detectportal.firefox.com/success.txt?ipv4
200 OK 8 B URL HTTP/1.1 detectportal.firefox.com/success.txt?ipv4
IP
Hash ae780585f49b94ce1444eb7d28906123
7d5ca8c0c03e883c56c4eb1ef6f6bb9bccad4d86
81b2bd4ea98c8db66554fbc8d7637a1a69a130f331feb732b75caab4c4868fd5
GET /success.txt?ipv4 HTTP/1.1
Host: detectportal.firefox.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Length: 8
Via: 1.1 google
Date: Tue, 06 Sep 2022 09:44:06 GMT
Age: 78667
Content-Type: text/plain
Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
soily.com/http:/soily.com/mtm/async/
200 OK 7.1 kB URL HTTP/1.1 soily.com/http:/soily.com/mtm/async/
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (307)
Hash 2de0479a550486e3d9940c8554908aba
71e1c7a37baa50d9640157cde5030c9de8ad277b
9143d76c4ea5066adfb3df661696d77f6530eef3fc79eefe9a209a7ed441f9d8
Analyzer Verdict Alert fortinet Malware
GET /http:/soily.com/mtm/async/ HTTP/1.1
Host: soily.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
server: openresty/1.13.6.1
date: Wed, 07 Sep 2022 07:35:13 GMT
content-type: text/html; charset=utf-8
content-length: 7051
vary: Accept-Language
content-language: en
connection: close
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash b9adda4796e3cda8d92753c46964621c
5f1eba1f6085b23dea088a91fe6f8947172f9f62
a0577a8fcfa81b3f86d99566eb4429655b93a238ffd1a3752bc9aae3d969deea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A0577A8FCFA81B3F86D99566EB4429655B93A238FFD1A3752BC9AAE3D969DEEA"
Last-Modified: Tue, 06 Sep 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4505
Expires: Wed, 07 Sep 2022 08:50:19 GMT
Date: Wed, 07 Sep 2022 07:35:14 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 1d2d5a5cb5a0eb9006019ec8a8a7a60c
a97cb86a600ae223434604442f997504bc3a293b
fe016a09001e17224ac6ac11c76b7c4fa98bc99480575b6e0ae3ca22805148d3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FE016A09001E17224AC6AC11C76B7C4FA98BC99480575B6E0AE3CA22805148D3"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9239
Expires: Wed, 07 Sep 2022 10:09:13 GMT
Date: Wed, 07 Sep 2022 07:35:14 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-06-30-19-51-38.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-06-30-19-51-38.chain
IP
File type PEM certificate\012- , ASCII text
Hash 48ca0beea419a9039591cf1aee5179e0
9e92629f505fcc07aab51221e8fe62197a23e307
630a5f110337b4a4876aa85c21107d9e8f2550bcc60f023a4777d895b17399fd
GET /chains/remote-settings.content-signature.mozilla.org-2022-06-30-19-51-38.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Wed, 11 May 2022 19:51:39 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Wed, 07 Sep 2022 01:34:59 GMT
etag: "48ca0beea419a9039591cf1aee5179e0"
x-cache: Hit from cloudfront
via: 1.1 f66e3db0f0449307dba3fbf72bbf3bac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: OT-bTKjIK65MxobJ3RWbtGwZBKye7rZfgZ9g1jMPcMjfF9zlXcLVyQ==
age: 22389
X-Firefox-Spdy: h2
getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US®ion=NO&count=30
200 OK 46 kB URL HTTP/2 getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US®ion=NO&count=30
IP
File type JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Hash 2965594404b2c4ccca5580bd2146f20c
ec072b91fb81aaa9a3178097c643e06494a10f47
93153c655a9704aee29dddc1c30dc32beaaef8096c698c38ddb2bb1c2253554f
GET /v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US®ion=NO&count=30 HTTP/1.1
Host: getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
vary: Accept-Encoding
content-location: global-recs.php
tcn: choice
x-frame-options: SAMEORIGIN
status: 200 OK
x-source: Pocket
pragma: cache
p3p: policyref="/w3c/p3p.xml", CP="ALL CURa ADMa DEVa OUR IND UNI COM NAV INT STA PRE"
x-cache: Hit from cloudfront
x-amz-cf-pop: SEA19-C1
x-amz-cf-id: 8nfnJ7fV0_HJGhgsTnd1qkKcjDaHfuvMic7Z1q_JkDbOezhO1Lh2_A==
content-encoding: gzip
via: 1.1 60b744e5b364d04abea9fa6686121242.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Sep 2022 07:30:36 GMT
age: 278
content-type: application/json
content-length: 46097
cache-control: s-maxage=900,public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 07 Sep 2022 07:35:14 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 99b7d23c1748d0526782b9ff9ea45f09
eadd801a3ba2aa00632c6fb52e1f9125bd6d5b4f
48f81668f76955320480b484138aebdad5d03c471036b4449c737aca1ecab08e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Content-Length, Backoff, Retry-After, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 07 Sep 2022 06:39:56 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 4FZ2yaE4oCP_8btuXrrnr9SB7S4aIlqYHTZ8QtgKT3DFjAs5AOAoaw==
Age: 3318
soily.com/mtm/async/.eJxdjEsOwjAMRO-SZYlqllDEWZCJ3NZSnITEQCrE3UkBsWA38-bzMNfMZjAwq6YBSmS_9C4KiApgWYIDYw3mqbRSU5lGypQ_Zo5FTwGFmv0t17pzlLRBpartWbzFlDw7VI4B6ko29Z-KP1yO235vWXAiwBuPX3mnc7IddO98Z54vvjc9Uw:1oVpab:HnR8ALe16FTS85hmClH6w9OP1VY/1/0
200 OK 461 B URL HTTP/1.1 soily.com/mtm/async/.eJxdjEsOwjAMRO-SZYlqllDEWZCJ3NZSnITEQCrE3UkBsWA38-bzMNfMZjAwq6YBSmS_9C4KiApgWYIDYw3mqbRSU5lGypQ_Zo5FTwGFmv0t17pzlLRBpartWbzFlDw7VI4B6ko29Z-KP1yO235vWXAiwBuPX3mnc7IddO98Z54vvjc9Uw:1oVpab:HnR8ALe16FTS85hmClH6w9OP1VY/1/0
IP
File type ASCII text, with very long lines (461), with no line terminators
Hash 60574fb254a48fcca0f19f162799924b
00d91cede115a0572d6f91eb65e4cd1d3b2491a3
7e1da65339f3c0a80510039339624da4d9db77f4dd3e95a2d65b6cbae1a83b11
Analyzer Verdict Alert fortinet Malware
GET /mtm/async/.eJxdjEsOwjAMRO-SZYlqllDEWZCJ3NZSnITEQCrE3UkBsWA38-bzMNfMZjAwq6YBSmS_9C4KiApgWYIDYw3mqbRSU5lGypQ_Zo5FTwGFmv0t17pzlLRBpartWbzFlDw7VI4B6ko29Z-KP1yO235vWXAiwBuPX3mnc7IddO98Z54vvjc9Uw:1oVpab:HnR8ALe16FTS85hmClH6w9OP1VY/1/0 HTTP/1.1
Host: soily.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://soily.com/http:/soily.com/mtm/async/
Connection: keep-alive
HTTP/1.1 200 OK
server: openresty/1.13.6.1
date: Wed, 07 Sep 2022 07:35:14 GMT
content-type: text/html; charset=utf-8
content-length: 461
vary: Accept-Language
content-language: en
set-cookie: mtm_delivered=WyJzb2lseS5jb20iLCJodHRwOi8vd3d3MS5zb2lseS5jb20vP3RtPTEmc3ViaWQ0PTE2NjI1MzYwOTAuMDI2MzMyMDAwMCZLVzE9TG93ZXN0JTIwQ2FyJTIwSW5zdXJhbmNlJTIwUmF0ZXMmS1cyPVNvY2lhbCUyME1lZGlhJTIwQXV0b21hdGlvbiUyME1hcmtldGluZyUyMFNvZnR3YXJlJktXMz1PbmxpbmUlMjBDYXJlZXIlMjBDb3Vuc2VsaW5nJTIwUHJvZ3JhbXMmS1c0PUJlc3QlMjBNb3J0Z2FnZSUyMFJlZmluYW5jaW5nJTIwUmF0ZXMmS1c1PU9ubGluZSUyMENhcmVlciUyMENvdW5zZWxpbmclMjBQcm9ncmFtcyZLVzY9TG93ZXN0JTIwQ2FyJTIwSW5zdXJhbmNlJTIwUmF0ZXMmS1c3PUdldCUyMGFuJTIwT25saW5lJTIwRGVncmVlJktXOD1Tb2NpYWwlMjBNZWRpYSUyMEF1dG9tYXRpb24lMjBNYXJrZXRpbmclMjBTb2Z0d2FyZSZLVzk9TG93ZXN0JTIwQ2FyJTIwSW5zdXJhbmNlJTIwUmF0ZXMmc2VhcmNoYm94PTAmYmFja2ZpbGw9MCIsMSwiMjAyMi0wOS0wNyAwNzozNDo1MCIsMiwiMTY2MjUzNjA5MC4wMjYzMzIyMTM0IiwzMDgsbnVsbCxudWxsXQ:1oVpac:-M6PKMKk9pozlk_CRdUxhZrFcQY; expires=Wed, 07-Sep-2022 08:35:14 GMT; Max-Age=3600; Path=/
connection: close
soily.com/favicon.ico
200 OK 43 B IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /favicon.ico HTTP/1.1
Host: soily.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://soily.com/http:/soily.com/mtm/async/
HTTP/1.1 200 OK
server: openresty/1.13.6.1
date: Wed, 07 Sep 2022 07:35:14 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
connection: close
detectportal.firefox.com/success.txt?ipv4
200 OK 8 B URL HTTP/1.1 detectportal.firefox.com/success.txt?ipv4
IP
Hash ae780585f49b94ce1444eb7d28906123
7d5ca8c0c03e883c56c4eb1ef6f6bb9bccad4d86
81b2bd4ea98c8db66554fbc8d7637a1a69a130f331feb732b75caab4c4868fd5
GET /success.txt?ipv4 HTTP/1.1
Host: detectportal.firefox.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Length: 8
Via: 1.1 google
Date: Tue, 06 Sep 2022 09:44:06 GMT
Age: 78668
Content-Type: text/plain
Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
www1.soily.com/?tm=1&subid4=1662536090.0263320000&KW1=Lowest%20Car%20Insurance%20Rates&KW2=Social%20Media%20Automation%20Marketing%20Software&KW3=Online%20Career%20Counseling%20Programs&KW4=Best%20Mortgage%20Refinancing%20Rates&KW5=Online%20Career%20Counseling%20Programs&KW6=Lowest%20Car%20Insurance%20Rates&KW7=Get%20an%20Online%20Degree&KW8=Social%20Media%20Automation%20Marketing%20Software&KW9=Lowest%20Car%20Insurance%20Rates&searchbox=0&backfill=0
200 OK 5.7 kB URL HTTP/1.1 www1.soily.com/?tm=1&subid4=1662536090.0263320000&KW1=Lowest%20Car%20Insurance%20Rates&KW2=Social%20Media%20Automation%20Marketing%20Software&KW3=Online%20Career%20Counseling%20Programs&KW4=Best%20Mortgage%20Refinancing%20Rates&KW5=Online%20Career%20Counseling%20Programs&KW6=Lowest%20Car%20Insurance%20Rates&KW7=Get%20an%20Online%20Degree&KW8=Social%20Media%20Automation%20Marketing%20Software&KW9=Lowest%20Car%20Insurance%20Rates&searchbox=0&backfill=0
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3074)
Hash 9e35a41433930de87b87fef1fdfb8502
421ba5900d633cd626752db525895f59e76b6ffb
44cdd707708900d359936f3bf86189413a8fc2d9811e31007fc840c027e5fd8c
GET /?tm=1&subid4=1662536090.0263320000&KW1=Lowest%20Car%20Insurance%20Rates&KW2=Social%20Media%20Automation%20Marketing%20Software&KW3=Online%20Career%20Counseling%20Programs&KW4=Best%20Mortgage%20Refinancing%20Rates&KW5=Online%20Career%20Counseling%20Programs&KW6=Lowest%20Car%20Insurance%20Rates&KW7=Get%20an%20Online%20Degree&KW8=Social%20Media%20Automation%20Marketing%20Software&KW9=Lowest%20Car%20Insurance%20Rates&searchbox=0&backfill=0 HTTP/1.1
Host: www1.soily.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://soily.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Wed, 07 Sep 2022 07:35:14 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Buckets: bucket103
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_FjdXmtE7D9OpSl3UmxPMVqmziZihMdxV3ic+rgAoE+INp+OUqA0PDp27dDjP69jDvYk+ROd/pOqGc1FUEIw4tw==
X-Template: tpl_Urspring_twoclick
X-Language: norwegian
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Content-Encoding: gzip
d1lxhc4jvstzrp.cloudfront.net/themes/assets/style.css
200 OK 343 B URL HTTP/1.1 d1lxhc4jvstzrp.cloudfront.net/themes/assets/style.css
IP
Hash 03a4a8c322fc0c99b0ee7cbbcc9eabcd
6fc193276de2a3458cd853c474cb9269b900e00d
a535d2296792cb37a2bbad1d9d0546e3383a8a5bfac0d9edda15795c226bddf7
GET /themes/assets/style.css HTTP/1.1
Host: d1lxhc4jvstzrp.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.soily.com/
HTTP/1.1 200 OK
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Date: Wed, 07 Sep 2022 01:32:22 GMT
Last-Modified: Tue, 12 May 2020 14:25:52 GMT
Content-Encoding: gzip
ETag: W/"5ebab1f0-33d"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 a9120cc3ff449047c990e82a4d5566ba.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: ZKfhNEqvsSsTwxKi_k826zSDEK67rsazwv1mqofgAbd0VfIt_lrsvw==
Age: 21772
d1lxhc4jvstzrp.cloudfront.net/themes/urspring_2fef8ec8/style.css
200 OK 595 B URL HTTP/1.1 d1lxhc4jvstzrp.cloudfront.net/themes/urspring_2fef8ec8/style.css
IP
Hash 3467fcf391de4afa7667a4f28cf9bdee
e0bd69005cd9f0a608a230c8268e26e529240258
55ed4b318bf91e37cdca77a89b672b77f88ac9faf184aa4c63e5bcf5971141bc
GET /themes/urspring_2fef8ec8/style.css HTTP/1.1
Host: d1lxhc4jvstzrp.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.soily.com/
HTTP/1.1 200 OK
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Date: Wed, 07 Sep 2022 00:59:10 GMT
Last-Modified: Tue, 17 May 2022 14:10:00 GMT
Content-Encoding: gzip
ETag: W/"6283acb8-577"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 76c917e0bb0ba45eb834d25d76ee125e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 9YRua_aIFnSvfcCyT7SfTIeAPHegUq3pa2J0hiJyD1aFyjJbTm_GYg==
Age: 23764
d1lxhc4jvstzrp.cloudfront.net/scripts/js3caf.js
200 OK 7.0 kB URL HTTP/1.1 d1lxhc4jvstzrp.cloudfront.net/scripts/js3caf.js
IP
File type ASCII text, with very long lines (316)
Hash cce7f943ec8e7b4ba13be4aba6b463d9
220f3e8ca723daa91fd040cf518991a65f2bf110
ba5b7354353b0eec1637564dae072fee662a5b9862f6bf7ed5e60a5a76f2ef44
GET /scripts/js3caf.js HTTP/1.1
Host: d1lxhc4jvstzrp.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.soily.com/
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 7000
Connection: keep-alive
Server: nginx
Date: Wed, 07 Sep 2022 00:46:19 GMT
Last-Modified: Thu, 14 Jan 2021 10:54:01 GMT
Accept-Ranges: bytes
ETag: "600022c9-1b58"
X-Cache: Hit from cloudfront
Via: 1.1 76c917e0bb0ba45eb834d25d76ee125e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: ZXg5Asxjsl5S5KCaQG7oje5h0aY8DofBMMlrt8Nzww1khtBOQuPv6A==
Age: 24535
ocsp.digicert.com/
200 OK 471 B IP
Hash 51da18793645de2a940d6898dfc87576
d0a743f1b39fb9e95f035372edd25d1bab85a7fc
18b5840be4aa6db82c1faac1efe16e8df626d86ceed01a3dd2fc95210e9e16cb
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3400
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 07 Sep 2022 07:35:14 GMT
Last-Modified: Wed, 07 Sep 2022 06:38:34 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
www.google.com/adsense/domains/caf.js
200 OK 54 kB URL HTTP/1.1 www.google.com/adsense/domains/caf.js
IP
File type ASCII text, with very long lines (1885)
Hash 7c9cc956f92283fac1b7481865fe3de0
a1e7cd1da24764ed63325bdb6d25751b2953a28a
def9741e727e765b1503c203d026c079bfe1f5aabe6fd07218502537621b82ee
GET /adsense/domains/caf.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.soily.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Type: text/javascript; charset=UTF-8
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="ads-afs-ui"
Report-To: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
Date: Wed, 07 Sep 2022 07:35:14 GMT
Expires: Wed, 07 Sep 2022 07:35:14 GMT
Cache-Control: private, max-age=3600
ETag: "16156627557125825470"
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: sffe
X-XSS-Protection: 0
c.parkingcrew.net/scripts/sale_form.js
200 OK 761 B URL HTTP/1.1 c.parkingcrew.net/scripts/sale_form.js
IP
Hash 64f809e06446647e192fce8d1ec34e09
5b7ced07da42e205067afa88615317a277a4a82c
f52cbd664986ad7ed6e71c448e2d31d1a16463e4d9b7bca0c6be278649ccc4f3
GET /scripts/sale_form.js HTTP/1.1
Host: c.parkingcrew.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.soily.com/
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Sep 2022 07:35:15 GMT
Content-Type: application/javascript
Content-Length: 761
Connection: keep-alive
Last-Modified: Tue, 12 May 2020 14:25:52 GMT
ETag: "5ebab1f0-2f9"
Accept-Ranges: bytes
shavar.services.mozilla.com/downloads?client=Firefox&appver=96.0a&pver=2.2
200 OK 8 B URL HTTP/1.1 shavar.services.mozilla.com/downloads?client=Firefox&appver=96.0a&pver=2.2
IP
Hash 29fc57841962e407cb50c1be60284bf7
ce968a77e2996da5eee8925182318f171ccdce47
ae7e7075247dcfad763f1e131aeac3d2e756bb03d48b0d315a50c69636e5dc8b
POST /downloads?client=Firefox&appver=96.0a&pver=2.2 HTTP/1.1
Host: shavar.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 773
Connection: close
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: none
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Date: Wed, 07 Sep 2022 07:35:15 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Length: 8
Connection: Close
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, ETag, Backoff, Last-Modified, Pragma, Cache-Control, Expires, Content-Type, Content-Length, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Wed, 07 Sep 2022 06:38:18 GMT
Cache-Control: max-age=3600
Expires: Wed, 07 Sep 2022 06:46:10 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 4f01f770085624552bc30a98954f963a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: HcbPgdalKJVnehEU0h7TOBv-B31vSR9-oH3_s_SxKkBgPvv9Q0aizQ==
Age: 3417
ocsp.digicert.com/
200 OK 471 B IP
Hash e8952752ad4a452a575522a7eb737217
c5554fa2af05d7a7117032b0f99352de08988346
8c182bed7bbd843774a2136823b30a4cb707e2a5386f71d01640aa3558888bf7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3095
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 07 Sep 2022 07:35:15 GMT
Last-Modified: Wed, 07 Sep 2022 06:43:40 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 471
d1lxhc4jvstzrp.cloudfront.net/themes/urspring_2fef8ec8/img/arrows.png
200 OK 11 kB URL HTTP/1.1 d1lxhc4jvstzrp.cloudfront.net/themes/urspring_2fef8ec8/img/arrows.png
IP
File type PNG image data, 1500 x 600, 8-bit colormap, non-interlaced\012- data
Hash 0cb2e5165dc9324eb462199f04e1ffa9
9e0f89847ec8a98d98a6020bc5c4ed32b7a48bf8
67dff0aad873050f12609885f2264417ccdd0d438311000a704c89f0865f7865
GET /themes/urspring_2fef8ec8/img/arrows.png HTTP/1.1
Host: d1lxhc4jvstzrp.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://d1lxhc4jvstzrp.cloudfront.net/themes/urspring_2fef8ec8/style.css
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 11375
Connection: keep-alive
Server: nginx
Date: Wed, 07 Sep 2022 01:54:14 GMT
Last-Modified: Tue, 17 May 2022 14:10:00 GMT
Accept-Ranges: bytes
ETag: "6283acb8-2c6f"
X-Cache: Hit from cloudfront
Via: 1.1 76c917e0bb0ba45eb834d25d76ee125e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: QRKpQApbcuBdiz11Awjq8SZofzXxrUjOTF5stAdaSjs7PBXzphIqLg==
Age: 20461
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: DcEgVWwhcY33wqSmLn3iiw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: eHwx/tZR3b7QGTQamwNgrqN7BKc=
www1.soily.com/favicon.ico
200 OK 0 B URL HTTP/1.1 www1.soily.com/favicon.ico
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: www1.soily.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.soily.com/?tm=1&subid4=1662536090.0263320000&KW1=Lowest%20Car%20Insurance%20Rates&KW2=Social%20Media%20Automation%20Marketing%20Software&KW3=Online%20Career%20Counseling%20Programs&KW4=Best%20Mortgage%20Refinancing%20Rates&KW5=Online%20Career%20Counseling%20Programs&KW6=Lowest%20Car%20Insurance%20Rates&KW7=Get%20an%20Online%20Degree&KW8=Social%20Media%20Automation%20Marketing%20Software&KW9=Lowest%20Car%20Insurance%20Rates&searchbox=0&backfill=0
HTTP/1.1 200 OK
Date: Wed, 07 Sep 2022 07:35:15 GMT
Content-Type: image/x-icon
Content-Length: 0
Connection: keep-alive
Server: nginx
Last-Modified: Tue, 12 May 2020 14:25:52 GMT
ETag: "5ebab1f0-0"
Accept-Ranges: bytes
www1.soily.com/track.php?domain=soily.com&toggle=browserjs&uid=MTY2MjUzNjExNC44MDYyOjI3YWFhZGM1YWRjNWY4ZTUwM2ZmMmZlYzM0ZDRmZTVmN2NkYTU0NGZjNjAwNGRjOGY5YWRlMGRiZmM5MzRkNTI6NjMxODQ5YjJjNGQyMw%3D%3D
200 OK 20 B URL HTTP/1.1 www1.soily.com/track.php?domain=soily.com&toggle=browserjs&uid=MTY2MjUzNjExNC44MDYyOjI3YWFhZGM1YWRjNWY4ZTUwM2ZmMmZlYzM0ZDRmZTVmN2NkYTU0NGZjNjAwNGRjOGY5YWRlMGRiZmM5MzRkNTI6NjMxODQ5YjJjNGQyMw%3D%3D
IP
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /track.php?domain=soily.com&toggle=browserjs&uid=MTY2MjUzNjExNC44MDYyOjI3YWFhZGM1YWRjNWY4ZTUwM2ZmMmZlYzM0ZDRmZTVmN2NkYTU0NGZjNjAwNGRjOGY5YWRlMGRiZmM5MzRkNTI6NjMxODQ5YjJjNGQyMw%3D%3D HTTP/1.1
Host: www1.soily.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.soily.com/?tm=1&subid4=1662536090.0263320000&KW1=Lowest%20Car%20Insurance%20Rates&KW2=Social%20Media%20Automation%20Marketing%20Software&KW3=Online%20Career%20Counseling%20Programs&KW4=Best%20Mortgage%20Refinancing%20Rates&KW5=Online%20Career%20Counseling%20Programs&KW6=Lowest%20Car%20Insurance%20Rates&KW7=Get%20an%20Online%20Degree&KW8=Social%20Media%20Automation%20Marketing%20Software&KW9=Lowest%20Car%20Insurance%20Rates&searchbox=0&backfill=0
HTTP/1.1 200 OK
Date: Wed, 07 Sep 2022 07:35:15 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Custom-Track: browserjs
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Access-Control-Allow-Origin: *
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 21d1b5be072df45253749eeb3290be82
4ac9978797c085289b9fcc2fe9a57b619e1c78c9
9ea779e1ad86a4a7c403b574908e2dc60d079b366ab1cf439b34c73c9a9c64c9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Sep 2022 07:35:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expected=%221662533833484%22
200 OK 4.7 kB URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expected=%221662533833484%22
IP
File type JSON data\012- , ASCII text, with very long lines (22383), with no line terminators
Hash 5811812b25942f644c64ba6bafc97ae4
d0ce7faa12004bde4d5a2dfb48a7f7309b210ecd
d296f29061fdc6299fde5d41eb654fa012a25337dcb30d3464d5eb432a812999
GET /v1/buckets/monitor/collections/changes/changeset?_expected=%221662533833484%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Content-Length, Backoff, Retry-After, Alert
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 07 Sep 2022 07:01:57 GMT
Expires: Wed, 07 Sep 2022 08:01:57 GMT
Last-Modified: Wed, 07 Sep 2022 06:57:13 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Encoding: br
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 e49f22f18c16784c0f42291e768d1daa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 6e529fCuDtyxQ9jZ-58LbnmSuU2bIs23xqz_gdBA-aeQYIWU-7hHbg==
Age: 1998
firefox.settings.services.mozilla.com/v1/buckets/blocklists/collections/addons-bloomfilters/changeset?_expected=1662381443719&_since=%221653914271178%22
200 OK 12 kB URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/blocklists/collections/addons-bloomfilters/changeset?_expected=1662381443719&_since=%221653914271178%22
IP
File type JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Hash 096980a473a883e6eeaf47dc9a14f237
491cde318ec986cc64ff2fb45f71e6560d368feb
1a6d7840dbf67d703a920313758fc70b272df5c2c40cffb770a9f0a728b72b14
GET /v1/buckets/blocklists/collections/addons-bloomfilters/changeset?_expected=1662381443719&_since=%221653914271178%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Content-Type, Alert, Backoff, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Mon, 05 Sep 2022 12:37:23 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Encoding: br
Date: Wed, 07 Sep 2022 06:52:35 GMT
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 e49f22f18c16784c0f42291e768d1daa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: WYzNcoZL2Q5g4ttuZo60hbAs5lSUbFUtO5bd40ljWs4joj9upVXOHw==
Age: 2958
www1.soily.com/ls.php
201 Created 0 B IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
POST /ls.php HTTP/1.1
Host: www1.soily.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 3026
Origin: http://www1.soily.com
Connection: keep-alive
Referer: http://www1.soily.com/?tm=1&subid4=1662536090.0263320000&KW1=Lowest%20Car%20Insurance%20Rates&KW2=Social%20Media%20Automation%20Marketing%20Software&KW3=Online%20Career%20Counseling%20Programs&KW4=Best%20Mortgage%20Refinancing%20Rates&KW5=Online%20Career%20Counseling%20Programs&KW6=Lowest%20Car%20Insurance%20Rates&KW7=Get%20an%20Online%20Degree&KW8=Social%20Media%20Automation%20Marketing%20Software&KW9=Lowest%20Car%20Insurance%20Rates&searchbox=0&backfill=0
HTTP/1.1 201 Created
Date: Wed, 07 Sep 2022 07:35:15 GMT
Content-Type: text/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
X-Log-Success: 631849b373ccae3e0f2e1810
Charset: utf-8
Access-Control-Allow-Origin: http://www1.soily.com
Access-Control-Allow-Methods: POST, OPTIONS
Access-Control-Max-Age: 86400
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_dxkeZRVVoX04PJqpmIqFRjGubpRNmj6aYjKHRQtCuRgy33gJcke5+fdq01CWFUcJh3HV2UCh1k+k6hqNQaDXmQ==
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Wed, 07 Sep 2022 05:03:17 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 f66e3db0f0449307dba3fbf72bbf3bac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: DhiTAHxnA1MlQkUni-oLdhCWO8GBpvseWo5A2VWc37nyir-c5L-p6Q==
age: 13722
X-Firefox-Spdy: h2
www.google.com/afs/ads?adtest=off&psid=6016880802&pcsa=false&channel=000001%2C000003%2C001889%2Cbucket103&client=dp-teaminternet12_3ph&r=m&hl=en&terms=Lowest%20Car%20Insurance%20Rates%2CSocial%20Media%20Automation%20Marketing%20Software%2COnline%20Career%20Counseling%20Programs%2CBest%20Mortgage%20Refinancing%20Rates%2COnline%20Career%20Counseling%20Programs%2CLowest%20Car%20Insurance%20Rates%2CGet%20an%20Online%20Degree%2CSocial%20Media%20Automation%20Marketing%20Software%2CLowest%20Car%20Insurance%20Rates&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2514429714757505&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17300953%2C17300956%2C17301094%2C17301097&format=r9%7Cs&nocache=841662536109524&num=0&output=afd_ads&domain_name=www1.soily.com&v=3&bsl=8&pac=2&u_his=2&u_tz=0&dt=1662536109526&u_w=1280&u_h=1024&biw=1280&bih=939&psw=1280&psh=797&frm=0&uio=--&cont=tc&jsid=caf&jsv=470786624&rurl=http%3A%2F%2Fwww1.soily.com%2F%3Ftm%3D1%26subid4%3D1662536090.0263320000%26KW1%3DLowest%2520Car%2520Insurance%2520Rates%26KW2%3DSocial%2520Media%2520Automation%2520Marketing%2520Software%26KW3%3DOnline%2520Career%2520Counseling%2520Programs%26KW4%3DBest%2520Mortgage%2520Refinancing%2520Rates%26KW5%3DOnline%2520Career%2520Counseling%2520Programs%26KW6%3DLowest%2520Car%2520Insurance%2520Rates%26KW7%3DGet%2520an%2520Online%2520Degree%26KW8%3DSocial%2520Media%2520Automation%2520Marketing%2520Software%26KW9%3DLowest%2520Car%2520Insurance%2520Rates%26searchbox%3D0%26backfill%3D0&referer=http%3A%2F%2Fsoily.com%2F&adbw=master-1%3A530
200 OK 2.4 kB URL HTTP/2 www.google.com/afs/ads?adtest=off&psid=6016880802&pcsa=false&channel=000001%2C000003%2C001889%2Cbucket103&client=dp-teaminternet12_3ph&r=m&hl=en&terms=Lowest%20Car%20Insurance%20Rates%2CSocial%20Media%20Automation%20Marketing%20Software%2COnline%20Career%20Counseling%20Programs%2CBest%20Mortgage%20Refinancing%20Rates%2COnline%20Career%20Counseling%20Programs%2CLowest%20Car%20Insurance%20Rates%2CGet%20an%20Online%20Degree%2CSocial%20Media%20Automation%20Marketing%20Software%2CLowest%20Car%20Insurance%20Rates&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2514429714757505&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17300953%2C17300956%2C17301094%2C17301097&format=r9%7Cs&nocache=841662536109524&num=0&output=afd_ads&domain_name=www1.soily.com&v=3&bsl=8&pac=2&u_his=2&u_tz=0&dt=1662536109526&u_w=1280&u_h=1024&biw=1280&bih=939&psw=1280&psh=797&frm=0&uio=--&cont=tc&jsid=caf&jsv=470786624&rurl=http%3A%2F%2Fwww1.soily.com%2F%3Ftm%3D1%26subid4%3D1662536090.0263320000%26KW1%3DLowest%2520Car%2520Insurance%2520Rates%26KW2%3DSocial%2520Media%2520Automation%2520Marketing%2520Software%26KW3%3DOnline%2520Career%2520Counseling%2520Programs%26KW4%3DBest%2520Mortgage%2520Refinancing%2520Rates%26KW5%3DOnline%2520Career%2520Counseling%2520Programs%26KW6%3DLowest%2520Car%2520Insurance%2520Rates%26KW7%3DGet%2520an%2520Online%2520Degree%26KW8%3DSocial%2520Media%2520Automation%2520Marketing%2520Software%26KW9%3DLowest%2520Car%2520Insurance%2520Rates%26searchbox%3D0%26backfill%3D0&referer=http%3A%2F%2Fsoily.com%2F&adbw=master-1%3A530
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (8169)
Hash bce3f818460606961c03b5da4ad7206d
e03967ed78138498d68f41e09fd15e33e6923acb
30242d14012d2643e7bc81155b7e0b5f8746143520764958834d19ba735dd11b
GET /afs/ads?adtest=off&psid=6016880802&pcsa=false&channel=000001%2C000003%2C001889%2Cbucket103&client=dp-teaminternet12_3ph&r=m&hl=en&terms=Lowest%20Car%20Insurance%20Rates%2CSocial%20Media%20Automation%20Marketing%20Software%2COnline%20Career%20Counseling%20Programs%2CBest%20Mortgage%20Refinancing%20Rates%2COnline%20Career%20Counseling%20Programs%2CLowest%20Car%20Insurance%20Rates%2CGet%20an%20Online%20Degree%2CSocial%20Media%20Automation%20Marketing%20Software%2CLowest%20Car%20Insurance%20Rates&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2514429714757505&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17300953%2C17300956%2C17301094%2C17301097&format=r9%7Cs&nocache=841662536109524&num=0&output=afd_ads&domain_name=www1.soily.com&v=3&bsl=8&pac=2&u_his=2&u_tz=0&dt=1662536109526&u_w=1280&u_h=1024&biw=1280&bih=939&psw=1280&psh=797&frm=0&uio=--&cont=tc&jsid=caf&jsv=470786624&rurl=http%3A%2F%2Fwww1.soily.com%2F%3Ftm%3D1%26subid4%3D1662536090.0263320000%26KW1%3DLowest%2520Car%2520Insurance%2520Rates%26KW2%3DSocial%2520Media%2520Automation%2520Marketing%2520Software%26KW3%3DOnline%2520Career%2520Counseling%2520Programs%26KW4%3DBest%2520Mortgage%2520Refinancing%2520Rates%26KW5%3DOnline%2520Career%2520Counseling%2520Programs%26KW6%3DLowest%2520Car%2520Insurance%2520Rates%26KW7%3DGet%2520an%2520Online%2520Degree%26KW8%3DSocial%2520Media%2520Automation%2520Marketing%2520Software%26KW9%3DLowest%2520Car%2520Insurance%2520Rates%26searchbox%3D0%26backfill%3D0&referer=http%3A%2F%2Fsoily.com%2F&adbw=master-1%3A530 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www1.soily.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
content-disposition: inline
date: Wed, 07 Sep 2022 07:35:15 GMT
expires: Wed, 07 Sep 2022 07:35:15 GMT
cache-control: private, max-age=3600
content-encoding: br
server: gws
content-length: 2408
x-xss-protection: 0
set-cookie: CONSENT=PENDING+003; expires=Fri, 06-Sep-2024 07:35:15 GMT; path=/; domain=.google.com; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash c0ed4613ac4f971e3c5df691cbacefa8
8de2786096df5a34e658b8ccbbfff29258bda7e0
6e5163de39ab980bdf6cfa1209e062d073a01beda848ad8333a71e0551f68dd4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Sep 2022 07:35:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
partner.googleadservices.com/gampad/cookie.js?domain=www1.soily.com&client=dp-teaminternet12_3ph&product=SAS&callback=__sasCookie
200 OK 181 B URL HTTP/2 partner.googleadservices.com/gampad/cookie.js?domain=www1.soily.com&client=dp-teaminternet12_3ph&product=SAS&callback=__sasCookie
IP
File type ASCII text, with no line terminators
Hash b81c92face9ce7f9249306f17b3024b3
6fb2c7789339af7d97f75c9ac2cb9d5c8c5d923e
6a6bee4a25fd5e9cdbda2bbbc284b8800ed6bfa1d4d6c5024002931d200316ec
GET /gampad/cookie.js?domain=www1.soily.com&client=dp-teaminternet12_3ph&product=SAS&callback=__sasCookie HTTP/1.1
Host: partner.googleadservices.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www1.soily.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Wed, 07 Sep 2022 07:35:16 GMT
server: cafe
cache-control: private
content-length: 181
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 8fc7316fab55e89a81536e926eab6f83
7fcab743b176312e76999b39a1b2a3b97dbeb10f
8178b9805611209f5c47dce32da555117870a90648e026d08cc691a4103169a7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Sep 2022 07:35:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 99b7d23c1748d0526782b9ff9ea45f09
eadd801a3ba2aa00632c6fb52e1f9125bd6d5b4f
48f81668f76955320480b484138aebdad5d03c471036b4449c737aca1ecab08e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Content-Length, Backoff, Retry-After, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 07 Sep 2022 06:39:56 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 e49f22f18c16784c0f42291e768d1daa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: _dqK08Mswpx77pNEwURHct-BhJyBc-NneALf7I5jQiA69wUCqzVdAA==
Age: 3320
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash c0ed4613ac4f971e3c5df691cbacefa8
8de2786096df5a34e658b8ccbbfff29258bda7e0
6e5163de39ab980bdf6cfa1209e062d073a01beda848ad8333a71e0551f68dd4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Sep 2022 07:35:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
firefox-settings-attachments.cdn.mozilla.net/staging/addons-bloomfilters/67600448-6fc2-4f40-bd4a-8687d731734f.bin
200 OK 796 kB URL HTTP/1.1 firefox-settings-attachments.cdn.mozilla.net/staging/addons-bloomfilters/67600448-6fc2-4f40-bd4a-8687d731734f.bin
IP
Size 796 kB (795699 bytes)
Hash 9b95765b0e26af76116a95a966d61354
3f7c1b40fc999b83f3696f455402e49ab484b027
34f969c8e082310785ec4262e2d5b58c919d4de856ffc64b3467507f83ac9571
GET /staging/addons-bloomfilters/67600448-6fc2-4f40-bd4a-8687d731734f.bin HTTP/1.1
Host: firefox-settings-attachments.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 795699
Connection: keep-alive
Last-Modified: Mon, 27 Jun 2022 12:39:11 GMT
x-amz-version-id: 9np1boOrxtHVWzMczpbX1a.N_ewQWHDF
Accept-Ranges: bytes
Server: AmazonS3
Date: Wed, 07 Sep 2022 03:53:08 GMT
ETag: "9b95765b0e26af76116a95a966d61354"
X-Cache: Hit from cloudfront
Via: 1.1 aac54e3fe9825ce24d51e0204433c2c0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: jJ90sbrzdrVxuovxqhkaJhArNbEUmZ1I-HfCiNcE3odoNy4JdV3NCw==
Age: 22576
firefox.settings.services.mozilla.com/v1/buckets/main/collections/normandy-recipes-capabilities/changeset?_expected=1662508869589&_since=%221654732864402%22
200 OK 12 kB URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/normandy-recipes-capabilities/changeset?_expected=1662508869589&_since=%221654732864402%22
IP
File type JSON data\012- , ASCII text, with very long lines (59438), with no line terminators
Hash d67981722c80a0f28991334e47fa8717
c8fc96c17aa070b36955e935ff490145f3c55e58
65f225266925852756f22415971aeb54bec24d1a7cc0b07ff0da41955add25ef
GET /v1/buckets/main/collections/normandy-recipes-capabilities/changeset?_expected=1662508869589&_since=%221654732864402%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Alert, Content-Length, Content-Type, Backoff
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Wed, 07 Sep 2022 00:01:09 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Encoding: br
Date: Wed, 07 Sep 2022 07:30:08 GMT
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 e49f22f18c16784c0f42291e768d1daa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Zc9dfirKGADYcu3n0oyEwB16itStq94Kx0RnPS2JoVgoL9NAbt4Zlw==
Age: 447
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash c2c07ed786b6b2c8faab1b19b485aef2
b079d6725961bc93a895c8550cf0213404a8b8e4
52be840fb45515a6efa32a05d6b4876405c1c3361aca36ab3b4772f18da4a80a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Sep 2022 07:35:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/search.svg?c=%231967d2
200 OK 272 B URL HTTP/2 afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/search.svg?c=%231967d2
IP
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (390)
Hash bbbac37f0b6e29a6099e4aa7cb19d6ca
0acafe95e2141f0af6109203efeb2d98e6b926c6
a3d7b37475de5a3a350d4dc4790f14a6a5f4045726d2eae4cbe9bd59aeba2fe2
GET /ad_icons/standard/publisher_icon_image/search.svg?c=%231967d2 HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 272
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Tue, 06 Sep 2022 16:41:04 GMT
expires: Wed, 07 Sep 2022 15:41:04 GMT
cache-control: public, max-age=82800
age: 53652
last-modified: Thu, 19 Dec 2019 14:15:00 GMT
content-type: image/svg+xml
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash c2c07ed786b6b2c8faab1b19b485aef2
b079d6725961bc93a895c8550cf0213404a8b8e4
52be840fb45515a6efa32a05d6b4876405c1c3361aca36ab3b4772f18da4a80a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Sep 2022 07:35:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff
200 OK 174 B URL HTTP/2 afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff
IP
File type SVG Scalable Vector Graphics image\012- , ASCII text, with no line terminators
Hash 4de8b85c8915995b571bde50e231be7c
29c226ca7b9cbe1d44e5480ce95bbb42727b2d99
2ec9168c4507546748c5f400f5030031f0eb06f2aed8deaa11362c395bff4f7a
GET /ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 174
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Tue, 06 Sep 2022 22:02:36 GMT
expires: Wed, 07 Sep 2022 21:02:36 GMT
cache-control: public, max-age=82800
age: 34360
last-modified: Thu, 22 Oct 2020 21:45:00 GMT
content-type: image/svg+xml
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash c2c07ed786b6b2c8faab1b19b485aef2
b079d6725961bc93a895c8550cf0213404a8b8e4
52be840fb45515a6efa32a05d6b4876405c1c3361aca36ab3b4772f18da4a80a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Sep 2022 07:35:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
firefox.settings.services.mozilla.com/v1/buckets/main/collections/password-rules/changeset?_expected=1659924409785&_since=%221652712410939%22
200 OK 783 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/password-rules/changeset?_expected=1659924409785&_since=%221652712410939%22
IP
File type JSON data\012- , ASCII text, with very long lines (1393), with no line terminators
Hash d8e59c6bd160719da9f2b9571af22b8e
b4353f8308be656bdf00bc4676fdb23e7c285f32
a3e7359fc3dbb20b38aae533bedd4061dad7a3440ea323cb17dba0540a670c81
GET /v1/buckets/main/collections/password-rules/changeset?_expected=1659924409785&_since=%221652712410939%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Backoff, Content-Type, Content-Length, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Mon, 08 Aug 2022 02:06:49 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Encoding: br
Date: Wed, 07 Sep 2022 06:38:45 GMT
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 e49f22f18c16784c0f42291e768d1daa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: O3GYr-qC8U2VSHha9_0Jh1xFWcmy_7ZXfoUL-AiOXkao9Q7dw9Cg1w==
Age: 3391
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-09-19-18-34-07.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-09-19-18-34-07.chain
IP
File type PEM certificate\012- , ASCII text
Hash 578b9ff83ff3950ab2a3d1a8344d2938
39d48b67ba6aa45ec01767725e726cf9b0c87a70
35c99da9a5463a4788ceab7cf4b027bb25506cde28ace36c70d0bc924138f2f5
GET /chains/remote-settings.content-signature.mozilla.org-2022-09-19-18-34-07.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
date: Wed, 07 Sep 2022 01:37:09 GMT
last-modified: Sun, 31 Jul 2022 18:34:08 GMT
etag: "578b9ff83ff3950ab2a3d1a8344d2938"
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 f66e3db0f0449307dba3fbf72bbf3bac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 7AF2G3FID0zcHqmhMtNKJJrXfbnyC9iUIJgM4bMnFIqVyfJUtiYGCw==
age: 21488
X-Firefox-Spdy: h2
www1.soily.com/?tm=1&subid4=1662536090.0263320000&KW1=Lowest%20Car%20Insurance%20Rates&KW2=Social%20Media%20Automation%20Marketing%20Software&KW3=Online%20Career%20Counseling%20Programs&KW4=Best%20Mortgage%20Refinancing%20Rates&KW5=Online%20Career%20Counseling%20Programs&KW6=Lowest%20Car%20Insurance%20Rates&KW7=Get%20an%20Online%20Degree&KW8=Social%20Media%20Automation%20Marketing%20Software&KW9=Lowest%20Car%20Insurance%20Rates&searchbox=0&backfill=0
200 OK 5.7 kB URL HTTP/1.1 www1.soily.com/?tm=1&subid4=1662536090.0263320000&KW1=Lowest%20Car%20Insurance%20Rates&KW2=Social%20Media%20Automation%20Marketing%20Software&KW3=Online%20Career%20Counseling%20Programs&KW4=Best%20Mortgage%20Refinancing%20Rates&KW5=Online%20Career%20Counseling%20Programs&KW6=Lowest%20Car%20Insurance%20Rates&KW7=Get%20an%20Online%20Degree&KW8=Social%20Media%20Automation%20Marketing%20Software&KW9=Lowest%20Car%20Insurance%20Rates&searchbox=0&backfill=0
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3046)
Hash b86145f17128623a26e6243c54d95a6c
8225f7ee8f7c0856564e6031f993e425dc035bdd
345772d4bedd03129e69b7b1b6bc7d5b00c4be4b8987899034ffb3aa5c64f11a
GET /?tm=1&subid4=1662536090.0263320000&KW1=Lowest%20Car%20Insurance%20Rates&KW2=Social%20Media%20Automation%20Marketing%20Software&KW3=Online%20Career%20Counseling%20Programs&KW4=Best%20Mortgage%20Refinancing%20Rates&KW5=Online%20Career%20Counseling%20Programs&KW6=Lowest%20Car%20Insurance%20Rates&KW7=Get%20an%20Online%20Degree&KW8=Social%20Media%20Automation%20Marketing%20Software&KW9=Lowest%20Car%20Insurance%20Rates&searchbox=0&backfill=0 HTTP/1.1
Host: www1.soily.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: __gsas=ID=7f2c535354ce30c4:T=1662536116:S=ALNI_MaJul3NEEwYiD6C7eGoYajbt8TJ3w
Upgrade-Insecure-Requests: 1
Cache-Control: max-age=0
HTTP/1.1 200 OK
Date: Wed, 07 Sep 2022 07:35:16 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Buckets: bucket103
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_FjdXmtE7D9OpSl3UmxPMVqmziZihMdxV3ic+rgAoE+INp+OUqA0PDp27dDjP69jDvYk+ROd/pOqGc1FUEIw4tw==
X-Template: tpl_Urspring_twoclick
X-Language: norwegian
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Content-Encoding: gzip
firefox.settings.services.mozilla.com/v1/buckets/main/collections/websites-with-shared-credential-backends/changeset?_expected=1659924446436&_since=%221650898092205%22
200 OK 3.1 kB URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/websites-with-shared-credential-backends/changeset?_expected=1659924446436&_since=%221650898092205%22
IP
File type JSON data\012- , ASCII text, with very long lines (8682), with no line terminators
Hash cb546ddfc075945fc3edcc0a08714230
d0c184b28768e0b60712ebfb2a1d7efed49ec5e7
1140ff372948c06d0577eb7a7299c2d95c87b4d47839defef7307486f9f7ea21
GET /v1/buckets/main/collections/websites-with-shared-credential-backends/changeset?_expected=1659924446436&_since=%221650898092205%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Content-Length, Backoff, Retry-After, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Mon, 08 Aug 2022 02:07:26 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Encoding: br
Date: Wed, 07 Sep 2022 06:39:04 GMT
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 e49f22f18c16784c0f42291e768d1daa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: mqB3V-ZKVjjHBknwWQ8cvtCoh5Y_0MCut9Ugb_hHtaG5IfLswkHqkA==
Age: 3390
d1lxhc4jvstzrp.cloudfront.net/scripts/js3caf.js
304 Not Modified 0 B URL HTTP/1.1 d1lxhc4jvstzrp.cloudfront.net/scripts/js3caf.js
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /scripts/js3caf.js HTTP/1.1
Host: d1lxhc4jvstzrp.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.soily.com/
If-Modified-Since: Thu, 14 Jan 2021 10:54:01 GMT
If-None-Match: "600022c9-1b58"
Cache-Control: max-age=0
HTTP/1.1 304 Not Modified
Connection: keep-alive
Server: nginx
Date: Wed, 07 Sep 2022 00:46:19 GMT
Last-Modified: Thu, 14 Jan 2021 10:54:01 GMT
ETag: "600022c9-1b58"
X-Cache: Hit from cloudfront
Via: 1.1 76c917e0bb0ba45eb834d25d76ee125e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: P8PfWxrFkM_6rDw6HiF6eCij9K0_O_76b1PsoaMJyQ05ShugFGKgxQ==
Age: 24537
www.google.com/adsense/domains/caf.js
200 OK 54 kB URL HTTP/1.1 www.google.com/adsense/domains/caf.js
IP
File type ASCII text, with very long lines (1885)
Hash 420d683f36d2cac7a4f51cb4015eb967
a55f0285ec0f301c5ae304d4e9d5b9d62f84385f
1e580edd27661061218a32cc0526bec06e859b3e31a98ed4b04c4a6444e42e07
GET /adsense/domains/caf.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.soily.com/
If-None-Match: "16156627557125825470"
Cache-Control: max-age=0
HTTP/1.1 200 OK
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Type: text/javascript; charset=UTF-8
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="ads-afs-ui"
Report-To: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
Date: Wed, 07 Sep 2022 07:35:16 GMT
Expires: Wed, 07 Sep 2022 07:35:16 GMT
Cache-Control: private, max-age=3600
ETag: "14619200350205862941"
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: sffe
X-XSS-Protection: 0
c.parkingcrew.net/scripts/sale_form.js
304 Not Modified 0 B URL HTTP/1.1 c.parkingcrew.net/scripts/sale_form.js
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /scripts/sale_form.js HTTP/1.1
Host: c.parkingcrew.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.soily.com/
If-Modified-Since: Tue, 12 May 2020 14:25:52 GMT
If-None-Match: "5ebab1f0-2f9"
Cache-Control: max-age=0
HTTP/1.1 304 Not Modified
Server: nginx
Date: Wed, 07 Sep 2022 07:35:16 GMT
Connection: keep-alive
Last-Modified: Tue, 12 May 2020 14:25:52 GMT
ETag: "5ebab1f0-2f9"
firefox.settings.services.mozilla.com/v1/buckets/main/collections/search-config/changeset?_expected=1661199949574&_since=%221648132005528%22
200 OK 3.4 kB URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/search-config/changeset?_expected=1661199949574&_since=%221648132005528%22
IP
File type JSON data\012- , ASCII text, with very long lines (14030), with no line terminators
Hash 9498433bbbcad841ef1b67c31e9e19f7
bc89dbd1261594949ebc09eb0978e22d14fb5c3f
01a250849ba7c6b099e5e2e85059f7657041d3997a5a0118b85aea782aa408b2
GET /v1/buckets/main/collections/search-config/changeset?_expected=1661199949574&_since=%221648132005528%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Alert, Content-Length, Content-Type, Backoff
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Mon, 22 Aug 2022 20:25:49 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Wed, 07 Sep 2022 07:31:21 GMT
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 e49f22f18c16784c0f42291e768d1daa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Z0ch6VHE5dsbzyKSAXe6Ge2o2BlGMU3jp3kW_CUa4IAOp6tUafDkZQ==
Age: 249
firefox.settings.services.mozilla.com/v1/buckets/main/collections/hijack-blocklists?_expected=1605801189258
200 OK 681 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/hijack-blocklists?_expected=1605801189258
IP
File type JSON data\012- , ASCII text, with very long lines (681), with no line terminators
Hash 747f384efea12ce5dab98117b84a36d8
3bfa87d8ca19bf259e1b28f5d8484560bc4aa59f
674580bbd668da2fccee5bd78cd11bdb237a800ec945160353537b15c3e924f2
GET /v1/buckets/main/collections/hijack-blocklists?_expected=1605801189258 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 681
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Content-Length, ETag, Last-Modified, Backoff, Cache-Control, Retry-After, Expires, Pragma, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Sat, 03 Sep 2022 16:36:54 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Wed, 07 Sep 2022 07:11:21 GMT
Cache-Control: no-cache, no-store
ETag: "1662223014803"
X-Cache: Hit from cloudfront
Via: 1.1 e49f22f18c16784c0f42291e768d1daa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: ip1QUFYNmkQLZCmwSrzLyXLH69Op0WXbNQFNsx3zMtYfl5_nNQXArQ==
Age: 1436
firefox.settings.services.mozilla.com/v1/buckets/main/collections/query-stripping/changeset?_expected=1656585893704&_since=%221649762862679%22
200 OK 897 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/query-stripping/changeset?_expected=1656585893704&_since=%221649762862679%22
IP
File type JSON data\012- , ASCII text, with very long lines (1710), with no line terminators
Hash 2ef700623eb0b783e8a583fb14fcbb80
c6b6cbb847d3a5e5c6d991c8d6dce6e9b9c902cf
b2a5ecbd87cc70c34c20d9470de54751cc1f48c8945e2239f12874ed35839983
GET /v1/buckets/main/collections/query-stripping/changeset?_expected=1656585893704&_since=%221649762862679%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Alert, Content-Length, Content-Type, Backoff
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Thu, 30 Jun 2022 10:44:53 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Encoding: br
Date: Wed, 07 Sep 2022 07:03:50 GMT
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 e49f22f18c16784c0f42291e768d1daa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: I2l3bYuBxiRkrtYfRPzERgODnajDXEkCfVFY6ujvEiYP_dSdLNkEpw==
Age: 1893
firefox.settings.services.mozilla.com/v1/buckets/main/collections/partitioning-exempt-urls/changeset?_expected=1657747510534&_since=%221654266643527%22
200 OK 1.1 kB URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/partitioning-exempt-urls/changeset?_expected=1657747510534&_since=%221654266643527%22
IP
File type JSON data\012- , ASCII text, with very long lines (2195), with no line terminators
Hash ea7be8630c2ab64565dcf909ddd6b1e9
99b5c68aea2e5c3f498290bca5affa8c4d5ccaee
46a7bd4666db075b42064484105f0381c5cd8ff11ce5a9a555711ad03f83b38c
GET /v1/buckets/main/collections/partitioning-exempt-urls/changeset?_expected=1657747510534&_since=%221654266643527%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Content-Type, Alert, Backoff, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Wed, 13 Jul 2022 21:25:10 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Wed, 07 Sep 2022 06:53:30 GMT
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 e49f22f18c16784c0f42291e768d1daa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: MDI_8-C-AvKjTwZgCMtZqh6j_NJTdlEYiued1PS93y-CN_SDFjoYMw==
Age: 2818
firefox.settings.services.mozilla.com/v1/buckets/main/collections/cfr/changeset?_expected=1659547595259&_since=%221653578606314%22
200 OK 1.4 kB URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/cfr/changeset?_expected=1659547595259&_since=%221653578606314%22
IP
File type JSON data\012- , ASCII text, with very long lines (3677), with no line terminators
Hash 7c2cf5e6216dc47511f819acd70197a5
f8f556d7600b3e74941bc4d3100463e054879170
0b13a9837661102f8e1ee4647007e78ddff90738b62eeb2df69713ed0c2be6bd
GET /v1/buckets/main/collections/cfr/changeset?_expected=1659547595259&_since=%221653578606314%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Alert, Content-Length, Content-Type, Backoff
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Wed, 03 Aug 2022 17:26:35 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Encoding: br
Date: Wed, 07 Sep 2022 06:59:14 GMT
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 e49f22f18c16784c0f42291e768d1daa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: gZnX_jqEioPIP39pLGIF8cG48Sg0mQZSa65UOw-aLtFPjHoLxO3MKQ==
Age: 2166
firefox.settings.services.mozilla.com/v1/buckets/main/collections/nimbus-desktop-experiments/changeset?_expected=1662120887268&_since=%221654636467710%22
200 OK 6.0 kB URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/nimbus-desktop-experiments/changeset?_expected=1662120887268&_since=%221654636467710%22
IP
File type ASCII text, with very long lines (65536), with no line terminators
Hash dba03ddf7851da36cdc2b05131cbf872
ca311ba9d7961eebf6a3ea78f65a692a19124763
db58fb0ad9aa163d76fb200f682e260173e9226a2d9e22d9b8b6aa740239d4bd
GET /v1/buckets/main/collections/nimbus-desktop-experiments/changeset?_expected=1662120887268&_since=%221654636467710%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Content-Type, Alert, Backoff, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 02 Sep 2022 12:14:47 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Wed, 07 Sep 2022 07:19:50 GMT
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 e49f22f18c16784c0f42291e768d1daa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: OoD1m1jk65CdU29sUutHL3-Wdxxayfmjrm1Fhj_8QLFG3c1Pli1vfg==
Age: 1588
firefox.settings.services.mozilla.com/v1/buckets/main/collections/fxmonitor-breaches/changeset?_expected=1662044085942&_since=%221622732735407%22
200 OK 5.5 kB URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/fxmonitor-breaches/changeset?_expected=1662044085942&_since=%221622732735407%22
IP
File type JSON data\012- , ASCII text, with very long lines (20424), with no line terminators
Hash 4aeeb7e3b8bbe13f0e937ff570f20777
3d30e1983d6ce6126fef50acaae4a41d579b1c09
3f016c7fbcd505500620db2169b0f39282087dc89ba805e479a8ef53d45f10b7
GET /v1/buckets/main/collections/fxmonitor-breaches/changeset?_expected=1662044085942&_since=%221622732735407%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Content-Length, Backoff, Retry-After, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Thu, 01 Sep 2022 14:54:45 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Encoding: br
Date: Wed, 07 Sep 2022 07:04:40 GMT
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 e49f22f18c16784c0f42291e768d1daa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: r7NzGHMTT-TIiq6rrxGC0eYzS4qJMp0nqNQZ1GimVDD65lAeVcKH8g==
Age: 1845
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash bc70b1691dd339e8120b92ba393ffb69
99118be3645b3182ccdc5f9da149a97c220a3929
da94f53f998808b2b187d6c265722e95e4cdce9f0a4b23ff0bf6c96d2cdf2bd8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5246
Expires: Wed, 07 Sep 2022 09:02:43 GMT
Date: Wed, 07 Sep 2022 07:35:17 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash bc70b1691dd339e8120b92ba393ffb69
99118be3645b3182ccdc5f9da149a97c220a3929
da94f53f998808b2b187d6c265722e95e4cdce9f0a4b23ff0bf6c96d2cdf2bd8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5246
Expires: Wed, 07 Sep 2022 09:02:43 GMT
Date: Wed, 07 Sep 2022 07:35:17 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash bc70b1691dd339e8120b92ba393ffb69
99118be3645b3182ccdc5f9da149a97c220a3929
da94f53f998808b2b187d6c265722e95e4cdce9f0a4b23ff0bf6c96d2cdf2bd8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5246
Expires: Wed, 07 Sep 2022 09:02:43 GMT
Date: Wed, 07 Sep 2022 07:35:17 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash bc70b1691dd339e8120b92ba393ffb69
99118be3645b3182ccdc5f9da149a97c220a3929
da94f53f998808b2b187d6c265722e95e4cdce9f0a4b23ff0bf6c96d2cdf2bd8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5246
Expires: Wed, 07 Sep 2022 09:02:43 GMT
Date: Wed, 07 Sep 2022 07:35:17 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash bc70b1691dd339e8120b92ba393ffb69
99118be3645b3182ccdc5f9da149a97c220a3929
da94f53f998808b2b187d6c265722e95e4cdce9f0a4b23ff0bf6c96d2cdf2bd8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5246
Expires: Wed, 07 Sep 2022 09:02:43 GMT
Date: Wed, 07 Sep 2022 07:35:17 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4ee600c8-d25e-4cb3-93cb-f1970d300d9c.jpeg
200 OK 8.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4ee600c8-d25e-4cb3-93cb-f1970d300d9c.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c316fd8a538a8c998ef49d399e9b0692
1fbcbd73de88723e5a42ec1ecb131b94deb1c88e
1a34abee1bf6b76733ba2ca97a5c053b67bd6cd48f6953fc53798c77385cd781
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4ee600c8-d25e-4cb3-93cb-f1970d300d9c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8643
x-amzn-requestid: 8398144d-7a42-452b-88e5-0e6cb9f4bc02
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XqbSpEt7IAMFfEA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630da5aa-5369099439689d5270e0a044;Sampled=0
x-amzn-remapped-date: Tue, 30 Aug 2022 05:52:42 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: MnvZGT9Q3ZSCf7nLpks2IXXNyg7jaNX6r4bnebHekesqfWlMY_bh5A==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 d01e7742f82df0bbc1fb681d709ed69c.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Sep 2022 22:05:39 GMT
age: 34178
etag: "1fbcbd73de88723e5a42ec1ecb131b94deb1c88e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faa395dcd-c2bf-4b9e-a70f-5dc4000d8b8f.jpeg
200 OK 3.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faa395dcd-c2bf-4b9e-a70f-5dc4000d8b8f.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ed39b35d8a767c2aad6a77fadc60f233
f9767c74a6f717635f67ac541f0126f5a63bd7d3
343efa10126cf70588f1968dea7c77ec3ff8a121e1152f1f9b9b4960fc42bddb
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faa395dcd-c2bf-4b9e-a70f-5dc4000d8b8f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3187
x-amzn-requestid: 8a44698f-2fd0-4980-9882-971810debb88
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X6Wf9GyaoAMF3XQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63140465-3a46f65e5f8c4522065c5ad5;Sampled=0
x-amzn-remapped-date: Sun, 04 Sep 2022 01:50:29 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: skw7KXeCdFODdGvzIqmWcyKbf3jbapZMoMXLqbu6WPaAmStKp2TKlg==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Sep 2022 23:55:36 GMT
age: 27581
etag: "f9767c74a6f717635f67ac541f0126f5a63bd7d3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8510bf06-7808-4fda-a5d9-b75fc73021c9.jpeg
200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8510bf06-7808-4fda-a5d9-b75fc73021c9.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 79f4356c488498012cc7fc03be21e3df
dd9cd9b711d7112efa85eff8a798346dbd7d5f5f
ebd84bf1db6b39b92be1020c7ea5c32eaa23dfb347ec83941d5bc56e80855ebc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8510bf06-7808-4fda-a5d9-b75fc73021c9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12661
x-amzn-requestid: 71ef9e09-ccf1-4930-865d-665ece4bf3a6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X3hXnFnXIAMFqKQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6312e296-627daf7c7ad3e23a60b183cd;Sampled=0
x-amzn-remapped-date: Sat, 03 Sep 2022 05:13:58 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: xwunW741LulZXvM0har5nqrcCiyYoUwvhCWiPsEvs5P2VKSe476_Cw==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 1481cc55c02c3a782ad420b6bac2cb32.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Sep 2022 22:38:56 GMT
etag: "dd9cd9b711d7112efa85eff8a798346dbd7d5f5f"
content-type: image/jpeg
age: 32181
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faba86944-df9f-4d50-9b10-d50644b978e3.jpeg
200 OK 4.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faba86944-df9f-4d50-9b10-d50644b978e3.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4f29d8aaae2d67c27c58001e7553dea7
5200b601017ce86614783b76fd2a775c1c48d4e9
6b55c4d692cf584e0319b07251d9845749fe8954062dab66e003dd2706451504
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faba86944-df9f-4d50-9b10-d50644b978e3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4805
x-amzn-requestid: 6db42fa4-5a04-4368-b5cb-ea8f70d83ead
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XmxSRFp7oAMFb3Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630c2f41-1df42bd2265554de5f47932e;Sampled=0
x-amzn-remapped-date: Mon, 29 Aug 2022 03:15:13 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: KQ1yb69_uETJJlEIcwsR165zqZuiklGuj3Nn-tyta0e_q8BGqs3cXg==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 5397b304713f6301c7c94ac084b6ed08.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Sep 2022 21:51:24 GMT
age: 35033
etag: "5200b601017ce86614783b76fd2a775c1c48d4e9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc0766520-2dbc-4f52-b0e2-1a908af4cd29.jpeg
200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc0766520-2dbc-4f52-b0e2-1a908af4cd29.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1462b0c8fff091f29c7c5145031c08aa
55154c3878e9650f463805c3829f03a1603f14c1
62f913a6498b21da33451e7cf0e37c5fdef565324bcd35d93cb536527394a3d5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc0766520-2dbc-4f52-b0e2-1a908af4cd29.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11778
x-amzn-requestid: 2956f23c-8907-48de-b82a-73da9ae1d75e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YDqYVHnLoAMFo5w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6317bdce-5d76bbe82dc2823407fe67f3;Sampled=0
x-amzn-remapped-date: Tue, 06 Sep 2022 21:38:22 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 6tTqfG7yRrMw0cMwiQFlu9XuRzxlK7uzTXL-cAMFmrrDrKL9Rd3zqA==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Sep 2022 21:41:20 GMT
age: 35637
etag: "55154c3878e9650f463805c3829f03a1603f14c1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff29f2a08-1dd5-4577-ae0d-6852e6e83ba7.jpeg
200 OK 5.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff29f2a08-1dd5-4577-ae0d-6852e6e83ba7.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6447311cd0f34fb9cde4e21946e0d8af
cfca3a21a33e58f300343f643634c50a924bb6db
e2de947b52e13a0350c5b6904020924b957161d825930677386185a62d2f2401
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff29f2a08-1dd5-4577-ae0d-6852e6e83ba7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5384
x-amzn-requestid: 6888919c-b9fb-43da-a080-0dde24422b4e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YDqZHHA5oAMFjzg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6317bdd3-7f32bdc673d113da6e69b413;Sampled=0
x-amzn-remapped-date: Tue, 06 Sep 2022 21:38:27 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: FvxWL8FJUrDyhFhyYXIuArDhRgFUyTurACy5-POlVjXeskWas-d2pQ==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Sep 2022 21:41:25 GMT
age: 35632
etag: "cfca3a21a33e58f300343f643634c50a924bb6db"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www1.soily.com/track.php?domain=soily.com&toggle=browserjs&uid=MTY2MjUzNjExNi4zOTY5OmE0M2NjNjEyNGNjNzcxZWViNjFhMTk4OTYzN2Y0MmI3ZDI5OGUxYTU1NWZjOGQ3N2ZmY2QwOTk2Y2JmMGIzNWE6NjMxODQ5YjQ2MGUzYQ%3D%3D
200 OK 20 B URL HTTP/1.1 www1.soily.com/track.php?domain=soily.com&toggle=browserjs&uid=MTY2MjUzNjExNi4zOTY5OmE0M2NjNjEyNGNjNzcxZWViNjFhMTk4OTYzN2Y0MmI3ZDI5OGUxYTU1NWZjOGQ3N2ZmY2QwOTk2Y2JmMGIzNWE6NjMxODQ5YjQ2MGUzYQ%3D%3D
IP
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /track.php?domain=soily.com&toggle=browserjs&uid=MTY2MjUzNjExNi4zOTY5OmE0M2NjNjEyNGNjNzcxZWViNjFhMTk4OTYzN2Y0MmI3ZDI5OGUxYTU1NWZjOGQ3N2ZmY2QwOTk2Y2JmMGIzNWE6NjMxODQ5YjQ2MGUzYQ%3D%3D HTTP/1.1
Host: www1.soily.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.soily.com/?tm=1&subid4=1662536090.0263320000&KW1=Lowest%20Car%20Insurance%20Rates&KW2=Social%20Media%20Automation%20Marketing%20Software&KW3=Online%20Career%20Counseling%20Programs&KW4=Best%20Mortgage%20Refinancing%20Rates&KW5=Online%20Career%20Counseling%20Programs&KW6=Lowest%20Car%20Insurance%20Rates&KW7=Get%20an%20Online%20Degree&KW8=Social%20Media%20Automation%20Marketing%20Software&KW9=Lowest%20Car%20Insurance%20Rates&searchbox=0&backfill=0
Cookie: __gsas=ID=7f2c535354ce30c4:T=1662536116:S=ALNI_MaJul3NEEwYiD6C7eGoYajbt8TJ3w
HTTP/1.1 200 OK
Date: Wed, 07 Sep 2022 07:35:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Custom-Track: browserjs
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Access-Control-Allow-Origin: *
Content-Encoding: gzip
www1.soily.com/track.php?domain=soily.com&caf=1&toggle=answercheck&answer=yes&uid=MTY2MjUzNjExNi4zOTY5OmE0M2NjNjEyNGNjNzcxZWViNjFhMTk4OTYzN2Y0MmI3ZDI5OGUxYTU1NWZjOGQ3N2ZmY2QwOTk2Y2JmMGIzNWE6NjMxODQ5YjQ2MGUzYQ%3D%3D
200 OK 20 B URL HTTP/1.1 www1.soily.com/track.php?domain=soily.com&caf=1&toggle=answercheck&answer=yes&uid=MTY2MjUzNjExNi4zOTY5OmE0M2NjNjEyNGNjNzcxZWViNjFhMTk4OTYzN2Y0MmI3ZDI5OGUxYTU1NWZjOGQ3N2ZmY2QwOTk2Y2JmMGIzNWE6NjMxODQ5YjQ2MGUzYQ%3D%3D
IP
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /track.php?domain=soily.com&caf=1&toggle=answercheck&answer=yes&uid=MTY2MjUzNjExNi4zOTY5OmE0M2NjNjEyNGNjNzcxZWViNjFhMTk4OTYzN2Y0MmI3ZDI5OGUxYTU1NWZjOGQ3N2ZmY2QwOTk2Y2JmMGIzNWE6NjMxODQ5YjQ2MGUzYQ%3D%3D HTTP/1.1
Host: www1.soily.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.soily.com/?tm=1&subid4=1662536090.0263320000&KW1=Lowest%20Car%20Insurance%20Rates&KW2=Social%20Media%20Automation%20Marketing%20Software&KW3=Online%20Career%20Counseling%20Programs&KW4=Best%20Mortgage%20Refinancing%20Rates&KW5=Online%20Career%20Counseling%20Programs&KW6=Lowest%20Car%20Insurance%20Rates&KW7=Get%20an%20Online%20Degree&KW8=Social%20Media%20Automation%20Marketing%20Software&KW9=Lowest%20Car%20Insurance%20Rates&searchbox=0&backfill=0
Cookie: __gsas=ID=7f2c535354ce30c4:T=1662536116:S=ALNI_MaJul3NEEwYiD6C7eGoYajbt8TJ3w
HTTP/1.1 200 OK
Date: Wed, 07 Sep 2022 07:35:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Custom-Track: answercheck
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Access-Control-Allow-Origin: *
Content-Encoding: gzip
www.google.com/adsense/domains/caf.js
200 OK 0 B URL HTTP/2 www.google.com/adsense/domains/caf.js
IP
GET /adsense/domains/caf.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Wed, 07 Sep 2022 07:35:16 GMT
expires: Wed, 07 Sep 2022 07:35:16 GMT
cache-control: private, max-age=3600
etag: "5870187964208011027"
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
72.14.178.174
23.36.77.32
93.184.220.29
185.53.178.30
0.0.0.0