wwads.xyz/redirect/action/3JGY0PCthLiU5dnEoNCRhbG5kY3c_eQ_Uyi
301 Moved Permanently 0 B URL HTTP/1.1 wwads.xyz/redirect/action/3JGY0PCthLiU5dnEoNCRhbG5kY3c_eQ_Uyi
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect/action/3JGY0PCthLiU5dnEoNCRhbG5kY3c_eQ_Uyi HTTP/1.1
Host: wwads.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Tue, 20 Sep 2022 02:17:23 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Tue, 20 Sep 2022 03:17:23 GMT
Location: https://wwads.xyz/redirect/action/3JGY0PCthLiU5dnEoNCRhbG5kY3c_eQ_Uyi
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P7guw86G95FCxS7JDEBtkgD0pT0Lq9HKY9Vo8nEnr3%2B6bpZ6cbiss1PgbM8InvuDIbw6cnLF962xylXsM093BrLTTVRdS%2F4CFwggrAYYbRtX7qGldJ6qM8OWcFQ%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74d7107fff021bfe-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 861cfa99de956423d917ed0ddbea4b9c
ad65dbc394b48b04a45c205f56af296c8d008db4
5c706b2718b1698995f4feb91223779aef4bf6dc967c31f9ef9a93873197d5f9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5C706B2718B1698995F4FEB91223779AEF4BF6DC967C31F9EF9A93873197D5F9"
Last-Modified: Sun, 18 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7029
Expires: Tue, 20 Sep 2022 04:14:32 GMT
Date: Tue, 20 Sep 2022 02:17:23 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 91dd975a7b17b2922dd23c0e49314e40
57a2ece1e3cee7c4ebf927f2ba92f52cac395fe2
09966873bbf317f8910c59544cfde2a6d46e8acd2905797cc7c85c6b4d18ea8a
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Content-Type, Alert, Backoff, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 20 Sep 2022 02:13:01 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 4f01f770085624552bc30a98954f963a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 3p18-SRBbeHOJ2VGB_f1P4w7gm2AMPVD7kFVYSQqZoDqPP_Z8wMlxw==
Age: 262
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Mon, 19 Sep 2022 04:35:14 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 f00e3524edcdf61801454f2bb21e71ce.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: QAYSmrIFRHflOEdLV5-BOlXRpASZfol892BN1BLNF7C7nNQWtku_kw==
age: 78130
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 20 Sep 2022 02:17:23 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Tue, 20 Sep 2022 02:03:22 GMT
Expires: Tue, 20 Sep 2022 02:50:20 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 f00e3524edcdf61801454f2bb21e71ce.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 3ss4sOSCDbKAP4PV9zcbco4YFU_URwIC2Z6nL8vxdV6Q-JAcyxOCAA==
Age: 841
ocsp.digicert.com/
200 OK 471 B IP
Hash 5c817aa82ca8ed4a4257fd1e1628b423
7905c62b6bbc582860c07b75eddae371a4b8d02b
dce1783ecfe50c83d30878b48d60e1cf3fe42a3fa4090fb5d318194de73e53d6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5991
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 02:17:24 GMT
Last-Modified: Tue, 20 Sep 2022 00:37:34 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Lyx1p0iSkeYMwo/36r0wqA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: coH4Bm5ZjEMkix5pydReHY+0BOc=
ocsp.pki.goog/s/gts1d4/H3atUJLSWc0
200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/H3atUJLSWc0
IP
Hash 58d582c5eebec7b60facabfaf31102df
0658ed1e17421083eb6a3943382fb75de0699ed9
fdf8d1b3a20939553386ee086c1f6fb6576426277339759820238284087a8b00
POST /s/gts1d4/H3atUJLSWc0 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 02:17:24 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
wwads.xyz/clk/S3FrWFhwWmtKR1hDZGVhU1Q3NFdoR2RJdDdKek51b2xvbEFaS3lCblh2WjA5VXlQY3F6Z1UzalhZZU9mcDdVUE5mSzM5UEloMEltL25aTExQOEdsd05DMmY5TC9nN3hrS3ZrTzVJbUxhbDcvcVNNSGxnb0RuWEh0V3J4aEFLYzAvdmhTVDhoV2c0NjgzWDlyMzdHdFZaeEJMWGNkTGFYWE5qVU51d3NWRllGcEp5cHNBSHpmZGE2T1Uwa3hpMW5YTFFtaXEvYVM5WXVKbGtNbVMzaC9PMHhNcEdPaFBqakY3NjdLakp2RWM5RHhTdXJMVVpoblRkQ2l3Y082eU5LbA
200 OK 622 B URL HTTP/2 wwads.xyz/clk/S3FrWFhwWmtKR1hDZGVhU1Q3NFdoR2RJdDdKek51b2xvbEFaS3lCblh2WjA5VXlQY3F6Z1UzalhZZU9mcDdVUE5mSzM5UEloMEltL25aTExQOEdsd05DMmY5TC9nN3hrS3ZrTzVJbUxhbDcvcVNNSGxnb0RuWEh0V3J4aEFLYzAvdmhTVDhoV2c0NjgzWDlyMzdHdFZaeEJMWGNkTGFYWE5qVU51d3NWRllGcEp5cHNBSHpmZGE2T1Uwa3hpMW5YTFFtaXEvYVM5WXVKbGtNbVMzaC9PMHhNcEdPaFBqakY3NjdLakp2RWM5RHhTdXJMVVpoblRkQ2l3Y082eU5LbA
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (406)
Hash ce8a3b36773dfb190052c9de40c3f059
82adeadf68e3013afc8a8c13bd978f695e66664b
4b8b7f034e985fdce61ba13c935284d991984085e4ab6042ead3f81d64090edc
GET /clk/S3FrWFhwWmtKR1hDZGVhU1Q3NFdoR2RJdDdKek51b2xvbEFaS3lCblh2WjA5VXlQY3F6Z1UzalhZZU9mcDdVUE5mSzM5UEloMEltL25aTExQOEdsd05DMmY5TC9nN3hrS3ZrTzVJbUxhbDcvcVNNSGxnb0RuWEh0V3J4aEFLYzAvdmhTVDhoV2c0NjgzWDlyMzdHdFZaeEJMWGNkTGFYWE5qVU51d3NWRllGcEp5cHNBSHpmZGE2T1Uwa3hpMW5YTFFtaXEvYVM5WXVKbGtNbVMzaC9PMHhNcEdPaFBqakY3NjdLakp2RWM5RHhTdXJMVVpoblRkQ2l3Y082eU5LbA HTTP/1.1
Host: wwads.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 02:17:24 GMT
content-type: text/html; charset=UTF-8
set-cookie: GEO_997a4ca45b57cfa912aa0af3815ef595119e6eb3=6c416a; expires=Tue, 20-Sep-2022 03:17:24 GMT; Max-Age=3600
msv-5-2e530-12b4-a0-40-0=5b5a2a9a; expires=Wed, 21-Sep-2022 02:17:24 GMT; Max-Age=86400
click-26a-6c416a=20092041_37_28_5_6c416a_1493_160_632922b4_5b5a2a9a_4788_0_0_64_64_0_2_2_0_0; expires=Sun, 19-Mar-2023 02:17:24 GMT; Max-Age=15552000; path=/conversion
charset: UTF-8
content-encoding: UTF-8
p3p: CP="NOI CURa ADMa PSA OUR NOR OTC"
pragma: no-cache
cache-control: no-cache, no-cache, must-revalidate, max-age=0
x-robots-tag: noindex, nofollow, nocache, noarchive
googlebot: noindex, nofollow, nocache, noarchive
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=26xUjHJVp5O4XzqilDfNZf7rUC6A63jl2%2BoyNf%2BX95t527kXREapGOPU%2Fmouh7x12N93oqoht0j%2BPOzsZMPjN14ODbDo0KacqlGhs%2BpD%2FGDlIf8LWXDPonbIwFA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74d71081ef07b4f7-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1d4/H3atUJLSWc0
200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/H3atUJLSWc0
IP
Hash 58d582c5eebec7b60facabfaf31102df
0658ed1e17421083eb6a3943382fb75de0699ed9
fdf8d1b3a20939553386ee086c1f6fb6576426277339759820238284087a8b00
POST /s/gts1d4/H3atUJLSWc0 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 02:17:25 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1d4/Tiu86BlRsTU
200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/Tiu86BlRsTU
IP
Hash 4861930a9757286d50936652d370d16c
6f2dbb7749d855c665cec610af1999579545cd7b
2e3630033cd4c0df4a8a4d8c1b13a65c95918b053dd50751206e5ff58caca13c
POST /s/gts1d4/Tiu86BlRsTU HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 02:17:25 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 85aa2dcaf76d25900c78356e5e1c254f
46cd66c9921a162c9e67cfa7d85bc82e5967d531
741815f43b76661b9edde512bc9061cb4bc659b297e7d822bf8e68e5aac9d23d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "741815F43B76661B9EDDE512BC9061CB4BC659B297E7D822BF8E68E5AAC9D23D"
Last-Modified: Sun, 18 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11173
Expires: Tue, 20 Sep 2022 05:23:38 GMT
Date: Tue, 20 Sep 2022 02:17:25 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 85aa2dcaf76d25900c78356e5e1c254f
46cd66c9921a162c9e67cfa7d85bc82e5967d531
741815f43b76661b9edde512bc9061cb4bc659b297e7d822bf8e68e5aac9d23d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "741815F43B76661B9EDDE512BC9061CB4BC659B297E7D822BF8E68E5AAC9D23D"
Last-Modified: Sun, 18 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11173
Expires: Tue, 20 Sep 2022 05:23:38 GMT
Date: Tue, 20 Sep 2022 02:17:25 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 85aa2dcaf76d25900c78356e5e1c254f
46cd66c9921a162c9e67cfa7d85bc82e5967d531
741815f43b76661b9edde512bc9061cb4bc659b297e7d822bf8e68e5aac9d23d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "741815F43B76661B9EDDE512BC9061CB4BC659B297E7D822BF8E68E5AAC9D23D"
Last-Modified: Sun, 18 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11173
Expires: Tue, 20 Sep 2022 05:23:38 GMT
Date: Tue, 20 Sep 2022 02:17:25 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 85aa2dcaf76d25900c78356e5e1c254f
46cd66c9921a162c9e67cfa7d85bc82e5967d531
741815f43b76661b9edde512bc9061cb4bc659b297e7d822bf8e68e5aac9d23d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "741815F43B76661B9EDDE512BC9061CB4BC659B297E7D822BF8E68E5AAC9D23D"
Last-Modified: Sun, 18 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11173
Expires: Tue, 20 Sep 2022 05:23:38 GMT
Date: Tue, 20 Sep 2022 02:17:25 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5a6c4141-897e-4893-81f2-a7382686ab37.jpeg
200 OK 7.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5a6c4141-897e-4893-81f2-a7382686ab37.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4653898fc83ae1b62d9b975658cc7fe9
adc6def18885ff49efd6b61c47d4b36eaca057b4
642a2e27f6635db0f9670cce2cba91f24f881db8f19d3f9b00e439f746fbc225
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5a6c4141-897e-4893-81f2-a7382686ab37.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6961
x-amzn-requestid: 3177a5d3-6be5-426f-84ff-c044443c8627
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YugHuHGZoAMFuwg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6328e097-00d08a4e1c0ebd3f62716843;Sampled=0
x-amzn-remapped-date: Mon, 19 Sep 2022 21:35:19 GMT
x-amz-cf-pop: SEA73-P2, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: ZhlvXBUWGzI9AKQjOoiH2MvD5KKOsGq7HeP3mN82Sgs1-Dv7dPQHSQ==
via: 1.1 2a44ef7b9d28e74c78ffadeedcbb887c.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google
date: Mon, 19 Sep 2022 21:46:48 GMT
age: 16237
etag: "adc6def18885ff49efd6b61c47d4b36eaca057b4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcba2e620-391c-4ae8-ac94-90c963b715fb.jpeg
200 OK 6.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcba2e620-391c-4ae8-ac94-90c963b715fb.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash cdeb5f4113596f09b5500537d2fe192c
a6c26f8faf8840317a5a0c2abf6b175e9be1a00f
84eb2416ea398cc5532fedf13e76cc15e1b63b3c0f7c52b000ee36d9e736b507
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcba2e620-391c-4ae8-ac94-90c963b715fb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6865
x-amzn-requestid: 17572179-da09-4e5e-8f39-30a40fe39217
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YuhZNEA9oAMFWgg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6328e2a1-493bb7a23810a9dd42b31970;Sampled=0
x-amzn-remapped-date: Mon, 19 Sep 2022 21:44:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: EBy3bez7xYP0GVsPOPKHIQHRy-vz69Hc2qhuoV7yMLNuO96_AEuSTQ==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Mon, 19 Sep 2022 22:20:27 GMT
etag: "a6c26f8faf8840317a5a0c2abf6b175e9be1a00f"
content-type: image/jpeg
age: 14218
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe763d5d6-1a5c-4160-9667-8ed7c6b1e265.jpeg
200 OK 6.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe763d5d6-1a5c-4160-9667-8ed7c6b1e265.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3463c46d2b7a87a91ff1a701a438d80e
92c78b27f4e31609c1b78670b26e68b4f991a8ed
b95b290832f12f97c7da51382fe92feba2fa93a5ec0470d48a533a58a13dc474
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe763d5d6-1a5c-4160-9667-8ed7c6b1e265.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5985
x-amzn-requestid: 6797727b-78c7-470f-bee8-7b55e64d36ca
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YugzxH6qoAMF67w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6328e1b1-0d574a815d19636b21376c91;Sampled=0
x-amzn-remapped-date: Mon, 19 Sep 2022 21:40:01 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 7lzvXaC9EgAduUw3i_GsZkjj0LT2QfaXCQyZQibuNcfyJ2XwKWHgtg==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 b8c4a4ca04bb1976e020396d211bc8dc.cloudfront.net (CloudFront), 1.1 google
date: Mon, 19 Sep 2022 22:03:08 GMT
age: 15257
etag: "92c78b27f4e31609c1b78670b26e68b4f991a8ed"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc72c9eb8-103b-4d09-b405-97d1a7ae99a8.webp
200 OK 9.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc72c9eb8-103b-4d09-b405-97d1a7ae99a8.webp
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 30fbdfee7ec4513a5ff3dfcb7282f816
a852edb64a7220532aa619ab2a440c3a7e11b97a
4adee59f97bea412c6a0a786d0a27e431a497198b9047a75841b0a530803bdfe
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc72c9eb8-103b-4d09-b405-97d1a7ae99a8.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9543
x-amzn-requestid: 17be04c9-54f0-4988-82dd-f13911a2a629
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YugINHN1IAMF8iA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6328e09a-35496b4c21c23dec75257964;Sampled=0
x-amzn-remapped-date: Mon, 19 Sep 2022 21:35:22 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: y3urrVdjZEds_DKf3yL2XfaOy-5UPBwU-YVWe5eKYsDpl3JPmqffsw==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Mon, 19 Sep 2022 22:23:30 GMT
age: 14035
etag: "a852edb64a7220532aa619ab2a440c3a7e11b97a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F099b68b9-9e16-49e4-85b1-93b59b2ba2e0.jpeg
200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F099b68b9-9e16-49e4-85b1-93b59b2ba2e0.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f816c646aefe417c3b980f432b98b41f
39c46ac3c49f0e2067aa6937a95839845b372dea
b9d8cb82c21257f9d5b5d82cf12bbf8aff690321f39c26e4a89f8a4d89fb00a7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F099b68b9-9e16-49e4-85b1-93b59b2ba2e0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8746
x-amzn-requestid: 23ee3cce-0abd-436a-b4d8-a2ad451cbeaf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yuh7zElLoAMF0cw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6328e37e-1e03d3ee7a0033dd78620f20;Sampled=0
x-amzn-remapped-date: Mon, 19 Sep 2022 21:47:42 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: xqQxr5DsYrYevayqUWGM1hLCr4mDV4LZU1gFPZm4H8S3OTNRK78znw==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 91356d2137f5a7345e93da4516c49ec4.cloudfront.net (CloudFront), 1.1 google
date: Mon, 19 Sep 2022 21:55:15 GMT
age: 15730
etag: "39c46ac3c49f0e2067aa6937a95839845b372dea"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F32d94aa1-e164-4f98-8fe2-beb3868db074.jpeg
200 OK 5.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F32d94aa1-e164-4f98-8fe2-beb3868db074.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5f4438521bfdc6871ae384abcb7da547
a17fc7a7c30999b8789011c2064f5a8704b00eee
2e40ac154724af625c4858b09b90fa3f6a600b70c9e5e959598f0cdb05a78847
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F32d94aa1-e164-4f98-8fe2-beb3868db074.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5402
x-amzn-requestid: 56e3a080-a8df-4385-ab3e-20e1f822083f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YYvaLH1-IAMFbgA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63202c40-28f492196d5699066cb53d39;Sampled=0
x-amzn-remapped-date: Tue, 13 Sep 2022 07:07:45 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: y-1A5O-MNU6Q5T_fCN_2jLaRC-6TUhzp42BN0cgPTjoOdiz5jwmbGQ==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 ebe4011a81a36e2bf678f69ce1711330.cloudfront.net (CloudFront), 1.1 google
date: Mon, 19 Sep 2022 02:54:45 GMT
age: 84160
etag: "a17fc7a7c30999b8789011c2064f5a8704b00eee"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
lp.quizz2win.com/1615/?camp=5262&theme=1615&clickid=20092041_37_28_5_6c416a_1493_160_632922b4_5b5a2a9a_4788_0_0_64_64_0_2_2_0_0&pub=5:4788&country=NO&hash=hbHwUjpHE78P9Z%2Boz0QPwAeRCAJnyvdepXXRT3Mru%2F32XChVOZgQ2tNN%2BbQNq91GnaOz%2ByMXRYKKbPAJ%2F7iV9fTQVE%2FFxk4fHuBzJZBqqgj2XChVOZgQ2tNN%2BbQNq91GxOZGlTQab0Bg5oLNusxGTdVclgyzcmeU7bzZAC1yz8NXaSmk9bW2vR1hi69FjUJDQqkj3VlVqkJjVA7tXyDJBMrG95domkAzoCX0j6PxDF2wHyK2B8%2F2nGQPp3EU5hqh%2BhsodjZr8XjUREYd0mM5a6h7esZ90L4XjW4QYujDkBw%3D
200 OK 1.3 kB URL HTTP/2 lp.quizz2win.com/1615/?camp=5262&theme=1615&clickid=20092041_37_28_5_6c416a_1493_160_632922b4_5b5a2a9a_4788_0_0_64_64_0_2_2_0_0&pub=5:4788&country=NO&hash=hbHwUjpHE78P9Z%2Boz0QPwAeRCAJnyvdepXXRT3Mru%2F32XChVOZgQ2tNN%2BbQNq91GnaOz%2ByMXRYKKbPAJ%2F7iV9fTQVE%2FFxk4fHuBzJZBqqgj2XChVOZgQ2tNN%2BbQNq91GxOZGlTQab0Bg5oLNusxGTdVclgyzcmeU7bzZAC1yz8NXaSmk9bW2vR1hi69FjUJDQqkj3VlVqkJjVA7tXyDJBMrG95domkAzoCX0j6PxDF2wHyK2B8%2F2nGQPp3EU5hqh%2BhsodjZr8XjUREYd0mM5a6h7esZ90L4XjW4QYujDkBw%3D
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (12528)
Hash 441ef5a208740b01b35e0d76087f8a53
578657e382afb76fe19275615892f1b06026d1e4
453a4530c5d0ab98f58cc64ab950270b046eb3d0207819bbc2a713e53ceed0a3
GET /1615/?camp=5262&theme=1615&clickid=20092041_37_28_5_6c416a_1493_160_632922b4_5b5a2a9a_4788_0_0_64_64_0_2_2_0_0&pub=5:4788&country=NO&hash=hbHwUjpHE78P9Z%2Boz0QPwAeRCAJnyvdepXXRT3Mru%2F32XChVOZgQ2tNN%2BbQNq91GnaOz%2ByMXRYKKbPAJ%2F7iV9fTQVE%2FFxk4fHuBzJZBqqgj2XChVOZgQ2tNN%2BbQNq91GxOZGlTQab0Bg5oLNusxGTdVclgyzcmeU7bzZAC1yz8NXaSmk9bW2vR1hi69FjUJDQqkj3VlVqkJjVA7tXyDJBMrG95domkAzoCX0j6PxDF2wHyK2B8%2F2nGQPp3EU5hqh%2BhsodjZr8XjUREYd0mM5a6h7esZ90L4XjW4QYujDkBw%3D HTTP/1.1
Host: lp.quizz2win.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wwads.xyz/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-guploader-uploadid: ADPycds7X-Dw3RXFKV65rmZAHH_NLi7rt0IeZxzxUGuhxIQalhbobIJjOnwgsguJSetIGrcNvODiB-SebpFPJ2KwRixYIA
date: Tue, 20 Sep 2022 02:17:25 GMT
cache-control: no-transform
expires: Wed, 20 Sep 2023 02:17:25 GMT
last-modified: Wed, 15 Jun 2022 12:52:16 GMT
etag: "441ef5a208740b01b35e0d76087f8a53"
x-goog-generation: 1655297536016411
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
x-goog-stored-content-length: 1308
content-type: text/html
content-encoding: gzip
x-goog-hash: crc32c=m6ryAA==, md5=RB71ogh0CwGzXg12CH+KUw==
x-goog-storage-class: STANDARD
accept-ranges: bytes
content-length: 1308
server: UploadServer
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1d4/Tiu86BlRsTU
200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/Tiu86BlRsTU
IP
Hash 4861930a9757286d50936652d370d16c
6f2dbb7749d855c665cec610af1999579545cd7b
2e3630033cd4c0df4a8a4d8c1b13a65c95918b053dd50751206e5ff58caca13c
POST /s/gts1d4/Tiu86BlRsTU HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 02:17:25 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
lp.quizz2win.com/1615/polyfills.2dfcfa90250cfc6a.js
200 OK 13 kB URL HTTP/2 lp.quizz2win.com/1615/polyfills.2dfcfa90250cfc6a.js
IP
File type ASCII text, with very long lines (37064), with no line terminators
Hash 0cdcbf86cf4c89fd7cb0f83fa2e5f5bf
d4097a57c4062f46686b1d35d527cee6a0cc2291
fe546722505c19658a5f6cb98375a56815c151d1ba9ed591c068ae750a457281
Analyzer Verdict Alert fortinet Phishing
GET /1615/polyfills.2dfcfa90250cfc6a.js HTTP/1.1
Host: lp.quizz2win.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lp.quizz2win.com/1615/?camp=5262&theme=1615&clickid=20092041_37_28_5_6c416a_1493_160_632922b4_5b5a2a9a_4788_0_0_64_64_0_2_2_0_0&pub=5:4788&country=NO&hash=hbHwUjpHE78P9Z%2Boz0QPwAeRCAJnyvdepXXRT3Mru%2F32XChVOZgQ2tNN%2BbQNq91GnaOz%2ByMXRYKKbPAJ%2F7iV9fTQVE%2FFxk4fHuBzJZBqqgj2XChVOZgQ2tNN%2BbQNq91GxOZGlTQab0Bg5oLNusxGTdVclgyzcmeU7bzZAC1yz8NXaSmk9bW2vR1hi69FjUJDQqkj3VlVqkJjVA7tXyDJBMrG95domkAzoCX0j6PxDF2wHyK2B8%2F2nGQPp3EU5hqh%2BhsodjZr8XjUREYd0mM5a6h7esZ90L4XjW4QYujDkBw%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-guploader-uploadid: ADPycdshWeeUbr_zc6-cBMKfpIR2eTTzhCr_-ksZx7MlSeEL5H-RP0vJcoSNc4RNtMO4qUob34mNWY_nFKfPCYm11ScSFg
x-goog-generation: 1655297536177997
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
x-goog-stored-content-length: 12932
content-encoding: gzip
x-goog-hash: crc32c=Q7mQxw==, md5=DNy/hs9Mif18sPg/ouX1vw==
x-goog-storage-class: STANDARD
accept-ranges: bytes
content-length: 12932
server: UploadServer
date: Tue, 20 Sep 2022 02:17:25 GMT
expires: Wed, 20 Sep 2023 02:17:25 GMT
cache-control: no-transform
last-modified: Wed, 15 Jun 2022 12:52:16 GMT
etag: "0cdcbf86cf4c89fd7cb0f83fa2e5f5bf"
content-type: application/javascript
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
lp.quizz2win.com/1615/runtime.bd317e7ab8a92f53.js
200 OK 655 B URL HTTP/2 lp.quizz2win.com/1615/runtime.bd317e7ab8a92f53.js
IP
File type ASCII text, with very long lines (1069), with no line terminators
Hash 1be79659cb1faf80dcf4f423020fc8d4
615efaed8d6dfef962570fc5e9388e22be9ec6f2
7f9b7f822bc55609238eb493c8bbef93ac51daaa7ca51b241ea16a2738c1ae33
Analyzer Verdict Alert fortinet Phishing
GET /1615/runtime.bd317e7ab8a92f53.js HTTP/1.1
Host: lp.quizz2win.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lp.quizz2win.com/1615/?camp=5262&theme=1615&clickid=20092041_37_28_5_6c416a_1493_160_632922b4_5b5a2a9a_4788_0_0_64_64_0_2_2_0_0&pub=5:4788&country=NO&hash=hbHwUjpHE78P9Z%2Boz0QPwAeRCAJnyvdepXXRT3Mru%2F32XChVOZgQ2tNN%2BbQNq91GnaOz%2ByMXRYKKbPAJ%2F7iV9fTQVE%2FFxk4fHuBzJZBqqgj2XChVOZgQ2tNN%2BbQNq91GxOZGlTQab0Bg5oLNusxGTdVclgyzcmeU7bzZAC1yz8NXaSmk9bW2vR1hi69FjUJDQqkj3VlVqkJjVA7tXyDJBMrG95domkAzoCX0j6PxDF2wHyK2B8%2F2nGQPp3EU5hqh%2BhsodjZr8XjUREYd0mM5a6h7esZ90L4XjW4QYujDkBw%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-guploader-uploadid: ADPycdsxAa-rSZj48BhP5PPJqPGusuvjAq2VoK2ktLjETKCSH1DfVMdkngKxnkc_AGhY_U2LN4iNXkzVrQcx0zZup_j69A
x-goog-generation: 1655297536136665
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
x-goog-stored-content-length: 655
content-encoding: gzip
x-goog-hash: crc32c=MQPRkA==, md5=G+eWWcsfr4Dc9PQjAg/I1A==
x-goog-storage-class: STANDARD
accept-ranges: bytes
content-length: 655
server: UploadServer
date: Tue, 20 Sep 2022 02:17:25 GMT
expires: Wed, 20 Sep 2023 02:17:25 GMT
cache-control: no-transform
last-modified: Wed, 15 Jun 2022 12:52:16 GMT
etag: "1be79659cb1faf80dcf4f423020fc8d4"
content-type: application/javascript
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
lp.quizz2win.com/1615/main.593483df9b31abbb.js
200 OK 74 kB URL HTTP/2 lp.quizz2win.com/1615/main.593483df9b31abbb.js
IP
File type ASCII text, with very long lines (65536), with no line terminators
Hash 77e22384c7037f539fe0c4aec605739c
ace97c1c6639f11c7bfccd9a3c6dfc304466e48f
dc0dd327329283c805baf21ee8036ed6e517be1d0307081f16b8a3f357573db8
Analyzer Verdict Alert fortinet Phishing
GET /1615/main.593483df9b31abbb.js HTTP/1.1
Host: lp.quizz2win.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lp.quizz2win.com/1615/?camp=5262&theme=1615&clickid=20092041_37_28_5_6c416a_1493_160_632922b4_5b5a2a9a_4788_0_0_64_64_0_2_2_0_0&pub=5:4788&country=NO&hash=hbHwUjpHE78P9Z%2Boz0QPwAeRCAJnyvdepXXRT3Mru%2F32XChVOZgQ2tNN%2BbQNq91GnaOz%2ByMXRYKKbPAJ%2F7iV9fTQVE%2FFxk4fHuBzJZBqqgj2XChVOZgQ2tNN%2BbQNq91GxOZGlTQab0Bg5oLNusxGTdVclgyzcmeU7bzZAC1yz8NXaSmk9bW2vR1hi69FjUJDQqkj3VlVqkJjVA7tXyDJBMrG95domkAzoCX0j6PxDF2wHyK2B8%2F2nGQPp3EU5hqh%2BhsodjZr8XjUREYd0mM5a6h7esZ90L4XjW4QYujDkBw%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-guploader-uploadid: ADPycdsAAWDR3obcqmPWZJflyAUxawHTivZ-LPJsKECPJugmJEZd5-mB5eesUHLuxv_MsjpvXUtvijSmMconOu49e7wIPw
x-goog-generation: 1655297536337498
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
x-goog-stored-content-length: 73476
content-encoding: gzip
x-goog-hash: crc32c=yacUDA==, md5=d+IjhMcDf1Of4MSuxgVznA==
x-goog-storage-class: STANDARD
accept-ranges: bytes
content-length: 73476
server: UploadServer
date: Tue, 20 Sep 2022 02:17:25 GMT
expires: Wed, 20 Sep 2023 02:17:25 GMT
cache-control: no-transform
last-modified: Wed, 15 Jun 2022 12:52:16 GMT
etag: "77e22384c7037f539fe0c4aec605739c"
content-type: application/javascript
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
lp.quizz2win.com/1615/styles.ef46db3751d8e999.css
200 OK 32 B URL HTTP/2 lp.quizz2win.com/1615/styles.ef46db3751d8e999.css
IP
Hash 2df66f0150766d3b27a870eab60d4d99
fe6b99562bf36781695296ab139bd9bab768544e
fef02c08f7307ca72cd4af34d67dd7d23996a508d05347286dbb3b8ab86ac6e4
GET /1615/styles.ef46db3751d8e999.css HTTP/1.1
Host: lp.quizz2win.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lp.quizz2win.com/1615/?camp=5262&theme=1615&clickid=20092041_37_28_5_6c416a_1493_160_632922b4_5b5a2a9a_4788_0_0_64_64_0_2_2_0_0&pub=5:4788&country=NO&hash=hbHwUjpHE78P9Z%2Boz0QPwAeRCAJnyvdepXXRT3Mru%2F32XChVOZgQ2tNN%2BbQNq91GnaOz%2ByMXRYKKbPAJ%2F7iV9fTQVE%2FFxk4fHuBzJZBqqgj2XChVOZgQ2tNN%2BbQNq91GxOZGlTQab0Bg5oLNusxGTdVclgyzcmeU7bzZAC1yz8NXaSmk9bW2vR1hi69FjUJDQqkj3VlVqkJjVA7tXyDJBMrG95domkAzoCX0j6PxDF2wHyK2B8%2F2nGQPp3EU5hqh%2BhsodjZr8XjUREYd0mM5a6h7esZ90L4XjW4QYujDkBw%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-guploader-uploadid: ADPycdtezqa99RvfYB4HlpmoCwqo5pFP2T6m-wOQHHGxy_K-bTrTrE6HpIdhWnivNr6rNynLEHxOtQdju7yrDMCEoNCF7g
x-goog-generation: 1655297536149864
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
x-goog-stored-content-length: 32
content-encoding: gzip
x-goog-hash: crc32c=vTs5gA==, md5=LfZvAVB2bTsnqHDqtg1NmQ==
x-goog-storage-class: STANDARD
accept-ranges: bytes
content-length: 32
server: UploadServer
date: Tue, 20 Sep 2022 02:17:25 GMT
expires: Wed, 20 Sep 2023 02:17:25 GMT
cache-control: no-transform
last-modified: Wed, 15 Jun 2022 12:52:16 GMT
etag: "2df66f0150766d3b27a870eab60d4d99"
content-type: text/css
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 4f5180e6651455bc8443945fb5b6860c
01457b8648200c9d274b2790b95274b1dc855aaf
39301cccc2805993f794301cb01a70a954e7c8a8e5d6779acc4888f77d7282c0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 02:17:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 4f5180e6651455bc8443945fb5b6860c
01457b8648200c9d274b2790b95274b1dc855aaf
39301cccc2805993f794301cb01a70a954e7c8a8e5d6779acc4888f77d7282c0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 02:17:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 4f5180e6651455bc8443945fb5b6860c
01457b8648200c9d274b2790b95274b1dc855aaf
39301cccc2805993f794301cb01a70a954e7c8a8e5d6779acc4888f77d7282c0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 02:17:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 4f5180e6651455bc8443945fb5b6860c
01457b8648200c9d274b2790b95274b1dc855aaf
39301cccc2805993f794301cb01a70a954e7c8a8e5d6779acc4888f77d7282c0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 02:17:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/opensans/v29/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-mu0SC55I.woff2
200 OK 40 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v29/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-mu0SC55I.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 39536, version 1.0\012- data
Hash cf01a66fca5e5976f751271bda6f1b71
f01f314df3f7072f0862b2da03d4dd29eb1c6092
9edf922182d605a48239fee4eddab22abc367aa35aec6e4a60ce62a21e3e4dc6
GET /s/opensans/v29/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-mu0SC55I.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://lp.quizz2win.com
Connection: keep-alive
Referer: https://lp.quizz2win.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 39536
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 14 Sep 2022 19:34:15 GMT
expires: Thu, 14 Sep 2023 19:34:15 GMT
cache-control: public, max-age=31536000
age: 456191
last-modified: Wed, 11 May 2022 19:25:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 4f5180e6651455bc8443945fb5b6860c
01457b8648200c9d274b2790b95274b1dc855aaf
39301cccc2805993f794301cb01a70a954e7c8a8e5d6779acc4888f77d7282c0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 02:17:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1d4/qPGtfxJU_4U
200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/qPGtfxJU_4U
IP
Hash 700dd4935c7504d3e17ea5a9f5bdd918
cd6f1f248e988789a195af6387e7e2e1b5b89041
dbcc65e418b316104b9a5c57db9cbc2edb9b3fb9a92913bee31208b3dd4bdb2e
POST /s/gts1d4/qPGtfxJU_4U HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 02:17:26 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1d4/qPGtfxJU_4U
200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/qPGtfxJU_4U
IP
Hash 700dd4935c7504d3e17ea5a9f5bdd918
cd6f1f248e988789a195af6387e7e2e1b5b89041
dbcc65e418b316104b9a5c57db9cbc2edb9b3fb9a92913bee31208b3dd4bdb2e
POST /s/gts1d4/qPGtfxJU_4U HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 02:17:26 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
srv.ibraincollege.com/rest/activity/userTracking
200 OK 0 B URL HTTP/2 srv.ibraincollege.com/rest/activity/userTracking
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /rest/activity/userTracking HTTP/1.1
Host: srv.ibraincollege.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://lp.quizz2win.com/
Origin: https://lp.quizz2win.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 02:17:26 GMT
server: Apache-Coyote/1.1
access-control-allow-origin: https://lp.quizz2win.com
vary: Origin
access-control-allow-methods: GET,HEAD,POST
access-control-allow-headers: content-type
access-control-allow-credentials: true
access-control-max-age: 1800
allow: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
content-length: 0
content-type: text/plain
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
srv.ibraincollege.com/rest/activity/userTracking
200 OK 0 B URL HTTP/2 srv.ibraincollege.com/rest/activity/userTracking
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /rest/activity/userTracking HTTP/1.1
Host: srv.ibraincollege.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/json
Content-Length: 964
Origin: https://lp.quizz2win.com
Connection: keep-alive
Referer: https://lp.quizz2win.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 02:17:26 GMT
server: Apache-Coyote/1.1
access-control-allow-origin: https://lp.quizz2win.com
vary: Origin
access-control-allow-credentials: true
content-length: 0
set-cookie: JSESSIONID=B33617C7807985207665837AD2347621; Path=/; Secure; HttpOnly
content-type: text/plain
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
wwads.xyz/redirect/action/3JGY0PCthLiU5dnEoNCRhbG5kY3c_eQ_Uyi
302 Found 0 B URL HTTP/2 wwads.xyz/redirect/action/3JGY0PCthLiU5dnEoNCRhbG5kY3c_eQ_Uyi
IP
GET /redirect/action/3JGY0PCthLiU5dnEoNCRhbG5kY3c_eQ_Uyi HTTP/1.1
Host: wwads.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
date: Tue, 20 Sep 2022 02:17:23 GMT
content-type: text/html; charset=UTF-8
location: https://wwads.xyz/clk/S3FrWFhwWmtKR1hDZGVhU1Q3NFdoR2RJdDdKek51b2xvbEFaS3lCblh2WjA5VXlQY3F6Z1UzalhZZU9mcDdVUE5mSzM5UEloMEltL25aTExQOEdsd05DMmY5TC9nN3hrS3ZrTzVJbUxhbDcvcVNNSGxnb0RuWEh0V3J4aEFLYzAvdmhTVDhoV2c0NjgzWDlyMzdHdFZaeEJMWGNkTGFYWE5qVU51d3NWRllGcEp5cHNBSHpmZGE2T1Uwa3hpMW5YTFFtaXEvYVM5WXVKbGtNbVMzaC9PMHhNcEdPaFBqakY3NjdLakp2RWM5RHhTdXJMVVpoblRkQ2l3Y082eU5LbA
set-cookie: msv-16dc-6c059d-0-a0-0-0=5b5a2a9a; expires=Wed, 21-Sep-2022 02:17:23 GMT; Max-Age=86400
click-20b-6c059d=20092030_37_0_16dc_6c059d_f26_160_632922b3_5b5a2a9a_0_0_0_64_64_0_2_2_0_0; expires=Sun, 19-Mar-2023 02:17:23 GMT; Max-Age=15552000; path=/conversion
cache-control: no-cache, must-revalidate, max-age=0
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wa7C8oeSnPrmgV7pdSaAlVI7tG59bAIAOVsLIzxuyvd1k6G3JHfrXv40vhVbyJ%2FoNBVvL33wEGQFbfL7vK5u1afmFFyJpaMhiOp2S0ikmqWFER4jHC7vvDwJi9Q%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74d710812ebfb4f7-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
srv.ibraincollege.com/rest/user/getCountryInfo/NO
200 OK 0 B URL HTTP/2 srv.ibraincollege.com/rest/user/getCountryInfo/NO
IP
GET /rest/user/getCountryInfo/NO HTTP/1.1
Host: srv.ibraincollege.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lp.quizz2win.com
Connection: keep-alive
Referer: https://lp.quizz2win.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Sep 2022 02:17:26 GMT
server: Apache-Coyote/1.1
access-control-allow-origin: https://lp.quizz2win.com
vary: Origin,Accept-Encoding
access-control-allow-credentials: true
content-type: application/json;charset=ISO-8859-1
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
172.67.177.131
23.36.77.32
93.184.220.29
104.21.59.128