allna.com/mtm/direct/.eJxdycsKAjEMheF3yXIsE5c64rNIKHFaSC9mIhTEdze6Gtz95zsveGqGBRACkK6bp5fynZXVRzLrCyKJVJpjK36mttmtUmG_904xcjdH42GYrEig3iVHstwqjq8cxr8WuTyux_kcJpx-dYL3BymlMSk:1oselT:RTGYvOrmYTPZ22l_EHoLxzFqGo0/2
45.33.18.44302 Found 0 B URL HTTP/1.1 allna.com/mtm/direct/.eJxdycsKAjEMheF3yXIsE5c64rNIKHFaSC9mIhTEdze6Gtz95zsveGqGBRACkK6bp5fynZXVRzLrCyKJVJpjK36mttmtUmG_904xcjdH42GYrEig3iVHstwqjq8cxr8WuTyux_kcJpx-dYL3BymlMSk:1oselT:RTGYvOrmYTPZ22l_EHoLxzFqGo0/2
IP 45.33.18.44:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET /mtm/direct/.eJxdycsKAjEMheF3yXIsE5c64rNIKHFaSC9mIhTEdze6Gtz95zsveGqGBRACkK6bp5fynZXVRzLrCyKJVJpjK36mttmtUmG_904xcjdH42GYrEig3iVHstwqjq8cxr8WuTyux_kcJpx-dYL3BymlMSk:1oselT:RTGYvOrmYTPZ22l_EHoLxzFqGo0/2 HTTP/1.1
Host: allna.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
server: openresty/1.13.6.1
date: Wed, 09 Nov 2022 06:40:59 GMT
content-type: text/html; charset=utf-8
content-length: 0
location: http://www1.allna.com/?tm=1&subid4=1667976059.0137850000&KW1=Best%20Mortgage%20Refinancing%20Rates&KW2=Elite%20Dating%20Services&KW3=Get%20An%20Online%20Degree&KW4=Elite%20Dating%20Services&KW5=Social%20Media%20Automation%20Marketing%20Software&KW6=Dedicated%20Gaming%20Servers&KW7=Get%20an%20Online%20Degree&KW8=Elite%20Dating%20Service&KW9=Best%20Mortgage%20Refinancing%20Rates&searchbox=0&backfill=0
x-mtm-path: 4
x-mtm-prov: 300:0.00;308:6.34
x-mtm-rd: 0.27
vary: Accept-Language
content-language: en
set-cookie: mtm_delivered=WyJhbGxuYS5jb20iLCJodHRwOi8vd3d3MS5hbGxuYS5jb20vP3RtPTEmc3ViaWQ0PTE2Njc5NzYwNTkuMDEzNzg1MDAwMCZLVzE9QmVzdCUyME1vcnRnYWdlJTIwUmVmaW5hbmNpbmclMjBSYXRlcyZLVzI9RWxpdGUlMjBEYXRpbmclMjBTZXJ2aWNlcyZLVzM9R2V0JTIwQW4lMjBPbmxpbmUlMjBEZWdyZWUmS1c0PUVsaXRlJTIwRGF0aW5nJTIwU2VydmljZXMmS1c1PVNvY2lhbCUyME1lZGlhJTIwQXV0b21hdGlvbiUyME1hcmtldGluZyUyMFNvZnR3YXJlJktXNj1EZWRpY2F0ZWQlMjBHYW1pbmclMjBTZXJ2ZXJzJktXNz1HZXQlMjBhbiUyME9ubGluZSUyMERlZ3JlZSZLVzg9RWxpdGUlMjBEYXRpbmclMjBTZXJ2aWNlJktXOT1CZXN0JTIwTW9ydGdhZ2UlMjBSZWZpbmFuY2luZyUyMFJhdGVzJnNlYXJjaGJveD0wJmJhY2tmaWxsPTAiLDEsIjIwMjItMTEtMDkgMDY6NDA6NTkiLDEsIjE2Njc5NzYwNTkuMDEzNzg1MDAwMCIsMzA4LG51bGwsbnVsbF0:1oself:-SdzLGJtxbvcE2uT-v88-RJfHzg; expires=Wed, 09-Nov-2022 07:40:59 GMT; Max-Age=3600; Path=/
connection: close
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash aabe410b4bbe4d8beb0e4561d3aa158e
e1788632902ddea62cdd9e7ad6009a75ffb69788
ad535e27b201e92670770b2b868c58f7c05633ec66490a41ef4592f062834c1f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AD535E27B201E92670770B2B868C58F7C05633EC66490A41EF4592F062834C1F"
Last-Modified: Wed, 09 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7222
Expires: Wed, 09 Nov 2022 08:41:21 GMT
Date: Wed, 09 Nov 2022 06:40:59 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 7908acd0c083145e2b454aaeb063c236
0696647bb0a4118327f637a50ebcc21bac39d592
ffc30b68df0b33d67f31e37bbf5ae5cf4c23e1c8b8197bf76a95ee06bec4cd36
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4456
Cache-Control: max-age=104668
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 06:40:59 GMT
Etag: "636a2fef-1d7"
Expires: Thu, 10 Nov 2022 11:45:27 GMT
Last-Modified: Tue, 08 Nov 2022 10:31:11 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 7908acd0c083145e2b454aaeb063c236
0696647bb0a4118327f637a50ebcc21bac39d592
ffc30b68df0b33d67f31e37bbf5ae5cf4c23e1c8b8197bf76a95ee06bec4cd36
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4456
Cache-Control: max-age=104668
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 06:40:59 GMT
Etag: "636a2fef-1d7"
Expires: Thu, 10 Nov 2022 11:45:27 GMT
Last-Modified: Tue, 08 Nov 2022 10:31:11 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash dc90abd8b3ea8e75a68c144d74d75788
1ce29dca1ee9ca8931397de31ffb6cf7833baaf8
807000997bcf1b7a1fa35e43908cbfa54cd1704a5a0f53c09e1ae154638f10e0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "807000997BCF1B7A1FA35E43908CBFA54CD1704A5A0F53C09E1AE154638F10E0"
Last-Modified: Tue, 08 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21002
Expires: Wed, 09 Nov 2022 12:31:01 GMT
Date: Wed, 09 Nov 2022 06:40:59 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 4Gi0ujm/rgjkfsIJnFo30iHJzxA2LDiMYG6BF3EF8QKqCkC/jwe6ZHLo84sOSj+N7dY50RDsPdw=
x-amz-request-id: VHHB7JK5Z33GRW0T
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 09 Nov 2022 06:11:37 GMT
age: 1762
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 09 Nov 2022 06:40:59 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
www1.allna.com/?tm=1&subid4=1667976059.0137850000&KW1=Best%20Mortgage%20Refinancing%20Rates&KW2=Elite%20Dating%20Services&KW3=Get%20An%20Online%20Degree&KW4=Elite%20Dating%20Services&KW5=Social%20Media%20Automation%20Marketing%20Software&KW6=Dedicated%20Gaming%20Servers&KW7=Get%20an%20Online%20Degree&KW8=Elite%20Dating%20Service&KW9=Best%20Mortgage%20Refinancing%20Rates&searchbox=0&backfill=0
76.223.26.96200 OK 5.7 kB URL HTTP/1.1 www1.allna.com/?tm=1&subid4=1667976059.0137850000&KW1=Best%20Mortgage%20Refinancing%20Rates&KW2=Elite%20Dating%20Services&KW3=Get%20An%20Online%20Degree&KW4=Elite%20Dating%20Services&KW5=Social%20Media%20Automation%20Marketing%20Software&KW6=Dedicated%20Gaming%20Servers&KW7=Get%20an%20Online%20Degree&KW8=Elite%20Dating%20Service&KW9=Best%20Mortgage%20Refinancing%20Rates&searchbox=0&backfill=0
IP 76.223.26.96:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3050)
Hash 71dd9645f3bde198990b6b5dc317caba
e5821a941164d5fb30f001659f0c3e086778c7d9
f978a04e9a25445c3858727459c5afd9b929a5d9f3bc1042f8fe0fbcb2c363cc
GET /?tm=1&subid4=1667976059.0137850000&KW1=Best%20Mortgage%20Refinancing%20Rates&KW2=Elite%20Dating%20Services&KW3=Get%20An%20Online%20Degree&KW4=Elite%20Dating%20Services&KW5=Social%20Media%20Automation%20Marketing%20Software&KW6=Dedicated%20Gaming%20Servers&KW7=Get%20an%20Online%20Degree&KW8=Elite%20Dating%20Service&KW9=Best%20Mortgage%20Refinancing%20Rates&searchbox=0&backfill=0 HTTP/1.1
Host: www1.allna.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Wed, 09 Nov 2022 06:40:59 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Buckets: bucket103
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_OQztUpcy3eh/exdu6r0fbSYPDsPg4OLuuYyP3QPsNxtv/cobAWCipyINekcG4tzc6HVCnImaihCWkqS7XidmYQ==
X-Template: tpl_CleanPeppermintBlack_twoclick
X-Language: norwegian
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Content-Encoding: gzip
d38psrni17bvxu.cloudfront.net/scripts/js3caf.js
18.244.156.162200 OK 7.0 kB URL HTTP/1.1 d38psrni17bvxu.cloudfront.net/scripts/js3caf.js
IP 18.244.156.162:0
File type ASCII text, with very long lines (316)
Hash cce7f943ec8e7b4ba13be4aba6b463d9
220f3e8ca723daa91fd040cf518991a65f2bf110
ba5b7354353b0eec1637564dae072fee662a5b9862f6bf7ed5e60a5a76f2ef44
Analyzer Verdict Alert fortinet Malware
GET /scripts/js3caf.js HTTP/1.1
Host: d38psrni17bvxu.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.allna.com/
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 7000
Connection: keep-alive
Server: nginx
Date: Wed, 09 Nov 2022 03:16:10 GMT
Last-Modified: Thu, 14 Jan 2021 10:54:01 GMT
Accept-Ranges: bytes
ETag: "600022c9-1b58"
X-Cache: Hit from cloudfront
Via: 1.1 f0d6cf9facc31102542a16775df72d9e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P8
X-Amz-Cf-Id: FgvV1RC-eC-YmEsTlxohYLYDNoLjnfBdSjzJ4IqpaBDejj5FGBpjmg==
Age: 12289
www.google.com/adsense/domains/caf.js
142.250.74.164200 OK 54 kB URL HTTP/1.1 www.google.com/adsense/domains/caf.js
IP 142.250.74.164:0
File type ASCII text, with very long lines (1885)
Hash f3ddb0cbab857025335a96e1357bb4eb
f7c02c8a3a98e07c01283f89a03e7e79efa98d1d
3c622534ecfdda4ba5c89d9c58a381b81aa0c379e1b2aa0dee03b32f39f8d685
GET /adsense/domains/caf.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.allna.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Type: text/javascript; charset=UTF-8
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="ads-afs-ui"
Report-To: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
Date: Wed, 09 Nov 2022 06:40:59 GMT
Expires: Wed, 09 Nov 2022 06:40:59 GMT
Cache-Control: private, max-age=3600
ETag: "15384297648956670384"
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: sffe
X-XSS-Protection: 0
d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/style.css
18.244.156.162200 OK 648 B URL HTTP/1.1 d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/style.css
IP 18.244.156.162:0
Hash 706f944f821bc64dff4240a04251ff36
efcf7c46310be1b252baae8e2f4b5e9edfee9fe3
dc365466c780c2d5e58a10925db88facb0cae18cb5a077790c54561e8590b63b
GET /themes/cleanPeppermintBlack_657d9013/style.css HTTP/1.1
Host: d38psrni17bvxu.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.allna.com/
HTTP/1.1 200 OK
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Date: Wed, 09 Nov 2022 00:44:21 GMT
Last-Modified: Fri, 21 Oct 2022 11:27:37 GMT
Content-Encoding: gzip
ETag: W/"63528229-63e"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 332a44a061773053817570525bb4fcae.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P8
X-Amz-Cf-Id: h41FPOqFjQ3thFliLy7p_yTzXxF1lPcl3WbQ9J05ib1u1Sb2Oejz6Q==
Age: 21398
c.parkingcrew.net/scripts/sale_form.js
185.53.178.30200 OK 761 B URL HTTP/1.1 c.parkingcrew.net/scripts/sale_form.js
IP 185.53.178.30:0
Hash 64f809e06446647e192fce8d1ec34e09
5b7ced07da42e205067afa88615317a277a4a82c
f52cbd664986ad7ed6e71c448e2d31d1a16463e4d9b7bca0c6be278649ccc4f3
GET /scripts/sale_form.js HTTP/1.1
Host: c.parkingcrew.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.allna.com/
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 09 Nov 2022 06:40:59 GMT
Content-Type: application/javascript
Content-Length: 761
Connection: keep-alive
Last-Modified: Tue, 12 May 2020 14:25:52 GMT
ETag: "5ebab1f0-2f9"
Accept-Ranges: bytes
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 2a47d129a3af5f02c654faf925c60273
9ad27ed9f4500c939260a677c12e702599b00fa9
0e031af077bf7009ffefada782407a247bbd31bddc96994c68de7bfe902bf992
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1280
Cache-Control: max-age=96426
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 06:41:00 GMT
Etag: "636a1c26-1d7"
Expires: Thu, 10 Nov 2022 09:28:06 GMT
Last-Modified: Tue, 08 Nov 2022 09:06:46 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471
d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/img/arrows.png
18.244.156.162200 OK 11 kB URL HTTP/1.1 d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/img/arrows.png
IP 18.244.156.162:0
File type PNG image data, 1500 x 600, 8-bit colormap, non-interlaced\012- data
Hash 0cb2e5165dc9324eb462199f04e1ffa9
9e0f89847ec8a98d98a6020bc5c4ed32b7a48bf8
67dff0aad873050f12609885f2264417ccdd0d438311000a704c89f0865f7865
GET /themes/cleanPeppermintBlack_657d9013/img/arrows.png HTTP/1.1
Host: d38psrni17bvxu.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/style.css
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 11375
Connection: keep-alive
Server: nginx
Date: Wed, 09 Nov 2022 02:48:23 GMT
Last-Modified: Thu, 23 Jun 2022 10:44:43 GMT
Accept-Ranges: bytes
ETag: "62b4441b-2c6f"
X-Cache: Hit from cloudfront
Via: 1.1 f0d6cf9facc31102542a16775df72d9e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P8
X-Amz-Cf-Id: BUt_wwdGisNy9nD8QUQm8u2VsWTcrhDoGHuaqF3Jb2N_6yZ2iYt3nw==
Age: 13957
push.services.mozilla.com/
54.187.146.10101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.187.146.10:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: eo7Kht6ty8FsKMPpMBgVIw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: gCXheW+7UL9+1pF7nCXZD1TcD4o=
www1.allna.com/favicon.ico
76.223.26.96200 OK 0 B URL HTTP/1.1 www1.allna.com/favicon.ico
IP 76.223.26.96:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: www1.allna.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.allna.com/?tm=1&subid4=1667976059.0137850000&KW1=Best%20Mortgage%20Refinancing%20Rates&KW2=Elite%20Dating%20Services&KW3=Get%20An%20Online%20Degree&KW4=Elite%20Dating%20Services&KW5=Social%20Media%20Automation%20Marketing%20Software&KW6=Dedicated%20Gaming%20Servers&KW7=Get%20an%20Online%20Degree&KW8=Elite%20Dating%20Service&KW9=Best%20Mortgage%20Refinancing%20Rates&searchbox=0&backfill=0
HTTP/1.1 200 OK
Date: Wed, 09 Nov 2022 06:41:00 GMT
Content-Type: image/x-icon
Content-Length: 0
Connection: keep-alive
Server: nginx
Last-Modified: Tue, 12 May 2020 14:25:52 GMT
ETag: "5ebab1f0-0"
Accept-Ranges: bytes
www1.allna.com/track.php?domain=allna.com&toggle=browserjs&uid=MTY2Nzk3NjA1OS41MTM4OjE2ZDcyN2IxNjM0ZjVjZTFkMWNkZjIzNjY1NGY4NTE0MTFjODE3ZDBlYWEyZjIxOTdmN2E3NjhlYzlkYzVlOGI6NjM2YjRiN2I3ZDZlNg%3D%3D
76.223.26.96200 OK 20 B URL HTTP/1.1 www1.allna.com/track.php?domain=allna.com&toggle=browserjs&uid=MTY2Nzk3NjA1OS41MTM4OjE2ZDcyN2IxNjM0ZjVjZTFkMWNkZjIzNjY1NGY4NTE0MTFjODE3ZDBlYWEyZjIxOTdmN2E3NjhlYzlkYzVlOGI6NjM2YjRiN2I3ZDZlNg%3D%3D
IP 76.223.26.96:0
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /track.php?domain=allna.com&toggle=browserjs&uid=MTY2Nzk3NjA1OS41MTM4OjE2ZDcyN2IxNjM0ZjVjZTFkMWNkZjIzNjY1NGY4NTE0MTFjODE3ZDBlYWEyZjIxOTdmN2E3NjhlYzlkYzVlOGI6NjM2YjRiN2I3ZDZlNg%3D%3D HTTP/1.1
Host: www1.allna.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.allna.com/?tm=1&subid4=1667976059.0137850000&KW1=Best%20Mortgage%20Refinancing%20Rates&KW2=Elite%20Dating%20Services&KW3=Get%20An%20Online%20Degree&KW4=Elite%20Dating%20Services&KW5=Social%20Media%20Automation%20Marketing%20Software&KW6=Dedicated%20Gaming%20Servers&KW7=Get%20an%20Online%20Degree&KW8=Elite%20Dating%20Service&KW9=Best%20Mortgage%20Refinancing%20Rates&searchbox=0&backfill=0
HTTP/1.1 200 OK
Date: Wed, 09 Nov 2022 06:41:00 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Custom-Track: browserjs
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Access-Control-Allow-Origin: *
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash dee3039809fc2026852697eaa005560c
f4f6b76cf09e0a9e756ab6b9b8be26cb6e15b2c7
8091750102499bbd5d92ea3e89cf364e833df30e186963d67a0d66a13751ef8a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 06:41:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www1.allna.com/ls.php
76.223.26.96201 Created 0 B IP 76.223.26.96:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
POST /ls.php HTTP/1.1
Host: www1.allna.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 3002
Origin: http://www1.allna.com
Connection: keep-alive
Referer: http://www1.allna.com/?tm=1&subid4=1667976059.0137850000&KW1=Best%20Mortgage%20Refinancing%20Rates&KW2=Elite%20Dating%20Services&KW3=Get%20An%20Online%20Degree&KW4=Elite%20Dating%20Services&KW5=Social%20Media%20Automation%20Marketing%20Software&KW6=Dedicated%20Gaming%20Servers&KW7=Get%20an%20Online%20Degree&KW8=Elite%20Dating%20Service&KW9=Best%20Mortgage%20Refinancing%20Rates&searchbox=0&backfill=0
HTTP/1.1 201 Created
Date: Wed, 09 Nov 2022 06:41:00 GMT
Content-Type: text/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
X-Log-Success: 636b4b7c107ad85be95d18e5
Charset: utf-8
Access-Control-Allow-Origin: http://www1.allna.com
Access-Control-Allow-Methods: POST, OPTIONS
Access-Control-Max-Age: 86400
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_rKH77NJk+Rm9uQ31zvaBYPRTr0DXIaiOzndlwEHAEC6586brJxI6hoOohSuvF69mb5TSGXgSwAZqlzoiOdr32Q==
www.google.com/afs/ads?adtest=off&psid=6016880802&pcsa=false&channel=000001%2C000003%2C000836%2Cbucket103&client=dp-teaminternet12_3ph&r=m&hl=en&terms=Best%20Mortgage%20Refinancing%20Rates%2CElite%20Dating%20Services%2CGet%20An%20Online%20Degree%2CElite%20Dating%20Services%2CSocial%20Media%20Automation%20Marketing%20Software%2CDedicated%20Gaming%20Servers%2CGet%20an%20Online%20Degree%2CElite%20Dating%20Service%2CBest%20Mortgage%20Refinancing%20Rates&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2514429714757505&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301010%2C17301013&format=r9%7Cs&nocache=4501667976057370&num=0&output=afd_ads&domain_name=www1.allna.com&v=3&bsl=8&pac=0&u_his=1&u_tz=0&dt=1667976057371&u_w=1280&u_h=1024&biw=1280&bih=939&psw=1280&psh=797&frm=0&cl=485586056&uio=--&cont=tc&jsid=caf&jsv=485586056&rurl=http%3A%2F%2Fwww1.allna.com%2F%3Ftm%3D1%26subid4%3D1667976059.0137850000%26KW1%3DBest%2520Mortgage%2520Refinancing%2520Rates%26KW2%3DElite%2520Dating%2520Services%26KW3%3DGet%2520An%2520Online%2520Degree%26KW4%3DElite%2520Dating%2520Services%26KW5%3DSocial%2520Media%2520Automation%2520Marketing%2520Software%26KW6%3DDedicated%2520Gaming%2520Servers%26KW7%3DGet%2520an%2520Online%2520Degree%26KW8%3DElite%2520Dating%2520Service%26KW9%3DBest%2520Mortgage%2520Refinancing%2520Rates%26searchbox%3D0%26backfill%3D0&adbw=master-1%3A530
142.250.74.164200 OK 2.4 kB URL HTTP/2 www.google.com/afs/ads?adtest=off&psid=6016880802&pcsa=false&channel=000001%2C000003%2C000836%2Cbucket103&client=dp-teaminternet12_3ph&r=m&hl=en&terms=Best%20Mortgage%20Refinancing%20Rates%2CElite%20Dating%20Services%2CGet%20An%20Online%20Degree%2CElite%20Dating%20Services%2CSocial%20Media%20Automation%20Marketing%20Software%2CDedicated%20Gaming%20Servers%2CGet%20an%20Online%20Degree%2CElite%20Dating%20Service%2CBest%20Mortgage%20Refinancing%20Rates&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2514429714757505&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301010%2C17301013&format=r9%7Cs&nocache=4501667976057370&num=0&output=afd_ads&domain_name=www1.allna.com&v=3&bsl=8&pac=0&u_his=1&u_tz=0&dt=1667976057371&u_w=1280&u_h=1024&biw=1280&bih=939&psw=1280&psh=797&frm=0&cl=485586056&uio=--&cont=tc&jsid=caf&jsv=485586056&rurl=http%3A%2F%2Fwww1.allna.com%2F%3Ftm%3D1%26subid4%3D1667976059.0137850000%26KW1%3DBest%2520Mortgage%2520Refinancing%2520Rates%26KW2%3DElite%2520Dating%2520Services%26KW3%3DGet%2520An%2520Online%2520Degree%26KW4%3DElite%2520Dating%2520Services%26KW5%3DSocial%2520Media%2520Automation%2520Marketing%2520Software%26KW6%3DDedicated%2520Gaming%2520Servers%26KW7%3DGet%2520an%2520Online%2520Degree%26KW8%3DElite%2520Dating%2520Service%26KW9%3DBest%2520Mortgage%2520Refinancing%2520Rates%26searchbox%3D0%26backfill%3D0&adbw=master-1%3A530
IP 142.250.74.164:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (8033)
Hash 32a6b0ec6ee76a93f6933f845eb21b38
f8874a4c6162c6c123d14f0b71cee43763b01e7f
08e19d5d822a9a0441a5c66172deed02eaf412612f764d8f8e5cb0b04c64f5ca
GET /afs/ads?adtest=off&psid=6016880802&pcsa=false&channel=000001%2C000003%2C000836%2Cbucket103&client=dp-teaminternet12_3ph&r=m&hl=en&terms=Best%20Mortgage%20Refinancing%20Rates%2CElite%20Dating%20Services%2CGet%20An%20Online%20Degree%2CElite%20Dating%20Services%2CSocial%20Media%20Automation%20Marketing%20Software%2CDedicated%20Gaming%20Servers%2CGet%20an%20Online%20Degree%2CElite%20Dating%20Service%2CBest%20Mortgage%20Refinancing%20Rates&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2514429714757505&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301010%2C17301013&format=r9%7Cs&nocache=4501667976057370&num=0&output=afd_ads&domain_name=www1.allna.com&v=3&bsl=8&pac=0&u_his=1&u_tz=0&dt=1667976057371&u_w=1280&u_h=1024&biw=1280&bih=939&psw=1280&psh=797&frm=0&cl=485586056&uio=--&cont=tc&jsid=caf&jsv=485586056&rurl=http%3A%2F%2Fwww1.allna.com%2F%3Ftm%3D1%26subid4%3D1667976059.0137850000%26KW1%3DBest%2520Mortgage%2520Refinancing%2520Rates%26KW2%3DElite%2520Dating%2520Services%26KW3%3DGet%2520An%2520Online%2520Degree%26KW4%3DElite%2520Dating%2520Services%26KW5%3DSocial%2520Media%2520Automation%2520Marketing%2520Software%26KW6%3DDedicated%2520Gaming%2520Servers%26KW7%3DGet%2520an%2520Online%2520Degree%26KW8%3DElite%2520Dating%2520Service%26KW9%3DBest%2520Mortgage%2520Refinancing%2520Rates%26searchbox%3D0%26backfill%3D0&adbw=master-1%3A530 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www1.allna.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
content-disposition: inline
date: Wed, 09 Nov 2022 06:41:00 GMT
expires: Wed, 09 Nov 2022 06:41:00 GMT
cache-control: private, max-age=3600
content-encoding: br
server: gws
content-length: 2411
x-xss-protection: 0
set-cookie: CONSENT=PENDING+773; expires=Fri, 08-Nov-2024 06:41:00 GMT; path=/; domain=.google.com; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 182f8aecb00a9b97401d839e1e7f5629
05e5f7d37f06fbf503d139746300f2dcf22616ce
8e15a57041c72ef89daa376d714d4f8ec8139c164e5286fff51766b159a0df40
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 06:41:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
partner.googleadservices.com/gampad/cookie.js?domain=www1.allna.com&client=dp-teaminternet12_3ph&product=SAS&callback=__sasCookie
172.217.21.162200 OK 179 B URL HTTP/2 partner.googleadservices.com/gampad/cookie.js?domain=www1.allna.com&client=dp-teaminternet12_3ph&product=SAS&callback=__sasCookie
IP 172.217.21.162:0
File type ASCII text, with no line terminators
Hash f192a5403095fee11e32e38f0d22ef6a
a71897188be643c032f9d2b23e9796fc79b88c79
50cab07cdb923f2a57c66dd229cdb267310d928baa8617f8f7274078feb5bf99
GET /gampad/cookie.js?domain=www1.allna.com&client=dp-teaminternet12_3ph&product=SAS&callback=__sasCookie HTTP/1.1
Host: partner.googleadservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www1.allna.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Wed, 09 Nov 2022 06:41:00 GMT
server: cafe
cache-control: private
content-length: 179
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 5c4c9c21e826ed9dd1520ac96dea393c
106bc7d84ae02a77a4006f2cae1cf7b5093d36c0
1201a34924da1af919077623ac06926d89f890b33b843d30e1e129fee007783f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 06:41:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 182f8aecb00a9b97401d839e1e7f5629
05e5f7d37f06fbf503d139746300f2dcf22616ce
8e15a57041c72ef89daa376d714d4f8ec8139c164e5286fff51766b159a0df40
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 06:41:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash dacb6df08b90bf743c8171b474c45ab0
1efade0f09bdc50845ad9fef25bb818c136aa87b
db06ebe5ca7ec61c2a8304751e119d159cac6a5237f01f88b6c4452642e168d3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 06:41:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash dacb6df08b90bf743c8171b474c45ab0
1efade0f09bdc50845ad9fef25bb818c136aa87b
db06ebe5ca7ec61c2a8304751e119d159cac6a5237f01f88b6c4452642e168d3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 06:41:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/search.svg?c=%23ffffff
142.250.74.33200 OK 270 B URL HTTP/2 afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/search.svg?c=%23ffffff
IP 142.250.74.33:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (390)
Hash 5100391430a00e10ce60aa159f525b5c
231a4492d73b225f441b1e9028dc33c89862e498
52b1432a6e3002e41ed1d8f4c84b258fdc4c6dac863e3c0e5c06360c81be6067
GET /ad_icons/standard/publisher_icon_image/search.svg?c=%23ffffff HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 270
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Tue, 08 Nov 2022 11:18:20 GMT
expires: Wed, 09 Nov 2022 10:18:20 GMT
cache-control: public, max-age=82800
age: 69760
last-modified: Thu, 19 Dec 2019 14:15:00 GMT
content-type: image/svg+xml
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/adsense/domains/caf.js
142.250.74.164200 OK 54 kB URL HTTP/2 www.google.com/adsense/domains/caf.js
IP 142.250.74.164:0
File type ASCII text, with very long lines (1885)
Hash 8d762bbb99dd6007716607569b57f7fd
73f45ebd45b63760a0fa2ecc83dabd17ee79e96e
ec018e03bab2ef06a896c5846c2af5269c11e5dc2ca7cd7e93fd4ee9ed07f976
GET /adsense/domains/caf.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Wed, 09 Nov 2022 06:41:00 GMT
expires: Wed, 09 Nov 2022 06:41:00 GMT
cache-control: private, max-age=3600
etag: "15126666260158518082"
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash dacb6df08b90bf743c8171b474c45ab0
1efade0f09bdc50845ad9fef25bb818c136aa87b
db06ebe5ca7ec61c2a8304751e119d159cac6a5237f01f88b6c4452642e168d3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 06:41:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www1.allna.com/track.php?domain=allna.com&caf=1&toggle=answercheck&answer=yes&uid=MTY2Nzk3NjA1OS41MTM4OjE2ZDcyN2IxNjM0ZjVjZTFkMWNkZjIzNjY1NGY4NTE0MTFjODE3ZDBlYWEyZjIxOTdmN2E3NjhlYzlkYzVlOGI6NjM2YjRiN2I3ZDZlNg%3D%3D
76.223.26.96200 OK 20 B URL HTTP/1.1 www1.allna.com/track.php?domain=allna.com&caf=1&toggle=answercheck&answer=yes&uid=MTY2Nzk3NjA1OS41MTM4OjE2ZDcyN2IxNjM0ZjVjZTFkMWNkZjIzNjY1NGY4NTE0MTFjODE3ZDBlYWEyZjIxOTdmN2E3NjhlYzlkYzVlOGI6NjM2YjRiN2I3ZDZlNg%3D%3D
IP 76.223.26.96:0
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /track.php?domain=allna.com&caf=1&toggle=answercheck&answer=yes&uid=MTY2Nzk3NjA1OS41MTM4OjE2ZDcyN2IxNjM0ZjVjZTFkMWNkZjIzNjY1NGY4NTE0MTFjODE3ZDBlYWEyZjIxOTdmN2E3NjhlYzlkYzVlOGI6NjM2YjRiN2I3ZDZlNg%3D%3D HTTP/1.1
Host: www1.allna.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.allna.com/?tm=1&subid4=1667976059.0137850000&KW1=Best%20Mortgage%20Refinancing%20Rates&KW2=Elite%20Dating%20Services&KW3=Get%20An%20Online%20Degree&KW4=Elite%20Dating%20Services&KW5=Social%20Media%20Automation%20Marketing%20Software&KW6=Dedicated%20Gaming%20Servers&KW7=Get%20an%20Online%20Degree&KW8=Elite%20Dating%20Service&KW9=Best%20Mortgage%20Refinancing%20Rates&searchbox=0&backfill=0
Cookie: __gsas=ID=8804361bde87db70:T=1667976060:S=ALNI_MY4AS9DcYaJmMrQCDn7ujNlecYF2Q
HTTP/1.1 200 OK
Date: Wed, 09 Nov 2022 06:41:01 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Custom-Track: answercheck
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Access-Control-Allow-Origin: *
Content-Encoding: gzip
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4599ea4ab89bca0461dfc4e86cf90610
d513a3fca97e06dbc1a6cdd02fbdd3c7253c865a
6056ef181a66539dd449318a89c133c3711e3244394126a66b8ebd29cff4692b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6056EF181A66539DD449318A89C133C3711E3244394126A66B8EBD29CFF4692B"
Last-Modified: Tue, 08 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8946
Expires: Wed, 09 Nov 2022 09:10:07 GMT
Date: Wed, 09 Nov 2022 06:41:01 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4599ea4ab89bca0461dfc4e86cf90610
d513a3fca97e06dbc1a6cdd02fbdd3c7253c865a
6056ef181a66539dd449318a89c133c3711e3244394126a66b8ebd29cff4692b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6056EF181A66539DD449318A89C133C3711E3244394126A66B8EBD29CFF4692B"
Last-Modified: Tue, 08 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8946
Expires: Wed, 09 Nov 2022 09:10:07 GMT
Date: Wed, 09 Nov 2022 06:41:01 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4599ea4ab89bca0461dfc4e86cf90610
d513a3fca97e06dbc1a6cdd02fbdd3c7253c865a
6056ef181a66539dd449318a89c133c3711e3244394126a66b8ebd29cff4692b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6056EF181A66539DD449318A89C133C3711E3244394126A66B8EBD29CFF4692B"
Last-Modified: Tue, 08 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8946
Expires: Wed, 09 Nov 2022 09:10:07 GMT
Date: Wed, 09 Nov 2022 06:41:01 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4599ea4ab89bca0461dfc4e86cf90610
d513a3fca97e06dbc1a6cdd02fbdd3c7253c865a
6056ef181a66539dd449318a89c133c3711e3244394126a66b8ebd29cff4692b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6056EF181A66539DD449318A89C133C3711E3244394126A66B8EBD29CFF4692B"
Last-Modified: Tue, 08 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8946
Expires: Wed, 09 Nov 2022 09:10:07 GMT
Date: Wed, 09 Nov 2022 06:41:01 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4599ea4ab89bca0461dfc4e86cf90610
d513a3fca97e06dbc1a6cdd02fbdd3c7253c865a
6056ef181a66539dd449318a89c133c3711e3244394126a66b8ebd29cff4692b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6056EF181A66539DD449318A89C133C3711E3244394126A66B8EBD29CFF4692B"
Last-Modified: Tue, 08 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8946
Expires: Wed, 09 Nov 2022 09:10:07 GMT
Date: Wed, 09 Nov 2022 06:41:01 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1b197dc2-1415-4c19-8d36-1fa334168ba5.jpeg
34.120.237.76200 OK 9.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1b197dc2-1415-4c19-8d36-1fa334168ba5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 29429581f8dc762c69c5916009f70080
9265cae98aa663a5498925b70079abdd8e7031fd
c3deee74c80905a1e92b84868b9987cb30ad7a210dca066b97c325cc2c83872e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1b197dc2-1415-4c19-8d36-1fa334168ba5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9313
x-amzn-requestid: be3f6b0f-cf61-4bec-ad1a-87abdbc45d73
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bTTTwF5AoAMFZAw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636acc17-5ca45b5b1065a4ea492f2ac6;Sampled=0
x-amzn-remapped-date: Tue, 08 Nov 2022 21:37:27 GMT
x-amz-cf-pop: SEA19-C3, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 9lVY7YgQQ0FAP3ItgCSWePY0Msd4RIyBz4eNPc-K51BtnWUjOObv6g==
via: 1.1 31dfa94142c6eaf975b0e5454c00340a.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Tue, 08 Nov 2022 21:43:31 GMT
etag: "9265cae98aa663a5498925b70079abdd8e7031fd"
content-type: image/jpeg
age: 32250
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F609c6c88-4535-488a-8bf4-de0e93b9ae31.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F609c6c88-4535-488a-8bf4-de0e93b9ae31.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 86ec3f22045de1a100eccf27d91593ae
e26769d82108f89057b05096061f1276d34e223a
b863d19ab12945922b4d014c517f5ffe349cefe2bbe1c2f16661371f22378cbd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F609c6c88-4535-488a-8bf4-de0e93b9ae31.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10822
x-amzn-requestid: 1b1e2dfc-4096-45cf-adb3-58f0b1d614bc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bEAXHFhroAMF_Zg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6364adc6-7b94977b4143970a48bc1857;Sampled=0
x-amzn-remapped-date: Fri, 04 Nov 2022 06:14:30 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: vzUPLMO4CDywKUQvQ9gbltVLYlNher7ZTXYC9A00LfwycdEmG7m9wg==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 2f7934de1dfe281c3e4446892eab6462.cloudfront.net (CloudFront), 1.1 google
date: Tue, 08 Nov 2022 11:14:46 GMT
age: 69975
etag: "e26769d82108f89057b05096061f1276d34e223a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa0adf10c-d2d8-4768-a99e-671dd205fa5f.jpeg
34.120.237.76200 OK 9.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa0adf10c-d2d8-4768-a99e-671dd205fa5f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 10699bfbe3966b42cce253bfd3c09d0d
dd74707d8871dd800aa29bda2edc6105bd00adf6
26b571dbe9c885db2a2a6ae4e4a432b843a2815fb34ec976db7a3e6148a4dc8e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa0adf10c-d2d8-4768-a99e-671dd205fa5f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9741
x-amzn-requestid: 19706043-9952-4148-bf73-815d2b80f88a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bKom8FixIAMFjzA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63675492-26d889196e698552262b0ef6;Sampled=0
x-amzn-remapped-date: Sun, 06 Nov 2022 06:30:42 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 30pGKplOuXFYhdd8rDJhmKimfi5RdviDma-8hJ6Bf6zrwO8KgVhODw==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Tue, 08 Nov 2022 22:03:53 GMT
age: 31028
etag: "dd74707d8871dd800aa29bda2edc6105bd00adf6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4b0973b-d22d-4fb5-b777-cb6b2ea614f8.jpeg
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4b0973b-d22d-4fb5-b777-cb6b2ea614f8.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash fea291bfa3958eac1ec082c954f464e6
1b24dd3abd50d37ef919770c858328dc4f3187ad
ff66cca8d93c51768479304fb954fd60d550b142946c47f149e1a3579d6fe235
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4b0973b-d22d-4fb5-b777-cb6b2ea614f8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 14020
x-amzn-requestid: 2243eecc-7f97-41e4-b516-da8c84cc1ddc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bTTVBGQjIAMF3_g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636acc1f-10ead8811b8f8dc26e2e6929;Sampled=0
x-amzn-remapped-date: Tue, 08 Nov 2022 21:37:35 GMT
x-amz-cf-pop: SEA19-C3, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: hUDLrdbHOdDTuHKjFnwiLCPAlWBI1MU3LpWV--ELMf-lLdl4ZToFxw==
via: 1.1 e11ee4e3208082d534c251b36bbee268.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Tue, 08 Nov 2022 21:44:13 GMT
etag: "1b24dd3abd50d37ef919770c858328dc4f3187ad"
content-type: image/jpeg
age: 32208
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff66bafec-6420-4aea-8b22-96b8fe0d292b.jpeg
34.120.237.76200 OK 8.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff66bafec-6420-4aea-8b22-96b8fe0d292b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c69b19d2273c3ade32fd0797921c0459
8cafda5659f5b36c855a2bbcaeb03aa715ddeebd
d78b92e1175207b1179c85f9490f937e1647aeae3fe95cf8b3dc336db232945e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff66bafec-6420-4aea-8b22-96b8fe0d292b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8154
x-amzn-requestid: 1d9d6e13-69a4-473d-af4b-ef3d4382f3ca
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bTTU2EyZoAMF94w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636acc1e-0dec203434f42df01d9a1182;Sampled=0
x-amzn-remapped-date: Tue, 08 Nov 2022 21:37:34 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 5sq7XRYInS334VVDEtCJNlf_O9FTHn2G4u-WAIygFZ-SALN0flMwew==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 d01e7742f82df0bbc1fb681d709ed69c.cloudfront.net (CloudFront), 1.1 google
date: Tue, 08 Nov 2022 22:02:14 GMT
age: 31127
etag: "8cafda5659f5b36c855a2bbcaeb03aa715ddeebd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6fadd94-b1a4-4bdc-bcf4-b6bade4840a0.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6fadd94-b1a4-4bdc-bcf4-b6bade4840a0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4e2853cc6ec6223160471401e6871f4b
f052e1f8b2bf4a8eeecfa5b82e27ada1b7719a0c
bf4b9145ea043d87a30fd3aeeae21a1a0aa27004cd2467e7aa843bc894ae1f60
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6fadd94-b1a4-4bdc-bcf4-b6bade4840a0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10462
x-amzn-requestid: 43480a38-fd89-4c47-b8c4-e6ba90b1321c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aMF6oEz_oAMF8Hg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634e5043-6617fd2e59cab00135301cdd;Sampled=0
x-amzn-remapped-date: Tue, 18 Oct 2022 07:05:39 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: C7GYpM3mXSf0hVyGO9Zzlxa3IHXHdyPlXsvr3i0GoQnaPZF6lO-OwA==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 09 Nov 2022 06:24:20 GMT
age: 1001
etag: "f052e1f8b2bf4a8eeecfa5b82e27ada1b7719a0c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2