firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 050bfd0155f265780e88dabcdde8b147
93ff7f46889322c0e9dbd3f4695e4c6a7fefe08f
9f3db0b3c51195b5313122d984f5f5f62b2df0f1d818eafefaa8b73e15914038
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Backoff, Alert, Retry-After, Content-Length, Content-Type
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 25 Oct 2022 00:53:04 GMT
Expires: Tue, 25 Oct 2022 01:41:48 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 6a757ab2991da716151f94ca00b38098.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: PNAbEG0U6WKEIH1hGcNkVpgaORzkB_-CdEFg5416YcOmavQKT3zGyQ==
Age: 551
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 73c4166ca864f777db2cc1cd8658a7c2
c56b66b0b7c8516d4d5bfafe0c166711c78f3d25
310c633350812c064e159275b6dbbdba6d6a5991a54ccfcc23459320c6513572
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "310C633350812C064E159275B6DBBDBA6D6A5991A54CCFCC23459320C6513572"
Last-Modified: Sat, 22 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2346
Expires: Tue, 25 Oct 2022 01:41:21 GMT
Date: Tue, 25 Oct 2022 01:02:15 GMT
Connection: keep-alive
go.monetizer.mobi/?utm_medium=ec4eee60be986151ad56a07d62a9c3fe7802b9db&utm_campaign=mainstream2021&1=1&cid=166cf6b0-f68c-4b86-8bbb-fd08d8f3144b
200 Let's rock 1.5 kB URL HTTP/1.1 go.monetizer.mobi/?utm_medium=ec4eee60be986151ad56a07d62a9c3fe7802b9db&utm_campaign=mainstream2021&1=1&cid=166cf6b0-f68c-4b86-8bbb-fd08d8f3144b
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3332), with no line terminators
Hash 87b22aa197537e73dc54f29ab51c37ce
29f14a41967e843b6ca23c94934d25091f23887b
e3642dbeb8cac216caf357e55ae1173cb4b59fc8c0e0ff9632d94568153cd98e
GET /?utm_medium=ec4eee60be986151ad56a07d62a9c3fe7802b9db&utm_campaign=mainstream2021&1=1&cid=166cf6b0-f68c-4b86-8bbb-fd08d8f3144b HTTP/1.1
Host: go.monetizer.mobi
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 Let's rock
Server: nginx
Date: Tue, 25 Oct 2022 01:02:15 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/8.1.9
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: u=8c173de07915d737a2f3db8eefb7d0f1; expires=Wed, 25-Oct-2023 01:02:15 GMT; Max-Age=31536000; path=/
Location: http://go.monetizer.mobi/?utm_term=7158249055401803845&ver=4viyaptcjo
Content-Encoding: gzip
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash ae56efd62a0d9249d98573172eb8b28b
5ff4e9959be677ad76c26ca73f9ef4feb9fa2f28
82d9ee4948fce839f7edb1f8490c4213cded3912464a4169b0bf6a61278694bd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "82D9EE4948FCE839F7EDB1F8490C4213CDED3912464A4169B0BF6A61278694BD"
Last-Modified: Sat, 22 Oct 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6315
Expires: Tue, 25 Oct 2022 02:47:31 GMT
Date: Tue, 25 Oct 2022 01:02:16 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: t+ubTpGsoC1+JaBCL54Wad4h6KS9VMoEGbSu8iXcTFC5MEgSgLsF+ZFVCl8gytfiu9bRY/bB9jU=
x-amz-request-id: CD1GPQKVQJSD0TFS
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 25 Oct 2022 00:08:43 GMT
age: 3213
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 25 Oct 2022 01:02:16 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
go.monetizer.mobi/?utm_term=7158249055401803845&ver=4viyaptcjo&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78584bfb988b1bfb98cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f097979b8790cacbf9c9fffdf4fdc2f2f0f3f2c7c4c5dadbecebedefefefeae5e5e9e7e5e4e119135e
200 OK 3.2 kB URL HTTP/1.1 go.monetizer.mobi/?utm_term=7158249055401803845&ver=4viyaptcjo&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78584bfb988b1bfb98cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f097979b8790cacbf9c9fffdf4fdc2f2f0f3f2c7c4c5dadbecebedefefefeae5e5e9e7e5e4e119135e
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4727)
Hash 0a66a5557a0a3c334942235dff5c9550
71c5d5ac65bec9965adfe8d1ae82b99b1fc0b69f
fa9eff66847361e8b5206ddbe2cc03df8e6523e4e273064ab8746a58a178a969
GET /?utm_term=7158249055401803845&ver=4viyaptcjo&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78584bfb988b1bfb98cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f097979b8790cacbf9c9fffdf4fdc2f2f0f3f2c7c4c5dadbecebedefefefeae5e5e9e7e5e4e119135e HTTP/1.1
Host: go.monetizer.mobi
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://go.monetizer.mobi/?utm_medium=ec4eee60be986151ad56a07d62a9c3fe7802b9db&utm_campaign=mainstream2021&1=1&cid=166cf6b0-f68c-4b86-8bbb-fd08d8f3144b
Cookie: u=8c173de07915d737a2f3db8eefb7d0f1
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 25 Oct 2022 01:02:16 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/8.1.9
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Encoding: gzip
go.monetizer.mobi/proc.php?029f43eac17895815c6c0cf6e10a195d9c770b40
200 Let's rock 1.6 kB URL HTTP/1.1 go.monetizer.mobi/proc.php?029f43eac17895815c6c0cf6e10a195d9c770b40
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3576), with no line terminators
Hash 724658cf80a6b49e043d6e897217a284
880ff57540bb60d01cabb4a0868d7e5831ecba5e
3fdaa5c8c59518787972dc7ef102373237d44df7243c87b24fba284803b42600
GET /proc.php?029f43eac17895815c6c0cf6e10a195d9c770b40 HTTP/1.1
Host: go.monetizer.mobi
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://go.monetizer.mobi/?utm_term=7158249055401803845&ver=4viyaptcjo&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78584bfb988b1bfb98cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f097979b8790cacbf9c9fffdf4fdc2f2f0f3f2c7c4c5dadbecebedefefefeae5e5e9e7e5e4e119135e
Cookie: u=8c173de07915d737a2f3db8eefb7d0f1
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 Let's rock
Server: nginx
Date: Tue, 25 Oct 2022 01:02:16 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/8.1.9
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7158249055401803845&website=797-403c551a&placement=797
Content-Encoding: gzip
www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7158249055401803845&website=797-403c551a&placement=797&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5daefeaeaeeeceee5e4e6e8e0e4e7e0e61266
200 OK 5.2 kB URL HTTP/1.1 www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7158249055401803845&website=797-403c551a&placement=797&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5daefeaeaeeeceee5e4e6e8e0e4e7e0e61266
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3750)
Hash bd13c56cf604fbb1191fc28230d1993a
89b80c2e0e3079980eb8cf64ecc79f474fa96b2d
4a94fb2d2cca14c413ad17b8a52dfbccf6dccedadde7a993e4c85c7f946cb65e
GET /?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7158249055401803845&website=797-403c551a&placement=797&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5daefeaeaeeeceee5e4e6e8e0e4e7e0e61266 HTTP/1.1
Host: www.wewillserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://go.monetizer.mobi/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 25 Oct 2022 01:02:16 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-transform
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Tue, 25 Oct 2022 00:33:32 GMT
Expires: Tue, 25 Oct 2022 01:01:24 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 83a23d85c009b0c0e3626072e9f997fe.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: EEuiPk6Dg9Tm4ApYpfVXL-HL0gecUC4fG5UI6xdBckRwULzpl2iIxw==
Age: 1724
www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7158249055401803845&website=797-403c551a&placement=797&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5daefeaeaeeeceee5e4e6e8e0e4e7e0e61266&eyeg=03bb92c872a36eff14033f56dfc7f842&eyer=0.2727655702255274&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef=go.monetizer.mobi
302 Found 0 B URL HTTP/1.1 www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7158249055401803845&website=797-403c551a&placement=797&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5daefeaeaeeeceee5e4e6e8e0e4e7e0e61266&eyeg=03bb92c872a36eff14033f56dfc7f842&eyer=0.2727655702255274&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef=go.monetizer.mobi
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7158249055401803845&website=797-403c551a&placement=797&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5daefeaeaeeeceee5e4e6e8e0e4e7e0e61266&eyeg=03bb92c872a36eff14033f56dfc7f842&eyer=0.2727655702255274&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef=go.monetizer.mobi HTTP/1.1
Host: www.wewillserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Found
Date: Tue, 25 Oct 2022 01:02:16 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-transform
Location: https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7158249055401803845&website=797-403c551a&placement=797&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5daefeaeaeeeceee5e4e6e8e0e4e7e0e61266&eyeg=3&eyer=0.2727655702255274&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef=go.monetizer.mobi
www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7158249055401803845&website=797-403c551a&placement=797&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5daefeaeaeeeceee5e4e6e8e0e4e7e0e61266&eyeg=3&eyer=0.2727655702255274&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef=go.monetizer.mobi
302 Found 0 B URL HTTP/1.1 www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7158249055401803845&website=797-403c551a&placement=797&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5daefeaeaeeeceee5e4e6e8e0e4e7e0e61266&eyeg=3&eyer=0.2727655702255274&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef=go.monetizer.mobi
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7158249055401803845&website=797-403c551a&placement=797&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5daefeaeaeeeceee5e4e6e8e0e4e7e0e61266&eyeg=3&eyer=0.2727655702255274&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef=go.monetizer.mobi HTTP/1.1
Host: www.wewillserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Found
Date: Tue, 25 Oct 2022 01:02:16 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-transform
Location: https://admoustache.go2affise.com/sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=33000477ecd454b021fb6a82250aea201ebad1025-202210-flb*5467509-4538f*M7158249055401803845*sl_5467509-4538f*b10de4e6b5b1e5a76de1ee3321cf00259fe8ac8d*797-403c551a*797
ocsp.digicert.com/
200 OK 471 B IP
Hash 7c6fdc8e76ef5875b5c965ade2df503e
45d548aa2a9d7ede163743274790700878eaea62
d2ff6eacd48af4892a2642e5d7bb925ca683062139f5a5cb4047f6f706830618
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1165
Cache-Control: max-age=113033
Content-Type: application/ocsp-response
Date: Tue, 25 Oct 2022 01:02:17 GMT
Etag: "63564795-1d7"
Expires: Wed, 26 Oct 2022 08:26:10 GMT
Last-Modified: Mon, 24 Oct 2022 08:06:45 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 471
www.wewillserv.com/favicon.ico
204 No Content 0 B URL HTTP/1.1 www.wewillserv.com/favicon.ico
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: www.wewillserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 204 No Content
Server: openresty
Date: Tue, 25 Oct 2022 01:02:17 GMT
Connection: keep-alive
ocsp.godaddy.com/
200 OK 1.8 kB IP
Hash 68b0c7c03a472e89bdf8e42b936cea22
7ba6a9257f8691aa9696371d904a5b2c90dbb2f3
aafbf5bf2025670c7a109fabb7a177d73b2d6943135400956ad59289af909d39
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Tue, 25 Oct 2022 01:02:16 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19022
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Tue, 25 Oct 2022 00:17:22 GMT
Expires: Wed, 26 Oct 2022 00:17:22 GMT
ETag: "7ba6a9257f8691aa9696371d904a5b2c90dbb2f3"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
admoustache.go2affise.com/sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=33000477ecd454b021fb6a82250aea201ebad1025-202210-flb*5467509-4538f*M7158249055401803845*sl_5467509-4538f*b10de4e6b5b1e5a76de1ee3321cf00259fe8ac8d*797-403c551a*797
302 Found 0 B URL HTTP/2 admoustache.go2affise.com/sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=33000477ecd454b021fb6a82250aea201ebad1025-202210-flb*5467509-4538f*M7158249055401803845*sl_5467509-4538f*b10de4e6b5b1e5a76de1ee3321cf00259fe8ac8d*797-403c551a*797
IP
ASN #396982 GOOGLE-CLOUD-PLATFORM
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=33000477ecd454b021fb6a82250aea201ebad1025-202210-flb*5467509-4538f*M7158249055401803845*sl_5467509-4538f*b10de4e6b5b1e5a76de1ee3321cf00259fe8ac8d*797-403c551a*797 HTTP/1.1
Host: admoustache.go2affise.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: afclick=6357287703bb5200011197a0
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Tue, 25 Oct 2022 01:02:17 GMT
content-length: 0
location: https://myofferplus.com/rc/a91581ead4?affclick=6357359936ddae0001e35ced&pubid=503
set-cookie: afclick=6357359936ddae0001e35ced; expires=Wed, 25 Oct 2023 01:02:17 GMT; secure; SameSite=None
access-control-allow-origin: *
X-Firefox-Spdy: h2
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 23sgaMfT8jVD9bldIL8C5g==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: UfSnz1wresA971g+UVr9aLejiew=
firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expected=%221666659432946%22
200 OK 5.1 kB URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expected=%221666659432946%22
IP
File type JSON data\012- , ASCII text, with very long lines (21675), with no line terminators
Hash e13011ba916a10bd0dcf0cff95b1fcf5
04bd7e710497503f3b0048d4eb941eed9a41cb99
0771f041cdfe33337102c93b628572af39073a07892541a0bf8f83b82845d812
GET /v1/buckets/monitor/collections/changes/changeset?_expected=%221666659432946%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Backoff, Alert, Retry-After, Content-Length, Content-Type
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 25 Oct 2022 01:02:05 GMT
Expires: Tue, 25 Oct 2022 02:02:05 GMT
Last-Modified: Tue, 25 Oct 2022 00:57:12 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 5de23153ac267c206221751e1cccb6e8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Deg_69SJW7r2MyJOsxvB4yA4wxKj_xoeRNWM_L9tZjM1dWre7cgKgg==
Age: 12
ocsp.digicert.com/
200 OK 279 B IP
Hash 672d64a7b5c42fc4507e036a251f6ce7
8062cfba4b88abba6d50ca05339c5ba26cc19b69
213d597958d6d8bd116e4f94f6b9013a96885a0092a277d198ab1d326ff35802
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=100361
Content-Type: application/ocsp-response
Date: Tue, 25 Oct 2022 01:02:17 GMT
Etag: "63561aa2-117"
Expires: Wed, 26 Oct 2022 04:54:58 GMT
Last-Modified: Mon, 24 Oct 2022 04:54:58 GMT
Server: nginx
Content-Length: 279
ocsp.digicert.com/
200 OK 279 B IP
Hash 672d64a7b5c42fc4507e036a251f6ce7
8062cfba4b88abba6d50ca05339c5ba26cc19b69
213d597958d6d8bd116e4f94f6b9013a96885a0092a277d198ab1d326ff35802
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 0
Cache-Control: max-age=100361
Content-Type: application/ocsp-response
Date: Tue, 25 Oct 2022 01:02:17 GMT
Etag: "63561aa2-117"
Expires: Wed, 26 Oct 2022 04:54:58 GMT
Last-Modified: Mon, 24 Oct 2022 04:54:58 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 279
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 398e3c90084d7d71fc1e9fd833116f5f
3e202da5559a8f219144adee3639d063a98559c0
724547db3ed9f1779308e9dd6604664e6ffa3580ca076fbdc1dfb1b75591bba4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "724547DB3ED9F1779308E9DD6604664E6FFA3580CA076FBDC1DFB1B75591BBA4"
Last-Modified: Mon, 24 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6781
Expires: Tue, 25 Oct 2022 02:55:19 GMT
Date: Tue, 25 Oct 2022 01:02:18 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 398e3c90084d7d71fc1e9fd833116f5f
3e202da5559a8f219144adee3639d063a98559c0
724547db3ed9f1779308e9dd6604664e6ffa3580ca076fbdc1dfb1b75591bba4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "724547DB3ED9F1779308E9DD6604664E6FFA3580CA076FBDC1DFB1B75591BBA4"
Last-Modified: Mon, 24 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6781
Expires: Tue, 25 Oct 2022 02:55:19 GMT
Date: Tue, 25 Oct 2022 01:02:18 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 398e3c90084d7d71fc1e9fd833116f5f
3e202da5559a8f219144adee3639d063a98559c0
724547db3ed9f1779308e9dd6604664e6ffa3580ca076fbdc1dfb1b75591bba4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "724547DB3ED9F1779308E9DD6604664E6FFA3580CA076FBDC1DFB1B75591BBA4"
Last-Modified: Mon, 24 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6781
Expires: Tue, 25 Oct 2022 02:55:19 GMT
Date: Tue, 25 Oct 2022 01:02:18 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 398e3c90084d7d71fc1e9fd833116f5f
3e202da5559a8f219144adee3639d063a98559c0
724547db3ed9f1779308e9dd6604664e6ffa3580ca076fbdc1dfb1b75591bba4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "724547DB3ED9F1779308E9DD6604664E6FFA3580CA076FBDC1DFB1B75591BBA4"
Last-Modified: Mon, 24 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6781
Expires: Tue, 25 Oct 2022 02:55:19 GMT
Date: Tue, 25 Oct 2022 01:02:18 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf8cfe72-ca76-42ae-a95f-b33a2edb91b3.jpeg
200 OK 8.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf8cfe72-ca76-42ae-a95f-b33a2edb91b3.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 80bab61eeda285e378b86b3efc4f87f9
5c690531e195332c04092ce22e7bdcecccc3c9d5
0c4dec046835501b598b5165acd592c3baeb2d6e21b6ac5fd549e790a802cd02
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf8cfe72-ca76-42ae-a95f-b33a2edb91b3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7977
x-amzn-requestid: 3e217877-33a2-4efc-a21f-b75764a8ced9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ah3FWGRooAMFagw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63570555-2bc77cb653ef022b4aab7f71;Sampled=0
x-amzn-remapped-date: Mon, 24 Oct 2022 21:36:21 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: H9SrkX9dE_JU-7hTyxvpc7a2fQNo_WaeSxT5r3P63tu28yjFahtnXQ==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Mon, 24 Oct 2022 21:42:39 GMT
age: 11979
etag: "5c690531e195332c04092ce22e7bdcecccc3c9d5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 398e3c90084d7d71fc1e9fd833116f5f
3e202da5559a8f219144adee3639d063a98559c0
724547db3ed9f1779308e9dd6604664e6ffa3580ca076fbdc1dfb1b75591bba4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "724547DB3ED9F1779308E9DD6604664E6FFA3580CA076FBDC1DFB1B75591BBA4"
Last-Modified: Mon, 24 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6781
Expires: Tue, 25 Oct 2022 02:55:19 GMT
Date: Tue, 25 Oct 2022 01:02:18 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6d122f5c-ef0b-49a6-a68c-137a02ef7894.jpeg
200 OK 8.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6d122f5c-ef0b-49a6-a68c-137a02ef7894.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b3e41dda631c7f2ee5e664d43e48af31
5a8579a70d8791a19e0192995c46594e242e864d
c26bec6c4527220272777fe7b3209d8726c94105955ef15f05a584bae50ae719
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6d122f5c-ef0b-49a6-a68c-137a02ef7894.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8239
x-amzn-requestid: c37a1abe-9823-4181-a64f-5cc074cfdf2a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ah3OeGxOoAMFtJQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6357058f-10c7cfed331c043e00a600e0;Sampled=0
x-amzn-remapped-date: Mon, 24 Oct 2022 21:37:19 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: W3FmIxKlIU9N0kCfbiIqszSpbnmBk5gVmAOZ_w5e7a116zrKEeUpMw==
via: 1.1 2e20768704c71ff3ce2e677251d27f3c.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Mon, 24 Oct 2022 21:45:49 GMT
etag: "5a8579a70d8791a19e0192995c46594e242e864d"
content-type: image/jpeg
age: 11789
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F33fda234-9118-4b4b-86d9-02c36810eda5.jpeg
200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F33fda234-9118-4b4b-86d9-02c36810eda5.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b949df0edd9d64aa962e3bf4b267889e
3ef04f8c638dddf8bb8b70aae74770892307c814
e6c42bdd84bc9661c25a201599c29257b843d86d638ec479e7b5fa7bf81bc961
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F33fda234-9118-4b4b-86d9-02c36810eda5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11622
x-amzn-requestid: 2d6c3eb8-6a67-40bb-b970-a92caf783a4f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aYPSZFWpoAMFU1g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63532c0f-14a2cd9f68bda5a01a765a2d;Sampled=0
x-amzn-remapped-date: Fri, 21 Oct 2022 23:32:31 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: _AwDcPb8X7mPlOseeJZxw4kaQsR4d_HDyqEUM7I4RfurX2iDap87YA==
via: 1.1 7514e5e25722778fd4b1744d4ecc67e0.cloudfront.net (CloudFront), 1.1 1481cc55c02c3a782ad420b6bac2cb32.cloudfront.net (CloudFront), 1.1 google
date: Mon, 24 Oct 2022 04:01:00 GMT
age: 75678
etag: "3ef04f8c638dddf8bb8b70aae74770892307c814"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5d616770-e793-4da0-8ebe-826e806ececd.jpeg
200 OK 9.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5d616770-e793-4da0-8ebe-826e806ececd.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 89448f1a52030b28e9ecfcdc190787d4
5080ba75c230fd2b303f29a9b64868c6e8771df8
10a736997d441e274a54e9689c349d407087fef7aa7c0f4d0a7a603e446fdabd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5d616770-e793-4da0-8ebe-826e806ececd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9209
x-amzn-requestid: 94dad7b4-9c12-4bda-9202-3b7427185182
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aLiElGzEIAMFnOg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634e16e9-3c79cd392d5bc4312a730cda;Sampled=0
x-amzn-remapped-date: Tue, 18 Oct 2022 03:00:57 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: c5_B2RXKJx7FHrQvHdCG50zcDFWUqaaZu0GYuCxEI8fpK019dSlD3Q==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Mon, 24 Oct 2022 22:32:19 GMT
age: 8999
etag: "5080ba75c230fd2b303f29a9b64868c6e8771df8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F075a794f-9140-4676-afb2-493f44932cc3.jpeg
200 OK 4.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F075a794f-9140-4676-afb2-493f44932cc3.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3cf322f19151bcfa374c2e32b9ac986f
e8e69ac951def18bc1e03ecd4fe8a21d3b825b27
54ddfd1876f65e264b9b3209a0e805a3796013b4aacc8e9fd20b49754b4917a0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F075a794f-9140-4676-afb2-493f44932cc3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4206
x-amzn-requestid: 6b02f96a-ea03-4eff-acde-c73925260102
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ah3E3GPQoAMFpIA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63570552-77cf762d0e54f1f60efe52c3;Sampled=0
x-amzn-remapped-date: Mon, 24 Oct 2022 21:36:18 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: jcuTYNKiYp8BkDnzo34tidRVmcFlE_xDfPGGgrUKfR67IfwGjFxceA==
via: 1.1 fec77e486350d1bd33f526a760d8b5a4.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Mon, 24 Oct 2022 21:42:36 GMT
age: 11982
etag: "e8e69ac951def18bc1e03ecd4fe8a21d3b825b27"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4f6855f-9ed8-45f8-8210-2a1c3775084c.jpeg
200 OK 4.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4f6855f-9ed8-45f8-8210-2a1c3775084c.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3aeb6b1835d08c55cf42c944741534ed
2009d471c426326137be99f0becf8a04b51aae1f
368e0fc26b5cae86c8e3d4ea761a0cf8006853834b6c7d721b4ca53a0ced7bc0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4f6855f-9ed8-45f8-8210-2a1c3775084c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4461
x-amzn-requestid: 6a91b1ef-03ad-41a9-a7ef-79c9129773f8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Z7m1eEUsoAMFq2g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6347b822-19570e781713e88644149419;Sampled=0
x-amzn-remapped-date: Thu, 13 Oct 2022 07:02:58 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: TJ09hafmsoFCDjrsKTmSFovCGUOCAYUK8uge9nyoe6ZFdtAAjnDswQ==
via: 1.1 ca66331b52971370c4e54619e8a952cc.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Mon, 24 Oct 2022 21:57:04 GMT
age: 11114
etag: "2009d471c426326137be99f0becf8a04b51aae1f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
139.59.49.76/34363?click=pub325f89aa61004ef58becb9905b67d697&pubid=f31e77b4
302 Found 226 B URL HTTP/1.1 139.59.49.76/34363?click=pub325f89aa61004ef58becb9905b67d697&pubid=f31e77b4
IP
ASN #14061 DIGITALOCEAN-ASN
File type HTML document, ASCII text, with no line terminators
Hash cf36a274a8d7dba35651d15ee5c87368
b32eec74d912260b17e63a7c2d5d156c2881fc1b
5fa0f45c8ac8ef75b2ad0224d921083790a5771503430612882d94dfd3249a9d
GET /34363?click=pub325f89aa61004ef58becb9905b67d697&pubid=f31e77b4 HTTP/1.1
Host: 139.59.49.76
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
x-powered-by: Express
surrogate-control: no-store
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
pragma: no-cache
expires: 0
location: https://surf.ueive.com/rc/736006a179?affclick=22J25063218A034363012829MuX99&pubid=34363
vary: Accept, Accept-Encoding
content-type: text/html; charset=utf-8
content-length: 226
date: Tue, 25 Oct 2022 01:02:18 GMT
ocsp.digicert.com/
200 OK 279 B IP
Hash 2b506f3d5f69aabdf75085b4faf1b9fd
75c28277ba019f2ef00af904c3dee1a7292d55ba
9188c143f53c6dc33963a3f749728494bf43fcef6d21a03710d1cb9cb8b6cd4a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=124812
Content-Type: application/ocsp-response
Date: Tue, 25 Oct 2022 01:02:19 GMT
Etag: "63567a27-117"
Expires: Wed, 26 Oct 2022 11:42:31 GMT
Last-Modified: Mon, 24 Oct 2022 11:42:31 GMT
Server: nginx
Content-Length: 279
surf.ueive.com/rc/736006a179?affclick=22J25063218A034363012829MuX99&pubid=34363
200 OK 1.5 kB URL HTTP/2 surf.ueive.com/rc/736006a179?affclick=22J25063218A034363012829MuX99&pubid=34363
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1531)
Hash c9b1c4cc1892153c41b93801b80da7e3
40594f5746856339ac5e57b41c3a116da9797fd7
1006ffe60328ecd9b6196ee9752a897b7b3f94ffcd302c2cdb02b80fc8cdf848
GET /rc/736006a179?affclick=22J25063218A034363012829MuX99&pubid=34363 HTTP/1.1
Host: surf.ueive.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 25 Oct 2022 01:02:19 GMT
content-type: text/html; charset=utf-8
set-cookie: AWSALB=Ny1hizSQ+6IF2PoVaDDXN4W0U3KjlkLw+sSD680u6gFXMHEWMSvxSOm/3s26TaVw2Tn/AI/h9WBWvcdUw8XI/ome3ed4TvmPtHL1jpftqlt8hHjYKFWFyKyx553o; Expires=Tue, 01 Nov 2022 01:02:19 GMT; Path=/
AWSALBCORS=Ny1hizSQ+6IF2PoVaDDXN4W0U3KjlkLw+sSD680u6gFXMHEWMSvxSOm/3s26TaVw2Tn/AI/h9WBWvcdUw8XI/ome3ed4TvmPtHL1jpftqlt8hHjYKFWFyKyx553o; Expires=Tue, 01 Nov 2022 01:02:19 GMT; Path=/; SameSite=None
vary: Accept-Encoding, Accept-Language, Cookie
content-language: en
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5VbCoUuAPdbJHJrf3rc8KJ1vorWhKdKOF4stBy8LsdloaI95Xmtt8%2BTiCGYLuruyHGBkgq%2BUcMsQfiLUt9wO8LktzF4psWuTdIquzIne%2BuQ6OYE10Qb93GW%2BaySDX8wifw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75f706a9794eb4e8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 279 B IP
Hash 672d64a7b5c42fc4507e036a251f6ce7
8062cfba4b88abba6d50ca05339c5ba26cc19b69
213d597958d6d8bd116e4f94f6b9013a96885a0092a277d198ab1d326ff35802
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2
Cache-Control: max-age=100361
Content-Type: application/ocsp-response
Date: Tue, 25 Oct 2022 01:02:19 GMT
Etag: "63561aa2-117"
Expires: Wed, 26 Oct 2022 04:55:00 GMT
Last-Modified: Mon, 24 Oct 2022 04:54:58 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
200 OK 312 B IP
Hash 601f6076563087266fcb94357da3aadf
3b40de129d0098a3f10912a95a9581a904d8285b
40a5194958ffe0b143487572f5d3bd6aeae6bced7df34f45091001ff926a8078
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4463
Cache-Control: max-age=169287
Content-Type: application/ocsp-response
Date: Tue, 25 Oct 2022 01:02:20 GMT
Etag: "63571674-138"
Expires: Thu, 27 Oct 2022 00:03:47 GMT
Last-Modified: Mon, 24 Oct 2022 22:49:24 GMT
Server: ECS (amb/6B99)
X-Cache: HIT
Content-Length: 312
aditmedia.g2afse.com/click?pid=930&offer_id=18720&sub1=pub84c1bbc91a10401d995ac0c554d61eb9&sub2=11213b3c_34363
302 Found 0 B URL HTTP/2 aditmedia.g2afse.com/click?pid=930&offer_id=18720&sub1=pub84c1bbc91a10401d995ac0c554d61eb9&sub2=11213b3c_34363
IP
ASN #396982 GOOGLE-CLOUD-PLATFORM
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?pid=930&offer_id=18720&sub1=pub84c1bbc91a10401d995ac0c554d61eb9&sub2=11213b3c_34363 HTTP/1.1
Host: aditmedia.g2afse.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://surf.ueive.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Tue, 25 Oct 2022 01:02:20 GMT
content-length: 0
location: https://ad.marootrack.co/?utm_medium=56350e907b27b4e99d4ce73cf6c4424f6399e01a&utm_campaign=NewMainLink&1=930_11213b3c_34363&cid=6357359c78bf7b0001f319a1
set-cookie: afclick=6357359c78bf7b0001f319a1; expires=Wed, 25 Oct 2023 01:02:20 GMT; secure; SameSite=None
afoffers={"18720":1666659740}; expires=Wed, 25 Oct 2023 01:02:20 GMT; secure; SameSite=None
access-control-allow-origin: *
X-Firefox-Spdy: h2
ad.marootrack.co/?utm_medium=56350e907b27b4e99d4ce73cf6c4424f6399e01a&utm_campaign=NewMainLink&1=930_11213b3c_34363&cid=6357359c78bf7b0001f319a1
200 OK 2.6 kB URL HTTP/2 ad.marootrack.co/?utm_medium=56350e907b27b4e99d4ce73cf6c4424f6399e01a&utm_campaign=NewMainLink&1=930_11213b3c_34363&cid=6357359c78bf7b0001f319a1
IP
Hash d7ccbda09e1663bca5f58d1972f6b8a8
c919f97a47d232498a5f7d2605ea31432cf122c1
9e250fdd636c6b93890d491454c5958e29fa37a125eb12b4dc361a28d6f128a5
GET /?utm_medium=56350e907b27b4e99d4ce73cf6c4424f6399e01a&utm_campaign=NewMainLink&1=930_11213b3c_34363&cid=6357359c78bf7b0001f319a1 HTTP/1.1
Host: ad.marootrack.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://surf.ueive.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 25 Oct 2022 01:02:21 GMT
content-type: text/html; charset=UTF-8
location: https://ad.marootrack.co/?utm_term=7158249081171607588&ver=4viyaptcjo
vary: Accept-Encoding
x-powered-by: PHP/8.1.9
cache-control: no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
set-cookie: u=48643e98d91650087919b4576e3c4cc5; expires=Wed, 25-Oct-2023 01:02:21 GMT; Max-Age=31536000; path=/
strict-transport-security: max-age=31536000; includeSubdomains;
content-encoding: gzip
X-Firefox-Spdy: h2
ad.marootrack.co/sw.js?v=1666659740353
200 OK 776 B URL HTTP/2 ad.marootrack.co/sw.js?v=1666659740353
IP
Hash f72a11763f13b05c1f2379d13387dd05
002fbf7672d3f4655b89b6413d160e4185ce9900
70d744bbd19a0cc35c8d9f1d8ba181c6cdc902f95799ac750da4adc3ad987b11
Analyzer Verdict Alert fortinet Malware
GET /sw.js?v=1666659740353 HTTP/1.1
Host: ad.marootrack.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: u=48643e98d91650087919b4576e3c4cc5
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 25 Oct 2022 01:02:22 GMT
content-type: application/javascript
content-length: 776
last-modified: Mon, 03 Oct 2022 07:40:54 GMT
vary: Accept-Encoding
etag: "633a9206-308"
content-encoding: gzip
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline';
X-Firefox-Spdy: h2
ad.marootrack.co/proc.php?78a68ba69217ecf900f32e8c300954e15394eef3
200 OK 747 kB URL HTTP/2 ad.marootrack.co/proc.php?78a68ba69217ecf900f32e8c300954e15394eef3
IP
Size 747 kB (747208 bytes)
Hash 13f8ee11eb7f8571aeb0944e25e21298
56f3cadb25dd2919a0e55be8a50a36938fee30a9
941cdbab84cf86f1f739291ffafa1fd7b5b201bbf9b9ae498e1510d626a4b3b1
Analyzer Verdict Alert fortinet Malware
GET /proc.php?78a68ba69217ecf900f32e8c300954e15394eef3 HTTP/1.1
Host: ad.marootrack.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ad.marootrack.co/?utm_term=7158249081171607588&ver=4viyaptcjo&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b84
Cookie: u=48643e98d91650087919b4576e3c4cc5
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 25 Oct 2022 01:02:22 GMT
content-type: text/html; charset=UTF-8
location: https://d0zi.com/go.php?ad=6pvgwjuc578zbpcgxykd&sid=M7158249081171607588&pub=20961&pid=20961-37eddb7e-d856e882&c=0&app=unknown&br=Firefox&os=[[os]]&d=Mozilla+Firefox&ca=NO+WiFi&a=0
vary: Accept-Encoding
x-powered-by: PHP/8.1.9
cache-control: no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubdomains;
content-encoding: gzip
X-Firefox-Spdy: h2
d0zi.com/favicon.ico
200 OK 20 B IP
ASN #24940 Hetzner Online GmbH
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /favicon.ico HTTP/1.1
Host: d0zi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://d0zi.com/go.php?ad=6pvgwjuc578zbpcgxykd&sid=M7158249081171607588&pub=20961&pid=20961-37eddb7e-d856e882&c=0&app=unknown&br=Firefox&os=[[os]]&d=Mozilla+Firefox&ca=NO+WiFi&a=0&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b84
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Tue, 25 Oct 2022 01:02:22 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
ad.marootrack.co/sw.js?v=1666659740353
304 Not Modified 0 B URL HTTP/2 ad.marootrack.co/sw.js?v=1666659740353
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET /sw.js?v=1666659740353 HTTP/1.1
Host: ad.marootrack.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: u=48643e98d91650087919b4576e3c4cc5
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
If-Modified-Since: Mon, 03 Oct 2022 07:40:54 GMT
If-None-Match: "633a9206-308"
Cache-Control: max-age=0
TE: trailers
HTTP/2 304 Not Modified
server: nginx
date: Tue, 25 Oct 2022 01:02:23 GMT
last-modified: Mon, 03 Oct 2022 07:40:54 GMT
vary: Accept-Encoding
etag: "633a9206-308"
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline';
X-Firefox-Spdy: h2
ad.marootrack.co/?utm_term=7158249081171607588&ver=4viyaptcjo&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b84
200 OK 0 B URL HTTP/2 ad.marootrack.co/?utm_term=7158249081171607588&ver=4viyaptcjo&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b84
IP
GET /?utm_term=7158249081171607588&ver=4viyaptcjo&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b84 HTTP/1.1
Host: ad.marootrack.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ad.marootrack.co/?utm_medium=56350e907b27b4e99d4ce73cf6c4424f6399e01a&utm_campaign=NewMainLink&1=930_11213b3c_34363&cid=6357359c78bf7b0001f319a1
Cookie: u=48643e98d91650087919b4576e3c4cc5
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 25 Oct 2022 01:02:21 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
x-powered-by: PHP/8.1.9
cache-control: no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubdomains;
content-encoding: gzip
X-Firefox-Spdy: h2
myofferplus.com/rc/a91581ead4?affclick=6357359936ddae0001e35ced&pubid=503
200 OK 0 B URL HTTP/2 myofferplus.com/rc/a91581ead4?affclick=6357359936ddae0001e35ced&pubid=503
IP
GET /rc/a91581ead4?affclick=6357359936ddae0001e35ced&pubid=503 HTTP/1.1
Host: myofferplus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 25 Oct 2022 01:02:17 GMT
content-type: text/html; charset=utf-8
set-cookie: AWSALB=aqZXldXkliXZwjufLxVEBAVwG+pvhfO4hQ/NBPtgkri6kGsc2m9Cu/8qgdVLuGqEWKifBBACcrfurtMuUY3RqH+H1csd00gB9u0OuIwOoIrJx+KSC3MXOmT9UtGG; Expires=Tue, 01 Nov 2022 01:02:17 GMT; Path=/
AWSALBCORS=aqZXldXkliXZwjufLxVEBAVwG+pvhfO4hQ/NBPtgkri6kGsc2m9Cu/8qgdVLuGqEWKifBBACcrfurtMuUY3RqH+H1csd00gB9u0OuIwOoIrJx+KSC3MXOmT9UtGG; Expires=Tue, 01 Nov 2022 01:02:17 GMT; Path=/; SameSite=None
vary: Accept-Encoding, Accept-Language, Cookie
content-language: en
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vGLPR%2BdE3sWFu5Mza8XhCzpgye5Uk7otv%2BnSJ7eriaRc5MuyRoXFaBiRt4S%2F7veJSKtOQYN6lrfcsAFkx38GJQlpO4vU7qy2ljJtbN%2F8BYBPDI%2B5z5D1mHu0k2v4oR%2FjmMo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75f7069f1ab5b4f4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.addlnk.com/redirect.css
200 OK 0 B URL HTTP/2 cdn.addlnk.com/redirect.css
IP
GET /redirect.css HTTP/1.1
Host: cdn.addlnk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://myofferplus.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 25 Oct 2022 01:02:17 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=1680
etag: W/"3ae56d32551602b41f9046c14d1cfde2"
last-modified: Wed, 13 Mar 2019 00:03:12 GMT
x-amz-id-2: BUW6rlWHZvzQnvJHp4gBkVRIGc8DfdhWdOpgruWqMqu7ownlHIapox/IYSueiBqz+QseNtzP+2A=
x-amz-request-id: KYXF7EGSHW20KRRM
cf-cache-status: HIT
age: 272
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FFGyUzvVViTX8uzmEa7g8gprgRjlR6DD1ZI%2FvTDphBzhGRiXZSRnlIX3prTvHOzaHkwDeNqfbNFbuKhAiD%2FmAGIzlOZSV%2Bv9Z9Y9qmFDeYa5uoVo1soAvjoQOnSGCSX6kg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75f706a0c8cbb515-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.addlnk.com/redirect.css
200 OK 0 B URL HTTP/2 cdn.addlnk.com/redirect.css
IP
GET /redirect.css HTTP/1.1
Host: cdn.addlnk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://surf.ueive.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 25 Oct 2022 01:02:19 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=1680
etag: W/"3ae56d32551602b41f9046c14d1cfde2"
last-modified: Wed, 13 Mar 2019 00:03:12 GMT
x-amz-id-2: BUW6rlWHZvzQnvJHp4gBkVRIGc8DfdhWdOpgruWqMqu7ownlHIapox/IYSueiBqz+QseNtzP+2A=
x-amz-request-id: KYXF7EGSHW20KRRM
cf-cache-status: HIT
age: 274
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1pOjOtikFrR5xc6iOq4MzaaAH%2B0IsP8tGMRwgsKFLu78Mt%2FEH7QCjTcQ2M9lMStAyEe97yDSYF9szwmTjgb8nwAAzlQ5LDrb9gXXNkwu17v4TD%2Fi7rM7shxxpplCq8DajQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75f706aad9c8b4e8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
198.143.165.221
23.36.77.32
34.141.179.97
51.68.85.158
93.184.220.29
139.59.49.76
104.21.24.76
162.55.4.52