netfixmovie.com/tag/bank-heist
82.192.82.225200 OK 490 B URL HTTP/1.1 netfixmovie.com/tag/bank-heist
IP 82.192.82.225:0
ASN #60781 LeaseWeb Netherlands B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (490), with no line terminators
Hash e13d6f0fc204332a967a865ae8056fc1
a1d25276fcbc62e80492e08eab6ca4aa742b0514
ee6f6aae306d938604a17d966acf7045d28343aa7b6225692a71bc98cc296e1b
Analyzer Verdict Alert fortinet Phishing
GET /tag/bank-heist HTTP/1.1
Host: netfixmovie.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 490
content-type: text/html; charset=utf-8
date: Tue, 31 Jan 2023 02:44:39 GMT
server: nginx
set-cookie: sid=3500c504-a111-11ed-81dd-6557531b2fb0; path=/; domain=.netfixmovie.com; expires=Sun, 18 Feb 2091 05:58:46 GMT; max-age=2147483647; HttpOnly
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 0c35c3ec659d3a26ea97e68d787bb043
d97e3672244efec5b7814f2d8a734cd1a9387854
4c946a026114ff05316d92277750facf3d5f5d162839149da0b7fb1a4cff6b5e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4C946A026114FF05316D92277750FACF3D5F5D162839149DA0B7FB1A4CFF6B5E"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7834
Expires: Tue, 31 Jan 2023 04:55:13 GMT
Date: Tue, 31 Jan 2023 02:44:39 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d2e72d45afe3d391c204b5391599607c
149d68b9d00a720b6f380fa2324779dca9dbe26d
f6f1c295c68dfebadacb1fc812b44e01c7ede0e203615ef3e2cced2ce2251e7e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F6F1C295C68DFEBADACB1FC812B44E01C7EDE0E203615EF3E2CCED2CE2251E7E"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5708
Expires: Tue, 31 Jan 2023 04:19:47 GMT
Date: Tue, 31 Jan 2023 02:44:39 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 302c7548412192add063ad6c8b99cf3b
e5d178931a27db036ce8daae302594d3ff7050b8
fc2bd9091006189e67e8074093805ee5492ce16e1dbfba32e083abeeae34969d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FC2BD9091006189E67E8074093805EE5492CE16E1DBFBA32E083ABEEAE34969D"
Last-Modified: Sat, 28 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3161
Expires: Tue, 31 Jan 2023 03:37:20 GMT
Date: Tue, 31 Jan 2023 02:44:39 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Retry-After, Content-Type, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 31 Jan 2023 02:35:51 GMT
content-type: application/json
age: 528
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: fDNh5GMZeECxc0ckvTsT00MPbCc3jsGRthMxbm2xZ3dh+NbS/EM5GLMrm1tQ7iqRWSMAvbl6GTk=
x-amz-request-id: WPF6P7KQB9PS281A
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 31 Jan 2023 02:22:02 GMT
age: 1357
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 31 Jan 2023 02:44:39 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
netfixmovie.com/favicon.ico
82.192.82.225404 Not Found 9 B URL HTTP/1.1 netfixmovie.com/favicon.ico
IP 82.192.82.225:0
ASN #60781 LeaseWeb Netherlands B.V.
File type ASCII text, with no line terminators
Hash d8f4a1993546cc4b850cde3599e27aec
094b763b4cfcc0b05e5d040581cd513c3ca08067
907ba78b4545338d3539683e63ecb51cf51c10adc9dabd86e92bd52339f298b9
GET /favicon.ico HTTP/1.1
Host: netfixmovie.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://netfixmovie.com/tag/bank-heist
Cookie: sid=3500c504-a111-11ed-81dd-6557531b2fb0
HTTP/1.1 404 Not Found
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 9
date: Tue, 31 Jan 2023 02:44:39 GMT
server: nginx
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Last-Modified, Pragma, ETag, Retry-After, Content-Type, Content-Length, Expires, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 31 Jan 2023 02:41:41 GMT
age: 179
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
netfixmovie.com/tag/bank-heist?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY3NTE0MDI3OSwiaWF0IjoxNjc1MTMzMDc5LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIyc3ZrOWE4bWRuZnQwamk4bmszYnJiaWgiLCJuYmYiOjE2NzUxMzMwNzksInRzIjoxNjc1MTMzMDc5NDIxNTI2fQ.hC7m-ET6nWOGaLVUJEA8ZMhMbMhqodvAELIB4QsabUY&sid=3500c504-a111-11ed-81dd-6557531b2fb0
82.192.82.225302 Found 11 B URL HTTP/1.1 netfixmovie.com/tag/bank-heist?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY3NTE0MDI3OSwiaWF0IjoxNjc1MTMzMDc5LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIyc3ZrOWE4bWRuZnQwamk4bmszYnJiaWgiLCJuYmYiOjE2NzUxMzMwNzksInRzIjoxNjc1MTMzMDc5NDIxNTI2fQ.hC7m-ET6nWOGaLVUJEA8ZMhMbMhqodvAELIB4QsabUY&sid=3500c504-a111-11ed-81dd-6557531b2fb0
IP 82.192.82.225:0
ASN #60781 LeaseWeb Netherlands B.V.
File type ASCII text, with no line terminators
Hash 32682312d17c7cbf18e73594f5570319
60e22121bdd0bc71cdb2bae2a3aa577006b2eae9
e55fb1a1d731153e943b68844af12dcce8bfac917c98ffdea64c80da0607dd47
GET /tag/bank-heist?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY3NTE0MDI3OSwiaWF0IjoxNjc1MTMzMDc5LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIyc3ZrOWE4bWRuZnQwamk4bmszYnJiaWgiLCJuYmYiOjE2NzUxMzMwNzksInRzIjoxNjc1MTMzMDc5NDIxNTI2fQ.hC7m-ET6nWOGaLVUJEA8ZMhMbMhqodvAELIB4QsabUY&sid=3500c504-a111-11ed-81dd-6557531b2fb0 HTTP/1.1
Host: netfixmovie.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://netfixmovie.com/tag/bank-heist
Cookie: sid=3500c504-a111-11ed-81dd-6557531b2fb0
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 11
date: Tue, 31 Jan 2023 02:44:39 GMT
location: http://orest-vlv.com/zcvisitor/354a2148-a111-11ed-951e-129f7280bd6f/b4fe5730-c930-11e7-a121-0ad5c55a6ed0?campaignid=df3bc130-90e1-11ed-9150-12beee04f19b
server: nginx
set-cookie: sid=3500c504-a111-11ed-81dd-6557531b2fb0; path=/; domain=.netfixmovie.com; expires=Sun, 18 Feb 2091 05:58:47 GMT; max-age=2147483647; HttpOnly
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 22b9916fc1fafc9bdc9bb37f9eac8a9a
86f640e134a741a0f906a8e3a0f5c6659dd0e394
a29ee843c8a39551a1507cc6ad949ad509e33aaae8b72c58ac4884bad8b0b38e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A29EE843C8A39551A1507CC6AD949AD509E33AAAE8B72C58AC4884BAD8B0B38E"
Last-Modified: Sun, 29 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6439
Expires: Tue, 31 Jan 2023 04:31:59 GMT
Date: Tue, 31 Jan 2023 02:44:40 GMT
Connection: keep-alive
orest-vlv.com/zcvisitor/354a2148-a111-11ed-951e-129f7280bd6f/b4fe5730-c930-11e7-a121-0ad5c55a6ed0?campaignid=df3bc130-90e1-11ed-9150-12beee04f19b
52.7.54.238200 1.1 kB URL HTTP/1.1 orest-vlv.com/zcvisitor/354a2148-a111-11ed-951e-129f7280bd6f/b4fe5730-c930-11e7-a121-0ad5c55a6ed0?campaignid=df3bc130-90e1-11ed-9150-12beee04f19b
IP 52.7.54.238:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 54ce5d94be337f5447bef820300e371d
0bb197bdc19b7fb59684d104782dc2cc1dcfe97c
1dcd0df1351a7c85c740b3e75487ce230377a6f8fe8ddd77d307fd1cfbb4a353
GET /zcvisitor/354a2148-a111-11ed-951e-129f7280bd6f/b4fe5730-c930-11e7-a121-0ad5c55a6ed0?campaignid=df3bc130-90e1-11ed-9150-12beee04f19b HTTP/1.1
Host: orest-vlv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://netfixmovie.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200
Date: Tue, 31 Jan 2023 02:44:40 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Server: iQDrUmUJ
orest-vlv.com/zcredirect?visitid=354a2148-a111-11ed-951e-129f7280bd6f&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false
52.7.54.238200 868 B URL HTTP/1.1 orest-vlv.com/zcredirect?visitid=354a2148-a111-11ed-951e-129f7280bd6f&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false
IP 52.7.54.238:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (391)
Hash dd4cac9cd8fdfea30051ed9ba2b9e89e
df16f3260f79eeed35d919a264a1a1e1db7e7128
1a4d4886cc8d51d4213d8050b3ed1bfb861dae0bb223834a6d867fecbf1fa47a
GET /zcredirect?visitid=354a2148-a111-11ed-951e-129f7280bd6f&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false HTTP/1.1
Host: orest-vlv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://orest-vlv.com/zcvisitor/354a2148-a111-11ed-951e-129f7280bd6f/b4fe5730-c930-11e7-a121-0ad5c55a6ed0?campaignid=df3bc130-90e1-11ed-9150-12beee04f19b
Upgrade-Insecure-Requests: 1
HTTP/1.1 200
Date: Tue, 31 Jan 2023 02:44:40 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
redirected: JS
Server: GBXRGqQn
push.services.mozilla.com/
54.149.224.76101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.149.224.76:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: WoTfG4aQ8CPOvZEnamCa6A==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: I/ShC7Qlb0atQCsJW7t2cIlRyU4=
ocsp.pki.goog/s/gts1d4/vIoVB82rt54
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/vIoVB82rt54
IP 142.250.74.131:0
Hash 648c239864186e2b4ee32bf581c7ffa3
caac18b5ab0694b5b84bff328983dc2d5e31fa7a
778a77512dda4c547403f02af0511f1bf1f5686d2f15e4107ad0a8dd4ac8f767
POST /s/gts1d4/vIoVB82rt54 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 02:44:41 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
go.govod.co/6243/5015/?clickid=w3lr79007ki3di9m20ak740c&pub=3ac189c5-7204-4c42-a8b3-8838952bb667&sub_pub_id=(sub_pub_id)&extra=(extra)
35.244.177.158302 Found 0 B URL HTTP/2 go.govod.co/6243/5015/?clickid=w3lr79007ki3di9m20ak740c&pub=3ac189c5-7204-4c42-a8b3-8838952bb667&sub_pub_id=(sub_pub_id)&extra=(extra)
IP 35.244.177.158:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /6243/5015/?clickid=w3lr79007ki3di9m20ak740c&pub=3ac189c5-7204-4c42-a8b3-8838952bb667&sub_pub_id=(sub_pub_id)&extra=(extra) HTTP/1.1
Host: go.govod.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Tue, 31 Jan 2023 02:44:41 GMT
server: Apache/2.4.38 (Debian)
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
location: https://lp.popcornlinks.com/0233/?camp=6243&theme=0233&clickid=w3lr79007ki3di9m20ak740c&pub=3ac189c5-7204-4c42-a8b3-8838952bb667&sub_pub_id=(sub_pub_id)&extra=(extra)&country=NO&hash=hbHwUjpHE78P9Z%2Boz0QPwA%2BUuWZVDb28pXXRT3Mru%2F0OPDgxvujyP1TLvGvwrejDjCPmY1%2FhDauOwYa0TYb8cL7blhPS44YxFK%2FmKSQ%2BQ4XZGZRpDUO7IwB9tl1UbGT4V8mqqoFhIbzp6oxSaGxhCyuGZlVO9llz6OvxMPf6ObzKcddVb%2FNkyNTgsB45%2FzeISF%2BfCb9DYDKgJfSPo%2FEMXbAfIrYHz%2Fac8P9%2Bxbowivc%3D
content-length: 0
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1d4/vIoVB82rt54
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/vIoVB82rt54
IP 142.250.74.131:0
Hash 648c239864186e2b4ee32bf581c7ffa3
caac18b5ab0694b5b84bff328983dc2d5e31fa7a
778a77512dda4c547403f02af0511f1bf1f5686d2f15e4107ad0a8dd4ac8f767
POST /s/gts1d4/vIoVB82rt54 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 02:44:41 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1d4/kT3I6WbMx9o
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/kT3I6WbMx9o
IP 142.250.74.131:0
Hash 4252e9105f0269a25e387587841d4d89
41d4b796cfe37b5f7c85248f5c31b6fb58812ea6
b8bf6562c8052404190be5b3c4e6e301fa3a7f97d463fa1711ca793c4aac0a81
POST /s/gts1d4/kT3I6WbMx9o HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 02:44:41 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
lp.popcornlinks.com/0233/?camp=6243&theme=0233&clickid=w3lr79007ki3di9m20ak740c&pub=3ac189c5-7204-4c42-a8b3-8838952bb667&sub_pub_id=(sub_pub_id)&extra=(extra)&country=NO&hash=hbHwUjpHE78P9Z%2Boz0QPwA%2BUuWZVDb28pXXRT3Mru%2F0OPDgxvujyP1TLvGvwrejDjCPmY1%2FhDauOwYa0TYb8cL7blhPS44YxFK%2FmKSQ%2BQ4XZGZRpDUO7IwB9tl1UbGT4V8mqqoFhIbzp6oxSaGxhCyuGZlVO9llz6OvxMPf6ObzKcddVb%2FNkyNTgsB45%2FzeISF%2BfCb9DYDKgJfSPo%2FEMXbAfIrYHz%2Fac8P9%2Bxbowivc%3D
34.120.90.98200 OK 1.3 kB URL HTTP/2 lp.popcornlinks.com/0233/?camp=6243&theme=0233&clickid=w3lr79007ki3di9m20ak740c&pub=3ac189c5-7204-4c42-a8b3-8838952bb667&sub_pub_id=(sub_pub_id)&extra=(extra)&country=NO&hash=hbHwUjpHE78P9Z%2Boz0QPwA%2BUuWZVDb28pXXRT3Mru%2F0OPDgxvujyP1TLvGvwrejDjCPmY1%2FhDauOwYa0TYb8cL7blhPS44YxFK%2FmKSQ%2BQ4XZGZRpDUO7IwB9tl1UbGT4V8mqqoFhIbzp6oxSaGxhCyuGZlVO9llz6OvxMPf6ObzKcddVb%2FNkyNTgsB45%2FzeISF%2BfCb9DYDKgJfSPo%2FEMXbAfIrYHz%2Fac8P9%2Bxbowivc%3D
IP 34.120.90.98:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (6825)
Hash 0c25934fd69a2d65abf5df015c4e1158
3324f565ede8ab61ad3f3af8db119b1d6c4f43fb
f5d11ec7c38a304e2bb3367a56e96638f09c1c6d6902e037548593b585f3291a
GET /0233/?camp=6243&theme=0233&clickid=w3lr79007ki3di9m20ak740c&pub=3ac189c5-7204-4c42-a8b3-8838952bb667&sub_pub_id=(sub_pub_id)&extra=(extra)&country=NO&hash=hbHwUjpHE78P9Z%2Boz0QPwA%2BUuWZVDb28pXXRT3Mru%2F0OPDgxvujyP1TLvGvwrejDjCPmY1%2FhDauOwYa0TYb8cL7blhPS44YxFK%2FmKSQ%2BQ4XZGZRpDUO7IwB9tl1UbGT4V8mqqoFhIbzp6oxSaGxhCyuGZlVO9llz6OvxMPf6ObzKcddVb%2FNkyNTgsB45%2FzeISF%2BfCb9DYDKgJfSPo%2FEMXbAfIrYHz%2Fac8P9%2Bxbowivc%3D HTTP/1.1
Host: lp.popcornlinks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-guploader-uploadid: ADPycdus42RIS2Yw2KFzulUOw3oEQz2Wfaz7fPpHitrxboOh5EFJoTspsUWtPJsqb3VWJU3tyS0QMeMdThDvbZTUlk0p51IVm8hQ
date: Tue, 31 Jan 2023 02:44:41 GMT
cache-control: no-transform
expires: Wed, 31 Jan 2024 02:44:41 GMT
last-modified: Wed, 25 Jan 2023 12:36:19 GMT
etag: "0c25934fd69a2d65abf5df015c4e1158"
x-goog-generation: 1674650179528245
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
x-goog-stored-content-length: 1337
content-type: text/html
content-encoding: gzip
content-language: en
x-goog-hash: crc32c=4P/ejA==, md5=DCWTT9aaLWWr9d8BXE4RWA==
x-goog-storage-class: STANDARD
accept-ranges: bytes
content-length: 1337
server: UploadServer
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1d4/kT3I6WbMx9o
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/kT3I6WbMx9o
IP 142.250.74.131:0
Hash 4252e9105f0269a25e387587841d4d89
41d4b796cfe37b5f7c85248f5c31b6fb58812ea6
b8bf6562c8052404190be5b3c4e6e301fa3a7f97d463fa1711ca793c4aac0a81
POST /s/gts1d4/kT3I6WbMx9o HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 02:44:41 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2772
Expires: Tue, 31 Jan 2023 03:30:53 GMT
Date: Tue, 31 Jan 2023 02:44:41 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2772
Expires: Tue, 31 Jan 2023 03:30:53 GMT
Date: Tue, 31 Jan 2023 02:44:41 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2772
Expires: Tue, 31 Jan 2023 03:30:53 GMT
Date: Tue, 31 Jan 2023 02:44:41 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2772
Expires: Tue, 31 Jan 2023 03:30:53 GMT
Date: Tue, 31 Jan 2023 02:44:41 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2772
Expires: Tue, 31 Jan 2023 03:30:53 GMT
Date: Tue, 31 Jan 2023 02:44:41 GMT
Connection: keep-alive
lp.popcornlinks.com/0233/polyfills.de110f5eb90419cb.js
34.120.90.98200 OK 12 kB URL HTTP/2 lp.popcornlinks.com/0233/polyfills.de110f5eb90419cb.js
IP 34.120.90.98:0
File type ASCII text, with very long lines (33812), with no line terminators
Hash 0f4ef07570e86d3b5eff5d953ab1581f
70fc3fa3291b5beaa8c2767347f163109704c99e
6637677cbd16350f99bac758a70cfa327e887d9875b82165897d37648bd5f40e
GET /0233/polyfills.de110f5eb90419cb.js HTTP/1.1
Host: lp.popcornlinks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lp.popcornlinks.com/0233/?camp=6243&theme=0233&clickid=w3lr79007ki3di9m20ak740c&pub=3ac189c5-7204-4c42-a8b3-8838952bb667&sub_pub_id=(sub_pub_id)&extra=(extra)&country=NO&hash=hbHwUjpHE78P9Z%2Boz0QPwA%2BUuWZVDb28pXXRT3Mru%2F0OPDgxvujyP1TLvGvwrejDjCPmY1%2FhDauOwYa0TYb8cL7blhPS44YxFK%2FmKSQ%2BQ4XZGZRpDUO7IwB9tl1UbGT4V8mqqoFhIbzp6oxSaGxhCyuGZlVO9llz6OvxMPf6ObzKcddVb%2FNkyNTgsB45%2FzeISF%2BfCb9DYDKgJfSPo%2FEMXbAfIrYHz%2Fac8P9%2Bxbowivc%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-guploader-uploadid: ADPycdsclz4_W0OkGmUg1-K4Q7l5Cu-DcpqU35uCtcyQYlyX8eEjFD7QB50ItZgBTn7V-3W2sRJG2k8uYG46vQ9CATUvSn8p6ztE
x-goog-generation: 1674650179547197
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
x-goog-stored-content-length: 11943
content-encoding: gzip
content-language: en
x-goog-hash: crc32c=sLznPQ==, md5=D07wdXDobTte/12VOrFYHw==
x-goog-storage-class: STANDARD
accept-ranges: bytes
content-length: 11943
server: UploadServer
date: Tue, 31 Jan 2023 02:44:41 GMT
expires: Wed, 31 Jan 2024 02:44:41 GMT
cache-control: no-transform
last-modified: Wed, 25 Jan 2023 12:36:19 GMT
etag: "0f4ef07570e86d3b5eff5d953ab1581f"
content-type: application/javascript
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
lp.popcornlinks.com/0233/styles.ef46db3751d8e999.css
34.120.90.98200 OK 32 B URL HTTP/2 lp.popcornlinks.com/0233/styles.ef46db3751d8e999.css
IP 34.120.90.98:0
Hash 2e666d28f1c6ee4f3380325f606eb715
dc71c4c49e1f373a42a67c2c242aa8a32dc00308
6b3b25f9b82e07624f7092d0b3094184e38bc31c312bee4d6e304711bff32092
GET /0233/styles.ef46db3751d8e999.css HTTP/1.1
Host: lp.popcornlinks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lp.popcornlinks.com/0233/?camp=6243&theme=0233&clickid=w3lr79007ki3di9m20ak740c&pub=3ac189c5-7204-4c42-a8b3-8838952bb667&sub_pub_id=(sub_pub_id)&extra=(extra)&country=NO&hash=hbHwUjpHE78P9Z%2Boz0QPwA%2BUuWZVDb28pXXRT3Mru%2F0OPDgxvujyP1TLvGvwrejDjCPmY1%2FhDauOwYa0TYb8cL7blhPS44YxFK%2FmKSQ%2BQ4XZGZRpDUO7IwB9tl1UbGT4V8mqqoFhIbzp6oxSaGxhCyuGZlVO9llz6OvxMPf6ObzKcddVb%2FNkyNTgsB45%2FzeISF%2BfCb9DYDKgJfSPo%2FEMXbAfIrYHz%2Fac8P9%2Bxbowivc%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-guploader-uploadid: ADPycdufpTQDK6gqf4GV0Lm7qJq4EsRkRgwOebSRinjTvGcmOu_opnqnhmnw5UZpW-5crO0tdDioEgMvL5J743SD-RVh9g
x-goog-generation: 1674650179540526
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
x-goog-stored-content-length: 32
content-encoding: gzip
content-language: en
x-goog-hash: crc32c=7uWS8Q==, md5=LmZtKPHG7k8zgDJfYG63FQ==
x-goog-storage-class: STANDARD
accept-ranges: bytes
content-length: 32
server: UploadServer
date: Tue, 31 Jan 2023 02:44:41 GMT
expires: Wed, 31 Jan 2024 02:44:41 GMT
cache-control: no-transform
last-modified: Wed, 25 Jan 2023 12:36:19 GMT
etag: "2e666d28f1c6ee4f3380325f606eb715"
content-type: text/css
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
lp.popcornlinks.com/0233/runtime.040962ed49b21db8.js
34.120.90.98200 OK 654 B URL HTTP/2 lp.popcornlinks.com/0233/runtime.040962ed49b21db8.js
IP 34.120.90.98:0
File type ASCII text, with very long lines (1068), with no line terminators
Hash 116e456e74d84dadc9da576f5a964ea0
3b83e8e0c39eff1932e264c126ed7952a5bf43c4
e12f1696c89a64925e6b82a29d639adaad6719e2d6cd53ed49bf5ccde57af4ae
GET /0233/runtime.040962ed49b21db8.js HTTP/1.1
Host: lp.popcornlinks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lp.popcornlinks.com/0233/?camp=6243&theme=0233&clickid=w3lr79007ki3di9m20ak740c&pub=3ac189c5-7204-4c42-a8b3-8838952bb667&sub_pub_id=(sub_pub_id)&extra=(extra)&country=NO&hash=hbHwUjpHE78P9Z%2Boz0QPwA%2BUuWZVDb28pXXRT3Mru%2F0OPDgxvujyP1TLvGvwrejDjCPmY1%2FhDauOwYa0TYb8cL7blhPS44YxFK%2FmKSQ%2BQ4XZGZRpDUO7IwB9tl1UbGT4V8mqqoFhIbzp6oxSaGxhCyuGZlVO9llz6OvxMPf6ObzKcddVb%2FNkyNTgsB45%2FzeISF%2BfCb9DYDKgJfSPo%2FEMXbAfIrYHz%2Fac8P9%2Bxbowivc%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-guploader-uploadid: ADPycdtj3eMQ0CJ402Is6sb25w2vqNOW1Tfgb9IsJj_atUMyq90TWHgi8UUHrWyZ2_QzSGrG5VCUXZLM66GEPSPUAq5RSqbZzl7x
x-goog-generation: 1674650179544942
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
x-goog-stored-content-length: 654
content-encoding: gzip
content-language: en
x-goog-hash: crc32c=f3rxZQ==, md5=EW5FbnTYTa3J2ldvWpZOoA==
x-goog-storage-class: STANDARD
accept-ranges: bytes
content-length: 654
server: UploadServer
date: Tue, 31 Jan 2023 02:44:41 GMT
expires: Wed, 31 Jan 2024 02:44:41 GMT
cache-control: no-transform
last-modified: Wed, 25 Jan 2023 12:36:19 GMT
etag: "116e456e74d84dadc9da576f5a964ea0"
content-type: application/javascript
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
lp.popcornlinks.com/0233/main.8d0c86f3455120ed.js
34.120.90.98200 OK 66 kB URL HTTP/2 lp.popcornlinks.com/0233/main.8d0c86f3455120ed.js
IP 34.120.90.98:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 0c96df7200fb7e2a10eb9afdd248174b
8fa84ef17cc2198fe28489bafc9d785b3c308a36
ba163f1107312fb8f9922ae440dd4483fe5cc41d1375f1049260e02da602c8f7
GET /0233/main.8d0c86f3455120ed.js HTTP/1.1
Host: lp.popcornlinks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lp.popcornlinks.com/0233/?camp=6243&theme=0233&clickid=w3lr79007ki3di9m20ak740c&pub=3ac189c5-7204-4c42-a8b3-8838952bb667&sub_pub_id=(sub_pub_id)&extra=(extra)&country=NO&hash=hbHwUjpHE78P9Z%2Boz0QPwA%2BUuWZVDb28pXXRT3Mru%2F0OPDgxvujyP1TLvGvwrejDjCPmY1%2FhDauOwYa0TYb8cL7blhPS44YxFK%2FmKSQ%2BQ4XZGZRpDUO7IwB9tl1UbGT4V8mqqoFhIbzp6oxSaGxhCyuGZlVO9llz6OvxMPf6ObzKcddVb%2FNkyNTgsB45%2FzeISF%2BfCb9DYDKgJfSPo%2FEMXbAfIrYHz%2Fac8P9%2Bxbowivc%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-guploader-uploadid: ADPycdu5lec_4uXgJvcsdJM2Fc0Wt2IiWy7RAAgrZSBT5_-yalCpOD5jxhd8ovCBgRZDyiGFKlP5K9kRxKMWfqMC-pe42w
x-goog-generation: 1674650179621718
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
x-goog-stored-content-length: 66500
content-encoding: gzip
content-language: en
x-goog-hash: crc32c=IbIqrA==, md5=DJbfcgD7fioQ65r90kgXSw==
x-goog-storage-class: STANDARD
accept-ranges: bytes
content-length: 66500
server: UploadServer
date: Tue, 31 Jan 2023 02:44:41 GMT
expires: Wed, 31 Jan 2024 02:44:41 GMT
cache-control: no-transform
last-modified: Wed, 25 Jan 2023 12:36:19 GMT
etag: "0c96df7200fb7e2a10eb9afdd248174b"
content-type: application/javascript
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc569de21-1642-45cb-a849-06e0eb6ce398.jpeg
34.120.237.76200 OK 6.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc569de21-1642-45cb-a849-06e0eb6ce398.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 932f9938c0cf6a0073ade7aa5fbe63ee
10b2c53728e16614bc96fbce22e98a135e8fdc16
25c6402614ad4f04d35ea2512b613a5c239609ce03886a22b1a89d62ddf344f1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc569de21-1642-45cb-a849-06e0eb6ce398.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6660
x-amzn-requestid: d1b88b8f-d5c5-4da3-b93a-ade94338e746
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fRa8DFMaIAMF2Sw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d071e6-1fa8a996195c9b3406399769;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 00:03:50 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: HkhlfofiCFusEluIswICaWL-lR_nnmhszPSRTqZL_tRixYUUqlUZ_g==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Mon, 30 Jan 2023 21:49:14 GMT
age: 17727
etag: "10b2c53728e16614bc96fbce22e98a135e8fdc16"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b71db36-11cb-45f6-a296-34813aea1c35.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b71db36-11cb-45f6-a296-34813aea1c35.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4a2d26da68a313cc65958fc2692351c2
798c3538f3147ca77d317676ddd1bf040bd0f93b
76ce30224803d680c0115e987a712ce5552b2760beadf796a96b17439fb20797
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b71db36-11cb-45f6-a296-34813aea1c35.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10898
x-amzn-requestid: e29f8dfc-07d4-4136-afaf-e1e067eea2ab
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fk3zxGshIAMFw5Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d839b1-5e87d2a44722af9e4e86c3d4;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 21:42:09 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: XYo_QvM8GWDyulOtUb5nVjS9PxOinaRJ3lYvCreeqd_9tHI5yv5xcQ==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Mon, 30 Jan 2023 21:48:21 GMT
age: 17780
etag: "798c3538f3147ca77d317676ddd1bf040bd0f93b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F43ae4cd9-2533-48ae-8086-f8fea8a4e269.jpeg
34.120.237.76200 OK 6.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F43ae4cd9-2533-48ae-8086-f8fea8a4e269.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 976dda397f9292a498ca9db5599c0378
dad9e9c3462907a2475046aee36d57f8309cd44e
7ed9ccf2ff75ca53f5ba56a1d2127e0f09b0ae941cad8b042e8df01ad01e614b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F43ae4cd9-2533-48ae-8086-f8fea8a4e269.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6844
x-amzn-requestid: 0542cf46-5045-459f-a35f-f6c0d3f5f7b7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: flZsxH0YIAMF9ew=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d86feb-692d50f710a131df2ee49aa8;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 01:33:31 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: oLMUuQVwUyKMuYAvTkA4wlVDb3-kZjStTJFfUZRb7JwKcK11waY0kQ==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 01:42:39 GMT
age: 3722
etag: "dad9e9c3462907a2475046aee36d57f8309cd44e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4b003bbe-42d9-4014-8fbe-ddff072cc8b4.jpeg
34.120.237.76200 OK 5.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4b003bbe-42d9-4014-8fbe-ddff072cc8b4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 42a648f9d34d8fb703f0b80a52e0deec
7ccefd66211d249ae5266c3b6ae3375a19e5cb6d
a57f8792e8caa2a31045a141d019f53f51b633d5d04baebdae97387740c6639d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4b003bbe-42d9-4014-8fbe-ddff072cc8b4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5903
x-amzn-requestid: f6fca787-17c1-4edd-9ab0-a00e2fccc7a8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fboufGeSoAMF-1g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d487f6-58be6bdc5e3e767e1ea47b86;Sampled=0
x-amzn-remapped-date: Sat, 28 Jan 2023 02:27:02 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: tAR5c5rQD0h5YZ6TU8pZKhUFUf5d0-l794EaYnwwkts3QXPhdYm6vA==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 30 Jan 2023 21:03:25 GMT
age: 20476
etag: "7ccefd66211d249ae5266c3b6ae3375a19e5cb6d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46e30ba8-4b02-4bad-8cbf-1a128aa4376f.jpeg
34.120.237.76200 OK 9.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46e30ba8-4b02-4bad-8cbf-1a128aa4376f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3366ef4f8733cb9c89a5c88f63a0a441
7da46843b6d885f38a4759a08e6c899906ab7b97
7114397ee5c251cc5cb46f3433c2cc17ff68a08e0872e227671198e9b61eba0a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46e30ba8-4b02-4bad-8cbf-1a128aa4376f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9600
x-amzn-requestid: 48094e1a-d550-4a91-b87c-4a08505f7cce
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fVsWcFN7IAMF2pg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d2275c-5ced593a7e2126c9494563df;Sampled=0
x-amzn-remapped-date: Thu, 26 Jan 2023 07:10:20 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: aZOeDFqBJQoGwLpIs-GpPvY0FKGCAOXY6MgzG32qzX-kVzUCKKv-kw==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 00:33:02 GMT
age: 7899
etag: "7da46843b6d885f38a4759a08e6c899906ab7b97"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash f075625a67cefc01c034a3c732ec8023
c3ef563fbf1cf30f75fc931f82426a0f859ccb6d
75ce941806680157fcca91d6074496cbbc7cdcf6da28fa35384273bf9a76d588
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 02:44:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash f075625a67cefc01c034a3c732ec8023
c3ef563fbf1cf30f75fc931f82426a0f859ccb6d
75ce941806680157fcca91d6074496cbbc7cdcf6da28fa35384273bf9a76d588
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 02:44:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash f075625a67cefc01c034a3c732ec8023
c3ef563fbf1cf30f75fc931f82426a0f859ccb6d
75ce941806680157fcca91d6074496cbbc7cdcf6da28fa35384273bf9a76d588
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 02:44:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash f075625a67cefc01c034a3c732ec8023
c3ef563fbf1cf30f75fc931f82426a0f859ccb6d
75ce941806680157fcca91d6074496cbbc7cdcf6da28fa35384273bf9a76d588
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 02:44:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFd2JQEk.woff2
216.58.207.227200 OK 7.7 kB URL HTTP/2 fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFd2JQEk.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 7748, version 1.0\012- data
Hash a09f2fccfee35b7247b08a1a266f0328
0da2d17e738f46d2a09e6fb7969da451719a9820
cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446
GET /s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFd2JQEk.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://lp.popcornlinks.com
Connection: keep-alive
Referer: https://lp.popcornlinks.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7748
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 28 Jan 2023 21:50:07 GMT
expires: Sun, 28 Jan 2024 21:50:07 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 27 Apr 2022 16:10:09 GMT
content-type: font/woff2
age: 190475
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLEj6Z1xlFd2JQEk.woff2
216.58.207.227200 OK 8.0 kB URL HTTP/2 fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLEj6Z1xlFd2JQEk.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 8000, version 1.0\012- data
Hash 72993dddf88a63e8f226656f7de88e57
179f97ec0275f09603a8db94d4380eb584d81cd5
f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149
GET /s/poppins/v20/pxiByp8kv8JHgFVrLEj6Z1xlFd2JQEk.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://lp.popcornlinks.com
Connection: keep-alive
Referer: https://lp.popcornlinks.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 8000
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 29 Jan 2023 12:48:45 GMT
expires: Mon, 29 Jan 2024 12:48:45 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 27 Apr 2022 16:59:03 GMT
content-type: font/woff2
age: 136557
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLDD4Z1xlFd2JQEk.woff2
216.58.207.227200 OK 7.8 kB URL HTTP/2 fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLDD4Z1xlFd2JQEk.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 7824, version 1.0\012- data
Hash af4d371a10271dafeb343f1eace762bc
6d11d743bc3cfb169d70bc86450f18351dc1a905
60bf0aba6526436f3930c58c12047687fbb6bff4dd180cce4613458ed3439ea2
GET /s/poppins/v20/pxiByp8kv8JHgFVrLDD4Z1xlFd2JQEk.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://lp.popcornlinks.com
Connection: keep-alive
Referer: https://lp.popcornlinks.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7824
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 25 Jan 2023 12:24:21 GMT
expires: Thu, 25 Jan 2024 12:24:21 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 27 Apr 2022 16:15:29 GMT
content-type: font/woff2
age: 483621
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecnFHGPc.woff2
216.58.207.227200 OK 7.9 kB URL HTTP/2 fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecnFHGPc.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 7884, version 1.0\012- data
Hash 9212f6f9860f9fc6c69b02fedf6db8c3
ac6d71b4d5fdd2b3dabc9a06ff6c001e4251da0b
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
GET /s/poppins/v20/pxiEyp8kv8JHgFVrJJfecnFHGPc.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://lp.popcornlinks.com
Connection: keep-alive
Referer: https://lp.popcornlinks.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7884
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 30 Jan 2023 06:54:04 GMT
expires: Tue, 30 Jan 2024 06:54:04 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 27 Apr 2022 16:07:00 GMT
content-type: font/woff2
age: 71438
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLDz8Z1xlFd2JQEk.woff2
216.58.207.227200 OK 7.8 kB URL HTTP/2 fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLDz8Z1xlFd2JQEk.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 7840, version 1.0\012- data
Hash 8d91ec1ca2d8b56640a47117e313a3e9
a9e9bafe64666f4595051a0e895b47a5fa39e67e
78bc3aa78faec288bbb3bf26c9a0fa4eb67b1e69da94a17233c5cab60525efdb
GET /s/poppins/v20/pxiByp8kv8JHgFVrLDz8Z1xlFd2JQEk.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://lp.popcornlinks.com
Connection: keep-alive
Referer: https://lp.popcornlinks.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7840
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 30 Jan 2023 18:03:20 GMT
expires: Tue, 30 Jan 2024 18:03:20 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 27 Apr 2022 16:05:46 GMT
content-type: font/woff2
age: 31282
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash f075625a67cefc01c034a3c732ec8023
c3ef563fbf1cf30f75fc931f82426a0f859ccb6d
75ce941806680157fcca91d6074496cbbc7cdcf6da28fa35384273bf9a76d588
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 02:44:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
scided-mington.com/redirect?target=BASE64aHR0cHM6Ly9nby5nb3ZvZC5jby82MjQzLzUwMTUvP2NsaWNraWQ9dzNscjc5MDA3a2kzZGk5bTIwYWs3NDBjJnB1Yj0zYWMxODljNS03MjA0LTRjNDItYThiMy04ODM4OTUyYmI2Njcmc3ViX3B1Yl9pZD0oc3ViX3B1Yl9pZCkmZXh0cmE9KGV4dHJhKQ&ts=1675133080739&hash=haGqJI0eew1a2a3w6B4pYjc9shFRrZYMXqrXUj-nOEg&rm=DJ
18.195.174.160200 OK 4.2 kB URL HTTP/2 scided-mington.com/redirect?target=BASE64aHR0cHM6Ly9nby5nb3ZvZC5jby82MjQzLzUwMTUvP2NsaWNraWQ9dzNscjc5MDA3a2kzZGk5bTIwYWs3NDBjJnB1Yj0zYWMxODljNS03MjA0LTRjNDItYThiMy04ODM4OTUyYmI2Njcmc3ViX3B1Yl9pZD0oc3ViX3B1Yl9pZCkmZXh0cmE9KGV4dHJhKQ&ts=1675133080739&hash=haGqJI0eew1a2a3w6B4pYjc9shFRrZYMXqrXUj-nOEg&rm=DJ
IP 18.195.174.160:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (660), with CRLF line terminators
Hash 4f42faa689177bb188c963b2bf0c94a2
0debc4725d85ad9847134f6af4a2a6ba68e0b0f4
5da235d16b82e1dba26d45a78a108f22802476300aa89bf9e7152b16eb4b6f3a
GET /redirect?target=BASE64aHR0cHM6Ly9nby5nb3ZvZC5jby82MjQzLzUwMTUvP2NsaWNraWQ9dzNscjc5MDA3a2kzZGk5bTIwYWs3NDBjJnB1Yj0zYWMxODljNS03MjA0LTRjNDItYThiMy04ODM4OTUyYmI2Njcmc3ViX3B1Yl9pZD0oc3ViX3B1Yl9pZCkmZXh0cmE9KGV4dHJhKQ&ts=1675133080739&hash=haGqJI0eew1a2a3w6B4pYjc9shFRrZYMXqrXUj-nOEg&rm=DJ HTTP/1.1
Host: scided-mington.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: cc-v4=j4Mzax09eOFAU9O2gDA1u87nij2R5Q7dB0aabnet%2BkjnLGXkPOzNU%2F8BOMIjg0RoS5leyyXI3zjL4miXr%2BWv%2BonM%2B0w5eOS8yj5awm2SnpMBPziI7PbDcvJI%2BZdyYE9L6G8h%2Fk72P5nODD%2BUgbLPjg%3D%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 31 Jan 2023 02:44:40 GMT
content-type: text/html;charset=UTF-8
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1d4/jEC2BEoxFHg
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/jEC2BEoxFHg
IP 142.250.74.131:0
Hash 6bc00ca3a9461db6b092bf4d5141e166
e8fc96ed23cb50746787c096caf4880faf7bdbaf
840db3a0e3692d72b95a5d8a349ab8841730bdbc31e93a07ae996d92da0004eb
POST /s/gts1d4/jEC2BEoxFHg HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 02:44:42 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 3be0a8063947b38f044d3ad61ad67098
55558c6caee5d10a0e88293532c312da5ccf4368
aed8aa23af8a1f490a8cf7371872b9866c8d061c96383acc89b32693fff9044a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AED8AA23AF8A1F490A8CF7371872B9866C8D061C96383ACC89B32693FFF9044A"
Last-Modified: Sat, 28 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3717
Expires: Tue, 31 Jan 2023 03:46:39 GMT
Date: Tue, 31 Jan 2023 02:44:42 GMT
Connection: keep-alive
static.neopush.io/sdk/sdk.js
23.88.7.145200 OK 27 kB URL HTTP/1.1 static.neopush.io/sdk/sdk.js
IP 23.88.7.145:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (26964), with no line terminators
Hash ab346442eb95b8521b6bf63c72e50db7
203122d51e46b3c1aa10548f0072af2189f3ce0b
ab60c16ff9f9bc6a87547c5814ce7715eb6ec29c68ea18d87b6457415fcb126f
GET /sdk/sdk.js HTTP/1.1
Host: static.neopush.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lp.popcornlinks.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Tue, 31 Jan 2023 02:44:42 GMT
Content-Type: application/javascript
Content-Length: 26964
Last-Modified: Wed, 11 Jan 2023 08:03:00 GMT
Connection: keep-alive
ETag: "63be6d34-6954"
Accept-Ranges: bytes
srv.popcornlinks.com/rest/client/getCountryInfo/NO
130.211.31.128200 OK 78 B URL HTTP/2 srv.popcornlinks.com/rest/client/getCountryInfo/NO
IP 130.211.31.128:0
File type JSON data\012- , ASCII text, with no line terminators
Hash b341e94426d33762a2495bebce00e4b9
c12eb9bf99f6cbdbda1b2a564b748ce8925f46fe
49f0f1abac5a097ffb8be8668759e82ef16d985d685c436873807de97f596fb7
GET /rest/client/getCountryInfo/NO HTTP/1.1
Host: srv.popcornlinks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lp.popcornlinks.com
Connection: keep-alive
Referer: https://lp.popcornlinks.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Tue, 31 Jan 2023 02:44:42 GMT
server: Apache/2.4.54 (Debian)
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
access-control-allow-origin: *
access-control-allow-credentials: true
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
x-frame-options: DENY
content-type: application/json
content-length: 78
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1d4/jEC2BEoxFHg
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/jEC2BEoxFHg
IP 142.250.74.131:0
Hash 6bc00ca3a9461db6b092bf4d5141e166
e8fc96ed23cb50746787c096caf4880faf7bdbaf
840db3a0e3692d72b95a5d8a349ab8841730bdbc31e93a07ae996d92da0004eb
POST /s/gts1d4/jEC2BEoxFHg HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 02:44:42 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 65c399df1e81b033c5681a9eb74fd920
8f9d41b97bcf1bd65c9a9ef927e47c724659d57d
bc88e421d369fe9b68263e50c10dd8a4d1d067dd1ce13fd4dfcc63054cf40830
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BC88E421D369FE9B68263E50C10DD8A4D1D067DD1CE13FD4DFCC63054CF40830"
Last-Modified: Sat, 28 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9335
Expires: Tue, 31 Jan 2023 05:20:17 GMT
Date: Tue, 31 Jan 2023 02:44:42 GMT
Connection: keep-alive
api.neopush.io/np/v1/config?si=1ed7afce-7740-6100-e1ef-1a6e500f3969
23.88.7.145200 OK 372 B URL HTTP/1.1 api.neopush.io/np/v1/config?si=1ed7afce-7740-6100-e1ef-1a6e500f3969
IP 23.88.7.145:0
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , ASCII text, with very long lines (372), with no line terminators
Hash d3e2459bce86860473418ba88bb704a4
7124bda6ee73606a919e870c99c29e76ed0669bc
ed925d1008f9e0447ab2d39fd17062d1bb1c7bac7c407563284aa81a3926f108
GET /np/v1/config?si=1ed7afce-7740-6100-e1ef-1a6e500f3969 HTTP/1.1
Host: api.neopush.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lp.popcornlinks.com/
Origin: https://lp.popcornlinks.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Tue, 31 Jan 2023 02:44:42 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 372
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: https://lp.popcornlinks.com
Vary: Origin
ETag: W/"174-cSS9pu5zYGqRnocMmcKedu0Gabw"
srv.popcornlinks.com/rest/client/trackingdata
130.211.31.128200 OK 0 B URL HTTP/2 srv.popcornlinks.com/rest/client/trackingdata
IP 130.211.31.128:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /rest/client/trackingdata HTTP/1.1
Host: srv.popcornlinks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://lp.popcornlinks.com/
Origin: https://lp.popcornlinks.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Tue, 31 Jan 2023 02:44:42 GMT
server: Apache/2.4.54 (Debian)
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
access-control-allow-origin: *
access-control-allow-methods: OPTIONS,HEAD,GET,PUT,POST,DELETE,PATCH
access-control-allow-headers: content-type
access-control-allow-credentials: true
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
x-frame-options: DENY
content-length: 0
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
static.neopush.io/sdk/serviceWorker.js
23.88.7.145200 OK 3.6 kB URL HTTP/1.1 static.neopush.io/sdk/serviceWorker.js
IP 23.88.7.145:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (3589), with no line terminators
Hash b7d2aaf6ea01ce6f51443921345e48f8
dede12d50b78ed81271c3a78e2364d199822e4f2
69b77c376d68f7bde92271ed7945aec4db4d53f748dc07f72b9e7262a86072cb
GET /sdk/serviceWorker.js HTTP/1.1
Host: static.neopush.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lp.popcornlinks.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Tue, 31 Jan 2023 02:44:42 GMT
Content-Type: application/javascript
Content-Length: 3589
Last-Modified: Wed, 11 Jan 2023 08:03:00 GMT
Connection: keep-alive
ETag: "63be6d34-e05"
Accept-Ranges: bytes
api.neopush.io/np/v1/report
23.88.7.145204 No Content 0 B URL HTTP/1.1 api.neopush.io/np/v1/report
IP 23.88.7.145:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /np/v1/report HTTP/1.1
Host: api.neopush.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://lp.popcornlinks.com/
Origin: https://lp.popcornlinks.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.18.0 (Ubuntu)
Date: Tue, 31 Jan 2023 02:44:42 GMT
Content-Length: 0
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: https://lp.popcornlinks.com
Vary: Origin, Access-Control-Request-Headers
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Headers: content-type
api.neopush.io/np/v1/report
23.88.7.145201 Created 66 B URL HTTP/1.1 api.neopush.io/np/v1/report
IP 23.88.7.145:0
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash da8e2dcef479d8756e152b11a4cfa4a0
ad54483ecbd3662ae81943a02ad26c2cc4ee4ea0
591b7cabaad1ea57c22c979042333c4e9f31eec447911a473f8da41a572ab123
POST /np/v1/report HTTP/1.1
Host: api.neopush.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lp.popcornlinks.com/
Content-Type: application/json
Origin: https://lp.popcornlinks.com
Content-Length: 117
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 201 Created
Server: nginx/1.18.0 (Ubuntu)
Date: Tue, 31 Jan 2023 02:44:43 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 66
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: https://lp.popcornlinks.com
Vary: Origin
ETag: W/"42-rVRIPsvTZiroGUOgKtJsLMTuTqA"
api.neopush.io/np/v1/v_event
23.88.7.145204 No Content 0 B URL HTTP/1.1 api.neopush.io/np/v1/v_event
IP 23.88.7.145:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /np/v1/v_event HTTP/1.1
Host: api.neopush.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://lp.popcornlinks.com/
Origin: https://lp.popcornlinks.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.18.0 (Ubuntu)
Date: Tue, 31 Jan 2023 02:44:43 GMT
Content-Length: 0
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: https://lp.popcornlinks.com
Vary: Origin, Access-Control-Request-Headers
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Headers: content-type
api.neopush.io/np/v1/v_event
23.88.7.145204 No Content 0 B URL HTTP/1.1 api.neopush.io/np/v1/v_event
IP 23.88.7.145:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /np/v1/v_event HTTP/1.1
Host: api.neopush.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://lp.popcornlinks.com/
Origin: https://lp.popcornlinks.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.18.0 (Ubuntu)
Date: Tue, 31 Jan 2023 02:44:43 GMT
Content-Length: 0
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: https://lp.popcornlinks.com
Vary: Origin, Access-Control-Request-Headers
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Headers: content-type
api.neopush.io/np/v1/v_event
23.88.7.145201 Created 15 B URL HTTP/1.1 api.neopush.io/np/v1/v_event
IP 23.88.7.145:0
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash 0c776997933eb60833b37beaf43814c8
bff63526eb02853c6b414ccfb4d00ac9ca283930
3d23d39a30bb7323f8ccfd64c52cf286138fba4f83e78f7edcf66703b7c23aaa
POST /np/v1/v_event HTTP/1.1
Host: api.neopush.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lp.popcornlinks.com/
Content-Type: application/json
Origin: https://lp.popcornlinks.com
Content-Length: 129
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 201 Created
Server: nginx/1.18.0 (Ubuntu)
Date: Tue, 31 Jan 2023 02:44:43 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 15
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: https://lp.popcornlinks.com
Vary: Origin
ETag: W/"f-v/Y1JusChTxrQUzPtNAKycooOTA"
api.neopush.io/np/v1/v_event
23.88.7.145201 Created 15 B URL HTTP/1.1 api.neopush.io/np/v1/v_event
IP 23.88.7.145:0
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash 0c776997933eb60833b37beaf43814c8
bff63526eb02853c6b414ccfb4d00ac9ca283930
3d23d39a30bb7323f8ccfd64c52cf286138fba4f83e78f7edcf66703b7c23aaa
POST /np/v1/v_event HTTP/1.1
Host: api.neopush.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lp.popcornlinks.com/
Content-Type: application/json
Origin: https://lp.popcornlinks.com
Content-Length: 130
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 201 Created
Server: nginx/1.18.0 (Ubuntu)
Date: Tue, 31 Jan 2023 02:44:43 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 15
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: https://lp.popcornlinks.com
Vary: Origin
ETag: W/"f-v/Y1JusChTxrQUzPtNAKycooOTA"
c.clarity.ms/c.gif
20.234.93.27302 Found 0 B IP 20.234.93.27:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /c.gif HTTP/1.1
Host: c.clarity.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lp.popcornlinks.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
location: https://c.bing.com/c.gif?CtsSyncId=3CD52D2EEEF1442A84CDA65CA79C3EA0&RedC=c.clarity.ms&MXFR=39DA13576613657D364301FD62136B33
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
set-cookie: SM=T; domain=c.clarity.ms; path=/; SameSite=None; Secure;
MUID=39DA13576613657D364301FD62136B33; domain=.clarity.ms; expires=Sun, 25-Feb-2024 02:44:43 GMT; path=/; SameSite=None; Secure; Priority=High;
date: Tue, 31 Jan 2023 02:44:43 GMT
content-length: 0
X-Firefox-Spdy: h2
c.bing.com/c.gif?CtsSyncId=3CD52D2EEEF1442A84CDA65CA79C3EA0&RedC=c.clarity.ms&MXFR=39DA13576613657D364301FD62136B33
204.79.197.200302 Found 0 B URL HTTP/2 c.bing.com/c.gif?CtsSyncId=3CD52D2EEEF1442A84CDA65CA79C3EA0&RedC=c.clarity.ms&MXFR=39DA13576613657D364301FD62136B33
IP 204.79.197.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /c.gif?CtsSyncId=3CD52D2EEEF1442A84CDA65CA79C3EA0&RedC=c.clarity.ms&MXFR=39DA13576613657D364301FD62136B33 HTTP/1.1
Host: c.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lp.popcornlinks.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
location: https://c.clarity.ms/c.gif?CtsSyncId=3CD52D2EEEF1442A84CDA65CA79C3EA0&MUID=288FB45FE32D6B073656A6F5E2D86AF1
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
set-cookie: SRM_B=288FB45FE32D6B073656A6F5E2D86AF1; domain=c.bing.com; expires=Sun, 25-Feb-2024 02:44:43 GMT; path=/; SameSite=None; Secure;
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 637D4AD3E7A642A087AF1A7C68F87824 Ref B: OSL30EDGE0115 Ref C: 2023-01-31T02:44:43Z
date: Tue, 31 Jan 2023 02:44:43 GMT
content-length: 0
X-Firefox-Spdy: h2
c.clarity.ms/c.gif?CtsSyncId=3CD52D2EEEF1442A84CDA65CA79C3EA0&MUID=288FB45FE32D6B073656A6F5E2D86AF1
20.234.93.27200 OK 42 B URL HTTP/2 c.clarity.ms/c.gif?CtsSyncId=3CD52D2EEEF1442A84CDA65CA79C3EA0&MUID=288FB45FE32D6B073656A6F5E2D86AF1
IP 20.234.93.27:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type GIF image data, version 89a, 1 x 1\012- data
Hash 32023bb33cfb2a1990a4ef2d85b6ac16
23dcc6d4b5bfe00357fd0248bb5955b8e36bb8f1
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
GET /c.gif?CtsSyncId=3CD52D2EEEF1442A84CDA65CA79C3EA0&MUID=288FB45FE32D6B073656A6F5E2D86AF1 HTTP/1.1
Host: c.clarity.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lp.popcornlinks.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
content-type: image/gif
last-modified: Tue, 17 Jan 2023 20:36:49 GMT
accept-ranges: bytes
etag: "b1c8df6cb32ad91:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
set-cookie: ANONCHK=0; domain=c.clarity.ms; expires=Tue, 31-Jan-2023 02:54:43 GMT; path=/; SameSite=None; Secure;
date: Tue, 31 Jan 2023 02:44:43 GMT
content-length: 42
X-Firefox-Spdy: h2
d.clarity.ms/collect
40.76.174.66204 No Content 0 B IP 40.76.174.66:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /collect HTTP/1.1
Host: d.clarity.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 33595
Origin: https://lp.popcornlinks.com
Connection: keep-alive
Referer: https://lp.popcornlinks.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
vary: Origin
server: Microsoft-IIS/10.0
request-context: appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111
access-control-allow-origin: https://lp.popcornlinks.com
access-control-allow-credentials: true
date: Tue, 31 Jan 2023 02:44:43 GMT
X-Firefox-Spdy: h2
d.clarity.ms/collect
40.76.174.66204 No Content 0 B IP 40.76.174.66:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /collect HTTP/1.1
Host: d.clarity.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 295
Origin: https://lp.popcornlinks.com
Connection: keep-alive
Referer: https://lp.popcornlinks.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
vary: Origin
server: Microsoft-IIS/10.0
request-context: appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111
access-control-allow-origin: https://lp.popcornlinks.com
access-control-allow-credentials: true
date: Tue, 31 Jan 2023 02:44:44 GMT
X-Firefox-Spdy: h2
d.clarity.ms/collect
40.76.174.66204 No Content 0 B IP 40.76.174.66:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /collect HTTP/1.1
Host: d.clarity.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 286
Origin: https://lp.popcornlinks.com
Connection: keep-alive
Referer: https://lp.popcornlinks.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
vary: Origin
server: Microsoft-IIS/10.0
request-context: appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111
access-control-allow-origin: https://lp.popcornlinks.com
access-control-allow-credentials: true
date: Tue, 31 Jan 2023 02:44:47 GMT
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffea501ff-acf4-4b37-aa0a-baf417cf3694.jpeg
34.120.237.76200 OK 5.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffea501ff-acf4-4b37-aa0a-baf417cf3694.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 60fc180ec5b99ac357db8775775c3c11
c9856a488e82bc330881377528bf2e53274ef5f3
a31fd6fc84f79b0f5fb79cccf490ddf61eb58bdaf57ca27f57a911332e550d11
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffea501ff-acf4-4b37-aa0a-baf417cf3694.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 5394
x-amzn-requestid: 16d876fb-0afd-4b5d-b19e-1029506fd6f6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fIgq2E4CIAMFiFA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cce178-1f08dc2105b6e182677004e7;Sampled=0
x-amzn-remapped-date: Sun, 22 Jan 2023 07:10:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 36E3JCGqpkeMmb_fzM0DTb24ElUMGDdikE1IdqQABDlbT28XRs7B-w==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 30 Jan 2023 11:52:37 GMT
age: 53531
etag: "c9856a488e82bc330881377528bf2e53274ef5f3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
scided-mington.com/zp-redirect?target=https%3A%2F%2Fgo.govod.co%2F6243%2F5015%2F%3Fclickid%3Dw3lr79007ki3di9m20ak740c%26pub%3D3ac189c5-7204-4c42-a8b3-8838952bb667%26sub_pub_id%3D%28sub_pub_id%29%26extra%3D%28extra%29&caid=3ac189c5-7204-4c42-a8b3-8838952bb667&zpid=354a2148-a111-11ed-951e-129f7280bd6f&cid=w3lr79007ki3di9m20ak740c&rt=DJ
18.195.174.160200 OK 0 B URL HTTP/2 scided-mington.com/zp-redirect?target=https%3A%2F%2Fgo.govod.co%2F6243%2F5015%2F%3Fclickid%3Dw3lr79007ki3di9m20ak740c%26pub%3D3ac189c5-7204-4c42-a8b3-8838952bb667%26sub_pub_id%3D%28sub_pub_id%29%26extra%3D%28extra%29&caid=3ac189c5-7204-4c42-a8b3-8838952bb667&zpid=354a2148-a111-11ed-951e-129f7280bd6f&cid=w3lr79007ki3di9m20ak740c&rt=DJ
IP 18.195.174.160:0
GET /zp-redirect?target=https%3A%2F%2Fgo.govod.co%2F6243%2F5015%2F%3Fclickid%3Dw3lr79007ki3di9m20ak740c%26pub%3D3ac189c5-7204-4c42-a8b3-8838952bb667%26sub_pub_id%3D%28sub_pub_id%29%26extra%3D%28extra%29&caid=3ac189c5-7204-4c42-a8b3-8838952bb667&zpid=354a2148-a111-11ed-951e-129f7280bd6f&cid=w3lr79007ki3di9m20ak740c&rt=DJ HTTP/1.1
Host: scided-mington.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://orest-vlv.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 31 Jan 2023 02:44:40 GMT
content-type: text/html;charset=UTF-8
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
set-cookie: cc-v4=j4Mzax09eOFAU9O2gDA1u87nij2R5Q7dB0aabnet%2BkjnLGXkPOzNU%2F8BOMIjg0RoS5leyyXI3zjL4miXr%2BWv%2BonM%2B0w5eOS8yj5awm2SnpMBPziI7PbDcvJI%2BZdyYE9L6G8h%2Fk72P5nODD%2BUgbLPjg%3D%3D; Max-Age=31536000; Expires=Wed, 31-Jan-2024 02:44:40 GMT; Domain=scided-mington.com; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2
www.clarity.ms/tag/bwtaqwyp9a
13.107.238.53200 OK 0 B URL HTTP/2 www.clarity.ms/tag/bwtaqwyp9a
IP 13.107.238.53:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
GET /tag/bwtaqwyp9a HTTP/1.1
Host: www.clarity.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lp.popcornlinks.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: no-cache, no-store
content-type: application/x-javascript
expires: -1
set-cookie: CLID=fdc97dd8d1aa42288ca3deb791dba61e.20230131.20240131; expires=Wed, 31 Jan 2024 02:44:43 GMT; path=/; secure; samesite=none; httponly
request-context: appId=cid-v1:3f60b293-70d6-4805-b0bb-3484f0a73bf0
x-cache: CONFIG_NOCACHE
x-azure-ref: 0m4DYYwAAAAD2LkiOvLtYT5g5U90zxpg1Q1BIMzBFREdFMDQxMAA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
date: Tue, 31 Jan 2023 02:44:43 GMT
X-Firefox-Spdy: h2
www.clarity.ms/eus/s/0.7.1/clarity.js
13.107.238.53200 OK 0 B URL HTTP/2 www.clarity.ms/eus/s/0.7.1/clarity.js
IP 13.107.238.53:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
GET /eus/s/0.7.1/clarity.js HTTP/1.1
Host: www.clarity.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lp.popcornlinks.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public,max-age=86400
content-type: application/javascript;charset=utf-8
content-encoding: br
last-modified: Wed, 01 Jun 2022 12:22:22 GMT
accept-ranges: bytes
etag: "1d933d16af8439e"
server: Microsoft-IIS/10.0
x-cache: TCP_HIT
request-context: appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111
x-azure-ref-originshield: 0b8rXYwAAAACXKaxCtf+qTpdydoK8z4WCRlJBMjMxMDUwNDE4MDE3ADZjZmJlZWUwLTUwMjctNDg0Yi04OTY3LTRhMjlhZjc3ZjFlMQ==
x-azure-ref: 0m4DYYwAAAABpN9NgA2gxRa0T9x1VCX3eQ1BIMzBFREdFMDQxMAA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
date: Tue, 31 Jan 2023 02:44:43 GMT
X-Firefox-Spdy: h2