uk.userwww.pcukhgdn8yr.firedmeupppzs.com/it
173.239.5.6302 Moved Temporarily 145 B URL HTTP/1.1 uk.userwww.pcukhgdn8yr.firedmeupppzs.com/it
IP 173.239.5.6:0
ASN #27257 WEBAIR-INTERNET
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash ca35f86083c327b09ec3df0adfe284e7
bd680276bffaf6fdb304657003d51a74b5c2f998
84c1fdfe0e68e2ed14b46fd867e91688936072ad51471ea9fa0c7616480ab912
Analyzer Verdict Alert fortinet Malware
GET /it HTTP/1.1
Host: uk.userwww.pcukhgdn8yr.firedmeupppzs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Moved Temporarily
Server: nginx/1.20.1
Date: Thu, 29 Dec 2022 02:00:52 GMT
Content-Type: text/html
Content-Length: 145
Connection: keep-alive
Location: http://uk.userwww.pcukhgdn8yr.firedmeupppzs.com/
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 259d3eba2ac4ea32f0410a59bd01c18a
ab02cd69e6c04e3842ad1778fb0daa6d0e86fddc
0d6ec941dac6d97a0b24c0cf00a5642a4edda68ae5ec8b3019d1ec05f40d2281
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0D6EC941DAC6D97A0B24C0CF00A5642A4EDDA68AE5EC8B3019D1EC05F40D2281"
Last-Modified: Tue, 27 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11581
Expires: Thu, 29 Dec 2022 05:13:53 GMT
Date: Thu, 29 Dec 2022 02:00:52 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e717435470c9f4f06b174d7100c6a98f
292150251495b243c384e0c676a258597ba7f4d8
91ce8257662cb8cea9cc3c74cda1d95dba421daa466b0ac231fa433e0c58e6c6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "91CE8257662CB8CEA9CC3C74CDA1D95DBA421DAA466B0AC231FA433E0C58E6C6"
Last-Modified: Tue, 27 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3021
Expires: Thu, 29 Dec 2022 02:51:13 GMT
Date: Thu, 29 Dec 2022 02:00:52 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 29 Dec 2022 01:46:49 GMT
content-type: application/json
age: 843
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b2d59bdbb1ca6324590988ec031cf1fc
bfd4e25af37dcde4bac38d9b178c5ac8e50f8834
cef2180120ef42ff09d54577229c058d41d2c569d485f5a6dcfadc74bf8aa647
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CEF2180120EF42FF09D54577229C058D41D2C569D485F5A6DCFADC74BF8AA647"
Last-Modified: Mon, 26 Dec 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6368
Expires: Thu, 29 Dec 2022 03:47:00 GMT
Date: Thu, 29 Dec 2022 02:00:52 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash b1fcd419a4245617397846e8d17233f6
2a037ce244587640b27ead9a0ec2af4f862d91b2
e059b6d834c06e58494c43fb2ff42acbc27c1a1d8f7f30e2f32ca0e167599e2f
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: YQOdXZDSX1CEr5Ojn+5/ruS6WnxmTtChGP2a0a3nL3kpwcmkvs+z0l/WDNTmE3kMTL3edPktLog=
x-amz-request-id: JXWEXVZ44B6QRK3Q
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 29 Dec 2022 01:58:34 GMT
age: 138
last-modified: Tue, 20 Dec 2022 14:47:58 GMT
etag: "b1fcd419a4245617397846e8d17233f6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
uk.userwww.pcukhgdn8yr.firedmeupppzs.com/
173.239.5.6200 OK 249 B URL HTTP/1.1 uk.userwww.pcukhgdn8yr.firedmeupppzs.com/
IP 173.239.5.6:0
ASN #27257 WEBAIR-INTERNET
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 0b9d0491305b5be261051b77b77bbd5f
e62f1b10b390e6a92b1af6d763889e8c9719b0bd
6c98980d917ee292e56b34d23c756c1c4488c19174f189ddef527a24f4145e32
GET / HTTP/1.1
Host: uk.userwww.pcukhgdn8yr.firedmeupppzs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 29 Dec 2022 02:00:52 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 29 Dec 2022 02:00:52 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
uk.userwww.pcukhgdn8yr.firedmeupppzs.com/favicon.ico
173.239.5.6404 Not Found 114 B URL HTTP/1.1 uk.userwww.pcukhgdn8yr.firedmeupppzs.com/favicon.ico
IP 173.239.5.6:0
ASN #27257 WEBAIR-INTERNET
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4dda89292ffda632595d8e4040ef07c8
55c26cf87340555b3c09ba932bbabfc066a8d0ea
2615795f2aaccceaee3a5a92bcb488c122aed8a152f042633e41657fff9f7278
GET /favicon.ico HTTP/1.1
Host: uk.userwww.pcukhgdn8yr.firedmeupppzs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://uk.userwww.pcukhgdn8yr.firedmeupppzs.com/
HTTP/1.1 404 Not Found
Server: nginx/1.20.1
Date: Thu, 29 Dec 2022 02:00:53 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Pragma, Alert, ETag, Content-Type, Last-Modified, Cache-Control, Expires, Content-Length, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 29 Dec 2022 01:08:08 GMT
age: 3165
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 125553386d49a0b56facb82deab9bd9f
1a7480b79f4aada477fb5919794f6efd6d44921e
6f3f4223d3c994dd4754df67a11298d736e16f888f301ad2838d0b4db1ac01d7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2246
Cache-Control: max-age=114200
Content-Type: application/ocsp-response
Date: Thu, 29 Dec 2022 02:00:53 GMT
Etag: "63ac0727-1d7"
Expires: Fri, 30 Dec 2022 09:44:13 GMT
Last-Modified: Wed, 28 Dec 2022 09:06:47 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471
firedmeupppzs.com/
173.239.8.164200 OK 157 B IP 173.239.8.164:0
ASN #27257 WEBAIR-INTERNET
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 3b5a36714038c753481e99116ad8b91c
7264edd3194f5e76951c2a9f3d0c9bcfb82c2cd9
7b7dcbe640b24a10407abaa378e9969d2732efda5f81a5af501a86bad2cfd643
NIDS Severity Alert suricata medium ET ADWARE_PUP Win32/Zonebac Traffic Redirect
POST / HTTP/1.1
Host: firedmeupppzs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 12
Origin: http://uk.userwww.pcukhgdn8yr.firedmeupppzs.com
Connection: keep-alive
Referer: http://uk.userwww.pcukhgdn8yr.firedmeupppzs.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 29 Dec 2022 02:00:53 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
firedmeupppzs.com/favicon.ico
173.239.8.164404 Not Found 114 B URL HTTP/1.1 firedmeupppzs.com/favicon.ico
IP 173.239.8.164:0
ASN #27257 WEBAIR-INTERNET
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4dda89292ffda632595d8e4040ef07c8
55c26cf87340555b3c09ba932bbabfc066a8d0ea
2615795f2aaccceaee3a5a92bcb488c122aed8a152f042633e41657fff9f7278
GET /favicon.ico HTTP/1.1
Host: firedmeupppzs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://firedmeupppzs.com/
Connection: keep-alive
HTTP/1.1 404 Not Found
Server: nginx/1.20.1
Date: Thu, 29 Dec 2022 02:00:53 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
push.services.mozilla.com/
54.203.75.56101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.203.75.56:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: F+w0aHh2QbpdPHlokLbP2w==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: QIjk5Q9D+GDcpmKEqKn9UtIb/2s=
ww9.firedmeupppzs.com/
76.223.26.96200 OK 5.7 kB IP 76.223.26.96:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2487)
Hash 32342d5ba3ec995014be9b615d4ec59e
fab165b54ed9e6d928d2290200d2977e7550b2e0
4284936d5172c32947e383135aa12bad83ea40ed8992a9b8d6a959f59a4f86d5
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: ww9.firedmeupppzs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://firedmeupppzs.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Thu, 29 Dec 2022 02:00:53 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Buckets: bucket103
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_sQYsoaMNk31nuPGw/t5cyFZDOLqXpv6e1O/mo3N0B9RlNdl3I1WdVsIwhTv7u8H5yspEkf9GwvReJW94Lmk/IA==
X-Template: tpl_CleanPeppermintBlack_twoclick
X-Language: norwegian
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Content-Encoding: gzip
www.google.com/adsense/domains/caf.js
142.250.74.132200 OK 54 kB URL HTTP/1.1 www.google.com/adsense/domains/caf.js
IP 142.250.74.132:0
File type ASCII text, with very long lines (1885)
Hash d61d5848e781103065d5bca54bb2f5d3
0c1410cc40187c59ff57497a601bc5a0914b94ba
f07be716e8073ec4f47c14978e5bb3d2ab7905d9f012131dd848e158fb41df78
GET /adsense/domains/caf.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww9.firedmeupppzs.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Type: text/javascript; charset=UTF-8
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="ads-afs-ui"
Report-To: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
Date: Thu, 29 Dec 2022 02:00:53 GMT
Expires: Thu, 29 Dec 2022 02:00:53 GMT
Cache-Control: private, max-age=3600
ETag: "9096543464630205400"
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: sffe
X-XSS-Protection: 0
d38psrni17bvxu.cloudfront.net/scripts/maincaf.js
54.230.245.22200 OK 7.0 kB URL HTTP/1.1 d38psrni17bvxu.cloudfront.net/scripts/maincaf.js
IP 54.230.245.22:0
File type ASCII text, with very long lines (316)
Hash 3c7567521347bf95b105ffa7fdc7da86
08739adacbf1300c74d8ae1cf100d00d9fbd0e5f
0e32bca6b67dfdeed3f9b988ddcec1adf0502549a130a78c4ace64c318a7ea29
GET /scripts/maincaf.js HTTP/1.1
Host: d38psrni17bvxu.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww9.firedmeupppzs.com/
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 7006
Connection: keep-alive
Server: nginx
Date: Wed, 28 Dec 2022 02:42:00 GMT
Last-Modified: Tue, 15 Nov 2022 15:10:24 GMT
Accept-Ranges: bytes
ETag: "6373abe0-1b5e"
X-Cache: Hit from cloudfront
Via: 1.1 ab09332bca1a3bd382d2e408f65b98d2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: rTWeSihcorSVQ1i73kHpFabOnet6IDeTRnLN-sY2IcogIJDzfe8-wQ==
Age: 83933
c.parkingcrew.net/scripts/sale_form.js
185.53.178.30200 OK 761 B URL HTTP/1.1 c.parkingcrew.net/scripts/sale_form.js
IP 185.53.178.30:0
Hash 64f809e06446647e192fce8d1ec34e09
5b7ced07da42e205067afa88615317a277a4a82c
f52cbd664986ad7ed6e71c448e2d31d1a16463e4d9b7bca0c6be278649ccc4f3
GET /scripts/sale_form.js HTTP/1.1
Host: c.parkingcrew.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww9.firedmeupppzs.com/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 29 Dec 2022 02:00:54 GMT
Content-Type: application/javascript
Content-Length: 761
Connection: keep-alive
Last-Modified: Tue, 12 May 2020 14:25:52 GMT
ETag: "5ebab1f0-2f9"
Accept-Ranges: bytes
d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/img/arrows.png
54.230.245.22200 OK 11 kB URL HTTP/1.1 d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/img/arrows.png
IP 54.230.245.22:0
File type PNG image data, 1500 x 600, 8-bit colormap, non-interlaced\012- data
Hash 0cb2e5165dc9324eb462199f04e1ffa9
9e0f89847ec8a98d98a6020bc5c4ed32b7a48bf8
67dff0aad873050f12609885f2264417ccdd0d438311000a704c89f0865f7865
GET /themes/cleanPeppermintBlack_657d9013/img/arrows.png HTTP/1.1
Host: d38psrni17bvxu.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww9.firedmeupppzs.com/
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 11375
Connection: keep-alive
Server: nginx
Date: Wed, 28 Dec 2022 02:14:47 GMT
Last-Modified: Thu, 23 Jun 2022 10:44:43 GMT
Accept-Ranges: bytes
ETag: "62b4441b-2c6f"
X-Cache: Hit from cloudfront
Via: 1.1 ab09332bca1a3bd382d2e408f65b98d2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: z6Nut8l2lAL6pQQ69RL3f35DRgD4YccnrL99z_Z-c7QOyYCb6Oj9RQ==
Age: 85567
ww9.firedmeupppzs.com/favicon.ico
76.223.26.96200 OK 0 B URL HTTP/1.1 ww9.firedmeupppzs.com/favicon.ico
IP 76.223.26.96:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: ww9.firedmeupppzs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww9.firedmeupppzs.com/
HTTP/1.1 200 OK
Date: Thu, 29 Dec 2022 02:00:54 GMT
Content-Type: image/x-icon
Content-Length: 0
Connection: keep-alive
Server: nginx
Last-Modified: Tue, 12 May 2020 14:25:52 GMT
ETag: "5ebab1f0-0"
Accept-Ranges: bytes
ww9.firedmeupppzs.com/track.php?domain=firedmeupppzs.com&toggle=browserjs&uid=MTY3MjI3OTI1My44NTY2OjgwZmI5OWQ5Y2NmODFmMzNmZWE0OGY3MjJiMzNhMDEzMzNjYWZmNTZiN2FkYWRmMTA3MjIyMTlkOThiNDA0ZTc6NjNhY2Y0ZDVkMTIxNA%3D%3D
76.223.26.96200 OK 20 B URL HTTP/1.1 ww9.firedmeupppzs.com/track.php?domain=firedmeupppzs.com&toggle=browserjs&uid=MTY3MjI3OTI1My44NTY2OjgwZmI5OWQ5Y2NmODFmMzNmZWE0OGY3MjJiMzNhMDEzMzNjYWZmNTZiN2FkYWRmMTA3MjIyMTlkOThiNDA0ZTc6NjNhY2Y0ZDVkMTIxNA%3D%3D
IP 76.223.26.96:0
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /track.php?domain=firedmeupppzs.com&toggle=browserjs&uid=MTY3MjI3OTI1My44NTY2OjgwZmI5OWQ5Y2NmODFmMzNmZWE0OGY3MjJiMzNhMDEzMzNjYWZmNTZiN2FkYWRmMTA3MjIyMTlkOThiNDA0ZTc6NjNhY2Y0ZDVkMTIxNA%3D%3D HTTP/1.1
Host: ww9.firedmeupppzs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww9.firedmeupppzs.com/
HTTP/1.1 200 OK
Date: Thu, 29 Dec 2022 02:00:54 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Custom-Track: browserjs
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Access-Control-Allow-Origin: *
Content-Encoding: gzip
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 2783127a63c78cb5ac02e1a31631bfca
a26af5a37bbb43d4258282640749ced026ba9560
cfe19d12b6070f9171129591b54bab634d5582e4d8d83e5c1fbe703d873b8366
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CFE19D12B6070F9171129591B54BAB634D5582E4D8D83E5C1FBE703D873B8366"
Last-Modified: Tue, 27 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5434
Expires: Thu, 29 Dec 2022 03:31:28 GMT
Date: Thu, 29 Dec 2022 02:00:54 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 2783127a63c78cb5ac02e1a31631bfca
a26af5a37bbb43d4258282640749ced026ba9560
cfe19d12b6070f9171129591b54bab634d5582e4d8d83e5c1fbe703d873b8366
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CFE19D12B6070F9171129591B54BAB634D5582E4D8D83E5C1FBE703D873B8366"
Last-Modified: Tue, 27 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5434
Expires: Thu, 29 Dec 2022 03:31:28 GMT
Date: Thu, 29 Dec 2022 02:00:54 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 2783127a63c78cb5ac02e1a31631bfca
a26af5a37bbb43d4258282640749ced026ba9560
cfe19d12b6070f9171129591b54bab634d5582e4d8d83e5c1fbe703d873b8366
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CFE19D12B6070F9171129591B54BAB634D5582E4D8D83E5C1FBE703D873B8366"
Last-Modified: Tue, 27 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5434
Expires: Thu, 29 Dec 2022 03:31:28 GMT
Date: Thu, 29 Dec 2022 02:00:54 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 2783127a63c78cb5ac02e1a31631bfca
a26af5a37bbb43d4258282640749ced026ba9560
cfe19d12b6070f9171129591b54bab634d5582e4d8d83e5c1fbe703d873b8366
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CFE19D12B6070F9171129591B54BAB634D5582E4D8D83E5C1FBE703D873B8366"
Last-Modified: Tue, 27 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5434
Expires: Thu, 29 Dec 2022 03:31:28 GMT
Date: Thu, 29 Dec 2022 02:00:54 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 2783127a63c78cb5ac02e1a31631bfca
a26af5a37bbb43d4258282640749ced026ba9560
cfe19d12b6070f9171129591b54bab634d5582e4d8d83e5c1fbe703d873b8366
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CFE19D12B6070F9171129591B54BAB634D5582E4D8D83E5C1FBE703D873B8366"
Last-Modified: Tue, 27 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5434
Expires: Thu, 29 Dec 2022 03:31:28 GMT
Date: Thu, 29 Dec 2022 02:00:54 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F456f5bce-faff-4228-812f-34f3dba57003.jpeg
34.120.237.76200 OK 4.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F456f5bce-faff-4228-812f-34f3dba57003.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 58db86c1b07c8d9b8a0757bac6f388ee
e00f93653f15242afa913b8da63edf3de57c505c
04c97fe001f76973d740a8df0b46e4b0e3fb0383efa6b3c31cd24a3963ea3cd6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F456f5bce-faff-4228-812f-34f3dba57003.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4479
x-amzn-requestid: 45612967-d570-4846-82a3-b865d0b9eeaa
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dy0I3G61IAMFkgQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63aa9a38-3c5a44aa486ac56d0a3922e3;Sampled=0
x-amzn-remapped-date: Tue, 27 Dec 2022 07:09:44 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: -12FayaWRaqwMP4mPJIHQxfBBndp0oGmGyyw2Pf6wJt_h9H7UaQhZg==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Wed, 28 Dec 2022 07:16:11 GMT
age: 67483
etag: "e00f93653f15242afa913b8da63edf3de57c505c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdf685807-afc3-4f01-9ee0-833cc7a0307b.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdf685807-afc3-4f01-9ee0-833cc7a0307b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 871cd400a46846677fdb766de940a4e4
fd2a9b96f9bcf72a90747bcd10d8297da7fb370b
0fb69f1ba005d219ac1419dd95caca3cc516cb292199fa6d5495593c0803f19d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdf685807-afc3-4f01-9ee0-833cc7a0307b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10409
x-amzn-requestid: ad3d326b-aba1-4276-abe4-9449e6122cbe
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: diWSmHxPIAMF9Nw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a40410-10a5df97609e3b3b7e8272c3;Sampled=0
x-amzn-remapped-date: Thu, 22 Dec 2022 07:15:28 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: tvcMyHdKvqJpJmT8klnQH8OLTpipL1Rt7jSlG1qtHcawWqaJwFC4ug==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Wed, 28 Dec 2022 17:42:36 GMT
age: 29898
etag: "fd2a9b96f9bcf72a90747bcd10d8297da7fb370b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f065733-5f7b-4113-9f70-8e9738de50f7.jpeg
34.120.237.76200 OK 7.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f065733-5f7b-4113-9f70-8e9738de50f7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash db302f2c47edbbb185af9e4a96741d52
c616108fda3390ebd7f67926ba3e35a73b47135c
cc9e4fdb361624bb32511b195d4a1677e241502ba013b8f8a114ebb4956019ba
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f065733-5f7b-4113-9f70-8e9738de50f7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6955
x-amzn-requestid: 59f34964-3642-4190-9edb-c2a1de006606
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dhyXGHe0oAMFfSA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a3ca93-4acf45f93b24aebd33be5de1;Sampled=0
x-amzn-remapped-date: Thu, 22 Dec 2022 03:10:11 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: L4fg8oLUw2_pKOZNCh2YZi3_asUguQHaCtpPeCrUIYyVoAiwQlNqGg==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Wed, 28 Dec 2022 22:18:06 GMT
age: 13368
etag: "c616108fda3390ebd7f67926ba3e35a73b47135c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4280ab1a-8c29-44a8-a84e-493924cc46f1.jpeg
34.120.237.76200 OK 5.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4280ab1a-8c29-44a8-a84e-493924cc46f1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d99b83d2188c008350586cec0f2a07de
405bf87dc460809c74f58837a0e422df0c6a3caa
7c383b7b407932295c6a0bd9472a64d4ec835680db8ec33a48e1cc73da404a4c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4280ab1a-8c29-44a8-a84e-493924cc46f1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5636
x-amzn-requestid: aa35b929-5d85-4952-8955-bd93db36f690
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dyRRSFCaIAMFh3g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63aa626e-0227b9a86696d7cd4d0b5712;Sampled=0
x-amzn-remapped-date: Tue, 27 Dec 2022 03:11:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: aKhqQ1IMSfUQo4WprhYowj1qlYi4tOSXcSBSVJexfCy18k8IJrqssQ==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 28 Dec 2022 03:43:40 GMT
age: 80234
etag: "405bf87dc460809c74f58837a0e422df0c6a3caa"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff495beea-cff9-4016-a188-b0f4b2547a59.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff495beea-cff9-4016-a188-b0f4b2547a59.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d9592ede9af5f26a2748ba2e1e649ee1
7c99d49f3f6f9d1808bf7f7f17c1c3507838951e
e9b2526f714d4d123b80fca340737b450a3c09058d8f7c7b3b180e3509eb8d27
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff495beea-cff9-4016-a188-b0f4b2547a59.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7462
x-amzn-requestid: f433f7ae-20f5-4446-a7ce-4b88ec6d19ee
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: d4GQxFceoAMF5GQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63acb737-509b4ce327ed792719fd2c58;Sampled=0
x-amzn-remapped-date: Wed, 28 Dec 2022 21:37:59 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: vUpx0k9Eg5cG4EGjzp91A274liLuvkmgX7siRALfLiRNIvRmFCI7-g==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 28 Dec 2022 21:42:24 GMT
age: 15510
etag: "7c99d49f3f6f9d1808bf7f7f17c1c3507838951e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F26073be1-1851-4348-a892-ee39e3b6f635.jpeg
34.120.237.76200 OK 9.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F26073be1-1851-4348-a892-ee39e3b6f635.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d9f3c92ff3db8e0ec87e86aa28346ea5
c4cc987d54675d9285b43954ab8f010e5a258d9e
94be9c845c6373424c519720e61e2a1397f7390028d43dcdbf536686a7740b6b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F26073be1-1851-4348-a892-ee39e3b6f635.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9569
x-amzn-requestid: 5e67dc3c-470b-4b8e-a2fd-0a7ae7ade4dc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: d21gLHgLIAMFygQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ac3600-6317a97c21aae4fc13cdd27b;Sampled=0
x-amzn-remapped-date: Wed, 28 Dec 2022 12:26:40 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: xScDAd-p3iFuIWh0vmyGngwsfeLiYAB9iae-rbakrgil9cLtKWejRw==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Wed, 28 Dec 2022 21:51:31 GMT
age: 33312
etag: "c4cc987d54675d9285b43954ab8f010e5a258d9e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 281e831db193bdbb80e6ff33b3047078
91c685f3d3fa05fe966cd40c01fbf7e8f3a82ca6
d8f34ff19d7fa4165490af8228d1e3ab2a835c5cf02b80d2efe8203ade76e38d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Dec 2022 02:00:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ww9.firedmeupppzs.com/ls.php
76.223.26.96201 Created 0 B URL HTTP/1.1 ww9.firedmeupppzs.com/ls.php
IP 76.223.26.96:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
POST /ls.php HTTP/1.1
Host: ww9.firedmeupppzs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 2226
Origin: http://ww9.firedmeupppzs.com
Connection: keep-alive
Referer: http://ww9.firedmeupppzs.com/
Cookie: GoogleAdServingTest=Good
HTTP/1.1 201 Created
Date: Thu, 29 Dec 2022 02:00:54 GMT
Content-Type: text/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
X-Log-Success: 63acf4d6dbf2c12d72589cd4
Charset: utf-8
Access-Control-Allow-Origin: http://ww9.firedmeupppzs.com
Access-Control-Allow-Methods: POST, OPTIONS
Access-Control-Max-Age: 86400
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_CwWQXda1SwXmOJ3Rj/8PM4YNKFR2RxuXxPURZLOp4AE72O2bXkXcj2UaQb7oMpTTLYi+K6JGhACo7Nw45zADLg==
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 33ddc91698b093b101c72304e1804b95
e3889a5dc96cdd04f981338f13489f72cb5d013c
b570ea4b5aa23c1b64d52e997e821f5f607e844529a0b810533fbdb06c93882d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Dec 2022 02:00:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/afs/ads?adtest=off&psid=6016880802&pcsa=false&channel=000001%2Cbucket103&client=dp-teaminternet09_3ph&r=m&hl=en&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2541811284092968&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003&format=r3%7Cs&nocache=3611672279249820&num=0&output=afd_ads&domain_name=ww9.firedmeupppzs.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1672279249821&u_w=1280&u_h=1024&biw=1280&bih=939&psw=1280&psh=797&frm=0&cl=493016327&uio=--&cont=tc&jsid=caf&jsv=493016327&rurl=http%3A%2F%2Fww9.firedmeupppzs.com%2F&referer=http%3A%2F%2Ffiredmeupppzs.com%2F&adbw=master-1%3A530
142.250.74.132200 OK 1.9 kB URL HTTP/2 www.google.com/afs/ads?adtest=off&psid=6016880802&pcsa=false&channel=000001%2Cbucket103&client=dp-teaminternet09_3ph&r=m&hl=en&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2541811284092968&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003&format=r3%7Cs&nocache=3611672279249820&num=0&output=afd_ads&domain_name=ww9.firedmeupppzs.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1672279249821&u_w=1280&u_h=1024&biw=1280&bih=939&psw=1280&psh=797&frm=0&cl=493016327&uio=--&cont=tc&jsid=caf&jsv=493016327&rurl=http%3A%2F%2Fww9.firedmeupppzs.com%2F&referer=http%3A%2F%2Ffiredmeupppzs.com%2F&adbw=master-1%3A530
IP 142.250.74.132:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (5280)
Hash 4277b1f1033af33cdc2e0045c1633b60
e6093dbc6f998ba7583e95b683bd28a3b6c7b8f3
f5596d108684ad288d11c4d30f2a3b8eeb19ae03663c532c5d79740ea41149aa
GET /afs/ads?adtest=off&psid=6016880802&pcsa=false&channel=000001%2Cbucket103&client=dp-teaminternet09_3ph&r=m&hl=en&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2541811284092968&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003&format=r3%7Cs&nocache=3611672279249820&num=0&output=afd_ads&domain_name=ww9.firedmeupppzs.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1672279249821&u_w=1280&u_h=1024&biw=1280&bih=939&psw=1280&psh=797&frm=0&cl=493016327&uio=--&cont=tc&jsid=caf&jsv=493016327&rurl=http%3A%2F%2Fww9.firedmeupppzs.com%2F&referer=http%3A%2F%2Ffiredmeupppzs.com%2F&adbw=master-1%3A530 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ww9.firedmeupppzs.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
content-disposition: inline
date: Thu, 29 Dec 2022 02:00:54 GMT
expires: Thu, 29 Dec 2022 02:00:54 GMT
cache-control: private, max-age=3600
cross-origin-opener-policy-report-only: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
content-encoding: br
server: gws
content-length: 1898
x-xss-protection: 0
set-cookie: NID=511=AvdZlkAUzKp39dbacbaQCCjnmZCq1wdjnCYZO2sD0rk1x_OZFLkl912Ex1nvzADun3owgCwOmRPSb9NmORcJSgWN94GRi0Wf9NxM-mOnP6xu78esdz48iUAZRaQHab40vSYW-E6UEECS4Yv018oe4zoDbtQkoPJIaGbrZNm8o24; expires=Fri, 30-Jun-2023 02:00:54 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+661; expires=Sat, 28-Dec-2024 02:00:54 GMT; path=/; domain=.google.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
partner.googleadservices.com/gampad/cookie.js?domain=ww9.firedmeupppzs.com&client=dp-teaminternet09_3ph&product=SAS&callback=__sasCookie
216.58.207.226200 OK 242 B URL HTTP/2 partner.googleadservices.com/gampad/cookie.js?domain=ww9.firedmeupppzs.com&client=dp-teaminternet09_3ph&product=SAS&callback=__sasCookie
IP 216.58.207.226:0
File type ASCII text, with very long lines (374), with no line terminators
Hash 8e83180b749ab50648df52a0bbbc0ad6
183079dd34e58385fa1b7024ce92136e652eb4b6
b259c2da4bc5b63435bf302a9e1a1a8c34ecaa63ec1bafae024c5d8c077bf14b
GET /gampad/cookie.js?domain=ww9.firedmeupppzs.com&client=dp-teaminternet09_3ph&product=SAS&callback=__sasCookie HTTP/1.1
Host: partner.googleadservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ww9.firedmeupppzs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Thu, 29 Dec 2022 02:00:55 GMT
server: cafe
cache-control: private
content-length: 242
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 58f16dc497b3f884e2c830bdf344cd80
322e70c4b62d1482294f69752ae325f8a705f231
91e58e3782d5091a0407a602836e1a853ce9b754f16c2df501c3c4d65ef136d0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Dec 2022 02:00:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 33ddc91698b093b101c72304e1804b95
e3889a5dc96cdd04f981338f13489f72cb5d013c
b570ea4b5aa23c1b64d52e997e821f5f607e844529a0b810533fbdb06c93882d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Dec 2022 02:00:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 7e0058480d8e4f35a8f9299bfd9f5079
479faa038d1a7acac1ea2cbe223261d18a2fabc7
5465d8984b219ddd6bd0e3105ae7e9794c1241611c1386e648c75b3f9d389507
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Dec 2022 02:00:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 7e0058480d8e4f35a8f9299bfd9f5079
479faa038d1a7acac1ea2cbe223261d18a2fabc7
5465d8984b219ddd6bd0e3105ae7e9794c1241611c1386e648c75b3f9d389507
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Dec 2022 02:00:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff
142.250.74.97200 OK 174 B URL HTTP/2 afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff
IP 142.250.74.97:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with no line terminators
Hash 4de8b85c8915995b571bde50e231be7c
29c226ca7b9cbe1d44e5480ce95bbb42727b2d99
2ec9168c4507546748c5f400f5030031f0eb06f2aed8deaa11362c395bff4f7a
GET /ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 174
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Wed, 28 Dec 2022 11:08:40 GMT
expires: Thu, 29 Dec 2022 10:08:40 GMT
cache-control: public, max-age=82800
age: 53535
last-modified: Thu, 22 Oct 2020 21:45:00 GMT
content-type: image/svg+xml
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/search.svg?c=%23ffffff
142.250.74.97200 OK 270 B URL HTTP/2 afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/search.svg?c=%23ffffff
IP 142.250.74.97:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (390)
Hash 5100391430a00e10ce60aa159f525b5c
231a4492d73b225f441b1e9028dc33c89862e498
52b1432a6e3002e41ed1d8f4c84b258fdc4c6dac863e3c0e5c06360c81be6067
GET /ad_icons/standard/publisher_icon_image/search.svg?c=%23ffffff HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 270
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Wed, 28 Dec 2022 11:52:33 GMT
expires: Thu, 29 Dec 2022 10:52:33 GMT
cache-control: public, max-age=82800
age: 50902
last-modified: Thu, 19 Dec 2019 14:15:00 GMT
content-type: image/svg+xml
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 7e0058480d8e4f35a8f9299bfd9f5079
479faa038d1a7acac1ea2cbe223261d18a2fabc7
5465d8984b219ddd6bd0e3105ae7e9794c1241611c1386e648c75b3f9d389507
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Dec 2022 02:00:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ww9.firedmeupppzs.com/track.php?domain=firedmeupppzs.com&caf=1&toggle=answercheck&answer=yes&uid=MTY3MjI3OTI1My44NTY2OjgwZmI5OWQ5Y2NmODFmMzNmZWE0OGY3MjJiMzNhMDEzMzNjYWZmNTZiN2FkYWRmMTA3MjIyMTlkOThiNDA0ZTc6NjNhY2Y0ZDVkMTIxNA%3D%3D
76.223.26.96200 OK 20 B URL HTTP/1.1 ww9.firedmeupppzs.com/track.php?domain=firedmeupppzs.com&caf=1&toggle=answercheck&answer=yes&uid=MTY3MjI3OTI1My44NTY2OjgwZmI5OWQ5Y2NmODFmMzNmZWE0OGY3MjJiMzNhMDEzMzNjYWZmNTZiN2FkYWRmMTA3MjIyMTlkOThiNDA0ZTc6NjNhY2Y0ZDVkMTIxNA%3D%3D
IP 76.223.26.96:0
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /track.php?domain=firedmeupppzs.com&caf=1&toggle=answercheck&answer=yes&uid=MTY3MjI3OTI1My44NTY2OjgwZmI5OWQ5Y2NmODFmMzNmZWE0OGY3MjJiMzNhMDEzMzNjYWZmNTZiN2FkYWRmMTA3MjIyMTlkOThiNDA0ZTc6NjNhY2Y0ZDVkMTIxNA%3D%3D HTTP/1.1
Host: ww9.firedmeupppzs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww9.firedmeupppzs.com/
Cookie: __gsas=ID=9474d76ab4bdda72:T=1672279255:S=ALNI_MaR1prTOgzYc7kJGePtbohdZcPPSw
HTTP/1.1 200 OK
Date: Thu, 29 Dec 2022 02:00:55 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Custom-Track: answercheck
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Access-Control-Allow-Origin: *
Content-Encoding: gzip
www.google.com/adsense/domains/caf.js
142.250.74.132200 OK 0 B URL HTTP/2 www.google.com/adsense/domains/caf.js
IP 142.250.74.132:0
GET /adsense/domains/caf.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Thu, 29 Dec 2022 02:00:55 GMT
expires: Thu, 29 Dec 2022 02:00:55 GMT
cache-control: private, max-age=3600
etag: "93330671341707853"
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2