Overview

URLprelander.yayado199.com/landing/gh/pre/2/
IP 94.237.84.54 (Finland)
ASN#202053 UpCloud Ltd
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-11-25 13:46:22 UTC
StatusLoading report..
IDS alerts0
Blocklist alert7
urlquery alerts No alerts detected
Tags None

Domain Summary (11)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
ocsp.digicert.com (2) 86 2012-05-21 07:02:23 UTC 2020-05-02 20:58:10 UTC 93.184.220.29
img-getpocket.cdn.mozilla.net (6) 1631 2018-06-21 23:36:00 UTC 2020-02-19 04:43:25 UTC 34.120.237.76
content-signature-2.cdn.mozilla.net (1) 1152 No data No data 34.160.144.191
contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-11-25 05:51:47 UTC 34.117.237.239
ocsp.pki.goog (5) 175 2018-07-01 06:43:07 UTC 2020-05-02 20:58:16 UTC 142.250.74.3
fonts.gstatic.com (1) 0 2014-09-09 00:40:21 UTC 2022-11-25 06:26:28 UTC 216.58.207.195 Domain (gstatic.com) ranked at: 540
push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2020-05-03 10:09:39 UTC 52.42.74.230
prelander.yayado199.com (23) 0 2022-09-18 08:27:11 UTC 2022-11-25 02:09:13 UTC 94.237.84.54 Unknown ranking
r3.o.lencr.org (6) 344 No data No data 23.36.76.226
firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-11-25 06:03:02 UTC 34.102.187.140
fonts.googleapis.com (2) 8877 2013-06-10 20:14:26 UTC 2022-11-25 05:53:13 UTC 142.250.74.10

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
 No alerts detected

PhishTank
 No alerts detected

Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-11-25 2 prelander.yayado199.com/landing/gh/pre/2/ Phishing
2022-11-25 2 prelander.yayado199.com/landing/gh/pre/2/index_bestanden/script.js.download Phishing
2022-11-25 2 prelander.yayado199.com/landing/gh/pre/2/index_bestanden/jquery.min.js_002. (...) Phishing
2022-11-25 2 prelander.yayado199.com/landing/gh/pre/2/index_bestanden/confetti.js.download Phishing
2022-11-25 2 prelander.yayado199.com/landing/gh/pre/2/index_bestanden/count_down.js Phishing
2022-11-25 2 prelander.yayado199.com/landing/gh/pre/2/index_bestanden/confetti.js_002.do (...) Phishing
2022-11-25 2 prelander.yayado199.com/landing/gh/pre/2/index_bestanden/jquery.min.js.download Phishing

mnemonic secure dns
 No alerts detected

Quad9 DNS
 No alerts detected


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 94.237.84.54
Date UQ / IDS / BL URL IP
2023-02-01 06:37:10 +0000 0 - 0 - 5 s-1d705653515.turbowinners.net/prizewheel-fb? (...) 94.237.84.54
2023-01-31 11:55:16 +0000 0 - 0 - 2 www.naughtylotto.net/win_gold_min?tid=5xrluc4 (...) 94.237.84.54
2023-01-31 11:08:02 +0000 0 - 0 - 3 www.naughtylotto.net/win_gold?tid=5xrldh50b4r (...) 94.237.84.54
2023-01-31 10:41:18 +0000 0 - 0 - 2 s-1d704fa5503.turbowinners.net/prizewheel-fb 94.237.84.54
2023-01-31 07:01:50 +0000 0 - 0 - 1 s-1d704fa6471.turbowinners.net/survey?ctrack= (...) 94.237.84.54


Last 5 reports on ASN: UpCloud Ltd
Date UQ / IDS / BL URL IP
2023-02-01 06:37:10 +0000 0 - 0 - 5 s-1d705653515.turbowinners.net/prizewheel-fb? (...) 94.237.84.54
2023-02-01 06:23:59 +0000 0 - 3 - 1 1d656e709f3.tcbound.com/ 94.237.99.118
2023-01-31 13:20:19 +0000 0 - 0 - 1 secure-access-ff2c9irj24pslb26.fbmsg.xyz/ 5.22.211.159
2023-01-31 11:55:16 +0000 0 - 0 - 2 www.naughtylotto.net/win_gold_min?tid=5xrluc4 (...) 94.237.84.54
2023-01-31 11:47:32 +0000 0 - 0 - 1 1d704fa6555.turbowinners.net/prizewheel-fb?ct (...) 94.237.93.242


Last 5 reports on domain: yayado199.com
Date UQ / IDS / BL URL IP
2023-01-27 13:55:06 +0000 0 - 2 - 5 prelander.yayado199.com/landing/gh/pre/3/?dev (...) 94.237.84.54
2023-01-25 11:54:55 +0000 0 - 0 - 7 prelander.yayado199.com/landing/ar/pre/1/ 94.237.93.242
2023-01-23 03:06:02 +0000 0 - 0 - 7 prelander.yayado199.com/landing/ar/pre/1/ 94.237.84.54
2023-01-22 02:54:06 +0000 0 - 0 - 7 prelander.yayado199.com/landing/ng/pre/2/ 94.237.84.54
2023-01-20 06:41:05 +0000 0 - 0 - 7 prelander.yayado199.com/landing/ng/pre/2/ 94.237.84.54


Last 5 reports with similar screenshot
Date UQ / IDS / BL URL IP
2023-01-16 05:03:04 +0000 0 - 3 - 0 prelander.yayado199.com/landing/ng/pre/2/ 94.237.93.242
2023-01-15 16:54:42 +0000 0 - 3 - 0 prelander.yayado199.com/landing/ng/pre/2/ 94.237.93.242
2023-01-15 06:12:01 +0000 0 - 3 - 7 prelander.yayado199.com/landing/ng/pre/2/ 94.237.93.242
2023-01-06 20:18:00 +0000 0 - 0 - 6 furned-mashorses.com/81f761af-e835-44a4-a694- (...) 18.193.235.10
2022-12-21 23:24:15 +0000 0 - 3 - 0 prelander.yayado199.com/landing/ng/pre/2/ 94.237.93.242

JavaScript

Executed Scripts (13)

Executed Evals (0)

Executed Writes (1)
#1 JavaScript::Write (size: 0) - SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855


HTTP Transactions (50)


Request Response
                                        
                                            GET /landing/gh/pre/2/ HTTP/1.1 
Host: prelander.yayado199.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         94.237.84.54
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Transfer-Encoding: chunked
Vary: Accept-Encoding
Cache-Control: no-cache, private
Date: Fri, 25 Nov 2022 13:46:11 GMT
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (570)
Size:   4254
Md5:    b8c9ee24fc969016b62a34ea06847cd2
Sha1:   68dad11c75afbc864c8f5a41fa16fd166f726521
Sha256: 1c733790311ebe9d555e6e419527b137578561f8663302f30a1683a22a62233f

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "12AF026999398F4976749E320667D43DA3F99B7A2E8254ACA7A410A964A106AA"
Last-Modified: Thu, 24 Nov 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4072
Expires: Fri, 25 Nov 2022 14:54:03 GMT
Date: Fri, 25 Nov 2022 13:46:11 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 1043
Cache-Control: max-age=162146
Date: Fri, 25 Nov 2022 13:46:11 GMT
Etag: "63809972-1d7"
Expires: Sun, 27 Nov 2022 10:48:37 GMT
Last-Modified: Fri, 25 Nov 2022 10:31:14 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C9951A909F354174F0075A01C01C3C3AA6960983040E328BFBBBEA81AEB405C2"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6502
Expires: Fri, 25 Nov 2022 15:34:33 GMT
Date: Fri, 25 Nov 2022 13:46:11 GMT
Connection: keep-alive

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Length, Alert, Backoff, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 25 Nov 2022 13:19:07 GMT
cache-control: public,max-age=3600
age: 1624
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    4d7e4eed097b9c4e5d509419f1cfc85a
Sha1:   290bb3d428a7c6330e2e3d73a952b16f820896c8
Sha256: 0dc9ca0f57af15adcd416035e92794711434e3d53a1feff21d8481d6d500986c
                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: IqSEQmtM4xZSomVE8iNBwESKZqe90mdcRm30VpsV0vV8T9hgiELm2p6eP9bU5HEf3cLe3VnjgzM=
x-amz-request-id: HNV5HCD9SJHYE5GZ
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 25 Nov 2022 13:40:49 GMT
age: 322
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    9ebddc2b260d081ebbefee47c037cb28
Sha1:   492bad62a7ca6a74738921ef5ae6f0be5edebf39
Sha256: 74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
                                        
                                            GET /landing/gh/pre/2/index_bestanden/style.css HTTP/1.1 
Host: prelander.yayado199.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://prelander.yayado199.com/landing/gh/pre/2/

search
                                         94.237.84.54
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Fri, 25 Nov 2022 13:46:11 GMT
Last-Modified: Fri, 25 Nov 2022 10:17:33 GMT
Transfer-Encoding: chunked
Vary: Accept-Encoding
ETag: W/"6380963d-b4e"
Expires: Sat, 25 Nov 2023 13:46:11 GMT
Pragma: public
Cache-Control: max-age=31536000, public
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (2894), with no line terminators
Size:   1056
Md5:    faa6f3f8a14ce3a293417da0ca2e38a5
Sha1:   688591dc72f0157a05445f9a665841221868dd24
Sha256: b190c3a4e6b2a82020d8b60b2a778ac6aa07415eb3c42421fcc83a1b90fabb03
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Fri, 25 Nov 2022 13:46:11 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /landing/gh/pre/2/index_bestanden/main.css HTTP/1.1 
Host: prelander.yayado199.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://prelander.yayado199.com/landing/gh/pre/2/

search
                                         94.237.84.54
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Fri, 25 Nov 2022 13:46:11 GMT
Last-Modified: Fri, 25 Nov 2022 10:17:33 GMT
Transfer-Encoding: chunked
Vary: Accept-Encoding
ETag: W/"6380963d-2149"
Expires: Sat, 25 Nov 2023 13:46:11 GMT
Pragma: public
Cache-Control: max-age=31536000, public
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (8521), with no line terminators
Size:   1674
Md5:    9161cd75685e1d3b2f8c147e91f6e695
Sha1:   6b5cfacd4a8e738ca0c7d7665ac28f5b657a8fb2
Sha256: 4e9aa7da74ee59cc943ed5f6bd6759c3b88163c906a5424c4f73320ce0839e79
                                        
                                            GET /landing/gh/pre/2/index_bestanden/script.js.download HTTP/1.1 
Host: prelander.yayado199.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://prelander.yayado199.com/landing/gh/pre/2/

search
                                         94.237.84.54
HTTP/1.1 200 OK
Content-Type: application/octet-stream
                                        
Date: Fri, 25 Nov 2022 13:46:11 GMT
Content-Length: 3977
Last-Modified: Fri, 25 Nov 2022 10:17:33 GMT
ETag: "6380963d-f89"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text
Size:   3977
Md5:    af7eb0685a2dc74d072e84d50f39738f
Sha1:   e8dac0046b0fa00c655ef2b05a292e984d128457
Sha256: 424adf851ef0f98ea1b88589953e95aa27c5cdb746288371b63e253265cc233d

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /landing/gh/pre/2/index_bestanden/jquery.min.js_002.download HTTP/1.1 
Host: prelander.yayado199.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://prelander.yayado199.com/landing/gh/pre/2/

search
                                         94.237.84.54
HTTP/1.1 200 OK
Content-Type: application/octet-stream
                                        
Date: Fri, 25 Nov 2022 13:46:11 GMT
Content-Length: 146
Last-Modified: Fri, 25 Nov 2022 10:17:33 GMT
ETag: "6380963d-92"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text
Size:   146
Md5:    9f97026536ad96bb9348aeda55991266
Sha1:   cfaae714c4ba3e4882a51d217849dce2d62185b8
Sha256: 926e03efaa0a7fbc4cd7300208996e8d8f7438c74840d07872295643d17e4486

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /landing/gh/pre/2/index_bestanden/confetti.js.download HTTP/1.1 
Host: prelander.yayado199.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://prelander.yayado199.com/landing/gh/pre/2/

search
                                         94.237.84.54
HTTP/1.1 200 OK
Content-Type: application/octet-stream
                                        
Date: Fri, 25 Nov 2022 13:46:11 GMT
Content-Length: 5735
Last-Modified: Fri, 25 Nov 2022 10:17:33 GMT
ETag: "6380963d-1667"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text
Size:   5735
Md5:    0bf680ed10be0fc040015e7e735a4ae3
Sha1:   d02ea58f56584cb59cd2f7799822283032a666ee
Sha256: f79f02e3e9615682a3fa00c2aee52f2cea0656407ef311f5a0367dccd06186d9

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /landing/gh/pre/2/index_bestanden/count_down.js HTTP/1.1 
Host: prelander.yayado199.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://prelander.yayado199.com/landing/gh/pre/2/

search
                                         94.237.84.54
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
                                        
Date: Fri, 25 Nov 2022 13:46:11 GMT
Last-Modified: Fri, 25 Nov 2022 10:17:33 GMT
Transfer-Encoding: chunked
Vary: Accept-Encoding
ETag: W/"6380963d-38b"
Expires: Sat, 25 Nov 2023 13:46:11 GMT
Pragma: public
Cache-Control: max-age=31536000, public
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text
Size:   319
Md5:    538806ba0d72ae3a3d11cf066a754da3
Sha1:   e9982215ddc04502e9f1ece43032ed5b74f0e84a
Sha256: ecea3395f118bd3170886c9a41df0f6b8e81543ae2e70310a4586008e50865c5

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /landing/gh/pre/2/index_bestanden/confetti.js_002.download HTTP/1.1 
Host: prelander.yayado199.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://prelander.yayado199.com/landing/gh/pre/2/

search
                                         94.237.84.54
HTTP/1.1 200 OK
Content-Type: application/octet-stream
                                        
Date: Fri, 25 Nov 2022 13:46:11 GMT
Content-Length: 146
Last-Modified: Fri, 25 Nov 2022 10:17:33 GMT
ETag: "6380963d-92"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text
Size:   146
Md5:    9f97026536ad96bb9348aeda55991266
Sha1:   cfaae714c4ba3e4882a51d217849dce2d62185b8
Sha256: 926e03efaa0a7fbc4cd7300208996e8d8f7438c74840d07872295643d17e4486

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /landing/gh/pre/2/index_bestanden/lg.png HTTP/1.1 
Host: prelander.yayado199.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://prelander.yayado199.com/landing/gh/pre/2/

search
                                         94.237.84.54
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Fri, 25 Nov 2022 13:46:11 GMT
Content-Length: 6558
Last-Modified: Fri, 25 Nov 2022 10:17:33 GMT
ETag: "6380963d-199e"
Expires: Sat, 25 Nov 2023 13:46:11 GMT
Pragma: public
Cache-Control: max-age=31536000, public
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PNG image data, 150 x 68, 8-bit/color RGB, non-interlaced\012- data
Size:   6558
Md5:    ffc1d5eb3db2069d45b83ebd90df4c05
Sha1:   815ff53ec5930590e7f5f84afad2b0c0749c1981
Sha256: 853ab65b19a98e6d329dbe6b80ff3028280ef2dc22e518a02f87223516f7778f
                                        
                                            GET /landing/gh/pre/2/index_bestanden/flag.png HTTP/1.1 
Host: prelander.yayado199.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://prelander.yayado199.com/landing/gh/pre/2/

search
                                         94.237.84.54
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Fri, 25 Nov 2022 13:46:11 GMT
Content-Length: 4713
Last-Modified: Fri, 25 Nov 2022 10:17:33 GMT
ETag: "6380963d-1269"
Expires: Sat, 25 Nov 2023 13:46:11 GMT
Pragma: public
Cache-Control: max-age=31536000, public
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced\012- data
Size:   4713
Md5:    f17ef1a53de792f0c7540999939c0f34
Sha1:   7afcc607500bc1e50685af551402b7a8e7e5dd00
Sha256: d66ec1668060f0eaab7ba09c23b61ed7bacf42cbadc1f67a7a63b105e9495ad6
                                        
                                            GET /landing/gh/pre/2/index_bestanden/image.jpg HTTP/1.1 
Host: prelander.yayado199.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://prelander.yayado199.com/landing/gh/pre/2/

search
                                         94.237.84.54
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Fri, 25 Nov 2022 13:46:11 GMT
Content-Length: 152
Last-Modified: Fri, 25 Nov 2022 10:17:33 GMT
ETag: "6380963d-98"
Expires: Sat, 25 Nov 2023 13:46:11 GMT
Pragma: public
Cache-Control: max-age=31536000, public
Accept-Ranges: bytes


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text
Size:   152
Md5:    b57c9e69356902539499d044df308224
Sha1:   dd23e16f95802cbbc39873b5106ddd21cc39bca3
Sha256: 72b4790fa6fc089a2d989178ca605831ff881675b1f63a15a3bcf05dd4732c58
                                        
                                            GET /landing/gh/pre/2/index_bestanden/prof1.jpg HTTP/1.1 
Host: prelander.yayado199.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://prelander.yayado199.com/landing/gh/pre/2/

search
                                         94.237.84.54
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Fri, 25 Nov 2022 13:46:11 GMT
Content-Length: 10345
Last-Modified: Fri, 25 Nov 2022 10:17:33 GMT
ETag: "6380963d-2869"
Expires: Sat, 25 Nov 2023 13:46:11 GMT
Pragma: public
Cache-Control: max-age=31536000, public
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 275x183, components 3\012- data
Size:   10345
Md5:    5a4badf47a5770eaf1949c4ab1d67f8a
Sha1:   8e2d2339ae476f2cf5c85b2ec9fb0b4b6678ee08
Sha256: c67c6d7a01040c21f0b9b9b4e25bb5bb430c6cd2f9997d9d5c565455c0f7512e
                                        
                                            GET /landing/gh/pre/2/index_bestanden/prof2.jpg HTTP/1.1 
Host: prelander.yayado199.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://prelander.yayado199.com/landing/gh/pre/2/

search
                                         94.237.84.54
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Fri, 25 Nov 2022 13:46:11 GMT
Content-Length: 6457
Last-Modified: Fri, 25 Nov 2022 10:17:33 GMT
ETag: "6380963d-1939"
Expires: Sat, 25 Nov 2023 13:46:11 GMT
Pragma: public
Cache-Control: max-age=31536000, public
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 183x275, components 3\012- data
Size:   6457
Md5:    79532cee40655ba96be49ae506542b0f
Sha1:   075c172848c0941615650f0b89660e96063d3781
Sha256: 37b30999537206ebc82c493960abc4802cb53c62c4896ea9add056457d4db44b
                                        
                                            GET /landing/gh/pre/2/index_bestanden/image1.png HTTP/1.1 
Host: prelander.yayado199.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://prelander.yayado199.com/landing/gh/pre/2/

search
                                         94.237.84.54
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Fri, 25 Nov 2022 13:46:11 GMT
Content-Length: 61458
Last-Modified: Fri, 25 Nov 2022 10:17:33 GMT
ETag: "6380963d-f012"
Expires: Sat, 25 Nov 2023 13:46:11 GMT
Pragma: public
Cache-Control: max-age=31536000, public
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PNG image data, 448 x 327, 8-bit/color RGBA, non-interlaced\012- data
Size:   61458
Md5:    aaedad3a8040232d0a5a481d078606eb
Sha1:   d61a2fa1859a30e21c0575c1defea554326946e2
Sha256: 6392e253f6f24d63e2550ee633e993b761067f850e90c015af070cf7371457a0
                                        
                                            GET /landing/gh/pre/2/index_bestanden/jquery.min.js.download HTTP/1.1 
Host: prelander.yayado199.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://prelander.yayado199.com/landing/gh/pre/2/

search
                                         94.237.84.54
HTTP/1.1 200 OK
Content-Type: application/octet-stream
                                        
Date: Fri, 25 Nov 2022 13:46:11 GMT
Content-Length: 84380
Last-Modified: Fri, 25 Nov 2022 10:17:33 GMT
ETag: "6380963d-1499c"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with very long lines (32025)
Size:   84380
Md5:    4a356126b9573eb7bd1e9a7494737410
Sha1:   8258d046f17dd3c15a5d3984e1868b7b5d1db329
Sha256: 22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /landing/gh/pre/2/index_bestanden/chk1.jpg HTTP/1.1 
Host: prelander.yayado199.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://prelander.yayado199.com/landing/gh/pre/2/

search
                                         94.237.84.54
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Fri, 25 Nov 2022 13:46:11 GMT
Content-Length: 35730
Last-Modified: Fri, 25 Nov 2022 10:17:33 GMT
ETag: "6380963d-8b92"
Expires: Sat, 25 Nov 2023 13:46:11 GMT
Pragma: public
Cache-Control: max-age=31536000, public
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2021:09:21 17:53:11], baseline, precision 8, 300x142, components 3\012- data
Size:   35730
Md5:    299d903fdfa1d51c37cfc2ad44752c11
Sha1:   ed145a2ded20be7a16c2c0a075a24e6be714ec4f
Sha256: 8b68d68954920ff38509433c21e7ee78e20ddfe79e259422743ab0cd0931c828
                                        
                                            GET /landing/gh/pre/2/index_bestanden/ld.gif HTTP/1.1 
Host: prelander.yayado199.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://prelander.yayado199.com/landing/gh/pre/2/

search
                                         94.237.84.54
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Date: Fri, 25 Nov 2022 13:46:11 GMT
Content-Length: 121587
Last-Modified: Fri, 25 Nov 2022 10:17:33 GMT
ETag: "6380963d-1daf3"
Expires: Sat, 25 Nov 2023 13:46:11 GMT
Pragma: public
Cache-Control: max-age=31536000, public
Accept-Ranges: bytes


--- Additional Info ---
Magic:  GIF image data, version 89a, 246 x 246\012- data
Size:   121587
Md5:    1f32223b3bcbe23d6efe15d914206440
Sha1:   1faa0c1e65002ca3880cb764be63abef5a3efac5
Sha256: c0f27622e1c77dfe225b6e2637211c61861471c39e585461a5dc55017950e92a
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 25 Nov 2022 13:46:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 25 Nov 2022 13:46:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /landing/gh/pre/2/index_bestanden/chk2.jpg HTTP/1.1 
Host: prelander.yayado199.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://prelander.yayado199.com/landing/gh/pre/2/

search
                                         94.237.84.54
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Fri, 25 Nov 2022 13:46:11 GMT
Content-Length: 35283
Last-Modified: Fri, 25 Nov 2022 10:17:33 GMT
ETag: "6380963d-89d3"
Expires: Sat, 25 Nov 2023 13:46:11 GMT
Pragma: public
Cache-Control: max-age=31536000, public
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2021:09:21 17:53:11], baseline, precision 8, 300x142, components 3\012- data
Size:   35283
Md5:    f63bd95bace12abcdbd1b4cea3c53838
Sha1:   2d1bd1144d1c770e7acc5b1b513b08a700346f4b
Sha256: 6b25d6745dc669f4c22ecb75e4ce3156a97654547c659630124dd3ca4e8488dc
                                        
                                            GET /landing/gh/pre/2/index_bestanden/prof3.jpg HTTP/1.1 
Host: prelander.yayado199.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://prelander.yayado199.com/landing/gh/pre/2/

search
                                         94.237.84.54
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Fri, 25 Nov 2022 13:46:11 GMT
Content-Length: 5794
Last-Modified: Fri, 25 Nov 2022 10:17:33 GMT
ETag: "6380963d-16a2"
Expires: Sat, 25 Nov 2023 13:46:11 GMT
Pragma: public
Cache-Control: max-age=31536000, public
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 187x269, components 3\012- data
Size:   5794
Md5:    e8698996594cccdbf7b8a384d4377e87
Sha1:   1bc304a5163999cb88e9708bf6595ea28972b224
Sha256: c3d4c6ee1005b09196391246633bfcbeb796efc289e366b5f04a72ea8728cc51
                                        
                                            GET /landing/gh/pre/2/index_bestanden/prof5.jpg HTTP/1.1 
Host: prelander.yayado199.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://prelander.yayado199.com/landing/gh/pre/2/

search
                                         94.237.84.54
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Fri, 25 Nov 2022 13:46:11 GMT
Content-Length: 10447
Last-Modified: Fri, 25 Nov 2022 10:17:33 GMT
ETag: "6380963d-28cf"
Expires: Sat, 25 Nov 2023 13:46:11 GMT
Pragma: public
Cache-Control: max-age=31536000, public
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 194x259, components 3\012- data
Size:   10447
Md5:    d099cd3c07e651efbd393a892db24557
Sha1:   40d38f97159a21b13ff4d34fecd0263be367b1dc
Sha256: 6204e257de3c4f0c43349d03361662e1841f1b757fcd339679d45befce20a456
                                        
                                            GET /landing/gh/pre/2/index_bestanden/prof4.jpg HTTP/1.1 
Host: prelander.yayado199.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://prelander.yayado199.com/landing/gh/pre/2/

search
                                         94.237.84.54
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Fri, 25 Nov 2022 13:46:11 GMT
Content-Length: 9318
Last-Modified: Fri, 25 Nov 2022 10:17:33 GMT
ETag: "6380963d-2466"
Expires: Sat, 25 Nov 2023 13:46:11 GMT
Pragma: public
Cache-Control: max-age=31536000, public
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 183x276, components 3\012- data
Size:   9318
Md5:    8ef83b527384b6f59494abb927000f00
Sha1:   e79daea4c9e46f16eed2c59cf27bc7d75eab5761
Sha256: 51c69a9ec25b6901136b0c91a5028cc5c1a0dc6049e6257500c79d49b35ece3b
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 25 Nov 2022 13:46:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /landing/gh/pre/2/img/bg.jpg HTTP/1.1 
Host: prelander.yayado199.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://prelander.yayado199.com/landing/gh/pre/2/index_bestanden/style.css

search
                                         94.237.84.54
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=utf-8
                                        
Date: Fri, 25 Nov 2022 13:46:11 GMT
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   106
Md5:    41e26d195447e282a13a3219d61c130c
Sha1:   4eb09944c10ac39f6adeebb6be44c8a1d732bc79
Sha256: f9ed0f2922c4344a8b293d792c2d81fa68e568256170dbed363adb679d1e7783
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 25 Nov 2022 13:46:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /s/changa/v20/2-c79JNi2YuVOUcOarRPgnNGooxCZ62xcjfj9w.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://prelander.yayado199.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         216.58.207.195
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 9120
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 24 Nov 2022 07:31:18 GMT
expires: Fri, 24 Nov 2023 07:31:18 GMT
cache-control: public, max-age=31536000
age: 108893
last-modified: Fri, 24 Jun 2022 18:40:48 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 9120, version 1.0\012- data
Size:   9120
Md5:    18ad880aaa4e28b6cd1ef0d30ac95573
Sha1:   da6a33a1ecc296aa481432e2727b273140b78543
Sha256: f2c5710634752d1a156adf5ac961c8400e3a577c90f97a6a293a07f4a28957fd
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: prelander.yayado199.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://prelander.yayado199.com/landing/gh/pre/2/

search
                                         94.237.84.54
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=utf-8
                                        
Date: Fri, 25 Nov 2022 13:46:11 GMT
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   106
Md5:    41e26d195447e282a13a3219d61c130c
Sha1:   4eb09944c10ac39f6adeebb6be44c8a1d732bc79
Sha256: f9ed0f2922c4344a8b293d792c2d81fa68e568256170dbed363adb679d1e7783
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 25 Nov 2022 13:46:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Cache-Control, ETag, Pragma, Expires, Backoff, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 25 Nov 2022 13:08:53 GMT
cache-control: public,max-age=3600
age: 2238
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3241
Cache-Control: max-age=159280
Date: Fri, 25 Nov 2022 13:46:12 GMT
Etag: "638085ab-1d7"
Expires: Sun, 27 Nov 2022 10:00:52 GMT
Last-Modified: Fri, 25 Nov 2022 09:06:51 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 1UiUYmBgAlGKXW55AF+4hg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         52.42.74.230
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: isEni93e0ujy6bPccCSLSIAjsQg=

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3931
Expires: Fri, 25 Nov 2022 14:51:44 GMT
Date: Fri, 25 Nov 2022 13:46:13 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3931
Expires: Fri, 25 Nov 2022 14:51:44 GMT
Date: Fri, 25 Nov 2022 13:46:13 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3931
Expires: Fri, 25 Nov 2022 14:51:44 GMT
Date: Fri, 25 Nov 2022 13:46:13 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3931
Expires: Fri, 25 Nov 2022 14:51:44 GMT
Date: Fri, 25 Nov 2022 13:46:13 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F44e0daff-bc52-4621-aa2f-d9c59da29c1c.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 3955
x-amzn-requestid: 42c8d309-a8d2-47cc-8d97-c7fa3a63f8cd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cCM9NGJHoAMF4sQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637d8eba-2a06cda9346bd02c46955444;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 03:08:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 5MlzpHpq7auKLSAYikINuPAylXI11VJL3xxIJ9Dyub-7rjQaPfg0WQ==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 04:23:00 GMT
age: 33793
etag: "74cb2ccd6ae38b171bfbe5a74f0eccb09aa3836b"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   3955
Md5:    4006a9037ab5f28dca62b0aa7a704c41
Sha1:   74cb2ccd6ae38b171bfbe5a74f0eccb09aa3836b
Sha256: 556ae6516a1f272a96569a3637858292731a34e82672b682f6e7442ca68f4b1d
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F20a12e2c-1403-4b39-9da1-b2be17a6bbd1.png HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 11954
x-amzn-requestid: 0c912d90-72b5-4060-ae22-c2ecbe16b57a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b8J-nEFEoAMF2eA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637b2390-503ead086c8021af6eaeaa85;Sampled=0
x-amzn-remapped-date: Mon, 21 Nov 2022 07:06:56 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: JZAeoFNsUy2usSV7O41YGIfVow9gaIMXuKnfcaundLduQ5UX2eTKOQ==
via: 1.1 42ef990e439ae115ff739f04e3945234.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 17:17:27 GMT
age: 73726
etag: "b80047da428636adb7027f12718c8d11bd461da4"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   11954
Md5:    6673267df195141739d1018c17101368
Sha1:   b80047da428636adb7027f12718c8d11bd461da4
Sha256: de30af07eed7326a1326c831e04727649a112c20d0c485a7e973edd96f91bfaa
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F80e95b58-6cf9-4974-a4ce-f8515ca995ee.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 11743
x-amzn-requestid: 9ab0aba7-5cd1-4f6c-8984-dc221e1cbf8e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cICD-F7joAMFqmA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637fe3b2-152ba5f1495a44447356cdab;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 21:35:46 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: oWSNdsrz59sJC2znLnFqa_Zm3T14_d6j-rjzDQe4yV22Dy2Qc4Swaw==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 21:54:45 GMT
age: 57088
etag: "b0ddc1555d2506177adcdcea77864d75f1245d07"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   11743
Md5:    8784bb7a8b88736a6016f712e3183bf3
Sha1:   b0ddc1555d2506177adcdcea77864d75f1245d07
Sha256: 8e331713b0ad0b5670dd33dfdadde665e076a40ddb80905d4df89876d49803d8
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F00e89fb5-5cb3-4f68-936b-5ee31d6061bc.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8006
x-amzn-requestid: 78aab013-df11-464b-a1c7-ee41b7e77b40
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cIB-AHSrIAMFvKw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637fe38c-4d795f410a57fc2c21d7075d;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 21:35:08 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: NntLZ3wUdcX9kEo-afFLU0TPKgqAlSK3bToNh2mmoqoyLBJINNk7ow==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 21:54:39 GMT
age: 57094
etag: "5d15fd672e968d59b541e4d5d0d01cd5e69f4075"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8006
Md5:    8b6ee13d43732f7c764a49500d092865
Sha1:   5d15fd672e968d59b541e4d5d0d01cd5e69f4075
Sha256: fc3623d527147e1c6aab399251ed8d527e6eefdee6ad7183f00df2613498bfe4
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fca5cb469-21a0-420a-875c-a81635b33f53.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7993
x-amzn-requestid: 9f0ff853-4819-47cd-959d-658401ea5748
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cEvCsG5mIAMFqAQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637e9211-1c48b9223684f2942f8dd42d;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 21:35:13 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 7YSXUV-LZpsI7vciFhuqt1EVr6YRkhxcOgMg8z8bxLcOE01_baf6Gg==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 21:47:53 GMT
age: 57500
etag: "43d1dec7fc06879988c9c3cadd800cc8145df988"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7993
Md5:    92c78302bcce1568eb6a5563100b932c
Sha1:   43d1dec7fc06879988c9c3cadd800cc8145df988
Sha256: 0dda9914306c8e3a7ea75eade8e762652d93907dd6c5a8cc81707d6d8098b60a
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4309
x-amzn-requestid: 47c2739d-73c5-4d91-914c-fe635cb09772
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b1U8xGxgIAMF-qQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63786851-6fbe19dc5c4c20dd657604e3;Sampled=0
x-amzn-remapped-date: Sat, 19 Nov 2022 05:23:29 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: j_8oVo464QMWMnmkxQJIDRhaIVmwhzCTHe4A57OdmaUr9HcyTtBUjg==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 2750b94b402c92287d764b5fa115a042.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 05:04:28 GMT
age: 31305
etag: "126771b86638108050cf57c0d12faa27f80f0edb"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4309
Md5:    841a4b110022a99ddea6f7bf66df0fa1
Sha1:   126771b86638108050cf57c0d12faa27f80f0edb
Sha256: 240fbffc1f9104433297d3ff7afba2d0b58d7f1b13d9a9260a1bad25216665db
                                        
                                            GET /css?family=Cairo:700 HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://prelander.yayado199.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.10
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 25 Nov 2022 13:46:11 GMT
date: Fri, 25 Nov 2022 13:46:11 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /css?family=Changa HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://prelander.yayado199.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.10
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 25 Nov 2022 13:46:11 GMT
date: Fri, 25 Nov 2022 13:46:11 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---