Report - d.revokeuncle.shop/ubbiawe/mnucxn663dpttnoh/O_B0RDFQPJZew84tf9m95k7s8fR0MMTTKtJQtw7u1dg/NcQl7acvv-XRStiPNXBCQbpQjPkOOJ5B8vtzV1C03s2bGlkMYHCa1xsaBiqn8e7Hfl1OiTfYgV1GMnsEED6xoA

Report Overview

Submitted URL
d.revokeuncle.shop/ubbiawe/mnucxn663dpttnoh/O_B0RDFQPJZew84tf9m95k7s8fR0MMTTKtJQtw7u1dg/NcQl7acvv-XRStiPNXBCQbpQjPkOOJ5B8vtzV1C03s2bGlkMYHCa1xsaBiqn8e7Hfl1OiTfYgV1GMnsEED6xoA
IP
172.67.215.207
ASN
#13335 CLOUDFLARENET
Submitted
2022-12-04 11:26:18
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
d.revokeuncle.shop	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	7.6 kB	239 kB	104.21.53.170
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	682 B	1.6 kB	93.184.220.29
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.7 kB	5.6 kB	142.250.74.131
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	61 kB	34.120.237.76
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.7 kB	4.4 kB	23.36.76.226
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	34.102.187.140
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	52.38.139.17
www.google-analytics.com	40	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	374 B	21 kB	142.250.74.110
stats.g.doubleclick.net	96	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	608 B	712 B	108.177.14.155
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
www.googletagmanager.com	75	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	386 B	44 kB	172.217.21.168
www.google.com	7	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	517 B	694 B	142.250.74.132
www.google.no	25607	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	516 B	694 B	142.250.74.163
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	229 B	34.117.237.239

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-12-04	medium	d.revokeuncle.shop/ubbiawe/mnucxn663dpttnoh/O_B0RDFQPJZew84tf9m95k7s8fR0MMTTKtJQtw7u1dg/NcQl7acvv-XRStiPNXBCQbpQjPkOOJ5B8vtzV1C03s2bGlkMYHCa1xsaBiqn8e7Hfl1OiTfYgV1GMnsEED6xoA	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (5)

	URL	Size	First Seen	Last Seen
	d.revokeuncle.shop/jquery-1.11.0.min.js	96 kB	2023-03-07	2024-04-18
Pretty URL d.revokeuncle.shop/jquery-1.11.0.min.js IP 104.21.53.170 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:10 Last Seen2024-04-18 14:56:10 Times Seen18413 Hash 8fc25e27d42774aeae6edbc0a18b72aa b66ed708717bf0b4a005a4d0113af8843ef3b8ff b294e973896f8f874e90a8eb1a8908ac790980d034c4c4bdf0fc3d37b8abf682 Loading...

	d.revokeuncle.shop/ubbiawe/mnucxn663dpttnoh/O_B0RDFQPJZew84tf9m95k7s8fR0MMTTKtJQtw7u1dg/NcQl7acvv-XRStiPNXBCQbpQjPkOOJ5B8vtzV1C03s2bGlkMYHCa1xsaBiqn8e7Hfl1OiTfYgV1GMnsEED6xoA	251 B	2023-03-08	2024-02-07
Pretty URL d.revokeuncle.shop/ubbiawe/mnucxn663dpttnoh/O_B0RDFQPJZew84tf9m95k7s8fR0MMTTKtJQtw7u1dg/NcQl7acvv-XRStiPNXBCQbpQjPkOOJ5B8vtzV1C03s2bGlkMYHCa1xsaBiqn8e7Hfl1OiTfYgV1GMnsEED6xoA IP 104.21.53.170 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:55:53 Last Seen2024-02-07 03:42:21 Times Seen1 Hash 03b903bdf2d3134c0421c30de979c3c7 3a92dd8a579a53c0cb2cb0f2be332cf79bfeb0a0 37f425ebc2af0d5e0ce2e14478422424244e1c84a391990b490dc34a74e25493 Loading...

	d.revokeuncle.shop/clicks/Exipure_cb.php?sid=999898&h=O_B0RDFQPJZew84tf9m95k7s8fR0MMTTKtJQtw7u1dg/NcQl7acvv-XRStiPNXBCQbpQjPkOOJ5B8vtzV1C03s2bGlkMYHCa1xsaBiqn8e7Hfl1OiTfYgV1GMnsEED6xoA	154 B	2023-03-07	2024-03-13
Pretty URL d.revokeuncle.shop/clicks/Exipure_cb.php?sid=999898&h=O_B0RDFQPJZew84tf9m95k7s8fR0MMTTKtJQtw7u1dg/NcQl7acvv-XRStiPNXBCQbpQjPkOOJ5B8vtzV1C03s2bGlkMYHCa1xsaBiqn8e7Hfl1OiTfYgV1GMnsEED6xoA IP 104.21.53.170 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:24 Last Seen2024-03-13 17:48:30 Times Seen54 Hash ea6fb5829b8b3345ad595b21c0eaedb0 2c6c4609804f99e09ad777a308eaf4f26ec04474 5be5ed06f4b849d7af02562365acb798fac639c00cf9e2e2dd1fbb0df5068cad Loading...

	www.googletagmanager.com/gtag/js?id=UA-22484186-3	112 kB	2023-03-08	2024-02-07
Pretty URL www.googletagmanager.com/gtag/js?id=UA-22484186-3 IP 172.217.21.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:55:53 Last Seen2024-02-07 03:42:21 Times Seen1 Hash c3393deb4bb44145dbe2235f59bf09bf c2dd2bfc9ef263e406a423d54a01f53c8e35afb5 da22cfab3664b7139bea73ff5a7b22b811632554242a0a667f0d162c4d382e17 Loading...

	www.google-analytics.com/analytics.js	50 kB	2023-03-08	2024-04-18
Pretty URL www.google-analytics.com/analytics.js IP 142.250.74.110 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 05:22:31 Last Seen2024-04-18 21:02:43 Times Seen1513 Hash fda30e8a22c9bcd954fd8d0fadd0e77c ae47cd34cbde081a48d7f92fc80aaf06a1381193 b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719 Loading...

HTTP Transactions (46)

URL IP Response Size

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
cfec3d7283a9b66d2be426ce54d210f3
808c1feb1ba918951d1928c1f6bfc0c253262774
1bad6c06aa3e88dcbc125fc98a6cb753eb2b18d2c8dd61da21d12209aeeda3f9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1BAD6C06AA3E88DCBC125FC98A6CB753EB2B18D2C8DD61DA21D12209AEEDA3F9"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10004
Expires: Sun, 04 Dec 2022 14:12:50 GMT
Date: Sun, 04 Dec 2022 11:26:06 GMT
Connection: keep-alive

d.revokeuncle.shop/ubbiawe/mnucxn663dpttnoh/O_B0RDFQPJZew84tf9m95k7s8fR0MMTTKtJQtw7u1dg/NcQl7acvv-XRStiPNXBCQbpQjPkOOJ5B8vtzV1C03s2bGlkMYHCa1xsaBiqn8e7Hfl1OiTfYgV1GMnsEED6xoA

104.21.53.170

200 OK

505 B

URL HTTP/1.1
d.revokeuncle.shop/ubbiawe/mnucxn663dpttnoh/O_B0RDFQPJZew84tf9m95k7s8fR0MMTTKtJQtw7u1dg/NcQl7acvv-XRStiPNXBCQbpQjPkOOJ5B8vtzV1C03s2bGlkMYHCa1xsaBiqn8e7Hfl1OiTfYgV1GMnsEED6xoA
IP
104.21.53.170:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
505 B (505 bytes)
Hash
d888a2f2cf32cde5638b56ae27ed5f9c
46ad02bce5db83817cd54cc684aaec2616fcf2c7
52818c3bdf8b058071f47d3b9e2a3f4472c3d7b628ff30b82768adcff28557ac

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /ubbiawe/mnucxn663dpttnoh/O_B0RDFQPJZew84tf9m95k7s8fR0MMTTKtJQtw7u1dg/NcQl7acvv-XRStiPNXBCQbpQjPkOOJ5B8vtzV1C03s2bGlkMYHCa1xsaBiqn8e7Hfl1OiTfYgV1GMnsEED6xoA HTTP/1.1
Host: d.revokeuncle.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 11:26:06 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=22zV9WhoWwK%2BvPscjjkTlq09YZFqlt9wWomFDffycFM9ejjd7vEwXTmnFwMxY3H5rAURUQe4zEsrBWCTCCs%2BQBFz1Vzpm6BkPFBPcNWWSLCS%2B5bC2TUjME2DL6Va%2B8woPxj72WU%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 77442f6ab8a7b4f9-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
fb2c0697c6d9a96a5411dd2952947458
79e57f831ec396bbdaa5bfe9472a05e6c9fb31f4
3fd7edcc349ab4402f62e54a142be6b4cecf0e7ee3f431d3168bdf0643ba4d92

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1442
Cache-Control: max-age=170953
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 11:26:06 GMT
Etag: "638c76f5-1d7"
Expires: Tue, 06 Dec 2022 10:55:19 GMT
Last-Modified: Sun, 04 Dec 2022 10:31:17 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1ea206ac3c440825741687351f8c6e4e
2f38dafd8c43dcce2411a0590bc5c02cd6286735
7d7232c8c91bcd18161ba2c9d23e3bff159604e058bd5b3fc1c7fcbcd03a7ee3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D7232C8C91BCD18161BA2C9D23E3BFF159604E058BD5B3FC1C7FCBCD03A7EE3"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4946
Expires: Sun, 04 Dec 2022 12:48:32 GMT
Date: Sun, 04 Dec 2022 11:26:06 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 04 Dec 2022 11:20:06 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 360
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: 3I4801bxtqHaDTmrwiPomRY7Jv/GElD5NiUdmmyh/H11YiMFoo8Au5Hq55fRg3q1pHYny7+AwG0=
x-amz-request-id: ZHXKBC41ZSG8E836
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 04 Dec 2022 10:46:57 GMT
age: 2349
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 11:26:06 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
3c4319f54a5675ee9acda96c58f97ac6
210ea86db1836d430b321d59b4bd1b016c914f22
cb20ad3ec895ed3a2ae9b1a90dda6b7cc174d8851f3a15ba054a435746cbdc65

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 11:26:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googletagmanager.com/gtag/js?id=UA-22484186-3

172.217.21.168

200 OK

44 kB

URL HTTP/2
www.googletagmanager.com/gtag/js?id=UA-22484186-3
IP
172.217.21.168:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1921)
Size
44 kB (43593 bytes)
Hash
ce297c218e80b165a263c3a8a412c70d
600e9da3ab842be74ab08c4a8a3186d903aef1bc
faa4c82f13dd972509b8e1cee8789abee59bfdf99b4a9d1d03bbf0fd92b25077

HTTP Headers

GET /gtag/js?id=UA-22484186-3 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://d.revokeuncle.shop/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 04 Dec 2022 11:26:07 GMT
expires: Sun, 04 Dec 2022 11:26:07 GMT
cache-control: private, max-age=900
last-modified: Sun, 04 Dec 2022 09:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43593
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
3c4319f54a5675ee9acda96c58f97ac6
210ea86db1836d430b321d59b4bd1b016c914f22
cb20ad3ec895ed3a2ae9b1a90dda6b7cc174d8851f3a15ba054a435746cbdc65

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 11:26:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

d.revokeuncle.shop/jquery-1.11.0.min.js

104.21.53.170

200 OK

33 kB

URL HTTP/1.1
d.revokeuncle.shop/jquery-1.11.0.min.js
IP
104.21.53.170:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (32341)
Size
33 kB (33436 bytes)
Hash
95fe3f4dd117c33f6015e1c3d6df1d0d
d5b8856932d1ea63f51824de0bb50670d2e960bc
e6945ac3f1927f242a9fd7a5cf67720f7763888127a7427eb24ffc52019d4b16

HTTP Headers

GET /jquery-1.11.0.min.js HTTP/1.1
Host: d.revokeuncle.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://d.revokeuncle.shop/ubbiawe/mnucxn663dpttnoh/O_B0RDFQPJZew84tf9m95k7s8fR0MMTTKtJQtw7u1dg/NcQl7acvv-XRStiPNXBCQbpQjPkOOJ5B8vtzV1C03s2bGlkMYHCa1xsaBiqn8e7Hfl1OiTfYgV1GMnsEED6xoA

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 11:26:07 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 18:56:20 GMT
ETag: W/"6388f8d4-1787d"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r%2FJk0yxU9q3%2BB%2F6vxWFBb9irFVwPfPBq0Fk1m%2BOcuvR57AW3Gb1sG0cppqcOJFH2McNpsdvZbNs9B270WYHqBWf6E5LnT8e9S1AZRLh7mJtKItS%2F72dXUeK%2BusNU6KEp%2F4K0IGY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77442f6d7be5b4f9-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 04 Dec 2022 11:08:58 GMT
cache-control: public,max-age=3600
age: 1029
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

d.revokeuncle.shop/offer.php?id=1&sid=999898&h=O_B0RDFQPJZew84tf9m95k7s8fR0MMTTKtJQtw7u1dg/NcQl7acvv-XRStiPNXBCQbpQjPkOOJ5B8vtzV1C03s2bGlkMYHCa1xsaBiqn8e7Hfl1OiTfYgV1GMnsEED6xoA

104.21.53.170

200 OK

296 B

URL HTTP/1.1
d.revokeuncle.shop/offer.php?id=1&sid=999898&h=O_B0RDFQPJZew84tf9m95k7s8fR0MMTTKtJQtw7u1dg/NcQl7acvv-XRStiPNXBCQbpQjPkOOJ5B8vtzV1C03s2bGlkMYHCa1xsaBiqn8e7Hfl1OiTfYgV1GMnsEED6xoA
IP
104.21.53.170:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text
Size
296 B (296 bytes)
Hash
02a598913caa0c4f760919f7babb24a0
04934f50324db5d1b65f191e6ea27f0f81873af3
61af356c7f1b2e076a5053035ddd62e08706555f2905b09580397671ee2ed862

HTTP Headers

GET /offer.php?id=1&sid=999898&h=O_B0RDFQPJZew84tf9m95k7s8fR0MMTTKtJQtw7u1dg/NcQl7acvv-XRStiPNXBCQbpQjPkOOJ5B8vtzV1C03s2bGlkMYHCa1xsaBiqn8e7Hfl1OiTfYgV1GMnsEED6xoA HTTP/1.1
Host: d.revokeuncle.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://d.revokeuncle.shop/ubbiawe/mnucxn663dpttnoh/O_B0RDFQPJZew84tf9m95k7s8fR0MMTTKtJQtw7u1dg/NcQl7acvv-XRStiPNXBCQbpQjPkOOJ5B8vtzV1C03s2bGlkMYHCa1xsaBiqn8e7Hfl1OiTfYgV1GMnsEED6xoA
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 11:26:07 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KjYohNAY37kW4UnJw1vrF7EZQAs7huQr%2B03jYOdkBzEKOXGEXJK6W1XyxEjjRsTKXN44vLDQf%2BnVg5GQn5eLjB8%2B5hSy0V47qwDguvzE2f79K1B4970B04WXChgvCL7BP%2F7eyrU%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 77442f6fae4cb4f9-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
31b129c94a90b1e695b21395cb54e378
a3cae46b48d469cc61ab0581303bcd5f5b654db9
fac3f681be358a20f78958dff10c89b7a91365c5114c81246c1bc34c1362ba1e

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1438
Cache-Control: max-age=165882
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 11:26:07 GMT
Etag: "638c632b-1d7"
Expires: Tue, 06 Dec 2022 09:30:49 GMT
Last-Modified: Sun, 04 Dec 2022 09:06:51 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471

d.revokeuncle.shop/clicks/Exipure_cb.php?sid=999898&h=O_B0RDFQPJZew84tf9m95k7s8fR0MMTTKtJQtw7u1dg/NcQl7acvv-XRStiPNXBCQbpQjPkOOJ5B8vtzV1C03s2bGlkMYHCa1xsaBiqn8e7Hfl1OiTfYgV1GMnsEED6xoA

104.21.53.170

200 OK

2.6 kB

URL HTTP/1.1
d.revokeuncle.shop/clicks/Exipure_cb.php?sid=999898&h=O_B0RDFQPJZew84tf9m95k7s8fR0MMTTKtJQtw7u1dg/NcQl7acvv-XRStiPNXBCQbpQjPkOOJ5B8vtzV1C03s2bGlkMYHCa1xsaBiqn8e7Hfl1OiTfYgV1GMnsEED6xoA
IP
104.21.53.170:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (495), with CRLF line terminators
Size
2.6 kB (2632 bytes)
Hash
c7496e649aa0c6780394f7b1cc10574c
b0e82845768992acd48d5e5b0a22322d5e4383a8
ed32e59c3e6f4a3563d8fe4a05d98f330fc7d4f6d6fe72579d44c2857677bc58

HTTP Headers

GET /clicks/Exipure_cb.php?sid=999898&h=O_B0RDFQPJZew84tf9m95k7s8fR0MMTTKtJQtw7u1dg/NcQl7acvv-XRStiPNXBCQbpQjPkOOJ5B8vtzV1C03s2bGlkMYHCa1xsaBiqn8e7Hfl1OiTfYgV1GMnsEED6xoA HTTP/1.1
Host: d.revokeuncle.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 11:26:07 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oM5VcM8PTTXsqZgEOFf6lfO3eGxkHLeriKVobQCwcBwFhHkll8R83fT1OddHJWIGgC6a8qIPFzS2gZbCY%2BgQfX1uHsBZzOQW8SXwq%2FS24%2F0yo4j%2FfPUN03rQmB7WDvZlQuRlifA%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 77442f70efc7b4f9-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

d.revokeuncle.shop/clicks/Exipure_cb_files/blank.htm

104.21.53.170

200 OK

548 B

URL HTTP/1.1
d.revokeuncle.shop/clicks/Exipure_cb_files/blank.htm
IP
104.21.53.170:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1254), with CRLF line terminators
Size
548 B (548 bytes)
Hash
cd64b4aeec0a8560c0d6527312e2c806
3b84cb918c9cf6a06d81b2aee07f5fec52ec6878
7dc0902142b34ea216d209ad68f58687c2190ebb974b2f540f61cc64b2b22ef4

HTTP Headers

GET /clicks/Exipure_cb_files/blank.htm HTTP/1.1
Host: d.revokeuncle.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://d.revokeuncle.shop/clicks/Exipure_cb.php?sid=999898&h=O_B0RDFQPJZew84tf9m95k7s8fR0MMTTKtJQtw7u1dg/NcQl7acvv-XRStiPNXBCQbpQjPkOOJ5B8vtzV1C03s2bGlkMYHCa1xsaBiqn8e7Hfl1OiTfYgV1GMnsEED6xoA
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 11:26:07 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 18:54:03 GMT
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yAT95q9b71OjFeD4oOBqRVvvKg3DOglKzKzj5MGQM65a9Z8palUdCbhS4fTXso6mXecJAmT5moUwVkhCuAEKCcGWPPKabhjTBlm%2F4QYHsKJY%2FJv%2F3rc5BoWCTMiQpllmEwPRPKo%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 77442f7209bbb4f9-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

d.revokeuncle.shop/clicks/Exipure_cb_files/font-awesome.min.css

104.21.53.170

200 OK

5.9 kB

URL HTTP/1.1
d.revokeuncle.shop/clicks/Exipure_cb_files/font-awesome.min.css
IP
104.21.53.170:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 (with BOM) text, with very long lines (26474)
Size
5.9 kB (5913 bytes)
Hash
fd1ffa82658b3459106c656c38a9cb82
5ad49dec3eec50c33c2a37b143b2de3293b7eb0f
811cc2e6c6cad1b510dd236f022fd19ca99a1f010bfc4851d449bf9a9595ad0d

HTTP Headers

GET /clicks/Exipure_cb_files/font-awesome.min.css HTTP/1.1
Host: d.revokeuncle.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://d.revokeuncle.shop/clicks/Exipure_cb.php?sid=999898&h=O_B0RDFQPJZew84tf9m95k7s8fR0MMTTKtJQtw7u1dg/NcQl7acvv-XRStiPNXBCQbpQjPkOOJ5B8vtzV1C03s2bGlkMYHCa1xsaBiqn8e7Hfl1OiTfYgV1GMnsEED6xoA

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 11:26:07 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 18:54:03 GMT
ETag: W/"6388f84b-6810"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Alp8AsjWvQt6pYhOgwIGHZSdXUJlb2AEqj58btx775JkeA2hAXt9rWcGUrvomVKolEjVfooPKaoa%2FFRa9r1%2FhZkRi19kMv8kndCcE5ZpcDGKxpmfX03NJErMhoe6TsFV2wNhqMQ%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77442f721aa6b4e8-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

push.services.mozilla.com/

52.38.139.17

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.38.139.17:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 1IeKBhFW/sTQZttiOj7tFg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: VQxS/NFmo0LRqIQoXXx9b9qYiF8=

d.revokeuncle.shop/clicks/Exipure_cb_files/style-right2.css

104.21.53.170

200 OK

1.9 kB

URL HTTP/1.1
d.revokeuncle.shop/clicks/Exipure_cb_files/style-right2.css
IP
104.21.53.170:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (411), with CRLF line terminators
Size
1.9 kB (1934 bytes)
Hash
c7c710066df22d0d036f3a91f5519c2a
1797c818009d2a2ccbcbf4f7234d57f7d1e8da7a
c602af4ea2167cc56cc244f26a6eeda45cb28390438aad6832a1b8a87ddaee78

HTTP Headers

GET /clicks/Exipure_cb_files/style-right2.css HTTP/1.1
Host: d.revokeuncle.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://d.revokeuncle.shop/clicks/Exipure_cb.php?sid=999898&h=O_B0RDFQPJZew84tf9m95k7s8fR0MMTTKtJQtw7u1dg/NcQl7acvv-XRStiPNXBCQbpQjPkOOJ5B8vtzV1C03s2bGlkMYHCa1xsaBiqn8e7Hfl1OiTfYgV1GMnsEED6xoA

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 11:26:07 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 18:54:03 GMT
ETag: W/"6388f84b-19db"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5WB92ocMEfa9j62A%2FEUd%2FpLjxkXsVE7FM1z8d8MWUwbNVZ4mIV2uR4D5vmkX1FW5OT0wh%2F6IS5mnH4S%2FoiRY4j4jeESyD%2BwkHmFCSYosngBMlPqRHdLs5qjicbE4prBmIveSQRo%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77442f72184cb523-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

d.revokeuncle.shop/clicks/Exipure_cb_files/widgets.css

104.21.53.170

200 OK

312 B

URL HTTP/1.1
d.revokeuncle.shop/clicks/Exipure_cb_files/widgets.css
IP
104.21.53.170:0
ASN
#13335 CLOUDFLARENET

File type
assembler source, ASCII text
Size
312 B (312 bytes)
Hash
20ae036c64c107b6dbb42bb34642f3d1
2b5a84e548de80ceab4d36d8954c44b741fd15cb
ddafbfaaeea160c0bde62a43605058ae694ccc1b7320dfb968ff57f1ea3914c7

HTTP Headers

GET /clicks/Exipure_cb_files/widgets.css HTTP/1.1
Host: d.revokeuncle.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://d.revokeuncle.shop/clicks/Exipure_cb.php?sid=999898&h=O_B0RDFQPJZew84tf9m95k7s8fR0MMTTKtJQtw7u1dg/NcQl7acvv-XRStiPNXBCQbpQjPkOOJ5B8vtzV1C03s2bGlkMYHCa1xsaBiqn8e7Hfl1OiTfYgV1GMnsEED6xoA

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 11:26:07 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 18:54:03 GMT
ETag: W/"6388f84b-2c9"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PtIX5JbZLwhl4EpnPg796wUhChjNx%2BxTZLguPQEcYdu1Yi1dOjifoTMqtAsQG1mXFKT%2FnBd83glysa06%2FXzLqQcPAEaZxJ1nyecYwxGZGpLLNfaKS4SlX1gnxSBbbb9fIZXywOQ%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77442f721d37b517-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

d.revokeuncle.shop/clicks/Exipure_cb_files/font-awesome.css

104.21.53.170

200 OK

26 B

URL HTTP/1.1
d.revokeuncle.shop/clicks/Exipure_cb_files/font-awesome.css
IP
104.21.53.170:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
26 B (26 bytes)
Hash
189298e19a6f8b602917a2156d5d834e
ccccfd25f81816d3c4dbc2a22aa30d406a8afabf
519f1acf822fc784b08e38c7e31616806b836994d954ebaadf18a9b7aed6734c

HTTP Headers

GET /clicks/Exipure_cb_files/font-awesome.css HTTP/1.1
Host: d.revokeuncle.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://d.revokeuncle.shop/clicks/Exipure_cb.php?sid=999898&h=O_B0RDFQPJZew84tf9m95k7s8fR0MMTTKtJQtw7u1dg/NcQl7acvv-XRStiPNXBCQbpQjPkOOJ5B8vtzV1C03s2bGlkMYHCa1xsaBiqn8e7Hfl1OiTfYgV1GMnsEED6xoA

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 11:26:07 GMT
Content-Type: text/css
Content-Length: 26
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 18:54:03 GMT
ETag: "6388f84b-1a"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5mkR2H6F5iJMBJktQgg8h7jpBBsPapJYut2uEQeOu5YrkJHnkC3gemSJyaO2%2FarKtOSowOmxhTTG4qffBe%2FaWb6MkTtamj9ZthhzwZXBINVu35e%2Behgv84Z7a4O5mkJIrZDGvz0%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77442f721843b4ff-OSL
alt-svc: h2=":443"; ma=60

d.revokeuncle.shop/clicks/Exipure_cb_files/blank_data/inject.css

104.21.53.170

200 OK

928 B

URL HTTP/1.1
d.revokeuncle.shop/clicks/Exipure_cb_files/blank_data/inject.css
IP
104.21.53.170:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with CRLF line terminators
Size
928 B (928 bytes)
Hash
e1c22e631b7cce42e3ef13cd9bb02ff5
6c6c2b15c56e776d9eac10babf3a6c4a2bd964ae
93950a736308fe62073a44a76b8ec05b9a651062f6ecee4782059d0718aab6dc

HTTP Headers

GET /clicks/Exipure_cb_files/blank_data/inject.css HTTP/1.1
Host: d.revokeuncle.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://d.revokeuncle.shop/clicks/Exipure_cb_files/blank.htm

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 11:26:08 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 18:54:03 GMT
ETag: W/"6388f84b-f28"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ytWWNIwqZyg7P8iUY12xppQVIReKBowxItTwyqLc6hyEPdnokU39CKJKlIdHfUJhD8BaJ7OPr5U0LzgKeRshpXvCAtgS0aA0XImg11ffzdko0tpjIo%2F9aYg3ZmndcXuvGw9XICk%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77442f731be7b4e8-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

d.revokeuncle.shop/clicks/Exipure_cb_files/backpain2-org.jpg

104.21.53.170

200 OK

9.7 kB

URL HTTP/1.1
d.revokeuncle.shop/clicks/Exipure_cb_files/backpain2-org.jpg
IP
104.21.53.170:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x200, components 3\012- data
Size
9.7 kB (9663 bytes)
Hash
5ae39a503f71aa274923c6e50cdec91a
8e342b79e544fa886f51e9ef3d367c5b2d5474c0
84815960af3cc621de13acb1cad1a7f16418fda951aede1adc2e852e9d062f8e

HTTP Headers

GET /clicks/Exipure_cb_files/backpain2-org.jpg HTTP/1.1
Host: d.revokeuncle.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://d.revokeuncle.shop/clicks/Exipure_cb.php?sid=999898&h=O_B0RDFQPJZew84tf9m95k7s8fR0MMTTKtJQtw7u1dg/NcQl7acvv-XRStiPNXBCQbpQjPkOOJ5B8vtzV1C03s2bGlkMYHCa1xsaBiqn8e7Hfl1OiTfYgV1GMnsEED6xoA

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 11:26:08 GMT
Content-Type: image/jpeg
Content-Length: 9663
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 18:54:03 GMT
ETag: "6388f84b-25bf"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TSJxJe6%2BBNfT%2FCUoEdZVEgnmDUF8bpzUxFI06Rpw4SRRLA0HKNtEOJrAy%2FusU7g13IiwBS4Lt9gyqt1EqVc87yzZlfU91FKK5DsYmoc%2FWsVNiTou5ZWsEZwGbFR3eSS%2B8VT9iEk%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77442f73fd53b518-OSL
alt-svc: h2=":443"; ma=60

d.revokeuncle.shop/clicks/Exipure_cb_files/teeth2-org.jpg

104.21.53.170

200 OK

34 kB

URL HTTP/1.1
d.revokeuncle.shop/clicks/Exipure_cb_files/teeth2-org.jpg
IP
104.21.53.170:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 300x200, components 3\012- data
Size
34 kB (33799 bytes)
Hash
77514ff7005e4947af8a4d3ed1c02352
289bb57dac83f224642a4590d6f88273a17df857
044154bfa5504cfc2f0e50fea1c5c840f1cce3f952092a7e13696f98211db18d

HTTP Headers

GET /clicks/Exipure_cb_files/teeth2-org.jpg HTTP/1.1
Host: d.revokeuncle.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://d.revokeuncle.shop/clicks/Exipure_cb.php?sid=999898&h=O_B0RDFQPJZew84tf9m95k7s8fR0MMTTKtJQtw7u1dg/NcQl7acvv-XRStiPNXBCQbpQjPkOOJ5B8vtzV1C03s2bGlkMYHCa1xsaBiqn8e7Hfl1OiTfYgV1GMnsEED6xoA

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 11:26:08 GMT
Content-Type: image/jpeg
Content-Length: 33799
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 18:54:03 GMT
ETag: "6388f84b-8407"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FqoDAQOTmg%2Bb3cKKVKT%2BBlKvkOx2NpdwJfcJRdD6OZEVmIlTMA0DQBajJJeBNibURdaFIN7Lo44NfB24EkWCutP1eOHvQw492Qwod%2BQfFaoGgAKHLHV6pIDoRzRjrgMqxIyLILY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77442f73ff67b517-OSL
alt-svc: h2=":443"; ma=60

d.revokeuncle.shop/clicks/Exipure_cb_files/fungus3-org.jpg

104.21.53.170

200 OK

58 kB

URL HTTP/1.1
d.revokeuncle.shop/clicks/Exipure_cb_files/fungus3-org.jpg
IP
104.21.53.170:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 300x200, components 3\012- data
Size
58 kB (57495 bytes)
Hash
066eb8f6026f8639d2c474619036d5f4
271f4dcccddc4f39ab0eef18a31898cc876c35ba
a0c46f92fdb281fbed4d19d9bcc71ee33249cf9af7921247c3e5c3ef4e969537

HTTP Headers

GET /clicks/Exipure_cb_files/fungus3-org.jpg HTTP/1.1
Host: d.revokeuncle.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://d.revokeuncle.shop/clicks/Exipure_cb.php?sid=999898&h=O_B0RDFQPJZew84tf9m95k7s8fR0MMTTKtJQtw7u1dg/NcQl7acvv-XRStiPNXBCQbpQjPkOOJ5B8vtzV1C03s2bGlkMYHCa1xsaBiqn8e7Hfl1OiTfYgV1GMnsEED6xoA

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 11:26:08 GMT
Content-Type: image/jpeg
Content-Length: 57495
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 18:54:03 GMT
ETag: "6388f84b-e097"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WS1wdqOLekPjdXVBvGmeZhcexjrZKUzD3MHjm1z3WPomGKpu5r2q%2FOCTgHiNxCYsdAXr2MtqkzQzT6mZl5LdnXYPZKQO0TuU8BwawwO%2BjXQwSGBZYXcv359ZELVqqtiwZSF6RD8%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77442f73fb08b523-OSL
alt-svc: h2=":443"; ma=60

d.revokeuncle.shop/clicks/Exipure_cb_files/main.jpg

104.21.53.170

200 OK

81 kB

URL HTTP/1.1
d.revokeuncle.shop/clicks/Exipure_cb_files/main.jpg
IP
104.21.53.170:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, baseline, precision 8, 916x916, components 3\012- data
Size
81 kB (81010 bytes)
Hash
68bbd01c7bf86e164ed646c576701e88
fdf37a1226b8afd35b5d65451569e8f068b75d5d
39716f10e8eb65d242e90575662e7ada803abfaab7c7ac26c80f58eabed4aa4e

HTTP Headers

GET /clicks/Exipure_cb_files/main.jpg HTTP/1.1
Host: d.revokeuncle.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://d.revokeuncle.shop/clicks/Exipure_cb.php?sid=999898&h=O_B0RDFQPJZew84tf9m95k7s8fR0MMTTKtJQtw7u1dg/NcQl7acvv-XRStiPNXBCQbpQjPkOOJ5B8vtzV1C03s2bGlkMYHCa1xsaBiqn8e7Hfl1OiTfYgV1GMnsEED6xoA

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 11:26:08 GMT
Content-Type: image/jpeg
Content-Length: 81010
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 18:54:03 GMT
ETag: "6388f84b-13c72"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uT8YGLfyBk7tgZftF1E6yGnkPEjODHXdXx6esO9ilApGCxOUNTdmJ2%2FBPsnT%2BqJdhg11Upp9nZz0CQKTYAM3eINDAkb9vAjYuoYODjSvSgesB%2BUiPq4jsbGxini0FifmzPvRWH4%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77442f73fc42b4f9-OSL
alt-svc: h2=":443"; ma=60

www.google-analytics.com/analytics.js

142.250.74.110

200 OK

20 kB

URL HTTP/2
www.google-analytics.com/analytics.js
IP
142.250.74.110:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1325)
Size
20 kB (20039 bytes)
Hash
47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e

HTTP Headers

GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://d.revokeuncle.shop/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Sun, 04 Dec 2022 10:41:08 GMT
expires: Sun, 04 Dec 2022 12:41:08 GMT
cache-control: public, max-age=7200
age: 2700
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

d.revokeuncle.shop/favicon.ico

104.21.53.170

200 OK

69 B

URL HTTP/1.1
d.revokeuncle.shop/favicon.ico
IP
104.21.53.170:0
ASN
#13335 CLOUDFLARENET

File type
MS Windows icon resource - 1 icon, 16x16\012- data
Size
69 B (69 bytes)
Hash
f12fb6edbda074603f749a028770f49a
419983c6073469bac7fb8535a847b8f78c2040ce
8aec3412c7c37feacec2dc9d7b2f3560a2e0af0af573085665a57e1d09ab397d

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: d.revokeuncle.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://d.revokeuncle.shop/clicks/Exipure_cb.php?sid=999898&h=O_B0RDFQPJZew84tf9m95k7s8fR0MMTTKtJQtw7u1dg/NcQl7acvv-XRStiPNXBCQbpQjPkOOJ5B8vtzV1C03s2bGlkMYHCa1xsaBiqn8e7Hfl1OiTfYgV1GMnsEED6xoA

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 11:26:08 GMT
Content-Type: image/x-icon
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 18:52:31 GMT
ETag: W/"6388f7ef-57e"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sBEU6Ul3Qnx5fBKiBncqG0qr4ssD3qZydqE8J0odp1l24z8Cqj6viYxuERGbia4KQ%2BgkezYRXYRcR2Powou0XeUr7x7raxCV9QWlCiDM%2FB4AzdNw7C6UPO1sCvYSZnxA3Xaf0wc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77442f75fe83b523-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
2dabd839729e9b0fb2558253d850126b
64f617aa0afb52168ef3519a4cf9829ac61ee007
1a47e4d0efdac6fbec990e3e168bfdfe615ff8953158773e8b1940d4d91eee18

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 11:26:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-22484186-3&cid=1422813303.1670153166&jid=780232706&gjid=1020206933&_gid=740653907.1670153166&_u=YEBAAUAAAAAAACAAI~&z=239817653

108.177.14.155

200 OK

4 B

URL HTTP/2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-22484186-3&cid=1422813303.1670153166&jid=780232706&gjid=1020206933&_gid=740653907.1670153166&_u=YEBAAUAAAAAAACAAI~&z=239817653
IP
108.177.14.155:0
ASN
#15169 GOOGLE

File type
ASCII text, with no line terminators
Size
4 B (4 bytes)
Hash
48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a

HTTP Headers

POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-22484186-3&cid=1422813303.1670153166&jid=780232706&gjid=1020206933&_gid=740653907.1670153166&_u=YEBAAUAAAAAAACAAI~&z=239817653 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: http://d.revokeuncle.shop
Connection: keep-alive
Referer: http://d.revokeuncle.shop/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: http://d.revokeuncle.shop
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sun, 04 Dec 2022 11:26:08 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
2dabd839729e9b0fb2558253d850126b
64f617aa0afb52168ef3519a4cf9829ac61ee007
1a47e4d0efdac6fbec990e3e168bfdfe615ff8953158773e8b1940d4d91eee18

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 11:26:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
663979bbd831a40bec8611cfac8d77af
aa43c96676a33100f244e6772e37adc2b6f89b76
60c21027da288e857f546b531dd226d81206bfa85a35985b0e1587a68dec4d5b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 11:26:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
7c9e0bb25e8c28e8b10038806b0a7190
9fa6097aeb8eacde8ba7c9ab80a7a7d2405ae2bc
f4864000960be2f888ed7d2467f74130231fed6f56ad48ff15861f5769e95a58

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 11:26:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-22484186-3&cid=1422813303.1670153166&jid=780232706&_u=YEBAAUAAAAAAACAAI~&z=971424856

142.250.74.132

200 OK

42 B

URL HTTP/2
www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-22484186-3&cid=1422813303.1670153166&jid=780232706&_u=YEBAAUAAAAAAACAAI~&z=971424856
IP
142.250.74.132:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-22484186-3&cid=1422813303.1670153166&jid=780232706&_u=YEBAAUAAAAAAACAAI~&z=971424856 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://d.revokeuncle.shop/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 04 Dec 2022 11:26:08 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-22484186-3&cid=1422813303.1670153166&jid=780232706&_u=YEBAAUAAAAAAACAAI~&z=971424856

142.250.74.163

200 OK

42 B

URL HTTP/2
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-22484186-3&cid=1422813303.1670153166&jid=780232706&_u=YEBAAUAAAAAAACAAI~&z=971424856
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-22484186-3&cid=1422813303.1670153166&jid=780232706&_u=YEBAAUAAAAAAACAAI~&z=971424856 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://d.revokeuncle.shop/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 04 Dec 2022 11:26:08 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
663979bbd831a40bec8611cfac8d77af
aa43c96676a33100f244e6772e37adc2b6f89b76
60c21027da288e857f546b531dd226d81206bfa85a35985b0e1587a68dec4d5b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 11:26:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
f54a71942ab5d7fdc54672cf84aa76db
e03db706ad371c93ddd3cc4a3e4c329777bb5f4b
87453ee6a206085c9b82594123a30bf59f7354733d19f21e388dea70768198c9

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 11:26:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10565
Expires: Sun, 04 Dec 2022 14:22:14 GMT
Date: Sun, 04 Dec 2022 11:26:09 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10565
Expires: Sun, 04 Dec 2022 14:22:14 GMT
Date: Sun, 04 Dec 2022 11:26:09 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10565
Expires: Sun, 04 Dec 2022 14:22:14 GMT
Date: Sun, 04 Dec 2022 11:26:09 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d571e0e-b14e-436b-8156-2e49aad75d4f.png

34.120.237.76

200 OK

16 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d571e0e-b14e-436b-8156-2e49aad75d4f.png
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
16 kB (16143 bytes)
Hash
14dcca2a9c4792d835ee709bcd947402
1d702df3a64258628f4124eafd580695f2d350af
da01dcd8fef7c50bdb6f7a8a6a4955694092f479df3dba72f7fa69d7280d07b2

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d571e0e-b14e-436b-8156-2e49aad75d4f.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 16143
x-amzn-requestid: dc86fad4-4e53-42c9-9b0a-5e4d2cfcd087
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cdGyLGqmoAMFnaA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638851a7-0ea324b31e8c6578098b8ab9;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 07:03:03 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: KHd4ajJWl-8TDH5HGbkuJXI4NL6I83IwSUBKzfq85cxpyRH_LGl6OA==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 05:55:20 GMT
age: 19849
etag: "1d702df3a64258628f4124eafd580695f2d350af"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd528f6ee-d348-431d-8220-5c8b154b2941.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.3 kB (8315 bytes)
Hash
db1701b7b9d161a0c935bb6e10b17893
22a8c4bd58c729c1abcf794466e8f3231dfb034b
b495524a33e5b1d3ba34cfbe867ada0da956c061370b1fcde06b23a6194a9787

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd528f6ee-d348-431d-8220-5c8b154b2941.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8315
x-amzn-requestid: f1bcc33b-aad9-4d3b-b1f9-49282f2d4fb9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clsAMGVboAMFfxg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc067-13472a097177d4751c8f7a8c;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:23 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: JuY0xcLDiERwrVhq33d4PP64liDqFfk9bc9xX1H62o0tOwrt1ek7Pg==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:42:39 GMT
age: 49410
etag: "22a8c4bd58c729c1abcf794466e8f3231dfb034b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae18d1b5-3b75-4897-bd1b-03651e437c2e.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.7 kB (4666 bytes)
Hash
c01fe1cccdb3b672bbade6d98217ffe9
a9a529dc9894827f6243a1bf57f81caa4fe88fc2
c43da6212c79a08e22e78e04e99e8f5422e64b4b0a87f30b7907f1b4bc675c71

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae18d1b5-3b75-4897-bd1b-03651e437c2e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4666
x-amzn-requestid: 850d341f-5ccb-453c-8adf-a8194f8fbdad
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clr_-GiboAMFwww=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc066-766293f2526e637235067aca;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:22 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: z5uqgjB-Bsl0U55a8aFi37cpJ65Vnbjm6bJ2GnMpaO7RXsMZsOCbPQ==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:44:01 GMT
age: 49328
etag: "a9a529dc9894827f6243a1bf57f81caa4fe88fc2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F19c9bb39-be15-49f9-aad9-2cc511601111.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.0 kB (8989 bytes)
Hash
a6e7b32ac999cf3c899a234c621fa91a
fc5d4f3163ebb9faf85968cbb1d194e8e68418be
f12db3aed126006fee00649aba0b3eaae900de200b85b9523866a90b5494f18e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F19c9bb39-be15-49f9-aad9-2cc511601111.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8989
x-amzn-requestid: abce0b01-f70c-42ad-b242-5a24735fe4c2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cltl4Gk2oAMFSWQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc2f2-1cccffff5199dffe70264a95;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:43:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: PFl7VUrzRkMFNnTiIw_cbGCyrEFn43eUSlZfT0nUhUmjjyXT7JfjMA==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:50:01 GMT
age: 48968
etag: "fc5d4f3163ebb9faf85968cbb1d194e8e68418be"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df54ea7-8915-4ac7-af2b-6a71ce14dbf4.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.7 kB (5681 bytes)
Hash
43309032a892c486f9985ef520df696e
36f4682ca6a33ff80ee02129c77e6f27e996ede0
24225ff504f30405d9ec3feb2555c738fcca0d6b265f285aa9c73a64c78a496e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df54ea7-8915-4ac7-af2b-6a71ce14dbf4.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5681
x-amzn-requestid: 8f0d66b8-d532-48d9-9a29-74540cd6ab3a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cltXnEotIAMFqkA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc296-27349a376ff819ab63b04a81;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:41:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: vNP2rQwmWTntetjJyjonO8N_YOBqvQuZUm42BWX7c1GoX7jASOIpCg==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:49:42 GMT
age: 48987
etag: "36f4682ca6a33ff80ee02129c77e6f27e996ede0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F61cc2744-b517-4404-bfa2-25fadadfa3f3.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10431 bytes)
Hash
2636f91bb8fa4d9bb7bef114c248a9ae
8637105f41058bc0d2b259d462b560881928adb6
3d93fd8fcf1af31d00ccbd453142dbea5f2b91d7f58373095943ed40a31ed1f7

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F61cc2744-b517-4404-bfa2-25fadadfa3f3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10431
x-amzn-requestid: f79ab5e7-8c1b-4827-a531-aaa19c1d80aa
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clsCGEwxIAMF34g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc073-6358d2950955884c470c0a89;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:35 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: PQ7xh995cd1UVi3z42EVZGjQjHLLvtAP5BBC-xLEEGr4mEiXS6fC-w==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:47:06 GMT
age: 49143
etag: "8637105f41058bc0d2b259d462b560881928adb6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (5)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (46)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL HTTP/1.1

IP

ASN

File type