oxbkp.track4ref.com/redirect/index?type=script&to=aHR0cDovL294YmtwLnRyYWNrNHJlZi5jb20=&data=aHR0cHM6Ly9nZG10cmNrLmNvbS8/YT0xMTc1NjcmYz0yNzk1NjUmczE9JnMyPWNkaHN4NjMzYjNkNWIwMDA3MTkxZSZzMz0mczQ9JnM1PSZzNj0=&action=action_tmp
52.19.101.114200 OK 243 B URL HTTP/1.1 oxbkp.track4ref.com/redirect/index?type=script&to=aHR0cDovL294YmtwLnRyYWNrNHJlZi5jb20=&data=aHR0cHM6Ly9nZG10cmNrLmNvbS8/YT0xMTc1NjcmYz0yNzk1NjUmczE9JnMyPWNkaHN4NjMzYjNkNWIwMDA3MTkxZSZzMz0mczQ9JnM1PSZzNj0=&action=action_tmp
IP 52.19.101.114:0
File type HTML document, ASCII text, with no line terminators
Hash 5c6f14cb3c564924823bee02a928b040
8e697dbc1cf0acc73d1e3a806cac606d2854dcde
b855e1065153e47e41786512666b13c6c6a30e32ae6e08a5d41660dec9d351b9
GET /redirect/index?type=script&to=aHR0cDovL294YmtwLnRyYWNrNHJlZi5jb20=&data=aHR0cHM6Ly9nZG10cmNrLmNvbS8/YT0xMTc1NjcmYz0yNzk1NjUmczE9JnMyPWNkaHN4NjMzYjNkNWIwMDA3MTkxZSZzMz0mczQ9JnM1PSZzNj0=&action=action_tmp HTTP/1.1
Host: oxbkp.track4ref.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Oct 2022 19:52:12 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 243
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
143.204.55.36200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.36:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 1b3053fa528e28810f8a2cc9284cc921
cca9eb471d941881a6b9a1793aecb6c281908f6a
a2427848ba35575dda8a82cf88f104978234c05389deebc3fc8279d9075eff45
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Backoff, Content-Length, Retry-After
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Mon, 03 Oct 2022 19:46:51 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 e49f22f18c16784c0f42291e768d1daa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: pg0gImaaqEEj0eE3GRb3Nl3QX_n9iZBeFlkiYYxmrnrbkfg6iPrayg==
Age: 321
r3.o.lencr.org/
23.36.76.225200 OK 503 B IP 23.36.76.225:0
ASN #20940 Akamai International B.V.
Hash 9955bda9c9ef64bc5700a14af0bae25e
8de7b7469e905af0374bdfcc3006bbb844f13e94
1f611155394fac39439b8ec8217d8cd493d6b588d372d264e0d66c03129c50c6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1F611155394FAC39439B8EC8217D8CD493D6B588D372D264E0D66C03129C50C6"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7764
Expires: Mon, 03 Oct 2022 22:01:36 GMT
Date: Mon, 03 Oct 2022 19:52:12 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.225200 OK 503 B IP 23.36.76.225:0
ASN #20940 Akamai International B.V.
Hash 74134730f642b6f6dfeca3ecc61a329e
668914cc93cceb123d199a45df13ad764704fa84
d681a4c2e20a6019c7e2d980cbfa77b34db9356899099296c3b8b4263ca5fb5f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D681A4C2E20A6019C7E2D980CBFA77B34DB9356899099296C3B8B4263CA5FB5F"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5689
Expires: Mon, 03 Oct 2022 21:27:01 GMT
Date: Mon, 03 Oct 2022 19:52:12 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: c3Ocxzn/kyBebbS/M01pBjlAT6D2HuoTA/R0D3b5RzEfCtLmX4N9WYhP9v+uyo/yxmI0SS7hUAU=
x-amz-request-id: NE208ZWBRZT0CJ1P
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 03 Oct 2022 19:50:45 GMT
age: 87
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
etag: "6113f8408c59aebe188d6af273b90743"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 03 Oct 2022 19:52:12 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
oxbkp.track4ref.com/redirect/index?type=script&to=aHR0cDovL294YmtwLnRyYWNrNHJlZi5jb20=&data=aHR0cHM6Ly9nZG10cmNrLmNvbS8/YT0xMTc1NjcmYz0yNzk1NjUmczE9JnMyPWNkaHN4NjMzYjNkNWIwMDA3MTkxZSZzMz0mczQ9JnM1PSZzNj0=&action=action_final
52.19.101.114200 OK 121 B URL HTTP/1.1 oxbkp.track4ref.com/redirect/index?type=script&to=aHR0cDovL294YmtwLnRyYWNrNHJlZi5jb20=&data=aHR0cHM6Ly9nZG10cmNrLmNvbS8/YT0xMTc1NjcmYz0yNzk1NjUmczE9JnMyPWNkaHN4NjMzYjNkNWIwMDA3MTkxZSZzMz0mczQ9JnM1PSZzNj0=&action=action_final
IP 52.19.101.114:0
File type HTML document, ASCII text, with no line terminators
Hash 865bf769e36588cdbca1d5a3e85e5143
c1212ac4ac0779c4f06a571fe010411f599e7186
52246ecf66fe96e39274d662861a39caea2fa290e318309e7d3ceacfa336ce71
GET /redirect/index?type=script&to=aHR0cDovL294YmtwLnRyYWNrNHJlZi5jb20=&data=aHR0cHM6Ly9nZG10cmNrLmNvbS8/YT0xMTc1NjcmYz0yNzk1NjUmczE9JnMyPWNkaHN4NjMzYjNkNWIwMDA3MTkxZSZzMz0mczQ9JnM1PSZzNj0=&action=action_final HTTP/1.1
Host: oxbkp.track4ref.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://oxbkp.track4ref.com/redirect/index?type=script&to=aHR0cDovL294YmtwLnRyYWNrNHJlZi5jb20=&data=aHR0cHM6Ly9nZG10cmNrLmNvbS8/YT0xMTc1NjcmYz0yNzk1NjUmczE9JnMyPWNkaHN4NjMzYjNkNWIwMDA3MTkxZSZzMz0mczQ9JnM1PSZzNj0=&action=action_tmp
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Oct 2022 19:52:12 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 121
Connection: keep-alive
ocsp.sca1b.amazontrust.com/
54.230.245.118200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.118:0
Hash 142f45db2899248aeceddc70e3401b22
6426b89d1cd593a4824909b032d03be56f99506d
9d878aafd4e80d9f2fd70893ff4357eefcb1080ec0bfbeb3e0a832ec5f8e569b
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Mon, 03 Oct 2022 19:52:12 GMT
Last-Modified: Mon, 03 Oct 2022 18:32:22 GMT
Server: ECS (dcb/7EEE)
X-Cache: Miss from cloudfront
Via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: ychWzePg5IqOQLeYKJjkFXDj528zCMYCOPyCfPA3dNjELOHUgobKGg==
Age: 4790
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.36200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.36:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Mon, 03 Oct 2022 19:29:33 GMT
Expires: Mon, 03 Oct 2022 20:15:09 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: vocuvsT3Tp7lmHxL1G9Z0ufHxe0l8zpT5AdKXeDMgBYzGRbUBr20Yw==
Age: 1360
r3.o.lencr.org/
23.36.76.225200 OK 503 B IP 23.36.76.225:0
ASN #20940 Akamai International B.V.
Hash 4ed22e7118c6182ba9fb675c1c3d1d87
34980aa56f77254714e869af5399055333386468
6bf8f85c63523dea5146317426d2728de889551247bf92b8d24485140212524c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6BF8F85C63523DEA5146317426D2728DE889551247BF92B8D24485140212524C"
Last-Modified: Mon, 03 Oct 2022 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21505
Expires: Tue, 04 Oct 2022 01:50:38 GMT
Date: Mon, 03 Oct 2022 19:52:13 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 321fa9a78e31dcb66601ac5890bfba73
c325580db79bde6fd00d2d0c7e3f675e4c0046bb
83029b324b4c36522ae47eef9614c124b0ad2994de412d7ea82f990ad8ae9d92
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4374
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 03 Oct 2022 19:52:13 GMT
Last-Modified: Mon, 03 Oct 2022 18:39:19 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471
www.jetzt-dabei-sein.com/de,flexfancy,zooloo_910.html?idPartner=85&&idCampaignAd=0&subId=117567&subIdentifier=dbaf142fbe6f4ec9a44b2eff73905fdbfff3&aps=&aps2=&rlmset=cube_de
130.255.79.215302 Found 0 B URL HTTP/2 www.jetzt-dabei-sein.com/de,flexfancy,zooloo_910.html?idPartner=85&&idCampaignAd=0&subId=117567&subIdentifier=dbaf142fbe6f4ec9a44b2eff73905fdbfff3&aps=&aps2=&rlmset=cube_de
IP 130.255.79.215:0
ASN #29141 Bradler & Krantz GmbH & Co. KG
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /de,flexfancy,zooloo_910.html?idPartner=85&&idCampaignAd=0&subId=117567&subIdentifier=dbaf142fbe6f4ec9a44b2eff73905fdbfff3&aps=&aps2=&rlmset=cube_de HTTP/1.1
Host: www.jetzt-dabei-sein.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://oxbkp.track4ref.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=kk6ml0p81836osd1ca64244f00; path=/
coyoteTrackingCookie_910=442916815; expires=Wed, 02-Nov-2022 19:52:13 GMT; Max-Age=2592000; path=/;samesite=None; Secure
coyoteSimpleTrackingCookie=442916815; expires=Wed, 02-Nov-2022 19:52:13 GMT; Max-Age=2592000; path=/;SameSite=None; Secure
location: https://mubayiro.de/campaign_1173.html?coyoteAffiliTokenId=442916815&aps=&aps2=&rlmset=cube_de&
vary: User-Agent
content-length: 0
content-type: text/html; charset=UTF-8
date: Mon, 03 Oct 2022 19:52:13 GMT
server: Apache
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.225200 OK 503 B IP 23.36.76.225:0
ASN #20940 Akamai International B.V.
Hash 1a03405a81ff55cab85436fde6c6bcbe
8fa23e3a5931f4ad1255c7b29fd053eb6ecae0dd
cc4c3e7f2148bf51813f105631967b4326f33ce82dfba620dd34ac9b95ae6461
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CC4C3E7F2148BF51813F105631967B4326F33CE82DFBA620DD34AC9B95AE6461"
Last-Modified: Sun, 02 Oct 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16676
Expires: Tue, 04 Oct 2022 00:30:09 GMT
Date: Mon, 03 Oct 2022 19:52:13 GMT
Connection: keep-alive
push.services.mozilla.com/
35.162.110.205101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.162.110.205:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: ZJLiV4xT3MayeG9iK8PVLQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 3Nxm+XMcX882rJG85ld3MgBZsgM=
mubayiro.de/campaign_1173.html?coyoteAffiliTokenId=442916815&aps=&aps2=&rlmset=cube_de&
130.255.79.215200 OK 16 kB URL HTTP/2 mubayiro.de/campaign_1173.html?coyoteAffiliTokenId=442916815&aps=&aps2=&rlmset=cube_de&
IP 130.255.79.215:0
ASN #29141 Bradler & Krantz GmbH & Co. KG
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1905), with CRLF, LF line terminators
Hash a998f40ab36ef4097e871d9730d9eaa4
34ed62beafc5b3fcc89590b78c8e11fb94747a83
e1ce7deef2a2551795ea6cf695cee2c1f7dd29239fa529b5beac7180de63d5d2
GET /campaign_1173.html?coyoteAffiliTokenId=442916815&aps=&aps2=&rlmset=cube_de& HTTP/1.1
Host: mubayiro.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://oxbkp.track4ref.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=f747j0a3soeo98lr3soefg4mtq; path=/
coyoteAffiliTokenId1173=442916815; expires=Mon, 03-Oct-2022 23:52:13 GMT; Max-Age=14400; path=/
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 16340
content-type: text/html; charset=UTF-8
date: Mon, 03 Oct 2022 19:52:13 GMT
server: Apache
X-Firefox-Spdy: h2
p2e9r4n9.stackpathcdn.com/__pbaseruv.min.js?ak=4419fb3582f78f4682e1fa79b67675582c6f9ece&dg=0&ci=1&gv=5&s1=85&s2=117567&s3=1173&s4=dbaf142fbe6f4ec9a44b2eff73905fdbfff3&s5=cube_de&s6=S6MACRO&s7=S7MACRO&s8=S8MACRO&s9=S9MACRO&s10=S10MACRO&s11=S11MACRO&s12=S12MACRO&s13=S13MACRO&s14=S14MACRO&s15=S15MACRO&s16=S16MACRO&s17=S17MACRO&s18=S18MACRO&s19=S19MACRO&s20=442916815
151.139.128.11200 OK 7.0 kB URL HTTP/2 p2e9r4n9.stackpathcdn.com/__pbaseruv.min.js?ak=4419fb3582f78f4682e1fa79b67675582c6f9ece&dg=0&ci=1&gv=5&s1=85&s2=117567&s3=1173&s4=dbaf142fbe6f4ec9a44b2eff73905fdbfff3&s5=cube_de&s6=S6MACRO&s7=S7MACRO&s8=S8MACRO&s9=S9MACRO&s10=S10MACRO&s11=S11MACRO&s12=S12MACRO&s13=S13MACRO&s14=S14MACRO&s15=S15MACRO&s16=S16MACRO&s17=S17MACRO&s18=S18MACRO&s19=S19MACRO&s20=442916815
IP 151.139.128.11:0
File type ASCII text, with very long lines (21540)
Hash e80a23fefb099374167ad1009fea9745
8ff88527ec5a8381a5c2cc484f3b3610bcdb12b2
5c8ee1f58cbc23e451fb02bc780d8f9ac292340047093b3f90e4404f325d4e83
GET /__pbaseruv.min.js?ak=4419fb3582f78f4682e1fa79b67675582c6f9ece&dg=0&ci=1&gv=5&s1=85&s2=117567&s3=1173&s4=dbaf142fbe6f4ec9a44b2eff73905fdbfff3&s5=cube_de&s6=S6MACRO&s7=S7MACRO&s8=S8MACRO&s9=S9MACRO&s10=S10MACRO&s11=S11MACRO&s12=S12MACRO&s13=S13MACRO&s14=S14MACRO&s15=S15MACRO&s16=S16MACRO&s17=S17MACRO&s18=S18MACRO&s19=S19MACRO&s20=442916815 HTTP/1.1
Host: p2e9r4n9.stackpathcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mubayiro.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 03 Oct 2022 19:52:13 GMT
content-encoding: gzip
content-length: 6950
content-type: application/javascript
last-modified: Wed, 06 Apr 2022 08:52:13 GMT
accept-ranges: bytes
server: Apache/2.4.41 (Ubuntu)
etag: "5425-5dbf87a489dee-gzip"
access-control-allow-credentials: true
cache-control: max-age=84600, public
x-hw: 1664826733.cds224.sk1.hn,1664826733.cds257.sk1.c
access-control-allow-origin: *
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 53aa134dc3b33b709b6ccf39e549055f
2e85a28ef73d7c403ad693fc8602e95fe3d803f3
877de7cadd4fc848afaac488f89ed987929505b563a03eb79e4e9d8fa0b41a0e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 03 Oct 2022 19:52:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
rlmgws-data.s3-accelerate.amazonaws.com/flexfancy/css/spinner.css
54.230.83.233200 OK 1.3 kB URL HTTP/1.1 rlmgws-data.s3-accelerate.amazonaws.com/flexfancy/css/spinner.css
IP 54.230.83.233:0
File type ASCII text, with CRLF line terminators
Hash 308609aca6938598a1390b47ec576e97
0555f403b451b7806d3e0db2d0959a5d4aab4421
54f7c8623cf0f0cf760385a22a4a5d20db7b2e3dfaecaab38ddf25ace848b171
GET /flexfancy/css/spinner.css HTTP/1.1
Host: rlmgws-data.s3-accelerate.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mubayiro.de/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 1295
Connection: keep-alive
x-amz-id-2: ytQ/pncQV2h1VP5dSarfOluKu6Cqdiyq6VR408k9jH49ehbYnFOIycdkmIjYhRXpv8k83g85TdU=
x-amz-request-id: HYXEHBZMDAJ5E0FT
Date: Mon, 03 Oct 2022 19:52:14 GMT
Last-Modified: Wed, 14 Feb 2018 10:07:16 GMT
ETag: "308609aca6938598a1390b47ec576e97"
Accept-Ranges: bytes
Server: AmazonS3
X-Cache: Miss from cloudfront
Via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: hYJiRlo9VOeXWrdXr20l2uo3CkPUtMvladN9Z2RNpGXoJdQ8XLujqg==
rlmgws-data.s3-accelerate.amazonaws.com/flexfancy/css/balloon.min.css
54.230.83.233200 OK 5.5 kB URL HTTP/1.1 rlmgws-data.s3-accelerate.amazonaws.com/flexfancy/css/balloon.min.css
IP 54.230.83.233:0
File type ASCII text, with very long lines (5489), with no line terminators
Hash acd37f0b3be30c6cefff2ed8117e5938
8f90458381edc16cd7b506f6025a75632d6b3355
4122f214f47bf170342826a86092121db1a8ac7cb3c0f899a1ede8b6b96f27c8
GET /flexfancy/css/balloon.min.css HTTP/1.1
Host: rlmgws-data.s3-accelerate.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mubayiro.de/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 5489
Connection: keep-alive
x-amz-id-2: I/JX1gHRFx2BzGIlnePI1xa7fHVtSR+/I9yTwycPg2tntwvDpXDZen8dt7TrmOxbr1EJNZEJdT0=
x-amz-request-id: HYX3M1FF206GJ94D
Date: Mon, 03 Oct 2022 19:52:14 GMT
Last-Modified: Wed, 14 Feb 2018 10:07:16 GMT
ETag: "acd37f0b3be30c6cefff2ed8117e5938"
Accept-Ranges: bytes
Server: AmazonS3
X-Cache: Miss from cloudfront
Via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: WKpZaF6pJX9MQZjPB0MzkfziXZC-31ktIfFVNF-LP6dRdYhob3vEQA==
rlmgws-data.s3-accelerate.amazonaws.com/flexfancy/css/style_new_zooloo.css
54.230.83.233200 OK 101 kB URL HTTP/1.1 rlmgws-data.s3-accelerate.amazonaws.com/flexfancy/css/style_new_zooloo.css
IP 54.230.83.233:0
File type ASCII text, with CRLF line terminators
Size 101 kB (101329 bytes)
Hash d8eb3f602fb489aa842d9b5324b2fca8
e5fcc60648f05d1d2077b0a58b4e35786d24c901
3eddcd6a795fbd25ee38c1b4af59a67a96e7b14aab12fc8f0c92c88d75140b49
GET /flexfancy/css/style_new_zooloo.css HTTP/1.1
Host: rlmgws-data.s3-accelerate.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mubayiro.de/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 101329
Connection: keep-alive
x-amz-id-2: xNjrLkI8FLvdNdVoobWwLZYQxNyBnCgjmr6yyYAc2zO0VURkOW8e3lSb7aPpk8oGeisoCsLoqs4=
x-amz-request-id: HYX04KDD5DPC619S
Date: Mon, 03 Oct 2022 19:52:14 GMT
Last-Modified: Fri, 23 Sep 2022 10:20:43 GMT
ETag: "d8eb3f602fb489aa842d9b5324b2fca8"
Accept-Ranges: bytes
Server: AmazonS3
X-Cache: Miss from cloudfront
Via: 1.1 8ac66e1d6983a0f44cf391b1ec3b1cce.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: I_wKn5Uy0OjunQ9QNMHnG2-cHWpu0NPC5RbkGk7BknqY0hy_1rvkoA==
r3.o.lencr.org/
23.36.76.225200 OK 503 B IP 23.36.76.225:0
ASN #20940 Akamai International B.V.
Hash 2a2a7449c0c9d4b5aa4ff9a606775676
3ed9e74350b683f7ba2d6baa289c0d3a2470ec3e
27f0c8d656697b0518ffa172ef516b1658348c345ae505c71c3bba6ccbe0237f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "27F0C8D656697B0518FFA172EF516B1658348C345AE505C71C3BBA6CCBE0237F"
Last-Modified: Sat, 01 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14748
Expires: Mon, 03 Oct 2022 23:58:01 GMT
Date: Mon, 03 Oct 2022 19:52:13 GMT
Connection: keep-alive
www.google.com/recaptcha/api.js?render=6LcqT0IcAAAAALs32boRiZGsltiXH8Guzkkdf3CM
142.250.74.164200 OK 584 B URL HTTP/2 www.google.com/recaptcha/api.js?render=6LcqT0IcAAAAALs32boRiZGsltiXH8Guzkkdf3CM
IP 142.250.74.164:0
File type ASCII text, with very long lines (884), with no line terminators
Hash df036c69d45f5709fcc4ce6c520cffc8
d510f3c88e418189fd255a5567453df2b3c5a5a3
972d0152bdb2702b8062d89e380bf7a1a492cbe4714993ea52a67b4d1822d6dd
GET /recaptcha/api.js?render=6LcqT0IcAAAAALs32boRiZGsltiXH8Guzkkdf3CM HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mubayiro.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Mon, 03 Oct 2022 19:52:13 GMT
date: Mon, 03 Oct 2022 19:52:13 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 584
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
rlmgws-data.s3-accelerate.amazonaws.com/flexfancy/lib/md5.min.js
54.230.83.233200 OK 3.8 kB URL HTTP/1.1 rlmgws-data.s3-accelerate.amazonaws.com/flexfancy/lib/md5.min.js
IP 54.230.83.233:0
File type ASCII text, with very long lines (3730), with CRLF line terminators
Hash d42ff83c2d527cdab773855cfe523561
c27927a82941ba972c140abf26ad82e04c32d86a
9265ea6ee06a36211ef80e33821b309020e5c40c972cf70a07f10577c0cce549
GET /flexfancy/lib/md5.min.js HTTP/1.1
Host: rlmgws-data.s3-accelerate.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mubayiro.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 3767
Connection: keep-alive
x-amz-id-2: ZlDECLxKW5T7dhQYoNREWJwC2RzmMMf22KbzDyI573uVMOhXIB1uqqrSXXIMBn/boLcljwL62TY=
x-amz-request-id: HYXDCJTNZ24G0QBA
Date: Mon, 03 Oct 2022 19:52:14 GMT
Last-Modified: Tue, 08 Oct 2019 09:23:31 GMT
ETag: "d42ff83c2d527cdab773855cfe523561"
Accept-Ranges: bytes
Server: AmazonS3
X-Cache: Miss from cloudfront
Via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 5mYYMbZgCxJemEp9OjdXrFQByZY214ZeW6DBiLlg_P4C0-1hz5a8xw==
rlmgws-data.s3-accelerate.amazonaws.com/flexfancy/lib/jquery-3.4.1.js
54.230.83.233200 OK 280 kB URL HTTP/1.1 rlmgws-data.s3-accelerate.amazonaws.com/flexfancy/lib/jquery-3.4.1.js
IP 54.230.83.233:0
Size 280 kB (280364 bytes)
Hash 11c05eb286ed576526bf4543760785b9
7faa15a054093f3b5d674e63b6567c835a6fa217
5a93a88493aa32aab228bf4571c01207d3b42b0002409a454d404b4d8395bd55
GET /flexfancy/lib/jquery-3.4.1.js HTTP/1.1
Host: rlmgws-data.s3-accelerate.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mubayiro.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 280364
Connection: keep-alive
x-amz-id-2: 6X76pV33YtR/9pn0K882YURJgJIZrjibHxbaBiNe3u7MEziDw9V85g2x/KcGWsLNGXX+sIPDKV0=
x-amz-request-id: HYXDAAFF0AHEA0EB
Date: Mon, 03 Oct 2022 19:52:14 GMT
Last-Modified: Wed, 28 Aug 2019 14:45:01 GMT
ETag: "11c05eb286ed576526bf4543760785b9"
Accept-Ranges: bytes
Server: AmazonS3
X-Cache: Miss from cloudfront
Via: 1.1 6259d2cd8a5947ad41a420527bbed7a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: UFcXcHGbhfmimkpneNHrTpVGswBxhsDuaHd2w08uWknGyfkOnZcbwA==
rlmgws-data.s3-accelerate.amazonaws.com/flexfancy/scripts/adressDeOrt.js
54.230.83.233200 OK 9.8 kB URL HTTP/1.1 rlmgws-data.s3-accelerate.amazonaws.com/flexfancy/scripts/adressDeOrt.js
IP 54.230.83.233:0
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash f27bf73696475a931df4f92fb97cae2f
f70e4dc543d6800dead734ec4851d0c07cc352c3
7b4088bfcf66aabe95d2781a1deda475fd2103fe9341916a2568b59bd9183de9
GET /flexfancy/scripts/adressDeOrt.js HTTP/1.1
Host: rlmgws-data.s3-accelerate.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mubayiro.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 9770
Connection: keep-alive
x-amz-id-2: WG65ZhyTIoti2v7t3ZHC6UlhfLvF+lBiuOhFS0YD+N7+MQKwQuv3Z0CFPgl3UjvMmb9tXtz1fKs=
x-amz-request-id: HYXANQ623ACTDG34
Date: Mon, 03 Oct 2022 19:52:14 GMT
Last-Modified: Thu, 20 Aug 2020 10:52:07 GMT
ETag: "f27bf73696475a931df4f92fb97cae2f"
Accept-Ranges: bytes
Server: AmazonS3
X-Cache: Miss from cloudfront
Via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: lej93h9H7sCAtHcXL7lBKyRAsP6pQ--4_B8su4dIpNcOwM0vaw8E7Q==
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 129fe858bf2aa7291fd2c6dd4cf9d226
e3e048b964b851ebbdcfb5bd80ebdbad13720cf6
addc7e4ddab73c8c7ee50f6d33fc1e4ff73b71cc014e481049a393c3b87b0924
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 03 Oct 2022 19:52:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.76.225200 OK 503 B IP 23.36.76.225:0
ASN #20940 Akamai International B.V.
Hash e83b2f01b6480a5a106c44ba103a41dc
caa0c6b1ddf0a80bd519e196ef58482f0ed4723e
35e6dde5404d0b224f7f73179c598a99a9f6b83115d73d719e8811202d6ff69f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "35E6DDE5404D0B224F7F73179C598A99A9F6B83115D73D719E8811202D6FF69F"
Last-Modified: Sat, 01 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16731
Expires: Tue, 04 Oct 2022 00:31:05 GMT
Date: Mon, 03 Oct 2022 19:52:14 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.225200 OK 503 B IP 23.36.76.225:0
ASN #20940 Akamai International B.V.
Hash bf5d66ae680d729b4e5e4dc8e1d9ee1a
39d7621831e48b9986990eb7c59a0e44126ffa8d
445c9ee6d5204ae9ff502846db3be18195ecc525c506cfc6e598361b208d1555
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "445C9EE6D5204AE9FF502846DB3BE18195ECC525C506CFC6E598361B208D1555"
Last-Modified: Sat, 01 Oct 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Tue, 04 Oct 2022 01:52:14 GMT
Date: Mon, 03 Oct 2022 19:52:14 GMT
Connection: keep-alive
rltools.de/rlm_analytics/scripts/rlm_stat.js
85.13.149.2200 OK 2.9 kB URL HTTP/2 rltools.de/rlm_analytics/scripts/rlm_stat.js
IP 85.13.149.2:0
ASN #34788 Neue Medien Muennich GmbH
Hash dfd976d3120feb955a33887381715e89
758c2c901227120d71567ca29fb6b6de57968328
8a91c4418d5d29b657fe8ab816ede18c6f0487315622ef0e030440398d0e3daf
GET /rlm_analytics/scripts/rlm_stat.js HTTP/1.1
Host: rltools.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mubayiro.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Tue, 21 Jul 2020 16:01:32 GMT
etag: "35fa-5aaf5bca2492e-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 2918
content-type: application/javascript
date: Mon, 03 Oct 2022 19:52:14 GMT
server: Apache
X-Firefox-Spdy: h2
www.rlcontrol.de/ftp/flexblocks/scripts/lib/moment.min.js
130.255.79.215200 OK 17 kB URL HTTP/2 www.rlcontrol.de/ftp/flexblocks/scripts/lib/moment.min.js
IP 130.255.79.215:0
ASN #29141 Bradler & Krantz GmbH & Co. KG
File type ASCII text, with very long lines (51679), with no line terminators
Hash 174f71b5e532bbee86b7e51ed2d11a82
abbec602df1ebf647b88d18cbd1dd162d7f1f6ad
34084291d4c3f11af71b71f00c969a81380daa917e3e90ad1a08e836ced4e5f9
GET /ftp/flexblocks/scripts/lib/moment.min.js HTTP/1.1
Host: www.rlcontrol.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mubayiro.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Tue, 24 Jul 2018 14:05:29 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Wed, 02 Nov 2022 19:52:14 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 16804
content-type: application/javascript
date: Mon, 03 Oct 2022 19:52:14 GMT
server: Apache
X-Firefox-Spdy: h2
rlmgws-data.s3-accelerate.amazonaws.com/flexfancy/images/outer_slice_top.png
54.230.83.233200 OK 136 B URL HTTP/1.1 rlmgws-data.s3-accelerate.amazonaws.com/flexfancy/images/outer_slice_top.png
IP 54.230.83.233:0
File type PNG image data, 1 x 15, 8-bit/color RGB, non-interlaced\012- data
Hash b3cd71c3db91f48dfd8b00d472022dc0
5cff683bc4fe66eba2d2328f3ef9f812b6c974f0
bf37f0c405389fda13867faa69cf36ffe1b8764f3e0460f2caade056a36d2483
GET /flexfancy/images/outer_slice_top.png HTTP/1.1
Host: rlmgws-data.s3-accelerate.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rlmgws-data.s3-accelerate.amazonaws.com/flexfancy/css/style_new_zooloo.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 136
Connection: keep-alive
x-amz-id-2: zFchxdYSSoyJLJJffAURI5XM0Tx/MEwAN3K0W/PrRjDYhFmonOvfcPMO3GRTxgbPfvLIjl1JoAk=
x-amz-request-id: 9W0F22HM2DGYJ9J7
Date: Mon, 03 Oct 2022 19:52:15 GMT
Last-Modified: Wed, 14 Feb 2018 10:07:18 GMT
ETag: "b3cd71c3db91f48dfd8b00d472022dc0"
Accept-Ranges: bytes
Server: AmazonS3
X-Cache: Miss from cloudfront
Via: 1.1 6259d2cd8a5947ad41a420527bbed7a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: unVUhwOS5_TKv0-a-K1aOIhN5g2Go6ZeSdja3AJHf89HWtrhB4-IWg==
rlmgws-data.s3-accelerate.amazonaws.com/flexfancy/images/outer_slice_bottom.png
54.230.83.233200 OK 143 B URL HTTP/1.1 rlmgws-data.s3-accelerate.amazonaws.com/flexfancy/images/outer_slice_bottom.png
IP 54.230.83.233:0
File type PNG image data, 1 x 33, 8-bit/color RGB, non-interlaced\012- data
Hash cdfb089c7a2ffb19106f0553ad115375
99f6ab0e088971a4d07a89f55a1d204e9164669a
c86ac9a90aafd6aa025eeb2d1d6de20c03df782ef151c9d2515b23407768f134
GET /flexfancy/images/outer_slice_bottom.png HTTP/1.1
Host: rlmgws-data.s3-accelerate.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rlmgws-data.s3-accelerate.amazonaws.com/flexfancy/css/style_new_zooloo.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 143
Connection: keep-alive
x-amz-id-2: m2nqd3bHp4/0asyr8S4wcDYfzLW9eVy/0GzjS2niQl6utKW+6MeyM/oeRtPgky28D+mVaE18sjA=
x-amz-request-id: 9W0C5TEJJQ6Z50YF
Date: Mon, 03 Oct 2022 19:52:15 GMT
Last-Modified: Wed, 14 Feb 2018 10:07:18 GMT
ETag: "cdfb089c7a2ffb19106f0553ad115375"
Accept-Ranges: bytes
Server: AmazonS3
X-Cache: Miss from cloudfront
Via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: xXdi8wAuZpxS-TM7FIa83t8fqwRRk0Sxm-OvInnC2DqLZumQ_QO-cw==
rlmgws-data.s3-accelerate.amazonaws.com/flexfancy/fonts/Candal.woff
54.230.83.233200 OK 25 kB URL HTTP/1.1 rlmgws-data.s3-accelerate.amazonaws.com/flexfancy/fonts/Candal.woff
IP 54.230.83.233:0
File type Web Open Font Format, TrueType, length 25000, version 1.0\012- data
Hash e29c6ae99d1f2dc8d6a607b46c082b74
9fe5da34238024f299a42910d7ef9882576bf7e3
80a2aa3ffeb789ffaa34b6a0b738e7baed24396c4656dd1224c8c0ba0f4ddf84
GET /flexfancy/fonts/Candal.woff HTTP/1.1
Host: rlmgws-data.s3-accelerate.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mubayiro.de
Connection: keep-alive
Referer: https://rlmgws-data.s3-accelerate.amazonaws.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/font-woff
Content-Length: 25000
Connection: keep-alive
x-amz-id-2: wsDB8dOmTnoGP8UsV+f8k8vzU2sp20vb3dDLOnRV5WOyNpchUKyHKoVSXfvZ7mrDaKtLCBl1AcM=
x-amz-request-id: 9W01MTY0NMK0JW2C
Date: Mon, 03 Oct 2022 19:52:15 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
Last-Modified: Wed, 14 Feb 2018 10:07:18 GMT
ETag: "e29c6ae99d1f2dc8d6a607b46c082b74"
Accept-Ranges: bytes
Server: AmazonS3
X-Cache: Miss from cloudfront
Via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: u_f8obJgi8EY3ArBG4Cgrz_4MVL5k34DgBh7vLq_gXiBUcV7JvP2gQ==
rlmgws-data.s3-accelerate.amazonaws.com/flexfancy/fonts/Aileron-Bold.woff
54.230.83.233200 OK 23 kB URL HTTP/1.1 rlmgws-data.s3-accelerate.amazonaws.com/flexfancy/fonts/Aileron-Bold.woff
IP 54.230.83.233:0
File type Web Open Font Format, TrueType, length 23108, version 1.0\012- data
Hash 317ed94a878c8d8ea413f51e575513f4
f1554d7cbd5c2937165c5b5f1c3028681264e2a5
ac249b9af121f1a9bf29b7c611b5986a5f1088da276a72a1e96b77fec1020aad
GET /flexfancy/fonts/Aileron-Bold.woff HTTP/1.1
Host: rlmgws-data.s3-accelerate.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mubayiro.de
Connection: keep-alive
Referer: https://rlmgws-data.s3-accelerate.amazonaws.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/font-woff
Content-Length: 23108
Connection: keep-alive
x-amz-id-2: EXDXb7I29srBLiVi6w7/fWvAPpTsuDYiN4DSyFmY6R0anenrv4YL9xb6UqB9ODlTu6xr0xw3nJA=
x-amz-request-id: 9W06H2DXD772V341
Date: Mon, 03 Oct 2022 19:52:15 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
Last-Modified: Wed, 14 Feb 2018 10:07:17 GMT
ETag: "317ed94a878c8d8ea413f51e575513f4"
Accept-Ranges: bytes
Server: AmazonS3
X-Cache: Miss from cloudfront
Via: 1.1 d9fb4c3794a085bb4ee2c5798c2cb1b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: LjBE7qInYM0GSOSRs3kofYwJtstj1c9wMW0ckpT0rZUQSm8pczaMLA==
rlmgws-data.s3-accelerate.amazonaws.com/flexfancy/fonts/Aileron-Regular.woff
54.230.83.233200 OK 22 kB URL HTTP/1.1 rlmgws-data.s3-accelerate.amazonaws.com/flexfancy/fonts/Aileron-Regular.woff
IP 54.230.83.233:0
File type Web Open Font Format, TrueType, length 21776, version 1.0\012- data
Hash 4309f5e6504ab4404a1c909a5ef8457f
5f207e040e0244ba5fcbf7d4d9340e5833b849e1
6d6ec731c7579bb3420bdd0ec8ac80682ac44b1fbe1ffa8429b736e644f2be69
GET /flexfancy/fonts/Aileron-Regular.woff HTTP/1.1
Host: rlmgws-data.s3-accelerate.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mubayiro.de
Connection: keep-alive
Referer: https://rlmgws-data.s3-accelerate.amazonaws.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/font-woff
Content-Length: 21776
Connection: keep-alive
x-amz-id-2: eTQTSmCxWF40LQfeE5sXNlGkR4sB5bUJSil7joN0b5zvYRv5CeINeITyMecwEqfc+2uscUeAso0=
x-amz-request-id: 9W0B44KMCFV93BAW
Date: Mon, 03 Oct 2022 19:52:15 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
Last-Modified: Wed, 14 Feb 2018 10:07:17 GMT
ETag: "4309f5e6504ab4404a1c909a5ef8457f"
Accept-Ranges: bytes
Server: AmazonS3
X-Cache: Miss from cloudfront
Via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: L2j4qbRvvA4zrPuS2TuMFxNXbpRqOaAkyXE0PZ2swcF5ASzS6xH0tg==
mubayiro.de/service-worker.js
130.255.79.215200 OK 172 B URL HTTP/2 mubayiro.de/service-worker.js
IP 130.255.79.215:0
ASN #29141 Bradler & Krantz GmbH & Co. KG
File type ASCII text, with CRLF line terminators
Hash 9ac9d7b3b0017e5e9febf761c449b15c
c700c119d8d0f87e21777b6e7e1fe471ea820be0
460c9c03a91f7fb3c3ab7ab86fc015f1b691cbbcb35ced6bbbeedab8d71f05f1
Analyzer Verdict Alert fortinet Phishing
GET /service-worker.js HTTP/1.1
Host: mubayiro.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: PHPSESSID=f747j0a3soeo98lr3soefg4mtq; coyoteAffiliTokenId1173=442916815
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 31 Mar 2022 12:59:56 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Wed, 02 Nov 2022 19:52:14 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 172
content-type: application/javascript
date: Mon, 03 Oct 2022 19:52:14 GMT
server: Apache
X-Firefox-Spdy: h2
mubayiro.de/ftp/flexfancy/services/resource.php?rlmset=cube_de
130.255.79.215200 OK 558 B URL HTTP/2 mubayiro.de/ftp/flexfancy/services/resource.php?rlmset=cube_de
IP 130.255.79.215:0
ASN #29141 Bradler & Krantz GmbH & Co. KG
File type JSON data\012- , ASCII text, with very long lines (1112), with no line terminators
Hash 9739f0e094760513e93ad8b075715190
cc4b69fa12922aadfd2b96c37992228789eb30ab
19b6ffe1c041c799d8268b2c3cd734d10330e1a4731dfbbc53b8099ad3e36c2c
GET /ftp/flexfancy/services/resource.php?rlmset=cube_de HTTP/1.1
Host: mubayiro.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://mubayiro.de/campaign_1173.html?coyoteAffiliTokenId=442916815&aps=&aps2=&rlmset=cube_de&
Cookie: PHPSESSID=f747j0a3soeo98lr3soefg4mtq; coyoteAffiliTokenId1173=442916815
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 558
content-type: application/json; charset=utf-8
date: Mon, 03 Oct 2022 19:52:14 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
54.230.245.118200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.118:0
Hash 6289bd1c60e1a56589cd90e2d5c7ecc5
2c3bc2a247e94c05230f3d8196b1983f98679d96
1c928e34c5106ed4caff944805e99cfd9bbc89c350d3ca08a5d1d5e4ca368d6d
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Mon, 03 Oct 2022 19:52:14 GMT
Last-Modified: Mon, 03 Oct 2022 18:42:05 GMT
Server: ECS (nyb/1D2E)
X-Cache: Miss from cloudfront
Via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: V228VhOVhISqh65wP-Ds7I4C9AcrxCrpk0vOVaYDB3lMZ5rmt7TzAg==
Age: 4209
rlmgws-data.s3.eu-central-1.amazonaws.com/flexfancy/images/extra/gratis_teilnahme/hinweis.png
52.219.171.82200 OK 14 kB URL HTTP/1.1 rlmgws-data.s3.eu-central-1.amazonaws.com/flexfancy/images/extra/gratis_teilnahme/hinweis.png
IP 52.219.171.82:0
File type PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced\012- data
Hash 3b9545828b1e7d248235f80fa36612f3
1110613fd01a1773609d573b457b8c22b2d92d3d
fd377e3b6033fd2a541887ad00bd9a47be285fa449acf0530b825e4d16c86590
GET /flexfancy/images/extra/gratis_teilnahme/hinweis.png HTTP/1.1
Host: rlmgws-data.s3.eu-central-1.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rlmgws-data.s3-accelerate.amazonaws.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: kXW4ka8tgMNWWUxnHgVv4qijL5CsqetB5hdjH85KxpLyYCUk6ag5CspdFeYzlgEx1XYdC7qhF78=
x-amz-request-id: 9W0DDVJEJTVS01FX
Date: Mon, 03 Oct 2022 19:52:15 GMT
Last-Modified: Wed, 28 Apr 2021 15:32:23 GMT
ETag: "3b9545828b1e7d248235f80fa36612f3"
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 14484
cleanleadsonly.com/h/4835109d48c9e17ffe?url=https%3A%2F%2Fmubayiro.de%2Fcampaign_1173.html%3FcoyoteAffiliTokenId%3D442916815%26aps%3D%26aps2%3D%26rlmset%3Dcube_de%26&response-opticks-version=v3&_t0=1664826733874&_t1=1664826734212&_t2=1664826734212&_optZMSiKRBxoBEI=a96c73d2&_m=1uc&coyoteAffiliTokenId=442916815&aps=&aps2=&rlmset=cube_de&external_id=442916815&var1=85&subpublisher_id=117567&var2=dbaf142fbe6f4ec9a44b2eff73905fdbfff3&var3=cube_de&version=v3
62.212.87.244200 OK 719 B URL HTTP/1.1 cleanleadsonly.com/h/4835109d48c9e17ffe?url=https%3A%2F%2Fmubayiro.de%2Fcampaign_1173.html%3FcoyoteAffiliTokenId%3D442916815%26aps%3D%26aps2%3D%26rlmset%3Dcube_de%26&response-opticks-version=v3&_t0=1664826733874&_t1=1664826734212&_t2=1664826734212&_optZMSiKRBxoBEI=a96c73d2&_m=1uc&coyoteAffiliTokenId=442916815&aps=&aps2=&rlmset=cube_de&external_id=442916815&var1=85&subpublisher_id=117567&var2=dbaf142fbe6f4ec9a44b2eff73905fdbfff3&var3=cube_de&version=v3
IP 62.212.87.244:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (719), with no line terminators
Hash 2c1e3e7b148c9f6be83f28cd972481d9
ec7310921b3f47b64aab03b97a8ecbe05c4452b1
5d513a45b4d740a04b154bfc081ef09e9e333b4df666e0846a41e302d037136c
POST /h/4835109d48c9e17ffe?url=https%3A%2F%2Fmubayiro.de%2Fcampaign_1173.html%3FcoyoteAffiliTokenId%3D442916815%26aps%3D%26aps2%3D%26rlmset%3Dcube_de%26&response-opticks-version=v3&_t0=1664826733874&_t1=1664826734212&_t2=1664826734212&_optZMSiKRBxoBEI=a96c73d2&_m=1uc&coyoteAffiliTokenId=442916815&aps=&aps2=&rlmset=cube_de&external_id=442916815&var1=85&subpublisher_id=117567&var2=dbaf142fbe6f4ec9a44b2eff73905fdbfff3&var3=cube_de&version=v3 HTTP/1.1
Host: cleanleadsonly.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1949
Origin: https://mubayiro.de
Connection: keep-alive
Referer: https://mubayiro.de/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Mon, 03 Oct 2022 19:52:14 GMT
Cache-Control: private, max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Access-Control-Allow-Origin: *
Content-Type: application/json
Vary: Accept-Encoding, User-Agent
Content-Length: 719
rlmgws-data.s3.eu-central-1.amazonaws.com/flexfancy/images/gui/confirm_dialog/confirm_checkbox.png
52.219.171.82200 OK 2.1 kB URL HTTP/1.1 rlmgws-data.s3.eu-central-1.amazonaws.com/flexfancy/images/gui/confirm_dialog/confirm_checkbox.png
IP 52.219.171.82:0
File type PNG image data, 48 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash 1c3fedffbaae77cc20853e7d81115d51
f5fd9e59601190beadcf47b5a72e2a5254ef6878
6367228c6b2de1a5b23965e5bdda939f782e9f36249dc8f3b58f920dd88d8ddf
GET /flexfancy/images/gui/confirm_dialog/confirm_checkbox.png HTTP/1.1
Host: rlmgws-data.s3.eu-central-1.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mubayiro.de/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: 8XoozwXbSnEl2F8oVManNIzwiun+IYHJVoEHwRzqvP+AdD33GDsbmAN7dwc+wWURz1kxiIzBYNI=
x-amz-request-id: 9W0CQER753HG547R
Date: Mon, 03 Oct 2022 19:52:15 GMT
Last-Modified: Tue, 18 May 2021 07:57:50 GMT
ETag: "1c3fedffbaae77cc20853e7d81115d51"
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 2118
rlmgws-data.s3-accelerate.amazonaws.com/flexfancy/fonts/Aileron-Heavy.woff
54.230.83.233200 OK 23 kB URL HTTP/1.1 rlmgws-data.s3-accelerate.amazonaws.com/flexfancy/fonts/Aileron-Heavy.woff
IP 54.230.83.233:0
File type Web Open Font Format, TrueType, length 23280, version 1.0\012- data
Hash 977a8badf138ba0183b618103fbea86a
5082997a0716920ac661563638bede0d529f4940
67bb015ac96fd86bc355f22829c7c4e7ed5c288176c2ec013c356eef07b1ae87
GET /flexfancy/fonts/Aileron-Heavy.woff HTTP/1.1
Host: rlmgws-data.s3-accelerate.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mubayiro.de
Connection: keep-alive
Referer: https://rlmgws-data.s3-accelerate.amazonaws.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/font-woff
Content-Length: 23280
Connection: keep-alive
x-amz-id-2: Ll0sj658Hal1XuShI8AK9TpbRO2JCQtZol9QuXiRUnb6UK1UIFBNCk94GIdYR+FCA9KGb93drzE=
x-amz-request-id: 9W0DZ77PJRYB6EJ1
Date: Mon, 03 Oct 2022 19:52:15 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
Last-Modified: Wed, 14 Feb 2018 10:07:17 GMT
ETag: "977a8badf138ba0183b618103fbea86a"
Accept-Ranges: bytes
Server: AmazonS3
X-Cache: Miss from cloudfront
Via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: Jd3eoMwhpFVgX6qmUvMzkMPZi9pkv3GfxR-Mn7yCBb4tvfYcpbsCPw==
ocsp.sca1b.amazontrust.com/
54.230.245.118200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.118:0
Hash 34a4e46e9e20b5254fa9b456611b03c8
05551aa93e522fa0430eba17c4603e5566b9c3c5
40d0d9e8d089cfe5aba6f8357274dd198a3e7a93d74fd7e27fe2153c4b4d126f
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: 'max-age=158059'
Date: Mon, 03 Oct 2022 19:52:14 GMT
Server: ECS (dcb/7EEB)
X-Cache: Miss from cloudfront
Via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: BvUTAg0lbQjPUcWqoA_n3rMjoU_TAF9SnNYI5ICRwDmWnBvw7TZm3w==
mubayiro.de/ftp/flexfancy/build/promotion/cubede.png
130.255.79.215200 OK 275 kB URL HTTP/2 mubayiro.de/ftp/flexfancy/build/promotion/cubede.png
IP 130.255.79.215:0
ASN #29141 Bradler & Krantz GmbH & Co. KG
File type PNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced\012- data
Size 275 kB (274644 bytes)
Hash 79f84c13c2e012b5c681f5ba70eebdd4
bdf038907a9d601ac6df2b7ff29a52b51e6f3b1e
bc6f6e81a536bee417caf898c4a781f33ff42dde65ed5ddae11d6c04021b2fcb
GET /ftp/flexfancy/build/promotion/cubede.png HTTP/1.1
Host: mubayiro.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mubayiro.de/campaign_1173.html?coyoteAffiliTokenId=442916815&aps=&aps2=&rlmset=cube_de&
Cookie: PHPSESSID=f747j0a3soeo98lr3soefg4mtq; coyoteAffiliTokenId1173=442916815
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 15 Oct 2019 07:01:08 GMT
accept-ranges: bytes
content-length: 274644
cache-control: max-age=2592000
expires: Wed, 02 Nov 2022 19:52:14 GMT
content-type: image/png
date: Mon, 03 Oct 2022 19:52:14 GMT
server: Apache
X-Firefox-Spdy: h2
api.botman.ninja/ic.php?ak=4419fb3582f78f4682e1fa79b67675582c6f9ece&m=AF&f=RUV&fs=SCR&v=17&vis=NA&ifp=0&burl=https%3A%2F%2Fmubayiro.de%2Fcampaign_1173.html%3FcoyoteAffiliTokenId%3D442916815%26aps%3D%26aps2%3D%26rlmset%3Dcube_de%26&uq=ZKBBvC6L33Dk&ac=NA&purl=http%3A%2F%2Foxbkp.track4ref.com%2F&ih=939&iw=1280&ow=1280&oh=1024&plf=Linux%20x86_64&cpu=Linux%20x86_64&lst=234lj4kl4dXfsDfkJitY323f6d3&aver=5.0%20(X11)&uagt=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&cen=UTF-8&aname=Netscape&acod=Mozilla&cd=24&zi=NA&nlang=en-US&ndrv=false&win=true&dnt=undefined&hco=16&plg=true&layer=NA&nmt=0&nbo=UTC&fsa=false&ch=939&cw=1280&sh=1024&sw=1280&bld=24&actv=visible&acc=NA&gyro=undefined&pop=false&brl=NA&brt=NA&brh=NA&brb=NA&als=NA&cam=undefined&bt=undefined&ce=true&dlmax=undefined&ntype=undefined&ofw=NA&ofh=NA&s1=85&s2=117567&s3=1173&s4=dbaf142fbe6f4ec9a44b2eff73905fdbfff3&s5=cube_de&s6=s6macro&hless=false&s7=s7macro&s8=s8macro&s9=s9macro&s10=s10macro&s11=s11macro&s12=s12macro&s13=s13macro&s14=s14macro&s15=s15macro&s16=s16macro&s17=s17macro&s18=s18macro&s19=s19macro&s20=442916815
52.9.165.84200 OK 33 B URL HTTP/2 api.botman.ninja/ic.php?ak=4419fb3582f78f4682e1fa79b67675582c6f9ece&m=AF&f=RUV&fs=SCR&v=17&vis=NA&ifp=0&burl=https%3A%2F%2Fmubayiro.de%2Fcampaign_1173.html%3FcoyoteAffiliTokenId%3D442916815%26aps%3D%26aps2%3D%26rlmset%3Dcube_de%26&uq=ZKBBvC6L33Dk&ac=NA&purl=http%3A%2F%2Foxbkp.track4ref.com%2F&ih=939&iw=1280&ow=1280&oh=1024&plf=Linux%20x86_64&cpu=Linux%20x86_64&lst=234lj4kl4dXfsDfkJitY323f6d3&aver=5.0%20(X11)&uagt=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&cen=UTF-8&aname=Netscape&acod=Mozilla&cd=24&zi=NA&nlang=en-US&ndrv=false&win=true&dnt=undefined&hco=16&plg=true&layer=NA&nmt=0&nbo=UTC&fsa=false&ch=939&cw=1280&sh=1024&sw=1280&bld=24&actv=visible&acc=NA&gyro=undefined&pop=false&brl=NA&brt=NA&brh=NA&brb=NA&als=NA&cam=undefined&bt=undefined&ce=true&dlmax=undefined&ntype=undefined&ofw=NA&ofh=NA&s1=85&s2=117567&s3=1173&s4=dbaf142fbe6f4ec9a44b2eff73905fdbfff3&s5=cube_de&s6=s6macro&hless=false&s7=s7macro&s8=s8macro&s9=s9macro&s10=s10macro&s11=s11macro&s12=s12macro&s13=s13macro&s14=s14macro&s15=s15macro&s16=s16macro&s17=s17macro&s18=s18macro&s19=s19macro&s20=442916815
IP 52.9.165.84:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 1e125b0dbf4eb0e5f065abfcefcdb288
b272bbe8a2aede157799ee09cc713a3b8530df5d
38c562b58f8d9489206f7ebd2f7b1a40dc04a3f14513698141b5d3fd17b4e3ce
GET /ic.php?ak=4419fb3582f78f4682e1fa79b67675582c6f9ece&m=AF&f=RUV&fs=SCR&v=17&vis=NA&ifp=0&burl=https%3A%2F%2Fmubayiro.de%2Fcampaign_1173.html%3FcoyoteAffiliTokenId%3D442916815%26aps%3D%26aps2%3D%26rlmset%3Dcube_de%26&uq=ZKBBvC6L33Dk&ac=NA&purl=http%3A%2F%2Foxbkp.track4ref.com%2F&ih=939&iw=1280&ow=1280&oh=1024&plf=Linux%20x86_64&cpu=Linux%20x86_64&lst=234lj4kl4dXfsDfkJitY323f6d3&aver=5.0%20(X11)&uagt=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&cen=UTF-8&aname=Netscape&acod=Mozilla&cd=24&zi=NA&nlang=en-US&ndrv=false&win=true&dnt=undefined&hco=16&plg=true&layer=NA&nmt=0&nbo=UTC&fsa=false&ch=939&cw=1280&sh=1024&sw=1280&bld=24&actv=visible&acc=NA&gyro=undefined&pop=false&brl=NA&brt=NA&brh=NA&brb=NA&als=NA&cam=undefined&bt=undefined&ce=true&dlmax=undefined&ntype=undefined&ofw=NA&ofh=NA&s1=85&s2=117567&s3=1173&s4=dbaf142fbe6f4ec9a44b2eff73905fdbfff3&s5=cube_de&s6=s6macro&hless=false&s7=s7macro&s8=s8macro&s9=s9macro&s10=s10macro&s11=s11macro&s12=s12macro&s13=s13macro&s14=s14macro&s15=s15macro&s16=s16macro&s17=s17macro&s18=s18macro&s19=s19macro&s20=442916815 HTTP/1.1
Host: api.botman.ninja
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mubayiro.de
Connection: keep-alive
Referer: https://mubayiro.de/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 03 Oct 2022 19:52:14 GMT
content-type: text/html; charset=UTF-8
content-length: 33
server: Apache/2.4.41 (Ubuntu)
set-cookie: PHPSESSID=sfmo4meo8uup9jcd68nb2pq48n; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-origin: https://mubayiro.de
access-control-allow-headers: Access-Control-Allow-Headers, Origin,Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-max-age: 86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.225200 OK 503 B IP 23.36.76.225:0
ASN #20940 Akamai International B.V.
Hash ff433c9569a3557d806b1480aeafece9
20bbd46383b85326837f45290ff87df708b3b310
e8e5212b8d90257f23bdb0d1d643b5e7d7528d964056c3a4a269b5e09f409f2d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E8E5212B8D90257F23BDB0D1D643B5E7D7528D964056C3A4A269B5E09F409F2D"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14297
Expires: Mon, 03 Oct 2022 23:50:31 GMT
Date: Mon, 03 Oct 2022 19:52:14 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.225200 OK 503 B IP 23.36.76.225:0
ASN #20940 Akamai International B.V.
Hash ff433c9569a3557d806b1480aeafece9
20bbd46383b85326837f45290ff87df708b3b310
e8e5212b8d90257f23bdb0d1d643b5e7d7528d964056c3a4a269b5e09f409f2d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E8E5212B8D90257F23BDB0D1D643B5E7D7528D964056C3A4A269B5E09F409F2D"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14297
Expires: Mon, 03 Oct 2022 23:50:31 GMT
Date: Mon, 03 Oct 2022 19:52:14 GMT
Connection: keep-alive
mubayiro.de/favicon.ico
130.255.79.215200 OK 84 B IP 130.255.79.215:0
ASN #29141 Bradler & Krantz GmbH & Co. KG
File type MS Windows icon resource - 1 icon, 50x50, 32 bits/pixel\012- data
Hash 3f58b7b4a090d0afb6b738089e7e25ec
19bb030057cb00b6f0b33bed77c1007879bb6ef3
40dbfde76a354cfe446ea1b114bc30af0db7823e4b15b28a8c3a46f53af52322
GET /favicon.ico HTTP/1.1
Host: mubayiro.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mubayiro.de/campaign_1173.html?coyoteAffiliTokenId=442916815&aps=&aps2=&rlmset=cube_de&
Cookie: PHPSESSID=f747j0a3soeo98lr3soefg4mtq; coyoteAffiliTokenId1173=442916815
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 21 Jun 2022 04:37:46 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Wed, 02 Nov 2022 19:52:14 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 84
content-type: image/x-icon
date: Mon, 03 Oct 2022 19:52:14 GMT
server: Apache
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.225200 OK 503 B IP 23.36.76.225:0
ASN #20940 Akamai International B.V.
Hash ff433c9569a3557d806b1480aeafece9
20bbd46383b85326837f45290ff87df708b3b310
e8e5212b8d90257f23bdb0d1d643b5e7d7528d964056c3a4a269b5e09f409f2d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E8E5212B8D90257F23BDB0D1D643B5E7D7528D964056C3A4A269B5E09F409F2D"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14297
Expires: Mon, 03 Oct 2022 23:50:31 GMT
Date: Mon, 03 Oct 2022 19:52:14 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7d589035-4143-4e43-a45c-b842ae27b9a3.jpeg
34.120.237.76200 OK 4.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7d589035-4143-4e43-a45c-b842ae27b9a3.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 34ba42086104460665f7f4f579235592
58f10485c5273cbed8159c98b9065b192ba3d00b
79f1febc020ab611c5d9a8bc1af237a63420f8215963fd97f6c4b9bccfa17d24
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7d589035-4143-4e43-a45c-b842ae27b9a3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4522
x-amzn-requestid: cc836204-3c4f-48d0-9569-b1622e6d2178
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZMVoRH9toAMFwig=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6334cfce-096ff90412945ca06335e987;Sampled=0
x-amzn-remapped-date: Wed, 28 Sep 2022 22:50:54 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: fudDd0zzDKrnJFkd5SprRVtrhRWr9sSccbhORco9XUEJTO2TXYouzQ==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 d01e7742f82df0bbc1fb681d709ed69c.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 17:50:25 GMT
age: 7309
etag: "58f10485c5273cbed8159c98b9065b192ba3d00b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98a090b5-0736-4ddd-b6ca-3c76661e7051.jpeg
34.120.237.76200 OK 8.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98a090b5-0736-4ddd-b6ca-3c76661e7051.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 721a8d8f94c3796abf021978fcdbc831
3fc3aeae907a0ce0db21753c67c1000681e48b8e
cb497b15e7c2e49930b99f8d6659f0394acefb7b11613ca04397ee782dac759d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98a090b5-0736-4ddd-b6ca-3c76661e7051.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 8158
x-amzn-requestid: 424c8c6c-7075-4ace-97e6-2b0a609d1b7e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZZXDxGRlIAMFZrA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633a054b-046d963a345c15e81dc74e4d;Sampled=0
x-amzn-remapped-date: Sun, 02 Oct 2022 21:40:27 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: aFBTRAsXhi4io7fSc02hftf9hRQ-J5yaBgU4Wgwijyir30xjTjdMLQ==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 b8c4a4ca04bb1976e020396d211bc8dc.cloudfront.net (CloudFront), 1.1 google
date: Sun, 02 Oct 2022 21:46:36 GMT
age: 79538
etag: "3fc3aeae907a0ce0db21753c67c1000681e48b8e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F180dee10-1cde-4fbe-8a74-62b7b3bdb1e2.jpeg
34.120.237.76200 OK 6.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F180dee10-1cde-4fbe-8a74-62b7b3bdb1e2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 206fb65e75dbadf119512f71e0b78402
58ff0bf8ce7528b303d28bab01a80ad721705569
56c8d5f3b3060ee54bf81995269b86c070855d8c33bf437161339a45b309703f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F180dee10-1cde-4fbe-8a74-62b7b3bdb1e2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6315
x-amzn-requestid: 6aa75b16-32e4-48a7-9fb0-9e3d5528c2d5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZWSdsHUnIAMFXtw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6338cabd-742d8a436403683e0cd9368f;Sampled=0
x-amzn-remapped-date: Sat, 01 Oct 2022 23:18:21 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 5sAzc5Ewv4g6Wqq6JJiLylG3Jyy_nlWrr5Oteeo6ebEgq7Rvss4XaQ==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 04:42:51 GMT
age: 54563
etag: "58ff0bf8ce7528b303d28bab01a80ad721705569"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F382faf63-655f-460a-9545-c4d888a724c6.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F382faf63-655f-460a-9545-c4d888a724c6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 36debc920b17e124779c01af9101a59e
b105f7bf041365d644c98c7e11ffa75e4656d29d
f518ccd094d0e187b91cfd36dfb282566c0d088ce13501157dc97c702211d938
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F382faf63-655f-460a-9545-c4d888a724c6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10839
x-amzn-requestid: 67718257-ee21-44f0-80bd-f15cea37ac5c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZZWcKFD0IAMFV7Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633a044d-09a45a242bf4bdfe0f4608e4;Sampled=0
x-amzn-remapped-date: Sun, 02 Oct 2022 21:36:13 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: pS33yyA441ZNn2dtNy6mVDnm-rmd_Vi_M0q9ZN2AKGMUT7l-nEuEvw==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 5954c6394458ffb44c970b3819d7ff2a.cloudfront.net (CloudFront), 1.1 google
date: Sun, 02 Oct 2022 21:58:18 GMT
age: 78836
etag: "b105f7bf041365d644c98c7e11ffa75e4656d29d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F954ddf3b-951c-46b3-a8ce-00e3bd3ef239.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F954ddf3b-951c-46b3-a8ce-00e3bd3ef239.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash bed17699f6b123b33b8df416b23c4cac
36458cca636c4ffc873df8acd254ff726b1a9544
65dac85ddf2d9918696ea270a5a3d034e07e43ca5714f169747feee09fc4b897
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F954ddf3b-951c-46b3-a8ce-00e3bd3ef239.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10490
x-amzn-requestid: a7e4d6b4-be77-41a9-94dd-83167d5b002e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y5tUrE72oAMFZYQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632d5c1d-1ba0805b629e657b60ff1b85;Sampled=0
x-amzn-remapped-date: Fri, 23 Sep 2022 07:11:25 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: DZ6ZMlje50ktV6_cABRx3fr4Dke7Z2UhNhBDi1aCK00kRPTlnG691A==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 cd858042f70b416ca05e042acf3908a4.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 03:36:14 GMT
age: 58560
etag: "36458cca636c4ffc873df8acd254ff726b1a9544"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcd0be942-f345-4da4-974e-a9fe16b90b3c.jpeg
34.120.237.76200 OK 9.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcd0be942-f345-4da4-974e-a9fe16b90b3c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 523edd86af4757d0bc5fa5b3b8a3596a
8118ee462077c291b9d6f1402b85b55a9ceba8c2
c27de9970317636df8c4a517a9ed38e573235b351bf92c9b8bb1f964cd100031
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcd0be942-f345-4da4-974e-a9fe16b90b3c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9083
x-amzn-requestid: fda71fd3-ef25-4a63-94ae-1bfc8aef8d14
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZZXD2H0DIAMFjrg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633a054b-198915fc17ce3dab571b7575;Sampled=0
x-amzn-remapped-date: Sun, 02 Oct 2022 21:40:27 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: BobS2JU-TqDuL8q31SVlerM15cRoMhL1oM5MkL7MVhY9RZG_Ukp5yA==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 68fadeb91f97256bb67b03bfca74d830.cloudfront.net (CloudFront), 1.1 google
date: Sun, 02 Oct 2022 21:46:36 GMT
age: 79538
etag: "8118ee462077c291b9d6f1402b85b55a9ceba8c2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 63ee7e605da25dbf1d62eea30a1ef246
c86b43b61afc5926ee7bc124cc30598d37ceb661
cb737283476421b6ce93b2909cf5277e82a7adbc3001f66946ff59ad6fabfdb2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 03 Oct 2022 19:52:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.gstatic.com/recaptcha/releases/a9s0j4pCVT6gaTEkLiFbtZPH/recaptcha__en.js
142.250.74.163200 OK 159 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/a9s0j4pCVT6gaTEkLiFbtZPH/recaptcha__en.js
IP 142.250.74.163:0
File type ASCII text, with very long lines (711)
Size 159 kB (158844 bytes)
Hash b4ed95d4318e3b78b936c9c0f1ffa96e
b53c9376b1459afb07fb4b5c2e8d8dad776d3a02
3c21880cb7be6bec40f9d40c23ad39c9758999cf950cec07b86c83b21fde175f
GET /recaptcha/releases/a9s0j4pCVT6gaTEkLiFbtZPH/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mubayiro.de
Connection: keep-alive
Referer: https://mubayiro.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 158844
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 01 Oct 2022 01:05:31 GMT
expires: Sun, 01 Oct 2023 01:05:31 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 26 Sep 2022 04:02:34 GMT
content-type: text/javascript
age: 240403
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 0ac04f7c449093fff4f846a7ae56cd4f
50aeb5664545a0dec4173920a274e906bcbcdf6f
18eff2566317aba7b70ee558e8cba42231eb4eae31e903501dc122c751d6993b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 03 Oct 2022 19:52:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
event.trk-consulatu.com/register/event_log/zngxrmn8go
172.64.168.3200 OK 0 B URL HTTP/2 event.trk-consulatu.com/register/event_log/zngxrmn8go
IP 172.64.168.3:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /register/event_log/zngxrmn8go HTTP/1.1
Host: event.trk-consulatu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://mubayiro.de/
Origin: https://mubayiro.de
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 03 Oct 2022 19:52:15 GMT
content-length: 0
access-control-allow-headers: content-type
access-control-expose-headers: Authorization, Link, X-Total-Count
access-control-allow-origin: https://mubayiro.de
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-max-age: 1800
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fgaSDiwf06f75uhKqupcCGR%2BKreZ%2FLR36%2F9mLGUckrHABEtNf453q8OPBm7bjrel4avZnpa4Yk%2FTczuILRD6UtGBdCFS3bLDzQe3BVZUBdvmTCh7bP%2Fb6WaO8dBjYlSpJdTfr7M%2BgsUT3g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75483795cc0475cc-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
event.trk-consulatu.com/register/event_log/zngxrmn8go
172.64.168.3200 OK 0 B URL HTTP/2 event.trk-consulatu.com/register/event_log/zngxrmn8go
IP 172.64.168.3:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /register/event_log/zngxrmn8go HTTP/1.1
Host: event.trk-consulatu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://mubayiro.de/
Origin: https://mubayiro.de
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 03 Oct 2022 19:52:15 GMT
content-length: 0
access-control-allow-headers: content-type
access-control-expose-headers: Authorization, Link, X-Total-Count
access-control-allow-origin: https://mubayiro.de
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-max-age: 1800
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QB%2BuUzkwrneZoVxhnQN5MJ3cLxRtd%2BM6OEXwVSkeQWIZ364wEAbYiGfVxWaDOe%2FK5r%2Bg4p66OZpm%2BArdEdR9%2BChdIOZskYh0vdH%2Fj4YjGDdMPGitkAwk1xqR%2FtA7T%2Bnb3QdRc1VD2v1%2FhQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75483795dc1b75cc-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
event.trk-consulatu.com/register/event_log/zngxrmn8go
172.64.168.3200 OK 0 B URL HTTP/2 event.trk-consulatu.com/register/event_log/zngxrmn8go
IP 172.64.168.3:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /register/event_log/zngxrmn8go HTTP/1.1
Host: event.trk-consulatu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mubayiro.de/
Content-type: application/json
Origin: https://mubayiro.de
Content-Length: 148
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 03 Oct 2022 19:52:15 GMT
content-length: 0
expires: 0
cache-control: no-cache, no-store, max-age=0, must-revalidate
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
x-pushplatformapp-params:
content-security-policy: default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src https://* data:; font-src 'self' data:
x-pushplatformapp-alert: pushPlatformApp.pushSubscription.deleted
x-frame-options: DENY
access-control-expose-headers: Authorization, Link, X-Total-Count
access-control-allow-origin: https://mubayiro.de
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
access-control-allow-credentials: true
x-content-type-options: nosniff
feature-policy: geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; fullscreen 'self'; payment 'none'
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HxsL47VVtWuoWbNLN4DW3vr0p5UaieS41b02Q1LjAvybhhZ1eaUuYGNs9WpGWM3oBTXfxJLYhGIXNR5wDzZg3bv6MYRcsUX7RJhR8vF6jQ6tK72Ixv7BLd2Qm5ve2bLdAPfBK%2FgkCuRCow%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 754837967d4575cc-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
event.trk-consulatu.com/register/event_log/zngxrmn8go
172.64.168.3200 OK 0 B URL HTTP/2 event.trk-consulatu.com/register/event_log/zngxrmn8go
IP 172.64.168.3:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /register/event_log/zngxrmn8go HTTP/1.1
Host: event.trk-consulatu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mubayiro.de/
Content-type: application/json
Origin: https://mubayiro.de
Content-Length: 109
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 03 Oct 2022 19:52:15 GMT
content-length: 0
expires: 0
cache-control: no-cache, no-store, max-age=0, must-revalidate
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
x-pushplatformapp-params:
content-security-policy: default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src https://* data:; font-src 'self' data:
x-pushplatformapp-alert: pushPlatformApp.pushSubscription.deleted
x-frame-options: DENY
access-control-expose-headers: Authorization, Link, X-Total-Count
access-control-allow-origin: https://mubayiro.de
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
access-control-allow-credentials: true
x-content-type-options: nosniff
feature-policy: geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; fullscreen 'self'; payment 'none'
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uYAsdL5dCvHeKrblusID9ynNUA7YMPqmAAzv8aZflwCbYhbq3dpo4XT3GC7gyA9%2BH3zWBYFBf0MXBueRDHYjtys0B%2B35ZkNSTQjCc6gf93sqASAPyhGPFckycWTe99PL8CpSXnumMpjiYg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 754837969d7d75cc-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.195200 OK 15 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Hash 5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 01 Oct 2022 12:31:58 GMT
expires: Sun, 01 Oct 2023 12:31:58 GMT
cache-control: public, max-age=31536000
age: 199217
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Hash 285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 30 Sep 2022 00:48:31 GMT
expires: Sat, 30 Sep 2023 00:48:31 GMT
cache-control: public, max-age=31536000
age: 327824
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
rltools.de/traffic_check01/check.php?click_id=track_20221003195213_c2a6e899_c9af_4af2_b84e_2c44585cbdeb
85.13.149.2200 OK 215 B URL HTTP/2 rltools.de/traffic_check01/check.php?click_id=track_20221003195213_c2a6e899_c9af_4af2_b84e_2c44585cbdeb
IP 85.13.149.2:0
ASN #34788 Neue Medien Muennich GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash 1fdd2b69fa2a30707bce6aec43f1d23a
617dd63a9cc08837a56844eccdcb05d19babd122
44e020e684911f1cddf92ede3ef69aa3988926a0fcadba00c951c9d6ff490f9b
GET /traffic_check01/check.php?click_id=track_20221003195213_c2a6e899_c9af_4af2_b84e_2c44585cbdeb HTTP/1.1
Host: rltools.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mubayiro.de
Connection: keep-alive
Referer: https://mubayiro.de/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
vary: Accept-Encoding,User-Agent
content-encoding: br
content-type: application/json
date: Mon, 03 Oct 2022 19:52:15 GMT
server: Apache
X-Firefox-Spdy: h2
gdmtrck.com/?a=117567&c=279565&s1=&s2=cdhsx633b3d5b0007191e&s3=&s4=&s5=&s6=
34.242.255.201302 Found 0 B URL HTTP/2 gdmtrck.com/?a=117567&c=279565&s1=&s2=cdhsx633b3d5b0007191e&s3=&s4=&s5=&s6=
IP 34.242.255.201:0
GET /?a=117567&c=279565&s1=&s2=cdhsx633b3d5b0007191e&s3=&s4=&s5=&s6= HTTP/1.1
Host: gdmtrck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://oxbkp.track4ref.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Mon, 03 Oct 2022 19:52:12 GMT
content-type: text/html;charset=ISO-8859-1
location: https://www.jetzt-dabei-sein.com/de,flexfancy,zooloo_910.html?idPartner=85&&idCampaignAd=0&subId=117567&subIdentifier=dbaf142fbe6f4ec9a44b2eff73905fdbfff3&aps=&aps2=&rlmset=cube_de
server: nginx
set-cookie: gdm_click_adv_freq_v1_1_001=fLD5x/On/zUg7UtwirCWoBmHRXLRdm8qUmGMdvlFHEw8OhjSgY+TbfZrtzKi9w90; Domain=.gdmtrck.com; Expires=Sun, 01-Jan-2023 19:52:12 GMT; Path=/
gdm_sid_v2_3_001=6F01SatdJvYIboOoY9z2X1+wcTFBoPWwI55wlEBDk4dpACh9b15w3O3GeoK6x0kqG9pxmdgGj/RrI2/vP3L3Dw4qjsrA0GLARok3GeAOjTgrqc+UWUEVDKd5Jat12wlajhrWyfnudkqOpoQylUwjPf5MT/+mTHhEGgSVGihyxLF654GcRnHD1/+DOXMt2desPFMtyGtYwp0hWt02n6bKWnHKVk7MHBFWde64blCLoy7Y4PXqnO/4qijGDRNCZZr669jVr+LMaSExu9/tfiBruG1V6IYr1XFDKusWoGxbERGWkBDU/j/Ae6P0hkxc3KcAnXCXHP/URw1nUXiusNpZ9NnkM7MZT3Nnrzab+DpoGXU83fwOUTObCmhL1JIfb2L6VkdF+ycvQiv4+QRJ75fiG3Gndcgcv0SDgKNf3m+BWFnP/6UmSwYU0AZBwuOnSdKGLUTOL62qJWrXMcjip3JixCAEAWpd0ZI/uUt6KxUf0HYoNF3EfpoxU4OdRlqDWY2CnTRD47nkrP6PV2jy/c1VD90VHkL49LG5e65apEVdnePN4y5AOvPvNubIEavgoqP74qE67P6ItSe+96DO55PO1FnWtCiU//IDowaiUauI3zLdYvBm28Ef2GtM5OxFQbA0tCiezEjHKt8V4aemGjqow/xAk1XVkDZw1JVux1BtdIqjWkCB9QqbpocbassEu1Fx0NT2mPaHgm2DSb6hLZ5oMY2XzM6pJnHDXzbriqtrFmdT5ajKGaqX4fixqF7oU9btiVyrlqUBFK/cHri4jXqDRnCw0GBffWCKDztPrPPoHlVWlTh+hdw5RdOOI4Y3HCUfb1jmRZVUXDaTh/tWZlAjmIeDd5C/QJpWVK/+cR3Rf7MqvAmVmj5duZtAg73vmwG75ujOpOK9JYcLll7KhK3BquZZbR1p3CEEwwFRyBjbPzXswqWVT2c9sIqIsSj5Q7hzJSnz53Jqiq2CQx7QeC2JtEhq6y/zXR2mPo8GjUHCHXeh4alQHu0FtEYqEwmkxi3eQQ6EjGKlwqjoQeKbflNHbPwnSWLL7jnZtJ05s9DwCfw=; Domain=.gdmtrck.com; Expires=Sun, 01-Jan-2023 19:52:12 GMT; Path=/; Secure; SameSite=None
gdm_click_freq_v1_1_001=zqodihupMbW9oUMoWdwx17VUaz09zY3xudf7K8nc++V1Z2QEZ49cPj0hs0PTKfiB; Domain=.gdmtrck.com; Expires=Sun, 01-Jan-2023 19:52:12 GMT; Path=/
gdm_uid_v2_1_001=qGnu63wv820xh+tzGfbNkqtjsZzv4A2NkyESQZAFgIB0wLhwr4EARulFhQj4d7i6; Domain=.gdmtrck.com; Expires=Sun, 01-Jan-2023 19:52:12 GMT; Path=/; Secure; SameSite=None
gdm_suid_v1_1_001=HPfHs3OFxkaNOwO68jCjbQ==; Domain=.gdmtrck.com; Expires=Sun, 01-Jan-2023 19:52:12 GMT; Path=/
gdm_uid_v1_1_001=qGnu63wv820xh+tzGfbNkqtjsZzv4A2NkyESQZAFgIB0wLhwr4EARulFhQj4d7i6; Domain=.gdmtrck.com; Expires=Sun, 01-Jan-2023 19:52:12 GMT; Path=/
gdm_click_freq_v2_1_001=zqodihupMbW9oUMoWdwx17VUaz09zY3xudf7K8nc++V1Z2QEZ49cPj0hs0PTKfiB; Domain=.gdmtrck.com; Expires=Sun, 01-Jan-2023 19:52:12 GMT; Path=/; Secure; SameSite=None
gdm_click_adv_freq_v2_1_001=fLD5x/On/zUg7UtwirCWoBmHRXLRdm8qUmGMdvlFHEw8OhjSgY+TbfZrtzKi9w90; Domain=.gdmtrck.com; Expires=Sun, 01-Jan-2023 19:52:12 GMT; Path=/; Secure; SameSite=None
gdm_sid_v1_3_001=6F01SatdJvYIboOoY9z2X1+wcTFBoPWwI55wlEBDk4dpACh9b15w3O3GeoK6x0kqG9pxmdgGj/RrI2/vP3L3Dw4qjsrA0GLARok3GeAOjTgrqc+UWUEVDKd5Jat12wlajhrWyfnudkqOpoQylUwjPf5MT/+mTHhEGgSVGihyxLF654GcRnHD1/+DOXMt2desPFMtyGtYwp0hWt02n6bKWnHKVk7MHBFWde64blCLoy7Y4PXqnO/4qijGDRNCZZr669jVr+LMaSExu9/tfiBruG1V6IYr1XFDKusWoGxbERGWkBDU/j/Ae6P0hkxc3KcAnXCXHP/URw1nUXiusNpZ9NnkM7MZT3Nnrzab+DpoGXU83fwOUTObCmhL1JIfb2L6VkdF+ycvQiv4+QRJ75fiG3Gndcgcv0SDgKNf3m+BWFnP/6UmSwYU0AZBwuOnSdKGLUTOL62qJWrXMcjip3JixCAEAWpd0ZI/uUt6KxUf0HYoNF3EfpoxU4OdRlqDWY2CnTRD47nkrP6PV2jy/c1VD90VHkL49LG5e65apEVdnePN4y5AOvPvNubIEavgoqP74qE67P6ItSe+96DO55PO1FnWtCiU//IDowaiUauI3zLdYvBm28Ef2GtM5OxFQbA0tCiezEjHKt8V4aemGjqow/xAk1XVkDZw1JVux1BtdIqjWkCB9QqbpocbassEu1Fx0NT2mPaHgm2DSb6hLZ5oMY2XzM6pJnHDXzbriqtrFmdT5ajKGaqX4fixqF7oU9btiVyrlqUBFK/cHri4jXqDRnCw0GBffWCKDztPrPPoHlVWlTh+hdw5RdOOI4Y3HCUfb1jmRZVUXDaTh/tWZlAjmIeDd5C/QJpWVK/+cR3Rf7MqvAmVmj5duZtAg73vmwG75ujOpOK9JYcLll7KhK3BquZZbR1p3CEEwwFRyBjbPzXswqWVT2c9sIqIsSj5Q7hzJSnz53Jqiq2CQx7QeC2JtEhq6y/zXR2mPo8GjUHCHXeh4alQHu0FtEYqEwmkxi3eQQ6EjGKlwqjoQeKbflNHbPwnSWLL7jnZtJ05s9DwCfw=; Domain=.gdmtrck.com; Expires=Sun, 01-Jan-2023 19:52:12 GMT; Path=/
gdm_suid_v2_1_001=HPfHs3OFxkaNOwO68jCjbQ==; Domain=.gdmtrck.com; Expires=Sun, 01-Jan-2023 19:52:12 GMT; Path=/; Secure; SameSite=None
content-language: en-US
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,X-Auth,Pasha-Jlob
X-Firefox-Spdy: h2
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
104.18.11.207200 OK 0 B URL HTTP/2 maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
IP 104.18.11.207:0
GET /font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mubayiro.de/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 03 Oct 2022 19:52:13 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: SE
cdn-edgestorageid: 722, 617
last-modified: Mon, 25 Jan 2021 22:04:55 GMT
cdn-cachedat: 2021-03-10 20:26:20
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-content-type-options: nosniff
cdn-requestid: 121d365db7a9aba3915641185d93b963
cdn-cache: HIT
cf-cache-status: HIT
age: 14137540
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 7548378ea86db51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cleanleadsonly.com/j/4835109d48c9e17ffe
62.212.87.244200 OK 0 B URL HTTP/1.1 cleanleadsonly.com/j/4835109d48c9e17ffe
IP 62.212.87.244:0
ASN #60781 LeaseWeb Netherlands B.V.
GET /j/4835109d48c9e17ffe HTTP/1.1
Host: cleanleadsonly.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mubayiro.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2022 19:52:13 GMT
ETag: a6429a65633b3d6dc87895ff9780d3d4--gzip
Cache-Control: private, max-age=0, no-cache, must-revalidate
Pragma: no-cache
Accept-CH: Width, Viewport-Width, Viewport-Height, Device-Memory, Content-DPR, DPR, Save-Data, Downlink, ECT, RTT, Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List
Content-Type: text/javascript;charset=utf-8
Vary: Accept-Encoding, User-Agent
Content-Encoding: gzip
www.rltools.de/rlm_analytics/rlm_stat.php
85.13.149.2200 OK 0 B URL HTTP/2 www.rltools.de/rlm_analytics/rlm_stat.php
IP 85.13.149.2:0
ASN #34788 Neue Medien Muennich GmbH
POST /rlm_analytics/rlm_stat.php HTTP/1.1
Host: www.rltools.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 191
Origin: https://mubayiro.de
Connection: keep-alive
Referer: https://mubayiro.de/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-allow-methods: GET, PUT, POST, DELETE, OPTIONS
access-control-max-age: 1000
access-control-allow-headers: Content-Type, Authorization, X-Requested-With
vary: Accept-Encoding,User-Agent
content-encoding: br
content-type: application/json; charset=utf-8
date: Mon, 03 Oct 2022 19:52:15 GMT
server: Apache
X-Firefox-Spdy: h2
www.rltools.de/rlm_analytics/rlm_stat.php
85.13.149.2200 OK 0 B URL HTTP/2 www.rltools.de/rlm_analytics/rlm_stat.php
IP 85.13.149.2:0
ASN #34788 Neue Medien Muennich GmbH
POST /rlm_analytics/rlm_stat.php HTTP/1.1
Host: www.rltools.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 85
Origin: https://mubayiro.de
Connection: keep-alive
Referer: https://mubayiro.de/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-allow-methods: GET, PUT, POST, DELETE, OPTIONS
access-control-max-age: 1000
access-control-allow-headers: Content-Type, Authorization, X-Requested-With
vary: Accept-Encoding,User-Agent
content-encoding: br
content-type: application/json; charset=utf-8
date: Mon, 03 Oct 2022 19:52:20 GMT
server: Apache
X-Firefox-Spdy: h2
rlmgws-data.s3-accelerate.amazonaws.com/flexfancy/scripts/logic_new.js
54.230.83.233200 OK 0 B URL HTTP/1.1 rlmgws-data.s3-accelerate.amazonaws.com/flexfancy/scripts/logic_new.js
IP 54.230.83.233:0
GET /flexfancy/scripts/logic_new.js HTTP/1.1
Host: rlmgws-data.s3-accelerate.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mubayiro.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 244837
Connection: keep-alive
x-amz-id-2: 1cVYunW9mBCNyKWfuQWekmycqrr2m5iNrAh9nUsfqrHfK6X6Uj3tUEHrEm8b6mpwt6vg77xiwn8=
x-amz-request-id: HYX2GZ9ZG5WS2GAB
Date: Mon, 03 Oct 2022 19:52:14 GMT
Last-Modified: Fri, 23 Sep 2022 10:20:23 GMT
ETag: "24a7fd1a4c40b99ee49e7a6b03e16a27"
Accept-Ranges: bytes
Server: AmazonS3
X-Cache: Miss from cloudfront
Via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: uN4h41oPwQ_hfugP0E9Zz-kE-Sh7dIDHRMkmfRFJ03xyhoklexZILg==
trk-consulatu.com/scripts/push/script/l4ev3xvd1w?url=mubayiro.de
172.64.168.3200 OK 0 B URL HTTP/2 trk-consulatu.com/scripts/push/script/l4ev3xvd1w?url=mubayiro.de
IP 172.64.168.3:0
GET /scripts/push/script/l4ev3xvd1w?url=mubayiro.de HTTP/1.1
Host: trk-consulatu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mubayiro.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 03 Oct 2022 19:52:14 GMT
content-type: application/javascript;charset=UTF-8
expires: 0
cache-control: no-cache, no-store, max-age=0, must-revalidate
x-xss-protection: 1; mode=block
pragma: no-cache
x-frame-options: DENY
referrer-policy: strict-origin-when-cross-origin
content-security-policy: default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src https://* data:; font-src 'self' data:
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-content-type-options: nosniff
feature-policy: geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; fullscreen 'self'; payment 'none'
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q1E1Lujmw9UjWQWDD7fCqP74SHCCP%2BmLMWxiYg1XkIPlJx7f8Q4HITmypI%2Bau9Bt9sBnjzrAMCdcHTKCdGCkMACx21hotys1XehrFxdtyrc4su02mazK7%2BnNQa2f9TGUoO3dKw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75483790a861731e-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.rltools.de/rlm_analytics/rlm_stat.php
85.13.149.2200 OK 0 B URL HTTP/2 www.rltools.de/rlm_analytics/rlm_stat.php
IP 85.13.149.2:0
ASN #34788 Neue Medien Muennich GmbH
POST /rlm_analytics/rlm_stat.php HTTP/1.1
Host: www.rltools.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 16
Origin: https://mubayiro.de
Connection: keep-alive
Referer: https://mubayiro.de/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-allow-methods: GET, PUT, POST, DELETE, OPTIONS
access-control-max-age: 1000
access-control-allow-headers: Content-Type, Authorization, X-Requested-With
vary: Accept-Encoding,User-Agent
content-encoding: br
content-type: application/json; charset=utf-8
date: Mon, 03 Oct 2022 19:52:14 GMT
server: Apache
X-Firefox-Spdy: h2
www.rltools.de/rlm_analytics/rlm_stat.php
85.13.149.2200 OK 0 B URL HTTP/2 www.rltools.de/rlm_analytics/rlm_stat.php
IP 85.13.149.2:0
ASN #34788 Neue Medien Muennich GmbH
POST /rlm_analytics/rlm_stat.php HTTP/1.1
Host: www.rltools.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 73
Origin: https://mubayiro.de
Connection: keep-alive
Referer: https://mubayiro.de/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-allow-methods: GET, PUT, POST, DELETE, OPTIONS
access-control-max-age: 1000
access-control-allow-headers: Content-Type, Authorization, X-Requested-With
vary: Accept-Encoding,User-Agent
content-encoding: br
content-type: application/json; charset=utf-8
date: Mon, 03 Oct 2022 19:52:15 GMT
server: Apache
X-Firefox-Spdy: h2