1d6cf4c4442.trfcompny.com/
200 OK 416 B URL HTTP/1.1 1d6cf4c4442.trfcompny.com/
IP
File type HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (312)
Hash 0bdce30a97edf7bede4e2ebd77bebf73
73fce71289328d179ccbd2c32371db3db784f77e
2901d84691937651e78cb7385d6087ae097bf1f3fa2da0d7c1faa54cdad2752a
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: 1d6cf4c4442.trfcompny.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 07:33:35 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Vary: Accept-Encoding
Set-Cookie: rts-trck=1; expires=Tue, 06-Dec-2022 07:43:35 GMT; Max-Age=600; path=/; domain=1d6cf4c4442.trfcompny.com
t-uuid=5x5b2h5ol4ahxc04t942s48cg; expires=Mon, 06-Dec-2032 07:33:35 GMT; Max-Age=315619200; path=/; domain=.trfcompny.com
rts-trck=1; expires=Tue, 06-Dec-2022 07:43:35 GMT; Max-Age=600; path=/; domain=1d6cf4c4442.trfcompny.com
traffic-back=ok; expires=Tue, 06-Dec-2022 07:34:05 GMT; Max-Age=30; path=/; domain=.trfcompny.com
Last-Modified: Tue, 6 Dec 2022 07:33:35 GMT
Expires: Tue, 6 Dec 2022 07:33:35 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
X-Robots-Tag: noindex, nofollow
Content-Encoding: gzip
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash cfec3d7283a9b66d2be426ce54d210f3
808c1feb1ba918951d1928c1f6bfc0c253262774
1bad6c06aa3e88dcbc125fc98a6cb753eb2b18d2c8dd61da21d12209aeeda3f9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1BAD6C06AA3E88DCBC125FC98A6CB753EB2B18D2C8DD61DA21D12209AEEDA3F9"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3027
Expires: Tue, 06 Dec 2022 08:24:02 GMT
Date: Tue, 06 Dec 2022 07:33:35 GMT
Connection: keep-alive
ocsp.digicert.com/
200 OK 471 B IP
Hash ee088fab9b287e174cfd1f2c735a909f
25c3335b514a36ad1a24d00413d60c3d394f5161
494e96358ff12366213d7cc0f9197648c6c62ec14fa0d2c78732a683fa26b192
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1897
Cache-Control: max-age=98961
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 07:33:35 GMT
Etag: "638dc877-1d7"
Expires: Wed, 07 Dec 2022 11:02:56 GMT
Last-Modified: Mon, 05 Dec 2022 10:31:19 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 06 Dec 2022 07:18:37 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 898
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 1ea206ac3c440825741687351f8c6e4e
2f38dafd8c43dcce2411a0590bc5c02cd6286735
7d7232c8c91bcd18161ba2c9d23e3bff159604e058bd5b3fc1c7fcbcd03a7ee3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D7232C8C91BCD18161BA2C9D23E3BFF159604E058BD5B3FC1C7FCBCD03A7EE3"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3106
Expires: Tue, 06 Dec 2022 08:25:21 GMT
Date: Tue, 06 Dec 2022 07:33:35 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: WNLYXJD29EsxBcgMGgfS5zlMPSJKhcsuyDfQpe236SAefh87NVN44cUwQziTMQzK+HAC6hpEpcg=
x-amz-request-id: AAPDYBRFPA25DJEK
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 06 Dec 2022 06:47:00 GMT
age: 2795
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 06 Dec 2022 07:33:35 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
brko.admobe.com/gsdagsdag/gsdagasd/?utm_source=1080&utm_campaign=11211032&clck=5x5b2h5od9ftnxx7kupkwcoso,16543791,5,&sid=
302 Moved Temporarily 142 B URL HTTP/1.1 brko.admobe.com/gsdagsdag/gsdagasd/?utm_source=1080&utm_campaign=11211032&clck=5x5b2h5od9ftnxx7kupkwcoso,16543791,5,&sid=
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 82c98e8e012b79c922655461171cc2fa
0828d79135573276005b04be42d79a8a3291292b
745173bcc5c57ce9751dd019606e877e0aae13b60372fdb090f3db0470c3a43c
GET /gsdagsdag/gsdagasd/?utm_source=1080&utm_campaign=11211032&clck=5x5b2h5od9ftnxx7kupkwcoso,16543791,5,&sid= HTTP/1.1
Host: brko.admobe.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
Date: Tue, 06 Dec 2022 07:33:35 GMT
Content-Type: text/html
Content-Length: 142
Connection: keep-alive
Location: https://setupswiftmostinfo-file.info/Da38kv0ShlCwC9_AlbXcpPpttCKAQutKGlpEWghJGJc?clck=5x5b2h5od9ftnxx7kupkwcoso,16543791,5,&sid=
Access-Control-Allow-Origin: *
Server: nginx
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 06 Dec 2022 07:08:58 GMT
cache-control: public,max-age=3600
age: 1478
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash 2b9d6a686aa3c4ea24568425e43a5221
d53bb4c9579bd1db78a0520619e888aec79f750f
c38734a8dbe51217d73896c0bf7f5c38c107fd79e0dee24b717f130377e9b5f7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1877
Cache-Control: max-age=93873
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 07:33:36 GMT
Etag: "638db4ac-1d7"
Expires: Wed, 07 Dec 2022 09:38:09 GMT
Last-Modified: Mon, 05 Dec 2022 09:06:52 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: izJByCDp9kb4XugZRgPV8Q==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: ndk4kwV63g0s4ZlRulXGpVs/EGo=
setupswiftmostinfo-file.info/Da38kv0ShlCwC9_AlbXcpPpttCKAQutKGlpEWghJGJc?clck=5x5b2h5od9ftnxx7kupkwcoso,16543791,5,&sid=
302 Moved Temporarily 142 B URL HTTP/1.1 setupswiftmostinfo-file.info/Da38kv0ShlCwC9_AlbXcpPpttCKAQutKGlpEWghJGJc?clck=5x5b2h5od9ftnxx7kupkwcoso,16543791,5,&sid=
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 82c98e8e012b79c922655461171cc2fa
0828d79135573276005b04be42d79a8a3291292b
745173bcc5c57ce9751dd019606e877e0aae13b60372fdb090f3db0470c3a43c
GET /Da38kv0ShlCwC9_AlbXcpPpttCKAQutKGlpEWghJGJc?clck=5x5b2h5od9ftnxx7kupkwcoso,16543791,5,&sid= HTTP/1.1
Host: setupswiftmostinfo-file.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
Date: Tue, 06 Dec 2022 07:33:36 GMT
Content-Type: text/html
Content-Length: 142
Connection: keep-alive
Set-Cookie: session=ztv2Z5T17BmEoyW8bpFsSp6CtkFLpRBX
Access-Control-Allow-Origin: *
Location: https://track.gositego.live/click?pid=3664&offer_id=17742&sub1=ztv2Z5T17BmEoyW8bpFsSp6CtkFLpRBX&sub2=
Server: nginx
ocsp.sectigo.com/
200 OK 471 B IP
Hash 76cd00e5dbb3ac432497e702991073c2
68d1f6e7f263b82712fa56f963495d8da98e74e7
123881f4d5f0309461b5ed83a23074cf8a9f77410ab3c88abb98af3817ff3c5d
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 07:33:36 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 03 Dec 2022 15:34:04 GMT
Expires: Sat, 10 Dec 2022 15:34:03 GMT
Etag: "68d1f6e7f263b82712fa56f963495d8da98e74e7"
Cache-Control: max-age=373826,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77535599597e0afe-OSL
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 5dee8b9f94b38b70c88b6d1054b9d0bb
cb049ef80c4820c7bd51b81a62df94adb58da499
11f46500d95d9d9ce322decdc0086572cbfb298480ef779fa145858437a81503
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "11F46500D95D9D9CE322DECDC0086572CBFB298480EF779FA145858437A81503"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7185
Expires: Tue, 06 Dec 2022 09:33:22 GMT
Date: Tue, 06 Dec 2022 07:33:37 GMT
Connection: keep-alive
startd0wnload22x.com/GcrKe5df719a4160df814a97c81d2d8cf908b45f4a921?q=&s1=3664_&s3=638ef050386c0f000152e99c
200 OK 7.5 kB URL HTTP/1.1 startd0wnload22x.com/GcrKe5df719a4160df814a97c81d2d8cf908b45f4a921?q=&s1=3664_&s3=638ef050386c0f000152e99c
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (7467), with no line terminators
Hash bf84aed5f030656fa40698a5e1d39a18
741de92c78f9b816b4a32c32f2996dfe32444fc9
d96041c15fa5c4598cd4b03c074a36c04099eeeee92e82ca05076c759c4014ff
GET /GcrKe5df719a4160df814a97c81d2d8cf908b45f4a921?q=&s1=3664_&s3=638ef050386c0f000152e99c HTTP/1.1
Host: startd0wnload22x.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Dec 2022 07:33:37 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: bd_context=NsjV40LBaDiXnVHkr7C7rQbIBd+t8l5/pTySY8Cpo7DYjTCX+VZB8aeRYGUHqs0piP/B6XVusGsgxaoEAU/VWvdecN618k3yKsEJwVTWhB7sgV6yHOtEMKhaUVnTf01FBHGSGRi2U7kvW1n9MTRK9gWK5QawPyMi7NGnH7PAajnUrEFouaW/VE0R/Vg97ZmVgBprVcyT0a+WRkiL0ynYuBfaZjx4E6oSGC+sxhR+5//W5IK/1qcZmhxIIrZgI5a4rDloTW1DyQbDZ3Hq2XYyeOOkC+etXr1mpjLbrEI/XxpfP/h2dbrHRA9WzXObh6Pb1eWjzv4/Mdp5j5i6vY4nEHjN; Expires=Wed, 06 Dec 2023 07:33:37 GMT
youfilesgoo.com//file.zip?c=AFHwjmOsJwUA_koCAE5PFwAMAMso5DgA
200 OK 1.1 kB URL HTTP/1.1 youfilesgoo.com//file.zip?c=AFHwjmOsJwUA_koCAE5PFwAMAMso5DgA
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text
Hash 68a1d3c2e70bfc2d0dc829500e4764f2
dd93fce23e725a56f0b4e9b8edf73353ccfa0125
e5af82adeda99d632af038e39d6815dcaa764e1419fcc0442a69b3b8c896e4c8
GET //file.zip?c=AFHwjmOsJwUA_koCAE5PFwAMAMso5DgA HTTP/1.1
Host: youfilesgoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: https://startd0wnload22x.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 07:33:37 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/8.1.2
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Last-Modified: Tue, 06 Dec 2022 07:33:37 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dNNhKxqqnNLr0Tvf5NWedDmD%2BrE5kuzPHgYx3pjwP%2BVhIIQfggJRlRBTOTi6loupfs8xk5sqzkRQlGRxkJaKbfhbdvfNpNnyHfrzQLW4QgXv33RcjYVtdPHWB8%2FiFkG0zXs%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7753559b9d21b509-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
youfilesgoo.com//css/style.css
200 OK 1.1 kB URL HTTP/1.1 youfilesgoo.com//css/style.css
IP
File type assembler source, ASCII text, with CRLF line terminators
Hash 18524b283efeaee9d6e21940ae95b421
aaada3a0d29e0e880874853074544a4b35ad5934
9e806588498fd54a94cef2b1a2a8baf8686fdf413321b73b8873633b72b961a7
GET //css/style.css HTTP/1.1
Host: youfilesgoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youfilesgoo.com//file.zip?c=AFHwjmOsJwUA_koCAE5PFwAMAMso5DgA
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 07:33:37 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 14 Feb 2022 07:57:28 GMT
ETag: W/"10b8-5d7f5c48baa00"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 6042
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2uwRHtzPdgsIAb7EtN59PQIWDLKI5xgndsN61KtB1QmO1YaJ5FkX0XVHHckWLkkZT19a1GGgrpMBZf4v1wb3rmb4zJ2NZDMKBlORzfZnvYC2IOOeLYAUflr6ttSZhhirzg4%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7753559c5de1b509-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
youfilesgoo.com//images/download-folder.png
200 OK 5.7 kB URL HTTP/1.1 youfilesgoo.com//images/download-folder.png
IP
File type PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced\012- data
Hash 68f631e56ff091c1902b8a4cab8b7996
12867aba34feac204de98e0950f5eca8491eee4f
135dcfb9e9064b7d814d706dd0b66ab144a8bb9c86202ab8de2c939abd65b971
GET //images/download-folder.png HTTP/1.1
Host: youfilesgoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youfilesgoo.com//file.zip?c=AFHwjmOsJwUA_koCAE5PFwAMAMso5DgA
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 07:33:37 GMT
Content-Type: image/png
Content-Length: 5691
Connection: keep-alive
Last-Modified: Mon, 14 Feb 2022 07:57:48 GMT
ETag: "163b-5d7f5c5bcd700"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 6042
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ol9seSfH8GDCWtFf0v7AhCYBceZT0q6rQ2TTqB6xM0%2Fjb9urerhZ5k9%2FcYJXPfbXLYA7OdaH0auCT%2F45D7atkuvVnm0FdAiO70F9eNrOXpMXoRItTtJJBlRfMuTdESF5Ho4%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7753559c68e6b523-OSL
alt-svc: h2=":443"; ma=60
youfilesgoo.com//images/notice.png
200 OK 506 B URL HTTP/1.1 youfilesgoo.com//images/notice.png
IP
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash 2870d9c12efa9c8c89af302a5c7a39c9
5a7b45305a7aec5f017db9dd30af2438f55e56a3
9e91f8ed13f0595d537d267ccb06c4b490bb47b2d9a6c19e759996cf8c40c2f3
GET //images/notice.png HTTP/1.1
Host: youfilesgoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youfilesgoo.com//css/style.css
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 07:33:37 GMT
Content-Type: image/png
Content-Length: 506
Connection: keep-alive
Last-Modified: Mon, 14 Feb 2022 07:57:48 GMT
ETag: "1fa-5d7f5c5bcd700"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 6042
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Mgh40mkXP6ZjcqkHeIW7QlGsNwFulNRX6VRD3JcprDba%2FaiQnKkNak1tvf1rLXb2IE8GPX6NKGGb7P0ap7AtL87500F2FIE3XWyms0JarEUhn8CjyuI3HFYKPQB57ZnuPGs%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7753559c6e05b509-OSL
alt-svc: h2=":443"; ma=60
youfilesgoo.com//images/arrow_down.png
200 OK 231 B URL HTTP/1.1 youfilesgoo.com//images/arrow_down.png
IP
File type PNG image data, 12 x 15, 8-bit/color RGBA, non-interlaced\012- data
Hash 94500ba250e21c5c350122c58ccf2b7e
671453009551e533af7cae30ae8417e13cbfe1d5
d7ce4e936c79d655fd04ba907781443c41619434d0f917544bdac7a17890c003
GET //images/arrow_down.png HTTP/1.1
Host: youfilesgoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youfilesgoo.com//css/style.css
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 07:33:37 GMT
Content-Type: image/png
Content-Length: 231
Connection: keep-alive
Last-Modified: Mon, 14 Feb 2022 07:57:48 GMT
ETag: "e7-5d7f5c5bcd700"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 6042
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3JA6jUWRUaDOukDHHAxAwWQLjXV39kLnG2Foz%2BgnSEo3egwJ%2BWTzfLZQwuYtNDQBFZn%2B4HrcFuQhdrYiNrM1kO1PMKFHjw0cqWk1%2F%2BFzGaHHiRDpXyFiUZCZtKoY1iaKw2o%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7753559c7bdb0afe-OSL
alt-svc: h2=":443"; ma=60
youfilesgoo.com//images/arrow_success.png
200 OK 219 B URL HTTP/1.1 youfilesgoo.com//images/arrow_success.png
IP
File type PNG image data, 14 x 11, 8-bit/color RGBA, non-interlaced\012- data
Hash 31edade9f266b91c8b97c9310df48f2c
37de1d83f2700d38e0a07a8f00cce67257eaf896
2b735b26d986fc888a6e69e9d46207919b3b0afbd47a6c50bc96a1af296c5d23
GET //images/arrow_success.png HTTP/1.1
Host: youfilesgoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youfilesgoo.com//css/style.css
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 07:33:37 GMT
Content-Type: image/png
Content-Length: 219
Connection: keep-alive
Last-Modified: Mon, 14 Feb 2022 07:57:48 GMT
ETag: "db-5d7f5c5bcd700"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 6042
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KOUjznV7LYS16KYK9LdcTvS1pCLAI2cRsK%2FS%2B7mtv1zfo30YQ9yThtNdvO%2FCfjvvsULuX12jjIZqStSrLypdq4xmYuHwXW5UraCP1PUIbNAC676knTo1d0zsYF8hBq6YXVM%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7753559c7f58b521-OSL
alt-svc: h2=":443"; ma=60
youfilesgoo.com//images/copy.png
200 OK 330 B URL HTTP/1.1 youfilesgoo.com//images/copy.png
IP
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash de201525f4d6d9ba71909bc2e895e0ea
b2dac113bf6613c6d0f12d7dbb6bb78d1dcbe3ef
b7a65ef153ded729c376d3767246e740b41251b281e0a0243b996c2ac1cd1353
GET //images/copy.png HTTP/1.1
Host: youfilesgoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youfilesgoo.com//css/style.css
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 07:33:37 GMT
Content-Type: image/png
Content-Length: 330
Connection: keep-alive
Last-Modified: Mon, 14 Feb 2022 07:57:48 GMT
ETag: "14a-5d7f5c5bcd700"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 6042
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pasA%2FFv2zB%2BredX6U1iJkM2qto%2FnZRAcL%2FPA2NwZScaQGDP%2BpMwcHolFltNWfrTYtmNpZdYw1pD6IWx2OcCIJVBb2lg%2BdheFWYCOT2laWCAlz%2Fh4MDcCgvYETnXmfizmytM%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7753559c7f54b521-OSL
alt-svc: h2=":443"; ma=60
youfilesgoo.com/favicon.ico
404 Not Found 250 B URL HTTP/1.1 youfilesgoo.com/favicon.ico
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 814ee8dd139c403a99d9088938ecac4c
34566f477fd0fa77dd044362f6f1b57e74016cd2
451e46a0e56bb76226446539f6e5edf53ddc4e22ec37f99b3fbbc8e02759416a
GET /favicon.ico HTTP/1.1
Host: youfilesgoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youfilesgoo.com//file.zip?c=AFHwjmOsJwUA_koCAE5PFwAMAMso5DgA
HTTP/1.1 404 Not Found
Date: Tue, 06 Dec 2022 07:33:37 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9RRljkGCMEqux1Diu%2BD59loBQ3LQxKzkaBIiNr96Y4KqpLk%2FkopUhrfoGbUhuspA0GzQxpfYF%2B7WzE6BtDvR1N2qoa7Yd%2FpQG2AcxUrd38p%2FH4RkwAlHDjsMfjSMgHObHn0%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7753559c9916b523-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3133
Expires: Tue, 06 Dec 2022 08:25:50 GMT
Date: Tue, 06 Dec 2022 07:33:37 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3133
Expires: Tue, 06 Dec 2022 08:25:50 GMT
Date: Tue, 06 Dec 2022 07:33:37 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3133
Expires: Tue, 06 Dec 2022 08:25:50 GMT
Date: Tue, 06 Dec 2022 07:33:37 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3133
Expires: Tue, 06 Dec 2022 08:25:50 GMT
Date: Tue, 06 Dec 2022 07:33:37 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3133
Expires: Tue, 06 Dec 2022 08:25:50 GMT
Date: Tue, 06 Dec 2022 07:33:37 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F42536ef2-6e40-4541-ac60-0ff74058daa7.png
200 OK 16 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F42536ef2-6e40-4541-ac60-0ff74058daa7.png
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b5e953213b7b13b8ee202406147fac52
67a09d8cd23ed444667b225f7fbf4bb17b9f42dd
cf6b2502f0a992148f9401c16a329cae5a6c21fb81f03131f3e69c58bc608110
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F42536ef2-6e40-4541-ac60-0ff74058daa7.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 15732
x-amzn-requestid: 7467ddb0-b9f9-47e9-ac31-c7599fe45698
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csVIIESBIAMFU6w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e689a-79e3f8b66e1cf72f3283ac5b;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:54:34 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 3seQ7H4qrlKKpuIWUobiey92ZMkB4jWqd5v6T6379g0V0y6XdVFvWQ==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 22:22:21 GMT
age: 33076
etag: "67a09d8cd23ed444667b225f7fbf4bb17b9f42dd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962c65f4-b402-46b4-83ba-50f3159341f2.jpeg
200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962c65f4-b402-46b4-83ba-50f3159341f2.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b15136d60fd0a5e0f657a4f5c75d540f
36082b7329d473829178f280cb71a83b1531e486
79478269b1f5dcfd1e45ccd4264fa44805b37c5c8fec820bcbd2fa1689dfbbd8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962c65f4-b402-46b4-83ba-50f3159341f2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11224
x-amzn-requestid: 938de0b8-1055-4416-9ad7-162ab5f4db9f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csUINEwdoAMFuOw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e6701-38b079ef341bb17e567de773;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:47:45 GMT
x-amz-cf-pop: YVR50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: tGtiCE9C3j0BUruNaFN2j1mKxCSouLmocmTXpmLMBJaLNyVwkXu1gQ==
via: 1.1 f0ac467993db44dbfc36b778dfcaf73c.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 22:23:09 GMT
age: 33028
etag: "36082b7329d473829178f280cb71a83b1531e486"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0f48f157-f5b1-44b8-91c0-da7927555031.jpeg
200 OK 4.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0f48f157-f5b1-44b8-91c0-da7927555031.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 17c7b7e3a4e6f3ad9ccf7f42c400749c
76432db96e8280e24da56670fba8f8f80a95ab31
f67d401ebc225c2a9dac5b4f98dc969e22f927455c2537df353ac86f046cc4c4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0f48f157-f5b1-44b8-91c0-da7927555031.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4905
x-amzn-requestid: d80a0dd7-01ec-4801-a5b5-6a1b01eb1944
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csTMSHsyoAMF6BQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e6581-177e519d6dbd1875555b0961;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:41:21 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: KmaWXiNE4GPEU9-X5rhVcEsUak4C9m-mjdTCdFUFCPFj8f2uGwCvcQ==
via: 1.1 995664ee945c06fc706b5cb8e0e650dc.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 21:46:52 GMT
etag: "76432db96e8280e24da56670fba8f8f80a95ab31"
content-type: image/jpeg
age: 35205
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F00b01871-cd98-4bab-b47d-4a29bb438277.jpeg
200 OK 9.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F00b01871-cd98-4bab-b47d-4a29bb438277.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2e11524d75503e35c404d6c9a12ac540
5626b75f5c2523f1a0fc301839a06a4e2407f106
d5eb74d026014c0a68893bde1107a9a111b1f0af835e28bb740308017ef80b7f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F00b01871-cd98-4bab-b47d-4a29bb438277.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9354
x-amzn-requestid: fb2dad44-2f8c-4f02-bbc5-405e9586e5af
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cmctYGLdoAMFyDw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638c0e55-28b5680933de0ff4208240be;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 03:04:53 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 6jWrhftx7tANXoWkKtCCjzm66zJDY13bpoA-7qVaZJNHEGsJS8dniw==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 36810aa1793ee589dc8c194860296078.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Dec 2022 04:05:41 GMT
age: 12476
etag: "5626b75f5c2523f1a0fc301839a06a4e2407f106"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8450e32d-c4fa-4c40-82bc-1c36f479692e.jpeg
200 OK 9.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8450e32d-c4fa-4c40-82bc-1c36f479692e.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash dd0fdca9dfb3e18fcbb5c89e12922da7
d8acf7053a01df2c503c734d52070ff4802d5a01
61e6235613c8ecda0321ecbe0870419bfa65cf3e44e3b85acd257f78725a6843
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8450e32d-c4fa-4c40-82bc-1c36f479692e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8978
x-amzn-requestid: eb1d3e42-f07c-4b92-983e-a40e2e2eda31
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csWdTE5goAMFRKg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e6abb-734e39b84aeb2370277122f0;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 22:03:39 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: rtVWLjbbjO2z-TlZqURPHGqbMJOSNd0yEFuYUnE3FGVmypSDqxaXwg==
via: 1.1 aa623e134417515bd2496cb01d5e5626.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Dec 2022 07:17:59 GMT
age: 938
etag: "d8acf7053a01df2c503c734d52070ff4802d5a01"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7663e5fc-37de-4be8-9be7-49805622f85d.jpeg
200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7663e5fc-37de-4be8-9be7-49805622f85d.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 99d1ff8fa2e095dcf2bda3d1e1af1221
f914f04a0e1fb45a221d31d2105bfc73015b03e6
90325d4299a44dbd213857ada6f6880db8c33ad61685cfcb60c4a2455a84cf87
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7663e5fc-37de-4be8-9be7-49805622f85d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10183
x-amzn-requestid: 557e6b38-7be9-4953-968b-2e5bd3491ef4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csUDYEQbIAMFwRg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e66e2-1fcd8fc4719bc0bc7d11abd2;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:47:14 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: z1_zJTJMuk724WMOmIc660b54AyZK8ffNVF5N7ehZ00W2kaL3Lcd1A==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 21:47:14 GMT
age: 35183
etag: "f914f04a0e1fb45a221d31d2105bfc73015b03e6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
track.gositego.live/click?pid=3664&offer_id=17742&sub1=ztv2Z5T17BmEoyW8bpFsSp6CtkFLpRBX&sub2=
200 OK 0 B URL HTTP/2 track.gositego.live/click?pid=3664&offer_id=17742&sub1=ztv2Z5T17BmEoyW8bpFsSp6CtkFLpRBX&sub2=
IP
ASN #396982 GOOGLE-CLOUD-PLATFORM
GET /click?pid=3664&offer_id=17742&sub1=ztv2Z5T17BmEoyW8bpFsSp6CtkFLpRBX&sub2= HTTP/1.1
Host: track.gositego.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 06 Dec 2022 07:33:36 GMT
content-type: text/html; charset=utf-8
x-adjust-use-original-forwarded-for: 1
set-cookie: afclick=638ef050386c0f000152e99c; expires=Wed, 06 Dec 2023 07:33:36 GMT; secure; SameSite=None
afoffers={"17742":1670312016}; expires=Wed, 06 Dec 2023 07:33:36 GMT; secure; SameSite=None
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
94.237.99.118
104.18.32.68
188.114.96.1
34.141.179.97
107.20.106.95
93.184.220.29
23.36.76.226