r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d2560f62890e75b8de444fed96c22f52
334ce0c48e606ee029f31eeb1463af87b1024bb9
4397e6b45b5822fbab9b83abe0b96ee70efba7cd2160b51936159865ede5fdb1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4397E6B45B5822FBAB9B83ABE0B96EE70EFBA7CD2160B51936159865EDE5FDB1"
Last-Modified: Sun, 25 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4763
Expires: Tue, 27 Sep 2022 14:51:36 GMT
Date: Tue, 27 Sep 2022 13:32:13 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
143.204.55.36200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.36:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Alert, Backoff, Retry-After, Content-Length
Cache-Control: max-stale=0
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 27 Sep 2022 13:02:49 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Fvgp13Un7sqJX9ByF8hb7BQCTWxauC504EM0e-31CJOi___JR1wbHg==
Age: 1764
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
143.204.55.35200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 143.204.55.35:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Tue, 27 Sep 2022 09:24:14 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 6cb1d4b545e7beb4ead790454f4807c6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 7FKdVk6Csco00KRRR2HsfFgGMBmjYD4IQknlL_ynDTV4S5gIKXhcMw==
age: 14880
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 13:32:13 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
freeminecraft.social-cheats.com/
199.191.50.140200 OK 1.0 kB URL HTTP/1.1 freeminecraft.social-cheats.com/
IP 199.191.50.140:0
ASN #40034 CONFLUENCE-NETWORK-INC
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (856)
Hash 2ff4587cabfd1accd9789feef6afb765
7af82938124284e4fdb74fa98b5be24672434dda
7f3906542e91737fd4a4c736696bb0a015436903cd3855d2ee409812aebd3a1d
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: freeminecraft.social-cheats.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 13:32:13 GMT
Server: Apache
Referrer-Policy: no-referrer-when-downgrade
Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
Permissions-Policy: ch-ua-platform-version=(self https://dts.gnpge.com), ch-ua-model=(self https://dts.gnpge.com)
Expires: Mon, 22 Jul 2002 11:12:01 GMT
Cache-Control: private, no-cache
Pragma: no-cache
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_iseQsNMbIR9nTkydjF9Fv+NQ+DPvTI3Cq/srWAduUlh5lBc9SCutp1fpEm7gf93r1INiNZOy4nL6xlr4UNnyxg==
Cteonnt-Length: 1973
Keep-Alive: timeout=5, max=107
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Content-Length: 1039
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.36200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.36:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Tue, 27 Sep 2022 13:10:46 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Tue, 27 Sep 2022 14:05:16 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 e49f22f18c16784c0f42291e768d1daa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: gwl1tPv4sLbQ2lZmxeIyOyg58AWiZzNOchO4SyQ8XsoPex2chr57EQ==
Age: 1287
freeminecraft.social-cheats.com/px.js?ch=1
199.191.50.140200 OK 346 B URL HTTP/1.1 freeminecraft.social-cheats.com/px.js?ch=1
IP 199.191.50.140:0
ASN #40034 CONFLUENCE-NETWORK-INC
File type ASCII text, with very long lines (346), with no line terminators
Hash f84f931c0dd37448e03f0dabf4e4ca9f
9c2c50edcf576453ccc07bf65668bd23c76e8663
5c1d5fd46a88611c31ecbb8ffc1142a7e74ec7fb7d72bd3891131c880ef3f584
Analyzer Verdict Alert fortinet Malware
GET /px.js?ch=1 HTTP/1.1
Host: freeminecraft.social-cheats.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://freeminecraft.social-cheats.com/
Connection: keep-alive
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 13:32:14 GMT
Server: Apache
Referrer-Policy: no-referrer-when-downgrade
Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
Permissions-Policy: ch-ua-platform-version=(self https://dts.gnpge.com), ch-ua-model=(self https://dts.gnpge.com)
Last-Modified: Wed, 20 Jan 2021 10:45:10 GMT
ETag: "15a-5b952a63b81f1"
Accept-Ranges: bytes
Content-Length: 346
Keep-Alive: timeout=5, max=105
Connection: Keep-Alive
Content-Type: application/javascript
freeminecraft.social-cheats.com/px.js?ch=2
199.191.50.140200 OK 346 B URL HTTP/1.1 freeminecraft.social-cheats.com/px.js?ch=2
IP 199.191.50.140:0
ASN #40034 CONFLUENCE-NETWORK-INC
File type ASCII text, with very long lines (346), with no line terminators
Hash f84f931c0dd37448e03f0dabf4e4ca9f
9c2c50edcf576453ccc07bf65668bd23c76e8663
5c1d5fd46a88611c31ecbb8ffc1142a7e74ec7fb7d72bd3891131c880ef3f584
Analyzer Verdict Alert fortinet Malware
GET /px.js?ch=2 HTTP/1.1
Host: freeminecraft.social-cheats.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://freeminecraft.social-cheats.com/
Connection: keep-alive
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 13:32:14 GMT
Server: Apache
Referrer-Policy: no-referrer-when-downgrade
Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
Permissions-Policy: ch-ua-platform-version=(self https://dts.gnpge.com), ch-ua-model=(self https://dts.gnpge.com)
Last-Modified: Wed, 20 Jan 2021 10:45:10 GMT
ETag: "15a-5b952a63b81f1"
Accept-Ranges: bytes
Content-Length: 346
Keep-Alive: timeout=5, max=108
Connection: Keep-Alive
Content-Type: application/javascript
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash c18823050f86339eaa73ddb1bf80d64c
ac4ee81f59f706cee8a74458d498bbc20d8d351a
9a505647517bd02d8ff994fd4ad98dc2f4b519916145b0c327691420c1084c46
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2586
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 13:32:14 GMT
Last-Modified: Tue, 27 Sep 2022 12:49:08 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
34.216.192.228101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.216.192.228:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 0rY7eXn4jkpUWyWwHZA5sg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: oql2pynTUw+wSISj3L3V3S9pg0Y=
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 5a6097201b7da81f6e9a6d99a7353a0c
d4240fe80c76013b9f7b6fd09963aa47151b8d6a
519e9b47ddfa1e1fe047f4dc7df88e3011817f88144fcc3853a7984a781c2070
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "519E9B47DDFA1E1FE047F4DC7DF88E3011817F88144FCC3853A7984A781C2070"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2250
Expires: Tue, 27 Sep 2022 14:09:45 GMT
Date: Tue, 27 Sep 2022 13:32:15 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 5a6097201b7da81f6e9a6d99a7353a0c
d4240fe80c76013b9f7b6fd09963aa47151b8d6a
519e9b47ddfa1e1fe047f4dc7df88e3011817f88144fcc3853a7984a781c2070
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "519E9B47DDFA1E1FE047F4DC7DF88E3011817F88144FCC3853A7984A781C2070"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2250
Expires: Tue, 27 Sep 2022 14:09:45 GMT
Date: Tue, 27 Sep 2022 13:32:15 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 5a6097201b7da81f6e9a6d99a7353a0c
d4240fe80c76013b9f7b6fd09963aa47151b8d6a
519e9b47ddfa1e1fe047f4dc7df88e3011817f88144fcc3853a7984a781c2070
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "519E9B47DDFA1E1FE047F4DC7DF88E3011817F88144FCC3853A7984A781C2070"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2250
Expires: Tue, 27 Sep 2022 14:09:45 GMT
Date: Tue, 27 Sep 2022 13:32:15 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1bfe3adc-1955-4f21-9e44-c0bc53a4edc5.jpeg
34.120.237.76200 OK 9.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1bfe3adc-1955-4f21-9e44-c0bc53a4edc5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash deb8d1e3b6d7fbc8c8ba478269621676
84f5a4c8b38acde814bc790e5b514347718d5bb9
ed14fa766f0708b4166e83b61f160db5671af430917b7c67184bf18d9208742b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1bfe3adc-1955-4f21-9e44-c0bc53a4edc5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9163
x-amzn-requestid: 8ccd9b1f-bef9-4591-be32-e6dd98f4ee78
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZFlKpEZrIAMFS1Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63321bdd-4a40b9c8281b64c725fec0f1;Sampled=0
x-amzn-remapped-date: Mon, 26 Sep 2022 21:38:37 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: bs6HOUmHOoYKDuzBoVHhcr8d4HP4bBmwUF3EtOmwKXo7ozhfaIYEvw==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 21:39:07 GMT
age: 57188
etag: "84f5a4c8b38acde814bc790e5b514347718d5bb9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F171029d0-40d4-47b3-8936-8ba3b16b3212.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F171029d0-40d4-47b3-8936-8ba3b16b3212.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 347dca206e13a3b13953f0ab398310b4
be60bbc96c832ae385cc9ae5828bd32703011b21
f6da888a54a0c6c73466f2c2a72dd875514a39d81b760a6b0116b4dd56ef31dd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F171029d0-40d4-47b3-8936-8ba3b16b3212.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10211
x-amzn-requestid: 3ea4ac84-2465-4bd1-8ade-863de3c9576e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YbfSuGoQoAMF9oQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632145aa-7843b82728ead9a053c689d1;Sampled=0
x-amzn-remapped-date: Wed, 14 Sep 2022 03:08:26 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: p1vYTqYjOmYHjVmJ8f6qyT_nLIsyXsr7ZI-DI7JBF9RJa0ZJNPiluA==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 e95ec8f1dc02e32f0cb9e113963ceb4e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 21:56:23 GMT
age: 56152
etag: "be60bbc96c832ae385cc9ae5828bd32703011b21"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F79631135-a10c-43bf-85d2-fa2236b96883.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F79631135-a10c-43bf-85d2-fa2236b96883.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 62e68c3cd08dd94d910507512a67e85f
3d4fa8701f17e8818c25584ef5f04bfbee8440cd
058d798963f83f5fb88ab728185f755c5353fa981d93e1b6ff869089f501586b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F79631135-a10c-43bf-85d2-fa2236b96883.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13213
x-amzn-requestid: fe9ec409-2757-4910-8443-5b4d3be7efd3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZFlATEp8oAMFd9Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63321b9b-3230e97a4fe34413285eb578;Sampled=0
x-amzn-remapped-date: Mon, 26 Sep 2022 21:37:31 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: kRSg9NTTAgeAJgIZ_C9_rRodCX4bzGduJEvNPNHUya0Moa2vsmWSoQ==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 21:38:57 GMT
age: 57198
etag: "3d4fa8701f17e8818c25584ef5f04bfbee8440cd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F658e1cdd-3e54-47dd-9724-ec65659721ea.jpeg
34.120.237.76200 OK 6.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F658e1cdd-3e54-47dd-9724-ec65659721ea.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 14218a43c5e5bbce546735a780c8ccce
61676358cdbb2373bc644e66f8a84fbc8cc5daf6
905b1c30a2273aef69904f2eb1451c756fc1fdba02e86ea5c957629dd056aeda
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F658e1cdd-3e54-47dd-9724-ec65659721ea.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6390
x-amzn-requestid: b2681ff8-ab83-41e6-adef-3e6772c93c3f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZGFJ6Gc_oAMF44g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63324f0c-3dbf9f4e2047567b5abdbe74;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 01:17:00 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 8JXEBo_L_xKuKdeoOXEJ6FO7ZVsZVQzUmQFe7fYcxaHRQNEq1HWp6w==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 01:37:50 GMT
age: 42865
etag: "61676358cdbb2373bc644e66f8a84fbc8cc5daf6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2517fd65-65c6-43b1-93a6-b1205ba3f0f8.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2517fd65-65c6-43b1-93a6-b1205ba3f0f8.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5274e770cb5a704916c8965659709f4a
1a26007f761e439db575fb80fb403031260aecf4
e36e8be75c92feb9b416a46c5918356d8f9694894a799b7c10de21034d33d5ef
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2517fd65-65c6-43b1-93a6-b1205ba3f0f8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7455
x-amzn-requestid: 0887cd56-f324-46cf-a086-709e1c66f354
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZGBTdHmhoAMFvIw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633248e2-42391706084f335228fe3994;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 00:50:42 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: IWzfDNFlgYdqYnbQ9uWfOvqb5zl3I3mgTZrT5pU5P3EvetMRDN5P7w==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 ead78c395f4bede3ec6cd7ea180e3d3a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 01:06:47 GMT
age: 44728
etag: "1a26007f761e439db575fb80fb403031260aecf4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe94c315c-bcc5-4538-9c7b-7c0a9f2dccbc.jpeg
34.120.237.76200 OK 7.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe94c315c-bcc5-4538-9c7b-7c0a9f2dccbc.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2267eb0a20554688393db616344441ee
49546314082f2e4f4c4c2686cc0ca281ae6bae47
4e37955fb99beb25ceb9deb7c4398914af4192c2e3614e5d68cdafa8c85b256e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe94c315c-bcc5-4538-9c7b-7c0a9f2dccbc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7146
x-amzn-requestid: 0470759c-7b3e-4e73-a4fa-15f9f3919834
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZASNOGKzIAMFfaw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632ffd87-7856f7180fa1045a6092b335;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 07:04:39 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: Kxa2h6hEjuAgCj3z9G2K1FzuWUMA3c5-9LM8KpjqmdP9Zm8RPoSxGg==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 06:29:45 GMT
age: 25350
etag: "49546314082f2e4f4c4c2686cc0ca281ae6bae47"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ww3.social-cheats.com/
64.190.63.136200 OK 1.2 kB IP 64.190.63.136:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (639)
Hash 90eb5f7176800d4a4432366d5c583509
86015df3f651775e135ae6a1a2da01653d113c53
1874aaef0acf1aa80d5b5b839a22835c33fcd70517956a8605eca4048fabf62a
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: ww3.social-cheats.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://freeminecraft.social-cheats.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
date: Tue, 27 Sep 2022 13:32:16 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
vary: Accept-Encoding
expires: Mon, 26 Jul 1997 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_BAtlxQumnql0VpXdw/YN2PmZslnsT3pBomIaHFv6KyJ+Mk3khJXbxM0ufm6yvE10V7qHPxWBAiGms/qrOy189A==
last-modified: Tue, 27 Sep 2022 13:32:14 GMT
x-cache-miss-from: parking-75468f7c47-2bxdj
server: NginX
content-encoding: gzip
ww3.social-cheats.com/search/tsc.php?200=Mzg0MzIyNTQ5&21=OTEuOTAuNDIuMTU0&681=MTY2NDI4NTUzNjQyMWNmZWJkMTg2ZGNmYzMzNmYzYzFiMjdjNDNiZDE4&crc=9ac656f7eed92e8447c48c9734884e18134ba95a&cv=1
64.190.63.136200 OK 0 B URL HTTP/1.1 ww3.social-cheats.com/search/tsc.php?200=Mzg0MzIyNTQ5&21=OTEuOTAuNDIuMTU0&681=MTY2NDI4NTUzNjQyMWNmZWJkMTg2ZGNmYzMzNmYzYzFiMjdjNDNiZDE4&crc=9ac656f7eed92e8447c48c9734884e18134ba95a&cv=1
IP 64.190.63.136:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /search/tsc.php?200=Mzg0MzIyNTQ5&21=OTEuOTAuNDIuMTU0&681=MTY2NDI4NTUzNjQyMWNmZWJkMTg2ZGNmYzMzNmYzYzFiMjdjNDNiZDE4&crc=9ac656f7eed92e8447c48c9734884e18134ba95a&cv=1 HTTP/1.1
Host: ww3.social-cheats.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww3.social-cheats.com/
HTTP/1.1 200 OK
date: Tue, 27 Sep 2022 13:32:16 GMT
content-type: text/html; charset=UTF-8
content-length: 0
x-cache-miss-from: parking-75468f7c47-d2gj6
server: NginX
img.sedoparking.com/images/js_preloader.gif
205.234.175.175200 OK 4.3 kB URL HTTP/1.1 img.sedoparking.com/images/js_preloader.gif
IP 205.234.175.175:0
File type GIF image data, version 89a, 16 x 16\012- data
Hash 90c93102a88c2ab94bff1575b7a6e86e
56d71bf13de464534643db9d127629a0a3bf677a
5f6ad7031600056b578a6e8c6b34bc718d13125cc8256aa4a9050e549576f81a
GET /images/js_preloader.gif HTTP/1.1
Host: img.sedoparking.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww3.social-cheats.com/
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 13:32:16 GMT
Content-Type: image/gif
Content-Length: 4254
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=604800
Expires: Tue, 04 Oct 2022 13:32:16 GMT
X-CFHash: "90c93102a88c2ab94bff1575b7a6e86e"
X-CFF: B
Last-Modified: Fri, 15 Mar 2019 12:24:07 GMT
X-CF3: H
CF4Age: 156700
x-cf-tsc: 1648179742
CF4ttl: 31536000.000
X-CF2: H
Server: CFS 0215
X-CF-ReqID: 9757a455ea5866e778d81b3e0a5c002c
X-CF1: 11696:fA.arn1:cf:cacheN.arn1-01:H
Accept-Ranges: bytes
ww3.social-cheats.com/search/redirect.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3Dfjy8GfUWScc_0&v=NmNlOGNjZmQ1NTBiM2ZhOTQ4MTU4MzAwMDcxZjY3NDAJMQl3dzMuc29jaWFsLWNoZWF0cy5jb202MzMyZmI1ZTU0NDc4Mi4zMzczODI4NAl3dzMuc29jaWFsLWNoZWF0cy5jb202MzMyZmI1ZTU0NGEzNC42NjU1NTQwNgkxNjY0Mjg1NTM2CWFkXzYzXzA=&l=OAk1YzQ1OWM2N2ZkZTBjMDUzZWY2YWM4Y2ZhNjgzZWRiNgkwCTM1CTAJYTZmNWE3YjNiOTI0NWIwODBlOTBjZmYyOGFjNzFiMjEJMzg0MzIyNTQ5CXNvY2lhbC1jaGVhdHMJMAk2Mwk2CTIJMTY2NDI4NTUzNgkwLjAwMDQ5NQlOCTAJMQkxODA1CTEyMDUJMTg4NzU5NDgyCTkxLjkwLjQyLjE1NAkw
64.190.63.136302 Found 0 B URL HTTP/1.1 ww3.social-cheats.com/search/redirect.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3Dfjy8GfUWScc_0&v=NmNlOGNjZmQ1NTBiM2ZhOTQ4MTU4MzAwMDcxZjY3NDAJMQl3dzMuc29jaWFsLWNoZWF0cy5jb202MzMyZmI1ZTU0NDc4Mi4zMzczODI4NAl3dzMuc29jaWFsLWNoZWF0cy5jb202MzMyZmI1ZTU0NGEzNC42NjU1NTQwNgkxNjY0Mjg1NTM2CWFkXzYzXzA=&l=OAk1YzQ1OWM2N2ZkZTBjMDUzZWY2YWM4Y2ZhNjgzZWRiNgkwCTM1CTAJYTZmNWE3YjNiOTI0NWIwODBlOTBjZmYyOGFjNzFiMjEJMzg0MzIyNTQ5CXNvY2lhbC1jaGVhdHMJMAk2Mwk2CTIJMTY2NDI4NTUzNgkwLjAwMDQ5NQlOCTAJMQkxODA1CTEyMDUJMTg4NzU5NDgyCTkxLjkwLjQyLjE1NAkw
IP 64.190.63.136:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /search/redirect.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3Dfjy8GfUWScc_0&v=NmNlOGNjZmQ1NTBiM2ZhOTQ4MTU4MzAwMDcxZjY3NDAJMQl3dzMuc29jaWFsLWNoZWF0cy5jb202MzMyZmI1ZTU0NDc4Mi4zMzczODI4NAl3dzMuc29jaWFsLWNoZWF0cy5jb202MzMyZmI1ZTU0NGEzNC42NjU1NTQwNgkxNjY0Mjg1NTM2CWFkXzYzXzA=&l=OAk1YzQ1OWM2N2ZkZTBjMDUzZWY2YWM4Y2ZhNjgzZWRiNgkwCTM1CTAJYTZmNWE3YjNiOTI0NWIwODBlOTBjZmYyOGFjNzFiMjEJMzg0MzIyNTQ5CXNvY2lhbC1jaGVhdHMJMAk2Mwk2CTIJMTY2NDI4NTUzNgkwLjAwMDQ5NQlOCTAJMQkxODA1CTEyMDUJMTg4NzU5NDgyCTkxLjkwLjQyLjE1NAkw HTTP/1.1
Host: ww3.social-cheats.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww3.social-cheats.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
date: Tue, 27 Sep 2022 13:32:16 GMT
content-type: text/html; charset=UTF-8
content-length: 0
expires: Mon, 26 Jul 1997 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
last-modified: Tue, 27 Sep 2022 13:32:16 GMT
location: /search/tcerider.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3Dfjy8GfUWScc_0&v=NmNlOGNjZmQ1NTBiM2ZhOTQ4MTU4MzAwMDcxZjY3NDAJMQl3dzMuc29jaWFsLWNoZWF0cy5jb202MzMyZmI1ZTU0NDc4Mi4zMzczODI4NAl3dzMuc29jaWFsLWNoZWF0cy5jb202MzMyZmI1ZTU0NGEzNC42NjU1NTQwNgkxNjY0Mjg1NTM2CWFkXzYzXzA=&l=OAk1YzQ1OWM2N2ZkZTBjMDUzZWY2YWM4Y2ZhNjgzZWRiNgkwCTM1CTAJYTZmNWE3YjNiOTI0NWIwODBlOTBjZmYyOGFjNzFiMjEJMzg0MzIyNTQ5CXNvY2lhbC1jaGVhdHMJMAk2Mwk2CTIJMTY2NDI4NTUzNgkwLjAwMDQ5NQlOCTAJMQkxODA1CTEyMDUJMTg4NzU5NDgyCTkxLjkwLjQyLjE1NAkw
x-cache-miss-from: parking-75468f7c47-v9czt
server: NginX
ww3.social-cheats.com/search/tcerider.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3Dfjy8GfUWScc_0&v=NmNlOGNjZmQ1NTBiM2ZhOTQ4MTU4MzAwMDcxZjY3NDAJMQl3dzMuc29jaWFsLWNoZWF0cy5jb202MzMyZmI1ZTU0NDc4Mi4zMzczODI4NAl3dzMuc29jaWFsLWNoZWF0cy5jb202MzMyZmI1ZTU0NGEzNC42NjU1NTQwNgkxNjY0Mjg1NTM2CWFkXzYzXzA=&l=OAk1YzQ1OWM2N2ZkZTBjMDUzZWY2YWM4Y2ZhNjgzZWRiNgkwCTM1CTAJYTZmNWE3YjNiOTI0NWIwODBlOTBjZmYyOGFjNzFiMjEJMzg0MzIyNTQ5CXNvY2lhbC1jaGVhdHMJMAk2Mwk2CTIJMTY2NDI4NTUzNgkwLjAwMDQ5NQlOCTAJMQkxODA1CTEyMDUJMTg4NzU5NDgyCTkxLjkwLjQyLjE1NAkw
64.190.63.136302 Found 311 B URL HTTP/1.1 ww3.social-cheats.com/search/tcerider.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3Dfjy8GfUWScc_0&v=NmNlOGNjZmQ1NTBiM2ZhOTQ4MTU4MzAwMDcxZjY3NDAJMQl3dzMuc29jaWFsLWNoZWF0cy5jb202MzMyZmI1ZTU0NDc4Mi4zMzczODI4NAl3dzMuc29jaWFsLWNoZWF0cy5jb202MzMyZmI1ZTU0NGEzNC42NjU1NTQwNgkxNjY0Mjg1NTM2CWFkXzYzXzA=&l=OAk1YzQ1OWM2N2ZkZTBjMDUzZWY2YWM4Y2ZhNjgzZWRiNgkwCTM1CTAJYTZmNWE3YjNiOTI0NWIwODBlOTBjZmYyOGFjNzFiMjEJMzg0MzIyNTQ5CXNvY2lhbC1jaGVhdHMJMAk2Mwk2CTIJMTY2NDI4NTUzNgkwLjAwMDQ5NQlOCTAJMQkxODA1CTEyMDUJMTg4NzU5NDgyCTkxLjkwLjQyLjE1NAkw
IP 64.190.63.136:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 0c865db99c9663685f6f6d327974a22a
68121f010426faac39ba57f73f71d11ddc304829
73e3918a739d80565cfa0cdf4829691dda01442e726edf51d06732951584344d
GET /search/tcerider.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3Dfjy8GfUWScc_0&v=NmNlOGNjZmQ1NTBiM2ZhOTQ4MTU4MzAwMDcxZjY3NDAJMQl3dzMuc29jaWFsLWNoZWF0cy5jb202MzMyZmI1ZTU0NDc4Mi4zMzczODI4NAl3dzMuc29jaWFsLWNoZWF0cy5jb202MzMyZmI1ZTU0NGEzNC42NjU1NTQwNgkxNjY0Mjg1NTM2CWFkXzYzXzA=&l=OAk1YzQ1OWM2N2ZkZTBjMDUzZWY2YWM4Y2ZhNjgzZWRiNgkwCTM1CTAJYTZmNWE3YjNiOTI0NWIwODBlOTBjZmYyOGFjNzFiMjEJMzg0MzIyNTQ5CXNvY2lhbC1jaGVhdHMJMAk2Mwk2CTIJMTY2NDI4NTUzNgkwLjAwMDQ5NQlOCTAJMQkxODA1CTEyMDUJMTg4NzU5NDgyCTkxLjkwLjQyLjE1NAkw HTTP/1.1
Host: ww3.social-cheats.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww3.social-cheats.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
date: Tue, 27 Sep 2022 13:32:16 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
expires: Mon, 26 Jul 1997 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
last-modified: Tue, 27 Sep 2022 13:32:16 GMT
location: http://xml.sedodna.com/click?i=fjy8GfUWScc_0
x-cache-miss-from: parking-75468f7c47-8spg2
server: NginX
xml.sedodna.com/click?i=fjy8GfUWScc_0
173.239.53.32302 Found 0 B URL HTTP/1.1 xml.sedodna.com/click?i=fjy8GfUWScc_0
IP 173.239.53.32:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?i=fjy8GfUWScc_0 HTTP/1.1
Host: xml.sedodna.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww3.social-cheats.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: http://q2.quotes.com/cc7799c8-3e68-11ed-a3f0-d3767ede42b8
Pragma: no-cache
q2.quotes.com/cc7799c8-3e68-11ed-a3f0-d3767ede42b8
23.19.76.168200 OK 170 B URL HTTP/1.1 q2.quotes.com/cc7799c8-3e68-11ed-a3f0-d3767ede42b8
IP 23.19.76.168:0
ASN #395954 LEASEWEB-USA-LAX-11
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with no line terminators
Hash 33b3faee43e67edc98e053269ed82501
1bc7fc9993ea407e690d26d429a1227d0b98e007
68a2c45b4535ad0605e2b8963091c6241e8c1e6928c0c6991ba57d066927bb49
GET /cc7799c8-3e68-11ed-a3f0-d3767ede42b8 HTTP/1.1
Host: q2.quotes.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww3.social-cheats.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 170
content-type: text/html; charset=utf-8
date: Tue, 27 Sep 2022 13:32:16 GMT
server: nginx
q2.quotes.com/cc7799c8-3e68-11ed-a3f0-d3767ede42b8?hr=1
23.19.76.168302 Found 11 B URL HTTP/1.1 q2.quotes.com/cc7799c8-3e68-11ed-a3f0-d3767ede42b8?hr=1
IP 23.19.76.168:0
ASN #395954 LEASEWEB-USA-LAX-11
File type ASCII text, with no line terminators
Hash 32682312d17c7cbf18e73594f5570319
60e22121bdd0bc71cdb2bae2a3aa577006b2eae9
e55fb1a1d731153e943b68844af12dcce8bfac917c98ffdea64c80da0607dd47
GET /cc7799c8-3e68-11ed-a3f0-d3767ede42b8?hr=1 HTTP/1.1
Host: q2.quotes.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 11
date: Tue, 27 Sep 2022 13:32:16 GMT
location: http://irene-eux.com/zcvisitor/cc823685-3e68-11ed-a2c3-128ef956fbcb/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=cc93c2b3-3e68-11ed-a2c3-128ef956fbcb
server: nginx
irene-eux.com/zcvisitor/cc823685-3e68-11ed-a2c3-128ef956fbcb/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=cc93c2b3-3e68-11ed-a2c3-128ef956fbcb
52.45.156.125200 996 B URL HTTP/1.1 irene-eux.com/zcvisitor/cc823685-3e68-11ed-a2c3-128ef956fbcb/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=cc93c2b3-3e68-11ed-a2c3-128ef956fbcb
IP 52.45.156.125:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 6e6811d4d3f1c7454bc297d0483e2ba7
9565d1d9d6c8ced9fae61f96ce62c304a07c341c
095f8c8beca2fb7f84899bab4b83069374e6a3e289a0edbf1f530f6ad109daf8
GET /zcvisitor/cc823685-3e68-11ed-a2c3-128ef956fbcb/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=cc93c2b3-3e68-11ed-a2c3-128ef956fbcb HTTP/1.1
Host: irene-eux.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200
Date: Tue, 27 Sep 2022 13:32:17 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Server: EKoQCdPq
irene-eux.com/zcredirect?visitid=cc823685-3e68-11ed-a2c3-128ef956fbcb&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false
52.45.156.125200 400 B URL HTTP/1.1 irene-eux.com/zcredirect?visitid=cc823685-3e68-11ed-a2c3-128ef956fbcb&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false
IP 52.45.156.125:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a93e2ccfd8307fc6907e2ee5061f4089
c17d4556b9099000ccf225841e71527710a75aa8
0aacb8ef5e3238701d4f8253af94a6ead57cf4dcab5429d44b9d945ac90a37f0
GET /zcredirect?visitid=cc823685-3e68-11ed-a2c3-128ef956fbcb&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false HTTP/1.1
Host: irene-eux.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://irene-eux.com/zcvisitor/cc823685-3e68-11ed-a2c3-128ef956fbcb/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=cc93c2b3-3e68-11ed-a2c3-128ef956fbcb
Upgrade-Insecure-Requests: 1
HTTP/1.1 200
Date: Tue, 27 Sep 2022 13:32:17 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
redirected: JS
Server: pQCHrPmM
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a54636a38ff6a1a1b2f0c4b34706c2ea
436e256dc7ebe1b8e4f10c313fdcd17339da0836
e5e05eea56c03711b23928080dd0a4343ef4b5cc2329b555cbab208308706c54
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E5E05EEA56C03711B23928080DD0A4343EF4B5CC2329B555CBAB208308706C54"
Last-Modified: Mon, 26 Sep 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2941
Expires: Tue, 27 Sep 2022 14:21:18 GMT
Date: Tue, 27 Sep 2022 13:32:17 GMT
Connection: keep-alive
eu.pushnow.net/postback/click?key=v2-1664285534793-4-8763-999800-c813cee2-94e1-13bd-b599-9b1339056db3
38.100.129.196200 OK 2.1 kB URL HTTP/2 eu.pushnow.net/postback/click?key=v2-1664285534793-4-8763-999800-c813cee2-94e1-13bd-b599-9b1339056db3
IP 38.100.129.196:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 1f8570f13b82329433155f98b5fc6184
756df22f4a8abe8707a5f5f4a52d32b6b331f140
02b8c9585748408390f533880b330dc3b833b375782e79aa521dd0536ff745e2
GET /postback/click?key=v2-1664285534793-4-8763-999800-c813cee2-94e1-13bd-b599-9b1339056db3 HTTP/1.1
Host: eu.pushnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://irene-eux.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty/1.15.8.3
date: Tue, 27 Sep 2022 13:32:17 GMT
content-type: text/html;charset=UTF-8
content-length: 2089
X-Firefox-Spdy: h2
eu.pushnow.net/postback/click?key=v2-1664285534793-4-8763-999800-c813cee2-94e1-13bd-b599-9b1339056db3&token=68c9f8447eddeddf29dcf9d321b9e7fe&timezone=0&iframe_test=false&webdriver_test=false
38.100.129.196302 Found 0 B URL HTTP/2 eu.pushnow.net/postback/click?key=v2-1664285534793-4-8763-999800-c813cee2-94e1-13bd-b599-9b1339056db3&token=68c9f8447eddeddf29dcf9d321b9e7fe&timezone=0&iframe_test=false&webdriver_test=false
IP 38.100.129.196:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /postback/click?key=v2-1664285534793-4-8763-999800-c813cee2-94e1-13bd-b599-9b1339056db3&token=68c9f8447eddeddf29dcf9d321b9e7fe&timezone=0&iframe_test=false&webdriver_test=false HTTP/1.1
Host: eu.pushnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eu.pushnow.net/postback/click?key=v2-1664285534793-4-8763-999800-c813cee2-94e1-13bd-b599-9b1339056db3
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 302 Found
server: openresty/1.15.8.3
date: Tue, 27 Sep 2022 13:32:18 GMT
content-length: 0
set-cookie: platform_user_id=desktop:7980a459be274bf511db30c901634a36
platform_user_id_3rd_party=desktop:7980a459be274bf511db30c901634a36; SameSite=None; Secure; Max-Age=31556952
location: https://traffic.dealsfor.life/track?q=D59Bl199uk
X-Firefox-Spdy: h2
mediaflowmanager.com/redirtrk?country=NO&ch=O&ds=R1
54.230.111.84302 Found 193 B URL HTTP/2 mediaflowmanager.com/redirtrk?country=NO&ch=O&ds=R1
IP 54.230.111.84:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Hash 1b14445d51d80a72bf3c8d23e2ab4858
31b55564eb0413c38e425474de30d808c816d3c4
50231beb9464f2b11df2dc6cfb9793c58566b6d4bdc49913ecb98491ec80abf7
GET /redirtrk?country=NO&ch=O&ds=R1 HTTP/1.1
Host: mediaflowmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://traffic.dealsfor.life/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=utf-8
content-length: 193
date: Tue, 27 Sep 2022 13:32:18 GMT
x-amzn-requestid: 98d7d76f-433d-4f97-97b6-3bdca911365d
origin: https://www.facebook.com/
referer: https://www.facebook.com/
x-amz-apigw-id: ZHw3eG7GPHcFszQ=
x-amzn-trace-id: Root=1-6332fb62-04f788547aef22dc06e6afbb;Sampled=0
x-cache: Miss from cloudfront
via: 1.1 e2f427863e6bdb72ad8bed72b596d81e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: sSMdBpYC_5s2iPSWVCYri1ZsmOT6R8VOFRLdWJE87QHhiVpWyoRbWw==
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash b604d5278608215dc03b888b75dddd27
ab15510e97db558bd7030bf16d230281604d70ed
1ef09c9f43706fa46142f120706db208bc019d95b4692518d2e08c1579c574c5
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 13:32:19 GMT
Server: ECS (amb/6BAD)
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash b604d5278608215dc03b888b75dddd27
ab15510e97db558bd7030bf16d230281604d70ed
1ef09c9f43706fa46142f120706db208bc019d95b4692518d2e08c1579c574c5
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 0
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 13:32:19 GMT
Last-Modified: Tue, 27 Sep 2022 13:32:19 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 279
cdn.dealsfor.life/23x9/GG201910181329540253000000000000_bandeira_noruega.jpg
172.67.165.237200 OK 389 B URL HTTP/2 cdn.dealsfor.life/23x9/GG201910181329540253000000000000_bandeira_noruega.jpg
IP 172.67.165.237:0
File type PNG image data, 23 x 9, 8-bit/color RGB, non-interlaced\012- data
Hash 3985c40fe38e6b8cb2b7de1b2987cffe
7c0328120073e47ffe990c218a3318c8edd675c5
c82d89e379fa3c6a82fcf1b943144c7f61f007828904ff2beccfe127396e9369
GET /23x9/GG201910181329540253000000000000_bandeira_noruega.jpg HTTP/1.1
Host: cdn.dealsfor.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.fashiondecoder.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 13:32:19 GMT
content-type: image/png
content-length: 389
x-amz-id-2: IiusZnti6Fc7BErGOmKVn5uyZZ1stcsC2EzgNj+4XO4RSAaDs23tubfUnp2QwmDDN7MmZncjAhM=
x-amz-request-id: 5V2P1FFTF27KNSDX
last-modified: Thu, 28 Nov 2019 03:36:17 GMT
etag: "3985c40fe38e6b8cb2b7de1b2987cffe"
cache-control: max-age=86400
cf-cache-status: HIT
age: 3101
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tub1DZpCaF%2BmmnJ0wJ43VOffnIp0yZL6ckO9jb5q51O%2Bf0NEx1VCNsqi3%2B6LCzs6sa7ySG2tps39umpXrxayIoilw%2BT81rKD1eNMT1xf4uUDAfEYXgEYWqSk6aW84RFu%2BT%2BDUA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75149acd8dd90b69-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.dealsfor.life/GG202201121433040636000000000000_1.png
172.67.165.237200 OK 825 kB URL HTTP/2 cdn.dealsfor.life/GG202201121433040636000000000000_1.png
IP 172.67.165.237:0
File type PNG image data, 1920 x 1080, 8-bit/color RGBA, non-interlaced\012- data
Size 825 kB (825065 bytes)
Hash bd38e5a8a10717b7b913b02544e9d27b
565017346c2ac4ef3c06523cd2322546f7867010
1d7d7052bdb33af2d9c1abb4b0f9af40d6fd62b76af225a3130553df059ce1b8
GET /GG202201121433040636000000000000_1.png HTTP/1.1
Host: cdn.dealsfor.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.fashiondecoder.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 13:32:19 GMT
content-type: image/png
content-length: 825065
x-amz-id-2: wGKiMmlhOcyfz0NgQkf35R+2bAIAsZglMsvV4gI4prTx2oVel410j3mab7k+8B99V5Oz8slSCUI=
x-amz-request-id: B8963E30Z5ZRTGM4
last-modified: Wed, 12 Jan 2022 14:33:05 GMT
etag: "bd38e5a8a10717b7b913b02544e9d27b"
cache-control: max-age=86400
cf-cache-status: HIT
age: 968
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gRSqVQY2EXk1obH9fi1Da7Wox5zWqH1aK%2B9r4TY6ZUA0%2FPLdakLi2zwqVD1OmXsgmycT%2BN3hi1Kfkv1ZyLUJ53RqjTcNalklTpwfvd19xCeBl1jqMWQvxwqRbmy%2FDTu6%2B4rYpw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75149acd6dbc0b69-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.dealsfor.life/GG202201111204240943000000000000_4.png
172.67.165.237200 OK 841 kB URL HTTP/2 cdn.dealsfor.life/GG202201111204240943000000000000_4.png
IP 172.67.165.237:0
File type PNG image data, 1920 x 1080, 8-bit/color RGBA, non-interlaced\012- data
Size 841 kB (841133 bytes)
Hash 7a525657b6ffe67f32e407706148ddb0
4273d4538b19e12aeb8a9e5af888346a4c7aee5d
bc047e582485d912f139a906c0807c644bf18cd96278fb3b60d0a98657345248
GET /GG202201111204240943000000000000_4.png HTTP/1.1
Host: cdn.dealsfor.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.fashiondecoder.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 13:32:19 GMT
content-type: image/png
content-length: 841133
x-amz-id-2: F4K2Aa+InR/ZZ8nW6r3R8lw1kECwfug++2gCnFR4m0uWCdZbdDcc/+6SlPMI+3dEDMXJqb/1MMI=
x-amz-request-id: B07ZSPKA2K4TAE1B
last-modified: Tue, 11 Jan 2022 12:04:25 GMT
etag: "7a525657b6ffe67f32e407706148ddb0"
cache-control: max-age=86400
cf-cache-status: HIT
age: 661
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gGyaEcof8AYPljyDvRGqfEp2%2BcYKtTM%2BspcZ0Wmi5IO9Q1emimR5SVzCheMdy%2Fe%2B42r3XtZ2KGszgzxtutFTiezlRn6d9oIgBXKGKvHgdaOi5fHlLPXWnEY2p8sd5BW8dHpnvg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75149acd7dc20b69-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.dealsfor.life/GG202201111921470046000000000000_4.png
172.67.165.237200 OK 1.1 MB URL HTTP/2 cdn.dealsfor.life/GG202201111921470046000000000000_4.png
IP 172.67.165.237:0
File type PNG image data, 1920 x 1080, 8-bit/color RGBA, non-interlaced\012- data
Size 1.1 MB (1116582 bytes)
Hash b71fbc9bb252a87e95c41a1bc751aa42
8aa4a66317a76eb9be0efd9be66be2d82183ef68
2498159561d775d02ca39d0e97d0dd4bedf8b6500926df5aefa0ff4caab4d106
GET /GG202201111921470046000000000000_4.png HTTP/1.1
Host: cdn.dealsfor.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.fashiondecoder.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 13:32:19 GMT
content-type: image/png
content-length: 1116582
x-amz-id-2: KR4tI1APTdhbu8uive1166r6OZ/9DLXxwxmAivLoC+PBO85gEEsfJykebUdHUlEmD2ZBwy504Fc=
x-amz-request-id: 1PEZM3N7G900XEPG
last-modified: Tue, 11 Jan 2022 19:21:48 GMT
etag: "b71fbc9bb252a87e95c41a1bc751aa42"
cache-control: max-age=86400
cf-cache-status: HIT
age: 968
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=86HqWkTBLlA3PxOMy1l8Wldqoqu5WKW2KZnDyXOpG1dhrl8zjPKP4I69GCKlMJrgSf9l3eQFqOXAAeGMiHrzViwhLDO4okI2k0ZIIxU91aoJTZdk6ow526xUwY%2BYTlWwwA9MGA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75149acd7dc10b69-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.dealsfor.life/GG202201111947580952000000000000_1.png
172.67.165.237200 OK 2.7 MB URL HTTP/2 cdn.dealsfor.life/GG202201111947580952000000000000_1.png
IP 172.67.165.237:0
File type PNG image data, 1920 x 1080, 8-bit/color RGBA, non-interlaced\012- data
Size 2.7 MB (2672283 bytes)
Hash 7b884c9f1dadd5c7c5779b4c349e1d9b
391cf208fa171a6f4e8c5b60427c36bb69abf78a
78ee49247c78320b5a96e0b7698d1dfa5ba95d52841a681fbd1202a6310c466d
GET /GG202201111947580952000000000000_1.png HTTP/1.1
Host: cdn.dealsfor.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.fashiondecoder.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 13:32:19 GMT
content-type: image/png
content-length: 2672283
x-amz-id-2: xThiU/j6phdyP729U8E2cnm2oHMk+uQKIpR8wUUI5hqQBiBIJNF6x87birxuaen9NSHlrFVhqaY=
x-amz-request-id: 1PEGHXZ4YGNGY4TX
last-modified: Tue, 11 Jan 2022 19:47:59 GMT
etag: "7b884c9f1dadd5c7c5779b4c349e1d9b"
cache-control: max-age=86400
cf-cache-status: HIT
age: 968
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sEyCSODkkpJpAF%2FAXnDlLr7Lhg7KKB6PKs0rxWgsVN5vs5qWmmLUtuiSTIk%2B0s6pmB8uP7AnyCzPXQqbgwq15YKK1NbnAuiF4TWtXmqn7mjK%2Fn9vi1H19ZWBQO6Ush%2F6ZfDp7Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75149acd7dc00b69-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.dealsfor.life/GG202112211439260117000000000000_1.png
172.67.165.237200 OK 1.9 MB URL HTTP/2 cdn.dealsfor.life/GG202112211439260117000000000000_1.png
IP 172.67.165.237:0
File type PNG image data, 1920 x 1080, 8-bit/color RGBA, non-interlaced\012- data
Size 1.9 MB (1906341 bytes)
Hash 8f699197f548c998c797ff7cfcb7cf39
e8374733693c9f9e25d16cde2e448403b91162bf
a76295f0327e37c07247de24bf30bed2f28e73cb6ef322cfa1f6abff9b0ec36e
GET /GG202112211439260117000000000000_1.png HTTP/1.1
Host: cdn.dealsfor.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.fashiondecoder.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 13:32:19 GMT
content-type: image/png
content-length: 1906341
x-amz-id-2: G/bkj7g0pw3qhxjaCCNQVFNsnADuiZt590NrFco2UeDLI5QWs5kC7RPqcM6M/BM/2IT2sqU9dIQ=
x-amz-request-id: 1PEN5XR7D4KMDFV7
last-modified: Tue, 21 Dec 2021 14:39:27 GMT
etag: "8f699197f548c998c797ff7cfcb7cf39"
cache-control: max-age=86400
cf-cache-status: HIT
age: 661
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AUxtowc4x9RqyZ9k9upGT6ssjy238W9o49Zw2PHRRxu7bTnrnBcgltNZ7UxaJD13d8gWsqonIpnTGaGlVAV7nNVVPjOOn4zUecP5cQIMTvGUUnjxFf1EhXfpyFnX1yG%2BtLkPXA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75149acd8ddb0b69-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash bfc8c650e23854f708a3dd54fca4393f
b54c061cf5a5306a68112d403471914e839a68c8
84b8c36947944ea94b27e053f2abb944e6951157e256991f8b1523b9cacfe362
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 13:32:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
use.fontawesome.com/releases/v5.7.2/css/all.css
172.64.132.15200 OK 12 kB URL HTTP/2 use.fontawesome.com/releases/v5.7.2/css/all.css
IP 172.64.132.15:0
File type ASCII text, with very long lines (54456), with no line terminators
Hash 69126eb8b2a0a562e11743ca0e114ef0
9d026181c8174808c596a9afd6dc2a8afb796731
9a50399146b2ab4eee0f3b155a7a5578d129171ac55cacc903337c0a7e05ec2b
GET /releases/v5.7.2/css/all.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.fashiondecoder.com
Connection: keep-alive
Referer: https://www.fashiondecoder.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 27 Sep 2022 13:32:19 GMT
content-type: text/css
x-amz-id-2: nLku0na3ZaBlkBqnAZGQaY8uMwwJjeZtPvGJ1Auv0p8Q5IalaIS5saXiOy/+bYyTuO8Ac6I6/5E=
x-amz-request-id: 8NH0A70ZVDDFX7ZA
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Wed, 30 Jun 2021 15:45:57 GMT
etag: W/"7b1d7f457d056ace7b230b587b9f3753"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 29051806
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FwNTLEtDScfLelNo5rjGyz%2BSv3LXocjcRNCJ81hlNal0KYU18Mnv86RpqbpHFVkJRrec6FzafDWrqjckGxmzXmYoHsVHC9qkGaBvqI6uvRAwKTiS0v%2BCdregVgl0p6QNxy48X84s"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75149acd88df72b2-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash bfc8c650e23854f708a3dd54fca4393f
b54c061cf5a5306a68112d403471914e839a68c8
84b8c36947944ea94b27e053f2abb944e6951157e256991f8b1523b9cacfe362
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 13:32:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash bfc8c650e23854f708a3dd54fca4393f
b54c061cf5a5306a68112d403471914e839a68c8
84b8c36947944ea94b27e053f2abb944e6951157e256991f8b1523b9cacfe362
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 13:32:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash bfc8c650e23854f708a3dd54fca4393f
b54c061cf5a5306a68112d403471914e839a68c8
84b8c36947944ea94b27e053f2abb944e6951157e256991f8b1523b9cacfe362
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 13:32:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
use.fontawesome.com/releases/v5.7.2/webfonts/fa-solid-900.woff2
172.64.132.15200 OK 74 kB URL HTTP/2 use.fontawesome.com/releases/v5.7.2/webfonts/fa-solid-900.woff2
IP 172.64.132.15:0
File type Web Open Font Format (Version 2), TrueType, length 74348, version 329.31064\012- data
Hash 462806316fea535a6a57651bc2b000b0
80644191098f863f25be27841c0d92c452cf2327
4f9ee3d8f6e621642979e6a8f7e75c57cb9da34918cc08a38abfe178dbae1dd2
GET /releases/v5.7.2/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.fashiondecoder.com
Connection: keep-alive
Referer: https://use.fontawesome.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 13:32:20 GMT
content-type: font/woff2
content-length: 74348
x-amz-id-2: ZrnitKSi05fcN9VWk2gempyglgk1/YmY3+CWILoTf3Gy0DBHiXEq0B0vbHzviVVOePM9q/OH/18=
x-amz-request-id: SPVM764Q93SC1837
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Wed, 30 Jun 2021 15:46:18 GMT
etag: "462806316fea535a6a57651bc2b000b0"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 1437837
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=64V9JCEkjWKk3K955QR8HnAfbI7nI5aaL9qzfOrZH%2BJ0IorVDHvwoqhfgRvZ75JG%2BQj%2BdXxWOM6EQkeMhCaUqRh1TYBgoT28Cy4Ur6%2FAP6hKWD8%2F43aiEUsJ6JxWSLhnP41qwWxe"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75149ad1be7772b2-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
use.fontawesome.com/releases/v5.7.2/webfonts/fa-brands-400.woff2
172.64.132.15200 OK 72 kB URL HTTP/2 use.fontawesome.com/releases/v5.7.2/webfonts/fa-brands-400.woff2
IP 172.64.132.15:0
File type Web Open Font Format (Version 2), TrueType, length 72112, version 329.31064\012- data
Hash 4b115e1153a9ea339d6a0bb284cc8ed3
f988b2efe9434b0af28943708d33dd3afad9a5ba
d5f471476e1636e23b00991ae8a85d3703ada55bc6d6162472a28aa94fa64d4e
GET /releases/v5.7.2/webfonts/fa-brands-400.woff2 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.fashiondecoder.com
Connection: keep-alive
Referer: https://use.fontawesome.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 13:32:20 GMT
content-type: font/woff2
content-length: 72112
x-amz-id-2: jKbKtnmXh73WtHcHdFjXdXMB4ameBmMVbdDWsVy280Dn18xrje1bG3a+RP4mjD4hllgw3pI+dsA=
x-amz-request-id: MXD5DAHP43C3HBZ4
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Wed, 30 Jun 2021 15:46:18 GMT
etag: "4b115e1153a9ea339d6a0bb284cc8ed3"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 390134
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nwS5t4Qyj4cfDlZ7geMeL%2Fx2WcVMTkGKhK4v%2BaQQzGOOGCUv7%2FQ4hSrEjy%2F7ov8S0yw122kPcgMuI5bDVLt9SProT87Pmicl6hZpqKeSia15yqqQvrplWrT%2FBCxOryebJmvn0dwK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75149ad1eecb72b2-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 737756d717fd215d94458a21028ae486
ee3c3097bcb2ff3f5482b0dc6056b1549afa8f1f
8e705bae2060960e1b2f79c42ebc445d52f307aeac41b34d3a1789879e51b85a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 13:32:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 737756d717fd215d94458a21028ae486
ee3c3097bcb2ff3f5482b0dc6056b1549afa8f1f
8e705bae2060960e1b2f79c42ebc445d52f307aeac41b34d3a1789879e51b85a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 13:32:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/lora/v26/0QIvMX1D_JOuMwr7Iw.woff2
142.250.74.163200 OK 36 kB URL HTTP/2 fonts.gstatic.com/s/lora/v26/0QIvMX1D_JOuMwr7Iw.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 35660, version 1.0\012- data
Hash 0d0d3e5824e5e67a9e993960df2b67a9
328d67bb1d5899a7809df9f4385181863fd035f1
38da98e06ba18c4204f547d30572cd81a2dd3fd5438d306856d2617480ee8639
GET /s/lora/v26/0QIvMX1D_JOuMwr7Iw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.fashiondecoder.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 35660
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 26 Sep 2022 19:24:26 GMT
expires: Tue, 26 Sep 2023 19:24:26 GMT
cache-control: public, max-age=31536000
age: 65274
last-modified: Mon, 15 Aug 2022 18:07:59 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 737756d717fd215d94458a21028ae486
ee3c3097bcb2ff3f5482b0dc6056b1549afa8f1f
8e705bae2060960e1b2f79c42ebc445d52f307aeac41b34d3a1789879e51b85a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 13:32:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.webpushr.com/sw-server.min.js
178.62.48.34200 OK 3.0 kB URL HTTP/2 cdn.webpushr.com/sw-server.min.js
IP 178.62.48.34:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (3024)
Hash 1299e8472f29fc83aea82ea47eaf7951
f58cb8947b38f8b13b2dee8ad0d59cb00010950f
438b418e128965f54e6a712546b9d6629fa44d8cad6c4a2fcc751ed39d5fc5f5
GET /sw-server.min.js HTTP/1.1
Host: cdn.webpushr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.fashiondecoder.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.1
date: Tue, 27 Sep 2022 13:32:20 GMT
content-type: application/javascript
content-length: 3044
last-modified: Tue, 24 May 2022 07:09:19 GMT
etag: "628c849f-be4"
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
cache-control: max-age=86400
expires: Wed, 28 Sep 2022 13:32:20 GMT
x-gg-cache-status: HIT, HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.fashiondecoder.com/assets/www/libs/splidejs/css/splide.min.css
172.67.210.85200 OK 511 kB URL HTTP/2 www.fashiondecoder.com/assets/www/libs/splidejs/css/splide.min.css
IP 172.67.210.85:0
File type ASCII text, with very long lines (4140), with no line terminators
Size 511 kB (511087 bytes)
Hash 428880f1876f81f03bc07882d04e7077
4d56d618875e43bba76283357cb1249ec29e9062
4e3b81374dafcc19d4d8cc0f7a87da3c57664330c3a5a30b49551d09c1484668
GET /assets/www/libs/splidejs/css/splide.min.css HTTP/1.1
Host: www.fashiondecoder.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.fashiondecoder.com/no-no?ch=O&ds=R1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 13:32:19 GMT
content-type: text/css;charset=UTF-8
etag: W/"4140-1626872166000"
last-modified: Wed, 21 Jul 2021 12:56:06 GMT
cache-control: max-age=1800
cf-cache-status: HIT
age: 1882
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IQWvDofQImf0rIEaw2sE3x7Bq%2BbtCgkFBaXxoy8SFvAs030Gllz0%2BPfAlQke3KYReLfwgKewVR5W8Yng24kzM5uOUIzbvPFcWLpTS9ubEfr0RTA%2FNmTVerfhKgCIY9WeUqmwXcwyZPwQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75149accd871b4fd-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
traffic.dealsfor.life/track?q=D59Bl199uk
104.21.34.224200 OK 364 kB URL HTTP/2 traffic.dealsfor.life/track?q=D59Bl199uk
IP 104.21.34.224:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size 364 kB (364158 bytes)
Hash 6ff558d25d5d8f5c69ce0d82f82f6d94
afe50023219b2073ec53496f1aff9f30fa644e0b
ca4c402ee4fe17f09f939066f76cc7d6574cc08c146caf9b4c63d947af42e112
GET /track?q=D59Bl199uk HTTP/1.1
Host: traffic.dealsfor.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://eu.pushnow.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 27 Sep 2022 13:32:18 GMT
content-type: text/html
referrer-policy: origin
via: 1.1 google
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LkfgurfYcVlSHX9repFk70fPCN6HiWQj1EjkjWz9Ljh3y4dO5JEVeAfPMwCwXY6BJOdBO%2BV0cnVbdy%2Fx%2FVBP6RZuTIwWArHSg7Lw%2BhGoiIOhcMHVogc59fJSbWTH%2BAhbk7NpREa1RFE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75149ac56f510b31-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.googleapis.com/css2?family=Lora:wght@400;700&display=swap
142.250.74.10200 OK 258 kB URL HTTP/2 fonts.googleapis.com/css2?family=Lora:wght@400;700&display=swap
IP 142.250.74.10:0
Size 258 kB (258294 bytes)
Hash 4100014c0ddeca9b02098a6c88f1c9b9
70a69a559a9397a1fd83af4d2ea48004b96e1864
d46039051a744b5ee118f9447d1e5dafaa3c88a2275ad6c3046c70cf8afb83ce
GET /css2?family=Lora:wght@400;700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.fashiondecoder.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 27 Sep 2022 13:32:19 GMT
date: Tue, 27 Sep 2022 13:32:19 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 0081ab948d00c2dd510fcc7e7deb9f94
e682da3d6e1fe30c05a133065a273593afee91d0
afa64f51d7cfec0355c233277ea4b1584dd378dbbdb8a9b60343c7bd3bdc2f10
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3001
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 13:32:20 GMT
Last-Modified: Tue, 27 Sep 2022 12:42:19 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471
connect.facebook.net/pt_BR/sdk.js
157.240.200.14200 OK 1.7 kB URL HTTP/2 connect.facebook.net/pt_BR/sdk.js
IP 157.240.200.14:0
File type ASCII text, with very long lines (1961)
Hash 2fa2621aa1f8ad327bac1f4585577d48
b1d570553e3a3c8bab25d35d03fd7b7d7069fd21
6160a1af1a4ae7fa6ed45bebb98e41836fc32cdabdb4284eeb07f9a4dd7fb889
GET /pt_BR/sdk.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.fashiondecoder.com
Connection: keep-alive
Referer: https://www.fashiondecoder.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: 15cd1a48bd2f48961acf5784aef67b52
etag: "6f217767feeda04327cf1e4b82624abf"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Tue, 27 Sep 2022 13:48:54 GMT
cache-control: public,max-age=1200,stale-while-revalidate=3600
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-fb-rlafr: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: L6JiGqH4rTJ7rB9FhVd9SA==
x-fb-debug: pZD3jkOO8mwetlBTsH2WzAmZBQ9iSKl9tE3bpyTcD6K6HQhAhcWaGjdvbVU4jIXuw36xw1+O3XO8dGz26Kcmpw==
content-length: 1688
x-fb-trip-id: 1679558926
date: Tue, 27 Sep 2022 13:32:21 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 0081ab948d00c2dd510fcc7e7deb9f94
e682da3d6e1fe30c05a133065a273593afee91d0
afa64f51d7cfec0355c233277ea4b1584dd378dbbdb8a9b60343c7bd3bdc2f10
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3002
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 13:32:21 GMT
Last-Modified: Tue, 27 Sep 2022 12:42:19 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471
www.fashiondecoder.com/assets/www/fonts/icons-v2/icofont.css?v=1.0.3
172.67.210.85200 OK 1.4 kB URL HTTP/2 www.fashiondecoder.com/assets/www/fonts/icons-v2/icofont.css?v=1.0.3
IP 172.67.210.85:0
File type ASCII text, with very long lines (4863)
Hash ea5c1b55cf2bdf9391bdaf5992ec2eb7
bbf33872d53b0ec8fffffaf9f127a077594acb0d
76c16f5457875aeb39890a696da7cf51512798f3eb9edbb2b6de32e3fdb4320b
GET /assets/www/fonts/icons-v2/icofont.css?v=1.0.3 HTTP/1.1
Host: www.fashiondecoder.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.fashiondecoder.com/no-no?ch=O&ds=R1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 13:32:19 GMT
content-type: text/css;charset=UTF-8
cf-bgj: minify
cf-polished: origSize=6105
etag: W/"6105-1626872164000"
last-modified: Wed, 21 Jul 2021 12:56:04 GMT
cache-control: max-age=1800
cf-cache-status: HIT
age: 1882
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qu%2F7TRtB%2Bncae%2FU6GBvIoiis%2FfrW9%2B8jBHCS9uLTUdirxE5j6AMSs5WfhY5tNALodQuCeefYS8MxLrb%2BJGi7XopgtLgf3o1VjS8v92YSLAFww2u9gvVvv8bgvSY0tgcWE44TtU5knQT%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75149accd87bb4fd-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bot.webpushr.com/prompt/get_info
64.225.42.52200 OK 3.4 kB URL HTTP/1.1 bot.webpushr.com/prompt/get_info
IP 64.225.42.52:0
ASN #14061 DIGITALOCEAN-ASN
File type JSON data\012- HTML document, ASCII text, with very long lines (11813), with no line terminators
Hash e6cf25829ec8b5a9ef299f9a83659776
53013741e7637c4d9a12b4a6746da003fc055249
9b64681a32f4e5c65e62b6d8e3fa2b48a3807ed58680033d4a8e9ab84c1f9f16
POST /prompt/get_info HTTP/1.1
Host: bot.webpushr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.fashiondecoder.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://www.fashiondecoder.com
Content-Length: 121
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Date: Tue, 27 Sep 2022 13:32:20 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Fastcgi-Cache: EXPIRED
server_name: lookup4
Access-Control-Allow-Origin: https://www.fashiondecoder.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Allow-Headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
Content-Encoding: gzip
cdn.webpushr.com/siteassets/YQ57vMmt0x.png
178.62.48.34200 OK 4.9 kB URL HTTP/2 cdn.webpushr.com/siteassets/YQ57vMmt0x.png
IP 178.62.48.34:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 75 x 75, 8-bit/color RGBA, non-interlaced\012- data
Hash 7c568dd0ddca4b312c16e127569602b7
152cce113b720e172a7f8e662e9179acbdcd232e
5ae44ba5be0f66ca458c70c000b106922d94d95ad5f74a75a5317a3f378c9415
GET /siteassets/YQ57vMmt0x.png HTTP/1.1
Host: cdn.webpushr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.fashiondecoder.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.1
date: Tue, 27 Sep 2022 13:32:21 GMT
content-type: image/png
content-length: 4882
last-modified: Wed, 21 Apr 2021 14:02:09 GMT
etag: "60803061-1312"
access-control-allow-origin: *
x-gg-cache-status: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
connect.facebook.net/pt_BR/sdk.js?hash=07395092f7335d7e27e316e2b79012f9
157.240.200.14200 OK 89 kB URL HTTP/2 connect.facebook.net/pt_BR/sdk.js?hash=07395092f7335d7e27e316e2b79012f9
IP 157.240.200.14:0
File type ASCII text, with very long lines (18598)
Hash 54cf4de576f288c60080e34013e6f88b
c05882bee6415e9b27bbd5b481163eb7ce205560
696d444b920a6fbde01e73b187915a7d43939533b50aa7b33e85a3d239bda504
GET /pt_BR/sdk.js?hash=07395092f7335d7e27e316e2b79012f9 HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.fashiondecoder.com
Connection: keep-alive
Referer: https://www.fashiondecoder.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: 7be8ca0054395e0fb66ad92fec434ace
etag: "1f393f33f087f27b8037ad35e078c264"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Wed, 27 Sep 2023 12:28:16 GMT
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-fb-rlafr: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: VM9N5XbyiMYAgONAE+b4iw==
x-fb-debug: q8JsohcM+dZanNO3sSlRaN8gUUeBbqV+nL9ssH8JC9AocQ4xirf951d26bjjc40ubEwF/K3ElSJJf26Bc45Lwg==
content-length: 88882
x-fb-trip-id: 1679558926
date: Tue, 27 Sep 2022 13:32:21 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
analytics.webpushr.com/impression/prompt
138.68.235.115200 OK 20 B URL HTTP/1.1 analytics.webpushr.com/impression/prompt
IP 138.68.235.115:0
ASN #14061 DIGITALOCEAN-ASN
Hash 7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2
POST /impression/prompt HTTP/1.1
Host: analytics.webpushr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.fashiondecoder.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://www.fashiondecoder.com
Content-Length: 126
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Date: Tue, 27 Sep 2022 13:32:21 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://www.fashiondecoder.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Allow-Headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
Content-Encoding: gzip
www.facebook.com/tr/?id=387357745142349&ev=fb_page_view&dl=https%3A%2F%2Fwww.fashiondecoder.com%2Fno-no%3Fch%3DO%26ds%3DR1&rl=https%3A%2F%2Fmediaflowmanager.com%2F&if=false&ts=1664285539055&sw=1280&sh=1024&at=
157.240.200.35200 OK 0 B URL HTTP/2 www.facebook.com/tr/?id=387357745142349&ev=fb_page_view&dl=https%3A%2F%2Fwww.fashiondecoder.com%2Fno-no%3Fch%3DO%26ds%3DR1&rl=https%3A%2F%2Fmediaflowmanager.com%2F&if=false&ts=1664285539055&sw=1280&sh=1024&at=
IP 157.240.200.35:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tr/?id=387357745142349&ev=fb_page_view&dl=https%3A%2F%2Fwww.fashiondecoder.com%2Fno-no%3Fch%3DO%26ds%3DR1&rl=https%3A%2F%2Fmediaflowmanager.com%2F&if=false&ts=1664285539055&sw=1280&sh=1024&at= HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.fashiondecoder.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
date: Tue, 27 Sep 2022 13:32:21 GMT
X-Firefox-Spdy: h2
www.fashiondecoder.com/no-no?ch=O&ds=R1
172.67.210.85200 OK 0 B URL HTTP/2 www.fashiondecoder.com/no-no?ch=O&ds=R1
IP 172.67.210.85:0
GET /no-no?ch=O&ds=R1 HTTP/1.1
Host: www.fashiondecoder.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediaflowmanager.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 27 Sep 2022 13:32:19 GMT
content-type: text/html;charset=UTF-8
cache-control: max-age=1800
cf-cache-status: HIT
age: 6339
last-modified: Tue, 27 Sep 2022 11:46:40 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0Ow%2BY8xnDheUbGsFWajLO9yIt3WYh0bg4ss%2BLQZ7gm%2Fhikep%2FPRNbduRur2Zw%2BZ7sxzIWI%2B3T%2BEeQf8%2Fd%2F0O9mcMOTk%2FCth%2Bjo9fgUL9KJXZirimYfC1D0cGculh74Q%2Fdjs17NFh8rWW"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75149acc6fb1b4fd-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Open+Sans:400,600,800
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans:400,600,800
IP 142.250.74.10:0
GET /css?family=Open+Sans:400,600,800 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.fashiondecoder.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 27 Sep 2022 13:32:19 GMT
date: Tue, 27 Sep 2022 13:32:19 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.webpushr.com/app.min.js
178.62.48.34200 OK 0 B URL HTTP/2 cdn.webpushr.com/app.min.js
IP 178.62.48.34:0
ASN #14061 DIGITALOCEAN-ASN
GET /app.min.js HTTP/1.1
Host: cdn.webpushr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.fashiondecoder.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.16.1
date: Tue, 27 Sep 2022 13:32:20 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding
last-modified: Sun, 14 Aug 2022 20:26:40 GMT
etag: W/"62f95a80-a96f"
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
cache-control: max-age=86400
expires: Wed, 28 Sep 2022 13:32:20 GMT
x-gg-cache-status: HIT, HIT
content-encoding: gzip
X-Firefox-Spdy: h2