urlquery - report: trk2.zsxdvcr.click/67fe7f2f-573d-4d77-aeaa-74c54d05a22b

Fully Qualifying Domain Name	Rank	First Seen	Last Seen	IP	Comment
ocsp.digicert.com (1)	86	2012-05-21 07:02:23 UTC	2022-09-29 04:12:37 UTC	93.184.220.29
push.services.mozilla.com (1)	2140	2015-09-03 10:29:36 UTC	2022-09-28 05:02:28 UTC	44.242.32.27
abc.a18seftrk.click (6)	0	2022-06-24 18:23:09 UTC	2022-09-29 00:02:59 UTC	65.60.58.180	Unknown ranking
img-getpocket.cdn.mozilla.net (7)	1631	2017-09-01 03:40:57 UTC	2022-09-29 04:10:37 UTC	34.120.237.76
d0zi.com (1)	0	2022-06-05 17:32:29 UTC	2022-09-28 19:19:19 UTC	162.55.4.52	Unknown ranking
trk2.zsxdvcr.click (1)	0	2022-06-13 08:58:05 UTC	2022-09-28 15:59:28 UTC	18.195.23.231	Unknown ranking
content-signature-2.cdn.mozilla.net (1)	1152	2020-11-03 12:26:46 UTC	2022-09-29 05:03:41 UTC	143.204.55.25
contile.services.mozilla.com (1)	1114	2021-05-27 18:32:35 UTC	2022-09-28 04:36:06 UTC	34.117.237.239
firefox.settings.services.mozilla.com (2)	867	2020-05-28 17:26:30 UTC	2022-09-29 05:05:36 UTC	143.204.55.115
r3.o.lencr.org (4)	344	2020-12-02 08:52:13 UTC	2022-09-28 04:36:09 UTC	23.36.76.226

Scan Date	Severity	Indicator	Comment
2022-09-29	2	trk2.zsxdvcr.click/67fe7f2f-573d-4d77-aeaa-74c54d05a22b	Malware

Scan Date	Severity	Indicator	Comment
2022-09-29	2	zsxdvcr.click	Sinkholed

Date	UQ / IDS / BL	URL	IP
2023-01-30 13:13:03 +0000	0 - 0 - 1	psh.a06seftrk.click/0309ca23-ec70-442d-839b-f (...)	18.195.23.231
2023-01-30 07:42:38 +0000	0 - 1 - 2	psh.a06seftrk.click/c2c1f95f-2ec8-4016-9ac5-0 (...)	18.195.23.231
2023-01-29 16:13:39 +0000	0 - 1 - 2	psh.a06seftrk.click/2855281f-0b2c-41f0-ae0a-5 (...)	18.195.23.231
2023-01-29 15:52:21 +0000	0 - 1 - 2	psh.a06seftrk.click/d7c2d5d1-bfa6-4369-a546-6 (...)	18.195.23.231
2023-01-28 20:07:47 +0000	0 - 1 - 3	psh.a06seftrk.click/c2c1f95f-2ec8-4016-9ac5-0 (...)	18.195.23.231

Date	UQ / IDS / BL	URL	IP
2023-01-31 10:19:20 +0000	0 - 9 - 0	poptropicaslutz.ffm.to/sierraechoxray	54.149.145.153
2023-01-31 10:17:31 +0000	0 - 1 - 2	worldnaturenet.xyz/91a2556838a7c33eac284eea30 (...)	199.59.243.222
2023-01-31 10:11:41 +0000	0 - 0 - 1	iglesiabbc.com/docusign/Docusign.documents/Do (...)	18.119.154.66
2023-01-31 10:09:22 +0000	0 - 1 - 2	eslffcu.us/	15.197.130.221
2023-01-31 10:01:21 +0000	0 - 0 - 1	35.160.235.160/	35.160.235.160

Date	UQ / IDS / BL	URL	IP
2022-11-08 00:02:37 +0000	0 - 0 - 2	trk2.zsxdvcr.click/8ce0aeb5-cc05-4232-a527-f9 (...)	18.195.23.231
2022-11-06 22:01:50 +0000	0 - 0 - 2	trk2.zsxdvcr.click/57a5baef-65ba-4c15-81cc-ac (...)	18.195.23.231
2022-09-29 06:21:09 +0000	0 - 0 - 2	trk2.zsxdvcr.click/67fe7f2f-573d-4d77-aeaa-74 (...)	18.195.23.231
2022-09-20 19:01:37 +0000	0 - 0 - 2	trk2.zsxdvcr.click/975f0722-7bf9-4db3-bcdf-43 (...)	18.195.23.231
2022-09-03 19:49:40 +0000	0 - 0 - 2	trk2.zsxdvcr.click/f8b8996b-4e38-4b11-bf28-aa (...)	18.195.23.231

Date	UQ / IDS / BL	URL	IP
2022-10-26 08:11:03 +0000	0 - 0 - 4	rmut-glo.azurservers.com/t/clk	18.185.204.10
2022-10-25 01:02:27 +0000	0 - 0 - 3	go.monetizer.mobi/?utm_medium=ec4eee60be98615 (...)	198.143.165.221
2022-10-24 03:38:16 +0000	0 - 0 - 3	army-glo.peoplesdigital.com/t/clk	18.185.204.10
2022-10-23 18:38:37 +0000	0 - 0 - 10	thefreeclub.xyz/1/prizewheel/cash/mycashn/ind (...)	69.175.50.100
2022-10-23 10:38:22 +0000	0 - 0 - 10	thefreeclub.xyz/1/prizewheel/iphone12/ar-dz/i (...)	69.175.50.100

Request	Response
GET /v1/ HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: firefox.settings.services.mozilla.com/v1/ FQDN: firefox.settings.services.mozilla.com IP: 143.204.55.115 HASH: 73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551 143.204.55.115 HTTP/1.1 200 OK Content-Type: application/json Content-Length: 939 Connection: keep-alive Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert Cache-Control: max-stale=0 Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; Date: Thu, 29 Sep 2022 05:29:34 GMT X-Content-Type-Options: nosniff X-Cache: Hit from cloudfront Via: 1.1 80d21802b1b80c40e55ccf83433b8eac.cloudfront.net (CloudFront) X-Amz-Cf-Pop: OSL50-C1 X-Amz-Cf-Id: Z5PPB-C_oJ8RVlmeY3iEuiorMgKOvEQniGlPRiPPtbDracp9Ne3FcQ== Age: 3084 --- Additional Info --- Magic: JSON data\012- , ASCII text, with very long lines (939), with no line terminators Size: 939 Md5: 2d12f67fe57a87e7366b662d153a5582 Sha1: d7b02d81cc74f24a251d9363e0f4b0a149264ec1 Sha256: 73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
GET /67fe7f2f-573d-4d77-aeaa-74c54d05a22b HTTP/1.1 Host: trk2.zsxdvcr.click User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Upgrade-Insecure-Requests: 1	URL: trk2.zsxdvcr.click/67fe7f2f-573d-4d77-aeaa-74c54d05a22b FQDN: trk2.zsxdvcr.click IP: 18.195.23.231 HASH: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 18.195.23.231 HTTP/1.1 302 Server: nginx Date: Thu, 29 Sep 2022 06:20:58 GMT Content-Length: 0 Connection: keep-alive Cache-Control: no-store, no-cache, pre-check=0, post-check=0 Expires: Thu, 01 Jan 1970 00:00:00 GMT Location: https://abc.a18seftrk.click/?utm_medium=1d8189830eb362deafbaab2b506d817e330a7571&utm_campaign=BR_wifi&1=Advertizer&2=&cid=w2gpj570535bqmcj2k24a8ai&3= Pragma: no-cache Set-Cookie: 67fe7f2f-573d-4d77-aeaa-74c54d05a22b-v4=7E4Mig20DppaGJyCtGkzEe7W7nSuj9iBl0ykD-35Mvo; Max-Age=86400; Expires=Fri, 30-Sep-2022 06:20:58 GMT; Domain=trk2.zsxdvcr.click; Path=/; HttpOnly cc-v4=L%2By4ZCJCVXISURJZ0ltRmYIivtch2LkSkDc41wyOULfhDCRzCcHkR7VdBFXZtaeRRrXILs8neyN5Aigtk3TKcL%2Byl5PRjeEHJP4lMPRH0rpJWlP3i0oxUzRMWlOQTiTzzYWymHmI624VCxkmgFsIQg%3D%3D; Max-Age=31536000; Expires=Fri, 29-Sep-2023 06:20:58 GMT; Domain=trk2.zsxdvcr.click; Path=/; HttpOnly --- Additional Info --- Magic: Size: 0 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Alerts: Blocklists: - fortinet: Malware - quad9: Sinkholed
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.76.226 HASH: a382476d14b6ae14003333e7acdfbbd9ae8775d4c1a7d5c31116f33987043cff 23.36.76.226 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "A382476D14B6AE14003333E7ACDFBBD9AE8775D4C1A7D5C31116F33987043CFF" Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=2768 Expires: Thu, 29 Sep 2022 07:07:06 GMT Date: Thu, 29 Sep 2022 06:20:58 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 6dd4587c98aef98ad0939030a6976a7f Sha1: 92dc5966ac2deb0c3ac7fdd02bf8d28f9239801e Sha256: a382476d14b6ae14003333e7acdfbbd9ae8775d4c1a7d5c31116f33987043cff
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1 Host: content-signature-2.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site	URL: content-signature-2.cdn.mozilla.net/chains/remote-setti (...) FQDN: content-signature-2.cdn.mozilla.net IP: 143.204.55.25 HASH: b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770 143.204.55.25 HTTP/2 200 OK content-type: binary/octet-stream content-length: 5348 last-modified: Sat, 10 Sep 2022 18:47:45 GMT content-disposition: attachment accept-ranges: bytes server: AmazonS3 date: Thu, 29 Sep 2022 05:28:28 GMT etag: "6113f8408c59aebe188d6af273b90743" x-cache: Hit from cloudfront via: 1.1 8ddb6d7670d8c5a85c04a10525a71b90.cloudfront.net (CloudFront) x-amz-cf-pop: OSL50-C1 x-amz-cf-id: L5Ot0Q9qobh4mfD1tK2le4aZUboybQ6Uk8pLP1O8RL2QPh_Kl2k2ww== age: 3151 X-Firefox-Spdy: h2 --- Additional Info --- Magic: PEM certificate\012- , ASCII text Size: 5348 Md5: 6113f8408c59aebe188d6af273b90743 Sha1: 7398873bf00f99944eaa77ad3ebc0d43c23dba6b Sha256: b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /v1/tiles HTTP/1.1 Host: contile.services.mozilla.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: contile.services.mozilla.com/v1/tiles FQDN: contile.services.mozilla.com IP: 34.117.237.239 HASH: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3 34.117.237.239 HTTP/2 200 OK content-type: application/json server: nginx date: Thu, 29 Sep 2022 06:20:58 GMT content-length: 12 strict-transport-security: max-age=31536000 via: 1.1 google alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JSON data\012- , ASCII text, with no line terminators Size: 12 Md5: 23e88fb7b99543fb33315b29b1fad9d6 Sha1: a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: application/json Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: application/json Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: firefox.settings.services.mozilla.com/v1/buckets/main/c (...) FQDN: firefox.settings.services.mozilla.com IP: 143.204.55.115 HASH: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300 143.204.55.115 HTTP/1.1 200 OK Content-Type: application/json Content-Length: 329 Connection: keep-alive Access-Control-Allow-Origin: * Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT Strict-Transport-Security: max-age=31536000 X-Content-Type-Options: nosniff Date: Thu, 29 Sep 2022 05:29:33 GMT Cache-Control: max-age=3600, max-age=3600 Expires: Thu, 29 Sep 2022 05:35:58 GMT ETag: "1648230346554" X-Cache: Hit from cloudfront Via: 1.1 9ede9483eb891e14681c7c693b47c862.cloudfront.net (CloudFront) X-Amz-Cf-Pop: OSL50-C1 X-Amz-Cf-Id: NkrkSab0XmKGggplof1Nn2TV7pnfUaWShICASSg96cGDmUfruLWz1Q== Age: 3086 --- Additional Info --- Magic: JSON data\012- , ASCII text, with very long lines (329), with no line terminators Size: 329 Md5: 0333b0655111aa68de771adfcc4db243 Sha1: 63f295a144ac87a7c8e23417626724eeca68a7eb Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
POST / HTTP/1.1 Host: ocsp.digicert.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: ocsp.digicert.com/ FQDN: ocsp.digicert.com IP: 93.184.220.29 HASH: 09604aed7cbca7971bfcb5afcb53591600b944f28eff21aa65dc601e78cdda53 93.184.220.29 HTTP/1.1 200 OK Content-Type: application/ocsp-response Accept-Ranges: bytes Age: 6151 Cache-Control: 'max-age=158059' Date: Thu, 29 Sep 2022 06:20:59 GMT Last-Modified: Thu, 29 Sep 2022 04:38:28 GMT Server: ECS (ska/F70F) X-Cache: HIT Content-Length: 471 --- Additional Info --- Magic: data Size: 471 Md5: 3526d5ce1381ba26cbc553db057e1915 Sha1: fe01c920696448e8bf12e6fff877bce8281d34a2 Sha256: 09604aed7cbca7971bfcb5afcb53591600b944f28eff21aa65dc601e78cdda53
GET / HTTP/1.1 Host: push.services.mozilla.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Sec-WebSocket-Version: 13 Origin: wss://push.services.mozilla.com/ Sec-WebSocket-Protocol: push-notification Sec-WebSocket-Extensions: permessage-deflate Sec-WebSocket-Key: dcSuaGSSDLPsQDmK4tgPAQ== Connection: keep-alive, Upgrade Sec-Fetch-Dest: websocket Sec-Fetch-Mode: websocket Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache Upgrade: websocket	URL: push.services.mozilla.com/ FQDN: push.services.mozilla.com IP: 44.242.32.27 HASH: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 44.242.32.27 HTTP/1.1 101 Switching Protocols Connection: Upgrade Upgrade: websocket Sec-WebSocket-Accept: OqhCXwta5rLoVwvqnC78hXKtlbY= --- Additional Info --- Magic: Size: 0 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1 Host: abc.a18seftrk.click User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://abc.a18seftrk.click/?utm_term=7148682977822638105&ver=4viyaptcjo&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f097979b8790cacbf9c9fffdf4fdc2f2f0f3f2c7c4c5dadbebecece9e8eae4eae8e7e5e1eced191a52 Cookie: u=16abc4a33105c12b869a59a089243d27 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin TE: trailers	URL: abc.a18seftrk.click/favicon.ico FQDN: abc.a18seftrk.click IP: 65.60.58.180 HASH: b1d7aef06456fe7431124129a28f0138bb5fccfa4f4161e3087de23c005e5edc 65.60.58.180 HTTP/2 200 OK content-type: image/x-icon server: nginx date: Thu, 29 Sep 2022 06:20:59 GMT content-length: 1150 last-modified: Wed, 31 Jul 2019 07:48:51 GMT etag: "5d4147e3-47e" expires: Fri, 30 Sep 2022 06:20:59 GMT cache-control: max-age=86400 strict-transport-security: max-age=31536000; includeSubdomains; accept-ranges: bytes X-Firefox-Spdy: h2 --- Additional Info --- Magic: MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data Size: 1150 Md5: 91abe01116ab422c598e9c8af72cf4da Sha1: 0f2815fe8e067d48537ad168225ab4674271fa27 Sha256: b1d7aef06456fe7431124129a28f0138bb5fccfa4f4161e3087de23c005e5edc
GET /sw.js?v=1664432456990 HTTP/1.1 Host: abc.a18seftrk.click User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Service-Worker: script Connection: keep-alive Cookie: u=16abc4a33105c12b869a59a089243d27 Sec-Fetch-Dest: serviceworker Sec-Fetch-Mode: same-origin Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers	URL: abc.a18seftrk.click/sw.js?v=1664432456990 FQDN: abc.a18seftrk.click IP: 65.60.58.180 HASH: 70d55f6e4bab19ae4b3cc61642e88a78a599b060c72d10c15c5f937e34305ee9 65.60.58.180 HTTP/2 200 OK content-type: application/javascript server: nginx date: Thu, 29 Sep 2022 06:20:59 GMT content-length: 775 last-modified: Fri, 23 Sep 2022 11:12:42 GMT vary: Accept-Encoding etag: "632d94aa-307" content-encoding: gzip content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src ; style-src 'unsafe-inline'; X-Firefox-Spdy: h2 --- Additional Info --- Magic: ASCII text Size: 775 Md5: de06f24ba6d6b0c514015a9847dace54 Sha1: c9662e4339d4f72af3526b21d4d6d68df21b0ba9 Sha256: 70d55f6e4bab19ae4b3cc61642e88a78a599b060c72d10c15c5f937e34305ee9
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.76.226 HASH: 25f075effbd8acded8f38d69ea17f673de3e197b635274d4c52411ef577fe8e7 23.36.76.226 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "25F075EFFBD8ACDED8F38D69EA17F673DE3E197B635274D4C52411EF577FE8E7" Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=9263 Expires: Thu, 29 Sep 2022 08:55:23 GMT Date: Thu, 29 Sep 2022 06:21:00 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 47f245f9a098439e59436f81d4c03415 Sha1: 950b3eadfd6fc7f859130fa2c63934c6ccd49889 Sha256: 25f075effbd8acded8f38d69ea17f673de3e197b635274d4c52411ef577fe8e7
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.76.226 HASH: 25f075effbd8acded8f38d69ea17f673de3e197b635274d4c52411ef577fe8e7 23.36.76.226 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "25F075EFFBD8ACDED8F38D69EA17F673DE3E197B635274D4C52411EF577FE8E7" Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=9263 Expires: Thu, 29 Sep 2022 08:55:23 GMT Date: Thu, 29 Sep 2022 06:21:00 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 47f245f9a098439e59436f81d4c03415 Sha1: 950b3eadfd6fc7f859130fa2c63934c6ccd49889 Sha256: 25f075effbd8acded8f38d69ea17f673de3e197b635274d4c52411ef577fe8e7
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.76.226 HASH: 25f075effbd8acded8f38d69ea17f673de3e197b635274d4c52411ef577fe8e7 23.36.76.226 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "25F075EFFBD8ACDED8F38D69EA17F673DE3E197B635274D4C52411EF577FE8E7" Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=9263 Expires: Thu, 29 Sep 2022 08:55:23 GMT Date: Thu, 29 Sep 2022 06:21:00 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 47f245f9a098439e59436f81d4c03415 Sha1: 950b3eadfd6fc7f859130fa2c63934c6ccd49889 Sha256: 25f075effbd8acded8f38d69ea17f673de3e197b635274d4c52411ef577fe8e7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F658e1cdd-3e54-47dd-9724-ec65659721ea.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: 905b1c30a2273aef69904f2eb1451c756fc1fdba02e86ea5c957629dd056aeda 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 6390 x-amzn-requestid: b2681ff8-ab83-41e6-adef-3e6772c93c3f x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: ZGFJ6Gc_oAMF44g= x-content-type-options: nosniff x-amzn-trace-id: Root=1-63324f0c-3dbf9f4e2047567b5abdbe74;Sampled=0 x-amzn-remapped-date: Tue, 27 Sep 2022 01:17:00 GMT x-amz-cf-pop: SEA73-P1 x-cache: Hit from cloudfront x-amz-cf-id: VwWbbPJtnsSB1Y6riPtCZXX0Ocmxw024YRmlebWN1UQxZX3uvjsvOw== via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 e95ec8f1dc02e32f0cb9e113963ceb4e.cloudfront.net (CloudFront), 1.1 google date: Thu, 29 Sep 2022 05:41:14 GMT age: 2386 etag: "61676358cdbb2373bc644e66f8a84fbc8cc5daf6" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 6390 Md5: 14218a43c5e5bbce546735a780c8ccce Sha1: 61676358cdbb2373bc644e66f8a84fbc8cc5daf6 Sha256: 905b1c30a2273aef69904f2eb1451c756fc1fdba02e86ea5c957629dd056aeda
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6d393f81-26d4-4afa-b6ba-940a54002d7f.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: 818f3ff90d7b7923b4af4e423dbb01388795490ac2097e1d58d70608b95618f4 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 6795 x-amzn-requestid: 20067932-e2e5-410a-8c7a-a5f623f33454 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: ZDCs6FbooAMFyHg= x-content-type-options: nosniff x-amzn-trace-id: Root=1-633117ec-65749cd04e48e49a46b4c215;Sampled=0 x-amzn-remapped-date: Mon, 26 Sep 2022 03:09:32 GMT x-amz-cf-pop: SEA73-P1 x-cache: Miss from cloudfront x-amz-cf-id: o1q8r6PSQDQyLs4xfhCSXu4q8fFi3zIoAIMlwNznvOsEtORfuVumCA== via: 1.1 6a63e853422f3197776fb098fab5a416.cloudfront.net (CloudFront), 1.1 e80693c02cfdfd081110512210d57840.cloudfront.net (CloudFront), 1.1 google date: Thu, 29 Sep 2022 05:17:35 GMT age: 3805 etag: "7057c6707c7299ac386c6b2164240eff241db294" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 6795 Md5: 9f94853ffae41ec3c0e002bc152da1c4 Sha1: 7057c6707c7299ac386c6b2164240eff241db294 Sha256: 818f3ff90d7b7923b4af4e423dbb01388795490ac2097e1d58d70608b95618f4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb2016911-a1a6-4bdf-a8f3-89e94a0aaff7.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: 5cde1e3158e6c6c0b7a01d3bd32f2aa292b3b205f604e5c4ed71cafedad06bf2 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 7810 x-amzn-requestid: 7f6d92e1-c7b1-4dd2-9efa-52ad324ca19d x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: ZMK6pFvkoAMF_yA= x-content-type-options: nosniff x-amzn-trace-id: Root=1-6334beaa-362b7368566955966db78385;Sampled=0 x-amzn-remapped-date: Wed, 28 Sep 2022 21:37:46 GMT x-amz-cf-pop: SEA19-C2 x-cache: Miss from cloudfront x-amz-cf-id: TbPFEVDpMOjK26iu1UGcx56vtP7Pywq05VAylNubOIfbMgo1qGsA-w== via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google date: Thu, 29 Sep 2022 04:12:40 GMT age: 7700 etag: "31b8538deb0f00d5b4182739a4a2fcc1b956a998" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 7810 Md5: 456968f691ae9464d69a37bffe9bd7ce Sha1: 31b8538deb0f00d5b4182739a4a2fcc1b956a998 Sha256: 5cde1e3158e6c6c0b7a01d3bd32f2aa292b3b205f604e5c4ed71cafedad06bf2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6e97b5ce-1b94-4a15-a121-825f38a9d7d9.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: 6b33c83c2b78b413ae375966860e1a9c8aa8e28dee107f9dd5bb8ceb221e607a 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 9034 x-amzn-requestid: ccfaad8d-c270-491f-b0fa-ac56fb1ba14e x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: ZGVJ_G2doAMFXqw= x-content-type-options: nosniff x-amzn-trace-id: Root=1-633268a6-1599ec83051ceef5038d1296;Sampled=0 x-amzn-remapped-date: Tue, 27 Sep 2022 03:06:14 GMT x-amz-cf-pop: SEA73-P1 x-cache: Miss from cloudfront x-amz-cf-id: G--ubYYfq5CFGAZzorD-TAgKentdIyvzSjrvqjTf_yGWDvjwX75KHg== via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google date: Thu, 29 Sep 2022 04:20:21 GMT age: 7239 etag: "927d5a375d9607b23caadae148566fdff10147b1" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 9034 Md5: 2054ae778a3079d8233ee33045127df6 Sha1: 927d5a375d9607b23caadae148566fdff10147b1 Sha256: 6b33c83c2b78b413ae375966860e1a9c8aa8e28dee107f9dd5bb8ceb221e607a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9d0e9057-f203-4080-95b8-652ecd15effa.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: 90a37acc6beda1aa98a98cb84e00a7e469d6d919a14f4709c5f67a83ae95278d 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 7859 x-amzn-requestid: 34d0718f-46d4-446f-bb06-8449bd8f4287 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: ZIlO4FcBoAMFy0w= x-content-type-options: nosniff x-amzn-trace-id: Root=1-63334f2b-58ae81c9077e4f1575750f15;Sampled=0 x-amzn-remapped-date: Tue, 27 Sep 2022 19:29:47 GMT x-amz-cf-pop: SEA73-P1 x-cache: Hit from cloudfront x-amz-cf-id: XwUZAphoqael30FgWCRQlHqBpjBOSG7rnlbPNKyojhONZ625gCUI5g== via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 91356d2137f5a7345e93da4516c49ec4.cloudfront.net (CloudFront), 1.1 google date: Wed, 28 Sep 2022 08:28:02 GMT age: 78778 etag: "35ec6e80d324bb215796c590a7ffafbaea55d88e" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 7859 Md5: c62a6368c456e9614ca4c8e360a2ef12 Sha1: 35ec6e80d324bb215796c590a7ffafbaea55d88e Sha256: 90a37acc6beda1aa98a98cb84e00a7e469d6d919a14f4709c5f67a83ae95278d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F783cca30-851d-4c3b-97b3-dfc92f711d23.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: f32058bdd49930b927d1f9fdfd204ed054b4f85e0d679eff067d522d42ac504a 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 4093 x-amzn-requestid: 4275d743-8507-4fbe-83d1-cc0da2adef7b x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: ZMKoPHCMIAMF7wQ= x-content-type-options: nosniff x-amzn-trace-id: Root=1-6334be34-5ddb717430e7b38e3ee53657;Sampled=0 x-amzn-remapped-date: Wed, 28 Sep 2022 21:35:48 GMT x-amz-cf-pop: HIO50-C1, SEA19-C2 x-cache: Miss from cloudfront x-amz-cf-id: H713oiiX6wslZytV_P5NblH5vT7KZ2fv1G3DLKLrH5nw0lHOquia4w== via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google date: Wed, 28 Sep 2022 21:40:48 GMT etag: "c17c7bdfa4b40f9a0634da65c610869e5c410bf1" age: 31212 cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 4093 Md5: aed4d25286420a1405c3274931194002 Sha1: c17c7bdfa4b40f9a0634da65c610869e5c410bf1 Sha256: f32058bdd49930b927d1f9fdfd204ed054b4f85e0d679eff067d522d42ac504a
GET /?utm_term=7148682977822638105&ver=4viyaptcjo&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f097979b8790cacbf9c9fffdf4fdc2f2f0f3f2c7c4c5dadbebecece9e8eae4eae8e7e5e1eced191a52 HTTP/1.1 Host: abc.a18seftrk.click User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://abc.a18seftrk.click/?utm_medium=1d8189830eb362deafbaab2b506d817e330a7571&utm_campaign=BR_wifi&1=Advertizer&2=&cid=w2gpj570535bqmcj2k24a8ai&3= Cookie: u=16abc4a33105c12b869a59a089243d27 Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: same-origin TE: trailers	URL: abc.a18seftrk.click/?utm_term=7148682977822638105&ver=4 (...) FQDN: abc.a18seftrk.click IP: 65.60.58.180 HASH: c9a14fc2c17fb3fef3c869a2569029bd6aba7f90b64d7ee14500b6fbd294560e 65.60.58.180 HTTP/2 200 OK content-type: text/html; charset=utf-8 server: nginx date: Thu, 29 Sep 2022 06:20:59 GMT vary: Accept-Encoding x-powered-by: PHP/8.1.9 cache-control: no-store, no-cache, must-revalidate, max-age=0 pragma: no-cache expires: Thu, 01 Jan 1970 00:00:00 GMT strict-transport-security: max-age=31536000; includeSubdomains; content-encoding: gzip X-Firefox-Spdy: h2 --- Additional Info --- Magic: data Size: 748743 Md5: 6d56df0a090a51185c2a4fbb99936b12 Sha1: 067c87af9b7fbf9e36672291353711318c48c3e7 Sha256: c9a14fc2c17fb3fef3c869a2569029bd6aba7f90b64d7ee14500b6fbd294560e
GET /favicon.ico HTTP/1.1 Host: d0zi.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://d0zi.com/go.php?ad=6pvgwjuc578zbpcgxykd&sid=M7148682977822638105&pub=1659&pid=1659-72fa7ac6&c=0&app=unknown&br=Firefox&os=[[os]]&d=Mozilla+Firefox&ca=NO+WiFi&a=0&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b84 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin	URL: d0zi.com/favicon.ico FQDN: d0zi.com IP: 162.55.4.52 HASH: d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf 162.55.4.52 HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: nginx/1.20.1 Date: Thu, 29 Sep 2022 06:21:00 GMT Transfer-Encoding: chunked Connection: keep-alive Strict-Transport-Security: max-age=31536000 Content-Encoding: gzip --- Additional Info --- Magic: data Size: 20 Md5: a4745abc5e7fdb89cc6df3069f3c6e69 Sha1: 74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed Sha256: d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /sw.js?v=1664432456990 HTTP/1.1 Host: abc.a18seftrk.click User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Service-Worker: script Connection: keep-alive Cookie: u=16abc4a33105c12b869a59a089243d27 Sec-Fetch-Dest: serviceworker Sec-Fetch-Mode: same-origin Sec-Fetch-Site: same-origin If-Modified-Since: Fri, 23 Sep 2022 11:12:42 GMT If-None-Match: "632d94aa-307" Cache-Control: max-age=0 TE: trailers	URL: abc.a18seftrk.click/sw.js?v=1664432456990 FQDN: abc.a18seftrk.click IP: 65.60.58.180 HASH: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 65.60.58.180 HTTP/2 304 Not Modified server: nginx date: Thu, 29 Sep 2022 06:21:01 GMT last-modified: Fri, 23 Sep 2022 11:12:42 GMT vary: Accept-Encoding etag: "632d94aa-307" content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src ; style-src 'unsafe-inline'; X-Firefox-Spdy: h2 --- Additional Info --- Magic: Size: 0 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F48e2707b-f3b2-4e52-99ae-03c359b698de.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site TE: trailers	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: 130dab67cb6d80c741a7f2dadfd536bd6900204880dc3b68b2afbfa53dd3d781 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 8754 x-amzn-requestid: 175fc592-ed89-44fb-8cf7-8a4404f59d4b x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: ZC5OcHKkIAMFafA= x-content-type-options: nosniff x-amzn-trace-id: Root=1-633108c2-2c0c36007bc8bcb56a54e8a1;Sampled=0 x-amzn-remapped-date: Mon, 26 Sep 2022 02:04:50 GMT x-amz-cf-pop: SEA73-P1 x-cache: Hit from cloudfront x-amz-cf-id: -AhTOJwgY3-DnA_pYXdBL18wPP_fNeyDmZjkdkQ2J-xrBZSyRcdK3Q== via: 1.1 71e7943ea0729c284a06faa05a567236.cloudfront.net (CloudFront), 1.1 ead78c395f4bede3ec6cd7ea180e3d3a.cloudfront.net (CloudFront), 1.1 google date: Wed, 28 Sep 2022 20:59:31 GMT age: 33696 etag: "ba797da9b2d6942161fa02a0e431de4868b84327" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 8754 Md5: 556ea631652cbb77ff38dbe3bbc8c4d1 Sha1: ba797da9b2d6942161fa02a0e431de4868b84327 Sha256: 130dab67cb6d80c741a7f2dadfd536bd6900204880dc3b68b2afbfa53dd3d781
GET /?utm_medium=1d8189830eb362deafbaab2b506d817e330a7571&utm_campaign=BR_wifi&1=Advertizer&2=&cid=w2gpj570535bqmcj2k24a8ai&3= HTTP/1.1 Host: abc.a18seftrk.click User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: none Sec-Fetch-User: ?1	URL: abc.a18seftrk.click/?utm_medium=1d8189830eb362deafbaab2 (...) FQDN: abc.a18seftrk.click IP: 65.60.58.180 65.60.58.180 HTTP/2 200 OK content-type: text/html; charset=UTF-8 server: nginx date: Thu, 29 Sep 2022 06:20:59 GMT location: https://abc.a18seftrk.click/?utm_term=7148682977822638105&ver=4viyaptcjo vary: Accept-Encoding x-powered-by: PHP/8.1.9 cache-control: no-store, no-cache, must-revalidate, max-age=0 pragma: no-cache expires: Thu, 01 Jan 1970 00:00:00 GMT set-cookie: u=16abc4a33105c12b869a59a089243d27; expires=Fri, 29-Sep-2023 06:20:59 GMT; Max-Age=31536000; path=/ strict-transport-security: max-age=31536000; includeSubdomains; content-encoding: gzip X-Firefox-Spdy: h2 --- Additional Info ---
GET /proc.php?75dbbf6baae5e8429396d05000601c19cf585225 HTTP/1.1 Host: abc.a18seftrk.click User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://abc.a18seftrk.click/?utm_term=7148682977822638105&ver=4viyaptcjo&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f097979b8790cacbf9c9fffdf4fdc2f2f0f3f2c7c4c5dadbebecece9e8eae4eae8e7e5e1eced191a52 Cookie: u=16abc4a33105c12b869a59a089243d27 Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: same-origin TE: trailers	URL: abc.a18seftrk.click/proc.php?75dbbf6baae5e8429396d05000 (...) FQDN: abc.a18seftrk.click IP: 65.60.58.180 65.60.58.180 HTTP/2 200 OK content-type: text/html; charset=UTF-8 server: nginx date: Thu, 29 Sep 2022 06:21:00 GMT location: https://d0zi.com/go.php?ad=6pvgwjuc578zbpcgxykd&sid=M7148682977822638105&pub=1659&pid=1659-72fa7ac6&c=0&app=unknown&br=Firefox&os=[[os]]&d=Mozilla+Firefox&ca=NO+WiFi&a=0 vary: Accept-Encoding x-powered-by: PHP/8.1.9 cache-control: no-store, no-cache, must-revalidate, max-age=0 pragma: no-cache expires: Thu, 01 Jan 1970 00:00:00 GMT strict-transport-security: max-age=31536000; includeSubdomains; content-encoding: gzip X-Firefox-Spdy: h2 --- Additional Info ---

                                        
                                            GET /v1/ HTTP/1.1 

                                        
                                            
Host: firefox.settings.services.mozilla.com

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Sec-Fetch-Dest: empty 

                                        
                                            
Sec-Fetch-Mode: cors 

                                        
                                            
Sec-Fetch-Site: cross-site

                                         143.204.55.115

                                        
                                            HTTP/1.1 200 OK 

                                        
                                            
Content-Type: application/json

                                        

                                        
                                            
Content-Length: 939 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Access-Control-Allow-Origin: * 

                                        
                                            
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert 

                                        
                                            
Cache-Control: max-stale=0 

                                        
                                            
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; 

                                        
                                            
Date: Thu, 29 Sep 2022 05:29:34 GMT 

                                        
                                            
X-Content-Type-Options: nosniff 

                                        
                                            
X-Cache: Hit from cloudfront 

                                        
                                            
Via: 1.1 80d21802b1b80c40e55ccf83433b8eac.cloudfront.net (CloudFront) 

                                        
                                            
X-Amz-Cf-Pop: OSL50-C1 

                                        
                                            
X-Amz-Cf-Id: Z5PPB-C_oJ8RVlmeY3iEuiorMgKOvEQniGlPRiPPtbDracp9Ne3FcQ== 

                                        
                                            
Age: 3084 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators

                                                Size:   939

                                                Md5:    2d12f67fe57a87e7366b662d153a5582

                                                Sha1:   d7b02d81cc74f24a251d9363e0f4b0a149264ec1

                                                Sha256: 73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551

                                        
                                            POST / HTTP/1.1 

                                        
                                            
Host: r3.o.lencr.org

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Content-Type: application/ocsp-request 

                                        
                                            
Content-Length: 85 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Pragma: no-cache 

                                        
                                            
Cache-Control: no-cache

                                         23.36.76.226

                                        
                                            HTTP/1.1 200 OK 

                                        
                                            
Content-Type: application/ocsp-response

                                        

                                        
                                            
Server: nginx 

                                        
                                            
Content-Length: 503 

                                        
                                            
ETag: "A382476D14B6AE14003333E7ACDFBBD9AE8775D4C1A7D5C31116F33987043CFF" 

                                        
                                            
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC 

                                        
                                            
Cache-Control: public, no-transform, must-revalidate, max-age=2768 

                                        
                                            
Expires: Thu, 29 Sep 2022 07:07:06 GMT 

                                        
                                            
Date: Thu, 29 Sep 2022 06:20:58 GMT 

                                        
                                            
Connection: keep-alive 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  data

                                                Size:   503

                                                Md5:    6dd4587c98aef98ad0939030a6976a7f

                                                Sha1:   92dc5966ac2deb0c3ac7fdd02bf8d28f9239801e

                                                Sha256: a382476d14b6ae14003333e7acdfbbd9ae8775d4c1a7d5c31116f33987043cff

                                        
                                            GET /v1/tiles HTTP/1.1 

                                        
                                            
Host: contile.services.mozilla.com

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Sec-Fetch-Dest: empty 

                                        
                                            
Sec-Fetch-Mode: cors 

                                        
                                            
Sec-Fetch-Site: cross-site

                                         34.117.237.239

                                        
                                            HTTP/2 200 OK 

                                        
                                            
content-type: application/json

                                        

                                        
                                            
server: nginx 

                                        
                                            
date: Thu, 29 Sep 2022 06:20:58 GMT 

                                        
                                            
content-length: 12 

                                        
                                            
strict-transport-security: max-age=31536000 

                                        
                                            
via: 1.1 google 

                                        
                                            
alt-svc: clear 

                                        
                                            
X-Firefox-Spdy: h2 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  JSON data\012- , ASCII text, with no line terminators

                                                Size:   12

                                                Md5:    23e88fb7b99543fb33315b29b1fad9d6

                                                Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce

                                                Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

                                        
                                            POST / HTTP/1.1 

                                        
                                            
Host: ocsp.digicert.com

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Content-Type: application/ocsp-request 

                                        
                                            
Content-Length: 83 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Pragma: no-cache 

                                        
                                            
Cache-Control: no-cache

                                         93.184.220.29

                                        
                                            HTTP/1.1 200 OK 

                                        
                                            
Content-Type: application/ocsp-response

                                        

                                        
                                            
Accept-Ranges: bytes 

                                        
                                            
Age: 6151 

                                        
                                            
Cache-Control: 'max-age=158059' 

                                        
                                            
Date: Thu, 29 Sep 2022 06:20:59 GMT 

                                        
                                            
Last-Modified: Thu, 29 Sep 2022 04:38:28 GMT 

                                        
                                            
Server: ECS (ska/F70F) 

                                        
                                            
X-Cache: HIT 

                                        
                                            
Content-Length: 471 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  data

                                                Size:   471

                                                Md5:    3526d5ce1381ba26cbc553db057e1915

                                                Sha1:   fe01c920696448e8bf12e6fff877bce8281d34a2

                                                Sha256: 09604aed7cbca7971bfcb5afcb53591600b944f28eff21aa65dc601e78cdda53

                                        
                                            GET /favicon.ico HTTP/1.1 

                                        
                                            
Host: abc.a18seftrk.click

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 

                                        
                                            
Accept: image/avif,image/webp,*/* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Referer: https://abc.a18seftrk.click/?utm_term=7148682977822638105&ver=4viyaptcjo&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f097979b8790cacbf9c9fffdf4fdc2f2f0f3f2c7c4c5dadbebecece9e8eae4eae8e7e5e1eced191a52 

                                        
                                            
Cookie: u=16abc4a33105c12b869a59a089243d27 

                                        
                                            
Sec-Fetch-Dest: image 

                                        
                                            
Sec-Fetch-Mode: no-cors 

                                        
                                            
Sec-Fetch-Site: same-origin 

                                        
                                            
TE: trailers

                                         65.60.58.180

                                        
                                            HTTP/2 200 OK 

                                        
                                            
content-type: image/x-icon

                                        

                                        
                                            
server: nginx 

                                        
                                            
date: Thu, 29 Sep 2022 06:20:59 GMT 

                                        
                                            
content-length: 1150 

                                        
                                            
last-modified: Wed, 31 Jul 2019 07:48:51 GMT 

                                        
                                            
etag: "5d4147e3-47e" 

                                        
                                            
expires: Fri, 30 Sep 2022 06:20:59 GMT 

                                        
                                            
cache-control: max-age=86400 

                                        
                                            
strict-transport-security: max-age=31536000; includeSubdomains; 

                                        
                                            
accept-ranges: bytes 

                                        
                                            
X-Firefox-Spdy: h2 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data

                                                Size:   1150

                                                Md5:    91abe01116ab422c598e9c8af72cf4da

                                                Sha1:   0f2815fe8e067d48537ad168225ab4674271fa27

                                                Sha256: b1d7aef06456fe7431124129a28f0138bb5fccfa4f4161e3087de23c005e5edc

                                        
                                            POST / HTTP/1.1 

                                        
                                            
Host: r3.o.lencr.org

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Content-Type: application/ocsp-request 

                                        
                                            
Content-Length: 85 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Pragma: no-cache 

                                        
                                            
Cache-Control: no-cache

                                         23.36.76.226

                                        
                                            HTTP/1.1 200 OK 

                                        
                                            
Content-Type: application/ocsp-response

                                        

                                        
                                            
Server: nginx 

                                        
                                            
Content-Length: 503 

                                        
                                            
ETag: "25F075EFFBD8ACDED8F38D69EA17F673DE3E197B635274D4C52411EF577FE8E7" 

                                        
                                            
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC 

                                        
                                            
Cache-Control: public, no-transform, must-revalidate, max-age=9263 

                                        
                                            
Expires: Thu, 29 Sep 2022 08:55:23 GMT 

                                        
                                            
Date: Thu, 29 Sep 2022 06:21:00 GMT 

                                        
                                            
Connection: keep-alive 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  data

                                                Size:   503

                                                Md5:    47f245f9a098439e59436f81d4c03415

                                                Sha1:   950b3eadfd6fc7f859130fa2c63934c6ccd49889

                                                Sha256: 25f075effbd8acded8f38d69ea17f673de3e197b635274d4c52411ef577fe8e7

                                        
                                            POST / HTTP/1.1 

                                        
                                            
Host: r3.o.lencr.org

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Content-Type: application/ocsp-request 

                                        
                                            
Content-Length: 85 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Pragma: no-cache 

                                        
                                            
Cache-Control: no-cache

                                         23.36.76.226

                                        
                                            HTTP/1.1 200 OK 

                                        
                                            
Content-Type: application/ocsp-response

                                        

                                        
                                            
Server: nginx 

                                        
                                            
Content-Length: 503 

                                        
                                            
ETag: "25F075EFFBD8ACDED8F38D69EA17F673DE3E197B635274D4C52411EF577FE8E7" 

                                        
                                            
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC 

                                        
                                            
Cache-Control: public, no-transform, must-revalidate, max-age=9263 

                                        
                                            
Expires: Thu, 29 Sep 2022 08:55:23 GMT 

                                        
                                            
Date: Thu, 29 Sep 2022 06:21:00 GMT 

                                        
                                            
Connection: keep-alive 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  data

                                                Size:   503

                                                Md5:    47f245f9a098439e59436f81d4c03415

                                                Sha1:   950b3eadfd6fc7f859130fa2c63934c6ccd49889

                                                Sha256: 25f075effbd8acded8f38d69ea17f673de3e197b635274d4c52411ef577fe8e7

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6d393f81-26d4-4afa-b6ba-940a54002d7f.jpeg HTTP/1.1 

                                        
                                            
Host: img-getpocket.cdn.mozilla.net

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 

                                        
                                            
Accept: image/avif,image/webp,*/* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Origin: null 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Sec-Fetch-Dest: image 

                                        
                                            
Sec-Fetch-Mode: cors 

                                        
                                            
Sec-Fetch-Site: cross-site

                                         34.120.237.76

                                        
                                            HTTP/2 200 OK 

                                        
                                            
content-type: image/jpeg

                                        

                                        
                                            
server: nginx 

                                        
                                            
content-length: 6795 

                                        
                                            
x-amzn-requestid: 20067932-e2e5-410a-8c7a-a5f623f33454 

                                        
                                            
x-xss-protection: 1; mode=block 

                                        
                                            
access-control-allow-origin: * 

                                        
                                            
strict-transport-security: max-age=63072000; includeSubdomains; preload 

                                        
                                            
x-frame-options: DENY 

                                        
                                            
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' 

                                        
                                            
x-amz-apigw-id: ZDCs6FbooAMFyHg= 

                                        
                                            
x-content-type-options: nosniff 

                                        
                                            
x-amzn-trace-id: Root=1-633117ec-65749cd04e48e49a46b4c215;Sampled=0 

                                        
                                            
x-amzn-remapped-date: Mon, 26 Sep 2022 03:09:32 GMT 

                                        
                                            
x-amz-cf-pop: SEA73-P1 

                                        
                                            
x-cache: Miss from cloudfront 

                                        
                                            
x-amz-cf-id: o1q8r6PSQDQyLs4xfhCSXu4q8fFi3zIoAIMlwNznvOsEtORfuVumCA== 

                                        
                                            
via: 1.1 6a63e853422f3197776fb098fab5a416.cloudfront.net (CloudFront), 1.1 e80693c02cfdfd081110512210d57840.cloudfront.net (CloudFront), 1.1 google 

                                        
                                            
date: Thu, 29 Sep 2022 05:17:35 GMT 

                                        
                                            
age: 3805 

                                        
                                            
etag: "7057c6707c7299ac386c6b2164240eff241db294" 

                                        
                                            
cache-control: max-age=3600,public,public 

                                        
                                            
alt-svc: clear 

                                        
                                            
X-Firefox-Spdy: h2 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

                                                Size:   6795

                                                Md5:    9f94853ffae41ec3c0e002bc152da1c4

                                                Sha1:   7057c6707c7299ac386c6b2164240eff241db294

                                                Sha256: 818f3ff90d7b7923b4af4e423dbb01388795490ac2097e1d58d70608b95618f4

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6e97b5ce-1b94-4a15-a121-825f38a9d7d9.jpeg HTTP/1.1 

                                        
                                            
Host: img-getpocket.cdn.mozilla.net

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 

                                        
                                            
Accept: image/avif,image/webp,*/* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Origin: null 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Sec-Fetch-Dest: image 

                                        
                                            
Sec-Fetch-Mode: cors 

                                        
                                            
Sec-Fetch-Site: cross-site

                                         34.120.237.76

                                        
                                            HTTP/2 200 OK 

                                        
                                            
content-type: image/jpeg

                                        

                                        
                                            
server: nginx 

                                        
                                            
content-length: 9034 

                                        
                                            
x-amzn-requestid: ccfaad8d-c270-491f-b0fa-ac56fb1ba14e 

                                        
                                            
x-xss-protection: 1; mode=block 

                                        
                                            
access-control-allow-origin: * 

                                        
                                            
strict-transport-security: max-age=63072000; includeSubdomains; preload 

                                        
                                            
x-frame-options: DENY 

                                        
                                            
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' 

                                        
                                            
x-amz-apigw-id: ZGVJ_G2doAMFXqw= 

                                        
                                            
x-content-type-options: nosniff 

                                        
                                            
x-amzn-trace-id: Root=1-633268a6-1599ec83051ceef5038d1296;Sampled=0 

                                        
                                            
x-amzn-remapped-date: Tue, 27 Sep 2022 03:06:14 GMT 

                                        
                                            
x-amz-cf-pop: SEA73-P1 

                                        
                                            
x-cache: Miss from cloudfront 

                                        
                                            
x-amz-cf-id: G--ubYYfq5CFGAZzorD-TAgKentdIyvzSjrvqjTf_yGWDvjwX75KHg== 

                                        
                                            
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google 

                                        
                                            
date: Thu, 29 Sep 2022 04:20:21 GMT 

                                        
                                            
age: 7239 

                                        
                                            
etag: "927d5a375d9607b23caadae148566fdff10147b1" 

                                        
                                            
cache-control: max-age=3600,public,public 

                                        
                                            
alt-svc: clear 

                                        
                                            
X-Firefox-Spdy: h2 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

                                                Size:   9034

                                                Md5:    2054ae778a3079d8233ee33045127df6

                                                Sha1:   927d5a375d9607b23caadae148566fdff10147b1

                                                Sha256: 6b33c83c2b78b413ae375966860e1a9c8aa8e28dee107f9dd5bb8ceb221e607a

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F783cca30-851d-4c3b-97b3-dfc92f711d23.jpeg HTTP/1.1 

                                        
                                            
Host: img-getpocket.cdn.mozilla.net

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 

                                        
                                            
Accept: image/avif,image/webp,*/* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Origin: null 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Sec-Fetch-Dest: image 

                                        
                                            
Sec-Fetch-Mode: cors 

                                        
                                            
Sec-Fetch-Site: cross-site

                                         34.120.237.76

                                        
                                            HTTP/2 200 OK 

                                        
                                            
content-type: image/jpeg

                                        

                                        
                                            
server: nginx 

                                        
                                            
content-length: 4093 

                                        
                                            
x-amzn-requestid: 4275d743-8507-4fbe-83d1-cc0da2adef7b 

                                        
                                            
x-xss-protection: 1; mode=block 

                                        
                                            
access-control-allow-origin: * 

                                        
                                            
strict-transport-security: max-age=63072000; includeSubdomains; preload 

                                        
                                            
x-frame-options: DENY 

                                        
                                            
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' 

                                        
                                            
x-amz-apigw-id: ZMKoPHCMIAMF7wQ= 

                                        
                                            
x-content-type-options: nosniff 

                                        
                                            
x-amzn-trace-id: Root=1-6334be34-5ddb717430e7b38e3ee53657;Sampled=0 

                                        
                                            
x-amzn-remapped-date: Wed, 28 Sep 2022 21:35:48 GMT 

                                        
                                            
x-amz-cf-pop: HIO50-C1, SEA19-C2 

                                        
                                            
x-cache: Miss from cloudfront 

                                        
                                            
x-amz-cf-id: H713oiiX6wslZytV_P5NblH5vT7KZ2fv1G3DLKLrH5nw0lHOquia4w== 

                                        
                                            
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google 

                                        
                                            
date: Wed, 28 Sep 2022 21:40:48 GMT 

                                        
                                            
etag: "c17c7bdfa4b40f9a0634da65c610869e5c410bf1" 

                                        
                                            
age: 31212 

                                        
                                            
cache-control: max-age=3600,public,public 

                                        
                                            
alt-svc: clear 

                                        
                                            
X-Firefox-Spdy: h2 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

                                                Size:   4093

                                                Md5:    aed4d25286420a1405c3274931194002

                                                Sha1:   c17c7bdfa4b40f9a0634da65c610869e5c410bf1

                                                Sha256: f32058bdd49930b927d1f9fdfd204ed054b4f85e0d679eff067d522d42ac504a

                                        
                                            GET /favicon.ico HTTP/1.1 

                                        
                                            
Host: d0zi.com

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 

                                        
                                            
Accept: image/avif,image/webp,*/* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Referer: https://d0zi.com/go.php?ad=6pvgwjuc578zbpcgxykd&sid=M7148682977822638105&pub=1659&pid=1659-72fa7ac6&c=0&app=unknown&br=Firefox&os=[[os]]&d=Mozilla+Firefox&ca=NO+WiFi&a=0&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b84 

                                        
                                            
Sec-Fetch-Dest: image 

                                        
                                            
Sec-Fetch-Mode: no-cors 

                                        
                                            
Sec-Fetch-Site: same-origin

                                         162.55.4.52

                                        
                                            HTTP/1.1 200 OK 

                                        
                                            
Content-Type: text/html; charset=UTF-8

                                        

                                        
                                            
Server: nginx/1.20.1 

                                        
                                            
Date: Thu, 29 Sep 2022 06:21:00 GMT 

                                        
                                            
Transfer-Encoding: chunked 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Strict-Transport-Security: max-age=31536000 

                                        
                                            
Content-Encoding: gzip 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  data

                                                Size:   20

                                                Md5:    a4745abc5e7fdb89cc6df3069f3c6e69

                                                Sha1:   74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed

                                                Sha256: d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F48e2707b-f3b2-4e52-99ae-03c359b698de.jpeg HTTP/1.1 

                                        
                                            
Host: img-getpocket.cdn.mozilla.net

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 

                                        
                                            
Accept: image/avif,image/webp,*/* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Origin: null 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Sec-Fetch-Dest: image 

                                        
                                            
Sec-Fetch-Mode: cors 

                                        
                                            
Sec-Fetch-Site: cross-site 

                                        
                                            
TE: trailers

                                         34.120.237.76

                                        
                                            HTTP/2 200 OK 

                                        
                                            
content-type: image/jpeg

                                        

                                        
                                            
server: nginx 

                                        
                                            
content-length: 8754 

                                        
                                            
x-amzn-requestid: 175fc592-ed89-44fb-8cf7-8a4404f59d4b 

                                        
                                            
x-xss-protection: 1; mode=block 

                                        
                                            
access-control-allow-origin: * 

                                        
                                            
strict-transport-security: max-age=63072000; includeSubdomains; preload 

                                        
                                            
x-frame-options: DENY 

                                        
                                            
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' 

                                        
                                            
x-amz-apigw-id: ZC5OcHKkIAMFafA= 

                                        
                                            
x-content-type-options: nosniff 

                                        
                                            
x-amzn-trace-id: Root=1-633108c2-2c0c36007bc8bcb56a54e8a1;Sampled=0 

                                        
                                            
x-amzn-remapped-date: Mon, 26 Sep 2022 02:04:50 GMT 

                                        
                                            
x-amz-cf-pop: SEA73-P1 

                                        
                                            
x-cache: Hit from cloudfront 

                                        
                                            
x-amz-cf-id: -AhTOJwgY3-DnA_pYXdBL18wPP_fNeyDmZjkdkQ2J-xrBZSyRcdK3Q== 

                                        
                                            
via: 1.1 71e7943ea0729c284a06faa05a567236.cloudfront.net (CloudFront), 1.1 ead78c395f4bede3ec6cd7ea180e3d3a.cloudfront.net (CloudFront), 1.1 google 

                                        
                                            
date: Wed, 28 Sep 2022 20:59:31 GMT 

                                        
                                            
age: 33696 

                                        
                                            
etag: "ba797da9b2d6942161fa02a0e431de4868b84327" 

                                        
                                            
cache-control: max-age=3600,public,public 

                                        
                                            
alt-svc: clear 

                                        
                                            
X-Firefox-Spdy: h2 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

                                                Size:   8754

                                                Md5:    556ea631652cbb77ff38dbe3bbc8c4d1

                                                Sha1:   ba797da9b2d6942161fa02a0e431de4868b84327

                                                Sha256: 130dab67cb6d80c741a7f2dadfd536bd6900204880dc3b68b2afbfa53dd3d781

                                        
                                            GET /proc.php?75dbbf6baae5e8429396d05000601c19cf585225 HTTP/1.1 

                                        
                                            
Host: abc.a18seftrk.click

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 

                                        
                                            
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Referer: https://abc.a18seftrk.click/?utm_term=7148682977822638105&ver=4viyaptcjo&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f097979b8790cacbf9c9fffdf4fdc2f2f0f3f2c7c4c5dadbebecece9e8eae4eae8e7e5e1eced191a52 

                                        
                                            
Cookie: u=16abc4a33105c12b869a59a089243d27 

                                        
                                            
Upgrade-Insecure-Requests: 1 

                                        
                                            
Sec-Fetch-Dest: document 

                                        
                                            
Sec-Fetch-Mode: navigate 

                                        
                                            
Sec-Fetch-Site: same-origin 

                                        
                                            
TE: trailers

                                         65.60.58.180

                                        
                                            HTTP/2 200 OK 

                                        
                                            
content-type: text/html; charset=UTF-8

                                        

                                        
                                            
server: nginx 

                                        
                                            
date: Thu, 29 Sep 2022 06:21:00 GMT 

                                        
                                            
location: https://d0zi.com/go.php?ad=6pvgwjuc578zbpcgxykd&sid=M7148682977822638105&pub=1659&pid=1659-72fa7ac6&c=0&app=unknown&br=Firefox&os=[[os]]&d=Mozilla+Firefox&ca=NO+WiFi&a=0 

                                        
                                            
vary: Accept-Encoding 

                                        
                                            
x-powered-by: PHP/8.1.9 

                                        
                                            
cache-control: no-store, no-cache, must-revalidate, max-age=0 

                                        
                                            
pragma: no-cache 

                                        
                                            
expires: Thu, 01 Jan 1970 00:00:00 GMT 

                                        
                                            
strict-transport-security: max-age=31536000; includeSubdomains; 

                                        
                                            
content-encoding: gzip 

                                        
                                            
X-Firefox-Spdy: h2 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

URL	trk2.zsxdvcr.click/67fe7f2f-573d-4d77-aeaa-74c54d05a22b
IP	18.195.23.231 (Germany)
ASN	#16509 AMAZON-02
UserAgent	Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed	2022-09-29 06:21:09 UTC
Status	Loading report..
IDS alerts	0
Blocklist alert	2
urlquery alerts	No alerts detected
Tags	None

Overview

Domain Summary (10)

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Blocklists

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 18.195.23.231

Last 5 reports on ASN: AMAZON-02

Last 5 reports on domain: zsxdvcr.click

Last 5 reports with similar screenshot

JavaScript

Executed Scripts (5)

Executed Evals (0)

Executed Writes (0)

HTTP Transactions (25)

Overview

Domain Summary (10)

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro

Blocklists

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 18.195.23.231

Last 5 reports on ASN: AMAZON-02

Last 5 reports on domain: zsxdvcr.click

Last 5 reports with similar screenshot

JavaScript

Executed Scripts (5)

Executed Evals (0)

Executed Writes (0)

HTTP Transactions (25)

Network Intrusion Detection Systems