search.hemailaccessonline.com/?source=googledisplay-googledisplay-v3-bb8&uid=20f49abe-5c6b-4f10-9995-d4cb416cc81b&uc=20180201&ap=appfocus1&i_id=email__1.30
34.201.176.68301 Moved Permanently 134 B URL HTTP/1.1 search.hemailaccessonline.com/?source=googledisplay-googledisplay-v3-bb8&uid=20f49abe-5c6b-4f10-9995-d4cb416cc81b&uc=20180201&ap=appfocus1&i_id=email__1.30
IP 34.201.176.68:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4aa7a432bb447f094408f1bd6229c605
1965c4952cc8c082a6307ed67061a57aab6632fa
34ccdc351dc93dbf30a8630521968421091e3ed19c31a16e32c2eabb55c6a73a
GET /?source=googledisplay-googledisplay-v3-bb8&uid=20f49abe-5c6b-4f10-9995-d4cb416cc81b&uc=20180201&ap=appfocus1&i_id=email__1.30 HTTP/1.1
Host: search.hemailaccessonline.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: awselb/2.0
Date: Mon, 12 Sep 2022 07:43:37 GMT
Content-Type: text/html
Content-Length: 134
Connection: keep-alive
Location: https://search.hemailaccessonline.com:443/?source=googledisplay-googledisplay-v3-bb8&uid=20f49abe-5c6b-4f10-9995-d4cb416cc81b&uc=20180201&ap=appfocus1&i_id=email__1.30
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 76d5eb597558e3dee0d99719d17e71e0
f3a0f3932fa8059f27dc9422d523b938fa9a7d09
d16de6cc9eb0e1297f53dc1137bb764bf5c21a7727be32ad05afebd1fe9501ed
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D16DE6CC9EB0E1297F53DC1137BB764BF5C21A7727BE32AD05AFEBD1FE9501ED"
Last-Modified: Sat, 10 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9502
Expires: Mon, 12 Sep 2022 10:21:59 GMT
Date: Mon, 12 Sep 2022 07:43:37 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
143.204.55.27200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 91dd975a7b17b2922dd23c0e49314e40
57a2ece1e3cee7c4ebf927f2ba92f52cac395fe2
09966873bbf317f8910c59544cfde2a6d46e8acd2905797cc7c85c6b4d18ea8a
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Content-Type, Alert, Backoff, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Mon, 12 Sep 2022 07:08:10 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 bb1da7862c4968b28920b91b324095c0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: q-BVOldXXp3THrVq_Hpkch0kc-4VM1f_OMAi61pDCYg7XzbSnNHtGQ==
Age: 2127
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
143.204.55.25200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP 143.204.55.25:0
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Mon, 12 Sep 2022 07:17:13 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 6a757ab2991da716151f94ca00b38098.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: xMzpQRK9jHcNYFfx8Zo7i3ELzdSlGSmSqLoiJcI6ar4Rb1LdcL4J3Q==
age: 1585
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 12 Sep 2022 07:43:37 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash d3eea79d7a77004c97b2bd3062239b24
89c93a8016662084bf30992e29da51e45a2da5d0
819d0e9407d5e996b1c5a8d5d4105a8d7c4ab902a7deb8af43c324288c80115c
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Mon, 12 Sep 2022 07:43:37 GMT
Last-Modified: Mon, 12 Sep 2022 07:20:03 GMT
Server: ECS (dcb/7EA5)
X-Cache: Miss from cloudfront
Via: 1.1 50584ad285d5f627ddebae74efdd0770.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: nqFjW_igLBoain9mxa0bi6rg584yqA4kJ8PHyF6GpkAsGzqXSQRaOA==
Age: 1414
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.27200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Mon, 12 Sep 2022 06:56:07 GMT
Expires: Mon, 12 Sep 2022 07:43:35 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 e49f22f18c16784c0f42291e768d1daa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: woL9hzRoNHyJ-uaE1PZTskKcij2LS45ewRSMfWscGLYdcImCQ5VjMg==
Age: 2850
search.hemailaccessonline.com/?source=googledisplay-googledisplay-v3-bb8&uid=20f49abe-5c6b-4f10-9995-d4cb416cc81b&uc=20180201&ap=appfocus1&i_id=email__1.30
34.201.176.68200 OK 14 kB URL HTTP/2 search.hemailaccessonline.com/?source=googledisplay-googledisplay-v3-bb8&uid=20f49abe-5c6b-4f10-9995-d4cb416cc81b&uc=20180201&ap=appfocus1&i_id=email__1.30
IP 34.201.176.68:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (889), with CRLF line terminators
Hash fd1de906c34c485be3da116763d4fb34
0ef3cad737087b0c6a78896abddb9af95860643a
39a032adcf11a82511b77b362e42886c46d69959568b3f05f03b7399d64b7530
GET /?source=googledisplay-googledisplay-v3-bb8&uid=20f49abe-5c6b-4f10-9995-d4cb416cc81b&uc=20180201&ap=appfocus1&i_id=email__1.30 HTTP/1.1
Host: search.hemailaccessonline.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Mon, 12 Sep 2022 07:43:37 GMT
content-type: text/html; charset=utf-8
content-length: 13809
cache-control: private
content-encoding: gzip
vary: Accept-Encoding
set-cookie: user_id=20f49abe-5c6b-4f10-9995-d4cb416cc81b; domain=hemailaccessonline.com; expires=Tue, 13-Sep-2022 07:43:38 GMT; path=/
nts=t; domain=hemailaccessonline.com; path=/
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
x-content-type-options: nosniff
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 26e829ba5f754918e20cbd316dc4348e
ba198501da0812dd11ca3b38a51325b5de6cfa60
4352c25d4af7637a8435b0df6d042fc606d37a348e966b99fecce8a853b8ebc0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1014
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 07:43:38 GMT
Last-Modified: Mon, 12 Sep 2022 07:26:44 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash bff3a3f3f4f889b08163e7d307438790
c430c7c151973fa0e63ddf52e5624e1ce2282161
bce7d12a2343d8e43fbd05522fe82807ed48933a984aa113c284267364981750
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 07:43:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash c3d8032059a24d14d00c2ee5d8840c01
62efae1ea6aaea612a12d42b6e5b65d24be11437
2319fe90c8b4d3cc41ec9cce275c82d19fb764015196bd1c52dfb9c5d85b9b0b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 07:43:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
search.hemailaccessonline.com/Content/CSS/Base_v2.css
34.201.176.68200 OK 2.8 kB URL HTTP/2 search.hemailaccessonline.com/Content/CSS/Base_v2.css
IP 34.201.176.68:0
File type ASCII text, with CRLF line terminators
Hash c9946249c90f0badfdf55a4559c476a5
f58f7668a3cd3453c31dd64d651a52099eaf8210
492fa88aec13f70306f900b005ce781c35d00df8e3e20072f55ddb3110ddf743
GET /Content/CSS/Base_v2.css HTTP/1.1
Host: search.hemailaccessonline.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://search.hemailaccessonline.com/?source=googledisplay-googledisplay-v3-bb8&uid=20f49abe-5c6b-4f10-9995-d4cb416cc81b&uc=20180201&ap=appfocus1&i_id=email__1.30
Cookie: user_id=20f49abe-5c6b-4f10-9995-d4cb416cc81b; nts=t
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 12 Sep 2022 07:43:38 GMT
content-type: text/css
content-length: 2846
content-encoding: gzip
last-modified: Wed, 25 Aug 2021 21:17:01 GMT
accept-ranges: bytes
etag: "80445f8bf699d71:0"
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
x-content-type-options: nosniff
X-Firefox-Spdy: h2
search.hemailaccessonline.com/get/js/impression?uc=20180201&ap=appfocus1&source=googledisplay-googledisplay-v3-bb8&uid=20f49abe-5c6b-4f10-9995-d4cb416cc81b&i_id=email__1.30&cid=app@EmailAccessOnline
34.201.176.68200 OK 678 B URL HTTP/2 search.hemailaccessonline.com/get/js/impression?uc=20180201&ap=appfocus1&source=googledisplay-googledisplay-v3-bb8&uid=20f49abe-5c6b-4f10-9995-d4cb416cc81b&i_id=email__1.30&cid=app@EmailAccessOnline
IP 34.201.176.68:0
File type ASCII text, with CRLF line terminators
Hash 15b7a1b49f1262f4c0f4572d1bb194c6
def2d7b502fb92413c25de6a24575b24bbfd10f6
6747fffdb1102bc57af597825f6029b764412dc82e8dfd4ccb96bd43c7e67c82
GET /get/js/impression?uc=20180201&ap=appfocus1&source=googledisplay-googledisplay-v3-bb8&uid=20f49abe-5c6b-4f10-9995-d4cb416cc81b&i_id=email__1.30&cid=app@EmailAccessOnline HTTP/1.1
Host: search.hemailaccessonline.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://search.hemailaccessonline.com/?source=googledisplay-googledisplay-v3-bb8&uid=20f49abe-5c6b-4f10-9995-d4cb416cc81b&uc=20180201&ap=appfocus1&i_id=email__1.30
Cookie: user_id=20f49abe-5c6b-4f10-9995-d4cb416cc81b; nts=t
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 12 Sep 2022 07:43:38 GMT
content-type: text/javascript; charset=utf-8
content-length: 678
cache-control: max-age=86400
content-encoding: gzip
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
x-content-type-options: nosniff
X-Firefox-Spdy: h2
search.hemailaccessonline.com/Scripts/WeatherHelper_v1.js
34.201.176.68200 OK 1.5 kB URL HTTP/2 search.hemailaccessonline.com/Scripts/WeatherHelper_v1.js
IP 34.201.176.68:0
File type ASCII text, with CRLF line terminators
Hash 1d8237575ed7434f668873989b3f769a
12430714bc540f62ab8c3cc356d1b009b1589a4b
198e57bb51fb3c84d5f47f50a51488e916c5dda12a414b5245d17aba693ea68d
Analyzer Verdict Alert fortinet Malware
GET /Scripts/WeatherHelper_v1.js HTTP/1.1
Host: search.hemailaccessonline.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://search.hemailaccessonline.com/?source=googledisplay-googledisplay-v3-bb8&uid=20f49abe-5c6b-4f10-9995-d4cb416cc81b&uc=20180201&ap=appfocus1&i_id=email__1.30
Cookie: user_id=20f49abe-5c6b-4f10-9995-d4cb416cc81b; nts=t
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 12 Sep 2022 07:43:38 GMT
content-type: application/javascript
content-length: 1517
content-encoding: gzip
last-modified: Wed, 25 Aug 2021 21:17:05 GMT
accept-ranges: bytes
etag: "809ec18df699d71:0"
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
x-content-type-options: nosniff
X-Firefox-Spdy: h2
search.hemailaccessonline.com/Content/Home/Email/CSS/Email_v2.css
34.201.176.68200 OK 2.0 kB URL HTTP/2 search.hemailaccessonline.com/Content/Home/Email/CSS/Email_v2.css
IP 34.201.176.68:0
File type ASCII text, with very long lines (662), with CRLF line terminators
Hash 95bafb07a4c77592131ed7c312af4044
9e40450c7c820faaa64b0f760ca7c28fe6023aa8
0980843bc140a1b35d4f00b34ca3a54e92b585d24cfac15fc313a31c838e5170
GET /Content/Home/Email/CSS/Email_v2.css HTTP/1.1
Host: search.hemailaccessonline.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://search.hemailaccessonline.com/?source=googledisplay-googledisplay-v3-bb8&uid=20f49abe-5c6b-4f10-9995-d4cb416cc81b&uc=20180201&ap=appfocus1&i_id=email__1.30
Cookie: user_id=20f49abe-5c6b-4f10-9995-d4cb416cc81b; nts=t
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 12 Sep 2022 07:43:38 GMT
content-type: text/css
content-length: 1958
content-encoding: gzip
last-modified: Wed, 25 Aug 2021 21:17:01 GMT
accept-ranges: bytes
etag: "0d7e58bf699d71:0"
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
x-content-type-options: nosniff
X-Firefox-Spdy: h2
search.hemailaccessonline.com/Content/Images/Toolbar/gmail.png
34.201.176.68200 OK 4.4 kB URL HTTP/2 search.hemailaccessonline.com/Content/Images/Toolbar/gmail.png
IP 34.201.176.68:0
File type PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced\012- data
Hash ea55cde31ffc6f17e1f6252c9ff64c63
e947805941b0c360442d8a05ae22368ce39d82a1
7549b37a194c861d3e0444cae07773212707ad4b2ec7f4182c006be6c8aaff69
GET /Content/Images/Toolbar/gmail.png HTTP/1.1
Host: search.hemailaccessonline.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://search.hemailaccessonline.com/?source=googledisplay-googledisplay-v3-bb8&uid=20f49abe-5c6b-4f10-9995-d4cb416cc81b&uc=20180201&ap=appfocus1&i_id=email__1.30
Cookie: user_id=20f49abe-5c6b-4f10-9995-d4cb416cc81b; nts=t
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 12 Sep 2022 07:43:38 GMT
content-type: image/png
content-length: 4402
cache-control: public, max-age=86400
last-modified: Wed, 25 Aug 2021 21:17:02 GMT
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
x-content-type-options: nosniff
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=UA-178002442-1
142.250.74.72200 OK 42 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-178002442-1
IP 142.250.74.72:0
File type ASCII text, with very long lines (1615)
Hash d98e6dfc7d09f2a6b019c1990d978f5d
4067c86445ef29c3e2ea1983e8c38df3bb6ab60c
dce82a0cd42aa1e439926f629b58c505682920a1dba004c0fdcb4decd9408e00
GET /gtag/js?id=UA-178002442-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://search.hemailaccessonline.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 12 Sep 2022 07:43:38 GMT
expires: Mon, 12 Sep 2022 07:43:38 GMT
cache-control: private, max-age=900
last-modified: Mon, 12 Sep 2022 06:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 41969
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ka-p.fontawesome.com/releases/v5.15.4/css/pro.min.css?token=b9b2ba83c3
104.18.22.52200 OK 54 kB URL HTTP/2 ka-p.fontawesome.com/releases/v5.15.4/css/pro.min.css?token=b9b2ba83c3
IP 104.18.22.52:0
File type ASCII text, with very long lines (65397)
Hash dc9270247a97f75913a5d8934c24de03
ed9b0fa01b552571f99d529ed355b2ba91cfc48d
847cc3ab1ea736cbbaac34833596335471fc7a888089b501b3c83a323566f0b8
GET /releases/v5.15.4/css/pro.min.css?token=b9b2ba83c3 HTTP/1.1
Host: ka-p.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://search.hemailaccessonline.com/
Origin: https://search.hemailaccessonline.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 12 Sep 2022 07:43:38 GMT
content-type: text/css
content-length: 54194
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
etag: "610ae215-d3b2"
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
cf-cache-status: HIT
age: 43395
accept-ranges: bytes
server: cloudflare
cf-ray: 74970366fb490afa-OSL
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Open+Sans:400,600,700,800&display=swap
142.250.74.10200 OK 3.3 kB URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans:400,600,700,800&display=swap
IP 142.250.74.10:0
File type ASCII text, with very long lines (27832)
Hash 4d5750fe0d38424576818bd3c1eb5901
f77a36327fd0f10d51bae851054b26990cce4fdf
a137c681bc972f6ecd138749f47126bba9e454d72535675753ec6b7d42aaf4ed
GET /css?family=Open+Sans:400,600,700,800&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://search.hemailaccessonline.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 12 Sep 2022 07:43:38 GMT
date: Mon, 12 Sep 2022 07:43:38 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ka-p.fontawesome.com/releases/v5.15.4/css/pro-v4-shims.min.css?token=b9b2ba83c3
104.18.22.52200 OK 4.2 kB URL HTTP/2 ka-p.fontawesome.com/releases/v5.15.4/css/pro-v4-shims.min.css?token=b9b2ba83c3
IP 104.18.22.52:0
File type ASCII text, with very long lines (26366)
Hash 7fd743485fa194e25e2a207bff6c258a
97c999d752b95ee1ed6271a29aa58109dc17281e
dd939d69a23f003d49287291f0bcb59df58119d60bc5f14a81cbfd957894f6dc
GET /releases/v5.15.4/css/pro-v4-shims.min.css?token=b9b2ba83c3 HTTP/1.1
Host: ka-p.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://search.hemailaccessonline.com/
Origin: https://search.hemailaccessonline.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 12 Sep 2022 07:43:38 GMT
content-type: text/css
content-length: 4194
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
etag: "610ae215-1062"
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
cf-cache-status: HIT
age: 43395
accept-ranges: bytes
server: cloudflare
cf-ray: 74970366fb4c0afa-OSL
X-Firefox-Spdy: h2
search.hemailaccessonline.com/Content/Images/Toolbar/outlook.png
34.201.176.68200 OK 8.4 kB URL HTTP/2 search.hemailaccessonline.com/Content/Images/Toolbar/outlook.png
IP 34.201.176.68:0
File type PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced\012- data
Hash aa6f70a6681c4c8321f28c610545b0a4
3bb0380120a96c3fc906ca551d22ad9fa1ed6ce7
6b1192ebfb3fd93bfdb7b886124862494c86d0045fd6c94a47398a089f5e030b
GET /Content/Images/Toolbar/outlook.png HTTP/1.1
Host: search.hemailaccessonline.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://search.hemailaccessonline.com/?source=googledisplay-googledisplay-v3-bb8&uid=20f49abe-5c6b-4f10-9995-d4cb416cc81b&uc=20180201&ap=appfocus1&i_id=email__1.30
Cookie: user_id=20f49abe-5c6b-4f10-9995-d4cb416cc81b; nts=t
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 12 Sep 2022 07:43:38 GMT
content-type: image/png
content-length: 8401
cache-control: public, max-age=86400
last-modified: Wed, 25 Aug 2021 21:17:02 GMT
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
x-content-type-options: nosniff
X-Firefox-Spdy: h2
search.hemailaccessonline.com/Content/Images/Toolbar/yahoo.png
34.201.176.68200 OK 4.9 kB URL HTTP/2 search.hemailaccessonline.com/Content/Images/Toolbar/yahoo.png
IP 34.201.176.68:0
File type PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced\012- data
Hash 2d0147c64fa4aeb01695c95f351be917
cee44aeace3e20e6d7e607c723235a110bf02e7f
bcdd8290dcee1d8bc7c5cb8798bd27078a9a30dda19e432e8ad43d9520ba921b
GET /Content/Images/Toolbar/yahoo.png HTTP/1.1
Host: search.hemailaccessonline.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://search.hemailaccessonline.com/?source=googledisplay-googledisplay-v3-bb8&uid=20f49abe-5c6b-4f10-9995-d4cb416cc81b&uc=20180201&ap=appfocus1&i_id=email__1.30
Cookie: user_id=20f49abe-5c6b-4f10-9995-d4cb416cc81b; nts=t
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 12 Sep 2022 07:43:38 GMT
content-type: image/png
content-length: 4863
cache-control: public, max-age=86400
last-modified: Wed, 25 Aug 2021 21:17:02 GMT
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
x-content-type-options: nosniff
X-Firefox-Spdy: h2
search.hemailaccessonline.com/Content/Images/Toolbar/maps.png
34.201.176.68200 OK 10 kB URL HTTP/2 search.hemailaccessonline.com/Content/Images/Toolbar/maps.png
IP 34.201.176.68:0
File type PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced\012- data
Hash 03f31a86f5fd92f860351577c470b165
bed2a3c0ad6f07458c1822c3e6ac8b89cf937575
f018ecd3437923c9f5af6d16da40d2b32ce2029b6e45c1e2e728f6cc6b3e12ea
GET /Content/Images/Toolbar/maps.png HTTP/1.1
Host: search.hemailaccessonline.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://search.hemailaccessonline.com/?source=googledisplay-googledisplay-v3-bb8&uid=20f49abe-5c6b-4f10-9995-d4cb416cc81b&uc=20180201&ap=appfocus1&i_id=email__1.30
Cookie: user_id=20f49abe-5c6b-4f10-9995-d4cb416cc81b; nts=t
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 12 Sep 2022 07:43:38 GMT
content-type: image/png
content-length: 10139
cache-control: public, max-age=86400
last-modified: Wed, 25 Aug 2021 21:17:02 GMT
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
x-content-type-options: nosniff
X-Firefox-Spdy: h2
search.hemailaccessonline.com/Content/Images/Toolbar/emailv2.png
34.201.176.68200 OK 5.0 kB URL HTTP/2 search.hemailaccessonline.com/Content/Images/Toolbar/emailv2.png
IP 34.201.176.68:0
File type PNG image data, 128 x 128, 8-bit/color RGB, non-interlaced\012- data
Hash dd10e459a0ac71df7bcffa634a077856
cc774bf351b47a74c422c5db5dc17c051536be00
0d7a3679994f6afdc431b78b25fe7ba40963cfe94f807ca7409e9687429bca10
GET /Content/Images/Toolbar/emailv2.png HTTP/1.1
Host: search.hemailaccessonline.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://search.hemailaccessonline.com/?source=googledisplay-googledisplay-v3-bb8&uid=20f49abe-5c6b-4f10-9995-d4cb416cc81b&uc=20180201&ap=appfocus1&i_id=email__1.30
Cookie: user_id=20f49abe-5c6b-4f10-9995-d4cb416cc81b; nts=t
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 12 Sep 2022 07:43:38 GMT
content-type: image/png
content-length: 4960
cache-control: public, max-age=86400
last-modified: Wed, 25 Aug 2021 21:17:02 GMT
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
x-content-type-options: nosniff
X-Firefox-Spdy: h2
search.hemailaccessonline.com/Content/Images/Toolbar/newsv2.png
34.201.176.68200 OK 12 kB URL HTTP/2 search.hemailaccessonline.com/Content/Images/Toolbar/newsv2.png
IP 34.201.176.68:0
File type PNG image data, 128 x 128, 8-bit/color RGB, non-interlaced\012- data
Hash 54d6fb01d95327cccb0a713c0123190d
7a3c40c0a40fba3b51f76266cb9505f8f1a42ef5
71dc8eff83a0ad83594a67273ae6434612a079e25fb2e06180f046ae02f87a68
GET /Content/Images/Toolbar/newsv2.png HTTP/1.1
Host: search.hemailaccessonline.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://search.hemailaccessonline.com/?source=googledisplay-googledisplay-v3-bb8&uid=20f49abe-5c6b-4f10-9995-d4cb416cc81b&uc=20180201&ap=appfocus1&i_id=email__1.30
Cookie: user_id=20f49abe-5c6b-4f10-9995-d4cb416cc81b; nts=t
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 12 Sep 2022 07:43:38 GMT
content-type: image/png
content-length: 12254
cache-control: public, max-age=86400
last-modified: Wed, 25 Aug 2021 21:17:02 GMT
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
x-content-type-options: nosniff
X-Firefox-Spdy: h2
search.hemailaccessonline.com/Content/Images/quicklinkIcons/hq/weather.png
34.201.176.68200 OK 9.1 kB URL HTTP/2 search.hemailaccessonline.com/Content/Images/quicklinkIcons/hq/weather.png
IP 34.201.176.68:0
File type PNG image data, 500 x 500, 8-bit colormap, non-interlaced\012- data
Hash c73cae6072224041a7e28492e966537a
7a52c159cfa027646d40ff974eaef4805ec9a969
fa25bf2809d53a6218b7eb54f168fb0bc9d6427c12cac5a6689205816bee0672
GET /Content/Images/quicklinkIcons/hq/weather.png HTTP/1.1
Host: search.hemailaccessonline.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://search.hemailaccessonline.com/?source=googledisplay-googledisplay-v3-bb8&uid=20f49abe-5c6b-4f10-9995-d4cb416cc81b&uc=20180201&ap=appfocus1&i_id=email__1.30
Cookie: user_id=20f49abe-5c6b-4f10-9995-d4cb416cc81b; nts=t
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 12 Sep 2022 07:43:38 GMT
content-type: image/png
content-length: 9105
cache-control: public, max-age=86400
last-modified: Wed, 25 Aug 2021 21:17:02 GMT
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
x-content-type-options: nosniff
X-Firefox-Spdy: h2
search.hemailaccessonline.com/Content/Images/quicklinkIcons/hq/myemailsimplified.png
34.201.176.68200 OK 7.7 kB URL HTTP/2 search.hemailaccessonline.com/Content/Images/quicklinkIcons/hq/myemailsimplified.png
IP 34.201.176.68:0
File type PNG image data, 500 x 500, 8-bit colormap, non-interlaced\012- data
Hash cde49619d2e9336942237b4965e1df3e
8a754330cce76b36725ec12689ba349d7af78f7e
c60e91abccb6a9d706f9613c22abb713554dd75fbd4ea1bd8494d28b423ce936
GET /Content/Images/quicklinkIcons/hq/myemailsimplified.png HTTP/1.1
Host: search.hemailaccessonline.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://search.hemailaccessonline.com/?source=googledisplay-googledisplay-v3-bb8&uid=20f49abe-5c6b-4f10-9995-d4cb416cc81b&uc=20180201&ap=appfocus1&i_id=email__1.30
Cookie: user_id=20f49abe-5c6b-4f10-9995-d4cb416cc81b; nts=t
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 12 Sep 2022 07:43:38 GMT
content-type: image/png
content-length: 7740
cache-control: public, max-age=86400
last-modified: Wed, 25 Aug 2021 21:17:02 GMT
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
x-content-type-options: nosniff
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash bff3a3f3f4f889b08163e7d307438790
c430c7c151973fa0e63ddf52e5624e1ce2282161
bce7d12a2343d8e43fbd05522fe82807ed48933a984aa113c284267364981750
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 07:43:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash c3d8032059a24d14d00c2ee5d8840c01
62efae1ea6aaea612a12d42b6e5b65d24be11437
2319fe90c8b4d3cc41ec9cce275c82d19fb764015196bd1c52dfb9c5d85b9b0b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 07:43:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 4894843dd17150368f9e81305262c361
09c1036ec45f4da92b1749c5b0a76062d32ee681
5242d2bcde6e9f49b38e0749771de0388b9687af78be7b13a27e147b3e38684e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 07:43:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 4894843dd17150368f9e81305262c361
09c1036ec45f4da92b1749c5b0a76062d32ee681
5242d2bcde6e9f49b38e0749771de0388b9687af78be7b13a27e147b3e38684e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 07:43:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 4894843dd17150368f9e81305262c361
09c1036ec45f4da92b1749c5b0a76062d32ee681
5242d2bcde6e9f49b38e0749771de0388b9687af78be7b13a27e147b3e38684e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 07:43:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 4894843dd17150368f9e81305262c361
09c1036ec45f4da92b1749c5b0a76062d32ee681
5242d2bcde6e9f49b38e0749771de0388b9687af78be7b13a27e147b3e38684e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 07:43:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
142.250.74.163200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://search.hemailaccessonline.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Sep 2022 08:31:01 GMT
expires: Wed, 06 Sep 2023 08:31:01 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
age: 515557
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
search.hemailaccessonline.com/styles/home/monetizedquicklinks?v=Pf1P8ZTmx0EpcmDfisgZsKM0LGXZ0OckHk-F2hmrmqQ1
34.201.176.68200 OK 2.4 kB URL HTTP/2 search.hemailaccessonline.com/styles/home/monetizedquicklinks?v=Pf1P8ZTmx0EpcmDfisgZsKM0LGXZ0OckHk-F2hmrmqQ1
IP 34.201.176.68:0
File type ASCII text, with very long lines (12948), with no line terminators
Hash b265f2647d729ce2ed972bfce64cdc51
e3901bd30437e65ef4f0bc4ab0cf22730131f0f7
fc96374178471800e80a82f7c99dfb3d8ac3d4f823f2eb09e7ec4a0582d4e77c
Analyzer Verdict Alert fortinet Malware
GET /styles/home/monetizedquicklinks?v=Pf1P8ZTmx0EpcmDfisgZsKM0LGXZ0OckHk-F2hmrmqQ1 HTTP/1.1
Host: search.hemailaccessonline.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://search.hemailaccessonline.com/?source=googledisplay-googledisplay-v3-bb8&uid=20f49abe-5c6b-4f10-9995-d4cb416cc81b&uc=20180201&ap=appfocus1&i_id=email__1.30
Cookie: user_id=20f49abe-5c6b-4f10-9995-d4cb416cc81b; nts=t
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 12 Sep 2022 07:43:38 GMT
content-type: text/css; charset=utf-8
content-length: 2397
cache-control: public
content-encoding: gzip
expires: Tue, 12 Sep 2023 07:43:38 GMT
last-modified: Mon, 12 Sep 2022 07:43:38 GMT
vary: User-Agent,Accept-Encoding
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
x-content-type-options: nosniff
X-Firefox-Spdy: h2
search.hemailaccessonline.com/Scripts/NewScripts/AutoComplete_V4.js
34.201.176.68200 OK 75 kB URL HTTP/2 search.hemailaccessonline.com/Scripts/NewScripts/AutoComplete_V4.js
IP 34.201.176.68:0
File type Unicode text, UTF-8 text, with very long lines (1602), with CRLF line terminators
Hash 8bbb0bc9c1fb1e218deceec495fbfb7a
e41b435847fd6fd56cae9ee06abb7bff6da3cadb
624a7d78be7b43606b0a3aed037652f1e91af071ea6ed0f8ac2f165dbc6f34f0
Analyzer Verdict Alert fortinet Malware
GET /Scripts/NewScripts/AutoComplete_V4.js HTTP/1.1
Host: search.hemailaccessonline.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://search.hemailaccessonline.com/?source=googledisplay-googledisplay-v3-bb8&uid=20f49abe-5c6b-4f10-9995-d4cb416cc81b&uc=20180201&ap=appfocus1&i_id=email__1.30
Cookie: user_id=20f49abe-5c6b-4f10-9995-d4cb416cc81b; nts=t
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 12 Sep 2022 07:43:38 GMT
content-type: application/javascript
content-length: 74940
content-encoding: gzip
last-modified: Wed, 25 Aug 2021 21:17:05 GMT
accept-ranges: bytes
etag: "809ec18df699d71:0"
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
x-content-type-options: nosniff
X-Firefox-Spdy: h2
search.hemailaccessonline.com/Scripts/Home/Shared/Base_v2.js
34.201.176.68200 OK 1.3 kB URL HTTP/2 search.hemailaccessonline.com/Scripts/Home/Shared/Base_v2.js
IP 34.201.176.68:0
File type ASCII text, with CRLF line terminators
Hash 34c9985adbb356b6a953d56056a4ce33
ad0fd72894719fa7465f91da7b9d1ee263aa62e9
6275654010d92220bdc9b4dd5fa4e76dbd32eab05025ff598fb5270b57671660
Analyzer Verdict Alert fortinet Malware
GET /Scripts/Home/Shared/Base_v2.js HTTP/1.1
Host: search.hemailaccessonline.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://search.hemailaccessonline.com/?source=googledisplay-googledisplay-v3-bb8&uid=20f49abe-5c6b-4f10-9995-d4cb416cc81b&uc=20180201&ap=appfocus1&i_id=email__1.30
Cookie: user_id=20f49abe-5c6b-4f10-9995-d4cb416cc81b; nts=t
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 12 Sep 2022 07:43:38 GMT
content-type: application/javascript
content-length: 1273
content-encoding: gzip
last-modified: Wed, 25 Aug 2021 21:17:05 GMT
accept-ranges: bytes
etag: "646a248ef699d71:0"
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
x-content-type-options: nosniff
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 4894843dd17150368f9e81305262c361
09c1036ec45f4da92b1749c5b0a76062d32ee681
5242d2bcde6e9f49b38e0749771de0388b9687af78be7b13a27e147b3e38684e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 07:43:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
push.services.mozilla.com/
34.218.164.174101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.218.164.174:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 1M9JEbVA/5zdmXazJGZkhQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: wSkU0ytN8i82vpZKKjHs6F/toBg=
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash 1d4c2fa955a281d097c97c63606a6b4e
4509f99c3ecc6cf1c54d3d0dc8e285312cd6402a
a95f9fa46c1cb49db9786930d03f6f40bdc794cfd5f61201374249aecf94a463
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Mon, 12 Sep 2022 07:43:38 GMT
Last-Modified: Mon, 12 Sep 2022 06:14:54 GMT
Server: ECS (nyb/1D24)
X-Cache: Miss from cloudfront
Via: 1.1 50584ad285d5f627ddebae74efdd0770.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: _EIEGJaK_n4tv2K2ty69X6BXfL9FB6grRxiiXqX3_DY41kJRjSrLQQ==
Age: 5324
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 3d26e8620e78b6d9adbd5fa6cce5096a
484dc526b8468cec826c6dca1f5c92f591c96884
6544ca9d8c71a95e024a24a774cce83ba6d6d6335e03421ef7371156138b1673
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 12 Sep 2022 07:43:38 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 10 Sep 2022 04:42:22 GMT
Expires: Sat, 17 Sep 2022 04:42:21 GMT
Etag: "484dc526b8468cec826c6dca1f5c92f591c96884"
Cache-Control: max-age=420522,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 749703696e02b50b-OSL
ka-p.fontawesome.com/releases/v5.15.4/webfonts/pro-fa-solid-900-5.0.0.woff2
104.18.22.52200 OK 20 kB URL HTTP/2 ka-p.fontawesome.com/releases/v5.15.4/webfonts/pro-fa-solid-900-5.0.0.woff2
IP 104.18.22.52:0
File type Web Open Font Format (Version 2), TrueType, length 19784, version 331.-31196\012- data
Hash c7682b8035fc1d1672d6455631813794
9e2955e5e55b3073e229c218724406425862d4a1
1b50aa1d36ea249991fb44f8f6ad2aa74fe360df9cc04c564b5edf3b053b739c
GET /releases/v5.15.4/webfonts/pro-fa-solid-900-5.0.0.woff2 HTTP/1.1
Host: ka-p.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://search.hemailaccessonline.com
Connection: keep-alive
Referer: https://search.hemailaccessonline.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 12 Sep 2022 07:43:38 GMT
content-type: font/woff2
content-length: 19784
access-control-allow-origin: *
cache-control: max-age=31556926
etag: "610ae35f-4d48"
last-modified: Wed, 04 Aug 2021 18:58:39 GMT
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
cf-cache-status: HIT
age: 43393
accept-ranges: bytes
server: cloudflare
cf-ray: 74970369ce540afa-OSL
X-Firefox-Spdy: h2
api.openweathermap.org/data/2.5/weather?appid=beac7c40c6ebee3f7f54a7a3544c9986&zip=10001&type=accurate&units=imperial
37.139.1.159200 OK 460 B URL HTTP/1.1 api.openweathermap.org/data/2.5/weather?appid=beac7c40c6ebee3f7f54a7a3544c9986&zip=10001&type=accurate&units=imperial
IP 37.139.1.159:0
ASN #14061 DIGITALOCEAN-ASN
File type JSON data\012- , ASCII text, with very long lines (460), with no line terminators
Hash ce5fbbee6332ce5ccca74264233e642b
95dd4ed576341ae7585f7ddc54af8a925d839914
36036adb2e1fc394806fd4ff7b42a44c982c31e9b26979b35f0c2b76ddde63b7
GET /data/2.5/weather?appid=beac7c40c6ebee3f7f54a7a3544c9986&zip=10001&type=accurate&units=imperial HTTP/1.1
Host: api.openweathermap.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://search.hemailaccessonline.com/
Origin: https://search.hemailaccessonline.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: openresty
Date: Mon, 12 Sep 2022 07:43:38 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 460
Connection: keep-alive
X-Cache-Key: /data/2.5/weather?type=accurate&units=imperial&zip=10001
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST
ka-p.fontawesome.com/releases/v5.15.4/webfonts/pro-fa-regular-400-5.0.0.woff2
104.18.22.52200 OK 23 kB URL HTTP/2 ka-p.fontawesome.com/releases/v5.15.4/webfonts/pro-fa-regular-400-5.0.0.woff2
IP 104.18.22.52:0
File type Web Open Font Format (Version 2), TrueType, length 23316, version 331.-31196\012- data
Hash e0e8f01313f5061924cb318b031d706e
8ddfde7f46123a327ec627acf520741b1f016eb9
78f2234a60cbe6920db07df9663c0b035d9a602d8f7b82e174fc9e0f5bf89ad0
GET /releases/v5.15.4/webfonts/pro-fa-regular-400-5.0.0.woff2 HTTP/1.1
Host: ka-p.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://search.hemailaccessonline.com
Connection: keep-alive
Referer: https://search.hemailaccessonline.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 12 Sep 2022 07:43:38 GMT
content-type: font/woff2
content-length: 23316
access-control-allow-origin: *
cache-control: max-age=31556926
etag: "610ae35c-5b14"
last-modified: Wed, 04 Aug 2021 18:58:36 GMT
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
cf-cache-status: HIT
age: 43393
accept-ranges: bytes
server: cloudflare
cf-ray: 74970369fe800afa-OSL
X-Firefox-Spdy: h2
imp.onesearch.org/impression.do?event=ex_banner_show&user_id=20f49abe-5c6b-4f10-9995-d4cb416cc81b&source=googledisplay-googledisplay-v3-bb8&traffic_source=appfocus1&subid=20180201&implementation_id=email_&page=adm&referrer=&offer_id=~app@EmailAccessOnline
44.199.122.180503 Service Unavailable 162 B URL HTTP/2 imp.onesearch.org/impression.do?event=ex_banner_show&user_id=20f49abe-5c6b-4f10-9995-d4cb416cc81b&source=googledisplay-googledisplay-v3-bb8&traffic_source=appfocus1&subid=20180201&implementation_id=email_&page=adm&referrer=&offer_id=~app@EmailAccessOnline
IP 44.199.122.180:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 81df4d3863debf3eceb5cf84251fd472
4ba7843a4cc062123f5f4caacbb9a3fa7d381eac
258c66556e2e065b0d04f6ae39a98fcf182e3e584cd0b7bdb20d0a395796347b
GET /impression.do?event=ex_banner_show&user_id=20f49abe-5c6b-4f10-9995-d4cb416cc81b&source=googledisplay-googledisplay-v3-bb8&traffic_source=appfocus1&subid=20180201&implementation_id=email_&page=adm&referrer=&offer_id=~app@EmailAccessOnline HTTP/1.1
Host: imp.onesearch.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://search.hemailaccessonline.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 503 Service Unavailable
server: awselb/2.0
date: Mon, 12 Sep 2022 07:43:38 GMT
content-type: text/html
content-length: 162
X-Firefox-Spdy: h2
internal_tiles.tiles.ampfeed.com/tiles?partner=internal_tiles&v=1.3&sub1=10058&sub2=email&results=10&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F71.0.3578.80%20Safari%2F537.36&BOC=1662968606700&callback=admtilecallback
95.100.15.228200 OK 46 B URL HTTP/2 internal_tiles.tiles.ampfeed.com/tiles?partner=internal_tiles&v=1.3&sub1=10058&sub2=email&results=10&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F71.0.3578.80%20Safari%2F537.36&BOC=1662968606700&callback=admtilecallback
IP 95.100.15.228:0
File type ASCII text, with no line terminators
Hash fe5db27d2eae551ca45d872688cc2bcb
5a99184fde35329d754349c64a45bb5ba64b4252
1f7af0b538726086e9bb5ce0c8fd64ca0a7baab3e6ae4d725979abf1014f48d9
GET /tiles?partner=internal_tiles&v=1.3&sub1=10058&sub2=email&results=10&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F71.0.3578.80%20Safari%2F537.36&BOC=1662968606700&callback=admtilecallback HTTP/1.1
Host: internal_tiles.tiles.ampfeed.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://search.hemailaccessonline.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
server: akka-http/10.0.0
content-type: application/json
content-encoding: gzip
content-length: 46
x-country-check: NO, NO, NO
x-ip-check: 62.97.221.66, 127.0.0.1, 95.101.142.206, 91.90.42.154, 127.0.0.1, 91.90.42.154
date: Mon, 12 Sep 2022 07:43:38 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2
internal_banner.tiles.ampfeed.com/tiles?partner=internal_banner&v=1.3&sub1=10055&sub2=email&results=10&BOC=1662968606700&callback=amp_fn
95.100.15.228200 OK 20 B URL HTTP/2 internal_banner.tiles.ampfeed.com/tiles?partner=internal_banner&v=1.3&sub1=10055&sub2=email&results=10&BOC=1662968606700&callback=amp_fn
IP 95.100.15.228:0
File type ASCII text, with no line terminators
Hash 7f3ddf32c69b12d8da247ab32bcf7c0a
e0d8baa7114b5126d38cf731ad44527af3467280
f1a514c273a93178f053ad889969bb58d6d5c44e913cbf3abbbbb667b4acda48
GET /tiles?partner=internal_banner&v=1.3&sub1=10055&sub2=email&results=10&BOC=1662968606700&callback=amp_fn HTTP/1.1
Host: internal_banner.tiles.ampfeed.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://search.hemailaccessonline.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
server: akka-http/10.0.0
content-type: application/json
content-length: 20
x-country-check: NO, NO
x-ip-check: 62.97.221.66, 127.0.0.1, 91.90.42.154
date: Mon, 12 Sep 2022 07:43:38 GMT
X-Firefox-Spdy: h2
api.openweathermap.org/data/2.5/forecast?appid=beac7c40c6ebee3f7f54a7a3544c9986&zip=10001&type=accurate&units=imperial
37.139.1.159200 OK 16 kB URL HTTP/1.1 api.openweathermap.org/data/2.5/forecast?appid=beac7c40c6ebee3f7f54a7a3544c9986&zip=10001&type=accurate&units=imperial
IP 37.139.1.159:0
ASN #14061 DIGITALOCEAN-ASN
File type JSON data\012- , ASCII text, with very long lines (15943), with no line terminators
Hash 4d4da456dd0b313c31b65d0d01863a67
27b2c0833f0ae5ab89398ccd9c9512445d862e21
054f82866666ddc179954709f2f0fc00cc8bc632a2a052dc1a6b0419d86fe766
GET /data/2.5/forecast?appid=beac7c40c6ebee3f7f54a7a3544c9986&zip=10001&type=accurate&units=imperial HTTP/1.1
Host: api.openweathermap.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://search.hemailaccessonline.com/
Origin: https://search.hemailaccessonline.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: openresty
Date: Mon, 12 Sep 2022 07:43:38 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 15943
Connection: keep-alive
X-Cache-Key: /data/2.5/forecast?type=accurate&units=imperial&zip=10001
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST
imp.onesearch.org/impression.do?event=ex_ql_impression&user_id=20f49abe-5c6b-4f10-9995-d4cb416cc81b&source=googledisplay-googledisplay-v3-bb8&traffic_source=appfocus1&subid=20180201&implementation_id=email_&page=mailbird::thenewscorner_email::thenewscorner::myemailsimplified::nationalweatheragency::early_chirp&referrer=&offer_id=~app@EmailAccessOnline
44.199.122.180503 Service Unavailable 2.4 kB URL HTTP/2 imp.onesearch.org/impression.do?event=ex_ql_impression&user_id=20f49abe-5c6b-4f10-9995-d4cb416cc81b&source=googledisplay-googledisplay-v3-bb8&traffic_source=appfocus1&subid=20180201&implementation_id=email_&page=mailbird::thenewscorner_email::thenewscorner::myemailsimplified::nationalweatheragency::early_chirp&referrer=&offer_id=~app@EmailAccessOnline
IP 44.199.122.180:0
Hash 7230e5d324df412f749928015fe91f80
7d2173038e348734a68616a11eab0cd24ad91fbf
56aeb73681bef1229c760f8cb662cda78092feb183de3bf4d0bab606383993b4
GET /impression.do?event=ex_ql_impression&user_id=20f49abe-5c6b-4f10-9995-d4cb416cc81b&source=googledisplay-googledisplay-v3-bb8&traffic_source=appfocus1&subid=20180201&implementation_id=email_&page=mailbird::thenewscorner_email::thenewscorner::myemailsimplified::nationalweatheragency::early_chirp&referrer=&offer_id=~app@EmailAccessOnline HTTP/1.1
Host: imp.onesearch.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://search.hemailaccessonline.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 503 Service Unavailable
server: awselb/2.0
date: Mon, 12 Sep 2022 07:43:38 GMT
content-type: text/html
content-length: 162
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash 25982a9fca9acf25f3e046902afa79bd
e200e2ae84a4ba5e0a8b39bfdb645bb19329edf9
e9d5cc718381149ef6199b597f9dc58c74b40ddf6ff06993cf15796d1ba24b50
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Mon, 12 Sep 2022 07:43:38 GMT
Last-Modified: Mon, 12 Sep 2022 07:21:21 GMT
Server: ECS (nyb/1D2D)
X-Cache: Miss from cloudfront
Via: 1.1 50584ad285d5f627ddebae74efdd0770.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: j3fgWbURPOC9sFclWde17YIH0cJrQTRbdJ4lVJJ4VH1mNZtev3Tyqw==
Age: 1338
api.openweathermap.org/data/2.5/forecast/daily?appid=beac7c40c6ebee3f7f54a7a3544c9986&zip=10001&type=accurate&units=imperial
37.139.1.159200 OK 20 kB URL HTTP/1.1 api.openweathermap.org/data/2.5/forecast/daily?appid=beac7c40c6ebee3f7f54a7a3544c9986&zip=10001&type=accurate&units=imperial
IP 37.139.1.159:0
ASN #14061 DIGITALOCEAN-ASN
Hash 193eb05857fd7889c6e933293508efac
49c7524f68b87dd7d04bb654a3a59b8e9b22d7b7
c3a08f801c7740e739247ec6aea3c8c593f8b93205a2302ee9c0a00172f8589a
GET /data/2.5/forecast/daily?appid=beac7c40c6ebee3f7f54a7a3544c9986&zip=10001&type=accurate&units=imperial HTTP/1.1
Host: api.openweathermap.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://search.hemailaccessonline.com/
Origin: https://search.hemailaccessonline.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: openresty
Date: Mon, 12 Sep 2022 07:43:38 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 2831
Connection: keep-alive
X-Cache-Key: /data/2.5/forecast/daily?type=accurate&units=imperial&zip=10001
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST
dailyfeature.net/dailyfeature/df?url=hemailaccessonline.com&uc=20180201&cid=app@EmailAccessOnline&purpose=hp&type=internal
35.172.80.40200 OK 762 B URL HTTP/1.1 dailyfeature.net/dailyfeature/df?url=hemailaccessonline.com&uc=20180201&cid=app@EmailAccessOnline&purpose=hp&type=internal
IP 35.172.80.40:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 8f68804537c2dcb9988b03a653b98734
d4436a57419875640ead645636ab441e57018510
1af23ef038688fb00a3c8de3c8b063175b22948139a99f20dabb7058a87e28f9
GET /dailyfeature/df?url=hemailaccessonline.com&uc=20180201&cid=app@EmailAccessOnline&purpose=hp&type=internal HTTP/1.1
Host: dailyfeature.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://search.hemailaccessonline.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Allow-Origin: *
Cache-Control: private
Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
Date: Mon, 12 Sep 2022 07:43:35 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Content-Length: 762
Connection: keep-alive
dap2y8k6nefku.cloudfront.net/quicklinkicons/early_chirp.png
143.204.42.62200 OK 11 kB URL HTTP/2 dap2y8k6nefku.cloudfront.net/quicklinkicons/early_chirp.png
IP 143.204.42.62:0
File type PNG image data, 361 x 361, 8-bit/color RGB, non-interlaced\012- data
Hash 2d9855aaf48a48f9ed6f205c93ea73ff
109080dd51f9466fcc19a872f8db84fa93848de9
39fd4d8ea8a16bccf296cd5aed492305fab38e4d5d42d99a9c897111ed3d66ef
GET /quicklinkicons/early_chirp.png HTTP/1.1
Host: dap2y8k6nefku.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://search.hemailaccessonline.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/png
content-length: 10871
last-modified: Thu, 21 Jul 2022 21:16:06 GMT
accept-ranges: bytes
server: AmazonS3
date: Mon, 12 Sep 2022 04:42:09 GMT
etag: "2d9855aaf48a48f9ed6f205c93ea73ff"
x-cache: Hit from cloudfront
via: 1.1 f46f7100ad6fc83a021f62212f945830.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: YdfgJv4S6o_Ibv2XaD_4jKImpyPCdtszvJ8jyrsDzMFjQvA3b8_o1A==
age: 13311
X-Firefox-Spdy: h2
dap2y8k6nefku.cloudfront.net/js/term_mappings.json
143.204.42.62200 OK 163 kB URL HTTP/2 dap2y8k6nefku.cloudfront.net/js/term_mappings.json
IP 143.204.42.62:0
File type JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Size 163 kB (163302 bytes)
Hash ad5616114dc91d3881715e52566797b3
312f6d64483c845bafcf351900fc693edede7844
ac1495485cd9445d294d444b352b4c109f5f0e341e92e6451b0853a6759e5948
GET /js/term_mappings.json HTTP/1.1
Host: dap2y8k6nefku.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://search.hemailaccessonline.com/
Origin: https://search.hemailaccessonline.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 163302
access-control-allow-origin: *
access-control-allow-methods: GET
last-modified: Fri, 30 Apr 2021 12:58:49 GMT
accept-ranges: bytes
server: AmazonS3
date: Mon, 12 Sep 2022 07:32:44 GMT
etag: "ad5616114dc91d3881715e52566797b3"
x-cache: Hit from cloudfront
via: 1.1 80d21802b1b80c40e55ccf83433b8eac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 7qRnj87GoDKFQOPpuAvxNnksDrQIL4Ijr6za5P39Mo8VLyqSbekAJg==
age: 16413
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 0c52f00dc203483501330b93da8673ea
bb58935fa272c810572d3290a9835e1390a8ef35
4cbe66c98fdaa1bdce29769a8dda769b7b46e14a8bdab5c61bba9e171ec925f3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5783
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 07:43:38 GMT
Last-Modified: Mon, 12 Sep 2022 06:07:15 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 471
dap2y8k6nefku.cloudfront.net/quicklinkicons/thenewscorner_email.png
143.204.42.62200 OK 2.4 kB URL HTTP/2 dap2y8k6nefku.cloudfront.net/quicklinkicons/thenewscorner_email.png
IP 143.204.42.62:0
File type PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced\012- data
Hash d45e5aed6673a9f169e1cdc7549b3885
106615391a16233cedd4139113908956b96e9a0e
22f1e2680c093309a7e954fe94e702dd12e36d4f89ee5d62e9e9a838cf5ec318
GET /quicklinkicons/thenewscorner_email.png HTTP/1.1
Host: dap2y8k6nefku.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://search.hemailaccessonline.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/png
content-length: 2439
last-modified: Thu, 30 Jul 2020 15:10:49 GMT
accept-ranges: bytes
server: AmazonS3
date: Mon, 12 Sep 2022 07:43:38 GMT
etag: "d45e5aed6673a9f169e1cdc7549b3885"
x-cache: Hit from cloudfront
via: 1.1 f46f7100ad6fc83a021f62212f945830.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: pZnZUcepF5LIUm4D8DdwHDb1PnJtjHRvRC32pdAP0jNl1AwGtB_KSg==
age: 11021
X-Firefox-Spdy: h2
dap2y8k6nefku.cloudfront.net/quicklinkicons/mailbird.png
143.204.42.62200 OK 6.5 kB URL HTTP/2 dap2y8k6nefku.cloudfront.net/quicklinkicons/mailbird.png
IP 143.204.42.62:0
Hash 5892b7ceac470516dce8e3bc77003fd3
b8c8cad842db9518aa7b5633c2dfb3be88db89da
89d6390f76594d68c4d1014deb3e209fd434ae157b820cc7bf092c6ece9b073e
GET /quicklinkicons/mailbird.png HTTP/1.1
Host: dap2y8k6nefku.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://search.hemailaccessonline.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/png
content-length: 4311
last-modified: Fri, 21 Aug 2020 14:24:20 GMT
accept-ranges: bytes
server: AmazonS3
date: Mon, 12 Sep 2022 07:43:38 GMT
etag: "97f8c087f80e2216d6ba0de1f84f4f70"
x-cache: Hit from cloudfront
via: 1.1 f46f7100ad6fc83a021f62212f945830.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 3SpJV5hkQUKE94zWlY0CnnPVy7abhFKJig1EDJWvlKOqlZulfVneeA==
age: 9902
X-Firefox-Spdy: h2
dap2y8k6nefku.cloudfront.net/quicklinkicons/thenewscorner.png
143.204.42.62200 OK 3.1 kB URL HTTP/2 dap2y8k6nefku.cloudfront.net/quicklinkicons/thenewscorner.png
IP 143.204.42.62:0
File type PNG image data, 48 x 48, 8-bit colormap, non-interlaced\012- data
Hash 416b547a3c3b19e4134a37ae8a342de0
5705cd329e66ecbb653db6d2d5d25bcc140b3500
f42b91449be9d0d6938f501cc4e108f5d57e69849a178ce8a8c15d1beb99d476
GET /quicklinkicons/thenewscorner.png HTTP/1.1
Host: dap2y8k6nefku.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://search.hemailaccessonline.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/png
content-length: 3058
last-modified: Tue, 11 Aug 2020 13:35:43 GMT
accept-ranges: bytes
server: AmazonS3
date: Mon, 12 Sep 2022 07:43:38 GMT
etag: "416b547a3c3b19e4134a37ae8a342de0"
x-cache: Hit from cloudfront
via: 1.1 f46f7100ad6fc83a021f62212f945830.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: dYlHE9nTBSigCYjdagsXK88ej0sugf7hjZJZSKkeXFIgkkHeLe2lcg==
age: 11021
X-Firefox-Spdy: h2
d3ff8olul1r3ot.cloudfront.net/email.png
54.230.245.94200 OK 24 kB URL HTTP/2 d3ff8olul1r3ot.cloudfront.net/email.png
IP 54.230.245.94:0
Hash 468876dc8cfce9e9783e4cd19b69e92a
a6a40f0376773e832ab5ca9bce2a0ae3ee7ecc8a
7a1f74111e73f50c45d51369f604976fdd2785a69021eb49e35f20d3beea7dd3
GET /email.png HTTP/1.1
Host: d3ff8olul1r3ot.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://search.hemailaccessonline.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/png
content-length: 22346
last-modified: Thu, 05 Apr 2018 19:17:35 GMT
accept-ranges: bytes
server: AmazonS3
date: Mon, 12 Sep 2022 04:15:50 GMT
etag: "bc1358a45bd24711cb0f3829f3a82de9"
x-cache: Hit from cloudfront
via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: sxE4yWoBZRKU4UYjXZ-7aMEbREOzZY0ISgVZq7AQFIREp751tSY7VQ==
age: 12469
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash 56f5d7f608e25d64207135f045f988cb
901eb59372ae330ae85e1384da93479b21ae1082
1910daea79e5a9d04829a91e432dfa56f45a80a3e14a8cf667fec73af9fd3d29
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://search.hemailaccessonline.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20006
date: Mon, 12 Sep 2022 06:41:12 GMT
expires: Mon, 12 Sep 2022 08:41:12 GMT
cache-control: public, max-age=7200
age: 3746
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
search.hemailaccessonline.com/favicon.ico
34.201.176.68200 OK 112 kB URL HTTP/2 search.hemailaccessonline.com/favicon.ico
IP 34.201.176.68:0
File type MS Windows icon resource - 6 icons, 16x16, 32 bits/pixel, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel\012- data
Size 112 kB (112173 bytes)
Hash 504432c83a7a355782213f5aa620b13f
faba34469d9f116310c066caf098ecf9441147f1
df4276e18285a076a1a8060047fbb08e1066db2b9180863ec14a055a0c8e33f1
GET /favicon.ico HTTP/1.1
Host: search.hemailaccessonline.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://search.hemailaccessonline.com/?source=googledisplay-googledisplay-v3-bb8&uid=20f49abe-5c6b-4f10-9995-d4cb416cc81b&uc=20180201&ap=appfocus1&i_id=email__1.30
Cookie: user_id=20f49abe-5c6b-4f10-9995-d4cb416cc81b; nts=t; _gcl_au=1.1.867782158.1662968607
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 12 Sep 2022 07:43:38 GMT
content-type: image/x-icon
content-length: 112173
last-modified: Wed, 25 Aug 2021 21:17:06 GMT
accept-ranges: bytes
etag: "342c678ef699d71:0"
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
x-content-type-options: nosniff
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 45b55c678e2944a30a6d8160bb6e4a94
a1ac0c9681902e7d64e49bd9e146820ce2c60f4f
5a89db56a9b47aa3e426799671db9b25a42d7dd7d6881c66eca7ed37facf6bd9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 07:43:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
connect.facebook.net/en_US/fbevents.js
157.240.200.14200 OK 27 kB URL HTTP/2 connect.facebook.net/en_US/fbevents.js
IP 157.240.200.14:0
File type ASCII text, with very long lines (64348)
Hash 8e7e24fb3539746aa8b869558f589615
d8086d86bbd5cfacc3b6a5ef14aa917830e137dd
7304497ee417a664bdea67d7307ca36a36013556b927c3ea5bca6c04b66236ef
GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://search.hemailaccessonline.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: 1Yv6yfFeI86EgdSu9Wk2ZSg0i8nnL38bb/v8JabA/+IsUGYKG8gL3/WSNppCnw9kpesmMar9CCu+DofT3Kkgog==
content-length: 26737
x-fb-trip-id: 1679558926
date: Mon, 12 Sep 2022 07:43:38 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
imp.onesearch.org/impression.do?event=push_modal_shown&page=search.hemailaccessonline.com&source=googledisplay-googledisplay-v3-bb8&subid=20180201&i_id=email_
44.199.122.180503 Service Unavailable 162 B URL HTTP/2 imp.onesearch.org/impression.do?event=push_modal_shown&page=search.hemailaccessonline.com&source=googledisplay-googledisplay-v3-bb8&subid=20180201&i_id=email_
IP 44.199.122.180:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 81df4d3863debf3eceb5cf84251fd472
4ba7843a4cc062123f5f4caacbb9a3fa7d381eac
258c66556e2e065b0d04f6ae39a98fcf182e3e584cd0b7bdb20d0a395796347b
GET /impression.do?event=push_modal_shown&page=search.hemailaccessonline.com&source=googledisplay-googledisplay-v3-bb8&subid=20180201&i_id=email_ HTTP/1.1
Host: imp.onesearch.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://search.hemailaccessonline.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 503 Service Unavailable
server: awselb/2.0
date: Mon, 12 Sep 2022 07:43:38 GMT
content-type: text/html
content-length: 162
X-Firefox-Spdy: h2
www.google.com/pagead/conversion_async.js
142.250.74.164200 OK 16 kB URL HTTP/2 www.google.com/pagead/conversion_async.js
IP 142.250.74.164:0
Hash 405d8da28929714961107ded2d9c9299
9e48d04b847c4e0bbe248e1b65130b959eb0d8a2
76b4638efef7586e1a96a298867bfda3eae1177820e964b2a2c252d799353332
GET /pagead/conversion_async.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://search.hemailaccessonline.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Mon, 12 Sep 2022 07:43:38 GMT
expires: Mon, 12 Sep 2022 07:43:38 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 15579141248118922429
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 15687
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 0c52f00dc203483501330b93da8673ea
bb58935fa272c810572d3290a9835e1390a8ef35
4cbe66c98fdaa1bdce29769a8dda769b7b46e14a8bdab5c61bba9e171ec925f3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5783
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 07:43:38 GMT
Last-Modified: Mon, 12 Sep 2022 06:07:15 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 471
openweathermap.org/img/wn/50n@2x.png
138.201.197.100200 OK 650 B URL HTTP/1.1 openweathermap.org/img/wn/50n@2x.png
IP 138.201.197.100:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced\012- data
Hash cafa1ee1c50faccf5ea980cd083b07cf
7e2394484df258e1c2e95a3ae8fd9ba6113998f3
f962e7602c0b5b0949d3f46524223dea2290503eee3964b81c7a6335d208fc7d
GET /img/wn/50n@2x.png HTTP/1.1
Host: openweathermap.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://search.hemailaccessonline.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: openresty/1.9.7.1
Date: Mon, 12 Sep 2022 07:43:38 GMT
Content-Type: image/png
Content-Length: 650
Last-Modified: Mon, 24 Jun 2019 13:32:32 GMT
Connection: keep-alive
ETag: "5d10d0f0-28a"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET
Access-Control-Allow-Headers: origin, content-type, accept
Expires: Mon, 19 Sep 2022 07:43:38 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes
openweathermap.org/img/wn/10d@2x.png
138.201.197.100200 OK 2.6 kB URL HTTP/1.1 openweathermap.org/img/wn/10d@2x.png
IP 138.201.197.100:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced\012- data
Hash 7efb7efb9dfabda61d89d29187508b6f
45578ae531f6dba58efc6037696727b687425079
649bddef1d5b18d1ad2a9bcc9394f9a21c06617a5a1530f6c258ed75d2de5ede
GET /img/wn/10d@2x.png HTTP/1.1
Host: openweathermap.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://search.hemailaccessonline.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: openresty/1.9.7.1
Date: Mon, 12 Sep 2022 07:43:38 GMT
Content-Type: image/png
Content-Length: 2584
Last-Modified: Mon, 24 Jun 2019 13:32:32 GMT
Connection: keep-alive
ETag: "5d10d0f0-a18"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET
Access-Control-Allow-Headers: origin, content-type, accept
Expires: Mon, 19 Sep 2022 07:43:38 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes
openweathermap.org/img/wn/10n@2x.png
138.201.197.100200 OK 4.8 kB URL HTTP/1.1 openweathermap.org/img/wn/10n@2x.png
IP 138.201.197.100:0
ASN #24940 Hetzner Online GmbH
Hash b83c8d49bbb89768feb982f5b832ca98
f2c96c967b2bc5f784bfa0406b4c32e4195000d2
7ea296b001bd334a65affa238fcc8ab7e66255dc45f29b729657b90fd68d0e76
GET /img/wn/10n@2x.png HTTP/1.1
Host: openweathermap.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://search.hemailaccessonline.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: openresty/1.9.7.1
Date: Mon, 12 Sep 2022 07:43:39 GMT
Content-Type: image/png
Content-Length: 2584
Last-Modified: Mon, 24 Jun 2019 13:32:32 GMT
Connection: keep-alive
ETag: "5d10d0f0-a18"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET
Access-Control-Allow-Headers: origin, content-type, accept
Expires: Mon, 19 Sep 2022 07:43:39 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes
openweathermap.org/img/wn/01d@2x.png
138.201.197.100200 OK 948 B URL HTTP/1.1 openweathermap.org/img/wn/01d@2x.png
IP 138.201.197.100:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced\012- data
Hash 05e38c599f10a0306d7014d43ada886d
7591e549db3bc54f959c0d431fb3374135dd1a30
4d97d68ba45f75d6f63fea2575659c8d48ae087894f58adce61cab400845dba2
GET /img/wn/01d@2x.png HTTP/1.1
Host: openweathermap.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://search.hemailaccessonline.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: openresty/1.9.7.1
Date: Mon, 12 Sep 2022 07:43:39 GMT
Content-Type: image/png
Content-Length: 948
Last-Modified: Mon, 24 Jun 2019 13:32:32 GMT
Connection: keep-alive
ETag: "5d10d0f0-3b4"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET
Access-Control-Allow-Headers: origin, content-type, accept
Expires: Mon, 19 Sep 2022 07:43:39 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 437c7ccd2c357dd83d6b9a5118d4b402
e0002389b286a960b454a92aeb3d1a1e08317ff2
9a5b3bdb7765ea21d7147a0c8022198a1be6c8256fa594b53732cf59e86532b9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 07:43:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
openweathermap.org/img/wn/03d@2x.png
138.201.197.100200 OK 837 B URL HTTP/1.1 openweathermap.org/img/wn/03d@2x.png
IP 138.201.197.100:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced\012- data
Hash d3c430e1aa80cf67b11cf4d8d451eefb
3253f5b16fd282e1b36645b9c89644f05fb8ac91
d67ed35d7dbf10d139bf85b2632fffaaa2e338177d56f0240bce6d3a401ba9f0
GET /img/wn/03d@2x.png HTTP/1.1
Host: openweathermap.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://search.hemailaccessonline.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: openresty/1.9.7.1
Date: Mon, 12 Sep 2022 07:43:39 GMT
Content-Type: image/png
Content-Length: 837
Last-Modified: Mon, 24 Jun 2019 13:32:32 GMT
Connection: keep-alive
ETag: "5d10d0f0-345"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET
Access-Control-Allow-Headers: origin, content-type, accept
Expires: Mon, 19 Sep 2022 07:43:39 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes
openweathermap.org/img/wn/04d@2x.png
138.201.197.100200 OK 1.9 kB URL HTTP/1.1 openweathermap.org/img/wn/04d@2x.png
IP 138.201.197.100:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced\012- data
Hash 1f2aafb2dc3b9d387d58567acfe3ffa5
76bfa452fe904c4acdd0f6563614d5051ee5f142
5b93d1d05564bfdedf759cd96adff916da7b9af18fb30064f5a99a5270d599f0
GET /img/wn/04d@2x.png HTTP/1.1
Host: openweathermap.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://search.hemailaccessonline.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: openresty/1.9.7.1
Date: Mon, 12 Sep 2022 07:43:39 GMT
Content-Type: image/png
Content-Length: 1869
Last-Modified: Mon, 24 Jun 2019 13:32:32 GMT
Connection: keep-alive
ETag: "5d10d0f0-74d"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET
Access-Control-Allow-Headers: origin, content-type, accept
Expires: Mon, 19 Sep 2022 07:43:39 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes
openweathermap.org/img/wn/02d@2x.png
138.201.197.100200 OK 1.6 kB URL HTTP/1.1 openweathermap.org/img/wn/02d@2x.png
IP 138.201.197.100:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced\012- data
Hash 17bcfb29f0a3780aa2483cf25b73995d
b8e5a4ca593984c1755a8ca81f614b019a4cc570
7b1e76d8ec4dccd369491186ce1ec49ac0598bf30e158fb52244174ce30b2f72
GET /img/wn/02d@2x.png HTTP/1.1
Host: openweathermap.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://search.hemailaccessonline.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: openresty/1.9.7.1
Date: Mon, 12 Sep 2022 07:43:39 GMT
Content-Type: image/png
Content-Length: 1628
Last-Modified: Mon, 24 Jun 2019 13:32:32 GMT
Connection: keep-alive
ETag: "5d10d0f0-65c"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET
Access-Control-Allow-Headers: origin, content-type, accept
Expires: Mon, 19 Sep 2022 07:43:39 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 324364e9311c1f7cb5e4068f3d947d5d
ddb00dc97404cee267838983ce8bb4ae48d6647a
d6cc296b22c48f9e7bb3a905dd9e899441ae7c29faec4a62e71628e1f23d61a2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 07:43:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 2.7 kB IP 142.250.74.3:0
Hash 9f1b097339bf6e3875f17c2d1b4b1fa7
70c84fb97fffe348f7fba787f75d539906a42be7
8d8886b09e353e12754d9c365c39480d7ddd4b09c34ffaf00d0fa15adaeae19d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 07:43:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
googleads.g.doubleclick.net/pagead/viewthroughconversion/713545727/?random=1662968607293&cv=9&fst=1662968607293&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa970&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fsearch.hemailaccessonline.com%2F%3Fsource%3Dgoogledisplay-googledisplay-v3-bb8%26uid%3D20f49abe-5c6b-4f10-9995-d4cb416cc81b%26uc%3D20180201%26ap%3Dappfocus1%26i_id%3Demail__1.30&tiba=Email%20Access%20Online&auid=867782158.1662968607&hn=www.google.com&async=1&rfmt=3&fmt=4
216.58.211.2200 OK 1.1 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/713545727/?random=1662968607293&cv=9&fst=1662968607293&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa970&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fsearch.hemailaccessonline.com%2F%3Fsource%3Dgoogledisplay-googledisplay-v3-bb8%26uid%3D20f49abe-5c6b-4f10-9995-d4cb416cc81b%26uc%3D20180201%26ap%3Dappfocus1%26i_id%3Demail__1.30&tiba=Email%20Access%20Online&auid=867782158.1662968607&hn=www.google.com&async=1&rfmt=3&fmt=4
IP 216.58.211.2:0
File type ASCII text, with very long lines (2558), with no line terminators
Hash 374aead77c8ccd4e8bd7a64f84ae3c2c
9b25990232038c00a64e4847fc9db4a005e6a018
460d2a605ad1472ebf4beef96811331b31e74134a429981e097e49c188f9d28f
GET /pagead/viewthroughconversion/713545727/?random=1662968607293&cv=9&fst=1662968607293&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa970&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fsearch.hemailaccessonline.com%2F%3Fsource%3Dgoogledisplay-googledisplay-v3-bb8%26uid%3D20f49abe-5c6b-4f10-9995-d4cb416cc81b%26uc%3D20180201%26ap%3Dappfocus1%26i_id%3Demail__1.30&tiba=Email%20Access%20Online&auid=867782158.1662968607&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://search.hemailaccessonline.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 12 Sep 2022 07:43:39 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1124
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Mon, 12-Sep-2022 07:58:39 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/713545727/?random=1662968607295&cv=9&fst=1662968607295&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa970&sendb=1&ig=0&data=event%3DHomepageView%3Bevent_category%3Demail_%3Bevent_label%3DFirefox%2096.0.0.0&frm=0&url=https%3A%2F%2Fsearch.hemailaccessonline.com%2F%3Fsource%3Dgoogledisplay-googledisplay-v3-bb8%26uid%3D20f49abe-5c6b-4f10-9995-d4cb416cc81b%26uc%3D20180201%26ap%3Dappfocus1%26i_id%3Demail__1.30&tiba=Email%20Access%20Online&auid=867782158.1662968607&hn=www.google.com&async=1&rfmt=3&fmt=4
216.58.211.2200 OK 1.2 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/713545727/?random=1662968607295&cv=9&fst=1662968607295&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa970&sendb=1&ig=0&data=event%3DHomepageView%3Bevent_category%3Demail_%3Bevent_label%3DFirefox%2096.0.0.0&frm=0&url=https%3A%2F%2Fsearch.hemailaccessonline.com%2F%3Fsource%3Dgoogledisplay-googledisplay-v3-bb8%26uid%3D20f49abe-5c6b-4f10-9995-d4cb416cc81b%26uc%3D20180201%26ap%3Dappfocus1%26i_id%3Demail__1.30&tiba=Email%20Access%20Online&auid=867782158.1662968607&hn=www.google.com&async=1&rfmt=3&fmt=4
IP 216.58.211.2:0
File type ASCII text, with very long lines (2684), with no line terminators
Hash 5fcd5d7f5eef9a8c5011dc403fbd2d8d
3340f91bc29f957a50be7729d156d1b6fa3a8024
f5077604bf302b8dff5262bbb003eb5c1d5cb325d741d69089472575828ce4ef
GET /pagead/viewthroughconversion/713545727/?random=1662968607295&cv=9&fst=1662968607295&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa970&sendb=1&ig=0&data=event%3DHomepageView%3Bevent_category%3Demail_%3Bevent_label%3DFirefox%2096.0.0.0&frm=0&url=https%3A%2F%2Fsearch.hemailaccessonline.com%2F%3Fsource%3Dgoogledisplay-googledisplay-v3-bb8%26uid%3D20f49abe-5c6b-4f10-9995-d4cb416cc81b%26uc%3D20180201%26ap%3Dappfocus1%26i_id%3Demail__1.30&tiba=Email%20Access%20Online&auid=867782158.1662968607&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://search.hemailaccessonline.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 12 Sep 2022 07:43:39 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1159
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Mon, 12-Sep-2022 07:58:39 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 324364e9311c1f7cb5e4068f3d947d5d
ddb00dc97404cee267838983ce8bb4ae48d6647a
d6cc296b22c48f9e7bb3a905dd9e899441ae7c29faec4a62e71628e1f23d61a2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 07:43:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 1.8 kB IP 142.250.74.3:0
Hash 7826478b523eb925025b33a2baefb556
b712516e2f384d9b065e064b92fe604d0e5265a1
48bfeea098c19285bbc565b381a43e8a0f096fff61636653b4744f0783f9371a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 07:43:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash cc16b956392846e1100a913453575c87
09e81e2f60ab04ca565b73ed9060380a2229cf30
3a3eecb77d71c4f1c3d706f33f33e8df527b3653906d0086089c2e5b45fd25e9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 07:43:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/pagead/1p-user-list/713545727/?random=1662968607295&cv=9&fst=1662966000000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa970&sendb=1&data=event%3DHomepageView%3Bevent_category%3Demail_%3Bevent_label%3DFirefox%2096.0.0.0&frm=0&url=https%3A%2F%2Fsearch.hemailaccessonline.com%2F%3Fsource%3Dgoogledisplay-googledisplay-v3-bb8%26uid%3D20f49abe-5c6b-4f10-9995-d4cb416cc81b%26uc%3D20180201%26ap%3Dappfocus1%26i_id%3Demail__1.30&tiba=Email%20Access%20Online&async=1&fmt=3&is_vtc=1&random=1353659966&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/713545727/?random=1662968607295&cv=9&fst=1662966000000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa970&sendb=1&data=event%3DHomepageView%3Bevent_category%3Demail_%3Bevent_label%3DFirefox%2096.0.0.0&frm=0&url=https%3A%2F%2Fsearch.hemailaccessonline.com%2F%3Fsource%3Dgoogledisplay-googledisplay-v3-bb8%26uid%3D20f49abe-5c6b-4f10-9995-d4cb416cc81b%26uc%3D20180201%26ap%3Dappfocus1%26i_id%3Demail__1.30&tiba=Email%20Access%20Online&async=1&fmt=3&is_vtc=1&random=1353659966&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/713545727/?random=1662968607295&cv=9&fst=1662966000000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa970&sendb=1&data=event%3DHomepageView%3Bevent_category%3Demail_%3Bevent_label%3DFirefox%2096.0.0.0&frm=0&url=https%3A%2F%2Fsearch.hemailaccessonline.com%2F%3Fsource%3Dgoogledisplay-googledisplay-v3-bb8%26uid%3D20f49abe-5c6b-4f10-9995-d4cb416cc81b%26uc%3D20180201%26ap%3Dappfocus1%26i_id%3Demail__1.30&tiba=Email%20Access%20Online&async=1&fmt=3&is_vtc=1&random=1353659966&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://search.hemailaccessonline.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 12 Sep 2022 07:43:39 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/pagead/1p-user-list/713545727/?random=1662968607293&cv=9&fst=1662966000000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa970&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fsearch.hemailaccessonline.com%2F%3Fsource%3Dgoogledisplay-googledisplay-v3-bb8%26uid%3D20f49abe-5c6b-4f10-9995-d4cb416cc81b%26uc%3D20180201%26ap%3Dappfocus1%26i_id%3Demail__1.30&tiba=Email%20Access%20Online&async=1&fmt=3&is_vtc=1&random=635142354&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
142.250.74.3200 OK 6.6 kB URL HTTP/2 www.google.no/pagead/1p-user-list/713545727/?random=1662968607293&cv=9&fst=1662966000000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa970&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fsearch.hemailaccessonline.com%2F%3Fsource%3Dgoogledisplay-googledisplay-v3-bb8%26uid%3D20f49abe-5c6b-4f10-9995-d4cb416cc81b%26uc%3D20180201%26ap%3Dappfocus1%26i_id%3Demail__1.30&tiba=Email%20Access%20Online&async=1&fmt=3&is_vtc=1&random=635142354&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP 142.250.74.3:0
Hash 1650c80964d7e87c91396359a1bc4aa7
7f49844d8e63f63a7b90b0760eed4c254f7637cb
1292d2028af79eef3802a66f8ebe5e59ecb699d5ed324c9b4e6e8448d8222b1a
GET /pagead/1p-user-list/713545727/?random=1662968607293&cv=9&fst=1662966000000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa970&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fsearch.hemailaccessonline.com%2F%3Fsource%3Dgoogledisplay-googledisplay-v3-bb8%26uid%3D20f49abe-5c6b-4f10-9995-d4cb416cc81b%26uc%3D20180201%26ap%3Dappfocus1%26i_id%3Demail__1.30&tiba=Email%20Access%20Online&async=1&fmt=3&is_vtc=1&random=635142354&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://search.hemailaccessonline.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 12 Sep 2022 07:43:39 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-178002442-1&cid=1612197765.1662968607&jid=1790356417&gjid=1377311919&_gid=601503041.1662968607&_u=YEBAAUAAAAAAAC~&z=150845898
142.251.1.154200 OK 2.2 kB URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-178002442-1&cid=1612197765.1662968607&jid=1790356417&gjid=1377311919&_gid=601503041.1662968607&_u=YEBAAUAAAAAAAC~&z=150845898
IP 142.251.1.154:0
Hash 80609182104cb81a660fe2507f92fe79
69b6d2cb6e26563ae3229d9696ac95ede4a28dde
799f8ef5bc15b3e640468490fba9f36c058e0ab04c719928afa9bebb269184a1
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-178002442-1&cid=1612197765.1662968607&jid=1790356417&gjid=1377311919&_gid=601503041.1662968607&_u=YEBAAUAAAAAAAC~&z=150845898 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://search.hemailaccessonline.com
Connection: keep-alive
Referer: https://search.hemailaccessonline.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://search.hemailaccessonline.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Mon, 12 Sep 2022 07:43:39 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-219278292-1&cid=1612197765.1662968607&jid=594705147&gjid=106381089&_gid=601503041.1662968607&_u=YEDAAUABAAAAAC~&z=1615360879
142.251.1.154200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-219278292-1&cid=1612197765.1662968607&jid=594705147&gjid=106381089&_gid=601503041.1662968607&_u=YEDAAUABAAAAAC~&z=1615360879
IP 142.251.1.154:0
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-219278292-1&cid=1612197765.1662968607&jid=594705147&gjid=106381089&_gid=601503041.1662968607&_u=YEDAAUABAAAAAC~&z=1615360879 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://search.hemailaccessonline.com
Connection: keep-alive
Referer: https://search.hemailaccessonline.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://search.hemailaccessonline.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Mon, 12 Sep 2022 07:43:39 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 2.7 kB IP 142.250.74.3:0
Hash 7fd93fbdd2a560e68d2de01472fb0e21
ece266864a062b141c659f389394e7a785952f40
347b32173910083590947fb90d0f186913c5d8f3a93ac51d1735e8f9bcfedf38
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 07:43:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.facebook.com/tr/?id=332720671379986&ev=PageView&dl=https%3A%2F%2Fsearch.hemailaccessonline.com%2F%3Fsource%3Dgoogledisplay-googledisplay-v3-bb8%26uid%3D20f49abe-5c6b-4f10-9995-d4cb416cc81b%26uc%3D20180201%26ap%3Dappfocus1%26i_id%3Demail__1.30&rl=&if=false&ts=1662968607758&sw=1280&sh=1024&v=2.9.79&r=stable&ec=0&o=30&fbp=fb.1.1662968607757.219492497&it=1662968607259&coo=false&rqm=GET
157.240.200.35200 OK 2.2 kB URL HTTP/2 www.facebook.com/tr/?id=332720671379986&ev=PageView&dl=https%3A%2F%2Fsearch.hemailaccessonline.com%2F%3Fsource%3Dgoogledisplay-googledisplay-v3-bb8%26uid%3D20f49abe-5c6b-4f10-9995-d4cb416cc81b%26uc%3D20180201%26ap%3Dappfocus1%26i_id%3Demail__1.30&rl=&if=false&ts=1662968607758&sw=1280&sh=1024&v=2.9.79&r=stable&ec=0&o=30&fbp=fb.1.1662968607757.219492497&it=1662968607259&coo=false&rqm=GET
IP 157.240.200.35:0
Hash 923c0bc9fe14571e06c0d772ba34c26c
5847f7044444494a17a917cc39cd0be60133fd1c
d1a50467973b885ac6d29534e6f29cc6f21872552beefe19b0e93b0d1d5a3153
GET /tr/?id=332720671379986&ev=PageView&dl=https%3A%2F%2Fsearch.hemailaccessonline.com%2F%3Fsource%3Dgoogledisplay-googledisplay-v3-bb8%26uid%3D20f49abe-5c6b-4f10-9995-d4cb416cc81b%26uc%3D20180201%26ap%3Dappfocus1%26i_id%3Demail__1.30&rl=&if=false&ts=1662968607758&sw=1280&sh=1024&v=2.9.79&r=stable&ec=0&o=30&fbp=fb.1.1662968607757.219492497&it=1662968607259&coo=false&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://search.hemailaccessonline.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/gif
date: Mon, 12 Sep 2022 07:43:39 GMT
expires: Mon, 12 Sep 2022 07:43:39 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
cache-control: no-cache, must-revalidate, max-age=0
set-cookie: fr=0CTiyxFX3lkQYs8TI..BjHuMr...1.0.BjHuMr.; expires=Sunday, 11-Dec-2022 07:43:39 GMT; path=/; domain=.facebook.com; HttpOnly; secure
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 44
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4739
Expires: Mon, 12 Sep 2022 09:02:38 GMT
Date: Mon, 12 Sep 2022 07:43:39 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 2.7 kB IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 29dd3dd94f0821559aea326029a44723
83a0ff917b84f50bcb5ed854fd2a26a73be840b9
3f10d66861374aa60fd6ed5921927b50988ce9d00ad6a104e562ba4bd709f911
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4739
Expires: Mon, 12 Sep 2022 09:02:38 GMT
Date: Mon, 12 Sep 2022 07:43:39 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4739
Expires: Mon, 12 Sep 2022 09:02:38 GMT
Date: Mon, 12 Sep 2022 07:43:39 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4739
Expires: Mon, 12 Sep 2022 09:02:38 GMT
Date: Mon, 12 Sep 2022 07:43:39 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5ba8d12f-23ff-4cd1-837d-b0b922013960.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5ba8d12f-23ff-4cd1-837d-b0b922013960.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1854d4caadc989a97ef1fe048c97e16e
5cb1d1b24f8fd8ed9367952df70cead8912b8451
664eeeed30d4d3dc5793c8af69f8bda92d1ad7e4f35e339e4d1e694d5d904fa2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5ba8d12f-23ff-4cd1-837d-b0b922013960.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10622
x-amzn-requestid: c7f857e3-7402-4d2e-8435-c8af6340aecc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YUIxLHCiIAMFqqQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631e54d4-5693b82c5a794bb10dbfdd45;Sampled=0
x-amzn-remapped-date: Sun, 11 Sep 2022 21:36:20 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: lhGJrfCWUsU0GsQmh_7QumF8DQY1-R3lWEuFrWD8NL6b8J1jaT0Q0g==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 02d90bf99fd6253b329a53c82f19e224.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Sep 2022 22:16:55 GMT
etag: "5cb1d1b24f8fd8ed9367952df70cead8912b8451"
content-type: image/jpeg
age: 34004
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c8c9e77-e1e7-4dac-8b40-0f1dc36c1c90.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c8c9e77-e1e7-4dac-8b40-0f1dc36c1c90.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a8ac7af52a032c012cd38652bb90be99
f3179f2d233c0422b31d723aea47d26ca851d946
4020cd554d8c1bdf5432d359a2079451a6bc328bd2f51fbb738f6a1d52ca7f21
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c8c9e77-e1e7-4dac-8b40-0f1dc36c1c90.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11309
x-amzn-requestid: 9c63b64e-0464-419a-9c9a-006107a7d79a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YUIx8HNaoAMFxkQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631e54d9-127311335960fcd84c8e8a01;Sampled=0
x-amzn-remapped-date: Sun, 11 Sep 2022 21:36:25 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: Air80GlBxX3Dew_9SfLnYGPG2dN3PHWSqP6GP38AfPm91qjNi5hxzg==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 ead78c395f4bede3ec6cd7ea180e3d3a.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Sep 2022 21:55:47 GMT
etag: "f3179f2d233c0422b31d723aea47d26ca851d946"
content-type: image/jpeg
age: 35272
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc3d8bcb1-416c-44eb-ac9e-6196bed61280.jpeg
34.120.237.76200 OK 8.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc3d8bcb1-416c-44eb-ac9e-6196bed61280.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0119f7d5458bbad12e972d04221e49ea
f05c46d74d8dfdd7fee763ec1e80e498399fffd2
eaefac45720584447a601fd90300464fbca5092117a670ac73be3b47884ba7fe
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc3d8bcb1-416c-44eb-ac9e-6196bed61280.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8005
x-amzn-requestid: 63121855-7f9b-4c3f-b9d3-0c3bc06c700d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X3yx5HN3oAMFxxA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6312fe72-7edeec96509ac24b442836cb;Sampled=0
x-amzn-remapped-date: Sat, 03 Sep 2022 07:12:50 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: MjYVR_YRfhLgchDlWjHka0Ggdp-upZ10LFrJSMjtVnsGe4oqxSnepg==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Sep 2022 21:45:36 GMT
age: 35883
etag: "f05c46d74d8dfdd7fee763ec1e80e498399fffd2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F81f9b0a3-fe8f-4665-9e54-9dfaf5d4876b.jpeg
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F81f9b0a3-fe8f-4665-9e54-9dfaf5d4876b.jpeg
IP 34.120.237.76:0
Hash d9ff2741acb5be29a57e49569d8ef421
97266ea6b9d50babe0089ddcdb3f2dd89a35d195
10172ba71197f338ab2746729093f47cf25a7ab3da73dcac07de38d87bccd2e9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F81f9b0a3-fe8f-4665-9e54-9dfaf5d4876b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9466
x-amzn-requestid: ba3f7eac-61c9-4b5f-ae8a-b372906a25ba
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YOTeoHMKoAMFr5Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631bff90-1e70e2c444242a2d46387986;Sampled=0
x-amzn-remapped-date: Sat, 10 Sep 2022 03:08:00 GMT
x-amz-cf-pop: SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: u_jETr8miiFyuhq7R09yb0lAP-hUv_6eTRV81Xzd9gSqU31VXwC9CQ==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 583992e175976bd59a21b4416890271e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 12 Sep 2022 03:15:48 GMT
age: 16071
etag: "05ec2076b32398d60ee77fab8c14345bc7dfe647"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ad228ec-3b17-4614-a289-8bfbb3c69b46.jpeg
34.120.237.76200 OK 9.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ad228ec-3b17-4614-a289-8bfbb3c69b46.jpeg
IP 34.120.237.76:0
Hash a432f7c614fc154e99dbca5bf3267e1a
d9834afa9fd32ef726ca9c08ec7727a5c26f7207
ab7999ac67eec82db64ba0608a03a9b01e5f8da0f754d1760a3ab7ac50820326
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ad228ec-3b17-4614-a289-8bfbb3c69b46.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6894
x-amzn-requestid: c9abf0bf-45a9-4f56-8f34-ff3da8544a28
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YUIyGEfzoAMFzDw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631e54da-40b81c960d413d682389a407;Sampled=0
x-amzn-remapped-date: Sun, 11 Sep 2022 21:36:26 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: gMZs_Tx-JHvaGxjP9hSKG_0pkVcRxGY8qm0aHK-h93LhJowXsXwgZQ==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Sep 2022 21:56:46 GMT
age: 35213
etag: "f1949f2e307eadc6069d2b0b8c624f674a228f34"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0f86a13b-1b13-4298-8397-2a35d951a8f4.jpeg
34.120.237.76200 OK 24 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0f86a13b-1b13-4298-8397-2a35d951a8f4.jpeg
IP 34.120.237.76:0
Hash 60a420bae18afecb8b8ff4b03b5d0c07
93398c3f9834579683132c3ccf2b54c8902b321e
e0f3c83ef637c38e34c8b2f39a7351aaf56f0ce3f54991fc277deacc0c0738b7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0f86a13b-1b13-4298-8397-2a35d951a8f4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8461
x-amzn-requestid: 8f7492c7-ae65-4dd5-8ee9-85a2e2fc80dc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YLVAaEt3oAMFcnw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631acecf-2db2074c53de3db23380767b;Sampled=0
x-amzn-remapped-date: Fri, 09 Sep 2022 05:27:43 GMT
x-amz-cf-pop: SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: m0cnQ1kABQEYadt_zivtyeY8Uow9N1S8kDio2jooE9h7u1oh6u_ANg==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 3c974a460e97e56c6eb1e6a30797d9d6.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Sep 2022 16:51:54 GMT
age: 53505
etag: "7c8363a01b498ae9299a9205d779499f00a477b4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
cdn.onesignal.com/sdks/OneSignalSDK.js
104.18.225.52200 OK 0 B URL HTTP/2 cdn.onesignal.com/sdks/OneSignalSDK.js
IP 104.18.225.52:0
GET /sdks/OneSignalSDK.js HTTP/1.1
Host: cdn.onesignal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://search.hemailaccessonline.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 12 Sep 2022 07:43:38 GMT
content-type: application/javascript
etag: W/"ae63ef8ff03da61fffaa7f165729897a"
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: HIT
age: 2691
expires: Thu, 15 Sep 2022 07:43:38 GMT
cache-control: public, max-age=259200
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
server: cloudflare
cf-ray: 749703669e061c0a-OSL
content-encoding: br
X-Firefox-Spdy: h2
kit.fontawesome.com/b9b2ba83c3.js
104.18.22.52200 OK 0 B URL HTTP/2 kit.fontawesome.com/b9b2ba83c3.js
IP 104.18.22.52:0
GET /b9b2ba83c3.js HTTP/1.1
Host: kit.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://search.hemailaccessonline.com
Connection: keep-alive
Referer: https://search.hemailaccessonline.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 12 Sep 2022 07:43:38 GMT
content-type: text/javascript
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=60, public, must-revalidate
strict-transport-security: max-age=31536000; preload
vary: origin, accept-encoding, access-control-request-headers, access-control-request-method
x-request-id: FxEoB2SpdBMkCzkhXjwi
cf-cache-status: REVALIDATED
server: cloudflare
cf-ray: 749703668abc0afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
via.placeholder.com/300x300?Text=.
172.67.158.148403 Forbidden 0 B URL HTTP/2 via.placeholder.com/300x300?Text=.
IP 172.67.158.148:0
GET /300x300?Text=. HTTP/1.1
Host: via.placeholder.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://search.hemailaccessonline.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 403 Forbidden
date: Mon, 12 Sep 2022 07:43:38 GMT
content-type: text/html; charset=UTF-8
x-frame-options: SAMEORIGIN
referrer-policy: same-origin
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FU6eH4SoqAGeyZno%2BKx6VOCcwNlwlbMW%2FcF5%2FCogqPmMEOZ0GneMC3Nyx4aOEYThfE%2FQfyPHgyXAZX5HPWQfxvQDybnkAWTuj08p4s8B7yIa5Vi1D7Z2tCziCTEVK0e6HEFJzskc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74970367ceca0b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
via.placeholder.com/300x300?Text=.
172.67.158.148403 Forbidden 0 B URL HTTP/2 via.placeholder.com/300x300?Text=.
IP 172.67.158.148:0
GET /300x300?Text=. HTTP/1.1
Host: via.placeholder.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://search.hemailaccessonline.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
date: Mon, 12 Sep 2022 07:43:38 GMT
content-type: text/html; charset=UTF-8
x-frame-options: SAMEORIGIN
referrer-policy: same-origin
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rbkEEymiWdlsS5hRXP1rF3Je1%2B7jaz3iaz%2BcHvlmoh5Dxk4QHPWGJpYGM5WFmMCMU%2BOwpp0UMIt3UiwckjRbBmHxMJf5Nt42b6%2FdSCPyQyZiaCbfiyF7rFHxMt9tgecVYLJtDFVP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74970367eee20b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2