clck.ru/sW5Be?TRF
213.180.204.221302 Moved temporarily 0 B IP 213.180.204.221:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sW5Be?TRF HTTP/1.1
Host: clck.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Moved temporarily
Content-Length: 0
Location: https://clck.ru/sW5Be?TRF
firefox.settings.services.mozilla.com/v1/
143.204.55.115200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 91dd975a7b17b2922dd23c0e49314e40
57a2ece1e3cee7c4ebf927f2ba92f52cac395fe2
09966873bbf317f8910c59544cfde2a6d46e8acd2905797cc7c85c6b4d18ea8a
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Content-Type, Alert, Backoff, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Mon, 12 Sep 2022 23:30:03 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 bb1da7862c4968b28920b91b324095c0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Lylh1Y7XTTK2SvOqLAEroJjVAIOkk47YptdIOnILp9CcIIdCpVSUVg==
Age: 3505
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 76d5eb597558e3dee0d99719d17e71e0
f3a0f3932fa8059f27dc9422d523b938fa9a7d09
d16de6cc9eb0e1297f53dc1137bb764bf5c21a7727be32ad05afebd1fe9501ed
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D16DE6CC9EB0E1297F53DC1137BB764BF5C21A7727BE32AD05AFEBD1FE9501ED"
Last-Modified: Sat, 10 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20583
Expires: Tue, 13 Sep 2022 06:11:32 GMT
Date: Tue, 13 Sep 2022 00:28:29 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
143.204.55.110200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP 143.204.55.110:0
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Mon, 12 Sep 2022 07:17:13 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 5de23153ac267c206221751e1cccb6e8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: L2_toTwS87ugUsDHOcKgGWPK6t_yZmQxmuRoTYlx2DUjFphl2f8-Rw==
age: 61877
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 13 Sep 2022 00:28:29 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.globalsign.com/gsrsaovsslca2018
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP 104.18.20.226:0
Hash 7ac9ef7e178fd4692781b3a767ffcf85
5874cf059afd94552a979342f7c495da96cb0cd5
42c7ab6390fbc27299ab557a4f55c75fb9d36ec52185e2d60ddad198ef230c99
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 13 Sep 2022 00:28:29 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Fri, 16 Sep 2022 22:13:40 GMT
ETag: "5874cf059afd94552a979342f7c495da96cb0cd5"
Last-Modified: Mon, 12 Sep 2022 22:13:41 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 749cc35b0fd6b517-OSL
clck.ru/sW5Be?TRF
213.180.204.221302 FOUND 489 B IP 213.180.204.221:0
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (379)
Hash 09ccd848fb1c9b90ba145ba958b1c5e6
d500e71e5f3ddad6262fd403beaa328c7465b6b8
c93ef8f884b14a616eee8adf48232613ebebe9653fef6bf076104a015bf32589
GET /sW5Be?TRF HTTP/1.1
Host: clck.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 302 FOUND
Access-Control-Allow-Origin: *
Content-Length: 489
Content-Type: text/html; charset=utf-8
Date: Tue, 13 Sep 2022 00:28:29 GMT
Location: https://sba.yandex.net/redirect?url=https%3A%2F%2Fqmo21.test-app.link%2FO6dOUkD3isb&client=clck&sign=862b9ea1d2311b9fe53005cfa207eb5e
Strict-Transport-Security: max-age=31536000
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.115200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Mon, 12 Sep 2022 23:56:07 GMT
Expires: Tue, 13 Sep 2022 00:55:14 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 50584ad285d5f627ddebae74efdd0770.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: XSggIENbNp0OfkjAhP_taxWAFV3zi7IaWzioj5iJwZ8dQq9B8fvsPA==
Age: 1942
ocsp.globalsign.com/gsrsaovsslca2018
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP 104.18.20.226:0
Hash f269f89e8de2394e072b6beb90ba2f93
6b90a81921b20f1cad7143bf20cb20c5ef268aa1
f170d2d9ae0eb3386d78473c022b2e6911eec7696fb36fea627e06ab6db70c3f
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 13 Sep 2022 00:28:29 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Fri, 16 Sep 2022 22:58:45 GMT
ETag: "6b90a81921b20f1cad7143bf20cb20c5ef268aa1"
Last-Modified: Mon, 12 Sep 2022 22:58:46 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 749cc35d7920b517-OSL
sba.yandex.net/redirect?url=https%3A%2F%2Fqmo21.test-app.link%2FO6dOUkD3isb&client=clck&sign=862b9ea1d2311b9fe53005cfa207eb5e
87.250.250.232302 FOUND 284 B URL HTTP/1.1 sba.yandex.net/redirect?url=https%3A%2F%2Fqmo21.test-app.link%2FO6dOUkD3isb&client=clck&sign=862b9ea1d2311b9fe53005cfa207eb5e
IP 87.250.250.232:0
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 127cc1cbc359a3e5c74cada96e3515a7
93fbc8e377863b45c6cd7ef41a58113bede33bfb
2d9249668f32b38b43933f3317d51c0f7903e4a8e338e05631afdb57c7e3ca6d
GET /redirect?url=https%3A%2F%2Fqmo21.test-app.link%2FO6dOUkD3isb&client=clck&sign=862b9ea1d2311b9fe53005cfa207eb5e HTTP/1.1
Host: sba.yandex.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 302 FOUND
Content-Length: 284
Content-Type: text/html; charset=utf-8
Date: Tue, 13 Sep 2022 00:28:29 GMT
Location: https://qmo21.test-app.link/O6dOUkD3isb
Strict-Transport-Security: max-age=3600; includeSubDomains
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash cb674936db4af4be99c3c397eff8c6ae
de79d76bac3fae5799b0ff35ecc19360595dfb06
992b884b64f9f6fdb76a6ba91c48fed329325b95b99d8003b282879a52093c08
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1959
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 13 Sep 2022 00:28:29 GMT
Last-Modified: Mon, 12 Sep 2022 23:55:51 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
34.218.159.206101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.218.159.206:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: rHzLZkhUrxMbpkzWocahWQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: RUWeGNINHFFW/YOIvYPG9lVWrow=
destiney.parteneralliance3.online/ZzdSYXosR0VUVklEUy1DSEFSTUlORywxNjU5OTAwNjg2LCxUUkFGRUUsMA?_branch_match_id=1098029710528166423&utm_source=facebook&_branch_referrer=H4sIAAAAAAAAA8soKSkottLXL8zNNzLUK0ktLtFNLCjQy8nMy9b3N0vxD812Mc4sTgIA%2FCcyrycAAAA%3D
68.66.226.117200 OK 436 B URL HTTP/1.1 destiney.parteneralliance3.online/ZzdSYXosR0VUVklEUy1DSEFSTUlORywxNjU5OTAwNjg2LCxUUkFGRUUsMA?_branch_match_id=1098029710528166423&utm_source=facebook&_branch_referrer=H4sIAAAAAAAAA8soKSkottLXL8zNNzLUK0ktLtFNLCjQy8nMy9b3N0vxD812Mc4sTgIA%2FCcyrycAAAA%3D
IP 68.66.226.117:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (882), with no line terminators
Hash 6831f26984692a9f70023d36c567c20c
ec173514c0f205a90fa1ba9e7564e09aacbc23cb
42139622c4c0afb2eaa2dfb9e0a050acffb64e4ed981d2b08a57a99aae7046a7
GET /ZzdSYXosR0VUVklEUy1DSEFSTUlORywxNjU5OTAwNjg2LCxUUkFGRUUsMA?_branch_match_id=1098029710528166423&utm_source=facebook&_branch_referrer=H4sIAAAAAAAAA8soKSkottLXL8zNNzLUK0ktLtFNLCjQy8nMy9b3N0vxD812Mc4sTgIA%2FCcyrycAAAA%3D HTTP/1.1
Host: destiney.parteneralliance3.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.30
cache-control: no-cache
pragma: no-cache
content-type: text/html; charset=UTF-8
content-length: 436
content-encoding: gzip
vary: Accept-Encoding
date: Tue, 13 Sep 2022 00:28:30 GMT
server: LiteSpeed
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
destiney.parteneralliance3.online/_meetups/?click_id=getvids-charming&network=TRAFEE&guid=a52c2cdbb5ae42892a10ec2ec4f6c95e
68.66.226.117302 Found 0 B URL HTTP/1.1 destiney.parteneralliance3.online/_meetups/?click_id=getvids-charming&network=TRAFEE&guid=a52c2cdbb5ae42892a10ec2ec4f6c95e
IP 68.66.226.117:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /_meetups/?click_id=getvids-charming&network=TRAFEE&guid=a52c2cdbb5ae42892a10ec2ec4f6c95e HTTP/1.1
Host: destiney.parteneralliance3.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.30
cache-control: no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
location: /_meetups/r.php?click_id=charming&groups=getvids&network=TRAFEE&guid=9a9d8ff21dd7bbac1baa1b4f517945e6
content-type: text/html; charset=UTF-8
content-length: 0
date: Tue, 13 Sep 2022 00:28:30 GMT
server: LiteSpeed
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
destiney.parteneralliance3.online/_meetups/r.php?click_id=charming&groups=getvids&network=TRAFEE&guid=9a9d8ff21dd7bbac1baa1b4f517945e6
68.66.226.117200 OK 407 B URL HTTP/1.1 destiney.parteneralliance3.online/_meetups/r.php?click_id=charming&groups=getvids&network=TRAFEE&guid=9a9d8ff21dd7bbac1baa1b4f517945e6
IP 68.66.226.117:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (745), with no line terminators
Hash ea3dab473ceb80182992034fb8b3cebf
1f58966efdd40c5692fa58132b96f07e52e43cdd
cbfa2c85e45536855ec6d41fe4d82d083da4c267659a507299fc11d990077a34
GET /_meetups/r.php?click_id=charming&groups=getvids&network=TRAFEE&guid=9a9d8ff21dd7bbac1baa1b4f517945e6 HTTP/1.1
Host: destiney.parteneralliance3.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.30
cache-control: no-cache
pragma: no-cache
content-type: text/html; charset=UTF-8
content-length: 407
content-encoding: gzip
vary: Accept-Encoding
date: Tue, 13 Sep 2022 00:28:30 GMT
server: LiteSpeed
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2489
Expires: Tue, 13 Sep 2022 01:10:00 GMT
Date: Tue, 13 Sep 2022 00:28:31 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2489
Expires: Tue, 13 Sep 2022 01:10:00 GMT
Date: Tue, 13 Sep 2022 00:28:31 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc781d2a6-7a39-471c-a1a0-2e29918b63e9.jpeg
34.120.237.76200 OK 6.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc781d2a6-7a39-471c-a1a0-2e29918b63e9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ed996f863e0d0dcce9e48acb79fd6827
af756dc52f6b5b042d99c3ceba7a64dcbfaa73b5
57ea1317d878e2727fd8b0f3823e6f14053c7d1d16c5e1872b23a510ab1efdd7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc781d2a6-7a39-471c-a1a0-2e29918b63e9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6530
x-amzn-requestid: dd634daa-0aee-4859-a956-c54d5eecf1be
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YSKEyHGlIAMFVcg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631d8a1e-51f715224318bfcf76d1c3ab;Sampled=0
x-amzn-remapped-date: Sun, 11 Sep 2022 07:11:26 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: HMJgr4Kw1vyxFSbLpWcgarqHbVD3E8hPdFNFRzpwW4MqzV30mQyKog==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Mon, 12 Sep 2022 01:02:34 GMT
age: 84357
etag: "af756dc52f6b5b042d99c3ceba7a64dcbfaa73b5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F898fa8c6-1f06-4fa4-88d0-333a32c1a7a8.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F898fa8c6-1f06-4fa4-88d0-333a32c1a7a8.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 019416755742a78ddf35671ba5eaccc7
ec2e96359ef3a236514cab21af80ea5b9420e9c3
a6b0e0ec56c2ce2f94dae8032e0deb297236c35f7a8928a14a254e3fdb2a255a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F898fa8c6-1f06-4fa4-88d0-333a32c1a7a8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10245
x-amzn-requestid: 25331636-a1cd-4ceb-84cc-fd85cfd8a861
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YG23AGLIoAMFjFw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631904f9-6fbb23ec3dc9d55e344bc6d7;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 20:54:17 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: UkNBQ0iwXl3OWeO5PDgT_DgkaU5q6jqSorpyircPEtEW2f--bWHqlg==
via: 1.1 536063cb28bfc05fcb7a78183dd89b72.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Mon, 12 Sep 2022 22:17:40 GMT
age: 7851
etag: "ec2e96359ef3a236514cab21af80ea5b9420e9c3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb9bab12-4fd5-4be7-b453-25dfb0d4c606.jpeg
34.120.237.76200 OK 9.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb9bab12-4fd5-4be7-b453-25dfb0d4c606.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6c824a7db30839607b01c7a164f6f6ec
bbab791971056750a46dd6ed9c5d7c8e12ab457e
872262a28a383a9eafd1f453014a3edfde4872160b772874271be6358a47449f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb9bab12-4fd5-4be7-b453-25dfb0d4c606.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9606
x-amzn-requestid: bf72ce8c-1272-42df-8958-d392210106c5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YIR7NFh2oAMFXIQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631996ad-4646091a428db21e2dce1a61;Sampled=0
x-amzn-remapped-date: Thu, 08 Sep 2022 07:15:58 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 4skZVE5BinFMAJV196j5-qtDez6m26DtU8NZvU6K2VuhFnC7E1zXWw==
via: 1.1 0bb842bd5868b86440983b936bb0adee.cloudfront.net (CloudFront), 1.1 91356d2137f5a7345e93da4516c49ec4.cloudfront.net (CloudFront), 1.1 google
date: Mon, 12 Sep 2022 21:56:19 GMT
age: 9132
etag: "bbab791971056750a46dd6ed9c5d7c8e12ab457e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2830e2cb-8887-441e-8c0c-906b8fbb2366.jpeg
34.120.237.76200 OK 9.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2830e2cb-8887-441e-8c0c-906b8fbb2366.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c9ab2ec10c79b91d15edb1d1e3dc763c
744fee4a0baa22ba3aa352d60620a916972b47dd
f7bb66f5bb572d73f936fc74823f51ede1f2c4e309a939b39d9529ff8f757fbe
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2830e2cb-8887-441e-8c0c-906b8fbb2366.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9945
x-amzn-requestid: a347749f-a63a-4533-a274-7151b9f235ff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YXcX8HAKoAMF5EQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631fa765-56cff18515b2a5b3397231df;Sampled=0
x-amzn-remapped-date: Mon, 12 Sep 2022 21:40:53 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: lZ3FmD1gM8YBgZNt97kuYSol1kj0GQqRjyLT_7715VtH9GR1WpMDxA==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 989017835f43d594873bde5a7ee7fe5e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 12 Sep 2022 21:42:20 GMT
age: 9971
etag: "744fee4a0baa22ba3aa352d60620a916972b47dd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2fa3e758-893f-4e13-94ae-85209a30089e.jpeg
34.120.237.76200 OK 6.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2fa3e758-893f-4e13-94ae-85209a30089e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c3057080b51e9f8360222d0bba39807f
0c9cdc03cf2b5a60542cdb91de6b7b37866254cc
303c7c2f54dd0ef80f6a7b2cc050ff118f8907a79334dcab7e8fa4d4cab3b7bb
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2fa3e758-893f-4e13-94ae-85209a30089e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6670
x-amzn-requestid: 6f0e9fd2-a2a3-4b89-a109-e0ada80efb41
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X_Y9vFPHoAMFkBw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63160857-3c8f54b87e1e502e2308a204;Sampled=0
x-amzn-remapped-date: Mon, 05 Sep 2022 14:31:51 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: s9XL-JvEdgQ31t_VRIubCZ7fMr7qscSLt7pPtnq9FIKOya2WbUfdfQ==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 1481cc55c02c3a782ad420b6bac2cb32.cloudfront.net (CloudFront), 1.1 google
date: Mon, 12 Sep 2022 22:02:04 GMT
age: 8787
etag: "0c9cdc03cf2b5a60542cdb91de6b7b37866254cc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d3b6b9b-146c-4409-9d90-4b60cad37e27.jpeg
34.120.237.76200 OK 7.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d3b6b9b-146c-4409-9d90-4b60cad37e27.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash bade06e72a416ba31c658e41c341a175
722607d59e2fa7de70b7b24daebc0ef74903f272
16033840bfe31372b193a545f5aae57fd865a5e786d12705d67b18dfdbb31388
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d3b6b9b-146c-4409-9d90-4b60cad37e27.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7430
x-amzn-requestid: 7898b8eb-60e3-47b4-980e-061036ac8c4e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YXbepFinIAMFoqg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631fa5f7-3a120c0143cdf1051f94e142;Sampled=0
x-amzn-remapped-date: Mon, 12 Sep 2022 21:34:47 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: eKSciYj4WbRzV_M0LpmWpgrEvYLDfi2haM-slQw4EXm371JAq-pd6Q==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Mon, 12 Sep 2022 21:58:04 GMT
etag: "722607d59e2fa7de70b7b24daebc0ef74903f272"
content-type: image/jpeg
age: 9027
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 2bf2a9a4ba653ef0bfb1a96c015e75f8
0a3b9f2c5e868a804d4308d4d3305d61de72e94a
7ec63b3e56d3f4519cd984a32f1ee03bb795fe9061f3ddaf63221e6e7e5cd46b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7EC63B3E56D3F4519CD984A32F1EE03BB795FE9061F3DDAF63221E6E7E5CD46B"
Last-Modified: Mon, 12 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6644
Expires: Tue, 13 Sep 2022 02:19:15 GMT
Date: Tue, 13 Sep 2022 00:28:31 GMT
Connection: keep-alive
daddce.naughtymets.com/s/625941d166f1f?track=CHARMING&click_id=Q0hBUk1JTkcsTk8sOTEuOTAuNDIuMTU0LFdFQixHRVRWSURT
178.162.199.80200 OK 2.1 kB URL HTTP/1.1 daddce.naughtymets.com/s/625941d166f1f?track=CHARMING&click_id=Q0hBUk1JTkcsTk8sOTEuOTAuNDIuMTU0LFdFQixHRVRWSURT
IP 178.162.199.80:0
ASN #28753 Leaseweb Deutschland GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash e49c7cf0f82fa5dc84e1b06c934d9e4d
8113e3be545cbc07ab2b6b19727bb96eae59c557
f66822a0692a28118615085808c6709ad4d927dfae2a5b95e607fe076a5c46d9
GET /s/625941d166f1f?track=CHARMING&click_id=Q0hBUk1JTkcsTk8sOTEuOTAuNDIuMTU0LFdFQixHRVRWSURT HTTP/1.1
Host: daddce.naughtymets.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Tue, 13 Sep 2022 00:28:31 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: SID=ed74ed621e32bbf0ace0c85f9af134c6; expires=Fri, 12-Sep-2025 00:28:31 GMT; Max-Age=94608000; path=/; domain=naughtymets.com
Content-Encoding: gzip
daddce.naughtymets.com/bundle/421/assets/css/style.css
178.162.199.80200 OK 24 kB URL HTTP/1.1 daddce.naughtymets.com/bundle/421/assets/css/style.css
IP 178.162.199.80:0
ASN #28753 Leaseweb Deutschland GmbH
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash bdaeaf388c0a108edd5373536bedff4c
9f02aa8224b84a0338fd1e7ff99d1760745257ee
da6221de3931704d9dda90bf91597fcdab5c79375c5dfa3cf098d1ad366c236a
GET /bundle/421/assets/css/style.css HTTP/1.1
Host: daddce.naughtymets.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://daddce.naughtymets.com/s/625941d166f1f?track=CHARMING&click_id=Q0hBUk1JTkcsTk8sOTEuOTAuNDIuMTU0LFdFQixHRVRWSURT
Cookie: SID=ed74ed621e32bbf0ace0c85f9af134c6
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Tue, 13 Sep 2022 00:28:31 GMT
Content-Type: text/css
Content-Length: 23836
Connection: keep-alive
Last-Modified: Fri, 27 Nov 2020 19:43:18 GMT
Vary: Accept-Encoding
ETag: "5fc156d6-5d1c"
Accept-Ranges: bytes
daddce.naughtymets.com/bundle/421/assets/img/loadingbar.gif
178.162.199.80200 OK 5.8 kB URL HTTP/1.1 daddce.naughtymets.com/bundle/421/assets/img/loadingbar.gif
IP 178.162.199.80:0
ASN #28753 Leaseweb Deutschland GmbH
File type GIF image data, version 89a, 208 x 13\012- data
Hash e7476fddd806e1ad72356ec86ae2a35a
162d8b87e6d1c3ef0ed5839ffd54cf5ac0c23e54
dfa0ad12a293332f47c0c0b7c4d7681d3670915a2f75f086aaf61b9a2835b24a
GET /bundle/421/assets/img/loadingbar.gif HTTP/1.1
Host: daddce.naughtymets.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://daddce.naughtymets.com/s/625941d166f1f?track=CHARMING&click_id=Q0hBUk1JTkcsTk8sOTEuOTAuNDIuMTU0LFdFQixHRVRWSURT
Cookie: SID=ed74ed621e32bbf0ace0c85f9af134c6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Tue, 13 Sep 2022 00:28:31 GMT
Content-Type: image/gif
Content-Length: 5837
Connection: keep-alive
Last-Modified: Fri, 27 Nov 2020 19:43:18 GMT
ETag: "5fc156d6-16cd"
Accept-Ranges: bytes
daddce.naughtymets.com/bundle/421/assets/js/functions.js
178.162.199.80200 OK 4.4 kB URL HTTP/1.1 daddce.naughtymets.com/bundle/421/assets/js/functions.js
IP 178.162.199.80:0
ASN #28753 Leaseweb Deutschland GmbH
File type ASCII text, with CRLF line terminators
Hash 50e622c17f69346789f2131341566018
17b1ce8d0c8692a647241548fc9f57209f8ee4ae
547a987cc5b52ca3724168abeb650ac6ebd3bb9378a8c31e3d54b66fdf9c6aff
Analyzer Verdict Alert fortinet Phishing
GET /bundle/421/assets/js/functions.js HTTP/1.1
Host: daddce.naughtymets.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://daddce.naughtymets.com/s/625941d166f1f?track=CHARMING&click_id=Q0hBUk1JTkcsTk8sOTEuOTAuNDIuMTU0LFdFQixHRVRWSURT
Cookie: SID=ed74ed621e32bbf0ace0c85f9af134c6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Tue, 13 Sep 2022 00:28:31 GMT
Content-Type: application/javascript
Content-Length: 4390
Connection: keep-alive
Last-Modified: Fri, 27 Nov 2020 19:43:18 GMT
Vary: Accept-Encoding
ETag: "5fc156d6-1126"
Accept-Ranges: bytes
daddce.naughtymets.com/bundle/421/assets/img/6.jpg
178.162.199.80200 OK 18 kB URL HTTP/1.1 daddce.naughtymets.com/bundle/421/assets/img/6.jpg
IP 178.162.199.80:0
ASN #28753 Leaseweb Deutschland GmbH
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 420x540, components 3\012- data
Hash 55ee671833c579f2e004eb8377a1db86
ac1753f935fb775de6498375c63849310c66d239
5d05fc51e308b468e5440135b300d9a7bd2bebb1760b33e795311d92de07ee23
GET /bundle/421/assets/img/6.jpg HTTP/1.1
Host: daddce.naughtymets.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://daddce.naughtymets.com/s/625941d166f1f?track=CHARMING&click_id=Q0hBUk1JTkcsTk8sOTEuOTAuNDIuMTU0LFdFQixHRVRWSURT
Cookie: SID=ed74ed621e32bbf0ace0c85f9af134c6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Tue, 13 Sep 2022 00:28:32 GMT
Content-Type: image/jpeg
Content-Length: 17976
Connection: keep-alive
Last-Modified: Fri, 27 Nov 2020 19:43:18 GMT
ETag: "5fc156d6-4638"
Accept-Ranges: bytes
daddce.naughtymets.com/js/click.js?2
178.162.199.80200 OK 5.0 kB URL HTTP/1.1 daddce.naughtymets.com/js/click.js?2
IP 178.162.199.80:0
ASN #28753 Leaseweb Deutschland GmbH
Hash 53a2e265d3017d351683e9581d22f4a6
5b74595b9c637d10613fdd9735689205465dfe83
77123007bc08642e539cef883548f19653f8d6e86c0efca325ce34b5fd8fc09c
Analyzer Verdict Alert fortinet Phishing
GET /js/click.js?2 HTTP/1.1
Host: daddce.naughtymets.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://daddce.naughtymets.com/s/625941d166f1f?track=CHARMING&click_id=Q0hBUk1JTkcsTk8sOTEuOTAuNDIuMTU0LFdFQixHRVRWSURT
Cookie: SID=ed74ed621e32bbf0ace0c85f9af134c6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Tue, 13 Sep 2022 00:28:32 GMT
Content-Type: application/javascript
Content-Length: 5027
Connection: keep-alive
Last-Modified: Thu, 01 Sep 2022 07:53:33 GMT
Vary: Accept-Encoding
ETag: "631064fd-13a3"
Accept-Ranges: bytes
daddce.naughtymets.com/bundle/421/assets/img/favicon.png
178.162.199.80200 OK 6.2 kB URL HTTP/1.1 daddce.naughtymets.com/bundle/421/assets/img/favicon.png
IP 178.162.199.80:0
ASN #28753 Leaseweb Deutschland GmbH
File type PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced\012- data
Hash 024b79c399646cd754c99e8d4b0a5e87
e42de65ba384b1db6bfcc56bcedbb2b80df229e4
014a887229b9cd82de1090f8f53a6860c00a468269f31e1f5f15dd88cc5c3284
GET /bundle/421/assets/img/favicon.png HTTP/1.1
Host: daddce.naughtymets.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://daddce.naughtymets.com/s/625941d166f1f?track=CHARMING&click_id=Q0hBUk1JTkcsTk8sOTEuOTAuNDIuMTU0LFdFQixHRVRWSURT
Cookie: SID=ed74ed621e32bbf0ace0c85f9af134c6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Tue, 13 Sep 2022 00:28:32 GMT
Content-Type: image/png
Content-Length: 6152
Connection: keep-alive
Last-Modified: Fri, 27 Nov 2020 19:43:18 GMT
ETag: "5fc156d6-1808"
Accept-Ranges: bytes
qmo21.test-app.link/O6dOUkD3isb
143.204.55.99307 Temporary Redirect 0 B URL HTTP/2 qmo21.test-app.link/O6dOUkD3isb
IP 143.204.55.99:0
GET /O6dOUkD3isb HTTP/1.1
Host: qmo21.test-app.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 307 Temporary Redirect
location: http://destiney.parteneralliance3.online/ZzdSYXosR0VUVklEUy1DSEFSTUlORywxNjU5OTAwNjg2LCxUUkFGRUUsMA?_branch_match_id=1098029710528166423&utm_source=facebook&_branch_referrer=H4sIAAAAAAAAA8soKSkottLXL8zNNzLUK0ktLtFNLCjQy8nMy9b3N0vxD812Mc4sTgIA%2FCcyrycAAAA%3D
server: openresty
date: Tue, 13 Sep 2022 00:28:30 GMT
set-cookie: _s=0lVATH19s6QkHjycM0X8RhxySgOsIj3WBz7UuDGVFR5d7AUmidjIAAeSnHu0lyrr; Max-Age=31536000; Domain=.test-app.link; Path=/; Expires=Wed, 13 Sep 2023 00:28:29 GMT; Secure
last-modified: Tue, 13 Sep 2022 00:28:30 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-cache: Miss from cloudfront
via: 1.1 8e6dce34fd223e0c9d89fd938d1784a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: LvoV_esqdfWKvv_TeHJ9Ct0cMDWV6acN1A8ZVFDpggStBP4--zYL9w==
X-Firefox-Spdy: h2