gift7127.goggle.vip/sweeps/ww/iphonesurvey1/index_en-us.php?vid=1668938253-vurzlf&utm_medium=1962&utm_source=redirect&utm_campaign=0_autosmartlink_auto&utm_content=smartlink_with_push_randompub&isp=google%20llc&city=mountain%20view&br=0&sp=1&iw=false&checked=0&trans=1&ipp=0&lpkey=165c687793ec886053&ck=2
104.26.12.100301 Moved Permanently 0 B URL HTTP/1.1 gift7127.goggle.vip/sweeps/ww/iphonesurvey1/index_en-us.php?vid=1668938253-vurzlf&utm_medium=1962&utm_source=redirect&utm_campaign=0_autosmartlink_auto&utm_content=smartlink_with_push_randompub&isp=google%20llc&city=mountain%20view&br=0&sp=1&iw=false&checked=0&trans=1&ipp=0&lpkey=165c687793ec886053&ck=2
IP 104.26.12.100:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /sweeps/ww/iphonesurvey1/index_en-us.php?vid=1668938253-vurzlf&utm_medium=1962&utm_source=redirect&utm_campaign=0_autosmartlink_auto&utm_content=smartlink_with_push_randompub&isp=google%20llc&city=mountain%20view&br=0&sp=1&iw=false&checked=0&trans=1&ipp=0&lpkey=165c687793ec886053&ck=2 HTTP/1.1
Host: gift7127.goggle.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Mon, 05 Dec 2022 05:29:44 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Mon, 05 Dec 2022 06:29:44 GMT
Location: https://gift7127.goggle.vip/sweeps/ww/iphonesurvey1/index_en-us.php?vid=1668938253-vurzlf&utm_medium=1962&utm_source=redirect&utm_campaign=0_autosmartlink_auto&utm_content=smartlink_with_push_randompub&isp=google%20llc&city=mountain%20view&br=0&sp=1&iw=false&checked=0&trans=1&ipp=0&lpkey=165c687793ec886053&ck=2
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LgxS0Nih9Kn%2FkFiByq6ehrFzOtsEghGh6zd4G9TL%2BIKK0%2FEhwMn3nlEKqFXv0XVD9wBYTyWmX4xRSmXL5r9Q%2FS5TMt6Xg2HcXqsjwwa5LLwgUgZ%2B%2FGjXk6u5SgdZOliJxcQ2%2Ffwj"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 774a62c6ca33b515-OSL
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash cfec3d7283a9b66d2be426ce54d210f3
808c1feb1ba918951d1928c1f6bfc0c253262774
1bad6c06aa3e88dcbc125fc98a6cb753eb2b18d2c8dd61da21d12209aeeda3f9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1BAD6C06AA3E88DCBC125FC98A6CB753EB2B18D2C8DD61DA21D12209AEEDA3F9"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18613
Expires: Mon, 05 Dec 2022 10:39:58 GMT
Date: Mon, 05 Dec 2022 05:29:45 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 1ea206ac3c440825741687351f8c6e4e
2f38dafd8c43dcce2411a0590bc5c02cd6286735
7d7232c8c91bcd18161ba2c9d23e3bff159604e058bd5b3fc1c7fcbcd03a7ee3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D7232C8C91BCD18161BA2C9D23E3BFF159604E058BD5B3FC1C7FCBCD03A7EE3"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4262
Expires: Mon, 05 Dec 2022 06:40:47 GMT
Date: Mon, 05 Dec 2022 05:29:45 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash fb2c0697c6d9a96a5411dd2952947458
79e57f831ec396bbdaa5bfe9472a05e6c9fb31f4
3fd7edcc349ab4402f62e54a142be6b4cecf0e7ee3f431d3168bdf0643ba4d92
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 460
Cache-Control: max-age=104952
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 05:29:45 GMT
Etag: "638c76f5-1d7"
Expires: Tue, 06 Dec 2022 10:38:57 GMT
Last-Modified: Sun, 04 Dec 2022 10:31:17 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 471
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: kFZMis4Hxfxl6Cf4r3kHNqknz5BOZadzHZFLvwTIZihVyT1ct3nYEVrLQdmfVSgU50xG7uNMhqk=
x-amz-request-id: V22FM4RCNDZ9KD6J
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 05 Dec 2022 04:47:16 GMT
age: 2549
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 05 Dec 2022 05:18:27 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 678
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 05:29:45 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash db3a7a835850d29f73d539bca13fbf71
73ac03148286bef3e4b7eae537a0fe79991a7a7a
a9be93a07d46c2a66f335d712ddefec393b6cae451238e78c9dab1e259aff2eb
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=161688
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 05:29:45 GMT
Etag: "638d5661-118"
Expires: Wed, 07 Dec 2022 02:24:33 GMT
Last-Modified: Mon, 05 Dec 2022 02:24:33 GMT
Server: nginx
Content-Length: 280
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Pragma, Last-Modified, ETag, Alert, Expires, Retry-After, Cache-Control, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 05 Dec 2022 05:08:58 GMT
cache-control: public,max-age=3600
age: 1247
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 67eaf80416802078cf20f6f8328ca0bb
d9cbffdc1972eec762e18fb620e4efe5169be163
12c2cddb038dc58e56c84a521b6f17b66ec54427a738fb8a46a4d95ceec9abbd
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=170713
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 05:29:45 GMT
Etag: "638d79a2-117"
Expires: Wed, 07 Dec 2022 04:54:58 GMT
Last-Modified: Mon, 05 Dec 2022 04:54:58 GMT
Server: nginx
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 31b129c94a90b1e695b21395cb54e378
a3cae46b48d469cc61ab0581303bcd5f5b654db9
fac3f681be358a20f78958dff10c89b7a91365c5114c81246c1bc34c1362ba1e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 451
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 05:29:45 GMT
Last-Modified: Mon, 05 Dec 2022 05:22:14 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 471
t.y1h1.com/visit/5d282e030142b6000661240f?type=lpKeyError_Type_1&srcTrafficSource=redirect&srcCampaign=0_autosmartlink_auto&srcPub=1962&srcOffer=smartlink_with_push_randompub&exid=1668938253-vurzlf
172.67.75.44200 OK 273 B URL HTTP/2 t.y1h1.com/visit/5d282e030142b6000661240f?type=lpKeyError_Type_1&srcTrafficSource=redirect&srcCampaign=0_autosmartlink_auto&srcPub=1962&srcOffer=smartlink_with_push_randompub&exid=1668938253-vurzlf
IP 172.67.75.44:0
File type HTML document text\012- HTML document, ASCII text, with no line terminators
Hash ed421d842c928fbf936d848841af25ed
1a353c9c1243207e927bb04ce6ad84f7eac2bc83
a8b18c024daadd9c62d3a649d3dfd954c43b9a4ca59ad9de8349a9483da6b247
GET /visit/5d282e030142b6000661240f?type=lpKeyError_Type_1&srcTrafficSource=redirect&srcCampaign=0_autosmartlink_auto&srcPub=1962&srcOffer=smartlink_with_push_randompub&exid=1668938253-vurzlf HTTP/1.1
Host: t.y1h1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Mon, 05 Dec 2022 05:29:45 GMT
content-length: 273
refresh: 0;URL=https://t.y1h1.com/visit/61e55f98081ec20007c7f606?exid=1670218185-gYNFCr&srcTrafficSource=Redirect&srcCampaign=0_Redirect_Auto&srcPub=1962&type=Cloak
set-cookie: vid=1670218185-gYNFCr; Path=/; Domain=y1h1.com; Max-Age=604800; Expires=Mon, 12 Dec 2022 05:29:45 GMT; Secure; HttpOnly; SameSite=None
lv_5d282e030142b6000661240f=1670218185-gYNFCr; Path=/; Domain=y1h1.com; Max-Age=3600; Expires=Mon, 05 Dec 2022 06:29:45 GMT; Secure; HttpOnly; SameSite=None
vn_5d282e030142b6000661240f=1; Path=/; Domain=y1h1.com; Max-Age=3600; Expires=Mon, 05 Dec 2022 06:29:45 GMT; Secure; HttpOnly; SameSite=None
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4wOWJL2KRmywGVoMI4SaK2NOzyZOg4efHiVAd0tDMsMiTQT8YpCJLdoFx57vtjZnYkmzaBfYajVxyTPBkWA9ZEsP1Kf%2BumjUK0pTJfTb%2BWAEHcU9cK5Y6xsV88aT"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774a62cbc8e0b4ee-OSL
X-Firefox-Spdy: h2
push.services.mozilla.com/
52.39.62.124101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.39.62.124:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: nzn5+3sjs1v7bfjLGV2ruw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: pyEceERrEcIeUvA4qtJRBj7C5dY=
t.y1h1.com/visit/61e55f98081ec20007c7f606?exid=1670218185-gYNFCr&srcTrafficSource=Redirect&srcCampaign=0_Redirect_Auto&srcPub=1962&type=Cloak
172.67.75.44200 OK 416 B URL HTTP/2 t.y1h1.com/visit/61e55f98081ec20007c7f606?exid=1670218185-gYNFCr&srcTrafficSource=Redirect&srcCampaign=0_Redirect_Auto&srcPub=1962&type=Cloak
IP 172.67.75.44:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (416), with no line terminators
Hash 28e2fb44ab767d48485053b99ad707c6
0552f57cd1356ca4d80d45a54ded7ccb955b2455
f9d1eee07f9ecbc4f3d7f6de77382dc9144d3a9dda62341fa19a567f81c7093e
GET /visit/61e55f98081ec20007c7f606?exid=1670218185-gYNFCr&srcTrafficSource=Redirect&srcCampaign=0_Redirect_Auto&srcPub=1962&type=Cloak HTTP/1.1
Host: t.y1h1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: vid=1670218185-gYNFCr; lv_5d282e030142b6000661240f=1670218185-gYNFCr; vn_5d282e030142b6000661240f=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Dec 2022 05:29:46 GMT
content-length: 416
refresh: 0;URL=https://gift2357.g00le.vip/sweeps/ww/iphone3/index_en-us.php?vid=1670218185-IMsrIo&utm_medium=1962&utm_source=Redirect&utm_campaign=0_AutoSmartlink_Auto&utm_content=Smartlink_Sweeps_RandomPub&isp=Blix+Group+AS&city=Oslo&br=0&sp=1&trans=1&iw=False&checked=0&ipp=0&lpkey=16ef70232116871f85&ck=2
set-cookie: vid=1670218185-IMsrIo; Path=/; Domain=y1h1.com; Max-Age=604800; Expires=Mon, 12 Dec 2022 05:29:45 GMT; Secure; HttpOnly; SameSite=None
lv_61e55f98081ec20007c7f606=1670218185-IMsrIo; Path=/; Domain=y1h1.com; Max-Age=3600; Expires=Mon, 05 Dec 2022 06:29:45 GMT; Secure; HttpOnly; SameSite=None
vn_61e55f98081ec20007c7f606=1; Path=/; Domain=y1h1.com; Max-Age=3600; Expires=Mon, 05 Dec 2022 06:29:45 GMT; Secure; HttpOnly; SameSite=None
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gkaWmbWhKgDjHONO42ap%2B5nFbCp%2BIYpNzxkZxRvQQxVAd6h%2Fvd3Ejj7bwpVdbWcF3D4kN9QA8xLhJMhG2loLYGOR3QQ%2FixLkPDryGcf1wcgVbrZNBO%2F4hMYh3gvt"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774a62cd89dab4ee-OSL
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash d1397a045e498b1b4cd5c7ac94eff0ae
4ea77953938dc3b590884e4d8b0af0612bedb0cc
105c9571eb20cca90d72d06a4fa771bd1dfae32983504df77411c2a80c44651b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 05:29:46 GMT
Server: ECS (amb/6BB2)
Content-Length: 279
gift2357.g00le.vip/sweeps/ww/iphone3/index_en-us.php?vid=1670218185-IMsrIo&utm_medium=1962&utm_source=Redirect&utm_campaign=0_AutoSmartlink_Auto&utm_content=Smartlink_Sweeps_RandomPub&isp=Blix+Group+AS&city=Oslo&br=0&sp=1&trans=1&iw=False&checked=0&ipp=0&lpkey=16ef70232116871f85&ck=2
172.67.68.19200 OK 1.4 kB URL HTTP/2 gift2357.g00le.vip/sweeps/ww/iphone3/index_en-us.php?vid=1670218185-IMsrIo&utm_medium=1962&utm_source=Redirect&utm_campaign=0_AutoSmartlink_Auto&utm_content=Smartlink_Sweeps_RandomPub&isp=Blix+Group+AS&city=Oslo&br=0&sp=1&trans=1&iw=False&checked=0&ipp=0&lpkey=16ef70232116871f85&ck=2
IP 172.67.68.19:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF, LF line terminators
Hash b0dcff26a8469811189cba62497c85bf
1237f677954844f5805ed71868e480c4ee3d18fa
d41a9fdf04a2fae5fca6e34d31d8b5b6d0e0582eb3df466a7dbb7350f2a3be91
GET /sweeps/ww/iphone3/index_en-us.php?vid=1670218185-IMsrIo&utm_medium=1962&utm_source=Redirect&utm_campaign=0_AutoSmartlink_Auto&utm_content=Smartlink_Sweeps_RandomPub&isp=Blix+Group+AS&city=Oslo&br=0&sp=1&trans=1&iw=False&checked=0&ipp=0&lpkey=16ef70232116871f85&ck=2 HTTP/1.1
Host: gift2357.g00le.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 05 Dec 2022 05:29:46 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OhZtERJ2aaWSbpFC1WaauweWTeeTFnaQIpxSTmujYSTK3RaK%2FiW8ahGc1KLc7HgzoU3Ucqzqmn6nCJAMmGvTH7SX%2Fnpf9dHD4S%2Bfg7%2FK0JfeY9Hbz2uhHNyFnfsd9eWV4PWarH8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774a62d0ac6c0b3d-OSL
content-encoding: br
X-Firefox-Spdy: h2
gift2357.g00le.vip/sweeps/ww/iphone3/index_files/loading.gif
172.67.68.19200 OK 5.8 kB URL HTTP/2 gift2357.g00le.vip/sweeps/ww/iphone3/index_files/loading.gif
IP 172.67.68.19:0
File type GIF image data, version 89a, 208 x 13\012- data
Hash e7476fddd806e1ad72356ec86ae2a35a
162d8b87e6d1c3ef0ed5839ffd54cf5ac0c23e54
dfa0ad12a293332f47c0c0b7c4d7681d3670915a2f75f086aaf61b9a2835b24a
GET /sweeps/ww/iphone3/index_files/loading.gif HTTP/1.1
Host: gift2357.g00le.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Dec 2022 05:29:46 GMT
content-type: image/gif
content-length: 5837
last-modified: Fri, 17 Sep 2021 10:19:36 GMT
etag: "61446bb8-16cd"
expires: Wed, 04 Jan 2023 05:29:46 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KVNltJpA6Zgcv%2BD95dxJeQr0MhrijwlROoxXJN1VsTTPb%2F5bPaU9WVHy4XyQXgO7BOpv1h99%2BHdBEfl9695Em8n5GJEQ33b0y%2F4RzHGzuJhDtSE4HzVZ%2B80%2B8FbyXz7PKpRpihI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 774a62d18ca30b3d-OSL
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 2e388f1ab4ec88104f57cf23944ee684
39178c45ed645709cc388d5790b1b58a3272a62f
e33b88f6f77d90b65a8fed943a45623e51f1efbdae401a1652f24be68408dba0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 05:29:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
gift2357.g00le.vip/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
172.67.68.19200 OK 4.5 kB URL HTTP/2 gift2357.g00le.vip/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
IP 172.67.68.19:0
File type ASCII text, with very long lines (12331)
Hash f4565ba12bf72471d5877b23dcb595ae
89393614075fbb0259949489509eeb239b6ea2fd
3372fa7acb99e274caef22564c6cdcbbc849fa07fb4df3aed17817164c6fe19b
Analyzer Verdict Alert fortinet Phishing
GET /cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js HTTP/1.1
Host: gift2357.g00le.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Dec 2022 05:29:46 GMT
content-type: application/javascript
last-modified: Wed, 30 Nov 2022 18:31:41 GMT
etag: W/"6387a18d-302c"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0yBQOwVPCtR1MHfbORflfo68tJ1KUkQ2pDS4iSa8lKwc3EEorSdgK0Q36IKhj5fiOV2wlXKxghr%2FOJj3QMrln3Afmq3j4IMKGsIa9CdY0xhWZZQgBlk1zYh1fX3rB21BjgW9nt4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 774a62d18ca50b3d-OSL
x-frame-options: DENY
x-content-type-options: nosniff
expires: Wed, 07 Dec 2022 05:29:46 GMT
cache-control: max-age=172800, public
content-encoding: gzip
X-Firefox-Spdy: h2
gift2357.g00le.vip/sweeps/ww/iphone3/index_files/iphone13.png
172.67.68.19200 OK 310 kB URL HTTP/2 gift2357.g00le.vip/sweeps/ww/iphone3/index_files/iphone13.png
IP 172.67.68.19:0
File type PNG image data, 1000 x 1000, 8-bit/color RGBA, non-interlaced\012- data
Size 310 kB (309952 bytes)
Hash 88ba0dfc0338ae2f5b92bfb1b7f6130c
05166508588b528027d2792db7bc85c1e53fd735
1eff7675a17efaea49f406c55bc18ee34b24f71ad8f9537a54a9ef2d4368f3a5
GET /sweeps/ww/iphone3/index_files/iphone13.png HTTP/1.1
Host: gift2357.g00le.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Dec 2022 05:29:46 GMT
content-type: image/png
content-length: 309952
last-modified: Fri, 17 Sep 2021 10:19:36 GMT
etag: "61446bb8-4bac0"
expires: Wed, 04 Jan 2023 05:29:46 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U1jTcfzjS5Rz7mpIGTI1fjF40HZ8iTBONDEGC%2BWwh0dsul5aER506BUy0rNFePaUDXkVQCeJIiRBr0gA0j%2FJc744aUzR7lHj9sKqc8IhJppD2kJnEay4xbOLIEouPcbaLEYA%2B0c%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 774a62d15c970b3d-OSL
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 8ead0ac4ce19cef2471bae0458759d89
af02fd3fcd2e10cfa2458407c0c2e59a43e18517
507b93c64bab73e393cf8d8131415ef4d4b01e65e0f2ab73597715197845e75e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 05:29:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
rs.y1h1.com/trans.css
104.26.3.157200 OK 592 B IP 104.26.3.157:0
File type ASCII text, with very long lines (307), with no line terminators
Hash cccba7609f3ef39dcafdb4a5d5fd2e73
f59e21ff938743f95042fa005fdf4a0cf1b72303
64d05b37ffd98af587ebea82940c979bcf6fd1aa24b4c94bf9a071b7c80353f4
GET /trans.css HTTP/1.1
Host: rs.y1h1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Dec 2022 05:29:46 GMT
content-type: text/css
cache-control: max-age=43200
cf-bgj: minify
cf-polished: origSize=417
etag: W/"60837b07-1a1"
expires: Mon, 05 Dec 2022 08:23:48 GMT
last-modified: Sat, 24 Apr 2021 01:57:27 GMT
cf-cache-status: HIT
age: 32758
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vTSCUvnELpSF89AyC%2Bd%2F2gv4gVD1u%2Fcj5%2F1LTn5wwL26CaNNEFpe58xLr1N9%2BHpegx1yqN9NBBI8hSZK9xhGlYmQgyxedNxna61AjwCi4dC9udFxOJZlaR7qw4Jpag%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 774a62d35d38b512-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 67eaf80416802078cf20f6f8328ca0bb
d9cbffdc1972eec762e18fb620e4efe5169be163
12c2cddb038dc58e56c84a521b6f17b66ec54427a738fb8a46a4d95ceec9abbd
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1
Cache-Control: max-age=170713
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 05:29:46 GMT
Etag: "638d79a2-117"
Expires: Wed, 07 Dec 2022 04:54:59 GMT
Last-Modified: Mon, 05 Dec 2022 04:54:58 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 279
www.googletagmanager.com/gtag/js?id=G-37GE99Q100
142.250.74.168200 OK 76 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=G-37GE99Q100
IP 142.250.74.168:0
File type ASCII text, with very long lines (20080)
Hash c1cc60b6f0d4b04e9f3db3d52ced0792
4ed14e454549bb8b32d160a2b595d37483560893
9d539417a4ae07aa92f5e29f7bb92c64626017c736b30b307f4da3ed08e6deca
GET /gtag/js?id=G-37GE99Q100 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 05 Dec 2022 05:29:46 GMT
expires: Mon, 05 Dec 2022 05:29:46 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 76333
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
gift2357.g00le.vip/sweeps/ww/iphone3/index_files/style.css
172.67.68.19200 OK 3.6 kB URL HTTP/2 gift2357.g00le.vip/sweeps/ww/iphone3/index_files/style.css
IP 172.67.68.19:0
File type ASCII text, with very long lines (3822), with no line terminators
Hash 88d382dc73d08a6e0bc43c8ef460fd74
eef697183175e1f450f54cc137282d621bdf3f1f
8847eebd624def476d29726cc25087fbcfa97f97e1345e9339f7e507c82de5f1
GET /sweeps/ww/iphone3/index_files/style.css HTTP/1.1
Host: gift2357.g00le.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gift2357.g00le.vip/sweeps/ww/iphone3/index_en-us.php?vid=1670218185-IMsrIo&utm_medium=1962&utm_source=Redirect&utm_campaign=0_AutoSmartlink_Auto&utm_content=Smartlink_Sweeps_RandomPub&isp=Blix+Group+AS&city=Oslo&br=0&sp=1&trans=1&iw=False&checked=0&ipp=0&lpkey=16ef70232116871f85&ck=2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Dec 2022 05:29:46 GMT
content-type: text/css
last-modified: Fri, 17 Sep 2021 11:10:36 GMT
vary: Accept-Encoding
etag: W/"614477ac-eee"
expires: Mon, 05 Dec 2022 17:29:46 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BKT58VTngTPFNSNCEYrK3pxUt%2Ff5fA6VTqsgM%2B4R836iqwUxXTHBrs2JWMINai5dm7oIOVfnUcBmSoJQXRreiOv%2Bh28ipsLUA9FMkBaAq8y5ycEmMsCxFo0URl7ODNDPC8gC4CI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774a62d15c960b3d-OSL
content-encoding: br
X-Firefox-Spdy: h2
gift2357.g00le.vip/favicon.ico
172.67.68.19200 OK 11 kB URL HTTP/2 gift2357.g00le.vip/favicon.ico
IP 172.67.68.19:0
File type MS Windows icon resource - 1 icon, -128x-128, 32 bits/pixel\012- data
Hash cc228e0807cf3a1e26775394531f0693
077506ee4e44ac9f1ae055c114e94f1af2670feb
e90b3b68fc2455f3589998edf5fd9030682e39cf4b192dc827fd55b9c6ec57b7
GET /favicon.ico HTTP/1.1
Host: gift2357.g00le.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Dec 2022 05:29:46 GMT
content-type: image/x-icon
last-modified: Mon, 10 Jan 2022 06:10:46 GMT
etag: W/"61dbcde6-1083e"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ij6q7XyKzuXgo8RaqSMzheL%2F5l8%2F6xCRkwRCDomfCrwDOgu0OWlk3kgpP0eEV%2BKaZG5ToBnjWeWCiXuTU0ToRBwd9w6oe%2FPanU49CtJUFUMX68bZC2C1jwc69bWtioBFKqz5rvM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 774a62d30d7d0b3d-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 79c225db327a78b782f5a9512b07eaf0
398a1be3a70264d959146d6670d2ca54cdf4e91a
8539ea44d81775448ae8c6179d54d8a397c559b112291fa78abcf6ac6c480815
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 05:29:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 8ead0ac4ce19cef2471bae0458759d89
af02fd3fcd2e10cfa2458407c0c2e59a43e18517
507b93c64bab73e393cf8d8131415ef4d4b01e65e0f2ab73597715197845e75e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 05:29:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js
142.250.74.35200 OK 163 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js
IP 142.250.74.35:0
File type ASCII text, with very long lines (730)
Size 163 kB (162976 bytes)
Hash 79d18cf4265108d7cecca1bf4ada6109
e51d0285a545381d4c39e9e0292a650ffeeecbb9
59ce7253f371df0833c3f72d4748ef812002b90a49413c56d0ca7c40bb5a0ab6
GET /recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gift2357.g00le.vip
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 162976
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 28 Nov 2022 19:09:57 GMT
expires: Tue, 28 Nov 2023 19:09:57 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 14 Nov 2022 03:01:59 GMT
content-type: text/javascript
age: 555590
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 79c225db327a78b782f5a9512b07eaf0
398a1be3a70264d959146d6670d2ca54cdf4e91a
8539ea44d81775448ae8c6179d54d8a397c559b112291fa78abcf6ac6c480815
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 05:29:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3999
Expires: Mon, 05 Dec 2022 06:36:26 GMT
Date: Mon, 05 Dec 2022 05:29:47 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba66ee21-e2f8-434c-a2b3-004950fdfd58.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba66ee21-e2f8-434c-a2b3-004950fdfd58.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 557fea28a0a540d2ffdadd828e03de0b
c314368e2e73dabf2c5d856e2c3e1fae610a3005
0fdd195911cdfff46a6dd8ba7b760953e5317fd7ee88abf1e19458518979fdee
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba66ee21-e2f8-434c-a2b3-004950fdfd58.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11253
x-amzn-requestid: e0561a00-8657-4af0-b24c-08b328282f79
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: co_wKE9coAMFjmQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638d1334-2844266d51d5c5672f34ff61;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 21:37:56 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: v2OgP5Rhp06ijoZU2F8vOhLjBfHdBMPa2mOIg6EiYJrgCRbrKgJz2g==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 21:52:07 GMT
age: 27460
etag: "c314368e2e73dabf2c5d856e2c3e1fae610a3005"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb6034ca-f8c1-4979-8165-5f755e5d12a1.jpeg
34.120.237.76200 OK 6.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb6034ca-f8c1-4979-8165-5f755e5d12a1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3c36448c65274ebbe1eb21e3bf02385e
e03cf1c7c2ec15b3cc50d9c54bebbf81aa08cf28
6f17788a394f1305755805a1b92117b1c1a03a1e3a075cb97a0da5184d574553
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb6034ca-f8c1-4979-8165-5f755e5d12a1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6430
x-amzn-requestid: ae2ec151-d383-4554-9ac2-3d204701251c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: co_ttFDKoAMFp0A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638d1324-15aebb1a06253068472a6ab0;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 21:37:40 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hEiLpBd0Tubj3-Wgqh_jpK6XEekyrHfuQxpVD_JLlNSAQj41XK_1EA==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 21:52:15 GMT
age: 27452
etag: "e03cf1c7c2ec15b3cc50d9c54bebbf81aa08cf28"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8d407108-e7e2-4672-80f5-d4b4c3e66151.jpeg
34.120.237.76200 OK 6.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8d407108-e7e2-4672-80f5-d4b4c3e66151.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3130c86c084c4c925fb9179dfa5c145d
203f27660f3885d5c1bc68a535baef4e48ff6582
faf2c48c2286fe2149908947de9037640007d32e13694c1261f610250caf3f8f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8d407108-e7e2-4672-80f5-d4b4c3e66151.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6173
x-amzn-requestid: dc73ee0d-b1ec-407f-8e98-3ba264725ee3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: co_sqHqwIAMFwqA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638d131d-56d74e8d45baa9e87136708f;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 21:37:33 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Gp9v8CfWmPctcSly9jWOxy0VCbBOE-CZs9z636yfpgpVi8eNt_PVvg==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 21:48:29 GMT
etag: "203f27660f3885d5c1bc68a535baef4e48ff6582"
content-type: image/jpeg
age: 27678
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1d81855b-98f7-4c0c-bfb4-78957d8c433d.jpeg
34.120.237.76200 OK 7.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1d81855b-98f7-4c0c-bfb4-78957d8c433d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9b475d52dd164b9cc0efbecfd58282b6
973e77db7fb34c60e08719dc7196d865e8831cb2
3985e24217a2bd811a0ea9bf0223eb0cda31604986f3467fae028a086a8b827e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1d81855b-98f7-4c0c-bfb4-78957d8c433d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7028
x-amzn-requestid: 4d20bc36-d129-468d-b30d-f6b571d528af
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cjKz6G86oAMF9oA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638abe7f-5f9353c04487352b64ba3bf8;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 03:11:59 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: GnsrHp9gMnOF7C1LS_suYeIrdrXQyAAvdrROmuVBRoI8xd6Dujlq_A==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 03:26:36 GMT
age: 7391
etag: "973e77db7fb34c60e08719dc7196d865e8831cb2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa8a7b1a4-645c-4164-abf9-5450ef421f97.jpeg
34.120.237.76200 OK 35 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa8a7b1a4-645c-4164-abf9-5450ef421f97.jpeg
IP 34.120.237.76:0
File type gzip compressed data, max compression\012- data
Hash a784f91a66c90e1b170227e8ae59bd23
292eec3f2b1a86604e8e33b2193159739d856076
8689d271a54cf8cd3c1640df1b3be5d75701bc0e9c9b399900a8364ab6d95ee9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa8a7b1a4-645c-4164-abf9-5450ef421f97.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8660
x-amzn-requestid: d5cf901f-bd2b-4269-918a-29a0bec09a40
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: co_uBG9IIAMFxcw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638d1326-63b4ea925878dab212409f2b;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 21:37:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: EZVmzJ--Jl3Z90-Dc_LY7w35ns5HiHBhwNWfPFZqjd_GILMKpaTI7w==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 21:48:29 GMT
etag: "63483fc211cfb2808c7f37940a4065b4f4177c59"
content-type: image/jpeg
age: 27678
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd33bab20-1689-4962-985e-15e304482bee.jpeg
34.120.237.76200 OK 9.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd33bab20-1689-4962-985e-15e304482bee.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 37b58bb09c00b591c2819c89e371d927
aa487f4a7767cb4591fe620592da65bde90c0aa2
9b7791d79d1e9702c23e63450d556e7f1f287f4d02788fc147822c1d90f64657
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd33bab20-1689-4962-985e-15e304482bee.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9825
x-amzn-requestid: 1ab366f4-78f2-4aaa-af7b-aa203c2d8234
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: co_1ZE23IAMFnhw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638d1355-35c7b5bb6e4623e93900810c;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 21:38:29 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: iTF4eWWXKKT97b6S9ONW7NopJ8hXWdOe9y3IwzVF7J9m2eJlT43bCg==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 21:49:04 GMT
age: 27643
etag: "aa487f4a7767cb4591fe620592da65bde90c0aa2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 7dfb548d8f8a99d32050803775fad5d6
8b47999a01db7c2217d76a1cec576809a229cf1b
68dd2a1e5a0002f4d25d3b5884ab55bc6b5a91e38f6dc464c4261b19c6e5887e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 05:29:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
translate.googleapis.com/translate_static/css/translateelement.css
142.250.74.106200 OK 3.6 kB URL HTTP/2 translate.googleapis.com/translate_static/css/translateelement.css
IP 142.250.74.106:0
File type ASCII text, with very long lines (18670)
Hash 897ba9a21d9625286674da769dacc2e2
84b4923ab7dee562395160824d53496314499b77
696cbf5c2f3f1efae555562b72abbbb22bed02eff03d62074555cab241190ae0
GET /translate_static/css/translateelement.css HTTP/1.1
Host: translate.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="rosetta"
report-to: {"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]}
content-length: 3619
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 05 Dec 2022 05:17:04 GMT
expires: Mon, 05 Dec 2022 06:17:04 GMT
cache-control: public, max-age=3600
age: 763
last-modified: Wed, 17 Aug 2022 23:38:00 GMT
content-type: text/css
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.no.qvkLIg6MEVc.O/d=1/exm=el_conf/ed=1/rs=AN8SPfoxsXHCM1CnEJ_o5xsmnbdq_po64A/m=el_main
142.250.74.106200 OK 75 kB URL HTTP/2 translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.no.qvkLIg6MEVc.O/d=1/exm=el_conf/ed=1/rs=AN8SPfoxsXHCM1CnEJ_o5xsmnbdq_po64A/m=el_main
IP 142.250.74.106:0
File type ASCII text, with very long lines (1613)
Hash 110765e1accf41111543c29721c78b52
3eeceb853d592a297162325f20f0420e136c875a
b5fb084ee4491e64fca48643106c0eb338212638caafdad88ff91e0d4198b589
GET /_/translate_http/_/js/k=translate_http.tr.no.qvkLIg6MEVc.O/d=1/exm=el_conf/ed=1/rs=AN8SPfoxsXHCM1CnEJ_o5xsmnbdq_po64A/m=el_main HTTP/1.1
Host: translate.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="rosetta"
report-to: {"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]}
content-length: 75035
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 00:23:32 GMT
expires: Thu, 30 Nov 2023 00:23:32 GMT
cache-control: public, max-age=31536000
age: 450375
last-modified: Sat, 12 Nov 2022 06:10:12 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 7dfb548d8f8a99d32050803775fad5d6
8b47999a01db7c2217d76a1cec576809a229cf1b
68dd2a1e5a0002f4d25d3b5884ab55bc6b5a91e38f6dc464c4261b19c6e5887e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 05:29:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
142.250.74.35200 OK 15 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Hash 5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 01 Dec 2022 21:48:03 GMT
expires: Fri, 01 Dec 2023 21:48:03 GMT
cache-control: public, max-age=31536000
age: 286904
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
142.250.74.35200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Hash 285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 01 Dec 2022 16:40:43 GMT
expires: Fri, 01 Dec 2023 16:40:43 GMT
cache-control: public, max-age=31536000
age: 305344
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
region1.google-analytics.com/g/collect?v=2&tid=G-37GE99Q100>m=2oebu0&_p=1059152644&cid=428496693.1670218184&ul=en-us&sr=1280x1024&_s=1&sid=1670218184&sct=1&seg=0&dl=https%3A%2F%2Fgift2357.g00le.vip%2Fsweeps%2Fww%2Fiphone3%2Findex_en-us.php%3Fvid%3D1670218185-IMsrIo%26utm_medium%3D1962%26utm_source%3DRedirect%26utm_campaign%3D0_AutoSmartlink_Auto%26utm_content%3DSmartlink_Sweeps_RandomPub%26isp%3DBlix%2BGroup%2BAS%26city%3DOslo%26br%3D0%26sp%3D1%26trans%3D1%26iw%3DFalse%26checked%3D0%26ipp%3D0%26lpkey%3D16ef70232116871f85%26ck%3D2&dt=%E2%98%91%EF%B8%8F%20iPhone%2013&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
216.239.34.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-37GE99Q100>m=2oebu0&_p=1059152644&cid=428496693.1670218184&ul=en-us&sr=1280x1024&_s=1&sid=1670218184&sct=1&seg=0&dl=https%3A%2F%2Fgift2357.g00le.vip%2Fsweeps%2Fww%2Fiphone3%2Findex_en-us.php%3Fvid%3D1670218185-IMsrIo%26utm_medium%3D1962%26utm_source%3DRedirect%26utm_campaign%3D0_AutoSmartlink_Auto%26utm_content%3DSmartlink_Sweeps_RandomPub%26isp%3DBlix%2BGroup%2BAS%26city%3DOslo%26br%3D0%26sp%3D1%26trans%3D1%26iw%3DFalse%26checked%3D0%26ipp%3D0%26lpkey%3D16ef70232116871f85%26ck%3D2&dt=%E2%98%91%EF%B8%8F%20iPhone%2013&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
IP 216.239.34.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-37GE99Q100>m=2oebu0&_p=1059152644&cid=428496693.1670218184&ul=en-us&sr=1280x1024&_s=1&sid=1670218184&sct=1&seg=0&dl=https%3A%2F%2Fgift2357.g00le.vip%2Fsweeps%2Fww%2Fiphone3%2Findex_en-us.php%3Fvid%3D1670218185-IMsrIo%26utm_medium%3D1962%26utm_source%3DRedirect%26utm_campaign%3D0_AutoSmartlink_Auto%26utm_content%3DSmartlink_Sweeps_RandomPub%26isp%3DBlix%2BGroup%2BAS%26city%3DOslo%26br%3D0%26sp%3D1%26trans%3D1%26iw%3DFalse%26checked%3D0%26ipp%3D0%26lpkey%3D16ef70232116871f85%26ck%3D2&dt=%E2%98%91%EF%B8%8F%20iPhone%2013&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: null
date: Mon, 05 Dec 2022 05:29:47 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
gift7127.goggle.vip/sweeps/ww/iphonesurvey1/index_en-us.php?vid=1668938253-vurzlf&utm_medium=1962&utm_source=redirect&utm_campaign=0_autosmartlink_auto&utm_content=smartlink_with_push_randompub&isp=google%20llc&city=mountain%20view&br=0&sp=1&iw=false&checked=0&trans=1&ipp=0&lpkey=165c687793ec886053&ck=2
172.67.71.125302 Found 0 B URL HTTP/2 gift7127.goggle.vip/sweeps/ww/iphonesurvey1/index_en-us.php?vid=1668938253-vurzlf&utm_medium=1962&utm_source=redirect&utm_campaign=0_autosmartlink_auto&utm_content=smartlink_with_push_randompub&isp=google%20llc&city=mountain%20view&br=0&sp=1&iw=false&checked=0&trans=1&ipp=0&lpkey=165c687793ec886053&ck=2
IP 172.67.71.125:0
Analyzer Verdict Alert quad9 Sinkholed
GET /sweeps/ww/iphonesurvey1/index_en-us.php?vid=1668938253-vurzlf&utm_medium=1962&utm_source=redirect&utm_campaign=0_autosmartlink_auto&utm_content=smartlink_with_push_randompub&isp=google%20llc&city=mountain%20view&br=0&sp=1&iw=false&checked=0&trans=1&ipp=0&lpkey=165c687793ec886053&ck=2 HTTP/1.1
Host: gift7127.goggle.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
date: Mon, 05 Dec 2022 05:29:45 GMT
content-type: text/html; charset=UTF-8
location: https://t.y1h1.com/visit/5d282e030142b6000661240f?type=lpKeyError_Type_1&srcTrafficSource=redirect&srcCampaign=0_autosmartlink_auto&srcPub=1962&srcOffer=smartlink_with_push_randompub&exid=1668938253-vurzlf
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=686F3VmGwXiSd7VnwFerzRritYM0NCpJ6uYb23MHEuHP8NRQ3A53vJrED36jhEHJTko51pfjrMEOy4QAmOdv56Q%2FPOOMYB02Ln5ncWcTQC8kmdmTHPmn1ffOPDJT%2BJtO%2BtQproTH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774a62c9dee5b50f-OSL
X-Firefox-Spdy: h2
rs.y1h1.com/trans.js
104.26.3.157200 OK 0 B IP 104.26.3.157:0
GET /trans.js HTTP/1.1
Host: rs.y1h1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Dec 2022 05:29:46 GMT
content-type: application/javascript
cache-control: max-age=43200
cf-bgj: minify
cf-polished: origSize=337
etag: W/"60837b56-151"
expires: Mon, 05 Dec 2022 07:37:41 GMT
last-modified: Sat, 24 Apr 2021 01:58:46 GMT
cf-cache-status: HIT
age: 35525
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mc2A9QZKmLjrJ7fPgVq4VRz9avfnjjd4aItO6ItN1hsO39L9FtWn3GfeowBWwdn0g%2BvkW1vvikfkz%2Fh3qLDGIcZM8raChs99AF4Z9pJ8E%2BY%2BjLYe8MSm0FGxgSnchQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 774a62d36d3ab512-OSL
content-encoding: br
X-Firefox-Spdy: h2
rs.y1h1.com/backbutton.js
104.26.3.157200 OK 0 B URL HTTP/2 rs.y1h1.com/backbutton.js
IP 104.26.3.157:0
GET /backbutton.js HTTP/1.1
Host: rs.y1h1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Dec 2022 05:29:46 GMT
content-type: application/javascript
cache-control: max-age=43200
cf-bgj: minify
etag: W/"61d46677-12d0"
expires: Mon, 05 Dec 2022 17:28:35 GMT
last-modified: Tue, 04 Jan 2022 15:23:35 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 71
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eZWfp0dRH168t7JSqGB1QEK7m561sOYuRv%2B0yJgXRC8Z6eHPN3ns9NKLv2v6saw%2FVF8PYWTZC4C8papU5GXbxGrGW%2BBs7JzXKBA3WzzcYw%2FliOqYsVuRMPJbxeJ09w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774a62d21cbeb512-OSL
content-encoding: br
X-Firefox-Spdy: h2
rs.y1h1.com/jquery-3.5.1.min.js
104.26.3.157200 OK 0 B URL HTTP/2 rs.y1h1.com/jquery-3.5.1.min.js
IP 104.26.3.157:0
GET /jquery-3.5.1.min.js HTTP/1.1
Host: rs.y1h1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Dec 2022 05:29:46 GMT
content-type: application/javascript
last-modified: Sun, 20 Jun 2021 08:52:33 GMT
vary: Accept-Encoding
etag: W/"60cf01d1-15d84"
expires: Mon, 05 Dec 2022 05:40:39 GMT
cache-control: max-age=43200
cf-cache-status: HIT
age: 42547
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XKplALQdGyT14f%2BwS8GL%2FT7mmuYB9hV%2F8yBVlC7eyKNRPOB8Vs8tIBx0gJxhi9SE9nz4dsEyj1GMXLj%2BOHgq3stbPvIWj4k%2F91gb6vGG%2BEtbQuOToBZ4X9JHLuI%2Bpw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774a62d22cc2b512-OSL
content-encoding: br
X-Firefox-Spdy: h2
gift2357.g00le.vip/sweeps/ww/iphone3/index_files/main.js
172.67.68.19200 OK 0 B URL HTTP/2 gift2357.g00le.vip/sweeps/ww/iphone3/index_files/main.js
IP 172.67.68.19:0
Analyzer Verdict Alert fortinet Phishing
GET /sweeps/ww/iphone3/index_files/main.js HTTP/1.1
Host: gift2357.g00le.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Dec 2022 05:29:46 GMT
content-type: application/javascript
last-modified: Fri, 17 Sep 2021 10:24:44 GMT
vary: Accept-Encoding
etag: W/"61446cec-430"
expires: Mon, 05 Dec 2022 17:29:46 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JHy10nzmQM5MWrqghxsA0YgXuj1I4D9%2Bu7EcqxvgF8SWczMbYzF2BqTklHQODWG5vye65pen8UwpHH8KYkGHP4QZhq0YGrFO%2BxaPL9fu%2FtFUZulUIFUkHVyxh9Tgqa9lRo3b2y8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774a62d21cfd0b3d-OSL
content-encoding: br
X-Firefox-Spdy: h2
rs.y1h1.com/common.js
104.26.3.157200 OK 0 B IP 104.26.3.157:0
GET /common.js HTTP/1.1
Host: rs.y1h1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Dec 2022 05:29:46 GMT
content-type: application/javascript
cache-control: max-age=43200
cf-bgj: minify
etag: W/"6214ae9e-42fe"
expires: Mon, 05 Dec 2022 17:28:35 GMT
last-modified: Tue, 22 Feb 2022 09:36:30 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 71
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iMoCuWG4oIyqVG4NNJubt6LaUpqqsorq6zywnLDjbohkPCKNiQmVK%2FQnBG%2FV6%2BQvRYsLoqM9at0tj2UpeQ1sjizPxAKxO5eLlaHOz6PXzdmqSfKqVvHhE50IQsFzYQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774a62d21cc0b512-OSL
content-encoding: br
X-Firefox-Spdy: h2
rs.y1h1.com/load.js
104.26.3.157200 OK 0 B IP 104.26.3.157:0
GET /load.js HTTP/1.1
Host: rs.y1h1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Dec 2022 05:29:46 GMT
content-type: application/javascript
cache-control: max-age=43200
cf-bgj: minify
etag: W/"6311dce6-1b90"
expires: Mon, 05 Dec 2022 17:28:35 GMT
last-modified: Fri, 02 Sep 2022 10:37:26 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 71
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tBRpsHlSOAXZl2gmEz%2Fsny1XSRy9HCYV%2BOTnQbnRUHPQKsmidgs%2BAxV9dCWBQGU4nkwzXOR%2Fqy4ESaeoMAX7G3vBfBKDBLavz2KyMuFEFODpt4XFtC5TwtoDy63b3w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774a62d21cbfb512-OSL
content-encoding: br
X-Firefox-Spdy: h2
rs.y1h1.com/checkbot.js
104.26.3.157200 OK 0 B IP 104.26.3.157:0
GET /checkbot.js HTTP/1.1
Host: rs.y1h1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Dec 2022 05:29:46 GMT
content-type: application/javascript
cache-control: max-age=43200
cf-bgj: minify
etag: W/"6222c2ff-1fef"
expires: Mon, 05 Dec 2022 17:28:35 GMT
last-modified: Sat, 05 Mar 2022 01:55:11 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 71
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oCwdxov6MOXPUXQwIctzSskpLaodIpNaiv8vM37cW8zodOLJO1dDvW3vfuPvg4yC7uwqFTa%2Ft9HVUKCbjPWsU0m%2FS8aR8XQvJeSyuSUB8kQ7IRBmw0Un50Utx1QbHw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774a62d21cbdb512-OSL
content-encoding: br
X-Firefox-Spdy: h2
rs.y1h1.com/push.js
104.26.3.157200 OK 0 B IP 104.26.3.157:0
GET /push.js HTTP/1.1
Host: rs.y1h1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Dec 2022 05:29:46 GMT
content-type: application/javascript
cache-control: max-age=43200
cf-bgj: minify
etag: W/"61d4671f-2950"
expires: Mon, 05 Dec 2022 06:52:49 GMT
last-modified: Tue, 04 Jan 2022 15:26:23 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 38217
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CGXiIhLlj4SqDpnuxuZmmF0RZwVjSHRJYYhNFgs6vRA9naUzXRGUcofiHZucf9YvgroTpHBnJYACZ%2FufkTeob%2BgcMTZfMpQBd4oDrSi5%2FftFRwkdpKrUVUpPss8y%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774a62d35d35b512-OSL
content-encoding: br
X-Firefox-Spdy: h2
t.y1h1.com/recaptcha/verify?token=03AEkXODAw-8RcPIousw6ph9TbvOENd49mhaRoMvmkwWmASLCmvi7WFqOKelgNX69qOuHLHhh-XswQBfwJgZiuPnaUK9dXSAaWja5T7a8DUm6EercrV5E0GGMleBqjRgG-NJgJ5ZLAXtVArCMEAOk9f6lzRoTzNvhv2JBJRnHTiZef5dQ66Fx5O6s-wNiuT73xlqoi8mHlEFpC3L1oAdq7ha_tB6uZRAYfigeFXr1RJXkRPVqYVdyjFgK8xg3WaFvcsZii3V7FW-UqUrQ7Wv3cAOSsM17pmYVIGlijtXdqNfvnZxTE9DJmbCDAsL_iPLjURwTWUdN_Qzcgfk6UxAbxQz9G2kIB_P60-kepckBSkb-PTjq90A9UFEzVUvT-TE_yKV8VqwhI9sb-6WBiycD8y2ja8kwukJi_q435wJnrghr5J1oSSS-kv3Ob4YPTAkwLMilI8Dotg10iInSo8fyB4-KoV9SVg0BV_fp91fPt_01H4LFoVFRpYI-0qx7hof1t-n9vceWFFTys&vid=1670218185-IMsrIo&eventSubField=eventSub9&eventField=event9&botScore=0.5
104.26.3.157200 OK 0 B URL HTTP/2 t.y1h1.com/recaptcha/verify?token=03AEkXODAw-8RcPIousw6ph9TbvOENd49mhaRoMvmkwWmASLCmvi7WFqOKelgNX69qOuHLHhh-XswQBfwJgZiuPnaUK9dXSAaWja5T7a8DUm6EercrV5E0GGMleBqjRgG-NJgJ5ZLAXtVArCMEAOk9f6lzRoTzNvhv2JBJRnHTiZef5dQ66Fx5O6s-wNiuT73xlqoi8mHlEFpC3L1oAdq7ha_tB6uZRAYfigeFXr1RJXkRPVqYVdyjFgK8xg3WaFvcsZii3V7FW-UqUrQ7Wv3cAOSsM17pmYVIGlijtXdqNfvnZxTE9DJmbCDAsL_iPLjURwTWUdN_Qzcgfk6UxAbxQz9G2kIB_P60-kepckBSkb-PTjq90A9UFEzVUvT-TE_yKV8VqwhI9sb-6WBiycD8y2ja8kwukJi_q435wJnrghr5J1oSSS-kv3Ob4YPTAkwLMilI8Dotg10iInSo8fyB4-KoV9SVg0BV_fp91fPt_01H4LFoVFRpYI-0qx7hof1t-n9vceWFFTys&vid=1670218185-IMsrIo&eventSubField=eventSub9&eventField=event9&botScore=0.5
IP 104.26.3.157:0
GET /recaptcha/verify?token=03AEkXODAw-8RcPIousw6ph9TbvOENd49mhaRoMvmkwWmASLCmvi7WFqOKelgNX69qOuHLHhh-XswQBfwJgZiuPnaUK9dXSAaWja5T7a8DUm6EercrV5E0GGMleBqjRgG-NJgJ5ZLAXtVArCMEAOk9f6lzRoTzNvhv2JBJRnHTiZef5dQ66Fx5O6s-wNiuT73xlqoi8mHlEFpC3L1oAdq7ha_tB6uZRAYfigeFXr1RJXkRPVqYVdyjFgK8xg3WaFvcsZii3V7FW-UqUrQ7Wv3cAOSsM17pmYVIGlijtXdqNfvnZxTE9DJmbCDAsL_iPLjURwTWUdN_Qzcgfk6UxAbxQz9G2kIB_P60-kepckBSkb-PTjq90A9UFEzVUvT-TE_yKV8VqwhI9sb-6WBiycD8y2ja8kwukJi_q435wJnrghr5J1oSSS-kv3Ob4YPTAkwLMilI8Dotg10iInSo8fyB4-KoV9SVg0BV_fp91fPt_01H4LFoVFRpYI-0qx7hof1t-n9vceWFFTys&vid=1670218185-IMsrIo&eventSubField=eventSub9&eventField=event9&botScore=0.5 HTTP/1.1
Host: t.y1h1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gift2357.g00le.vip
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Dec 2022 05:29:47 GMT
content-type: text/plain;charset=UTF-8
access-control-allow-origin: https://gift2357.g00le.vip
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uRcAQRpOp5XvsVwZ%2FuDZ4GyBjEpRIZswdmSNyBjWLqn8VPVkWCihibgWH3fq21xnhYyFMtx7QcRMYT9UM69nnodHKTTNI3NWZyvf0TkD8kGY0M%2Frh0WjHXdOLD0t"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774a62da8ec5b527-OSL
content-encoding: br
X-Firefox-Spdy: h2