r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash cfec3d7283a9b66d2be426ce54d210f3
808c1feb1ba918951d1928c1f6bfc0c253262774
1bad6c06aa3e88dcbc125fc98a6cb753eb2b18d2c8dd61da21d12209aeeda3f9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1BAD6C06AA3E88DCBC125FC98A6CB753EB2B18D2C8DD61DA21D12209AEEDA3F9"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10004
Expires: Sun, 04 Dec 2022 14:12:50 GMT
Date: Sun, 04 Dec 2022 11:26:06 GMT
Connection: keep-alive
d.revokeuncle.shop/ubbiawe/mnucxn663dpttnoh/O_B0RDFQPJZew84tf9m95k7s8fR0MMTTKtJQtw7u1dg/NcQl7acvv-XRStiPNXBCQbpQjPkOOJ5B8vtzV1C03s2bGlkMYHCa1xsaBiqn8e7Hfl1OiTfYgV1GMnsEED6xoA
104.21.53.170200 OK 505 B URL HTTP/1.1 d.revokeuncle.shop/ubbiawe/mnucxn663dpttnoh/O_B0RDFQPJZew84tf9m95k7s8fR0MMTTKtJQtw7u1dg/NcQl7acvv-XRStiPNXBCQbpQjPkOOJ5B8vtzV1C03s2bGlkMYHCa1xsaBiqn8e7Hfl1OiTfYgV1GMnsEED6xoA
IP 104.21.53.170:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash d888a2f2cf32cde5638b56ae27ed5f9c
46ad02bce5db83817cd54cc684aaec2616fcf2c7
52818c3bdf8b058071f47d3b9e2a3f4472c3d7b628ff30b82768adcff28557ac
Analyzer Verdict Alert fortinet Malware
GET /ubbiawe/mnucxn663dpttnoh/O_B0RDFQPJZew84tf9m95k7s8fR0MMTTKtJQtw7u1dg/NcQl7acvv-XRStiPNXBCQbpQjPkOOJ5B8vtzV1C03s2bGlkMYHCa1xsaBiqn8e7Hfl1OiTfYgV1GMnsEED6xoA HTTP/1.1
Host: d.revokeuncle.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 11:26:06 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=22zV9WhoWwK%2BvPscjjkTlq09YZFqlt9wWomFDffycFM9ejjd7vEwXTmnFwMxY3H5rAURUQe4zEsrBWCTCCs%2BQBFz1Vzpm6BkPFBPcNWWSLCS%2B5bC2TUjME2DL6Va%2B8woPxj72WU%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 77442f6ab8a7b4f9-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash fb2c0697c6d9a96a5411dd2952947458
79e57f831ec396bbdaa5bfe9472a05e6c9fb31f4
3fd7edcc349ab4402f62e54a142be6b4cecf0e7ee3f431d3168bdf0643ba4d92
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1442
Cache-Control: max-age=170953
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 11:26:06 GMT
Etag: "638c76f5-1d7"
Expires: Tue, 06 Dec 2022 10:55:19 GMT
Last-Modified: Sun, 04 Dec 2022 10:31:17 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1ea206ac3c440825741687351f8c6e4e
2f38dafd8c43dcce2411a0590bc5c02cd6286735
7d7232c8c91bcd18161ba2c9d23e3bff159604e058bd5b3fc1c7fcbcd03a7ee3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D7232C8C91BCD18161BA2C9D23E3BFF159604E058BD5B3FC1C7FCBCD03A7EE3"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4946
Expires: Sun, 04 Dec 2022 12:48:32 GMT
Date: Sun, 04 Dec 2022 11:26:06 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 04 Dec 2022 11:20:06 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 360
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 3I4801bxtqHaDTmrwiPomRY7Jv/GElD5NiUdmmyh/H11YiMFoo8Au5Hq55fRg3q1pHYny7+AwG0=
x-amz-request-id: ZHXKBC41ZSG8E836
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 04 Dec 2022 10:46:57 GMT
age: 2349
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 11:26:06 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 3c4319f54a5675ee9acda96c58f97ac6
210ea86db1836d430b321d59b4bd1b016c914f22
cb20ad3ec895ed3a2ae9b1a90dda6b7cc174d8851f3a15ba054a435746cbdc65
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 11:26:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=UA-22484186-3
172.217.21.168200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-22484186-3
IP 172.217.21.168:0
File type ASCII text, with very long lines (1921)
Hash ce297c218e80b165a263c3a8a412c70d
600e9da3ab842be74ab08c4a8a3186d903aef1bc
faa4c82f13dd972509b8e1cee8789abee59bfdf99b4a9d1d03bbf0fd92b25077
GET /gtag/js?id=UA-22484186-3 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://d.revokeuncle.shop/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 04 Dec 2022 11:26:07 GMT
expires: Sun, 04 Dec 2022 11:26:07 GMT
cache-control: private, max-age=900
last-modified: Sun, 04 Dec 2022 09:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43593
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 3c4319f54a5675ee9acda96c58f97ac6
210ea86db1836d430b321d59b4bd1b016c914f22
cb20ad3ec895ed3a2ae9b1a90dda6b7cc174d8851f3a15ba054a435746cbdc65
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 11:26:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
d.revokeuncle.shop/jquery-1.11.0.min.js
104.21.53.170200 OK 33 kB URL HTTP/1.1 d.revokeuncle.shop/jquery-1.11.0.min.js
IP 104.21.53.170:0
File type ASCII text, with very long lines (32341)
Hash 95fe3f4dd117c33f6015e1c3d6df1d0d
d5b8856932d1ea63f51824de0bb50670d2e960bc
e6945ac3f1927f242a9fd7a5cf67720f7763888127a7427eb24ffc52019d4b16
GET /jquery-1.11.0.min.js HTTP/1.1
Host: d.revokeuncle.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://d.revokeuncle.shop/ubbiawe/mnucxn663dpttnoh/O_B0RDFQPJZew84tf9m95k7s8fR0MMTTKtJQtw7u1dg/NcQl7acvv-XRStiPNXBCQbpQjPkOOJ5B8vtzV1C03s2bGlkMYHCa1xsaBiqn8e7Hfl1OiTfYgV1GMnsEED6xoA
HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 11:26:07 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 18:56:20 GMT
ETag: W/"6388f8d4-1787d"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r%2FJk0yxU9q3%2BB%2F6vxWFBb9irFVwPfPBq0Fk1m%2BOcuvR57AW3Gb1sG0cppqcOJFH2McNpsdvZbNs9B270WYHqBWf6E5LnT8e9S1AZRLh7mJtKItS%2F72dXUeK%2BusNU6KEp%2F4K0IGY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77442f6d7be5b4f9-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 04 Dec 2022 11:08:58 GMT
cache-control: public,max-age=3600
age: 1029
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
d.revokeuncle.shop/offer.php?id=1&sid=999898&h=O_B0RDFQPJZew84tf9m95k7s8fR0MMTTKtJQtw7u1dg/NcQl7acvv-XRStiPNXBCQbpQjPkOOJ5B8vtzV1C03s2bGlkMYHCa1xsaBiqn8e7Hfl1OiTfYgV1GMnsEED6xoA
104.21.53.170200 OK 296 B URL HTTP/1.1 d.revokeuncle.shop/offer.php?id=1&sid=999898&h=O_B0RDFQPJZew84tf9m95k7s8fR0MMTTKtJQtw7u1dg/NcQl7acvv-XRStiPNXBCQbpQjPkOOJ5B8vtzV1C03s2bGlkMYHCa1xsaBiqn8e7Hfl1OiTfYgV1GMnsEED6xoA
IP 104.21.53.170:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 02a598913caa0c4f760919f7babb24a0
04934f50324db5d1b65f191e6ea27f0f81873af3
61af356c7f1b2e076a5053035ddd62e08706555f2905b09580397671ee2ed862
GET /offer.php?id=1&sid=999898&h=O_B0RDFQPJZew84tf9m95k7s8fR0MMTTKtJQtw7u1dg/NcQl7acvv-XRStiPNXBCQbpQjPkOOJ5B8vtzV1C03s2bGlkMYHCa1xsaBiqn8e7Hfl1OiTfYgV1GMnsEED6xoA HTTP/1.1
Host: d.revokeuncle.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://d.revokeuncle.shop/ubbiawe/mnucxn663dpttnoh/O_B0RDFQPJZew84tf9m95k7s8fR0MMTTKtJQtw7u1dg/NcQl7acvv-XRStiPNXBCQbpQjPkOOJ5B8vtzV1C03s2bGlkMYHCa1xsaBiqn8e7Hfl1OiTfYgV1GMnsEED6xoA
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 11:26:07 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KjYohNAY37kW4UnJw1vrF7EZQAs7huQr%2B03jYOdkBzEKOXGEXJK6W1XyxEjjRsTKXN44vLDQf%2BnVg5GQn5eLjB8%2B5hSy0V47qwDguvzE2f79K1B4970B04WXChgvCL7BP%2F7eyrU%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 77442f6fae4cb4f9-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 31b129c94a90b1e695b21395cb54e378
a3cae46b48d469cc61ab0581303bcd5f5b654db9
fac3f681be358a20f78958dff10c89b7a91365c5114c81246c1bc34c1362ba1e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1438
Cache-Control: max-age=165882
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 11:26:07 GMT
Etag: "638c632b-1d7"
Expires: Tue, 06 Dec 2022 09:30:49 GMT
Last-Modified: Sun, 04 Dec 2022 09:06:51 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471
d.revokeuncle.shop/clicks/Exipure_cb.php?sid=999898&h=O_B0RDFQPJZew84tf9m95k7s8fR0MMTTKtJQtw7u1dg/NcQl7acvv-XRStiPNXBCQbpQjPkOOJ5B8vtzV1C03s2bGlkMYHCa1xsaBiqn8e7Hfl1OiTfYgV1GMnsEED6xoA
104.21.53.170200 OK 2.6 kB URL HTTP/1.1 d.revokeuncle.shop/clicks/Exipure_cb.php?sid=999898&h=O_B0RDFQPJZew84tf9m95k7s8fR0MMTTKtJQtw7u1dg/NcQl7acvv-XRStiPNXBCQbpQjPkOOJ5B8vtzV1C03s2bGlkMYHCa1xsaBiqn8e7Hfl1OiTfYgV1GMnsEED6xoA
IP 104.21.53.170:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (495), with CRLF line terminators
Hash c7496e649aa0c6780394f7b1cc10574c
b0e82845768992acd48d5e5b0a22322d5e4383a8
ed32e59c3e6f4a3563d8fe4a05d98f330fc7d4f6d6fe72579d44c2857677bc58
GET /clicks/Exipure_cb.php?sid=999898&h=O_B0RDFQPJZew84tf9m95k7s8fR0MMTTKtJQtw7u1dg/NcQl7acvv-XRStiPNXBCQbpQjPkOOJ5B8vtzV1C03s2bGlkMYHCa1xsaBiqn8e7Hfl1OiTfYgV1GMnsEED6xoA HTTP/1.1
Host: d.revokeuncle.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 11:26:07 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oM5VcM8PTTXsqZgEOFf6lfO3eGxkHLeriKVobQCwcBwFhHkll8R83fT1OddHJWIGgC6a8qIPFzS2gZbCY%2BgQfX1uHsBZzOQW8SXwq%2FS24%2F0yo4j%2FfPUN03rQmB7WDvZlQuRlifA%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 77442f70efc7b4f9-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
d.revokeuncle.shop/clicks/Exipure_cb_files/blank.htm
104.21.53.170200 OK 548 B URL HTTP/1.1 d.revokeuncle.shop/clicks/Exipure_cb_files/blank.htm
IP 104.21.53.170:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1254), with CRLF line terminators
Hash cd64b4aeec0a8560c0d6527312e2c806
3b84cb918c9cf6a06d81b2aee07f5fec52ec6878
7dc0902142b34ea216d209ad68f58687c2190ebb974b2f540f61cc64b2b22ef4
GET /clicks/Exipure_cb_files/blank.htm HTTP/1.1
Host: d.revokeuncle.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://d.revokeuncle.shop/clicks/Exipure_cb.php?sid=999898&h=O_B0RDFQPJZew84tf9m95k7s8fR0MMTTKtJQtw7u1dg/NcQl7acvv-XRStiPNXBCQbpQjPkOOJ5B8vtzV1C03s2bGlkMYHCa1xsaBiqn8e7Hfl1OiTfYgV1GMnsEED6xoA
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 11:26:07 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 18:54:03 GMT
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yAT95q9b71OjFeD4oOBqRVvvKg3DOglKzKzj5MGQM65a9Z8palUdCbhS4fTXso6mXecJAmT5moUwVkhCuAEKCcGWPPKabhjTBlm%2F4QYHsKJY%2FJv%2F3rc5BoWCTMiQpllmEwPRPKo%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 77442f7209bbb4f9-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
d.revokeuncle.shop/clicks/Exipure_cb_files/font-awesome.min.css
104.21.53.170200 OK 5.9 kB URL HTTP/1.1 d.revokeuncle.shop/clicks/Exipure_cb_files/font-awesome.min.css
IP 104.21.53.170:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (26474)
Hash fd1ffa82658b3459106c656c38a9cb82
5ad49dec3eec50c33c2a37b143b2de3293b7eb0f
811cc2e6c6cad1b510dd236f022fd19ca99a1f010bfc4851d449bf9a9595ad0d
GET /clicks/Exipure_cb_files/font-awesome.min.css HTTP/1.1
Host: d.revokeuncle.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://d.revokeuncle.shop/clicks/Exipure_cb.php?sid=999898&h=O_B0RDFQPJZew84tf9m95k7s8fR0MMTTKtJQtw7u1dg/NcQl7acvv-XRStiPNXBCQbpQjPkOOJ5B8vtzV1C03s2bGlkMYHCa1xsaBiqn8e7Hfl1OiTfYgV1GMnsEED6xoA
HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 11:26:07 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 18:54:03 GMT
ETag: W/"6388f84b-6810"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Alp8AsjWvQt6pYhOgwIGHZSdXUJlb2AEqj58btx775JkeA2hAXt9rWcGUrvomVKolEjVfooPKaoa%2FFRa9r1%2FhZkRi19kMv8kndCcE5ZpcDGKxpmfX03NJErMhoe6TsFV2wNhqMQ%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77442f721aa6b4e8-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
push.services.mozilla.com/
52.38.139.17101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.38.139.17:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 1IeKBhFW/sTQZttiOj7tFg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: VQxS/NFmo0LRqIQoXXx9b9qYiF8=
d.revokeuncle.shop/clicks/Exipure_cb_files/style-right2.css
104.21.53.170200 OK 1.9 kB URL HTTP/1.1 d.revokeuncle.shop/clicks/Exipure_cb_files/style-right2.css
IP 104.21.53.170:0
File type ASCII text, with very long lines (411), with CRLF line terminators
Hash c7c710066df22d0d036f3a91f5519c2a
1797c818009d2a2ccbcbf4f7234d57f7d1e8da7a
c602af4ea2167cc56cc244f26a6eeda45cb28390438aad6832a1b8a87ddaee78
GET /clicks/Exipure_cb_files/style-right2.css HTTP/1.1
Host: d.revokeuncle.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://d.revokeuncle.shop/clicks/Exipure_cb.php?sid=999898&h=O_B0RDFQPJZew84tf9m95k7s8fR0MMTTKtJQtw7u1dg/NcQl7acvv-XRStiPNXBCQbpQjPkOOJ5B8vtzV1C03s2bGlkMYHCa1xsaBiqn8e7Hfl1OiTfYgV1GMnsEED6xoA
HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 11:26:07 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 18:54:03 GMT
ETag: W/"6388f84b-19db"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5WB92ocMEfa9j62A%2FEUd%2FpLjxkXsVE7FM1z8d8MWUwbNVZ4mIV2uR4D5vmkX1FW5OT0wh%2F6IS5mnH4S%2FoiRY4j4jeESyD%2BwkHmFCSYosngBMlPqRHdLs5qjicbE4prBmIveSQRo%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77442f72184cb523-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
d.revokeuncle.shop/clicks/Exipure_cb_files/widgets.css
104.21.53.170200 OK 312 B URL HTTP/1.1 d.revokeuncle.shop/clicks/Exipure_cb_files/widgets.css
IP 104.21.53.170:0
File type assembler source, ASCII text
Hash 20ae036c64c107b6dbb42bb34642f3d1
2b5a84e548de80ceab4d36d8954c44b741fd15cb
ddafbfaaeea160c0bde62a43605058ae694ccc1b7320dfb968ff57f1ea3914c7
GET /clicks/Exipure_cb_files/widgets.css HTTP/1.1
Host: d.revokeuncle.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://d.revokeuncle.shop/clicks/Exipure_cb.php?sid=999898&h=O_B0RDFQPJZew84tf9m95k7s8fR0MMTTKtJQtw7u1dg/NcQl7acvv-XRStiPNXBCQbpQjPkOOJ5B8vtzV1C03s2bGlkMYHCa1xsaBiqn8e7Hfl1OiTfYgV1GMnsEED6xoA
HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 11:26:07 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 18:54:03 GMT
ETag: W/"6388f84b-2c9"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PtIX5JbZLwhl4EpnPg796wUhChjNx%2BxTZLguPQEcYdu1Yi1dOjifoTMqtAsQG1mXFKT%2FnBd83glysa06%2FXzLqQcPAEaZxJ1nyecYwxGZGpLLNfaKS4SlX1gnxSBbbb9fIZXywOQ%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77442f721d37b517-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
d.revokeuncle.shop/clicks/Exipure_cb_files/font-awesome.css
104.21.53.170200 OK 26 B URL HTTP/1.1 d.revokeuncle.shop/clicks/Exipure_cb_files/font-awesome.css
IP 104.21.53.170:0
Hash 189298e19a6f8b602917a2156d5d834e
ccccfd25f81816d3c4dbc2a22aa30d406a8afabf
519f1acf822fc784b08e38c7e31616806b836994d954ebaadf18a9b7aed6734c
GET /clicks/Exipure_cb_files/font-awesome.css HTTP/1.1
Host: d.revokeuncle.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://d.revokeuncle.shop/clicks/Exipure_cb.php?sid=999898&h=O_B0RDFQPJZew84tf9m95k7s8fR0MMTTKtJQtw7u1dg/NcQl7acvv-XRStiPNXBCQbpQjPkOOJ5B8vtzV1C03s2bGlkMYHCa1xsaBiqn8e7Hfl1OiTfYgV1GMnsEED6xoA
HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 11:26:07 GMT
Content-Type: text/css
Content-Length: 26
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 18:54:03 GMT
ETag: "6388f84b-1a"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5mkR2H6F5iJMBJktQgg8h7jpBBsPapJYut2uEQeOu5YrkJHnkC3gemSJyaO2%2FarKtOSowOmxhTTG4qffBe%2FaWb6MkTtamj9ZthhzwZXBINVu35e%2Behgv84Z7a4O5mkJIrZDGvz0%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77442f721843b4ff-OSL
alt-svc: h2=":443"; ma=60
d.revokeuncle.shop/clicks/Exipure_cb_files/blank_data/inject.css
104.21.53.170200 OK 928 B URL HTTP/1.1 d.revokeuncle.shop/clicks/Exipure_cb_files/blank_data/inject.css
IP 104.21.53.170:0
File type ASCII text, with CRLF line terminators
Hash e1c22e631b7cce42e3ef13cd9bb02ff5
6c6c2b15c56e776d9eac10babf3a6c4a2bd964ae
93950a736308fe62073a44a76b8ec05b9a651062f6ecee4782059d0718aab6dc
GET /clicks/Exipure_cb_files/blank_data/inject.css HTTP/1.1
Host: d.revokeuncle.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://d.revokeuncle.shop/clicks/Exipure_cb_files/blank.htm
HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 11:26:08 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 18:54:03 GMT
ETag: W/"6388f84b-f28"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ytWWNIwqZyg7P8iUY12xppQVIReKBowxItTwyqLc6hyEPdnokU39CKJKlIdHfUJhD8BaJ7OPr5U0LzgKeRshpXvCAtgS0aA0XImg11ffzdko0tpjIo%2F9aYg3ZmndcXuvGw9XICk%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77442f731be7b4e8-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
d.revokeuncle.shop/clicks/Exipure_cb_files/backpain2-org.jpg
104.21.53.170200 OK 9.7 kB URL HTTP/1.1 d.revokeuncle.shop/clicks/Exipure_cb_files/backpain2-org.jpg
IP 104.21.53.170:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x200, components 3\012- data
Hash 5ae39a503f71aa274923c6e50cdec91a
8e342b79e544fa886f51e9ef3d367c5b2d5474c0
84815960af3cc621de13acb1cad1a7f16418fda951aede1adc2e852e9d062f8e
GET /clicks/Exipure_cb_files/backpain2-org.jpg HTTP/1.1
Host: d.revokeuncle.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://d.revokeuncle.shop/clicks/Exipure_cb.php?sid=999898&h=O_B0RDFQPJZew84tf9m95k7s8fR0MMTTKtJQtw7u1dg/NcQl7acvv-XRStiPNXBCQbpQjPkOOJ5B8vtzV1C03s2bGlkMYHCa1xsaBiqn8e7Hfl1OiTfYgV1GMnsEED6xoA
HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 11:26:08 GMT
Content-Type: image/jpeg
Content-Length: 9663
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 18:54:03 GMT
ETag: "6388f84b-25bf"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TSJxJe6%2BBNfT%2FCUoEdZVEgnmDUF8bpzUxFI06Rpw4SRRLA0HKNtEOJrAy%2FusU7g13IiwBS4Lt9gyqt1EqVc87yzZlfU91FKK5DsYmoc%2FWsVNiTou5ZWsEZwGbFR3eSS%2B8VT9iEk%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77442f73fd53b518-OSL
alt-svc: h2=":443"; ma=60
d.revokeuncle.shop/clicks/Exipure_cb_files/teeth2-org.jpg
104.21.53.170200 OK 34 kB URL HTTP/1.1 d.revokeuncle.shop/clicks/Exipure_cb_files/teeth2-org.jpg
IP 104.21.53.170:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 300x200, components 3\012- data
Hash 77514ff7005e4947af8a4d3ed1c02352
289bb57dac83f224642a4590d6f88273a17df857
044154bfa5504cfc2f0e50fea1c5c840f1cce3f952092a7e13696f98211db18d
GET /clicks/Exipure_cb_files/teeth2-org.jpg HTTP/1.1
Host: d.revokeuncle.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://d.revokeuncle.shop/clicks/Exipure_cb.php?sid=999898&h=O_B0RDFQPJZew84tf9m95k7s8fR0MMTTKtJQtw7u1dg/NcQl7acvv-XRStiPNXBCQbpQjPkOOJ5B8vtzV1C03s2bGlkMYHCa1xsaBiqn8e7Hfl1OiTfYgV1GMnsEED6xoA
HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 11:26:08 GMT
Content-Type: image/jpeg
Content-Length: 33799
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 18:54:03 GMT
ETag: "6388f84b-8407"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FqoDAQOTmg%2Bb3cKKVKT%2BBlKvkOx2NpdwJfcJRdD6OZEVmIlTMA0DQBajJJeBNibURdaFIN7Lo44NfB24EkWCutP1eOHvQw492Qwod%2BQfFaoGgAKHLHV6pIDoRzRjrgMqxIyLILY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77442f73ff67b517-OSL
alt-svc: h2=":443"; ma=60
d.revokeuncle.shop/clicks/Exipure_cb_files/fungus3-org.jpg
104.21.53.170200 OK 58 kB URL HTTP/1.1 d.revokeuncle.shop/clicks/Exipure_cb_files/fungus3-org.jpg
IP 104.21.53.170:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 300x200, components 3\012- data
Hash 066eb8f6026f8639d2c474619036d5f4
271f4dcccddc4f39ab0eef18a31898cc876c35ba
a0c46f92fdb281fbed4d19d9bcc71ee33249cf9af7921247c3e5c3ef4e969537
GET /clicks/Exipure_cb_files/fungus3-org.jpg HTTP/1.1
Host: d.revokeuncle.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://d.revokeuncle.shop/clicks/Exipure_cb.php?sid=999898&h=O_B0RDFQPJZew84tf9m95k7s8fR0MMTTKtJQtw7u1dg/NcQl7acvv-XRStiPNXBCQbpQjPkOOJ5B8vtzV1C03s2bGlkMYHCa1xsaBiqn8e7Hfl1OiTfYgV1GMnsEED6xoA
HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 11:26:08 GMT
Content-Type: image/jpeg
Content-Length: 57495
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 18:54:03 GMT
ETag: "6388f84b-e097"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WS1wdqOLekPjdXVBvGmeZhcexjrZKUzD3MHjm1z3WPomGKpu5r2q%2FOCTgHiNxCYsdAXr2MtqkzQzT6mZl5LdnXYPZKQO0TuU8BwawwO%2BjXQwSGBZYXcv359ZELVqqtiwZSF6RD8%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77442f73fb08b523-OSL
alt-svc: h2=":443"; ma=60
d.revokeuncle.shop/clicks/Exipure_cb_files/main.jpg
104.21.53.170200 OK 81 kB URL HTTP/1.1 d.revokeuncle.shop/clicks/Exipure_cb_files/main.jpg
IP 104.21.53.170:0
File type JPEG image data, baseline, precision 8, 916x916, components 3\012- data
Hash 68bbd01c7bf86e164ed646c576701e88
fdf37a1226b8afd35b5d65451569e8f068b75d5d
39716f10e8eb65d242e90575662e7ada803abfaab7c7ac26c80f58eabed4aa4e
GET /clicks/Exipure_cb_files/main.jpg HTTP/1.1
Host: d.revokeuncle.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://d.revokeuncle.shop/clicks/Exipure_cb.php?sid=999898&h=O_B0RDFQPJZew84tf9m95k7s8fR0MMTTKtJQtw7u1dg/NcQl7acvv-XRStiPNXBCQbpQjPkOOJ5B8vtzV1C03s2bGlkMYHCa1xsaBiqn8e7Hfl1OiTfYgV1GMnsEED6xoA
HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 11:26:08 GMT
Content-Type: image/jpeg
Content-Length: 81010
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 18:54:03 GMT
ETag: "6388f84b-13c72"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uT8YGLfyBk7tgZftF1E6yGnkPEjODHXdXx6esO9ilApGCxOUNTdmJ2%2FBPsnT%2BqJdhg11Upp9nZz0CQKTYAM3eINDAkb9vAjYuoYODjSvSgesB%2BUiPq4jsbGxini0FifmzPvRWH4%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77442f73fc42b4f9-OSL
alt-svc: h2=":443"; ma=60
www.google-analytics.com/analytics.js
142.250.74.110200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.110:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://d.revokeuncle.shop/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Sun, 04 Dec 2022 10:41:08 GMT
expires: Sun, 04 Dec 2022 12:41:08 GMT
cache-control: public, max-age=7200
age: 2700
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
d.revokeuncle.shop/favicon.ico
104.21.53.170200 OK 69 B URL HTTP/1.1 d.revokeuncle.shop/favicon.ico
IP 104.21.53.170:0
File type MS Windows icon resource - 1 icon, 16x16\012- data
Hash f12fb6edbda074603f749a028770f49a
419983c6073469bac7fb8535a847b8f78c2040ce
8aec3412c7c37feacec2dc9d7b2f3560a2e0af0af573085665a57e1d09ab397d
GET /favicon.ico HTTP/1.1
Host: d.revokeuncle.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://d.revokeuncle.shop/clicks/Exipure_cb.php?sid=999898&h=O_B0RDFQPJZew84tf9m95k7s8fR0MMTTKtJQtw7u1dg/NcQl7acvv-XRStiPNXBCQbpQjPkOOJ5B8vtzV1C03s2bGlkMYHCa1xsaBiqn8e7Hfl1OiTfYgV1GMnsEED6xoA
HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 11:26:08 GMT
Content-Type: image/x-icon
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 18:52:31 GMT
ETag: W/"6388f7ef-57e"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sBEU6Ul3Qnx5fBKiBncqG0qr4ssD3qZydqE8J0odp1l24z8Cqj6viYxuERGbia4KQ%2BgkezYRXYRcR2Powou0XeUr7x7raxCV9QWlCiDM%2FB4AzdNw7C6UPO1sCvYSZnxA3Xaf0wc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77442f75fe83b523-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 2dabd839729e9b0fb2558253d850126b
64f617aa0afb52168ef3519a4cf9829ac61ee007
1a47e4d0efdac6fbec990e3e168bfdfe615ff8953158773e8b1940d4d91eee18
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 11:26:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-22484186-3&cid=1422813303.1670153166&jid=780232706&gjid=1020206933&_gid=740653907.1670153166&_u=YEBAAUAAAAAAACAAI~&z=239817653
108.177.14.155200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-22484186-3&cid=1422813303.1670153166&jid=780232706&gjid=1020206933&_gid=740653907.1670153166&_u=YEBAAUAAAAAAACAAI~&z=239817653
IP 108.177.14.155:0
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-22484186-3&cid=1422813303.1670153166&jid=780232706&gjid=1020206933&_gid=740653907.1670153166&_u=YEBAAUAAAAAAACAAI~&z=239817653 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: http://d.revokeuncle.shop
Connection: keep-alive
Referer: http://d.revokeuncle.shop/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: http://d.revokeuncle.shop
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sun, 04 Dec 2022 11:26:08 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 2dabd839729e9b0fb2558253d850126b
64f617aa0afb52168ef3519a4cf9829ac61ee007
1a47e4d0efdac6fbec990e3e168bfdfe615ff8953158773e8b1940d4d91eee18
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 11:26:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 663979bbd831a40bec8611cfac8d77af
aa43c96676a33100f244e6772e37adc2b6f89b76
60c21027da288e857f546b531dd226d81206bfa85a35985b0e1587a68dec4d5b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 11:26:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 7c9e0bb25e8c28e8b10038806b0a7190
9fa6097aeb8eacde8ba7c9ab80a7a7d2405ae2bc
f4864000960be2f888ed7d2467f74130231fed6f56ad48ff15861f5769e95a58
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 11:26:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-22484186-3&cid=1422813303.1670153166&jid=780232706&_u=YEBAAUAAAAAAACAAI~&z=971424856
142.250.74.132200 OK 42 B URL HTTP/2 www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-22484186-3&cid=1422813303.1670153166&jid=780232706&_u=YEBAAUAAAAAAACAAI~&z=971424856
IP 142.250.74.132:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-22484186-3&cid=1422813303.1670153166&jid=780232706&_u=YEBAAUAAAAAAACAAI~&z=971424856 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://d.revokeuncle.shop/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 04 Dec 2022 11:26:08 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-22484186-3&cid=1422813303.1670153166&jid=780232706&_u=YEBAAUAAAAAAACAAI~&z=971424856
142.250.74.163200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-22484186-3&cid=1422813303.1670153166&jid=780232706&_u=YEBAAUAAAAAAACAAI~&z=971424856
IP 142.250.74.163:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-22484186-3&cid=1422813303.1670153166&jid=780232706&_u=YEBAAUAAAAAAACAAI~&z=971424856 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://d.revokeuncle.shop/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 04 Dec 2022 11:26:08 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 663979bbd831a40bec8611cfac8d77af
aa43c96676a33100f244e6772e37adc2b6f89b76
60c21027da288e857f546b531dd226d81206bfa85a35985b0e1587a68dec4d5b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 11:26:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash f54a71942ab5d7fdc54672cf84aa76db
e03db706ad371c93ddd3cc4a3e4c329777bb5f4b
87453ee6a206085c9b82594123a30bf59f7354733d19f21e388dea70768198c9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 11:26:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10565
Expires: Sun, 04 Dec 2022 14:22:14 GMT
Date: Sun, 04 Dec 2022 11:26:09 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10565
Expires: Sun, 04 Dec 2022 14:22:14 GMT
Date: Sun, 04 Dec 2022 11:26:09 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10565
Expires: Sun, 04 Dec 2022 14:22:14 GMT
Date: Sun, 04 Dec 2022 11:26:09 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d571e0e-b14e-436b-8156-2e49aad75d4f.png
34.120.237.76200 OK 16 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d571e0e-b14e-436b-8156-2e49aad75d4f.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 14dcca2a9c4792d835ee709bcd947402
1d702df3a64258628f4124eafd580695f2d350af
da01dcd8fef7c50bdb6f7a8a6a4955694092f479df3dba72f7fa69d7280d07b2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d571e0e-b14e-436b-8156-2e49aad75d4f.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 16143
x-amzn-requestid: dc86fad4-4e53-42c9-9b0a-5e4d2cfcd087
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cdGyLGqmoAMFnaA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638851a7-0ea324b31e8c6578098b8ab9;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 07:03:03 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: KHd4ajJWl-8TDH5HGbkuJXI4NL6I83IwSUBKzfq85cxpyRH_LGl6OA==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 05:55:20 GMT
age: 19849
etag: "1d702df3a64258628f4124eafd580695f2d350af"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd528f6ee-d348-431d-8220-5c8b154b2941.jpeg
34.120.237.76200 OK 8.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd528f6ee-d348-431d-8220-5c8b154b2941.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash db1701b7b9d161a0c935bb6e10b17893
22a8c4bd58c729c1abcf794466e8f3231dfb034b
b495524a33e5b1d3ba34cfbe867ada0da956c061370b1fcde06b23a6194a9787
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd528f6ee-d348-431d-8220-5c8b154b2941.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8315
x-amzn-requestid: f1bcc33b-aad9-4d3b-b1f9-49282f2d4fb9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clsAMGVboAMFfxg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc067-13472a097177d4751c8f7a8c;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:23 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: JuY0xcLDiERwrVhq33d4PP64liDqFfk9bc9xX1H62o0tOwrt1ek7Pg==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:42:39 GMT
age: 49410
etag: "22a8c4bd58c729c1abcf794466e8f3231dfb034b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae18d1b5-3b75-4897-bd1b-03651e437c2e.jpeg
34.120.237.76200 OK 4.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae18d1b5-3b75-4897-bd1b-03651e437c2e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c01fe1cccdb3b672bbade6d98217ffe9
a9a529dc9894827f6243a1bf57f81caa4fe88fc2
c43da6212c79a08e22e78e04e99e8f5422e64b4b0a87f30b7907f1b4bc675c71
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae18d1b5-3b75-4897-bd1b-03651e437c2e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4666
x-amzn-requestid: 850d341f-5ccb-453c-8adf-a8194f8fbdad
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clr_-GiboAMFwww=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc066-766293f2526e637235067aca;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:22 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: z5uqgjB-Bsl0U55a8aFi37cpJ65Vnbjm6bJ2GnMpaO7RXsMZsOCbPQ==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:44:01 GMT
age: 49328
etag: "a9a529dc9894827f6243a1bf57f81caa4fe88fc2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F19c9bb39-be15-49f9-aad9-2cc511601111.jpeg
34.120.237.76200 OK 9.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F19c9bb39-be15-49f9-aad9-2cc511601111.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a6e7b32ac999cf3c899a234c621fa91a
fc5d4f3163ebb9faf85968cbb1d194e8e68418be
f12db3aed126006fee00649aba0b3eaae900de200b85b9523866a90b5494f18e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F19c9bb39-be15-49f9-aad9-2cc511601111.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8989
x-amzn-requestid: abce0b01-f70c-42ad-b242-5a24735fe4c2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cltl4Gk2oAMFSWQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc2f2-1cccffff5199dffe70264a95;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:43:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: PFl7VUrzRkMFNnTiIw_cbGCyrEFn43eUSlZfT0nUhUmjjyXT7JfjMA==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:50:01 GMT
age: 48968
etag: "fc5d4f3163ebb9faf85968cbb1d194e8e68418be"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df54ea7-8915-4ac7-af2b-6a71ce14dbf4.webp
34.120.237.76200 OK 5.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df54ea7-8915-4ac7-af2b-6a71ce14dbf4.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 43309032a892c486f9985ef520df696e
36f4682ca6a33ff80ee02129c77e6f27e996ede0
24225ff504f30405d9ec3feb2555c738fcca0d6b265f285aa9c73a64c78a496e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df54ea7-8915-4ac7-af2b-6a71ce14dbf4.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5681
x-amzn-requestid: 8f0d66b8-d532-48d9-9a29-74540cd6ab3a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cltXnEotIAMFqkA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc296-27349a376ff819ab63b04a81;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:41:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: vNP2rQwmWTntetjJyjonO8N_YOBqvQuZUm42BWX7c1GoX7jASOIpCg==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:49:42 GMT
age: 48987
etag: "36f4682ca6a33ff80ee02129c77e6f27e996ede0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F61cc2744-b517-4404-bfa2-25fadadfa3f3.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F61cc2744-b517-4404-bfa2-25fadadfa3f3.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2636f91bb8fa4d9bb7bef114c248a9ae
8637105f41058bc0d2b259d462b560881928adb6
3d93fd8fcf1af31d00ccbd453142dbea5f2b91d7f58373095943ed40a31ed1f7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F61cc2744-b517-4404-bfa2-25fadadfa3f3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10431
x-amzn-requestid: f79ab5e7-8c1b-4827-a531-aaa19c1d80aa
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clsCGEwxIAMF34g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc073-6358d2950955884c470c0a89;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:35 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: PQ7xh995cd1UVi3z42EVZGjQjHLLvtAP5BBC-xLEEGr4mEiXS6fC-w==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:47:06 GMT
age: 49143
etag: "8637105f41058bc0d2b259d462b560881928adb6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2