23:49 GMT
Connection: keep-alive
ocsp.digicert.com/
200 OK 471 B IP
Hash 05978511215be8462d0b69e33b3a91a3
61535ba131d547f1c5108d9e7763ee3fc8d8c824
cfdbf0f9e88e3c1ae8eb03e46c352633a75d4b2edbfbd57c1c6b52ff1623a109
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1478
Cache-Control: max-age=131512
Content-Type: application/ocsp-response
Date: Sun, 06 Nov 2022 22:23:49 GMT
Etag: "63678ce7-1d7"
Expires: Tue, 08 Nov 2022 10:55:41 GMT
Last-Modified: Sun, 06 Nov 2022 10:31:03 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
200 OK 471 B IP
Hash 05978511215be8462d0b69e33b3a91a3
61535ba131d547f1c5108d9e7763ee3fc8d8c824
cfdbf0f9e88e3c1ae8eb03e46c352633a75d4b2edbfbd57c1c6b52ff1623a109
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1478
Cache-Control: max-age=131512
Content-Type: application/ocsp-response
Date: Sun, 06 Nov 2022 22:23:49 GMT
Etag: "63678ce7-1d7"
Expires: Tue, 08 Nov 2022 10:55:41 GMT
Last-Modified: Sun, 06 Nov 2022 10:31:03 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 9a21dcd6794c5ba4178522096f695511
d731cf49db5e048d0d820d5cee03417cdd8c1c7b
c4981ce849fcfce045d1c9eeb2978767d87fcbf6087626f3d6541ec8b1938a37
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C4981CE849FCFCE045D1C9EEB2978767D87FCBF6087626F3D6541EC8B1938A37"
Last-Modified: Sun, 06 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2195
Expires: Sun, 06 Nov 2022 23:00:24 GMT
Date: Sun, 06 Nov 2022 22:23:49 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: OKA1vIZ0FiDaBDUcCnf3h8U6WwS/jIKEiZffrenmV2oZ7QuvNMOn+ANrVCrMA71hz2RhYpz8oWY=
x-amz-request-id: X3RQT72YD51GH3A9
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 06 Nov 2022 21:47:47 GMT
age: 2162
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 06 Nov 2022 22:23:49 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 346 B IP
ASN #20940 Akamai International B.V.
Hash 4c0cb94214b1506c83dd46f0c6a4042b
725f65af108e9f095a2e516bd8b277c1cb3e7a4d
586a5b1d7160894d687fd59ea8d607617b5292b9d8c694f71be0f4d685fc319e
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "586A5B1D7160894D687FD59EA8D607617B5292B9D8C694F71BE0F4D685FC319E"
Last-Modified: Sat, 05 Nov 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21551
Expires: Mon, 07 Nov 2022 04:23:00 GMT
Date: Sun, 06 Nov 2022 22:23:49 GMT
Connection: keep-alive
tu01.net/l/?s6=6&s7=TINY
200 OK 492 B IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CR line terminators
Hash 885b262f71de3880c863c62cf860f376
b15541f188f2402bdcd2ea0d07a89967bce5630c
f6a6030929cf0b657efb100309feb278f89790afa6a7c8e4c321949847aa12db
GET /l/?s6=6&s7=TINY HTTP/1.1
Host: tu01.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Sun, 06 Nov 2022 22:23:49 GMT
content-type: text/html
last-modified: Fri, 04 Nov 2022 14:45:44 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OLZYSManaoBIFd3Pel%2BelPV%2FQ9hyhDAADsEQtAEGet3Teey%2F8L9zTpfqMaHm9tltv7EGOBdfkaUuUUPFsy%2FndUpMwsT8kS05%2Fzr%2FXIkdzsQ9ebbZNU6bU%2Fv0rQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76613c605935b527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash b8988c44d656e4521aa7d84091f926d3
debd55429e2a0f0bcd257201f2efe00d2e7ed35f
e04704fa687f5daa90436f47c59fabadc7779f604a68cef3baf6b97a0bc5e92b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 06 Nov 2022 22:23:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ajax.googleapis.com/ajax/libs/jquery/1.11.2/jquery.min.js
200 OK 34 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/1.11.2/jquery.min.js
IP
File type ASCII text, with very long lines (32047)
Hash 7a83c39ee44cf30d4e6d9a8d5c74276e
175f5e717c0fd96485d4371234d4c54355753c2b
ab02740b3bd7f47ad3a0ebc2571a67e1d00dfef34bb04e87adb08b0b61381d8e
GET /ajax/libs/jquery/1.11.2/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tu01.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33495
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 03 Nov 2022 08:09:49 GMT
expires: Fri, 03 Nov 2023 08:09:49 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
age: 310441
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash b8988c44d656e4521aa7d84091f926d3
debd55429e2a0f0bcd257201f2efe00d2e7ed35f
e04704fa687f5daa90436f47c59fabadc7779f604a68cef3baf6b97a0bc5e92b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 06 Nov 2022 22:23:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
200 OK 279 B IP
Hash 0a8377c6b4c1865b30fdd311e189724e
0c50646b12334ca2837bc06121ff3fc5b8c21043
2f77df427b28ed77b56804ff77e56d45583ba1a321d65ca76d85ba0c6f272da9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=156323
Content-Type: application/ocsp-response
Date: Sun, 06 Nov 2022 22:23:50 GMT
Etag: "6367f399-117"
Expires: Tue, 08 Nov 2022 17:49:13 GMT
Last-Modified: Sun, 06 Nov 2022 17:49:13 GMT
Server: nginx
Content-Length: 279
ocsp.digicert.com/
200 OK 471 B IP
Hash d862f992e9902530594e7aca425f129b
25b414fe833d30b52928535d659a1ee281b82e3a
0c6286152fe8bb5fdf1505f2001d530a65ee53aa6d9601bbb1eecb683036071d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 653
Cache-Control: max-age=125634
Content-Type: application/ocsp-response
Date: Sun, 06 Nov 2022 22:23:50 GMT
Etag: "6367792b-1d7"
Expires: Tue, 08 Nov 2022 09:17:44 GMT
Last-Modified: Sun, 06 Nov 2022 09:06:51 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
200 OK 279 B IP
Hash 0a8377c6b4c1865b30fdd311e189724e
0c50646b12334ca2837bc06121ff3fc5b8c21043
2f77df427b28ed77b56804ff77e56d45583ba1a321d65ca76d85ba0c6f272da9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=156323
Content-Type: application/ocsp-response
Date: Sun, 06 Nov 2022 22:23:50 GMT
Etag: "6367f399-117"
Expires: Tue, 08 Nov 2022 17:49:13 GMT
Last-Modified: Sun, 06 Nov 2022 17:49:13 GMT
Server: nginx
Content-Length: 279
app.logictree.co/af398655-aba0-440c-8dc9-50bd7c0fba4d?s6=6&s7=TINY&spushon=y
302 Found 0 B URL HTTP/2 app.logictree.co/af398655-aba0-440c-8dc9-50bd7c0fba4d?s6=6&s7=TINY&spushon=y
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /af398655-aba0-440c-8dc9-50bd7c0fba4d?s6=6&s7=TINY&spushon=y HTTP/1.1
Host: app.logictree.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tu01.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Sun, 06 Nov 2022 22:23:50 GMT
content-length: 0
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://secure.clicktaphoverpush.monster/lp/redirect/mred2/?vsv=UTS&vl=1&vlink=app.logictree.co&bb=1&model=Desktop&brand=Desktop&isp=Blix%20Group%20AS&city=Oslo&country=NO&spushon=y&spushid=xd&cep=8CzN8276hu5PVJ1Fwqp-wDMRUZaj03xC22KOdXqNGCBacTRtBnpi_kN-WvLjGguY6C5BTLeaYYuRFtFbdxRBsmWFqREShRs76knoHZ4Ip7qYrgUar7ddqykQOApvwJEuc3VKWfbgjMZsvIqCc2Z5REZLU_pJ5diYcn5ss1p5M5vvruFRDzr-2fh_tU3qK1_UlfiohH2Cj8VNsfJ5LhvTHgzSSqG7n1ZiuAdkY3A-9lHSfbIX2g3gOdFnEwlAj8N4FGGdBWuuXuXzDTbS89gxLo8i2xWU27aA1TOkGF31yjCHPDQDavE90qkjX7-eALofVgBEs8KIChHDfZfoaCTv0GrmQSO7MJXeOJLFCa5kgKq7d8VFpzSwFl7-MsDqBeVpFWDj6QoVMz5jbPavQ_3k2YGcyVNkN1WEIla5RifDAVU&lptoken=16ad67ea77c2527a304c&s6=6&s7=TINY
pragma: no-cache
set-cookie: af398655-aba0-440c-8dc9-50bd7c0fba4d-v4=hvFiZL4vrzc4wWZPE57iof-DgRDiFGOD6GP7SbA-Mg8; Max-Age=86400; Expires=Mon, 07-Nov-2022 22:23:50 GMT; Domain=app.logictree.co; Path=/; Secure; HttpOnly;SameSite=None
cep-v4=DzYP44ZVzDBoZ0LSN1AolJBTvMf9t1Bxj_cwEjp-5QGli0njqkaheaHSDziNQ9Oelkt_nvC6o2Rdx85h6b57cP6BZGGyM1n8VUXShJZlQzrs40etd5dADos0apIyMtQ63FPsfTuAlMhjcQHIPGa-vTBbTdXk8n8b-CCMv82lvoTJJuTpctNsf9sLJma0yOqil93DD2ch3V_2PxVehsUS0yNBbrozmiKMJmw3iLnwGLtCvL-4j5DVi2P9KLNqQykmUCt4QX7ih0KbMPZcJWGh48NT64Au1gIS2z-boSxGZSixJrzqkJWGHYbrnk-HRcJeOYdEo2HXRyskQaQ0tY0XhQurhaeGrpXpa2HWKZNOYYnLQpWuBRxXK0BHqJWuQGvMJNQsm5v-Cxc4dtle2FRMrdUUhlU8GVWPmCwwVvWl_64; Max-Age=86400; Expires=Mon, 07-Nov-2022 22:23:50 GMT; Domain=app.logictree.co; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: CjHwVUMoYIfxc3nthQAg6w==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: U+AX0/zmNmmVwTenPFA4hMzYYyY=
ocsp.digicert.com/
200 OK 278 B IP
Hash 138b156a33d2309dba13c80e0a1b8a2f
cc1c266a172833f33a4baec687ffc6b54ee09976
df5f2124f3b335cfde5da56271ad56a574968767be441194d4c9440176916582
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=166367
Content-Type: application/ocsp-response
Date: Sun, 06 Nov 2022 22:23:50 GMT
Etag: "63681ad5-116"
Expires: Tue, 08 Nov 2022 20:36:37 GMT
Last-Modified: Sun, 06 Nov 2022 20:36:37 GMT
Server: nginx
Content-Length: 278
secure.clicktaphoverpush.monster/lp/redirect/mred2/?vsv=UTS&vl=1&vlink=app.logictree.co&bb=1&model=Desktop&brand=Desktop&isp=Blix%20Group%20AS&city=Oslo&country=NO&spushon=y&spushid=xd&cep=8CzN8276hu5PVJ1Fwqp-wDMRUZaj03xC22KOdXqNGCBacTRtBnpi_kN-WvLjGguY6C5BTLeaYYuRFtFbdxRBsmWFqREShRs76knoHZ4Ip7qYrgUar7ddqykQOApvwJEuc3VKWfbgjMZsvIqCc2Z5REZLU_pJ5diYcn5ss1p5M5vvruFRDzr-2fh_tU3qK1_UlfiohH2Cj8VNsfJ5LhvTHgzSSqG7n1ZiuAdkY3A-9lHSfbIX2g3gOdFnEwlAj8N4FGGdBWuuXuXzDTbS89gxLo8i2xWU27aA1TOkGF31yjCHPDQDavE90qkjX7-eALofVgBEs8KIChHDfZfoaCTv0GrmQSO7MJXeOJLFCa5kgKq7d8VFpzSwFl7-MsDqBeVpFWDj6QoVMz5jbPavQ_3k2YGcyVNkN1WEIla5RifDAVU&lptoken=16ad67ea77c2527a304c&s6=6&s7=TINY
200 OK 3.2 kB URL HTTP/2 secure.clicktaphoverpush.monster/lp/redirect/mred2/?vsv=UTS&vl=1&vlink=app.logictree.co&bb=1&model=Desktop&brand=Desktop&isp=Blix%20Group%20AS&city=Oslo&country=NO&spushon=y&spushid=xd&cep=8CzN8276hu5PVJ1Fwqp-wDMRUZaj03xC22KOdXqNGCBacTRtBnpi_kN-WvLjGguY6C5BTLeaYYuRFtFbdxRBsmWFqREShRs76knoHZ4Ip7qYrgUar7ddqykQOApvwJEuc3VKWfbgjMZsvIqCc2Z5REZLU_pJ5diYcn5ss1p5M5vvruFRDzr-2fh_tU3qK1_UlfiohH2Cj8VNsfJ5LhvTHgzSSqG7n1ZiuAdkY3A-9lHSfbIX2g3gOdFnEwlAj8N4FGGdBWuuXuXzDTbS89gxLo8i2xWU27aA1TOkGF31yjCHPDQDavE90qkjX7-eALofVgBEs8KIChHDfZfoaCTv0GrmQSO7MJXeOJLFCa5kgKq7d8VFpzSwFl7-MsDqBeVpFWDj6QoVMz5jbPavQ_3k2YGcyVNkN1WEIla5RifDAVU&lptoken=16ad67ea77c2527a304c&s6=6&s7=TINY
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (372)
Hash ad21efc766742b590cf9d3cc5b6cff7f
26744486cce38e93dfab218caa0d93991d627d17
56ff8fb4cb28728ac4255b2c90c6de0e8bfbe1d8c672d1a9e361f3436f75f2d0
GET /lp/redirect/mred2/?vsv=UTS&vl=1&vlink=app.logictree.co&bb=1&model=Desktop&brand=Desktop&isp=Blix%20Group%20AS&city=Oslo&country=NO&spushon=y&spushid=xd&cep=8CzN8276hu5PVJ1Fwqp-wDMRUZaj03xC22KOdXqNGCBacTRtBnpi_kN-WvLjGguY6C5BTLeaYYuRFtFbdxRBsmWFqREShRs76knoHZ4Ip7qYrgUar7ddqykQOApvwJEuc3VKWfbgjMZsvIqCc2Z5REZLU_pJ5diYcn5ss1p5M5vvruFRDzr-2fh_tU3qK1_UlfiohH2Cj8VNsfJ5LhvTHgzSSqG7n1ZiuAdkY3A-9lHSfbIX2g3gOdFnEwlAj8N4FGGdBWuuXuXzDTbS89gxLo8i2xWU27aA1TOkGF31yjCHPDQDavE90qkjX7-eALofVgBEs8KIChHDfZfoaCTv0GrmQSO7MJXeOJLFCa5kgKq7d8VFpzSwFl7-MsDqBeVpFWDj6QoVMz5jbPavQ_3k2YGcyVNkN1WEIla5RifDAVU&lptoken=16ad67ea77c2527a304c&s6=6&s7=TINY HTTP/1.1
Host: secure.clicktaphoverpush.monster
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tu01.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 06 Nov 2022 22:23:51 GMT
content-type: text/html
last-modified: Fri, 04 Nov 2022 14:48:27 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W%2F8rul1gYzgWfVh29afCwTOEGRo6MAPGSUw6XaoDmG65UOgc37lFF5Pg42RIp7PQO%2B27s%2B93kKWh3l7PczSsdnJGPDrtcHJNsNhnliqmJhW%2B%2FTT7jfeN7%2F%2BEU%2FxDT5mBfJOLqfp0yacCkKAk5jlf7hFobQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76613c67cd6f0b55-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 279 B IP
Hash 7bb75cda180838bb141d84bc6237047c
3bfc21e05d99392259a744b8b6246c4e87c121f4
97b56f9370203a7d906a51562dc75f23414138e8d82423410bce14ac5c1fcca2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4994
Cache-Control: max-age=118837
Content-Type: application/ocsp-response
Date: Sun, 06 Nov 2022 22:23:51 GMT
Etag: "63674daa-117"
Expires: Tue, 08 Nov 2022 07:24:28 GMT
Last-Modified: Sun, 06 Nov 2022 06:01:14 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 279
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash b8988c44d656e4521aa7d84091f926d3
debd55429e2a0f0bcd257201f2efe00d2e7ed35f
e04704fa687f5daa90436f47c59fabadc7779f604a68cef3baf6b97a0bc5e92b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 06 Nov 2022 22:23:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash b8988c44d656e4521aa7d84091f926d3
debd55429e2a0f0bcd257201f2efe00d2e7ed35f
e04704fa687f5daa90436f47c59fabadc7779f604a68cef3baf6b97a0bc5e92b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 06 Nov 2022 22:23:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
200 OK 279 B IP
Hash 7bb75cda180838bb141d84bc6237047c
3bfc21e05d99392259a744b8b6246c4e87c121f4
97b56f9370203a7d906a51562dc75f23414138e8d82423410bce14ac5c1fcca2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4994
Cache-Control: max-age=118837
Content-Type: application/ocsp-response
Date: Sun, 06 Nov 2022 22:23:51 GMT
Etag: "63674daa-117"
Expires: Tue, 08 Nov 2022 07:24:28 GMT
Last-Modified: Sun, 06 Nov 2022 06:01:14 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 279
ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js
200 OK 34 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js
IP
File type ASCII text, with very long lines (32038)
Hash 103708790db3586027df27ded660f8ef
d3f58fbe6e02cb4b8b34c6fd510e011cb325bc70
fdba876856bb6c2783df94cacb0f17b53fe33f1907135539272c0127b4270ffe
GET /ajax/libs/jquery/1.11.3/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33507
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 03 Nov 2022 10:22:54 GMT
expires: Fri, 03 Nov 2023 10:22:54 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 302457
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 754 B IP
Hash fe2cb051e7299b351a0e4fb3d742a64f
9cbc53e8f9625d8b112d34c12279f8c31579b5da
cb76abb19971b088e17db1fb1e878da587bc3d5f814a1899f6c45180c1323214
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6475
Cache-Control: max-age=162052
Content-Type: application/ocsp-response
Date: Sun, 06 Nov 2022 22:23:51 GMT
Etag: "6367f0b0-118"
Expires: Tue, 08 Nov 2022 19:24:43 GMT
Last-Modified: Sun, 06 Nov 2022 17:36:48 GMT
Server: ECS (amb/6B77)
X-Cache: HIT
Content-Length: 280
app.logictree.co/d/.js?lpref=https%3A%2F%2Ftu01.net%2F&lpurl=https%3A%2F%2Fsecure.clicktaphoverpush.monster%2Flp%2Fredirect%2Fmred2%2F%3Fvsv%3DUTS%26vl%3D1%26vlink%3Dapp.logictree.co%26bb%3D1%26model%3DDesktop%26brand%3DDesktop%26isp%3DBlix%2520Group%2520AS%26city%3DOslo%26country%3DNO%26spushon%3Dy%26spushid%3Dxd%26cep%3D8CzN8276hu5PVJ1Fwqp-wDMRUZaj03xC22KOdXqNGCBacTRtBnpi_kN-WvLjGguY6C5BTLeaYYuRFtFbdxRBsmWFqREShRs76knoHZ4Ip7qYrgUar7ddqykQOApvwJEuc3VKWfbgjMZsvIqCc2Z5REZLU_pJ5diYcn5ss1p5M5vvruFRDzr-2fh_tU3qK1_UlfiohH2Cj8VNsfJ5LhvTHgzSSqG7n1ZiuAdkY3A-9lHSfbIX2g3gOdFnEwlAj8N4FGGdBWuuXuXzDTbS89gxLo8i2xWU27aA1TOkGF31yjCHPDQDavE90qkjX7-eALofVgBEs8KIChHDfZfoaCTv0GrmQSO7MJXeOJLFCa5kgKq7d8VFpzSwFl7-MsDqBeVpFWDj6QoVMz5jbPavQ_3k2YGcyVNkN1WEIla5RifDAVU%26lptoken%3D16ad67ea77c2527a304c%26s6%3D6%26s7%3DTINY&lpt=You%27ve%20got%20(1)...&vtm=1667773429321
200 OK 3.2 kB URL HTTP/2 app.logictree.co/d/.js?lpref=https%3A%2F%2Ftu01.net%2F&lpurl=https%3A%2F%2Fsecure.clicktaphoverpush.monster%2Flp%2Fredirect%2Fmred2%2F%3Fvsv%3DUTS%26vl%3D1%26vlink%3Dapp.logictree.co%26bb%3D1%26model%3DDesktop%26brand%3DDesktop%26isp%3DBlix%2520Group%2520AS%26city%3DOslo%26country%3DNO%26spushon%3Dy%26spushid%3Dxd%26cep%3D8CzN8276hu5PVJ1Fwqp-wDMRUZaj03xC22KOdXqNGCBacTRtBnpi_kN-WvLjGguY6C5BTLeaYYuRFtFbdxRBsmWFqREShRs76knoHZ4Ip7qYrgUar7ddqykQOApvwJEuc3VKWfbgjMZsvIqCc2Z5REZLU_pJ5diYcn5ss1p5M5vvruFRDzr-2fh_tU3qK1_UlfiohH2Cj8VNsfJ5LhvTHgzSSqG7n1ZiuAdkY3A-9lHSfbIX2g3gOdFnEwlAj8N4FGGdBWuuXuXzDTbS89gxLo8i2xWU27aA1TOkGF31yjCHPDQDavE90qkjX7-eALofVgBEs8KIChHDfZfoaCTv0GrmQSO7MJXeOJLFCa5kgKq7d8VFpzSwFl7-MsDqBeVpFWDj6QoVMz5jbPavQ_3k2YGcyVNkN1WEIla5RifDAVU%26lptoken%3D16ad67ea77c2527a304c%26s6%3D6%26s7%3DTINY&lpt=You%27ve%20got%20(1)...&vtm=1667773429321
IP
File type ASCII text, with very long lines (1134)
Hash 5a5185365cf9109327257ae80db5b321
c99746fcaa828511ffe0ff09e1724ea77ce2417d
24831d87e0864b133e64c75211bba9c6da556c117c3ce5df76928ca291752e55
GET /d/.js?lpref=https%3A%2F%2Ftu01.net%2F&lpurl=https%3A%2F%2Fsecure.clicktaphoverpush.monster%2Flp%2Fredirect%2Fmred2%2F%3Fvsv%3DUTS%26vl%3D1%26vlink%3Dapp.logictree.co%26bb%3D1%26model%3DDesktop%26brand%3DDesktop%26isp%3DBlix%2520Group%2520AS%26city%3DOslo%26country%3DNO%26spushon%3Dy%26spushid%3Dxd%26cep%3D8CzN8276hu5PVJ1Fwqp-wDMRUZaj03xC22KOdXqNGCBacTRtBnpi_kN-WvLjGguY6C5BTLeaYYuRFtFbdxRBsmWFqREShRs76knoHZ4Ip7qYrgUar7ddqykQOApvwJEuc3VKWfbgjMZsvIqCc2Z5REZLU_pJ5diYcn5ss1p5M5vvruFRDzr-2fh_tU3qK1_UlfiohH2Cj8VNsfJ5LhvTHgzSSqG7n1ZiuAdkY3A-9lHSfbIX2g3gOdFnEwlAj8N4FGGdBWuuXuXzDTbS89gxLo8i2xWU27aA1TOkGF31yjCHPDQDavE90qkjX7-eALofVgBEs8KIChHDfZfoaCTv0GrmQSO7MJXeOJLFCa5kgKq7d8VFpzSwFl7-MsDqBeVpFWDj6QoVMz5jbPavQ_3k2YGcyVNkN1WEIla5RifDAVU%26lptoken%3D16ad67ea77c2527a304c%26s6%3D6%26s7%3DTINY&lpt=You%27ve%20got%20(1)...&vtm=1667773429321 HTTP/1.1
Host: app.logictree.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 06 Nov 2022 22:23:51 GMT
content-type: application/javascript;charset=UTF-8
content-length: 3162
access-control-allow-origin: *
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash 6f642067f3f53e7afdb0ba3b4566692b
ce7e9cc1a03b361ee1f816b478341659f59a819e
977d2102566e465e112bcdddbefd589a56f1866590721ba5fee049e94404790b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2594
Cache-Control: max-age=139090
Content-Type: application/ocsp-response
Date: Sun, 06 Nov 2022 22:23:51 GMT
Etag: "6367a627-1d7"
Expires: Tue, 08 Nov 2022 13:02:01 GMT
Last-Modified: Sun, 06 Nov 2022 12:18:47 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 471
connect.facebook.net/en_US/sdk.js
200 OK 1.7 kB URL HTTP/2 connect.facebook.net/en_US/sdk.js
IP
File type ASCII text, with very long lines (1961)
Hash 74e4782381b81404ee7ef54554fee6ea
278fc988e5d80aebfd97355c109613c66013a109
a2ee629ff68cc60664ca311a1f9b19ab81bcafaf6dbc72de3cf2258fd96ad65d
GET /en_US/sdk.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://secure.clicktaphoverpush.monster
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: b79e3dc7ce1fdb8133d7d2bf838e2077
etag: "1f9e85123b3ca3dd950c08764090bd3e"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Sun, 06 Nov 2022 22:28:32 GMT
cache-control: public,max-age=1200,stale-while-revalidate=3600
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-fb-rlafr: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: dOR4I4G4FATufvVFVP7m6g==
x-fb-debug: h9sRSKoCqK8bwb/g7qU/fNj61HSRbvCgLxnQKNOuvkxa6/BbgQVYE6lrb6fkH7mJuuMqR2d97mu0Ic8y74D+Ig==
priority: u=3,i
content-length: 1685
x-fb-trip-id: 1904183273
date: Sun, 06 Nov 2022 22:23:51 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 280 B IP
Hash b6f58ffb73fb6d3db829295e9b9199a3
d140784fa4f70c8ece31f26b13f60af95b2da479
2ace2d1c6305792eb234eec27c1dbe9a75b54e0037edb2a4fd4b941ac3e6a11c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5350
Cache-Control: max-age=160927
Content-Type: application/ocsp-response
Date: Sun, 06 Nov 2022 22:23:51 GMT
Etag: "6367f0b0-118"
Expires: Tue, 08 Nov 2022 19:05:58 GMT
Last-Modified: Sun, 06 Nov 2022 17:36:48 GMT
Server: ECS (amb/6BA3)
X-Cache: HIT
Content-Length: 280
ocsp.digicert.com/
200 OK 471 B IP
Hash 6f642067f3f53e7afdb0ba3b4566692b
ce7e9cc1a03b361ee1f816b478341659f59a819e
977d2102566e465e112bcdddbefd589a56f1866590721ba5fee049e94404790b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2594
Cache-Control: max-age=139090
Content-Type: application/ocsp-response
Date: Sun, 06 Nov 2022 22:23:51 GMT
Etag: "6367a627-1d7"
Expires: Tue, 08 Nov 2022 13:02:01 GMT
Last-Modified: Sun, 06 Nov 2022 12:18:47 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 471
connect.facebook.net/en_US/sdk.js?hash=ebcfa41b14cd79b668ffa5b24d47064e
200 OK 88 kB URL HTTP/2 connect.facebook.net/en_US/sdk.js?hash=ebcfa41b14cd79b668ffa5b24d47064e
IP
File type ASCII text, with very long lines (18530)
Hash e31a3786ba54a42088a72ea9524cf094
eb29ea982a694407cf48af8d71fd9625b2501e2e
cd1c9958a227f05b50aa8ef32de698f20df6eb0ad6caaeab3ef24d59bdb719d9
GET /en_US/sdk.js?hash=ebcfa41b14cd79b668ffa5b24d47064e HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://secure.clicktaphoverpush.monster
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: 3c6e37081ab2092bc9fc95450b17169a
etag: "c4ae07c1a4d4927fd1a4b1ec96ed35f8"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Mon, 06 Nov 2023 21:19:46 GMT
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-fb-rlafr: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: 4xo3hrpUpCCIpy6pUkzwlA==
x-fb-debug: 5W21nam7Bhs3DegyUWjy9Egb/lt06zohaBSntQ1NDF/4SEO4kgje5d6O+4pXqYmTIy8VlywEGcpEbH/AYpZHYg==
priority: u=3,i
content-length: 88352
x-fb-trip-id: 1904183273
date: Sun, 06 Nov 2022 22:23:51 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 3bf1a5e65cd048b761eac5cb0b52048a
f64cface851717dee160a5c6fad975cc34fe4cd2
8b849bbe5d73c02bd82c39e5970ef02d46bf36ccfed31b51db437d85d12c004b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8B849BBE5D73C02BD82C39E5970EF02D46BF36CCFED31B51DB437D85D12C004B"
Last-Modified: Sat, 05 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7910
Expires: Mon, 07 Nov 2022 00:35:41 GMT
Date: Sun, 06 Nov 2022 22:23:51 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 3bf1a5e65cd048b761eac5cb0b52048a
f64cface851717dee160a5c6fad975cc34fe4cd2
8b849bbe5d73c02bd82c39e5970ef02d46bf36ccfed31b51db437d85d12c004b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8B849BBE5D73C02BD82C39E5970EF02D46BF36CCFED31B51DB437D85D12C004B"
Last-Modified: Sat, 05 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7910
Expires: Mon, 07 Nov 2022 00:35:41 GMT
Date: Sun, 06 Nov 2022 22:23:51 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 3bf1a5e65cd048b761eac5cb0b52048a
f64cface851717dee160a5c6fad975cc34fe4cd2
8b849bbe5d73c02bd82c39e5970ef02d46bf36ccfed31b51db437d85d12c004b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8B849BBE5D73C02BD82C39E5970EF02D46BF36CCFED31B51DB437D85D12C004B"
Last-Modified: Sat, 05 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7910
Expires: Mon, 07 Nov 2022 00:35:41 GMT
Date: Sun, 06 Nov 2022 22:23:51 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1257248e-fe28-4957-b9ab-69ac80322250.jpeg
200 OK 9.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1257248e-fe28-4957-b9ab-69ac80322250.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 247a287e6f9c64b82090a10f9dcc67ce
2920c3a58ecf25799069c33cf304edbb6bc03e90
3c4452c5e175ffdb68cf2ebe9dc83560eed52f11cd456fea4a4ad0001f950280
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1257248e-fe28-4957-b9ab-69ac80322250.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9187
x-amzn-requestid: 268dc5ff-71b7-4570-8104-0647250cef4c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bGXhrGsZoAMF4MQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63659fa4-487e71380605f6e16bc05e28;Sampled=0
x-amzn-remapped-date: Fri, 04 Nov 2022 23:26:28 GMT
x-amz-cf-pop: SEA73-P2, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Kf6GV5vE8xIBFwFhV4WOYkEOMawiiKvcrB9XIAQWa-xo43PDlNYVCw==
via: 1.1 a4479a6315f90864adc6175b280f8f44.cloudfront.net (CloudFront), 1.1 5954c6394458ffb44c970b3819d7ff2a.cloudfront.net (CloudFront), 1.1 google
date: Sun, 06 Nov 2022 22:08:08 GMT
age: 943
etag: "2920c3a58ecf25799069c33cf304edbb6bc03e90"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6db454c-443b-4ca6-982a-3856bcc96e03.jpeg
200 OK 6.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6db454c-443b-4ca6-982a-3856bcc96e03.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 261f11f1f3c32679559e7ca92868bca9
0cb101f9081261eaadc55593acedeae23a530114
15e6d3cb9b100bce9ebcc537939f56703f6a9018bcbcc76bebc2cdac1b92f363
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6db454c-443b-4ca6-982a-3856bcc96e03.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6907
x-amzn-requestid: b6f67609-796a-4beb-b51b-e241fb4f7b13
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bMtWGE3yIAMF1FA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636828f3-6520fdac16744a3d237d0746;Sampled=0
x-amzn-remapped-date: Sun, 06 Nov 2022 21:36:51 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: aUSHiMT32vMGNU5X5-Fhc1lmupDInrskYk-Fv8ktDOjsA2o27xEpiw==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 1481cc55c02c3a782ad420b6bac2cb32.cloudfront.net (CloudFront), 1.1 google
date: Sun, 06 Nov 2022 21:48:24 GMT
age: 2127
etag: "0cb101f9081261eaadc55593acedeae23a530114"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F100d1c51-b2c7-40d5-bd34-a37c21b8252d.jpeg
200 OK 9.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F100d1c51-b2c7-40d5-bd34-a37c21b8252d.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c0a079a6dfb70fb2a2d6b5aff7103f73
55ffd5d6cb8074bdbdb8d06719119021bc81aeab
196ffd4e5245355c1c5d67f49b28200630ccfe1e4ebaa7280154b7adaf39b18f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F100d1c51-b2c7-40d5-bd34-a37c21b8252d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9435
x-amzn-requestid: 7c39c00f-1362-44c1-9628-749045e542b4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bEIU9G5gIAMFzZA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6364ba85-57fbfb872251c37f4137b262;Sampled=0
x-amzn-remapped-date: Fri, 04 Nov 2022 07:08:53 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: GaFmcnh2vF0lCj_QPQ7SAIT_UzHHyr8UaHa-R_ifuZsX7quU0mBJ9Q==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Sun, 06 Nov 2022 19:49:42 GMT
age: 9249
etag: "55ffd5d6cb8074bdbdb8d06719119021bc81aeab"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa958db65-71f7-4c79-9753-9af1fe88477b.jpeg
200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa958db65-71f7-4c79-9753-9af1fe88477b.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7a5e060b41bd5313b1cf828c1d5ecbcc
e63e4bee84953491236a8261ef07b5a4743fa891
e8750b0156ed980f11682d92f5c60ce2783518b37f156e74340617a74d826813
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa958db65-71f7-4c79-9753-9af1fe88477b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13224
x-amzn-requestid: d6c8a626-313d-4add-9467-eb946a38262a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: a9iPHEkgoAMF1Og=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6362172d-1be7a03a1b288dec56281915;Sampled=0
x-amzn-remapped-date: Wed, 02 Nov 2022 07:07:25 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: R2vHbrKm_n2kWK3bG4htWAIqi1YNjNjaX8LG5AWWHPlKnaWi6JAGzA==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Sun, 06 Nov 2022 15:14:16 GMT
age: 25775
etag: "e63e4bee84953491236a8261ef07b5a4743fa891"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6fadd94-b1a4-4bdc-bcf4-b6bade4840a0.jpeg
200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6fadd94-b1a4-4bdc-bcf4-b6bade4840a0.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4e2853cc6ec6223160471401e6871f4b
f052e1f8b2bf4a8eeecfa5b82e27ada1b7719a0c
bf4b9145ea043d87a30fd3aeeae21a1a0aa27004cd2467e7aa843bc894ae1f60
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6fadd94-b1a4-4bdc-bcf4-b6bade4840a0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10462
x-amzn-requestid: 6dc7dc5c-88e9-4550-abf0-f16965ab7cd3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bF_38GKXoAMFwSA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636579cc-28ea4125437c31cc34683fb7;Sampled=0
x-amzn-remapped-date: Fri, 04 Nov 2022 20:45:00 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: cLOqm36ioY751X1yA1WcQpaXiFYuvzFn8xLQ56MyDTpvi1J4Ruvc9Q==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Sun, 06 Nov 2022 06:27:59 GMT
age: 57352
etag: "f052e1f8b2bf4a8eeecfa5b82e27ada1b7719a0c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F546ab5b1-f588-4ce7-97f3-29ce7fbebad3.jpeg
200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F546ab5b1-f588-4ce7-97f3-29ce7fbebad3.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 200c49edab8c82958daf311146d431ba
7f52cb1318b16f59ca6df0d1c810b567a799073a
8870497d5784f369cef169b2dbd61f4b431e31853441ec8d4e739955acd9a6ec
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F546ab5b1-f588-4ce7-97f3-29ce7fbebad3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10695
x-amzn-requestid: 6fb6f603-98d6-40ee-9ed8-a247c8e14b2e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bMtUrGX4IAMF-Gw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636828ea-538fda19613b37ef48bd05e9;Sampled=0
x-amzn-remapped-date: Sun, 06 Nov 2022 21:36:42 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: b0mTHmrtfFJ5e818kIzVDDgaHaGP3eBBp_IKcRzuBH-UjwY9ygJeEA==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 5954c6394458ffb44c970b3819d7ff2a.cloudfront.net (CloudFront), 1.1 google
date: Sun, 06 Nov 2022 21:39:11 GMT
age: 2680
etag: "7f52cb1318b16f59ca6df0d1c810b567a799073a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
event.trk-consulatu.com/register/event_log/57dkkl59dw
200 OK 0 B URL HTTP/2 event.trk-consulatu.com/register/event_log/57dkkl59dw
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /register/event_log/57dkkl59dw HTTP/1.1
Host: event.trk-consulatu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://secure.clicktaphoverpush.monster
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 06 Nov 2022 22:23:52 GMT
content-length: 0
access-control-allow-headers: content-type
access-control-expose-headers: Authorization, Link, X-Total-Count
access-control-allow-origin: https://secure.clicktaphoverpush.monster
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-max-age: 1800
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JqrJgpw%2FkFFRXXh3HfyFJB5oWCxn%2FIq0ejlu0uhuoqNaq3PVPPw2qPBVvPat5TzMlvncaOBnv1nJRLkTGhF3gn4KEYzTrq279ggTF8brTDtx1bLvZR1CPa%2Fjo5h%2FLLbKtx5slR1mVGS70Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76613c6fbfc276b7-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
event.trk-consulatu.com/register/event_log/57dkkl59dw
200 OK 0 B URL HTTP/2 event.trk-consulatu.com/register/event_log/57dkkl59dw
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /register/event_log/57dkkl59dw HTTP/1.1
Host: event.trk-consulatu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://secure.clicktaphoverpush.monster
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 06 Nov 2022 22:23:52 GMT
content-length: 0
access-control-allow-headers: content-type
access-control-expose-headers: Authorization, Link, X-Total-Count
access-control-allow-origin: https://secure.clicktaphoverpush.monster
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-max-age: 1800
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BYxlRaaa2%2BVs7xhd9yxvKbSv5KLQGNCPP7LobBpadQnzyWfXI8JVEY%2Fi8FQraC7ids8IUA12IIUVWLD4Cyz1pdxTFzN4f9yHQiKGrlnBcoTErdO%2B46FPGUehyja3xeasNVGRWBydYZbJqQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76613c6fbfc476b7-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
event.trk-consulatu.com/register/event_log/57dkkl59dw
200 OK 0 B URL HTTP/2 event.trk-consulatu.com/register/event_log/57dkkl59dw
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /register/event_log/57dkkl59dw HTTP/1.1
Host: event.trk-consulatu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/json
Origin: https://secure.clicktaphoverpush.monster
Content-Length: 148
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 06 Nov 2022 22:23:52 GMT
content-length: 0
expires: 0
cache-control: no-cache, no-store, max-age=0, must-revalidate
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
x-pushplatformapp-params:
content-security-policy: default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src https://* data:; font-src 'self' data:
x-pushplatformapp-alert: pushPlatformApp.pushSubscription.deleted
x-frame-options: DENY
access-control-expose-headers: Authorization, Link, X-Total-Count
access-control-allow-origin: https://secure.clicktaphoverpush.monster
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
access-control-allow-credentials: true
x-content-type-options: nosniff
feature-policy: geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; fullscreen 'self'; payment 'none'
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4Uck3z9hGFFVCoJvUKSwM6UQhunzEdE%2FQW1oVPFXT553IXfDC5vzP0eCbcEtEJpcPjJEOLigeLThVjKXy%2Fj4Klne6xsevtGj2Tl5o%2BmhXvN%2FzgWSgyJVgSfQ2IsAkIWEOkJIX7QkazNV9w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76613c70d9d676b7-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
event.trk-consulatu.com/register/event_log/57dkkl59dw
200 OK 0 B URL HTTP/2 event.trk-consulatu.com/register/event_log/57dkkl59dw
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /register/event_log/57dkkl59dw HTTP/1.1
Host: event.trk-consulatu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/json
Origin: https://secure.clicktaphoverpush.monster
Content-Length: 109
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 06 Nov 2022 22:23:52 GMT
content-length: 0
expires: 0
cache-control: no-cache, no-store, max-age=0, must-revalidate
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
x-pushplatformapp-params:
content-security-policy: default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src https://* data:; font-src 'self' data:
x-pushplatformapp-alert: pushPlatformApp.pushSubscription.deleted
x-frame-options: DENY
access-control-expose-headers: Authorization, Link, X-Total-Count
access-control-allow-origin: https://secure.clicktaphoverpush.monster
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
access-control-allow-credentials: true
x-content-type-options: nosniff
feature-policy: geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; fullscreen 'self'; payment 'none'
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a79AeZ5E14V7r9lywGE18McqHrWCPBCvfKMqo1B%2FsQEIlhhtamVSDCX4jU4BJPMpzDPCYb%2BKkoqHFwh9K1nJHyYSJVcHngCP1xz2U6RHJQ30oxOd8KoMfDWYDMObavQMDz5HBBgOh36%2B%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76613c70e9d976b7-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.googleapis.com/css2?family=Lato:wght@400;700;700i&display=swap
400 Bad Request 0 B URL HTTP/2 fonts.googleapis.com/css2?family=Lato:wght@400;700;700i&display=swap
IP
GET /css2?family=Lato:wght@400;700;700i&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 400 Bad Request
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 06 Nov 2022 22:23:51 GMT
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.facebook.com/v8.0/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df761ab0dc955e%26domain%3Dsecure.clicktaphoverpush.monster%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fsecure.clicktaphoverpush.monster%252Ff3dad1687e1804e%26relation%3Dparent.parent&container_width=1264&href=https%3A%2F%2Fsecure.recoveringcasesupdate.site%2Flp%2Fredirect%2Fmred2%2F&layout=button&locale=en_US&sdk=joey&size=large
200 OK 0 B URL HTTP/2 www.facebook.com/v8.0/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df761ab0dc955e%26domain%3Dsecure.clicktaphoverpush.monster%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fsecure.clicktaphoverpush.monster%252Ff3dad1687e1804e%26relation%3Dparent.parent&container_width=1264&href=https%3A%2F%2Fsecure.recoveringcasesupdate.site%2Flp%2Fredirect%2Fmred2%2F&layout=button&locale=en_US&sdk=joey&size=large
IP
GET /v8.0/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df761ab0dc955e%26domain%3Dsecure.clicktaphoverpush.monster%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fsecure.clicktaphoverpush.monster%252Ff3dad1687e1804e%26relation%3Dparent.parent&container_width=1264&href=https%3A%2F%2Fsecure.recoveringcasesupdate.site%2Flp%2Fredirect%2Fmred2%2F&layout=button&locale=en_US&sdk=joey&size=large HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: br
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
facebook-api-version: v8.0
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: k1Vu3iePD8IjjDX7gXVtEWFVkXzpwfNmUjkvkVTYE67Wob18oiHNt5JI6BLEb7E9zXZZeOvXKBGsWvQ2zdu6bA==
date: Sun, 06 Nov 2022 22:23:51 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
apidata.info/js
200 OK 0 B IP
GET /js HTTP/1.1
Host: apidata.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tu01.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 06 Nov 2022 22:23:50 GMT
content-type: application/javascript;charset=UTF-8
access-control-allow-origin: *
access-control-allow-methods: POST, GET
access-control-max-age: 3600
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WtPgIfBsMVmbyGkYPGroaSetyVFiQW9sXIdr07UoJ9dUU1b61iTcMX0x02dzki%2F1TMXY5hX07hgpnnvOAw0Psl8Gbsai7jX9N5SNxkatmTTX1RIzRe8Nl4Jr6BEqEwg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: __cflb=02DiuGQ4mUqJj6izyopp8yhqksk2KbwnvHELJyNK1tzsv; SameSite=Lax; path=/; expires=Mon, 07-Nov-22 21:23:50 GMT; HttpOnly
server: cloudflare
cf-ray: 76613c6388820b06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
maxcdn.bootstrapcdn.com/font-awesome/4.4.0/css/font-awesome.min.css
200 OK 0 B URL HTTP/2 maxcdn.bootstrapcdn.com/font-awesome/4.4.0/css/font-awesome.min.css
IP
GET /font-awesome/4.4.0/css/font-awesome.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 06 Nov 2022 22:23:51 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
cdn-cachedat: 12/13/2021 21:25:06
cdn-proxyver: 1.02
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 632
cdn-status: 200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-requestid: 8ac87b10825a6871d9cd076fc3a23e4f
cdn-cache: HIT
cf-cache-status: HIT
age: 13220183
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 76613c692e010b45-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
trk-consulatu.com/scripts/push/script/z0grz0mex9?url=secure.clicktaphoverpush.monster&alturl=/lp/redirect/mred2/
200 OK 0 B URL HTTP/2 trk-consulatu.com/scripts/push/script/z0grz0mex9?url=secure.clicktaphoverpush.monster&alturl=/lp/redirect/mred2/
IP
GET /scripts/push/script/z0grz0mex9?url=secure.clicktaphoverpush.monster&alturl=/lp/redirect/mred2/ HTTP/1.1
Host: trk-consulatu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 06 Nov 2022 22:23:51 GMT
content-type: application/javascript;charset=UTF-8
expires: 0
cache-control: no-cache, no-store, max-age=0, must-revalidate
x-xss-protection: 1; mode=block
pragma: no-cache
x-frame-options: DENY
referrer-policy: strict-origin-when-cross-origin
content-security-policy: default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src https://* data:; font-src 'self' data:
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-content-type-options: nosniff
feature-policy: geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; fullscreen 'self'; payment 'none'
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a9oi5zExN%2BirXq6QXvVCIb1gOhXWU8JZ%2FkJ0nKGJg83OZdchOLj0z1%2FOpoXBV4grBm4NZNsSplPNA0Lh52O8lpgafoBaX13MBi1jGEdqxb%2BYFY3ddCA2zOemgO%2BElYxSw6ZfUg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76613c6b595388a3-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
172.67.223.96
31.13.72.12
104.21.84.160
23.36.76.226
18.158.88.249
93.184.220.29