r.goaffmy.com/click?pid=11972&offer_id=3594&sub1=ce22betki7qekn7tim9g&sub2=44542&sub3=9980&sub5=638425b2ebc7f10001f3e7cf&sub7=&sub8=
34.141.137.168302 Found 0 B URL HTTP/1.1 r.goaffmy.com/click?pid=11972&offer_id=3594&sub1=ce22betki7qekn7tim9g&sub2=44542&sub3=9980&sub5=638425b2ebc7f10001f3e7cf&sub7=&sub8=
IP 34.141.137.168:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?pid=11972&offer_id=3594&sub1=ce22betki7qekn7tim9g&sub2=44542&sub3=9980&sub5=638425b2ebc7f10001f3e7cf&sub7=&sub8= HTTP/1.1
Host: r.goaffmy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Server: nginx
Date: Mon, 28 Nov 2022 03:06:49 GMT
Content-Length: 0
Connection: keep-alive
X-Adjust-Use-Original-Forwarded-For: 1
Referer:
Referrer-Policy: no-referrer
Location: https://www.endorico.com/Smartlink/Dating?w=47402&ws=9980_44542&wt=638425c9dc12420001a10df6
Set-Cookie: afclick=638425c9dc12420001a10df6; expires=Tue, 28 Nov 2023 03:06:49 GMT; secure; SameSite=None
afoffers={"3594":1669604809}; expires=Tue, 28 Nov 2023 03:06:49 GMT; secure; SameSite=None
Access-Control-Allow-Origin: *
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 150792cfc458af013998f4ef6bdf5f74
d5179b2dcb11d06f82606bf6eb6648319998d63e
72937c756d3feeae6d04a6f445398b0436bdf559f8c7437e3a3233263943900e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "72937C756D3FEEAE6D04A6F445398B0436BDF559F8C7437E3A3233263943900E"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13891
Expires: Mon, 28 Nov 2022 06:58:20 GMT
Date: Mon, 28 Nov 2022 03:06:49 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 64b2a23eab6e5ae8c010ec7242be930c
0673e4385ba01a5a245711bab96cafc34f765793
64751d193f7af72431e9689581faffcae1a30ff50ea425697b2b80ff61c87909
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6240
Cache-Control: max-age=119304
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 03:06:49 GMT
Etag: "63833c71-1d7"
Expires: Tue, 29 Nov 2022 12:15:13 GMT
Last-Modified: Sun, 27 Nov 2022 10:31:13 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 567df7db606cf5d0871aa5bc9311b6da
4263faac7cbab2fcaf6661911dcad5091c06be17
e9650e1fdc46fc8678708ddcc37ab369c7a6d50489a004be896f20c7a3a644b0
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 28 Nov 2022 02:17:45 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2944
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 3b56944f0e5716fd4fad2ec18994d4be
61cafa4de31ba960d1145ec37272f6f6b6944e0c
4fd46b0b6a2ea24f5ce175985a3933c04b4c01bd3e32bee2e50a61a65eef7af4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4FD46B0B6A2EA24F5CE175985A3933C04B4C01BD3E32BEE2E50A61A65EEF7AF4"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12590
Expires: Mon, 28 Nov 2022 06:36:39 GMT
Date: Mon, 28 Nov 2022 03:06:49 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 3Th73xGXoAG68bZ7bdCSfp6N0oyZ0FJxQ6+iqxov99ZdhnBhwDVRDCrOSBZqiZgorA3FJrdCL18=
x-amz-request-id: 70DN0ZD22HTNP1GW
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 28 Nov 2022 02:41:53 GMT
age: 1496
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 164053da973996e93cb1e1c1c83add99
aa94eb50b9aa7b79d006d13fabbdf1676b54bae7
171f024c45ba7ccefb1830da250563d37c9ed0b74cc61febb253883b79aaf0a1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "171F024C45BA7CCEFB1830DA250563D37C9ED0B74CC61FEBB253883B79AAF0A1"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8970
Expires: Mon, 28 Nov 2022 05:36:19 GMT
Date: Mon, 28 Nov 2022 03:06:49 GMT
Connection: keep-alive
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 28 Nov 2022 03:06:49 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
www.endorico.com/Smartlink/Dating?w=47402&ws=9980_44542&wt=638425c9dc12420001a10df6
194.116.150.216200 OK 15 kB URL HTTP/2 www.endorico.com/Smartlink/Dating?w=47402&ws=9980_44542&wt=638425c9dc12420001a10df6
IP 194.116.150.216:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (403)
Hash 3f8982b9619c6756e3d2ec4f4f57024b
20eda24174790110481e4c3de7e4f71ad00cb48e
ef44c3afa6572f895e0df0ba4375660a9ee11ef14a74e74e4babfdce571c2622
GET /Smartlink/Dating?w=47402&ws=9980_44542&wt=638425c9dc12420001a10df6 HTTP/1.1
Host: www.endorico.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
access-control-allow-origin: *
set-cookie: w=47402; expires=Mon, 28-Nov-2022 03:06:49 GMT; Max-Age=0; SameSite=Lax
ws=9980_44542; expires=Mon, 28-Nov-2022 03:06:49 GMT; Max-Age=0; SameSite=Lax
wt=638425c9dc12420001a10df6; expires=Mon, 28-Nov-2022 03:06:49 GMT; Max-Age=0; SameSite=Lax
sid=%D2%07%0DE%FC0%9DS%AA%29%EE%8C%EFI%D9%9FV%F9%C8%8B%12%B1%8Atm%AF%F1%18%87%AD6V; expires=Wed, 30-Nov-2022 05:06:49 GMT; Max-Age=180000; path=/; SameSite=Strict
CSRFToken=97be347f3a64fb7c0d44fb227683e166007380a86f8b5c98cbf6c92eb4cacd36.1669604809; expires=Mon, 28-Nov-2022 03:36:49 GMT; Max-Age=1800; path=/; SameSite=Strict
content-type: text/html; charset=utf-8
content-encoding: gzip
vary: Accept-Encoding
content-length: 15106
date: Mon, 28 Nov 2022 03:06:49 GMT
server: Webserver
X-Firefox-Spdy: h2
www.endorico.com/DynBanner/PreUmfrage7/bundle.ca7750858eed0989f83d.css
194.116.150.216200 OK 100 kB URL HTTP/2 www.endorico.com/DynBanner/PreUmfrage7/bundle.ca7750858eed0989f83d.css
IP 194.116.150.216:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash fcf999f0b1ba39d0df60035923b00798
91fe84e97d54fc1c414c81beeeaf181cb3237bcb
eff40404233ac4b84def60cd85430eab65380b944642effdb466734a9799df0f
GET /DynBanner/PreUmfrage7/bundle.ca7750858eed0989f83d.css HTTP/1.1
Host: www.endorico.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.endorico.com/Smartlink/Dating?w=47402&ws=9980_44542&wt=638425c9dc12420001a10df6
Cookie: sid=%D2%07%0DE%FC0%9DS%AA%29%EE%8C%EFI%D9%9FV%F9%C8%8B%12%B1%8Atm%AF%F1%18%87%AD6V; CSRFToken=97be347f3a64fb7c0d44fb227683e166007380a86f8b5c98cbf6c92eb4cacd36.1669604809
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
etag: "1174407630-br"
last-modified: Tue, 01 Feb 2022 08:45:50 GMT
content-length: 99525
cache-control: public
vary: Accept-Encoding
content-encoding: br
date: Mon, 28 Nov 2022 03:06:49 GMT
server: Webserver
X-Firefox-Spdy: h2
www.endorico.com/DynBanner/PreUmfrage7/img/search_icon.gif
194.116.150.216200 OK 31 kB URL HTTP/2 www.endorico.com/DynBanner/PreUmfrage7/img/search_icon.gif
IP 194.116.150.216:0
File type GIF image data, version 89a, 200 x 200\012- data
Hash 96de9ab9fabda706a3fa92c1a416de0e
ca8f2337b90bcd5f7f772c11cf2da87451216c19
0da91a11fa7e9c73d8ade4d23fb0fd208f481cadb780fb5f5d3719e12ec56b5e
GET /DynBanner/PreUmfrage7/img/search_icon.gif HTTP/1.1
Host: www.endorico.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.endorico.com/Smartlink/Dating?w=47402&ws=9980_44542&wt=638425c9dc12420001a10df6
Cookie: sid=%D2%07%0DE%FC0%9DS%AA%29%EE%8C%EFI%D9%9FV%F9%C8%8B%12%B1%8Atm%AF%F1%18%87%AD6V; CSRFToken=97be347f3a64fb7c0d44fb227683e166007380a86f8b5c98cbf6c92eb4cacd36.1669604809
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/gif
etag: "2238"
last-modified: Tue, 01 Feb 2022 08:45:50 GMT
content-length: 30740
cache-control: public
date: Mon, 28 Nov 2022 03:06:49 GMT
server: Webserver
X-Firefox-Spdy: h2
www.endorico.com/DynBanner/PreUmfrage7/img/check.png
194.116.150.216200 OK 450 B URL HTTP/2 www.endorico.com/DynBanner/PreUmfrage7/img/check.png
IP 194.116.150.216:0
File type PNG image data, 20 x 12, 8-bit colormap, non-interlaced\012- data
Hash 6236c50ab93e996fe641c5e5d0f34fc7
8e4960ff36414baac421cc8429afbf651bc8a139
f698ac4872d38c500078200c87fccbc05c7e30b099b35c7c9f0c4cabe7ea5aaf
GET /DynBanner/PreUmfrage7/img/check.png HTTP/1.1
Host: www.endorico.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.endorico.com/Smartlink/Dating?w=47402&ws=9980_44542&wt=638425c9dc12420001a10df6
Cookie: sid=%D2%07%0DE%FC0%9DS%AA%29%EE%8C%EFI%D9%9FV%F9%C8%8B%12%B1%8Atm%AF%F1%18%87%AD6V; CSRFToken=97be347f3a64fb7c0d44fb227683e166007380a86f8b5c98cbf6c92eb4cacd36.1669604809
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/png
etag: "1073745424"
last-modified: Tue, 01 Feb 2022 08:45:50 GMT
content-length: 450
cache-control: public
date: Mon, 28 Nov 2022 03:06:50 GMT
server: Webserver
X-Firefox-Spdy: h2
www.endorico.com/DynBanner/PreUmfrage7/bundle.ca7750858eed0989f83d.js
194.116.150.216200 OK 49 kB URL HTTP/2 www.endorico.com/DynBanner/PreUmfrage7/bundle.ca7750858eed0989f83d.js
IP 194.116.150.216:0
File type Unicode text, UTF-8 text, with very long lines (35742), with NEL line terminators
Hash 8890f324edf2b67aa0b081f077d62cc0
a1433f09211a47c9d4e5956ad3bdef53c713406b
84906b4f6e9297afd1aeb990ca42a8fb24b6e87f1618a5338081b8cf777cd7a9
Analyzer Verdict Alert fortinet Phishing
GET /DynBanner/PreUmfrage7/bundle.ca7750858eed0989f83d.js HTTP/1.1
Host: www.endorico.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.endorico.com/Smartlink/Dating?w=47402&ws=9980_44542&wt=638425c9dc12420001a10df6
Cookie: sid=%D2%07%0DE%FC0%9DS%AA%29%EE%8C%EFI%D9%9FV%F9%C8%8B%12%B1%8Atm%AF%F1%18%87%AD6V; CSRFToken=97be347f3a64fb7c0d44fb227683e166007380a86f8b5c98cbf6c92eb4cacd36.1669604809
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/javascript
etag: "1140853350-br"
last-modified: Tue, 01 Feb 2022 08:45:50 GMT
content-length: 48776
cache-control: public
vary: Accept-Encoding
content-encoding: br
date: Mon, 28 Nov 2022 03:06:50 GMT
server: Webserver
X-Firefox-Spdy: h2
www.endorico.com/DynBanner/PreUmfrage7/img/18/1.gif
194.116.150.216200 OK 708 kB URL HTTP/2 www.endorico.com/DynBanner/PreUmfrage7/img/18/1.gif
IP 194.116.150.216:0
File type GIF image data, version 89a, 480 x 320\012- data
Size 708 kB (708341 bytes)
Hash 57e6a69a8ccd6597e8778180ae0b9a2a
2481bf6177e88706d8494c00069cd36830056e99
03db7095689f1c255f99574c45555b37ae241fc4e1a36c5c3da92b5c07a3cf8d
GET /DynBanner/PreUmfrage7/img/18/1.gif HTTP/1.1
Host: www.endorico.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.endorico.com/Smartlink/Dating?w=47402&ws=9980_44542&wt=638425c9dc12420001a10df6
Cookie: sid=%D2%07%0DE%FC0%9DS%AA%29%EE%8C%EFI%D9%9FV%F9%C8%8B%12%B1%8Atm%AF%F1%18%87%AD6V; CSRFToken=97be347f3a64fb7c0d44fb227683e166007380a86f8b5c98cbf6c92eb4cacd36.1669604809
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/gif
etag: "2483031963"
last-modified: Tue, 01 Feb 2022 08:45:50 GMT
content-length: 708341
cache-control: public
date: Mon, 28 Nov 2022 03:06:49 GMT
server: Webserver
X-Firefox-Spdy: h2
www.endorico.com/DynBanner/PreUmfrage7/img/18/3.gif
194.116.150.216200 OK 608 kB URL HTTP/2 www.endorico.com/DynBanner/PreUmfrage7/img/18/3.gif
IP 194.116.150.216:0
File type GIF image data, version 89a, 480 x 320\012- data
Size 608 kB (607882 bytes)
Hash f5809079243212801893970793dd1777
f675da27d5262db54dee0d1234174927e5d4d450
7e94bdb904f398f4db71fc87f54832fdef4773b4a7564eec23e509c37e628873
GET /DynBanner/PreUmfrage7/img/18/3.gif HTTP/1.1
Host: www.endorico.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.endorico.com/Smartlink/Dating?w=47402&ws=9980_44542&wt=638425c9dc12420001a10df6
Cookie: sid=%D2%07%0DE%FC0%9DS%AA%29%EE%8C%EFI%D9%9FV%F9%C8%8B%12%B1%8Atm%AF%F1%18%87%AD6V; CSRFToken=97be347f3a64fb7c0d44fb227683e166007380a86f8b5c98cbf6c92eb4cacd36.1669604809
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/gif
etag: "2449476673"
last-modified: Fri, 04 Feb 2022 07:44:39 GMT
content-length: 607882
cache-control: public
date: Mon, 28 Nov 2022 03:06:49 GMT
server: Webserver
X-Firefox-Spdy: h2
www.endorico.com/DynBanner/PreUmfrage7/img/18/4.gif
194.116.150.216200 OK 622 kB URL HTTP/2 www.endorico.com/DynBanner/PreUmfrage7/img/18/4.gif
IP 194.116.150.216:0
File type GIF image data, version 89a, 480 x 320\012- data
Size 622 kB (621497 bytes)
Hash 8a6259a0fa3bb6d1df0a14957d1dd742
e06e348b28bfdc62e750b0917733c4674416f0ab
515608698a8f88fef32ccbef724afcbd223c5981f002a90543da6acda21fa2a1
GET /DynBanner/PreUmfrage7/img/18/4.gif HTTP/1.1
Host: www.endorico.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.endorico.com/Smartlink/Dating?w=47402&ws=9980_44542&wt=638425c9dc12420001a10df6
Cookie: sid=%D2%07%0DE%FC0%9DS%AA%29%EE%8C%EFI%D9%9FV%F9%C8%8B%12%B1%8Atm%AF%F1%18%87%AD6V; CSRFToken=97be347f3a64fb7c0d44fb227683e166007380a86f8b5c98cbf6c92eb4cacd36.1669604809
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/gif
etag: "3523218902"
last-modified: Fri, 04 Feb 2022 07:44:39 GMT
content-length: 621497
cache-control: public
date: Mon, 28 Nov 2022 03:06:49 GMT
server: Webserver
X-Firefox-Spdy: h2
www.endorico.com/DynBanner/PreUmfrage7/img/18/5.gif
194.116.150.216200 OK 641 kB URL HTTP/2 www.endorico.com/DynBanner/PreUmfrage7/img/18/5.gif
IP 194.116.150.216:0
File type GIF image data, version 89a, 480 x 320\012- data
Size 641 kB (641133 bytes)
Hash 15181c2f9d55030c52445bec421d9dac
83a32c4d4f242a6192b0827d0aab9208c8012241
8b845651ca26bf49c4c3289af72bc3cd1d1c195723c61496c813a46c369da8ad
GET /DynBanner/PreUmfrage7/img/18/5.gif HTTP/1.1
Host: www.endorico.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.endorico.com/Smartlink/Dating?w=47402&ws=9980_44542&wt=638425c9dc12420001a10df6
Cookie: sid=%D2%07%0DE%FC0%9DS%AA%29%EE%8C%EFI%D9%9FV%F9%C8%8B%12%B1%8Atm%AF%F1%18%87%AD6V; CSRFToken=97be347f3a64fb7c0d44fb227683e166007380a86f8b5c98cbf6c92eb4cacd36.1669604809
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/gif
etag: "301992794"
last-modified: Fri, 04 Feb 2022 07:44:39 GMT
content-length: 641133
cache-control: public
date: Mon, 28 Nov 2022 03:06:49 GMT
server: Webserver
X-Firefox-Spdy: h2
www.endorico.com/DynBanner/PreUmfrage7/img/18/2.gif
194.116.150.216200 OK 814 kB URL HTTP/2 www.endorico.com/DynBanner/PreUmfrage7/img/18/2.gif
IP 194.116.150.216:0
File type GIF image data, version 89a, 480 x 320\012- data
Size 814 kB (813720 bytes)
Hash 47efd1cc0e05306a458a44dbb749222c
1f2c515d9d0284726840d839466673e7859cc094
ac66197eef2f9519133132e3d61c7c140720fad9de3e83e13d52c0bb0a231e56
GET /DynBanner/PreUmfrage7/img/18/2.gif HTTP/1.1
Host: www.endorico.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.endorico.com/Smartlink/Dating?w=47402&ws=9980_44542&wt=638425c9dc12420001a10df6
Cookie: sid=%D2%07%0DE%FC0%9DS%AA%29%EE%8C%EFI%D9%9FV%F9%C8%8B%12%B1%8Atm%AF%F1%18%87%AD6V; CSRFToken=97be347f3a64fb7c0d44fb227683e166007380a86f8b5c98cbf6c92eb4cacd36.1669604809
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/gif
etag: "2550140122"
last-modified: Tue, 01 Feb 2022 08:45:50 GMT
content-length: 813720
cache-control: public
date: Mon, 28 Nov 2022 03:06:49 GMT
server: Webserver
X-Firefox-Spdy: h2
www.endorico.com/Dyn/Webpush/Pre?w=47402&ws=9980_44542&wt=638425c9dc12420001a10df6&js=1&age=18
194.116.150.216200 OK 7.0 kB URL HTTP/2 www.endorico.com/Dyn/Webpush/Pre?w=47402&ws=9980_44542&wt=638425c9dc12420001a10df6&js=1&age=18
IP 194.116.150.216:0
File type HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (18846)
Hash 4e898c7d9fff4e0904733da5f0a05335
f2ae078d0245a1adcadca7ae7684f3c28feccfc7
7c7e5d9c1c1265b442b7fc55f1d7b32b74d77ee125e8d4068cf29f322ebfb060
GET /Dyn/Webpush/Pre?w=47402&ws=9980_44542&wt=638425c9dc12420001a10df6&js=1&age=18 HTTP/1.1
Host: www.endorico.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.endorico.com/Smartlink/Dating?w=47402&ws=9980_44542&wt=638425c9dc12420001a10df6
Cookie: sid=%D2%07%0DE%FC0%9DS%AA%29%EE%8C%EFI%D9%9FV%F9%C8%8B%12%B1%8Atm%AF%F1%18%87%AD6V; CSRFToken=97be347f3a64fb7c0d44fb227683e166007380a86f8b5c98cbf6c92eb4cacd36.1669604809
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
set-cookie: w=47402; expires=Mon, 28-Nov-2022 03:06:50 GMT; Max-Age=0; SameSite=Lax
ws=9980_44542; expires=Mon, 28-Nov-2022 03:06:50 GMT; Max-Age=0; SameSite=Lax
wt=638425c9dc12420001a10df6; expires=Mon, 28-Nov-2022 03:06:50 GMT; Max-Age=0; SameSite=Lax
sid=%D2%07%0DE%FC0%9DS%AA%29%EE%8C%EFI%D9%9FV%F9%C8%8B%12%B1%8Atm%AF%F1%18%87%AD6V; expires=Wed, 30-Nov-2022 05:06:50 GMT; Max-Age=180000; path=/; SameSite=Strict
CSRFToken=95741cb9296c156a763e4dba5004ff3c635f25a463c4cdc19c3f22c55bc4517c.1669604810; expires=Mon, 28-Nov-2022 03:36:50 GMT; Max-Age=1800; path=/; SameSite=Strict
content-type: text/html; charset=utf-8
content-encoding: gzip
vary: Accept-Encoding
content-length: 6977
date: Mon, 28 Nov 2022 03:06:50 GMT
server: Webserver
X-Firefox-Spdy: h2
www.endorico.com/CrM/Close/Smart?w=47402&ws=9980_44542&wt=638425c9dc12420001a10df6&gkf=1&adtv=14393.11154_f502a3_48b74&js=1&age=18&initial=DynBanner%3A14387.11154_de41d7_82755&gk_zone=ext_preumfrage7&__idAd=
194.116.150.216200 OK 18 kB URL HTTP/2 www.endorico.com/CrM/Close/Smart?w=47402&ws=9980_44542&wt=638425c9dc12420001a10df6&gkf=1&adtv=14393.11154_f502a3_48b74&js=1&age=18&initial=DynBanner%3A14387.11154_de41d7_82755&gk_zone=ext_preumfrage7&__idAd=
IP 194.116.150.216:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (25220)
Hash 6e06bb6fde3dfd09a4165f80675778d2
cbe8e44f8dccb01bfaf1da9a83ad7132124d87e9
957cbb5d03f07aa7df535c4240d5340c5a4e41557bea7fbff870de4c2ec2415f
GET /CrM/Close/Smart?w=47402&ws=9980_44542&wt=638425c9dc12420001a10df6&gkf=1&adtv=14393.11154_f502a3_48b74&js=1&age=18&initial=DynBanner%3A14387.11154_de41d7_82755&gk_zone=ext_preumfrage7&__idAd= HTTP/1.1
Host: www.endorico.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.endorico.com/Smartlink/Dating?w=47402&ws=9980_44542&wt=638425c9dc12420001a10df6
Cookie: sid=%D2%07%0DE%FC0%9DS%AA%29%EE%8C%EFI%D9%9FV%F9%C8%8B%12%B1%8Atm%AF%F1%18%87%AD6V; CSRFToken=97be347f3a64fb7c0d44fb227683e166007380a86f8b5c98cbf6c92eb4cacd36.1669604809
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
set-cookie: w=47402; expires=Mon, 28-Nov-2022 03:06:50 GMT; Max-Age=0; SameSite=Lax
ws=9980_44542; expires=Mon, 28-Nov-2022 03:06:50 GMT; Max-Age=0; SameSite=Lax
wt=638425c9dc12420001a10df6; expires=Mon, 28-Nov-2022 03:06:50 GMT; Max-Age=0; SameSite=Lax
sid=%D2%07%0DE%FC0%9DS%AA%29%EE%8C%EFI%D9%9FV%F9%C8%8B%12%B1%8Atm%AF%F1%18%87%AD6V; expires=Wed, 30-Nov-2022 05:06:50 GMT; Max-Age=180000; path=/; SameSite=Strict
CSRFToken=95741cb9296c156a763e4dba5004ff3c635f25a463c4cdc19c3f22c55bc4517c.1669604810; expires=Mon, 28-Nov-2022 03:36:50 GMT; Max-Age=1800; path=/; SameSite=Strict
content-type: text/html; charset=utf-8
content-encoding: gzip
vary: Accept-Encoding
content-length: 18226
date: Mon, 28 Nov 2022 03:06:50 GMT
server: Webserver
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: ETag, Content-Type, Content-Length, Last-Modified, Alert, Backoff, Pragma, Expires, Retry-After, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 28 Nov 2022 02:11:12 GMT
cache-control: public,max-age=3600
age: 3338
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
www.endorico.com/icons/ext.png
194.116.150.216200 OK 2.2 kB URL HTTP/2 www.endorico.com/icons/ext.png
IP 194.116.150.216:0
File type PNG image data, 32 x 32, 8-bit colormap, non-interlaced\012- data
Hash 3b58b839ade1bae5069a4eb40822322d
e326255ec2882ce0dcca92fb9b3eeb1050362076
4b06e0a2080f0c0ccd4442b336ab382bbf45de1092b28c4db7f1e2825daee07f
GET /icons/ext.png HTTP/1.1
Host: www.endorico.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.endorico.com/Smartlink/Dating?w=47402&ws=9980_44542&wt=638425c9dc12420001a10df6
Cookie: sid=%D2%07%0DE%FC0%9DS%AA%29%EE%8C%EFI%D9%9FV%F9%C8%8B%12%B1%8Atm%AF%F1%18%87%AD6V; CSRFToken=95741cb9296c156a763e4dba5004ff3c635f25a463c4cdc19c3f22c55bc4517c.1669604810
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/png
etag: "3018"
last-modified: Wed, 02 Dec 2020 15:50:34 GMT
content-length: 2169
cache-control: public
date: Mon, 28 Nov 2022 03:06:50 GMT
server: Webserver
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash a6fee11dfe1b88cd768a0ca3e2bd0c89
59cec9a44a4a92467678afe65f347f68641a2174
50870c499aae4d5dfd6df25a36cd04b6d185b66ef0590e46933984bf52e2483f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3693
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 03:06:50 GMT
Last-Modified: Mon, 28 Nov 2022 02:05:17 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471
cdn.koketti.com/dynbanner/webpush/52_webpush_7835398.jpg
194.116.151.11200 OK 122 kB URL HTTP/1.1 cdn.koketti.com/dynbanner/webpush/52_webpush_7835398.jpg
IP 194.116.151.11:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=6], baseline, precision 8, 360x360, components 3\012- data
Size 122 kB (122349 bytes)
Hash 3658b6d4cd520d8c8a6be92cafb00744
ffa7feca981fb1acea0121a751a9623ade595bf2
3da4030c4a3aa818a8f27c8fc31a5504e6de95cdbf51a601c0f1ba0a7383098a
GET /dynbanner/webpush/52_webpush_7835398.jpg HTTP/1.1
Host: cdn.koketti.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.endorico.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Headers: X-Requested-With,Content-Range,If-Range,Range,Content-Type,Authorization,X-Request,Accept
Access-Control-Allow-Methods: *
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Last-Modified: Tue, 12 Jul 2022 12:34:34 GMT
P3p: CP="OTI DSP COR IVDo IVAo PSA PSD TAI DEV ADM CUR CONo OUR IND PHY ONL UNI PUR FIN COM NAV INT CNT PRE", policyref="/w3c/p3p.xml"
Date: Sun, 27 Nov 2022 14:35:04 GMT
Content-Length: 122349
Content-Type: image/jpeg
Accept-Ranges: bytes
Connection: keep-alive
push.services.mozilla.com/
52.13.173.34101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.13.173.34:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: bYnfUwvW3MGXrDUHBhjJ4g==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: PKQYRdAAbOlcn9Bh1vjII9zNN5Y=
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8bb181e3f5ca898c6e31a8efc2e28291
eda3a91f8e2cbc5467da08ad85e6f6a30702b66c
0e943aacb4a46480ab031ef294a0e089976ec125c331c15116b6c79f6b0f2ff0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E943AACB4A46480AB031EF294A0E089976EC125C331C15116B6C79F6B0F2FF0"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7339
Expires: Mon, 28 Nov 2022 05:09:11 GMT
Date: Mon, 28 Nov 2022 03:06:52 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8bb181e3f5ca898c6e31a8efc2e28291
eda3a91f8e2cbc5467da08ad85e6f6a30702b66c
0e943aacb4a46480ab031ef294a0e089976ec125c331c15116b6c79f6b0f2ff0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E943AACB4A46480AB031EF294A0E089976EC125C331C15116B6C79F6B0F2FF0"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7339
Expires: Mon, 28 Nov 2022 05:09:11 GMT
Date: Mon, 28 Nov 2022 03:06:52 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8bb181e3f5ca898c6e31a8efc2e28291
eda3a91f8e2cbc5467da08ad85e6f6a30702b66c
0e943aacb4a46480ab031ef294a0e089976ec125c331c15116b6c79f6b0f2ff0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E943AACB4A46480AB031EF294A0E089976EC125C331C15116B6C79F6B0F2FF0"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7339
Expires: Mon, 28 Nov 2022 05:09:11 GMT
Date: Mon, 28 Nov 2022 03:06:52 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8bb181e3f5ca898c6e31a8efc2e28291
eda3a91f8e2cbc5467da08ad85e6f6a30702b66c
0e943aacb4a46480ab031ef294a0e089976ec125c331c15116b6c79f6b0f2ff0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E943AACB4A46480AB031EF294A0E089976EC125C331C15116B6C79F6B0F2FF0"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7339
Expires: Mon, 28 Nov 2022 05:09:11 GMT
Date: Mon, 28 Nov 2022 03:06:52 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8bb181e3f5ca898c6e31a8efc2e28291
eda3a91f8e2cbc5467da08ad85e6f6a30702b66c
0e943aacb4a46480ab031ef294a0e089976ec125c331c15116b6c79f6b0f2ff0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E943AACB4A46480AB031EF294A0E089976EC125C331C15116B6C79F6B0F2FF0"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7339
Expires: Mon, 28 Nov 2022 05:09:11 GMT
Date: Mon, 28 Nov 2022 03:06:52 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F17eed5ca-e7b1-43be-b937-69356fce9d8a.jpeg
34.120.237.76200 OK 4.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F17eed5ca-e7b1-43be-b937-69356fce9d8a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4060284252d32701c42e2df4a83970a0
a73feecd0e221f7c7a3b74b75aeaa81bd9baa1da
53eca0f8435d6e2e62962ef80d4597afad2773a582746d523f7f5d30c3e07b8e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F17eed5ca-e7b1-43be-b937-69356fce9d8a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4708
x-amzn-requestid: 6efd15cd-c944-42e7-8142-01360fbe4a25
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cR6_JFbXIAMFc_g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6383d860-3c7d91eb7a2f3a9669f89d88;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 21:36:32 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: GDQn-_Np3qSCYR2kQJnoh6j3-aS25bPTNl13D6MkZpF1fkOhokkFbA==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 22:02:24 GMT
age: 18268
etag: "a73feecd0e221f7c7a3b74b75aeaa81bd9baa1da"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa915ba56-f7bc-48fc-b725-b932389634d5.jpeg
34.120.237.76200 OK 16 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa915ba56-f7bc-48fc-b725-b932389634d5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0a4e0bb1e2748bdce6bbf685a910f0fc
5b97bfd787afcb912cdbef0f137f78a059082992
a7bc9adeb22cb57675e907bd961a6f554e6b7a46414ed782bcc9b53d68b1c328
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa915ba56-f7bc-48fc-b725-b932389634d5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 15639
x-amzn-requestid: 98e846b4-287f-4698-9529-25bcc2727a4a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cR78dGReoAMFiDw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6383d9e9-62c41b2717bd8e6f3b3797da;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 21:43:05 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: fxNulyOR88nEcjtrXm1dECsulI-MsAxm2Zl0Y83uMz23lGh18d-ZBA==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 ee8246c5442dace7525c74f6a799bb46.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 21:56:55 GMT
age: 18597
etag: "5b97bfd787afcb912cdbef0f137f78a059082992"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb4908162-9f1d-4654-8d78-fe85386ce233.jpeg
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb4908162-9f1d-4654-8d78-fe85386ce233.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7e5051d8c06f69e1842a9295ce256a36
1a542a53ba0b1cd0fb23257ebed8166555f16dfb
a7c0dbbb4d0d9138f5ca318cc2aa44e12dadf7ed6263ec204ba756da64b29c41
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb4908162-9f1d-4654-8d78-fe85386ce233.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7556
x-amzn-requestid: 1cda5313-2256-4830-bf84-2e6e15949d3e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cR78KFTmoAMF4yg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6383d9e7-452e36d718a298d12a2374a9;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 21:43:03 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: OWVkuAw6-nRNU_CVOgvsSSenSXnfSYSmJiKa60JvSaiJgPuXjJByZw==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 21:46:41 GMT
age: 19211
etag: "1a542a53ba0b1cd0fb23257ebed8166555f16dfb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd18bfa3f-3214-4f84-8a7e-d219428f5242.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd18bfa3f-3214-4f84-8a7e-d219428f5242.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 005e5ba3c9588cf389a58195001b64e3
238a7439d887fb3aa7f1302eeb43fce62f08441a
d75dd5b6f57d9c9290725c5be76cc7d7a39682ca569bea18eceb9bdc13d444f9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd18bfa3f-3214-4f84-8a7e-d219428f5242.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10813
x-amzn-requestid: 5a3c9584-1389-45ac-968d-0a2301f82eda
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cR6_KG00oAMFpig=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6383d860-6ffc3ff67f7f7e75399834e8;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 21:36:32 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: pyXmSrIJ5ookfmhWY2xPXv374JfY2fFkcgiz5q8iFpWV4Rm0f0zXtg==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 21:51:04 GMT
age: 18948
etag: "238a7439d887fb3aa7f1302eeb43fce62f08441a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcd94c980-e701-4603-9381-0bd47116d31d.jpeg
34.120.237.76200 OK 6.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcd94c980-e701-4603-9381-0bd47116d31d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash fa848cb85e85df184b078fe7aa95ae52
21aa6418f3a0d2b64925b66d5fb9079b7e84a11c
37d299c166e3350dee6dee647e98a86f8bd916d186bae12c42764ed0a3177085
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcd94c980-e701-4603-9381-0bd47116d31d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5989
x-amzn-requestid: db10fcc5-80ab-4650-af49-d5afe36706f3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cR78LHQqIAMF9_g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6383d9e7-4cbd19e3227894844807742c;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 21:43:03 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: P0Nx-FcvcV-f5cRPwZr5sEMb8pH3AoYFr185q_D0X2bE7z40nDn91w==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 21:51:04 GMT
age: 18948
etag: "21aa6418f3a0d2b64925b66d5fb9079b7e84a11c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd56d2fad-ed89-4d96-831f-7f8467b7079b.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd56d2fad-ed89-4d96-831f-7f8467b7079b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 15bd53848c7082464273007e010c54e0
9a3ca698ca1aeae695923277ed2244465e01a1ea
36cfa29965173ea683992d4b436f393e92c978350347f869355d933613e2c005
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd56d2fad-ed89-4d96-831f-7f8467b7079b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10119
x-amzn-requestid: 20bfd6a6-2981-42ca-8997-9363676773c1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cR782HEZIAMFTKQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6383d9eb-552581a92a69d6cd322bf334;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 21:43:07 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: U_gitOWWMPO7M5Dd0WktaigfRERa93d86MhziLjZ2qnuON_K5NauyQ==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 21:54:37 GMT
age: 18735
etag: "9a3ca698ca1aeae695923277ed2244465e01a1ea"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2