sfile.mobi/downIoad/779882/197535/616578b445b4abad38e9d885e00e1c35/tugas-akhir-skripsi-tesis-distertasi.pdf&is=4c4abe8b272cc5947e81800d80fe8bb5
104.26.5.191301 Moved Permanently 0 B URL HTTP/1.1 sfile.mobi/downIoad/779882/197535/616578b445b4abad38e9d885e00e1c35/tugas-akhir-skripsi-tesis-distertasi.pdf&is=4c4abe8b272cc5947e81800d80fe8bb5
IP 104.26.5.191:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /downIoad/779882/197535/616578b445b4abad38e9d885e00e1c35/tugas-akhir-skripsi-tesis-distertasi.pdf&is=4c4abe8b272cc5947e81800d80fe8bb5 HTTP/1.1
Host: sfile.mobi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Wed, 22 Mar 2023 11:32:21 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Wed, 22 Mar 2023 12:32:21 GMT
Location: https://sfile.mobi/downIoad/779882/197535/616578b445b4abad38e9d885e00e1c35/tugas-akhir-skripsi-tesis-distertasi.pdf&is=4c4abe8b272cc5947e81800d80fe8bb5
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EJQi245jR86HqqZJaE4qXvd2uiW95ERDVQieRCNY5%2Fp64q3%2FmqmWeYl%2Bo%2FM8tfpPy9EkAvdf86PLgNNshDbxFg%2FnLRuEB6N2ZFZWHAoIJsd9ao%2F9wnoZ3a9P6lg%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7abe1d10f8f7b4f1-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash ec332b81a27117ce9c16b67a5a8e4fac
b6d2afa2c859d000ad830d3d8d73f57bac6ffce2
1dc32c78e4e850303813338fd4e9616a41c8c05d1063748a1e76a92c397a5e8f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1DC32C78E4E850303813338FD4E9616A41C8C05D1063748A1E76A92C397A5E8F"
Last-Modified: Mon, 20 Mar 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4169
Expires: Wed, 22 Mar 2023 12:41:50 GMT
Date: Wed, 22 Mar 2023 11:32:21 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash fa20596251e8bcb49592b69e60fc9bea
6f0b25798a5e06ddaefab3890ab7c369b7af8bab
a71301e4358e746e144d6d1c33c2b18de9c68f48b9caad55c3169d9366c7eb51
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A71301E4358E746E144D6D1C33C2B18DE9C68F48B9CAAD55C3169D9366C7EB51"
Last-Modified: Mon, 20 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4552
Expires: Wed, 22 Mar 2023 12:48:13 GMT
Date: Wed, 22 Mar 2023 11:32:21 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 5285a032a285729d3e4a546310ed052d
d370c14bbc2d168cc3703bcb6b94ea0ece26e69d
a811aac1eb89de0666a7de8d3eda1dc3affa7ce5353219211a1beee1211536b5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A811AAC1EB89DE0666A7DE8D3EDA1DC3AFFA7CE5353219211A1BEEE1211536B5"
Last-Modified: Mon, 20 Mar 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8689
Expires: Wed, 22 Mar 2023 13:57:10 GMT
Date: Wed, 22 Mar 2023 11:32:21 GMT
Connection: keep-alive
getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US®ion=NO&count=30
34.120.5.221200 OK 47 kB URL HTTP/2 getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US®ion=NO&count=30
IP 34.120.5.221:0
File type JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Hash 4e6c356ed387585c886c444ffc1371c6
21b717a858c34b3a865ce530f546dab12b240105
72114129eac6fd6af0b255c13b70bda3ca9ed4ede9e5be939e4e97354b1478a6
GET /v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US®ion=NO&count=30 HTTP/1.1
Host: getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-location: global-recs.php
tcn: choice
x-frame-options: SAMEORIGIN
status: 200 OK
x-source: Pocket
pragma: cache
p3p: policyref="/w3c/p3p.xml", CP="ALL CURa ADMa DEVa OUR IND UNI COM NAV INT STA PRE"
x-cache: Miss from cloudfront
x-amz-cf-pop: SEA73-P2
x-amz-cf-id: R9Uh-oFYrD8VvlRcDoDk0wVgmTCwdQ53Yg9cZMFUZB_0gNRUUuoKNQ==
content-encoding: gzip
via: 1.1 c21a0d27ceec21e266c9f962d0349438.cloudfront.net (CloudFront), 1.1 google
content-length: 46736
date: Wed, 22 Mar 2023 11:29:08 GMT
age: 193
content-type: application/json
vary: Accept-Encoding
cache-control: s-maxage=900,public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e7bace7c1e04d44012e37ddffe36e5d5
3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2
6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: k+aEdhy0ON7wOZbfHDHsqTmHT+t9vGHE/qJxUly7A11ziL2pRW/sooqzJQDwFqTjkmxNU+G1ilOk73wqLA1YhQ==
x-amz-request-id: MB9TC747AKNFDARP
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 22 Mar 2023 10:59:30 GMT
age: 1971
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 210a2a42cfc4f4aced144f5de9babcc6
ece6ecfb2db8d036c3bfc7f02f8ea387e3f965db
59553a312d3fb34f1f0aea469f7e7cc810ff9993481ddbd73ea5d461cf97ed51
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "59553A312D3FB34F1F0AEA469F7E7CC810FF9993481DDBD73EA5D461CF97ED51"
Last-Modified: Wed, 22 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10638
Expires: Wed, 22 Mar 2023 14:29:39 GMT
Date: Wed, 22 Mar 2023 11:32:21 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 84db75194692d4afe13196bda6f22da8
4c1f49bc973a4917f146d93c8d598344edc021f6
a3bec66f95b3bdf1d310c726e8ed05f7b06c1901c62381a94582d581844d2c23
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Type, Alert, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 22 Mar 2023 11:27:29 GMT
content-type: application/json
age: 292
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 22 Mar 2023 11:32:21 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Last-Modified, Content-Length, Pragma, Expires, ETag, Backoff, Alert, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 22 Mar 2023 11:14:33 GMT
age: 1069
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 18b877ebbad1529e4bd91e12220d91c4
a3d64fb3d9cc1fe3a29b261c4ec9acfe134dfedc
7001d3ef847c7002ac15155f0dfcc0a369f19860e85c8e90530f1e7b2dd88f09
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7001D3EF847C7002AC15155F0DFCC0A369F19860E85C8E90530F1E7B2DD88F09"
Last-Modified: Wed, 22 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4849
Expires: Wed, 22 Mar 2023 12:53:11 GMT
Date: Wed, 22 Mar 2023 11:32:22 GMT
Connection: keep-alive
sfile.mobi/bqgdEUXpRu7
104.26.4.191200 OK 6.9 kB IP 104.26.4.191:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- assembler source, ASCII text, with very long lines (587), with CRLF, LF line terminators
Hash 6e7bb4baed0426301ebc74c203b45d4c
7c0f4d6c2e6c90d62f37d781424174a39718fdf9
66aa2dd16f3c1b9c67152df2b41d5bdf135182f108b6f2bb4b40ad78763938af
GET /bqgdEUXpRu7 HTTP/1.1
Host: sfile.mobi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: PHPSESSID=bqtm6opokaltkrcecnh4rn91l3
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers
HTTP/2 200 OK
date: Wed, 22 Mar 2023 11:32:22 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: _v779882=1; expires=Thu, 23-Mar-2023 11:32:22 GMT; Max-Age=86400; path=/bqgdEUXpRu7
vary: Accept-Encoding,User-Agent
x-frame-options: DENY
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9IXql8pikSZKC31xDbPjQZKvRD%2B%2BWKfW35m8j5gvJmwlskn27552hJrb2GKDgsGrkdHibFvLaNE4zqK9tXaOU6NXOJdc7BlhwFXrtBCQz%2FvkLTd2Ls5Kl5eljfQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7abe1d15ddc91c12-OSL
content-encoding: br
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
104.17.24.14200 OK 5.6 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
IP 104.17.24.14:0
File type ASCII text, with very long lines (30837)
Hash 109d1ed85cd01f9cdab73a4cac5bf80d
d6c6498ad46de2d8e2008a8ff68e364ae7f16b32
8b3a74fe462f5b3c0635995fd721a60eb640e237680b0b532b96711f2823e8bc
GET /ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sfile.mobi/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 22 Mar 2023 11:32:22 GMT
content-type: text/css; charset=utf-8
content-length: 5631
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e5f-7918"
last-modified: Mon, 04 May 2020 16:10:07 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1884420
expires: Mon, 11 Mar 2024 11:32:22 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H5cAdI7WLi6daVWl4u4r3E47h9o0uhZYCfHJpD53%2FEznCUfO6PKLfkV7zVWHEO7QH%2FW7qKtVqpC%2FaPtmICyTKGvWp6nZyj7FEq6Nqtk9cFFjgL5wz5lDFxRb9tVqQ2RFnTwqWVXP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7abe1d182f7fb50c-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
sfile.mobi/includes/fonts/raleway-v14-latin-regular.woff2
104.26.4.191200 OK 21 kB URL HTTP/2 sfile.mobi/includes/fonts/raleway-v14-latin-regular.woff2
IP 104.26.4.191:0
File type Web Open Font Format (Version 2), TrueType, length 20724, version 1.0\012- data
Hash 43c849ea0258ce0d23a480e840881f16
5222f2283ff9eed9c05025b15dcca453a43cb8c3
b3287a4018a220fe4a205c68bbb34a847fe5038c5dfbe575dd538df025b0497a
GET /includes/fonts/raleway-v14-latin-regular.woff2 HTTP/1.1
Host: sfile.mobi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://sfile.mobi/bqgdEUXpRu7
Cookie: PHPSESSID=bqtm6opokaltkrcecnh4rn91l3
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 22 Mar 2023 11:32:22 GMT
content-length: 20724
last-modified: Mon, 26 Aug 2019 01:13:52 GMT
etag: "50f4-590fade753400"
cache-control: max-age=604800
expires: Sat, 25 Mar 2023 21:14:07 GMT
x-frame-options: DENY
vary: User-Agent, Accept-Encoding
cf-cache-status: HIT
age: 310695
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AFFgN%2BczexqBmpUPgamoTlc30Ci7sqrWfCDPr9SzON2nugzVC3ZZs2Ww6X%2B2ICl%2FVacHnt%2FavR6b8Hx2TGzZfZ4IobZAna59ugYMX2AlKuWv8dPUmq2JQXxIRSA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7abe1d1879001c12-OSL
X-Firefox-Spdy: h2
sfile.mobi/icon/smallicon/jpg.svg
104.26.4.191200 OK 78 kB URL HTTP/2 sfile.mobi/icon/smallicon/jpg.svg
IP 104.26.4.191:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (2293), with no line terminators
Hash 627186ae9c34fc9f042592ffdd62227b
57a31044089c126da8674642bfc53080b99adfb1
a0a1b22d00dab841bf9c69baa188e4f82a52db6804eabffec260bf3a250b4c75
GET /icon/smallicon/jpg.svg HTTP/1.1
Host: sfile.mobi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sfile.mobi/bqgdEUXpRu7
Cookie: PHPSESSID=bqtm6opokaltkrcecnh4rn91l3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 22 Mar 2023 11:32:22 GMT
content-type: image/svg+xml
last-modified: Sun, 23 Jul 2017 06:29:45 GMT
etag: W/"8f5-554f639628840-gzip"
cache-control: max-age=604800
expires: Mon, 27 Mar 2023 09:09:17 GMT
vary: Accept-Encoding,User-Agent
x-frame-options: DENY
cf-cache-status: HIT
age: 181385
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zHo7rNv64Y0RV%2BJopIk%2FMbg%2Ba%2BfRwkviZcJOvHPbIUS4feG%2Fpm3pOFjKjbJu0ZDUds3vFOcMInoxxh%2FVbL54uKfZS8AZ%2BSBfH2hmwWBhOpjbJmqH%2Bd1HAZI8Weo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7abe1d1818561c12-OSL
content-encoding: br
X-Firefox-Spdy: h2
sfile.mobi/icon/sfile-icon-192x192.png
104.26.4.191200 OK 10 kB URL HTTP/2 sfile.mobi/icon/sfile-icon-192x192.png
IP 104.26.4.191:0
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash c657c0b27e6a3e98ae2736eab216cdb3
2eab135276b13dc87bdd3314ad8d7462e8246d35
5c9d9f4629d28f3fda7ccf4bae7bf6c53285686854a238b9ac0f2bac00836cb3
GET /icon/sfile-icon-192x192.png HTTP/1.1
Host: sfile.mobi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sfile.mobi/bqgdEUXpRu7
Cookie: PHPSESSID=bqtm6opokaltkrcecnh4rn91l3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 22 Mar 2023 11:32:22 GMT
content-type: image/png
content-length: 10001
cache-control: max-age=2592000
cf-bgj: imgq:100,h2pri
cf-polished: origSize=11566, status=vary_header_present
etag: "2d2e-572ecea29a780"
expires: Thu, 13 Apr 2023 23:09:21 GMT
last-modified: Wed, 08 Aug 2018 13:59:10 GMT
vary: User-Agent, Accept-Encoding
x-frame-options: DENY
cf-cache-status: HIT
age: 649380
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nP4mA%2Fluyab6s0PsmJbu%2FuJdnvYpjG3A5B0iEEv%2BOiR4fQUfdTPsI%2Bt555iDqm1ysUTahaumGA98HkXAlvFrNxZN%2B7wtgoGfKuXxLGwwXPaJhF9YdZmZj2Xo%2FS8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7abe1d18b9531c12-OSL
X-Firefox-Spdy: h2
sfile.mobi/icon/sfile-favicon.png
104.26.4.191200 OK 1.6 kB URL HTTP/2 sfile.mobi/icon/sfile-favicon.png
IP 104.26.4.191:0
File type PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash 5c95ba8563fa6c88c0a431fc97b8175b
52d10299240136ff498c6dae3847662f9953d150
3438b8c9e88b10b9ea2cd353929ab4d345d679a842313c78123b25c290bb7902
GET /icon/sfile-favicon.png HTTP/1.1
Host: sfile.mobi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sfile.mobi/bqgdEUXpRu7
Cookie: PHPSESSID=bqtm6opokaltkrcecnh4rn91l3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 22 Mar 2023 11:32:22 GMT
content-type: image/png
content-length: 1626
cache-control: max-age=2592000
cf-bgj: imgq:100,h2pri
cf-polished: origSize=2055, status=vary_header_present
etag: "807-554f42e2ce1c0"
expires: Tue, 28 Mar 2023 12:40:08 GMT
last-modified: Sun, 23 Jul 2017 04:03:27 GMT
vary: User-Agent, Accept-Encoding
x-frame-options: DENY
cf-cache-status: HIT
age: 2069534
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kQM3jDbKRhZBXPZfRqb%2Fr4EeMJojWciOQ6g0WdR4EM6udnZEov3pCUTxypaL%2F8ISS9UDOb9VL%2F6Jr4NhIHhW1Y6PS0jkKcn%2Fh%2F1GawTCxrEYwkj758vFIN%2B%2B6d4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7abe1d18b9581c12-OSL
X-Firefox-Spdy: h2
push.services.mozilla.com/
54.200.169.229101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.200.169.229:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: uVB8Urzj5to1ZOzaoEAjHA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 3hWwMQrgbzcg7UvxdtnsJMkHmzw=
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash f86da0dd278dab61512989673262b7b7
0a9e07a3e3001b0fd895cd6be56f4b6929048e7b
ac48a2d4cff37e533bcead879c78d3a6f937e6c07fe2aa71a7d0aa4cc5181752
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 22 Mar 2023 11:32:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash f86da0dd278dab61512989673262b7b7
0a9e07a3e3001b0fd895cd6be56f4b6929048e7b
ac48a2d4cff37e533bcead879c78d3a6f937e6c07fe2aa71a7d0aa4cc5181752
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 22 Mar 2023 11:32:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
sfile.mobi/icon/smallicon/txt.svg
104.26.4.191200 OK 1.5 kB URL HTTP/2 sfile.mobi/icon/smallicon/txt.svg
IP 104.26.4.191:0
File type SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 03dc6d0e857ed5add0ec697868ecb16b
0f6b3bc663d52c581f668b2c394a14e00fe3a164
c0300f9d712b3d489576087a5aa6522294370fda20c9631278454a1426d71510
Analyzer Verdict Alert fortinet Malware
GET /icon/smallicon/txt.svg HTTP/1.1
Host: sfile.mobi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sfile.mobi/bqgdEUXpRu7
Cookie: PHPSESSID=bqtm6opokaltkrcecnh4rn91l3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 22 Mar 2023 11:32:22 GMT
content-type: image/svg+xml
last-modified: Sun, 23 Jul 2017 04:35:21 GMT
etag: W/"c81-554f4a0423440-gzip"
cache-control: max-age=604800
expires: Thu, 23 Mar 2023 21:42:44 GMT
vary: Accept-Encoding,User-Agent
x-frame-options: DENY
cf-cache-status: HIT
age: 481778
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KJ5KJS3aQGP8d59mCorJoW1bcsFjUK9OoNh72TUGOgA6GbZpZteMdoZbondeR2E%2FJ1U8zV8%2Bgrh1kaOQMTV40Hq65gBrd%2Fd5JB7IqHf6sbgHEul4JHv%2FRqS1gak%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7abe1d1818491c12-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.google-analytics.com/j/collect?v=1&_v=j99&a=2077432875&t=pageview&_s=1&dl=https%3A%2F%2Fsfile.mobi%2FbqgdEUXpRu7&ul=en-us&de=UTF-8&dt=Tugas%20Akhir%20Skripsi%20Tesis%20Distertasi%20.%20pdf&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=IEBAAEABAAAAACAAI~&jid=1437812548&gjid=296879685&cid=704421555.1679484748&tid=UA-103187360-1&_gid=1884802649.1679484748&_r=1&_slc=1&z=722309554
216.58.207.206200 OK 3 B URL HTTP/2 www.google-analytics.com/j/collect?v=1&_v=j99&a=2077432875&t=pageview&_s=1&dl=https%3A%2F%2Fsfile.mobi%2FbqgdEUXpRu7&ul=en-us&de=UTF-8&dt=Tugas%20Akhir%20Skripsi%20Tesis%20Distertasi%20.%20pdf&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=IEBAAEABAAAAACAAI~&jid=1437812548&gjid=296879685&cid=704421555.1679484748&tid=UA-103187360-1&_gid=1884802649.1679484748&_r=1&_slc=1&z=722309554
IP 216.58.207.206:0
File type ASCII text, with no line terminators
Hash dec002daa3f9abe33f5ab1a61ba58e91
b286614a767c86a75059fb1d4557be706e7c3812
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
POST /j/collect?v=1&_v=j99&a=2077432875&t=pageview&_s=1&dl=https%3A%2F%2Fsfile.mobi%2FbqgdEUXpRu7&ul=en-us&de=UTF-8&dt=Tugas%20Akhir%20Skripsi%20Tesis%20Distertasi%20.%20pdf&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=IEBAAEABAAAAACAAI~&jid=1437812548&gjid=296879685&cid=704421555.1679484748&tid=UA-103187360-1&_gid=1884802649.1679484748&_r=1&_slc=1&z=722309554 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://sfile.mobi
Connection: keep-alive
Referer: https://sfile.mobi/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://sfile.mobi
date: Wed, 22 Mar 2023 11:32:22 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 3
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
sfile.mobi/icon/smallicon/png.svg
104.26.4.191200 OK 50 kB URL HTTP/2 sfile.mobi/icon/smallicon/png.svg
IP 104.26.4.191:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (2004), with no line terminators
Hash c720e704157e2e17a7a78f0eb486a561
bf15a074ebd251a7dc6efbadbcd9048de1085c12
d9acee0d417647ffb0f205efecdba183fa4ebe369c933fefea50d7bfb63d4b77
GET /icon/smallicon/png.svg HTTP/1.1
Host: sfile.mobi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sfile.mobi/bqgdEUXpRu7
Cookie: PHPSESSID=bqtm6opokaltkrcecnh4rn91l3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 22 Mar 2023 11:32:22 GMT
content-type: image/svg+xml
last-modified: Sun, 23 Jul 2017 06:29:45 GMT
etag: W/"7d4-554f639628840-gzip"
cache-control: max-age=604800
expires: Mon, 27 Mar 2023 02:37:17 GMT
vary: Accept-Encoding,User-Agent
x-frame-options: DENY
cf-cache-status: HIT
age: 204905
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y%2FRLy01QSGf3Dddvtl96WaNN6a3%2B06buR%2BGWWK5Pv0fvrFTXAL%2F5fjAL9fV1WoTOJLwoiFDtS%2FmDjq8TpzughmhuezQndjjeO%2BoVmIuEDHJ9kytNHuxvacgW3ug%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7abe1d18184d1c12-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 3e968c0f4319273e79821cbabf3bdbdc
99f1127052594878d49370fdcc61b1e4fbb69e61
82ea5f81bec224fa88a6b83c50481d819586b5de2fbb435d522d24ce1250b6cb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 22 Mar 2023 11:32:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash f86da0dd278dab61512989673262b7b7
0a9e07a3e3001b0fd895cd6be56f4b6929048e7b
ac48a2d4cff37e533bcead879c78d3a6f937e6c07fe2aa71a7d0aa4cc5181752
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 22 Mar 2023 11:32:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
googleads.g.doubleclick.net/pagead/html/r20230320/r20190131/zrt_lookup.html
142.250.74.162200 OK 4.5 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/html/r20230320/r20190131/zrt_lookup.html
IP 142.250.74.162:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3205)
Hash bad17ab9662318e8927e5009c83c2ad1
53ded630f95abe04b7b77d43076bf71b9ea71c02
68da39270ebfa6d17f4b765cbe004797a736611585ff0c53213d91f78f13c260
GET /pagead/html/r20230320/r20190131/zrt_lookup.html HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sfile.mobi/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 4549
x-xss-protection: 0
date: Wed, 22 Mar 2023 00:17:50 GMT
expires: Wed, 05 Apr 2023 00:17:50 GMT
cache-control: public, max-age=1209600
age: 40472
etag: 2378337311435320485
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 53c77f4eac44f53913d68abe7c9896d4
27b4242556156f2eaa06ff21ecb364865a50b8d9
15db303474e740477045393c0c00b8d64807d711d65e672e7263427263df6045
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 22 Mar 2023 11:32:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 8a237b3ec23da41b2cdefc39b643691f
322b5b2a4fb99140ac53a94058d34a4806133519
4d88ec2ff0cf38948e56dabbd03130bb35850d89921fe80e242e762fedde2468
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 22 Mar 2023 11:32:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 9446303f24a6e8e8d138867549399aa2
410a03d7475ec879b8e346f1706aea491e3f1da5
f7d7017ca9dbdf1822739e9baa6f34868504e6ce0d827aeeef82517c5db72960
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 22 Mar 2023 11:32:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
partner.googleadservices.com/gampad/cookie.js?domain=sfile.mobi&callback=_gfp_s_&client=ca-pub-8624516704918086
216.58.207.226200 OK 251 B URL HTTP/2 partner.googleadservices.com/gampad/cookie.js?domain=sfile.mobi&callback=_gfp_s_&client=ca-pub-8624516704918086
IP 216.58.207.226:0
File type ASCII text, with very long lines (387), with no line terminators
Hash 02a886ca5dd1e8bb3a9558e337ae1cb0
0d32188e4900c31875c6e94b2fd84d35ede9bd14
0fb06f4acf8e05b005d0207f17024cecda680c7b3ac6ddc0313077e64b528466
GET /gampad/cookie.js?domain=sfile.mobi&callback=_gfp_s_&client=ca-pub-8624516704918086 HTTP/1.1
Host: partner.googleadservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sfile.mobi/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Wed, 22 Mar 2023 11:32:22 GMT
server: cafe
cache-control: private
content-length: 251
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
adservice.google.no/adsid/integrator.js?domain=sfile.mobi
216.58.207.194200 OK 100 B URL HTTP/2 adservice.google.no/adsid/integrator.js?domain=sfile.mobi
IP 216.58.207.194:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=sfile.mobi HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sfile.mobi/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Wed, 22 Mar 2023 11:32:22 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
adservice.google.com/adsid/integrator.js?domain=sfile.mobi
142.250.74.66200 OK 100 B URL HTTP/2 adservice.google.com/adsid/integrator.js?domain=sfile.mobi
IP 142.250.74.66:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=sfile.mobi HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sfile.mobi/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Wed, 22 Mar 2023 11:32:22 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 53c77f4eac44f53913d68abe7c9896d4
27b4242556156f2eaa06ff21ecb364865a50b8d9
15db303474e740477045393c0c00b8d64807d711d65e672e7263427263df6045
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 22 Mar 2023 11:32:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 8a237b3ec23da41b2cdefc39b643691f
322b5b2a4fb99140ac53a94058d34a4806133519
4d88ec2ff0cf38948e56dabbd03130bb35850d89921fe80e242e762fedde2468
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 22 Mar 2023 11:32:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 9446303f24a6e8e8d138867549399aa2
410a03d7475ec879b8e346f1706aea491e3f1da5
f7d7017ca9dbdf1822739e9baa6f34868504e6ce0d827aeeef82517c5db72960
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 22 Mar 2023 11:32:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash c33c89e76415c5940d5d1971f1e2198e
178db9b151d4dee35b27710ceb1f3cc7827f7753
0e5ca2a08544e0947afca36bd46d3b60bc2b9489088e26832ec8612f1abaa667
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 22 Mar 2023 11:32:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
tpc.googlesyndication.com/pagead/js/r20230320/r20110914/client/qs_click_protection_fy2021.js
216.58.207.225200 OK 8.6 kB URL HTTP/2 tpc.googlesyndication.com/pagead/js/r20230320/r20110914/client/qs_click_protection_fy2021.js
IP 216.58.207.225:0
File type ASCII text, with very long lines (2465)
Hash 9da78d3accd905d5cc426fad37ef9ce9
c1c5ebc107844e165679f2b069763d10cf8d226d
79578369b938e27d7a0e3b6d02e048ef340d848e12e7b2465acb1e52dc24eeaa
GET /pagead/js/r20230320/r20110914/client/qs_click_protection_fy2021.js HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 8627
x-xss-protection: 0
date: Tue, 21 Mar 2023 18:36:57 GMT
expires: Tue, 04 Apr 2023 18:36:57 GMT
cache-control: public, max-age=1209600
age: 60926
etag: 8620137988422272387
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.digicert.com/
192.229.221.95200 OK 314 B IP 192.229.221.95:0
Hash a0891b2bea3bbbe4dd8ad760e315b9c0
2db43ae485ec7a9d37a18f3b8435040538e161c4
0e57ee2309d420b47095a5dd9999e9421c1a6c2ed2f6f8aa444049a74dd6712d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2551
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 22 Mar 2023 11:32:23 GMT
Last-Modified: Wed, 22 Mar 2023 10:49:52 GMT
Server: ECAcc (ska/F7A5)
X-Cache: HIT
Content-Length: 314
ocsp.digicert.com/
192.229.221.95200 OK 313 B IP 192.229.221.95:0
Hash 7fd464cfc824c67a1d8f913dff9f2abc
61ff1011b551915a8c331105dfb075a555233c04
2344e926ed656ac0dcdf2cce94fa07b85007a11b123850ec9c43fc24ee438f9b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5668
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 22 Mar 2023 11:32:23 GMT
Last-Modified: Wed, 22 Mar 2023 09:57:55 GMT
Server: ECAcc (ska/F7A3)
X-Cache: HIT
Content-Length: 313
rtb.fr.eu.criteo.com/google/auction/notify?profile=14&payload=kOfnDbOzWdQHmAKdg2ICAgAAANBaj4hxBDHKEEfnGmTkspO-NOIg8vvdAAASAAAKDkFRVUJCUVlCQlFFQkJR&wp=ZBrnRwABrqwKwlKFAAfVub0tmS6M_MaaR4TleA
178.250.0.129200 OK 0 B URL HTTP/2 rtb.fr.eu.criteo.com/google/auction/notify?profile=14&payload=kOfnDbOzWdQHmAKdg2ICAgAAANBaj4hxBDHKEEfnGmTkspO-NOIg8vvdAAASAAAKDkFRVUJCUVlCQlFFQkJR&wp=ZBrnRwABrqwKwlKFAAfVub0tmS6M_MaaR4TleA
IP 178.250.0.129:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /google/auction/notify?profile=14&payload=kOfnDbOzWdQHmAKdg2ICAgAAANBaj4hxBDHKEEfnGmTkspO-NOIg8vvdAAASAAAKDkFRVUJCUVlCQlFFQkJR&wp=ZBrnRwABrqwKwlKFAAfVub0tmS6M_MaaR4TleA HTTP/1.1
Host: rtb.fr.eu.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server-processing-duration-in-ticks: 325134
date: Wed, 22 Mar 2023 11:32:23 GMT
server: Kestrel
content-length: 0
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash a0d3d7099bbc5fed74a6e78e1a3096bf
96afaf8b3ac053577c56aca5f4a20d8655ecb771
c8ff32c6809a506d4c656d3200dbfc6682c156c3de0647d13ab8f07a6f9a38ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C8FF32C6809A506D4C656D3200DBFC6682C156C3DE0647D13AB8F07A6F9A38BA"
Last-Modified: Tue, 21 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3567
Expires: Wed, 22 Mar 2023 12:31:50 GMT
Date: Wed, 22 Mar 2023 11:32:23 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash a0d3d7099bbc5fed74a6e78e1a3096bf
96afaf8b3ac053577c56aca5f4a20d8655ecb771
c8ff32c6809a506d4c656d3200dbfc6682c156c3de0647d13ab8f07a6f9a38ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C8FF32C6809A506D4C656D3200DBFC6682C156C3DE0647D13AB8F07A6F9A38BA"
Last-Modified: Tue, 21 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3567
Expires: Wed, 22 Mar 2023 12:31:50 GMT
Date: Wed, 22 Mar 2023 11:32:23 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash a0d3d7099bbc5fed74a6e78e1a3096bf
96afaf8b3ac053577c56aca5f4a20d8655ecb771
c8ff32c6809a506d4c656d3200dbfc6682c156c3de0647d13ab8f07a6f9a38ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C8FF32C6809A506D4C656D3200DBFC6682C156C3DE0647D13AB8F07A6F9A38BA"
Last-Modified: Tue, 21 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3567
Expires: Wed, 22 Mar 2023 12:31:50 GMT
Date: Wed, 22 Mar 2023 11:32:23 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash a0d3d7099bbc5fed74a6e78e1a3096bf
96afaf8b3ac053577c56aca5f4a20d8655ecb771
c8ff32c6809a506d4c656d3200dbfc6682c156c3de0647d13ab8f07a6f9a38ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C8FF32C6809A506D4C656D3200DBFC6682C156C3DE0647D13AB8F07A6F9A38BA"
Last-Modified: Tue, 21 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3567
Expires: Wed, 22 Mar 2023 12:31:50 GMT
Date: Wed, 22 Mar 2023 11:32:23 GMT
Connection: keep-alive
ocsp.digicert.com/
192.229.221.95200 OK 471 B IP 192.229.221.95:0
Hash ba105150fe06f5fbb5fabfa187810f8d
5a2b5cbe11c89e6209ea8b22cb04365bd5a7b4e3
6e9a1477b71292266babd80ae34dbe8bd8db5d7ca97a93467be12440dc28fea8
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4677
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 22 Mar 2023 11:32:23 GMT
Last-Modified: Wed, 22 Mar 2023 10:14:26 GMT
Server: ECAcc (ska/F757)
X-Cache: HIT
Content-Length: 471
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F882a2ebf-b22a-46de-bf52-8b9a1aaa2743.jpeg
34.120.237.76200 OK 8.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F882a2ebf-b22a-46de-bf52-8b9a1aaa2743.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash aeb0d8069d746e467fecd886c0e42628
8229b537f84a7418dc67e30691e62db4cea67f0f
24705dc5b7eefd79a35323beee7c741aa041c3bf55801d13b4ffc2b202e6a394
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F882a2ebf-b22a-46de-bf52-8b9a1aaa2743.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8037
x-amzn-requestid: 7a9f7bb5-d810-4831-b5d2-3eead1af864a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CJprcGY1IAMFSAg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641a2315-53cdee4b645ed18e1dfeb92c;Sampled=0
x-amzn-remapped-date: Tue, 21 Mar 2023 21:35:17 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: QW8T5AGg_L1mT4fE8IHeBG9TSiGpbBJpZE2yZdBtAQMJCPV8OKK5Dw==
via: 1.1 a87682502db4b394cc6ba84510da9f98.cloudfront.net (CloudFront), 1.1 ae06b19943a6bad1c1b12b79f7339498.cloudfront.net (CloudFront), 1.1 google
date: Tue, 21 Mar 2023 21:47:59 GMT
etag: "8229b537f84a7418dc67e30691e62db4cea67f0f"
content-type: image/jpeg
age: 49464
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4dd98384-60d9-42a6-b5f1-eaad9ae4a705.jpeg
34.120.237.76200 OK 9.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4dd98384-60d9-42a6-b5f1-eaad9ae4a705.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2c7bec9da082108d1d2229b92a525707
7cc176d48fe8f315713a466fdc5ca1a7779947e3
c2f882dbd21a0cb1815b0defc9415317ad0007f4d30de6ece6a927f670ef1a3a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4dd98384-60d9-42a6-b5f1-eaad9ae4a705.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9643
x-amzn-requestid: d51fabf3-6dab-4cbd-a496-2533f197fa2d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CJptRFX1oAMFdsg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641a2321-28422e2f0f9470bd348ea7ea;Sampled=0
x-amzn-remapped-date: Tue, 21 Mar 2023 21:35:29 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: Nk-E2rtgs61BJCIBxmHa0CDV3UfWqR-tI0T4L_VuzTgC6fhYy_jZlw==
via: 1.1 f193acd25f2604e189bfbfaf539aaa06.cloudfront.net (CloudFront), 1.1 5c7981a979abd51ba7e5ca7d464fd048.cloudfront.net (CloudFront), 1.1 google
date: Tue, 21 Mar 2023 22:09:39 GMT
age: 48164
etag: "7cc176d48fe8f315713a466fdc5ca1a7779947e3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F844f3e97-b153-4a18-b087-e858f349c316.jpeg
34.120.237.76200 OK 9.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F844f3e97-b153-4a18-b087-e858f349c316.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d8ab9fe4465396637b9c70a873634f63
d4e02105d3b968143681ee23ffe08443da8a7968
8f95b0a0bd72b13e993324d417e7a5b06803d9a506be2092a16054797e248982
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F844f3e97-b153-4a18-b087-e858f349c316.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8979
x-amzn-requestid: 091c8dfe-d3cd-46d2-8f4b-c2d7f2774fb2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CJqOpEGSIAMFWvw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641a23f7-15a534ad2d9949715f56d66a;Sampled=0
x-amzn-remapped-date: Tue, 21 Mar 2023 21:39:03 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: JWCKCA5xxVxEhqsv2Dm542y7CeyY_LYYz0nZFLdz_-my6X1zfSMPxg==
via: 1.1 626ad4a6bf529166d2aad94a2957694c.cloudfront.net (CloudFront), 1.1 b618c0f73dc30c968057784ed0185d7a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 21 Mar 2023 21:47:59 GMT
etag: "d4e02105d3b968143681ee23ffe08443da8a7968"
content-type: image/jpeg
age: 49464
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22c3f36a-d800-4eab-8a32-e2b5ef86e386.jpeg
34.120.237.76200 OK 9.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22c3f36a-d800-4eab-8a32-e2b5ef86e386.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 412bd6aea60211324e649d7d920601d2
a813976bda850a584b5ab94d9a70bfe0da69aca0
d36ef17fc6ab3cd4e5e43836f7df2c6fdf1781f1bac73e42c9a09e8594f797f9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22c3f36a-d800-4eab-8a32-e2b5ef86e386.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9459
x-amzn-requestid: 1b374321-f2df-404f-ab91-4e73d830fac9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CJqmAEhHoAMFgRQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641a248c-217d81154ecfe0c44ca70432;Sampled=0
x-amzn-remapped-date: Tue, 21 Mar 2023 21:41:32 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: akl7ASh6hPewrlTjOxORbQRIcBbIHLM9JQgMexhgsiPqc1OarfnPHw==
via: 1.1 8ae6af4d17aae7471e5fe2792eb6abcc.cloudfront.net (CloudFront), 1.1 2c6b5dd77f1abe60653ce0454f344b64.cloudfront.net (CloudFront), 1.1 google
date: Tue, 21 Mar 2023 21:47:59 GMT
age: 49464
etag: "a813976bda850a584b5ab94d9a70bfe0da69aca0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F08561a1f-1d19-45db-be98-107d6b1ed25d.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F08561a1f-1d19-45db-be98-107d6b1ed25d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6f0b9e85381489dcf646c251722b21d4
5f7ea91288a2170bcabdca6be296718c4191eacd
911f803271ad9053ebac3787bdde9b75ec604acc6aa28692cc8e4c5c4fb61483
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F08561a1f-1d19-45db-be98-107d6b1ed25d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10480
x-amzn-requestid: 58aa8272-4b4e-4a2f-9d6e-d47f70891c49
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CJptHG7JoAMFSwA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641a2320-2fd6502b1271d5c13b4ebbe9;Sampled=0
x-amzn-remapped-date: Tue, 21 Mar 2023 21:35:28 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: hqGFdT1Sk0IcvaNqfvjz5RsGBK-qMBcNKbK9FyZ7OoiH30hDL9ekxA==
via: 1.1 2241406ac19fffc8f35d6ddef8e22f56.cloudfront.net (CloudFront), 1.1 de2dd11312f7d5ad3bcd0cb112c7fd0e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 21 Mar 2023 22:09:39 GMT
age: 48164
etag: "5f7ea91288a2170bcabdca6be296718c4191eacd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255e6a5a-97bb-4a35-8a48-4d120747a63c.jpeg
34.120.237.76200 OK 4.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255e6a5a-97bb-4a35-8a48-4d120747a63c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 85351059b67b0a42eda7e69a31b3b4b4
b798268806dc2f79f033e5872676019faf0e0cc1
86e163b7159b197d6358ab01333ac6da221de0ebe1c5da8d5cef2977d38625fe
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255e6a5a-97bb-4a35-8a48-4d120747a63c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4000
x-amzn-requestid: 68dc01d7-3eed-48f6-8532-8efaa96cc1ec
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CJpraEqyoAMFgNQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641a2315-3852cc8961365a560d1fa02f;Sampled=0
x-amzn-remapped-date: Tue, 21 Mar 2023 21:35:17 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: 2e9Y7K5xIkpbhFR8a4kGAVX7X2-97lB13zHrjOuqlkalxzdbCDcfPA==
via: 1.1 288c777a01e22425da9494dad7a69734.cloudfront.net (CloudFront), 1.1 abbf2df97f9d83839470842dc2e68cb6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 21 Mar 2023 21:47:57 GMT
age: 49466
etag: "b798268806dc2f79f033e5872676019faf0e0cc1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
rtb.nl3.eu.criteo.com/google/auction/notify?profile=14&payload=kLiJFrOzWdQHmAKdg2ICAgAAAHtgdmRtZHH_EEbnGmRkTYpHFDaSRWNjAAASAAAKDkFRVUJBUVlCQVFFQkFR&wp=ZBrnRwABrfIKGcoMAArkoDG2epcR8cRpt87qzQ
178.250.1.10200 OK 0 B URL HTTP/2 rtb.nl3.eu.criteo.com/google/auction/notify?profile=14&payload=kLiJFrOzWdQHmAKdg2ICAgAAAHtgdmRtZHH_EEbnGmRkTYpHFDaSRWNjAAASAAAKDkFRVUJBUVlCQVFFQkFR&wp=ZBrnRwABrfIKGcoMAArkoDG2epcR8cRpt87qzQ
IP 178.250.1.10:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /google/auction/notify?profile=14&payload=kLiJFrOzWdQHmAKdg2ICAgAAAHtgdmRtZHH_EEbnGmRkTYpHFDaSRWNjAAASAAAKDkFRVUJBUVlCQVFFQkFR&wp=ZBrnRwABrfIKGcoMAArkoDG2epcR8cRpt87qzQ HTTP/1.1
Host: rtb.nl3.eu.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server-processing-duration-in-ticks: 189784
date: Wed, 22 Mar 2023 11:32:23 GMT
server: Kestrel
content-length: 0
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
ocsp.digicert.com/
192.229.221.95200 OK 313 B IP 192.229.221.95:0
Hash 5cd946186beb2d5aaf67bed9e5da5408
2ef7ba5577c3eb69b7829489f33aa5057f84f4ae
5650882d3cb625310e1bfe412dc2a95a9dcc760f4f5002c6d4126abc06ce8c12
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5839
Cache-Control: max-age=113428
Content-Type: application/ocsp-response
Date: Wed, 22 Mar 2023 11:32:23 GMT
Etag: "6419e88c-139"
Expires: Thu, 23 Mar 2023 19:02:51 GMT
Last-Modified: Tue, 21 Mar 2023 17:25:32 GMT
Server: ECAcc (ska/F73A)
X-Cache: HIT
Content-Length: 313
ocsp.digicert.com/
192.229.221.95200 OK 313 B IP 192.229.221.95:0
Hash 5cd946186beb2d5aaf67bed9e5da5408
2ef7ba5577c3eb69b7829489f33aa5057f84f4ae
5650882d3cb625310e1bfe412dc2a95a9dcc760f4f5002c6d4126abc06ce8c12
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5839
Cache-Control: max-age=113428
Content-Type: application/ocsp-response
Date: Wed, 22 Mar 2023 11:32:23 GMT
Etag: "6419e88c-139"
Expires: Thu, 23 Mar 2023 19:02:51 GMT
Last-Modified: Tue, 21 Mar 2023 17:25:32 GMT
Server: ECAcc (ska/F775)
X-Cache: HIT
Content-Length: 313
ocsp.digicert.com/
192.229.221.95200 OK 313 B IP 192.229.221.95:0
Hash 5cd946186beb2d5aaf67bed9e5da5408
2ef7ba5577c3eb69b7829489f33aa5057f84f4ae
5650882d3cb625310e1bfe412dc2a95a9dcc760f4f5002c6d4126abc06ce8c12
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5839
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 22 Mar 2023 11:32:23 GMT
Last-Modified: Wed, 22 Mar 2023 09:55:04 GMT
Server: ECAcc (ska/F756)
X-Cache: HIT
Content-Length: 313
static.criteo.net/design/dt/f342bdd505994d4ebb138128d448f553_avenirnextltpro.woff
178.250.1.3200 OK 21 kB URL HTTP/2 static.criteo.net/design/dt/f342bdd505994d4ebb138128d448f553_avenirnextltpro.woff
IP 178.250.1.3:0
File type Web Open Font Format, TrueType, length 21444, version 1.100\012- data
Hash 20be5fdc3302b5f3d13fca2690afc5ef
1e75a45c81ca3ab4aee08f53c828f60daa21ff58
ed53eeea7846fe89ec2d53b5bf89b34ca78854854abdb469697c63509cc2e0ec
GET /design/dt/f342bdd505994d4ebb138128d448f553_avenirnextltpro.woff HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ads.eu.criteo.com
Connection: keep-alive
Referer: https://ads.eu.criteo.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 22 Mar 2023 11:32:23 GMT
content-type: text/plain; charset=UTF-8
content-length: 21444
last-modified: Tue, 11 Jun 2019 14:25:37 GMT
etag: "5cffb9e1-53c4"
expires: Sat, 16 Mar 2024 11:32:23 GMT
cache-control: max-age=31104000, public
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
accept-ranges: bytes
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
static.criteo.net/design/dt/1662e641d7d74eeb886a0ffc41a660df_avenirnextltpro-regular.woff
178.250.1.3200 OK 34 kB URL HTTP/2 static.criteo.net/design/dt/1662e641d7d74eeb886a0ffc41a660df_avenirnextltpro-regular.woff
IP 178.250.1.3:0
File type Web Open Font Format, CFF, length 34384, version 1.100\012- data
Hash 6ca898ae5c32e1195b576276384b72b1
05e67b45b9e1dcc4e64f02c619978ee7297f3752
38784db79bb7cb8998e180cff575a3d42741bbdbbeda1aad281c653089b193b1
GET /design/dt/1662e641d7d74eeb886a0ffc41a660df_avenirnextltpro-regular.woff HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ads.eu.criteo.com
Connection: keep-alive
Referer: https://ads.eu.criteo.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 22 Mar 2023 11:32:23 GMT
content-type: text/plain; charset=UTF-8
content-length: 34384
last-modified: Tue, 11 Jun 2019 14:25:37 GMT
etag: "5cffb9e1-8650"
expires: Sat, 16 Mar 2024 11:32:23 GMT
cache-control: max-age=31104000, public
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
accept-ranges: bytes
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
static.criteo.net/design/dt/010ccf751ef748128c521a75a966b8f1_bauer-bodoni-condensed-bold.woff
178.250.1.3200 OK 19 kB URL HTTP/2 static.criteo.net/design/dt/010ccf751ef748128c521a75a966b8f1_bauer-bodoni-condensed-bold.woff
IP 178.250.1.3:0
File type Web Open Font Format, CFF, length 19060, version 3.1\012- data
Hash c9425392bd0018132c74733dd7b2dbf8
a47dd39ae0b16c90e8e15d66302f932e367851bf
389eb0c986cfdb90b468d3c2f068b5bcb6753bb9ece0581e1bba0b8087a92b74
GET /design/dt/010ccf751ef748128c521a75a966b8f1_bauer-bodoni-condensed-bold.woff HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ads.eu.criteo.com
Connection: keep-alive
Referer: https://ads.eu.criteo.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 22 Mar 2023 11:32:23 GMT
content-type: text/plain; charset=UTF-8
content-length: 19060
last-modified: Tue, 21 Jun 2022 20:54:03 GMT
etag: "62b22feb-4a74"
expires: Sat, 16 Mar 2024 11:32:23 GMT
cache-control: max-age=31104000, public
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
accept-ranges: bytes
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
static.criteo.net/flash/icon/back_button2.svg
178.250.1.3200 OK 293 B URL HTTP/2 static.criteo.net/flash/icon/back_button2.svg
IP 178.250.1.3:0
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with CRLF line terminators
Hash d9f776bdc698e1bc9c6a1977218019cd
5763cfb5ac79adf0fa7f03a82bad04eea2dca243
725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a
GET /flash/icon/back_button2.svg HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.eu.criteo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 22 Mar 2023 11:32:23 GMT
content-type: image/svg+xml
content-length: 293
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
etag: "626a59dc-125"
expires: Sat, 16 Mar 2024 11:32:23 GMT
cache-control: max-age=31104000, public
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
accept-ranges: bytes
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
static.criteo.net/flash/icon/close_button.svg
178.250.1.3200 OK 308 B URL HTTP/2 static.criteo.net/flash/icon/close_button.svg
IP 178.250.1.3:0
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with CRLF line terminators
Hash 1bfe2e290ec4440da74a2e2c249eae2b
0b888a3f9e27d1554f2e21d51e7a1c223d00dbd4
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
GET /flash/icon/close_button.svg HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.eu.criteo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 22 Mar 2023 11:32:23 GMT
content-type: image/svg+xml
content-length: 308
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
etag: "5e46a5e4-134"
expires: Sat, 16 Mar 2024 11:32:23 GMT
cache-control: max-age=31104000, public
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
accept-ranges: bytes
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
static.criteo.net/flash/icon/privacy.svg
178.250.1.3200 OK 1.2 kB URL HTTP/2 static.criteo.net/flash/icon/privacy.svg
IP 178.250.1.3:0
Hash 3056a8e1d09654ffa8624ffb0e505a7b
4642bef465cc4d8af4388d8ad144ba34fe43455a
af46bbdeb2462ae72e4bb0ccd3ef69391f2408f8395b2ea81ea8492543b75af9
GET /flash/icon/privacy.svg HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.eu.criteo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 22 Mar 2023 11:32:23 GMT
content-type: image/svg+xml
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
etag: W/"5e4d1491-646"
expires: Sat, 16 Mar 2024 11:32:23 GMT
cache-control: max-age=31104000, public
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
ocsp.digicert.com/
192.229.221.95200 OK 312 B IP 192.229.221.95:0
Hash 4ca3377c6eeae0803145191b588f5f13
18cdeefcb37977c91dd0b9c6f6f58dfd88255a9e
09895e51a0719eee4424c97ce3fb65db3c99f3604d402c1c44682f411e34f591
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 732
Cache-Control: max-age=166246
Content-Type: application/ocsp-response
Date: Wed, 22 Mar 2023 11:32:24 GMT
Etag: "641acad2-138"
Expires: Fri, 24 Mar 2023 09:43:10 GMT
Last-Modified: Wed, 22 Mar 2023 09:30:58 GMT
Server: ECAcc (ska/F756)
X-Cache: HIT
Content-Length: 312
sfile.mobi/icon/smallicon/pdf.svg
104.26.4.191200 OK 2.1 kB URL HTTP/2 sfile.mobi/icon/smallicon/pdf.svg
IP 104.26.4.191:0
File type SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 6c9f557d3f9049ade5d65f56728d623b
714139321bbe32901eb9da9682a2ca9f7b195354
f06bbb50e9dbe1ef0eec4dfa49d3771084487b1727e0ba12a51218183fa53887
Analyzer Verdict Alert fortinet Malware
GET /icon/smallicon/pdf.svg HTTP/1.1
Host: sfile.mobi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sfile.mobi/bqgdEUXpRu7
Cookie: PHPSESSID=bqtm6opokaltkrcecnh4rn91l3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 22 Mar 2023 11:32:22 GMT
content-type: image/svg+xml
last-modified: Sun, 23 Jul 2017 04:55:06 GMT
etag: W/"ea8-554f4e6e3de80-gzip"
cache-control: max-age=604800
expires: Fri, 24 Mar 2023 08:44:16 GMT
vary: Accept-Encoding,User-Agent
x-frame-options: DENY
cf-cache-status: HIT
age: 442086
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2%2BeCkwmzzs%2Ficsu2uHdf4jg9uEGwNoY%2B7Mca7Xi4d4vQcrT3itDoQ4xA7RbQN2nlChMWB1d9nzRJZUn6m7MCWCKq7MNrycxlb9jS3QWwj26b3zmRGzjmmUNPZS4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7abe1d1818461c12-OSL
content-encoding: br
X-Firefox-Spdy: h2
pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=49287&q=80&r=0&u=https%3A%2F%2Fwww.fluevog.com%2Fcode%2Ffiles%2Fcolour_image%2F0000025134%2Fretina_detail.jpg&v=3&w=800&s=0XI6w-9WkZNevTgSLqQRSh-U&b=800
178.250.1.14200 OK 36 kB URL HTTP/2 pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=49287&q=80&r=0&u=https%3A%2F%2Fwww.fluevog.com%2Fcode%2Ffiles%2Fcolour_image%2F0000025134%2Fretina_detail.jpg&v=3&w=800&s=0XI6w-9WkZNevTgSLqQRSh-U&b=800
IP 178.250.1.14:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 702x800, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 63c49e94959fea6b333ee7656c559056
ce10b8c3dab491d0e77db2acffe24635bf3811b6
7338f909cdaeaa2730f0d3207dbd556fc0f5e782fad2638fc0af1ba9a4142058
GET /img/img?c=3&cq=256&h=800&m=0&partner=49287&q=80&r=0&u=https%3A%2F%2Fwww.fluevog.com%2Fcode%2Ffiles%2Fcolour_image%2F0000025134%2Fretina_detail.jpg&v=3&w=800&s=0XI6w-9WkZNevTgSLqQRSh-U&b=800 HTTP/1.1
Host: pix.eu.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.eu.criteo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=636676
expires: Wed, 29 Mar 2023 20:23:40 GMT
date: Wed, 22 Mar 2023 11:32:23 GMT
server: Finatra
cross-origin-resource-policy: cross-origin
content-length: 36146
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
content-type: image/webp
timing-allow-origin: *
vary: Origin
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=49287&q=80&r=0&u=https%3A%2F%2Fwww.fluevog.com%2Fcode%2Ffiles%2Fcolour_image%2F0000024080%2Fretina_detail.jpg&v=3&w=800&s=auPERdv3mUZfJdzOxDg9WnuW&b=800
178.250.1.14200 OK 36 kB URL HTTP/2 pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=49287&q=80&r=0&u=https%3A%2F%2Fwww.fluevog.com%2Fcode%2Ffiles%2Fcolour_image%2F0000024080%2Fretina_detail.jpg&v=3&w=800&s=auPERdv3mUZfJdzOxDg9WnuW&b=800
IP 178.250.1.14:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 800x617, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 50e61bb670c781d45120762837e25c0f
f809e529c67781c8139d32b2c7b5f44060018b78
c9c084e1fa4269c4d8a9cf85560c45dfc1ee2f16820d07708ec52ded95403cb4
GET /img/img?c=3&cq=256&h=800&m=0&partner=49287&q=80&r=0&u=https%3A%2F%2Fwww.fluevog.com%2Fcode%2Ffiles%2Fcolour_image%2F0000024080%2Fretina_detail.jpg&v=3&w=800&s=auPERdv3mUZfJdzOxDg9WnuW&b=800 HTTP/1.1
Host: pix.eu.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.eu.criteo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=636672
expires: Wed, 29 Mar 2023 20:23:36 GMT
date: Wed, 22 Mar 2023 11:32:23 GMT
server: Finatra
cross-origin-resource-policy: cross-origin
content-length: 36128
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
content-type: image/webp
timing-allow-origin: *
vary: Origin
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=49287&q=80&r=0&u=https%3A%2F%2Fwww.fluevog.com%2Fcode%2Ffiles%2Fcolour_image%2F0000024755%2Fretina_detail.jpg&v=3&w=800&s=-Blu92jMXF3qSFQz6r57ukDm&b=800
178.250.1.14200 OK 25 kB URL HTTP/2 pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=49287&q=80&r=0&u=https%3A%2F%2Fwww.fluevog.com%2Fcode%2Ffiles%2Fcolour_image%2F0000024755%2Fretina_detail.jpg&v=3&w=800&s=-Blu92jMXF3qSFQz6r57ukDm&b=800
IP 178.250.1.14:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 800x517, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 8744622e0d2d5c045e50a8552cae7f4f
14bd1f0d7d5cced96db6c59d508ca528a7ee2910
b22296056f46bae4617fe73b843120d8dbeb3b556ee79191d059b3e887612f2e
GET /img/img?c=3&cq=256&h=800&m=0&partner=49287&q=80&r=0&u=https%3A%2F%2Fwww.fluevog.com%2Fcode%2Ffiles%2Fcolour_image%2F0000024755%2Fretina_detail.jpg&v=3&w=800&s=-Blu92jMXF3qSFQz6r57ukDm&b=800 HTTP/1.1
Host: pix.eu.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.eu.criteo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=636678
expires: Wed, 29 Mar 2023 20:23:43 GMT
date: Wed, 22 Mar 2023 11:32:23 GMT
server: Finatra
cross-origin-resource-policy: cross-origin
content-length: 25342
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
content-type: image/webp
timing-allow-origin: *
vary: Origin
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=49287&q=80&r=0&u=https%3A%2F%2Fwww.fluevog.com%2Fcode%2Ffiles%2Fcolour_image%2F0000026148%2Fretina_detail.jpg&v=3&w=800&s=cs2AtU3JppdIINhcGErECISZ&b=800
178.250.1.14200 OK 32 kB URL HTTP/2 pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=49287&q=80&r=0&u=https%3A%2F%2Fwww.fluevog.com%2Fcode%2Ffiles%2Fcolour_image%2F0000026148%2Fretina_detail.jpg&v=3&w=800&s=cs2AtU3JppdIINhcGErECISZ&b=800
IP 178.250.1.14:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 530x800, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash bd396e1db21c87985ed8e2c210c6edac
a631a9f8fa536117e1fc4e6ab0113facbac5deed
d4f20acb740a0a34c430d93ae3532dcf0378be76eb08c85c19c3b19a8e4366e3
GET /img/img?c=3&cq=256&h=800&m=0&partner=49287&q=80&r=0&u=https%3A%2F%2Fwww.fluevog.com%2Fcode%2Ffiles%2Fcolour_image%2F0000026148%2Fretina_detail.jpg&v=3&w=800&s=cs2AtU3JppdIINhcGErECISZ&b=800 HTTP/1.1
Host: pix.eu.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.eu.criteo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=636756
expires: Wed, 29 Mar 2023 20:25:00 GMT
date: Wed, 22 Mar 2023 11:32:23 GMT
server: Finatra
cross-origin-resource-policy: cross-origin
content-length: 31872
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
content-type: image/webp
timing-allow-origin: *
vary: Origin
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=49287&q=80&r=0&u=https%3A%2F%2Fwww.fluevog.com%2Fcode%2Ffiles%2Fcolour_image%2F0000026351%2Fretina_detail.jpg&v=3&w=800&s=h5GxcXO1KttkZSEocenPH0vh&b=800
178.250.1.14200 OK 42 kB URL HTTP/2 pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=49287&q=80&r=0&u=https%3A%2F%2Fwww.fluevog.com%2Fcode%2Ffiles%2Fcolour_image%2F0000026351%2Fretina_detail.jpg&v=3&w=800&s=h5GxcXO1KttkZSEocenPH0vh&b=800
IP 178.250.1.14:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 800x619, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash d9eea87df8d5009d2710fb9a425160f9
445a27a2e8a0fcaab23ff9fa4726c47bcb66a7b0
b32919e46da6b5a57d5fe6ddffb1440a166e9ee98c5d5e8584d175d4fe77809d
GET /img/img?c=3&cq=256&h=800&m=0&partner=49287&q=80&r=0&u=https%3A%2F%2Fwww.fluevog.com%2Fcode%2Ffiles%2Fcolour_image%2F0000026351%2Fretina_detail.jpg&v=3&w=800&s=h5GxcXO1KttkZSEocenPH0vh&b=800 HTTP/1.1
Host: pix.eu.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.eu.criteo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, max-age=636722
expires: Wed, 29 Mar 2023 20:24:26 GMT
date: Wed, 22 Mar 2023 11:32:23 GMT
server: Finatra
cross-origin-resource-policy: cross-origin
content-length: 41778
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
content-type: image/webp
timing-allow-origin: *
vary: Origin
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
pix.eu.criteo.net/img/img?h=556&m=0&partner=97215&q=80&r=0&u=http%3A%2F%2Fstatic.fr.eu.criteo.net%2Fdesign%2Fdt%2F97215%2F230227%2Fa7aee2893a534249a6c8144c019c39f8_magnanni.logo-2x.jpg&v=3&w=196&s=WGKUmQwRFk179CYiN1HyMaBQ
178.250.1.14200 OK 1.2 kB URL HTTP/2 pix.eu.criteo.net/img/img?h=556&m=0&partner=97215&q=80&r=0&u=http%3A%2F%2Fstatic.fr.eu.criteo.net%2Fdesign%2Fdt%2F97215%2F230227%2Fa7aee2893a534249a6c8144c019c39f8_magnanni.logo-2x.jpg&v=3&w=196&s=WGKUmQwRFk179CYiN1HyMaBQ
IP 178.250.1.14:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 196x73, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 55497bc90d1eb71b25042646bf7255e9
fffa9b58536053d84e075d73e043c29c6a53c77c
53ab7435ce2e5ffc47c5ca57d7d2ed599279a6e4dd5a39f6fe9e7deb2e82a37b
GET /img/img?h=556&m=0&partner=97215&q=80&r=0&u=http%3A%2F%2Fstatic.fr.eu.criteo.net%2Fdesign%2Fdt%2F97215%2F230227%2Fa7aee2893a534249a6c8144c019c39f8_magnanni.logo-2x.jpg&v=3&w=196&s=WGKUmQwRFk179CYiN1HyMaBQ HTTP/1.1
Host: pix.eu.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.eu.criteo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=29144639
expires: Thu, 22 Feb 2024 19:16:23 GMT
date: Wed, 22 Mar 2023 11:32:23 GMT
server: Finatra
cross-origin-resource-policy: cross-origin
content-length: 1246
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
content-type: image/webp
timing-allow-origin: *
vary: Origin
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=49287&q=80&r=0&u=https%3A%2F%2Fwww.fluevog.com%2Fcode%2Ffiles%2Fcolour_image%2F0000024488%2Fretina_detail.jpg&v=3&w=800&s=0u1hCuEelHD_3qDjvsQ85cpo&b=800
178.250.1.14200 OK 29 kB URL HTTP/2 pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=49287&q=80&r=0&u=https%3A%2F%2Fwww.fluevog.com%2Fcode%2Ffiles%2Fcolour_image%2F0000024488%2Fretina_detail.jpg&v=3&w=800&s=0u1hCuEelHD_3qDjvsQ85cpo&b=800
IP 178.250.1.14:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 800x554, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 7d183cbece2c95e52b9f6c1e55f4f7b5
a14fbfff03247776e9260d258eaca820a8a642c4
de4e3efdfb6ca9953156652762b1dbf1d43afc48822493be0f63e13687c21b61
GET /img/img?c=3&cq=256&h=800&m=0&partner=49287&q=80&r=0&u=https%3A%2F%2Fwww.fluevog.com%2Fcode%2Ffiles%2Fcolour_image%2F0000024488%2Fretina_detail.jpg&v=3&w=800&s=0u1hCuEelHD_3qDjvsQ85cpo&b=800 HTTP/1.1
Host: pix.eu.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.eu.criteo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, max-age=636686
expires: Wed, 29 Mar 2023 20:23:50 GMT
date: Wed, 22 Mar 2023 11:32:23 GMT
server: Finatra
cross-origin-resource-policy: cross-origin
content-length: 29258
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
content-type: image/webp
timing-allow-origin: *
vary: Origin
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=49287&q=80&r=0&u=https%3A%2F%2Fwww.fluevog.com%2Fcode%2Ffiles%2Fcolour_image%2F0000023823%2Fretina_detail.jpg&v=3&w=800&s=LBJ2E2U6QDgkVnjJGkIKHKJX&b=800
178.250.1.14200 OK 25 kB URL HTTP/2 pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=49287&q=80&r=0&u=https%3A%2F%2Fwww.fluevog.com%2Fcode%2Ffiles%2Fcolour_image%2F0000023823%2Fretina_detail.jpg&v=3&w=800&s=LBJ2E2U6QDgkVnjJGkIKHKJX&b=800
IP 178.250.1.14:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 800x605, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 6e574a33bef8285f2c3e41210604f65b
b17edb53cccd7452efcdbd17b1868ba0e2999fe2
50ad571d1eb73d8d0c5bbd2cbd786393466294e87f10a87fb391c10769e4864a
GET /img/img?c=3&cq=256&h=800&m=0&partner=49287&q=80&r=0&u=https%3A%2F%2Fwww.fluevog.com%2Fcode%2Ffiles%2Fcolour_image%2F0000023823%2Fretina_detail.jpg&v=3&w=800&s=LBJ2E2U6QDgkVnjJGkIKHKJX&b=800 HTTP/1.1
Host: pix.eu.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.eu.criteo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, max-age=636720
expires: Wed, 29 Mar 2023 20:24:24 GMT
date: Wed, 22 Mar 2023 11:32:23 GMT
server: Finatra
cross-origin-resource-policy: cross-origin
content-length: 24830
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
content-type: image/webp
timing-allow-origin: *
vary: Origin
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=97215&q=80&r=0&u=https%3A%2F%2Feu.magnanni.com%2Fmedia%2Fcatalog%2Fproduct%2F0%2F0%2F004462_1_dress-sock_red_sock_magnanni_front_1.jpg&v=3&w=800&s=X71uyZuWFJI6Cxs0OMsCpPIo&b=1200
178.250.1.14200 OK 18 kB URL HTTP/2 pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=97215&q=80&r=0&u=https%3A%2F%2Feu.magnanni.com%2Fmedia%2Fcatalog%2Fproduct%2F0%2F0%2F004462_1_dress-sock_red_sock_magnanni_front_1.jpg&v=3&w=800&s=X71uyZuWFJI6Cxs0OMsCpPIo&b=1200
IP 178.250.1.14:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 987x1200, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash fecd4aec96e5b57d5e932cd9e7dd85a0
b599ec657cbc1d279b3dacc2fc25b2393b6f9c0e
08772774e17c8583725acec5b52b71cc6d7ab27604354a89eeb727327bb7c30a
GET /img/img?c=3&cq=256&h=800&m=0&partner=97215&q=80&r=0&u=https%3A%2F%2Feu.magnanni.com%2Fmedia%2Fcatalog%2Fproduct%2F0%2F0%2F004462_1_dress-sock_red_sock_magnanni_front_1.jpg&v=3&w=800&s=X71uyZuWFJI6Cxs0OMsCpPIo&b=1200 HTTP/1.1
Host: pix.eu.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.eu.criteo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=30270436
expires: Wed, 06 Mar 2024 19:59:40 GMT
date: Wed, 22 Mar 2023 11:32:23 GMT
server: Finatra
cross-origin-resource-policy: cross-origin
content-length: 18384
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
content-type: image/webp
timing-allow-origin: *
vary: Origin
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
static.criteo.net/design/googlefont/nunitosans/nunitosans-700-latin.woff2
178.250.1.3200 OK 17 kB URL HTTP/2 static.criteo.net/design/googlefont/nunitosans/nunitosans-700-latin.woff2
IP 178.250.1.3:0
File type Web Open Font Format (Version 2), TrueType, length 17116, version 1.0\012- data
Hash bcf3a3fb620dfbee774f84e2c8e71530
40a79d240acdd7e5a95e165515ac7c0958a37971
280aaa8929329764ac3213ca093c63505cfcc665347939c79905c426d33867c5
GET /design/googlefont/nunitosans/nunitosans-700-latin.woff2 HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ads.eu.criteo.com
Connection: keep-alive
Referer: https://static.criteo.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 22 Mar 2023 11:32:24 GMT
content-type: text/plain; charset=UTF-8
content-length: 17116
last-modified: Thu, 08 Dec 2022 14:10:50 GMT
etag: "6391f06a-42dc"
expires: Sat, 16 Mar 2024 11:32:24 GMT
cache-control: max-age=31104000, public
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
accept-ranges: bytes
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=49287&q=80&r=0&u=https%3A%2F%2Fwww.fluevog.com%2Fcode%2Ffiles%2Fcolour_image%2F0000024074%2Fretina_detail.jpg&v=3&w=800&s=YzhLEd6pGA3EHjtiilLeZW9b&b=800
178.250.1.14200 OK 51 kB URL HTTP/2 pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=49287&q=80&r=0&u=https%3A%2F%2Fwww.fluevog.com%2Fcode%2Ffiles%2Fcolour_image%2F0000024074%2Fretina_detail.jpg&v=3&w=800&s=YzhLEd6pGA3EHjtiilLeZW9b&b=800
IP 178.250.1.14:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 800x623, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash da7044a5884799fd59cd6fac01b15c2b
8cbb8d721a3281558a3995bea732014f10ac672f
8e52a1465a36493b0e497117019d1d53b5e299051364eebe26bdf6e53b31b4a9
GET /img/img?c=3&cq=256&h=800&m=0&partner=49287&q=80&r=0&u=https%3A%2F%2Fwww.fluevog.com%2Fcode%2Ffiles%2Fcolour_image%2F0000024074%2Fretina_detail.jpg&v=3&w=800&s=YzhLEd6pGA3EHjtiilLeZW9b&b=800 HTTP/1.1
Host: pix.eu.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.eu.criteo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=636758
expires: Wed, 29 Mar 2023 20:25:02 GMT
date: Wed, 22 Mar 2023 11:32:23 GMT
server: Finatra
cross-origin-resource-policy: cross-origin
content-length: 51204
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
content-type: image/webp
timing-allow-origin: *
vary: Origin
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=49287&q=80&r=0&u=https%3A%2F%2Fwww.fluevog.com%2Fcode%2Ffiles%2Fcolour_image%2F0000025998%2Fretina_detail.jpg&v=3&w=800&s=m_DcUlwyB5iBKTjHH67uDKT6&b=800
178.250.1.14200 OK 30 kB URL HTTP/2 pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=49287&q=80&r=0&u=https%3A%2F%2Fwww.fluevog.com%2Fcode%2Ffiles%2Fcolour_image%2F0000025998%2Fretina_detail.jpg&v=3&w=800&s=m_DcUlwyB5iBKTjHH67uDKT6&b=800
IP 178.250.1.14:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 800x557, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash c1b7e6ccb462172ded2c0442ee339373
85987768928000270efc00dbe4128353bd4f2225
b517e2951e8caaf24106f4187b6c15d6feec802b84f57b259c98b9a58a03bc56
GET /img/img?c=3&cq=256&h=800&m=0&partner=49287&q=80&r=0&u=https%3A%2F%2Fwww.fluevog.com%2Fcode%2Ffiles%2Fcolour_image%2F0000025998%2Fretina_detail.jpg&v=3&w=800&s=m_DcUlwyB5iBKTjHH67uDKT6&b=800 HTTP/1.1
Host: pix.eu.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.eu.criteo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, max-age=636741
expires: Wed, 29 Mar 2023 20:24:45 GMT
date: Wed, 22 Mar 2023 11:32:23 GMT
server: Finatra
cross-origin-resource-policy: cross-origin
content-length: 30536
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
content-type: image/webp
timing-allow-origin: *
vary: Origin
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
pix.eu.criteo.net/img/img?h=556&m=0&partner=49287&q=80&r=0&u=http%3A%2F%2Fstatic.fr.eu.criteo.net%2Fdesign%2Fdt%2F49287%2F230130%2Fede4584bbefd4e0fb9981737681ebfe8_logo_n_vertical.png&v=3&w=196&s=oj-uNXG_XhWQl9WlZqIzzo_L
178.250.1.14200 OK 31 kB URL HTTP/2 pix.eu.criteo.net/img/img?h=556&m=0&partner=49287&q=80&r=0&u=http%3A%2F%2Fstatic.fr.eu.criteo.net%2Fdesign%2Fdt%2F49287%2F230130%2Fede4584bbefd4e0fb9981737681ebfe8_logo_n_vertical.png&v=3&w=196&s=oj-uNXG_XhWQl9WlZqIzzo_L
IP 178.250.1.14:0
File type PNG image data, 196 x 186, 8-bit/color RGBA, non-interlaced\012- data
Hash bafe427038e32311e25f71367cd745cc
9e58a232d3315d0f8d80d5dbebc8e7fe278f6511
78c5eae1ef5ba20f73f0008257a4dfa312a4909f5d0a7dd3d6333d4867108b09
GET /img/img?h=556&m=0&partner=49287&q=80&r=0&u=http%3A%2F%2Fstatic.fr.eu.criteo.net%2Fdesign%2Fdt%2F49287%2F230130%2Fede4584bbefd4e0fb9981737681ebfe8_logo_n_vertical.png&v=3&w=196&s=oj-uNXG_XhWQl9WlZqIzzo_L HTTP/1.1
Host: pix.eu.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.eu.criteo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, max-age=30755164
expires: Tue, 12 Mar 2024 10:38:28 GMT
date: Wed, 22 Mar 2023 11:32:23 GMT
server: Finatra
cross-origin-resource-policy: cross-origin
content-length: 31123
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
content-type: image/png
timing-allow-origin: *
vary: Origin
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
static.criteo.net/design/googlefont/nunitosans/nunitosans-400-latin.woff2
178.250.1.3200 OK 17 kB URL HTTP/2 static.criteo.net/design/googlefont/nunitosans/nunitosans-400-latin.woff2
IP 178.250.1.3:0
File type Web Open Font Format (Version 2), TrueType, length 16980, version 1.0\012- data
Hash 8a97f720d330e75ccdbda9ae0e9f5e90
8e4fee916581ab48d385187705667cebc7500afe
97d5a594e7f76c7e50045b67667fd6b74b268515efe6425097be1b2647079787
GET /design/googlefont/nunitosans/nunitosans-400-latin.woff2 HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ads.eu.criteo.com
Connection: keep-alive
Referer: https://static.criteo.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 22 Mar 2023 11:32:24 GMT
content-type: text/plain; charset=UTF-8
content-length: 16980
last-modified: Thu, 08 Dec 2022 14:10:49 GMT
etag: "6391f069-4254"
expires: Sat, 16 Mar 2024 11:32:24 GMT
cache-control: max-age=31104000, public
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
accept-ranges: bytes
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=49287&q=80&r=0&u=https%3A%2F%2Fwww.fluevog.com%2Fcode%2Ffiles%2Fcolour_image%2F0000025145%2Fretina_detail.jpg&v=3&w=800&s=VD4htcB6DVK_fb0Iy89RpZZf&b=800
178.250.1.14200 OK 39 kB URL HTTP/2 pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=49287&q=80&r=0&u=https%3A%2F%2Fwww.fluevog.com%2Fcode%2Ffiles%2Fcolour_image%2F0000025145%2Fretina_detail.jpg&v=3&w=800&s=VD4htcB6DVK_fb0Iy89RpZZf&b=800
IP 178.250.1.14:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 800x654, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash c09a4ddad83d22322963d0595eda8d6b
f03d0c1cb3b7c4fe14fa609fb2823f06aea86edd
b0895088f7061922fb5d59d083432e9bd7c0d8e796b68da7e4023ebc94b361d5
GET /img/img?c=3&cq=256&h=800&m=0&partner=49287&q=80&r=0&u=https%3A%2F%2Fwww.fluevog.com%2Fcode%2Ffiles%2Fcolour_image%2F0000025145%2Fretina_detail.jpg&v=3&w=800&s=VD4htcB6DVK_fb0Iy89RpZZf&b=800 HTTP/1.1
Host: pix.eu.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.eu.criteo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=636691
expires: Wed, 29 Mar 2023 20:23:55 GMT
date: Wed, 22 Mar 2023 11:32:23 GMT
server: Finatra
cross-origin-resource-policy: cross-origin
content-length: 38844
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
content-type: image/webp
timing-allow-origin: *
vary: Origin
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=49287&q=80&r=0&u=https%3A%2F%2Fwww.fluevog.com%2Fcode%2Ffiles%2Fcolour_image%2F0000020896%2Fretina_detail.jpg&v=3&w=800&s=lp9WRzefHeRHVGOPQOjz2Zjn&b=800
178.250.1.14200 OK 56 kB URL HTTP/2 pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=49287&q=80&r=0&u=https%3A%2F%2Fwww.fluevog.com%2Fcode%2Ffiles%2Fcolour_image%2F0000020896%2Fretina_detail.jpg&v=3&w=800&s=lp9WRzefHeRHVGOPQOjz2Zjn&b=800
IP 178.250.1.14:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 800x671, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash bc68ca405eb21dcc7f76923244330b0e
eb0d103d8db5821298e145c5ed49efdd1df98fd6
2a486f96085ef66263399fef0ca0f673fd4e30e87997fc8aca312e58b681354c
GET /img/img?c=3&cq=256&h=800&m=0&partner=49287&q=80&r=0&u=https%3A%2F%2Fwww.fluevog.com%2Fcode%2Ffiles%2Fcolour_image%2F0000020896%2Fretina_detail.jpg&v=3&w=800&s=lp9WRzefHeRHVGOPQOjz2Zjn&b=800 HTTP/1.1
Host: pix.eu.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.eu.criteo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, max-age=636667
expires: Wed, 29 Mar 2023 20:23:31 GMT
date: Wed, 22 Mar 2023 11:32:23 GMT
server: Finatra
cross-origin-resource-policy: cross-origin
content-length: 55928
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
content-type: image/webp
timing-allow-origin: *
vary: Origin
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=49287&q=80&r=0&u=https%3A%2F%2Fwww.fluevog.com%2Fcode%2Ffiles%2Fcolour_image%2F0000024788%2Fretina_detail.jpg&v=3&w=800&s=mAifKYp3Q6BneLDckFZjqORA&b=800
178.250.1.14200 OK 78 kB URL HTTP/2 pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=49287&q=80&r=0&u=https%3A%2F%2Fwww.fluevog.com%2Fcode%2Ffiles%2Fcolour_image%2F0000024788%2Fretina_detail.jpg&v=3&w=800&s=mAifKYp3Q6BneLDckFZjqORA&b=800
IP 178.250.1.14:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 800x588, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 4cd3f9bdbdb2d83d680d0fe6b72aa9ed
0194d0592be20df32971758c4494d18ecad2a8e3
ddf8fee2537d0169c92fc62678bd95ba8bf8423c43283948d40ea861d919e39a
GET /img/img?c=3&cq=256&h=800&m=0&partner=49287&q=80&r=0&u=https%3A%2F%2Fwww.fluevog.com%2Fcode%2Ffiles%2Fcolour_image%2F0000024788%2Fretina_detail.jpg&v=3&w=800&s=mAifKYp3Q6BneLDckFZjqORA&b=800 HTTP/1.1
Host: pix.eu.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.eu.criteo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=636685
expires: Wed, 29 Mar 2023 20:23:49 GMT
date: Wed, 22 Mar 2023 11:32:23 GMT
server: Finatra
cross-origin-resource-policy: cross-origin
content-length: 78518
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
content-type: image/webp
timing-allow-origin: *
vary: Origin
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
static.criteo.net/flash/icon/adchoices_en.svg
178.250.1.3200 OK 5.6 kB URL HTTP/2 static.criteo.net/flash/icon/adchoices_en.svg
IP 178.250.1.3:0
Hash ddd18febee7e3af645ee2a78baea0c1b
7c8c4a1641dd5f1bea24278122e2a7423900c493
097b1788514bdb6a23ba5478bf115c4d8024ecfb25cd0150df6871d5a0be3cec
GET /flash/icon/adchoices_en.svg HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.eu.criteo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 22 Mar 2023 11:32:23 GMT
content-type: image/svg+xml
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
etag: W/"5e42b9ee-759"
expires: Sat, 16 Mar 2024 11:32:23 GMT
cache-control: max-age=31104000, public
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
adservice.google.no/adsid/integrator.js?domain=sfile.mobi
216.58.207.194200 OK 100 B URL HTTP/2 adservice.google.no/adsid/integrator.js?domain=sfile.mobi
IP 216.58.207.194:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=sfile.mobi HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sfile.mobi/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Wed, 22 Mar 2023 11:32:24 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
static.criteo.net/flash/icon/privacy_small.svg
178.250.1.3200 OK 947 B URL HTTP/2 static.criteo.net/flash/icon/privacy_small.svg
IP 178.250.1.3:0
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (1397)
Hash fbfc432630ade396cef4b2ebd6c931ea
579b9155027a4c95fee33001d6e2cc209feab4c4
0cc5ac7cd37e8ea85f549c8c648c1505385554a69c8457f286301825545b1789
GET /flash/icon/privacy_small.svg HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.eu.criteo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 22 Mar 2023 11:32:23 GMT
content-type: image/svg+xml
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
etag: W/"5e42ba84-6aa"
expires: Sat, 16 Mar 2024 11:32:23 GMT
cache-control: max-age=31104000, public
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
rtb.fr.eu.criteo.com/google/auction/notify?profile=14&payload=kMHHFbOzWe0HfJ2DYgICAAAAx6HvmjvYVRAQRucaZCPlSpzJJ9A0uqUAABIAAAoOQVFVQkJRWURCUUVCQlE&wp=ZBrnRwABkXoKwkRhAAPJP3osynVqaKjAZV_0Hw
178.250.0.129200 OK 0 B URL HTTP/2 rtb.fr.eu.criteo.com/google/auction/notify?profile=14&payload=kMHHFbOzWe0HfJ2DYgICAAAAx6HvmjvYVRAQRucaZCPlSpzJJ9A0uqUAABIAAAoOQVFVQkJRWURCUUVCQlE&wp=ZBrnRwABkXoKwkRhAAPJP3osynVqaKjAZV_0Hw
IP 178.250.0.129:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /google/auction/notify?profile=14&payload=kMHHFbOzWe0HfJ2DYgICAAAAx6HvmjvYVRAQRucaZCPlSpzJJ9A0uqUAABIAAAoOQVFVQkJRWURCUUVCQlE&wp=ZBrnRwABkXoKwkRhAAPJP3osynVqaKjAZV_0Hw HTTP/1.1
Host: rtb.fr.eu.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server-processing-duration-in-ticks: 266602
date: Wed, 22 Mar 2023 11:32:24 GMT
server: Kestrel
content-length: 0
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
csm.eu.criteo.net/all?cppv=3&cpp=OCe7mP66QQgE_wbkCz9LNQ08pfMMckYnFqKn8Rsx6shuvCbg_U3Er-LqFlpR2xC5zB-WN_eGtRh3jDCw0n9YQEA0npJAMJYWZ0b6SfiEHwd7V2BpNqaredYuvubxmjIfasO4vupZLJdWuaZTJkZqIMKXARZt_k-rbPArV7NMz2nkNOA7fS7ivie8wPW7TqcCuZ66-eydIQKpJ6b0dSUN3DSOP6DktqsK-gXfUwPB9qmQuydE5sRA1exitYSPZgaK7PfDSg&sds=2&rev=85392&sendBeacon=true
178.250.0.162200 OK 0 B URL HTTP/2 csm.eu.criteo.net/all?cppv=3&cpp=OCe7mP66QQgE_wbkCz9LNQ08pfMMckYnFqKn8Rsx6shuvCbg_U3Er-LqFlpR2xC5zB-WN_eGtRh3jDCw0n9YQEA0npJAMJYWZ0b6SfiEHwd7V2BpNqaredYuvubxmjIfasO4vupZLJdWuaZTJkZqIMKXARZt_k-rbPArV7NMz2nkNOA7fS7ivie8wPW7TqcCuZ66-eydIQKpJ6b0dSUN3DSOP6DktqsK-gXfUwPB9qmQuydE5sRA1exitYSPZgaK7PfDSg&sds=2&rev=85392&sendBeacon=true
IP 178.250.0.162:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /all?cppv=3&cpp=OCe7mP66QQgE_wbkCz9LNQ08pfMMckYnFqKn8Rsx6shuvCbg_U3Er-LqFlpR2xC5zB-WN_eGtRh3jDCw0n9YQEA0npJAMJYWZ0b6SfiEHwd7V2BpNqaredYuvubxmjIfasO4vupZLJdWuaZTJkZqIMKXARZt_k-rbPArV7NMz2nkNOA7fS7ivie8wPW7TqcCuZ66-eydIQKpJ6b0dSUN3DSOP6DktqsK-gXfUwPB9qmQuydE5sRA1exitYSPZgaK7PfDSg&sds=2&rev=85392&sendBeacon=true HTTP/1.1
Host: csm.eu.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 35
Origin: https://ads.eu.criteo.com
Connection: keep-alive
Referer: https://ads.eu.criteo.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 22 Mar 2023 11:32:24 GMT
server: Finatra
content-length: 0
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
static.criteo.net/animejs/animejs.js
178.250.1.3200 OK 6.2 kB URL HTTP/2 static.criteo.net/animejs/animejs.js
IP 178.250.1.3:0
File type ASCII text, with very long lines (12691)
Hash fe1b9089e233c335337a95a43ff24bec
841023f937dcb2ea662b982b990cf6086f31f404
85165f3ce50d8134911350c36b20dbe556ac6c9fe829f5baaf68afac195556d3
GET /animejs/animejs.js HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.eu.criteo.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 22 Mar 2023 11:32:23 GMT
content-type: text/javascript
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
etag: W/"5c9a64eb-3181"
expires: Sat, 16 Mar 2024 11:32:23 GMT
cache-control: max-age=31104000, public
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
pix.eu.criteo.net/img/img?m=0&partner=101628&q=80&r=0&u=http%3A%2F%2Fstatic.fr.eu.criteo.net%2Fdesign%2Fdt%2F101628%2F230207%2F31715631c881408187088b7f7a9c8786_08-amt-summer-camp-criteo-ad_horizontal02-2x.jpg&v=3&s=MK0bLovD1ZqwINipZY5Wo_ug
178.250.1.14200 OK 93 kB URL HTTP/2 pix.eu.criteo.net/img/img?m=0&partner=101628&q=80&r=0&u=http%3A%2F%2Fstatic.fr.eu.criteo.net%2Fdesign%2Fdt%2F101628%2F230207%2F31715631c881408187088b7f7a9c8786_08-amt-summer-camp-criteo-ad_horizontal02-2x.jpg&v=3&s=MK0bLovD1ZqwINipZY5Wo_ug
IP 178.250.1.14:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1200x628, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash f05a4c60919c3d68b6106788f20ee4c4
71a646bfe464a2e578065604f1bf69bcab22ea61
3dd17d0cb9832353d5eff9692eb7b35428afb07224dc8d8232a15d74b0071937
GET /img/img?m=0&partner=101628&q=80&r=0&u=http%3A%2F%2Fstatic.fr.eu.criteo.net%2Fdesign%2Fdt%2F101628%2F230207%2F31715631c881408187088b7f7a9c8786_08-amt-summer-camp-criteo-ad_horizontal02-2x.jpg&v=3&s=MK0bLovD1ZqwINipZY5Wo_ug HTTP/1.1
Host: pix.eu.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.eu.criteo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=30615111
expires: Sun, 10 Mar 2024 19:44:15 GMT
date: Wed, 22 Mar 2023 11:32:24 GMT
server: Finatra
cross-origin-resource-policy: cross-origin
content-length: 92958
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
content-type: image/webp
timing-allow-origin: *
vary: Origin
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
static.criteo.net/design/googlefont/lato/lato-400.css
178.250.1.3200 OK 32 kB URL HTTP/2 static.criteo.net/design/googlefont/lato/lato-400.css
IP 178.250.1.3:0
Hash c5702012ce68c52c9a19e9af47072ed5
973a9605f4573c7c610baa65d150b195a539f2e4
d55f3e6d1f2342d1f28dbcee85fa051f24f730abf149d4ff9f4fb095a9e36901
GET /design/googlefont/lato/lato-400.css HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.eu.criteo.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 22 Mar 2023 11:32:24 GMT
content-type: text/css
last-modified: Thu, 08 Dec 2022 14:04:37 GMT
etag: W/"6391eef5-2aa"
expires: Sat, 16 Mar 2024 11:32:24 GMT
cache-control: max-age=31104000, public
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
accept-ranges: bytes
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
pix.eu.criteo.net/img/img?m=0&partner=101628&q=80&r=0&u=http%3A%2F%2Fstatic.fr.eu.criteo.net%2Fdesign%2Fdt%2F101628%2F230207%2F76e9c8c741814172ba76955df8d26f20_01-amt-summer-camp-criteo-ad_horizontal02-2x.jpg&v=3&s=Dv3ChdkdtsrlMbB032AS-FpZ
178.250.1.14200 OK 89 kB URL HTTP/2 pix.eu.criteo.net/img/img?m=0&partner=101628&q=80&r=0&u=http%3A%2F%2Fstatic.fr.eu.criteo.net%2Fdesign%2Fdt%2F101628%2F230207%2F76e9c8c741814172ba76955df8d26f20_01-amt-summer-camp-criteo-ad_horizontal02-2x.jpg&v=3&s=Dv3ChdkdtsrlMbB032AS-FpZ
IP 178.250.1.14:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1200x628, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 5a40e2e6b6fe795d31af9fddd40bf5ac
13447c5ae6d58957d9270d4c06c29ebf9f00d38f
f1da99ba57477cdf34627367aa46c2331e86151484ef68b4301abb999eba23a6
GET /img/img?m=0&partner=101628&q=80&r=0&u=http%3A%2F%2Fstatic.fr.eu.criteo.net%2Fdesign%2Fdt%2F101628%2F230207%2F76e9c8c741814172ba76955df8d26f20_01-amt-summer-camp-criteo-ad_horizontal02-2x.jpg&v=3&s=Dv3ChdkdtsrlMbB032AS-FpZ HTTP/1.1
Host: pix.eu.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.eu.criteo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=30335788
expires: Thu, 07 Mar 2024 14:08:53 GMT
date: Wed, 22 Mar 2023 11:32:24 GMT
server: Finatra
cross-origin-resource-policy: cross-origin
content-length: 89178
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
content-type: image/webp
timing-allow-origin: *
vary: Origin
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
pix.eu.criteo.net/img/img?m=0&partner=101628&q=80&r=0&u=http%3A%2F%2Fstatic.fr.eu.criteo.net%2Fdesign%2Fdt%2F101628%2F230207%2Fa45f3afcc7d842bda318267608b34a10_02-amt-summer-camp-criteo-ad_horizontal02-2x.jpg&v=3&s=tmicpTmxA2kvOlwwrcApBgR4
178.250.1.14200 OK 196 kB URL HTTP/2 pix.eu.criteo.net/img/img?m=0&partner=101628&q=80&r=0&u=http%3A%2F%2Fstatic.fr.eu.criteo.net%2Fdesign%2Fdt%2F101628%2F230207%2Fa45f3afcc7d842bda318267608b34a10_02-amt-summer-camp-criteo-ad_horizontal02-2x.jpg&v=3&s=tmicpTmxA2kvOlwwrcApBgR4
IP 178.250.1.14:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1200x628, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size 196 kB (196188 bytes)
Hash 923423e46b448533f4efb9761c99c656
8bc2013ed417c957e751e70107c7ad5be75b7aca
7dedbcefb9b2703340bef399adf4eac1ad43af14c31eecf156919ed969d678ea
GET /img/img?m=0&partner=101628&q=80&r=0&u=http%3A%2F%2Fstatic.fr.eu.criteo.net%2Fdesign%2Fdt%2F101628%2F230207%2Fa45f3afcc7d842bda318267608b34a10_02-amt-summer-camp-criteo-ad_horizontal02-2x.jpg&v=3&s=tmicpTmxA2kvOlwwrcApBgR4 HTTP/1.1
Host: pix.eu.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.eu.criteo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=30653730
expires: Mon, 11 Mar 2024 06:27:55 GMT
date: Wed, 22 Mar 2023 11:32:24 GMT
server: Finatra
cross-origin-resource-policy: cross-origin
content-length: 196188
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
content-type: image/webp
timing-allow-origin: *
vary: Origin
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
static.criteo.net/design/googlefont/nunitosans/nunitosans-700.css
178.250.1.3200 OK 61 kB URL HTTP/2 static.criteo.net/design/googlefont/nunitosans/nunitosans-700.css
IP 178.250.1.3:0
Hash 2cb32b90a026beaa6effa10ecc50f640
8be8361bb112b07e1871ffd429fcbb33a201113d
66bf7d5194631c8c7ba2caf26cada72b9557f5ce622b5be724b49e146505fd73
GET /design/googlefont/nunitosans/nunitosans-700.css HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.eu.criteo.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 22 Mar 2023 11:32:23 GMT
content-type: text/css
last-modified: Thu, 08 Dec 2022 14:10:50 GMT
etag: W/"6391f06a-67a"
expires: Sat, 16 Mar 2024 11:32:23 GMT
cache-control: max-age=31104000, public
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
pix.eu.criteo.net/img/img?m=0&partner=101628&q=80&r=0&u=http%3A%2F%2Fstatic.fr.eu.criteo.net%2Fdesign%2Fdt%2F101628%2F230207%2Fe20f8b80312e49b3b9dcd6e86a2bdadf_03-amt-summer-camp-criteo-ad_horizontal02-2x.jpg&v=3&s=SoMxftpgY9iibfXLldbZxk7F
178.250.1.14200 OK 87 kB URL HTTP/2 pix.eu.criteo.net/img/img?m=0&partner=101628&q=80&r=0&u=http%3A%2F%2Fstatic.fr.eu.criteo.net%2Fdesign%2Fdt%2F101628%2F230207%2Fe20f8b80312e49b3b9dcd6e86a2bdadf_03-amt-summer-camp-criteo-ad_horizontal02-2x.jpg&v=3&s=SoMxftpgY9iibfXLldbZxk7F
IP 178.250.1.14:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1200x628, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 2b7d59b477b74eb7a226e13ecc842264
1918e29fa956fe3625c9b63fdecdad5994b93083
3f99caaf387f98419e8698cb42873724e717f1321eb08afcb8b3131f02acf9f5
GET /img/img?m=0&partner=101628&q=80&r=0&u=http%3A%2F%2Fstatic.fr.eu.criteo.net%2Fdesign%2Fdt%2F101628%2F230207%2Fe20f8b80312e49b3b9dcd6e86a2bdadf_03-amt-summer-camp-criteo-ad_horizontal02-2x.jpg&v=3&s=SoMxftpgY9iibfXLldbZxk7F HTTP/1.1
Host: pix.eu.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.eu.criteo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=30434068
expires: Fri, 08 Mar 2024 17:26:53 GMT
date: Wed, 22 Mar 2023 11:32:23 GMT
server: Finatra
cross-origin-resource-policy: cross-origin
content-length: 87074
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
content-type: image/webp
timing-allow-origin: *
vary: Origin
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
pix.eu.criteo.net/img/img?m=0&partner=101628&q=80&r=0&u=http%3A%2F%2Fstatic.fr.eu.criteo.net%2Fdesign%2Fdt%2F101628%2F230207%2F412b13f6413947ac81b46c958c1d37fd_09-amt-summer-camp-criteo-ad_horizontal02-2x.jpg&v=3&s=p2KIjdGzQdNpqTkZ8UoeLykV
178.250.1.14200 OK 90 kB URL HTTP/2 pix.eu.criteo.net/img/img?m=0&partner=101628&q=80&r=0&u=http%3A%2F%2Fstatic.fr.eu.criteo.net%2Fdesign%2Fdt%2F101628%2F230207%2F412b13f6413947ac81b46c958c1d37fd_09-amt-summer-camp-criteo-ad_horizontal02-2x.jpg&v=3&s=p2KIjdGzQdNpqTkZ8UoeLykV
IP 178.250.1.14:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1200x628, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 483587a2fe2162321003f61b9a89ed23
d78362dc733fc7e1d9baa724d14c152a37bde775
b1155b0b268311a8152145ebd796044397bb0f952feff629155f400fa70d43e6
GET /img/img?m=0&partner=101628&q=80&r=0&u=http%3A%2F%2Fstatic.fr.eu.criteo.net%2Fdesign%2Fdt%2F101628%2F230207%2F412b13f6413947ac81b46c958c1d37fd_09-amt-summer-camp-criteo-ad_horizontal02-2x.jpg&v=3&s=p2KIjdGzQdNpqTkZ8UoeLykV HTTP/1.1
Host: pix.eu.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.eu.criteo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=30491896
expires: Sat, 09 Mar 2024 09:30:40 GMT
date: Wed, 22 Mar 2023 11:32:24 GMT
server: Finatra
cross-origin-resource-policy: cross-origin
content-length: 90028
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
content-type: image/webp
timing-allow-origin: *
vary: Origin
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
static.criteo.net/design/googlefont/lato/lato-400-latin.woff2
178.250.1.3200 OK 24 kB URL HTTP/2 static.criteo.net/design/googlefont/lato/lato-400-latin.woff2
IP 178.250.1.3:0
File type Web Open Font Format (Version 2), TrueType, length 23580, version 1.0\012- data
Hash e1b3b5908c9cf23dfb2b9c52b9a023ab
fcd4136085f2a03481d9958cc6793a5ed98e714c
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
GET /design/googlefont/lato/lato-400-latin.woff2 HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ads.eu.criteo.com
Connection: keep-alive
Referer: https://static.criteo.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 22 Mar 2023 11:32:24 GMT
content-type: text/plain; charset=UTF-8
content-length: 23580
last-modified: Thu, 08 Dec 2022 14:04:37 GMT
etag: "6391eef5-5c1c"
expires: Sat, 16 Mar 2024 11:32:24 GMT
cache-control: max-age=31104000, public
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
accept-ranges: bytes
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
pix.eu.criteo.net/img/img?m=0&partner=101628&q=80&r=0&u=http%3A%2F%2Fstatic.fr.eu.criteo.net%2Fdesign%2Fdt%2F101628%2F230207%2Fa8295fa1a4ba45ac95653858f0b4f865_07-amt-summer-camp-criteo-ad_horizontal02-2x.jpg&v=3&s=YjKzbxJ1TBQKTSZkU4scNTDg
178.250.1.14200 OK 146 kB URL HTTP/2 pix.eu.criteo.net/img/img?m=0&partner=101628&q=80&r=0&u=http%3A%2F%2Fstatic.fr.eu.criteo.net%2Fdesign%2Fdt%2F101628%2F230207%2Fa8295fa1a4ba45ac95653858f0b4f865_07-amt-summer-camp-criteo-ad_horizontal02-2x.jpg&v=3&s=YjKzbxJ1TBQKTSZkU4scNTDg
IP 178.250.1.14:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1200x628, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size 146 kB (146170 bytes)
Hash 33ca02774165fa1762b724c66585f286
5ed7ff761c7e007ecb91f42937e60fc2ac4f38db
3b19737657ba00258e6cbcfc529eea4c3be5853e2c1deeec7733b40c33489b90
GET /img/img?m=0&partner=101628&q=80&r=0&u=http%3A%2F%2Fstatic.fr.eu.criteo.net%2Fdesign%2Fdt%2F101628%2F230207%2Fa8295fa1a4ba45ac95653858f0b4f865_07-amt-summer-camp-criteo-ad_horizontal02-2x.jpg&v=3&s=YjKzbxJ1TBQKTSZkU4scNTDg HTTP/1.1
Host: pix.eu.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.eu.criteo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=30443812
expires: Fri, 08 Mar 2024 20:09:16 GMT
date: Wed, 22 Mar 2023 11:32:24 GMT
server: Finatra
cross-origin-resource-policy: cross-origin
content-length: 146170
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
content-type: image/webp
timing-allow-origin: *
vary: Origin
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
pix.eu.criteo.net/img/img?m=0&partner=101628&q=80&r=0&u=http%3A%2F%2Fstatic.fr.eu.criteo.net%2Fdesign%2Fdt%2F101628%2F230207%2F5b8b82e72549427fa3743caed9ce710e_05-amt-summer-camp-criteo-ad_horizontal02-2x.jpg&v=3&s=ftRYyxMgm0vcCdCXJpOSYbtB
178.250.1.14200 OK 169 kB URL HTTP/2 pix.eu.criteo.net/img/img?m=0&partner=101628&q=80&r=0&u=http%3A%2F%2Fstatic.fr.eu.criteo.net%2Fdesign%2Fdt%2F101628%2F230207%2F5b8b82e72549427fa3743caed9ce710e_05-amt-summer-camp-criteo-ad_horizontal02-2x.jpg&v=3&s=ftRYyxMgm0vcCdCXJpOSYbtB
IP 178.250.1.14:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1200x628, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size 169 kB (169170 bytes)
Hash 82db8938a1d123108535d12c6351c642
24975d69ecb7df328f7d434aae80699de7fc5c76
2ac84ed499279856b3b49f18418fd282aa0054dbb17018403a1afc3a552ed11f
GET /img/img?m=0&partner=101628&q=80&r=0&u=http%3A%2F%2Fstatic.fr.eu.criteo.net%2Fdesign%2Fdt%2F101628%2F230207%2F5b8b82e72549427fa3743caed9ce710e_05-amt-summer-camp-criteo-ad_horizontal02-2x.jpg&v=3&s=ftRYyxMgm0vcCdCXJpOSYbtB HTTP/1.1
Host: pix.eu.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.eu.criteo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=30524814
expires: Sat, 09 Mar 2024 18:39:18 GMT
date: Wed, 22 Mar 2023 11:32:24 GMT
server: Finatra
cross-origin-resource-policy: cross-origin
content-length: 169170
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
content-type: image/webp
timing-allow-origin: *
vary: Origin
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
pix.eu.criteo.net/img/img?m=0&partner=101628&q=80&r=0&u=http%3A%2F%2Fstatic.fr.eu.criteo.net%2Fdesign%2Fdt%2F101628%2F230207%2Fc9e00742283e4fe78994b7505df1fd14_06-amt-summer-camp-criteo-ad_horizontal02-2x.jpg&v=3&s=vZpylKcUZQUvjGDySkfgPWOH
178.250.1.14200 OK 81 kB URL HTTP/2 pix.eu.criteo.net/img/img?m=0&partner=101628&q=80&r=0&u=http%3A%2F%2Fstatic.fr.eu.criteo.net%2Fdesign%2Fdt%2F101628%2F230207%2Fc9e00742283e4fe78994b7505df1fd14_06-amt-summer-camp-criteo-ad_horizontal02-2x.jpg&v=3&s=vZpylKcUZQUvjGDySkfgPWOH
IP 178.250.1.14:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1200x628, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash b06658b413fbc7cfa63cf42d5aeb519c
4fd65ad0abda7b589bdbb6847e217ae1d5e93fe0
1cf511e55c4b4bfb7f852e66bbac7196f48aef11aa33939265b614524dbe1aee
GET /img/img?m=0&partner=101628&q=80&r=0&u=http%3A%2F%2Fstatic.fr.eu.criteo.net%2Fdesign%2Fdt%2F101628%2F230207%2Fc9e00742283e4fe78994b7505df1fd14_06-amt-summer-camp-criteo-ad_horizontal02-2x.jpg&v=3&s=vZpylKcUZQUvjGDySkfgPWOH HTTP/1.1
Host: pix.eu.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.eu.criteo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=30429087
expires: Fri, 08 Mar 2024 16:03:52 GMT
date: Wed, 22 Mar 2023 11:32:23 GMT
server: Finatra
cross-origin-resource-policy: cross-origin
content-length: 81308
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
content-type: image/webp
timing-allow-origin: *
vary: Origin
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230320&st=env
142.250.74.66200 OK 11 kB URL HTTP/2 pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230320&st=env
IP 142.250.74.66:0
File type JSON data\012- , ASCII text, with very long lines (14898), with no line terminators
Hash c4b78b45d14d53278453dd8749a69d8a
f9c040715e475b7ac25635ec9bcceb4c6c775eee
eeb77298304bbde3dd0b99b13ddb5c56cc84dc7fbec7408119c1058ee26d25b7
GET /getconfig/sodar?sv=200&tid=gda&tv=r20230320&st=env HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://sfile.mobi
Connection: keep-alive
Referer: https://sfile.mobi/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-type: application/json; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
date: Wed, 22 Mar 2023 11:32:24 GMT
server: cafe
content-length: 11237
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash d8076782b7586aea6d69480d5434652e
6bd6f10f27f62711c6783bc8b5ea72cb74622e2f
ab660e165b0044aa0ca16ab2a42ac38a1922a24a6ae6e879d4e3e1e9c19822c2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 22 Mar 2023 11:32:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/recaptcha/api2/aframe
142.250.74.164200 OK 514 B URL HTTP/2 www.google.com/recaptcha/api2/aframe
IP 142.250.74.164:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (783), with no line terminators
Hash c8517a353dc282adc91693fc468c9f15
e8e02c7d8c2fedd756145b49574dc44081d2ff58
de57b795b8944af3a478e540418a95727be22f34066a0aac1319a53a1f3ff8c3
GET /recaptcha/api2/aframe HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sfile.mobi/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Wed, 22 Mar 2023 11:32:25 GMT
date: Wed, 22 Mar 2023 11:32:25 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'nonce-aXNe6zN16LqTJK5muNRyhQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 514
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
csm.eu.criteo.net/all?cppv=3&cpp=FSPEI_66QQgE_wbk_amkCaKRoyC3mmQch8f9L4KmfKEb0AZ4xKuV9IHDoHncEuv73xWRbDek5jvV5X8vdHsIQ86xJ-bQiLycyTul450dt0YFQsp-4VLPtM-pZcMk9ZOoF3foyBtSzzO6d9L4qB9AGot9FDgj9X-wASFGGXyHYpikjJe0cBarYa4IaHUR9o71nDFlg8zJYS4Nm153NysgGJQHd3PIJY1mM5fxvAGHbbzujZ8knxDh_5O6Ioo&sds=2&rev=85392&sendBeacon=true
178.250.0.162200 OK 0 B URL HTTP/2 csm.eu.criteo.net/all?cppv=3&cpp=FSPEI_66QQgE_wbk_amkCaKRoyC3mmQch8f9L4KmfKEb0AZ4xKuV9IHDoHncEuv73xWRbDek5jvV5X8vdHsIQ86xJ-bQiLycyTul450dt0YFQsp-4VLPtM-pZcMk9ZOoF3foyBtSzzO6d9L4qB9AGot9FDgj9X-wASFGGXyHYpikjJe0cBarYa4IaHUR9o71nDFlg8zJYS4Nm153NysgGJQHd3PIJY1mM5fxvAGHbbzujZ8knxDh_5O6Ioo&sds=2&rev=85392&sendBeacon=true
IP 178.250.0.162:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /all?cppv=3&cpp=FSPEI_66QQgE_wbk_amkCaKRoyC3mmQch8f9L4KmfKEb0AZ4xKuV9IHDoHncEuv73xWRbDek5jvV5X8vdHsIQ86xJ-bQiLycyTul450dt0YFQsp-4VLPtM-pZcMk9ZOoF3foyBtSzzO6d9L4qB9AGot9FDgj9X-wASFGGXyHYpikjJe0cBarYa4IaHUR9o71nDFlg8zJYS4Nm153NysgGJQHd3PIJY1mM5fxvAGHbbzujZ8knxDh_5O6Ioo&sds=2&rev=85392&sendBeacon=true HTTP/1.1
Host: csm.eu.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 35
Origin: https://ads.eu.criteo.com
Connection: keep-alive
Referer: https://ads.eu.criteo.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 22 Mar 2023 11:32:25 GMT
server: Finatra
content-length: 0
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstAsbtplP4vrW8Gx2iLgCbCz0UxsRv-b5oomc3rqLbKfwIJT4XDdsrDlXFXITsmUanay18f8ntaols-NpznApp6fWQ&sig=Cg0ArKJSzKWXKVESDPhtEAE&id=lidar2&mcvt=1008&p=0,0,280,980&mtos=1008,1008,1008,1008,1008&tos=1008,0,0,0,0&v=20230320&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=878858194&rs=2&la=1&cr=0&vs=4&r=v&rst=1679484748426&rpt=1195&met=ie&wmsd=0&pbe=0&vae=0&spb=0
142.250.74.66200 OK 42 B URL HTTP/2 pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstAsbtplP4vrW8Gx2iLgCbCz0UxsRv-b5oomc3rqLbKfwIJT4XDdsrDlXFXITsmUanay18f8ntaols-NpznApp6fWQ&sig=Cg0ArKJSzKWXKVESDPhtEAE&id=lidar2&mcvt=1008&p=0,0,280,980&mtos=1008,1008,1008,1008,1008&tos=1008,0,0,0,0&v=20230320&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=878858194&rs=2&la=1&cr=0&vs=4&r=v&rst=1679484748426&rpt=1195&met=ie&wmsd=0&pbe=0&vae=0&spb=0
IP 142.250.74.66:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pcs/activeview?xai=AKAOjstAsbtplP4vrW8Gx2iLgCbCz0UxsRv-b5oomc3rqLbKfwIJT4XDdsrDlXFXITsmUanay18f8ntaols-NpznApp6fWQ&sig=Cg0ArKJSzKWXKVESDPhtEAE&id=lidar2&mcvt=1008&p=0,0,280,980&mtos=1008,1008,1008,1008,1008&tos=1008,0,0,0,0&v=20230320&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=878858194&rs=2&la=1&cr=0&vs=4&r=v&rst=1679484748426&rpt=1195&met=ie&wmsd=0&pbe=0&vae=0&spb=0 HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://googleads.g.doubleclick.net/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-type: image/gif
date: Wed, 22 Mar 2023 11:32:25 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst_mga5JkVoIOblsW3oD6PvNYXbwRUxpguGY3WoLKnGFrF8ba64y7hXRzY7b1J05XsXLh_hyL8s6rqsLpTaQfWzZJM&sig=Cg0ArKJSzHv3qyml39QMEAE&id=lidar2&mcvt=1000&p=0,0,280,980&mtos=0,1000,1000,1000,1000&tos=0,1000,0,0,0&v=20230320&bin=7&avms=nio&bs=0,0&mc=0.95&if=1&vu=1&app=0&itpl=20&adk=1699950786&rs=2&la=1&cr=0&vs=4&r=v&rst=1679484748433&rpt=1168&met=ie&wmsd=0&pbe=0&vae=0&spb=0
142.250.74.66200 OK 42 B URL HTTP/2 pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst_mga5JkVoIOblsW3oD6PvNYXbwRUxpguGY3WoLKnGFrF8ba64y7hXRzY7b1J05XsXLh_hyL8s6rqsLpTaQfWzZJM&sig=Cg0ArKJSzHv3qyml39QMEAE&id=lidar2&mcvt=1000&p=0,0,280,980&mtos=0,1000,1000,1000,1000&tos=0,1000,0,0,0&v=20230320&bin=7&avms=nio&bs=0,0&mc=0.95&if=1&vu=1&app=0&itpl=20&adk=1699950786&rs=2&la=1&cr=0&vs=4&r=v&rst=1679484748433&rpt=1168&met=ie&wmsd=0&pbe=0&vae=0&spb=0
IP 142.250.74.66:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pcs/activeview?xai=AKAOjst_mga5JkVoIOblsW3oD6PvNYXbwRUxpguGY3WoLKnGFrF8ba64y7hXRzY7b1J05XsXLh_hyL8s6rqsLpTaQfWzZJM&sig=Cg0ArKJSzHv3qyml39QMEAE&id=lidar2&mcvt=1000&p=0,0,280,980&mtos=0,1000,1000,1000,1000&tos=0,1000,0,0,0&v=20230320&bin=7&avms=nio&bs=0,0&mc=0.95&if=1&vu=1&app=0&itpl=20&adk=1699950786&rs=2&la=1&cr=0&vs=4&r=v&rst=1679484748433&rpt=1168&met=ie&wmsd=0&pbe=0&vae=0&spb=0 HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://googleads.g.doubleclick.net/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-type: image/gif
date: Wed, 22 Mar 2023 11:32:25 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
csm.eu.criteo.net/all?cppv=3&cpp=OCe7mP66QQgE_wbkCz9LNQ08pfMMckYnFqKn8Rsx6shuvCbg_U3Er-LqFlpR2xC5zB-WN_eGtRh3jDCw0n9YQEA0npJAMJYWZ0b6SfiEHwd7V2BpNqaredYuvubxmjIfasO4vupZLJdWuaZTJkZqIMKXARZt_k-rbPArV7NMz2nkNOA7fS7ivie8wPW7TqcCuZ66-eydIQKpJ6b0dSUN3DSOP6DktqsK-gXfUwPB9qmQuydE5sRA1exitYSPZgaK7PfDSg&sds=2&rev=85392&sendBeacon=true
178.250.0.162200 OK 0 B URL HTTP/2 csm.eu.criteo.net/all?cppv=3&cpp=OCe7mP66QQgE_wbkCz9LNQ08pfMMckYnFqKn8Rsx6shuvCbg_U3Er-LqFlpR2xC5zB-WN_eGtRh3jDCw0n9YQEA0npJAMJYWZ0b6SfiEHwd7V2BpNqaredYuvubxmjIfasO4vupZLJdWuaZTJkZqIMKXARZt_k-rbPArV7NMz2nkNOA7fS7ivie8wPW7TqcCuZ66-eydIQKpJ6b0dSUN3DSOP6DktqsK-gXfUwPB9qmQuydE5sRA1exitYSPZgaK7PfDSg&sds=2&rev=85392&sendBeacon=true
IP 178.250.0.162:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /all?cppv=3&cpp=OCe7mP66QQgE_wbkCz9LNQ08pfMMckYnFqKn8Rsx6shuvCbg_U3Er-LqFlpR2xC5zB-WN_eGtRh3jDCw0n9YQEA0npJAMJYWZ0b6SfiEHwd7V2BpNqaredYuvubxmjIfasO4vupZLJdWuaZTJkZqIMKXARZt_k-rbPArV7NMz2nkNOA7fS7ivie8wPW7TqcCuZ66-eydIQKpJ6b0dSUN3DSOP6DktqsK-gXfUwPB9qmQuydE5sRA1exitYSPZgaK7PfDSg&sds=2&rev=85392&sendBeacon=true HTTP/1.1
Host: csm.eu.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 35
Origin: https://ads.eu.criteo.com
Connection: keep-alive
Referer: https://ads.eu.criteo.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 22 Mar 2023 11:32:25 GMT
server: Finatra
content-length: 0
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
csm.eu.criteo.net/all?cppv=3&cpp=j6RUBf66QQgE_wbkFEoT7h-3eYm5PvHZStEV_UGPW955ySa6SUIdyOgxiggu4Nh2ac2gmLorDo3iFXTE0iu_QI82BReLIho1tbG5KWlg2NgjHS5llZRjqZLIvnJ-YzQbfu4ogJaBsbbkZWouTMYTC2swb72eRnsmk7XvU4zYaPBxo8nQ8usy4OOLsWay5VzMreKlHbafjn0KqLEBiXDrCVRGXMj00MBosa7m0aXYbxZebeG26q7I2zIC9PFoen_ZhTGtIw&sds=2&rev=85392&sendBeacon=true
178.250.0.162200 OK 0 B URL HTTP/2 csm.eu.criteo.net/all?cppv=3&cpp=j6RUBf66QQgE_wbkFEoT7h-3eYm5PvHZStEV_UGPW955ySa6SUIdyOgxiggu4Nh2ac2gmLorDo3iFXTE0iu_QI82BReLIho1tbG5KWlg2NgjHS5llZRjqZLIvnJ-YzQbfu4ogJaBsbbkZWouTMYTC2swb72eRnsmk7XvU4zYaPBxo8nQ8usy4OOLsWay5VzMreKlHbafjn0KqLEBiXDrCVRGXMj00MBosa7m0aXYbxZebeG26q7I2zIC9PFoen_ZhTGtIw&sds=2&rev=85392&sendBeacon=true
IP 178.250.0.162:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /all?cppv=3&cpp=j6RUBf66QQgE_wbkFEoT7h-3eYm5PvHZStEV_UGPW955ySa6SUIdyOgxiggu4Nh2ac2gmLorDo3iFXTE0iu_QI82BReLIho1tbG5KWlg2NgjHS5llZRjqZLIvnJ-YzQbfu4ogJaBsbbkZWouTMYTC2swb72eRnsmk7XvU4zYaPBxo8nQ8usy4OOLsWay5VzMreKlHbafjn0KqLEBiXDrCVRGXMj00MBosa7m0aXYbxZebeG26q7I2zIC9PFoen_ZhTGtIw&sds=2&rev=85392&sendBeacon=true HTTP/1.1
Host: csm.eu.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 35
Origin: https://ads.eu.criteo.com
Connection: keep-alive
Referer: https://ads.eu.criteo.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 22 Mar 2023 11:32:25 GMT
server: Finatra
content-length: 0
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssX--b8BO9BUPuWIwHa4J6zO7zdOPbRzrYFJEu2XpXQFGNQqvGheHVRa9ekAKCmqKueUwGZpr2iwLpXeJpPKMyNs80&sig=Cg0ArKJSzKpvG19iTcojEAE&id=lidar2&mcvt=1016&p=0,0,124,1005&mtos=0,796,1016,1067,1067&tos=0,796,220,51,0&v=20230320&bin=7&avms=nio&bs=0,0&mc=0.76&if=1&vu=1&app=0&itpl=20&adk=1812271801&rs=2&la=0&cr=0&vs=4&r=v&rst=1679484749716&rpt=448&met=ie&wmsd=0&pbe=0&vae=0&spb=0
142.250.74.66200 OK 42 B URL HTTP/2 pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssX--b8BO9BUPuWIwHa4J6zO7zdOPbRzrYFJEu2XpXQFGNQqvGheHVRa9ekAKCmqKueUwGZpr2iwLpXeJpPKMyNs80&sig=Cg0ArKJSzKpvG19iTcojEAE&id=lidar2&mcvt=1016&p=0,0,124,1005&mtos=0,796,1016,1067,1067&tos=0,796,220,51,0&v=20230320&bin=7&avms=nio&bs=0,0&mc=0.76&if=1&vu=1&app=0&itpl=20&adk=1812271801&rs=2&la=0&cr=0&vs=4&r=v&rst=1679484749716&rpt=448&met=ie&wmsd=0&pbe=0&vae=0&spb=0
IP 142.250.74.66:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pcs/activeview?xai=AKAOjssX--b8BO9BUPuWIwHa4J6zO7zdOPbRzrYFJEu2XpXQFGNQqvGheHVRa9ekAKCmqKueUwGZpr2iwLpXeJpPKMyNs80&sig=Cg0ArKJSzKpvG19iTcojEAE&id=lidar2&mcvt=1016&p=0,0,124,1005&mtos=0,796,1016,1067,1067&tos=0,796,220,51,0&v=20230320&bin=7&avms=nio&bs=0,0&mc=0.76&if=1&vu=1&app=0&itpl=20&adk=1812271801&rs=2&la=0&cr=0&vs=4&r=v&rst=1679484749716&rpt=448&met=ie&wmsd=0&pbe=0&vae=0&spb=0 HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://googleads.g.doubleclick.net/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-type: image/gif
date: Wed, 22 Mar 2023 11:32:25 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
csm.eu.criteo.net/all?cppv=3&cpp=FSPEI_66QQgE_wbk_amkCaKRoyC3mmQch8f9L4KmfKEb0AZ4xKuV9IHDoHncEuv73xWRbDek5jvV5X8vdHsIQ86xJ-bQiLycyTul450dt0YFQsp-4VLPtM-pZcMk9ZOoF3foyBtSzzO6d9L4qB9AGot9FDgj9X-wASFGGXyHYpikjJe0cBarYa4IaHUR9o71nDFlg8zJYS4Nm153NysgGJQHd3PIJY1mM5fxvAGHbbzujZ8knxDh_5O6Ioo&sds=2&rev=85392&sendBeacon=true
178.250.0.162200 OK 0 B URL HTTP/2 csm.eu.criteo.net/all?cppv=3&cpp=FSPEI_66QQgE_wbk_amkCaKRoyC3mmQch8f9L4KmfKEb0AZ4xKuV9IHDoHncEuv73xWRbDek5jvV5X8vdHsIQ86xJ-bQiLycyTul450dt0YFQsp-4VLPtM-pZcMk9ZOoF3foyBtSzzO6d9L4qB9AGot9FDgj9X-wASFGGXyHYpikjJe0cBarYa4IaHUR9o71nDFlg8zJYS4Nm153NysgGJQHd3PIJY1mM5fxvAGHbbzujZ8knxDh_5O6Ioo&sds=2&rev=85392&sendBeacon=true
IP 178.250.0.162:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /all?cppv=3&cpp=FSPEI_66QQgE_wbk_amkCaKRoyC3mmQch8f9L4KmfKEb0AZ4xKuV9IHDoHncEuv73xWRbDek5jvV5X8vdHsIQ86xJ-bQiLycyTul450dt0YFQsp-4VLPtM-pZcMk9ZOoF3foyBtSzzO6d9L4qB9AGot9FDgj9X-wASFGGXyHYpikjJe0cBarYa4IaHUR9o71nDFlg8zJYS4Nm153NysgGJQHd3PIJY1mM5fxvAGHbbzujZ8knxDh_5O6Ioo&sds=2&rev=85392&sendBeacon=true HTTP/1.1
Host: csm.eu.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 35
Origin: https://ads.eu.criteo.com
Connection: keep-alive
Referer: https://ads.eu.criteo.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 22 Mar 2023 11:32:25 GMT
server: Finatra
content-length: 0
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4fefdf14-71ea-406c-8f95-a49ece04fd97.jpeg
34.120.237.76200 OK 3.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4fefdf14-71ea-406c-8f95-a49ece04fd97.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 81bb3fb1225b699271640895a4309319
33e6c4daa21f999f0b3130f776041c917aac790e
24caa8b21e95e372f4719070e3a475831e789b89fe20dd59ff9517b3f6958162
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4fefdf14-71ea-406c-8f95-a49ece04fd97.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 3438
x-amzn-requestid: 85967c4a-bccd-4646-b24e-c4c0f8d341f0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CEYaPGsqIAMFlZw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64180774-79bb7736727f71ba24fe8fa7;Sampled=0
x-amzn-remapped-date: Mon, 20 Mar 2023 07:12:52 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: IZAKTV5VsO0sHzRORgsCE-E9xbWUnHGcx_Tbl-Kcg2_IeVbSQ8Lg8w==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 5c7981a979abd51ba7e5ca7d464fd048.cloudfront.net (CloudFront), 1.1 google
date: Wed, 22 Mar 2023 07:43:13 GMT
age: 13757
etag: "33e6c4daa21f999f0b3130f776041c917aac790e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
sfile.mobi/downIoad/779882/197535/616578b445b4abad38e9d885e00e1c35/tugas-akhir-skripsi-tesis-distertasi.pdf&is=4c4abe8b272cc5947e81800d80fe8bb5
104.26.4.191302 Found 0 B URL HTTP/2 sfile.mobi/downIoad/779882/197535/616578b445b4abad38e9d885e00e1c35/tugas-akhir-skripsi-tesis-distertasi.pdf&is=4c4abe8b272cc5947e81800d80fe8bb5
IP 104.26.4.191:0
GET /downIoad/779882/197535/616578b445b4abad38e9d885e00e1c35/tugas-akhir-skripsi-tesis-distertasi.pdf&is=4c4abe8b272cc5947e81800d80fe8bb5 HTTP/1.1
Host: sfile.mobi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
date: Wed, 22 Mar 2023 11:32:21 GMT
content-type: text/html; charset=UTF-8
location: https://sfile.mobi/bqgdEUXpRu7
set-cookie: PHPSESSID=bqtm6opokaltkrcecnh4rn91l3; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-frame-options: DENY
vary: User-Agent
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=076H5A02OVKtITXoEJLX17k1FoO2P%2FZ6YHloqttDGFmRDOF3Rjy8ompuuao%2F3xhQUaX0N6XC9MbEoXNl%2Fy4OA1UYZ44rthG8h1OjnQYJ%2B98eXR6FB9aXU2r3xnk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7abe1d12ca0a1c12-OSL
X-Firefox-Spdy: h2
ads.eu.criteo.com/delivery/r/afr.php?z=ZBrnRwABrfIKGcoMAArkoDG2epcR8cRpt87qzQ&u=%7Ce6iyrLb%2FZB54UBnpSWGwS9CVqML%2BQ6agefckSVIWczQ%3D%7C&c1=0n2XosTo5ckbeNFvq0zVIcsyhyT3WKD0PIixkNz--ZUG2JILUkurhSkBmqMNl2IWHL9APLQJ6z1MiR3q3hC8618mI1Sw7KdvHgNAxnna1OJ324DfFpyxtoFx68dIB867OH_SdB27eEKwDsxsIsCeBp1RATkQh0qpzekM-FFPdD6I86sUQjrBqqEOi2uYhz_RyE-4zqE8U8IBfzpeoGCO7Ge458yFUnKuHPMJLINcZhlHvOBpsQOUOA8CCF9_XVojyZmQ8k6Rx8jxLAv0KHCAxoYeY5r5Fnj7bFjYAb6k4vVFga4hk8_evcoTJdAbweYQHzwhzWQx0-9lTK-rU_gPwIwybjTmdP4iWbM5IpMmmAYSSvi4qrWlb4X9cATBdO8y418AOQtMmyZmisIne35yrVvqeKiQ9wF1I39hLZ3HJDnpmiR_PIZUNUQe5_vksH0Mx1TD8j_tNNSBwhUiD_Eof7bHAA2ddzm1gt2AqdI05UY-UdMh9RsCpn3Llq6fn792G4tuRuZpq7ARSjlFZy0RztA9fv5KtV442THk6ZuCbLkp9wbXu96cTKPlog9KRpf7Ks-6v4mQb9Z2plH8bYvgFw&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCHAQCR-caZPLbBoyUZ6DJq5AFyZ7SsVy9jpf3cMCNtwEQASAAYMOEgICYGIIBF2NhLXB1Yi04NjI0NTE2NzA0OTE4MDg2yAEJqQJGzGTFdBGyPqgDAaoEsAFP0KJD9DgktnwqyBTVlRuLb6FxIouRlR26DFaIXsvU1opNOPUJx8ByJ-cnHDzZbLxcuZHYZH-8P0i0peE0sbZAYuxNbFn0MLMRfjDFfDNfBtisj_-OB4UkMZJBGQvbyQCVxW4lw2S8PHvU2LKVf27fHtEsvxkm4yL1_rKy946hkwfYkf3BLQw_pGg68K46jcubMuGrBFp5U2MegI8vtmwpQO8zj_eBYKnE69agH6C0iYAGo4nZrNr2yIZQoAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_1qt7rdLwiqYm1au1jQ7Og0vJuv2g%26client%3Dca-pub-8624516704918086%26adurl%3D
178.250.0.138200 OK 0 B URL HTTP/2 ads.eu.criteo.com/delivery/r/afr.php?z=ZBrnRwABrfIKGcoMAArkoDG2epcR8cRpt87qzQ&u=%7Ce6iyrLb%2FZB54UBnpSWGwS9CVqML%2BQ6agefckSVIWczQ%3D%7C&c1=0n2XosTo5ckbeNFvq0zVIcsyhyT3WKD0PIixkNz--ZUG2JILUkurhSkBmqMNl2IWHL9APLQJ6z1MiR3q3hC8618mI1Sw7KdvHgNAxnna1OJ324DfFpyxtoFx68dIB867OH_SdB27eEKwDsxsIsCeBp1RATkQh0qpzekM-FFPdD6I86sUQjrBqqEOi2uYhz_RyE-4zqE8U8IBfzpeoGCO7Ge458yFUnKuHPMJLINcZhlHvOBpsQOUOA8CCF9_XVojyZmQ8k6Rx8jxLAv0KHCAxoYeY5r5Fnj7bFjYAb6k4vVFga4hk8_evcoTJdAbweYQHzwhzWQx0-9lTK-rU_gPwIwybjTmdP4iWbM5IpMmmAYSSvi4qrWlb4X9cATBdO8y418AOQtMmyZmisIne35yrVvqeKiQ9wF1I39hLZ3HJDnpmiR_PIZUNUQe5_vksH0Mx1TD8j_tNNSBwhUiD_Eof7bHAA2ddzm1gt2AqdI05UY-UdMh9RsCpn3Llq6fn792G4tuRuZpq7ARSjlFZy0RztA9fv5KtV442THk6ZuCbLkp9wbXu96cTKPlog9KRpf7Ks-6v4mQb9Z2plH8bYvgFw&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCHAQCR-caZPLbBoyUZ6DJq5AFyZ7SsVy9jpf3cMCNtwEQASAAYMOEgICYGIIBF2NhLXB1Yi04NjI0NTE2NzA0OTE4MDg2yAEJqQJGzGTFdBGyPqgDAaoEsAFP0KJD9DgktnwqyBTVlRuLb6FxIouRlR26DFaIXsvU1opNOPUJx8ByJ-cnHDzZbLxcuZHYZH-8P0i0peE0sbZAYuxNbFn0MLMRfjDFfDNfBtisj_-OB4UkMZJBGQvbyQCVxW4lw2S8PHvU2LKVf27fHtEsvxkm4yL1_rKy946hkwfYkf3BLQw_pGg68K46jcubMuGrBFp5U2MegI8vtmwpQO8zj_eBYKnE69agH6C0iYAGo4nZrNr2yIZQoAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_1qt7rdLwiqYm1au1jQ7Og0vJuv2g%26client%3Dca-pub-8624516704918086%26adurl%3D
IP 178.250.0.138:0
GET /delivery/r/afr.php?z=ZBrnRwABrfIKGcoMAArkoDG2epcR8cRpt87qzQ&u=%7Ce6iyrLb%2FZB54UBnpSWGwS9CVqML%2BQ6agefckSVIWczQ%3D%7C&c1=0n2XosTo5ckbeNFvq0zVIcsyhyT3WKD0PIixkNz--ZUG2JILUkurhSkBmqMNl2IWHL9APLQJ6z1MiR3q3hC8618mI1Sw7KdvHgNAxnna1OJ324DfFpyxtoFx68dIB867OH_SdB27eEKwDsxsIsCeBp1RATkQh0qpzekM-FFPdD6I86sUQjrBqqEOi2uYhz_RyE-4zqE8U8IBfzpeoGCO7Ge458yFUnKuHPMJLINcZhlHvOBpsQOUOA8CCF9_XVojyZmQ8k6Rx8jxLAv0KHCAxoYeY5r5Fnj7bFjYAb6k4vVFga4hk8_evcoTJdAbweYQHzwhzWQx0-9lTK-rU_gPwIwybjTmdP4iWbM5IpMmmAYSSvi4qrWlb4X9cATBdO8y418AOQtMmyZmisIne35yrVvqeKiQ9wF1I39hLZ3HJDnpmiR_PIZUNUQe5_vksH0Mx1TD8j_tNNSBwhUiD_Eof7bHAA2ddzm1gt2AqdI05UY-UdMh9RsCpn3Llq6fn792G4tuRuZpq7ARSjlFZy0RztA9fv5KtV442THk6ZuCbLkp9wbXu96cTKPlog9KRpf7Ks-6v4mQb9Z2plH8bYvgFw&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCHAQCR-caZPLbBoyUZ6DJq5AFyZ7SsVy9jpf3cMCNtwEQASAAYMOEgICYGIIBF2NhLXB1Yi04NjI0NTE2NzA0OTE4MDg2yAEJqQJGzGTFdBGyPqgDAaoEsAFP0KJD9DgktnwqyBTVlRuLb6FxIouRlR26DFaIXsvU1opNOPUJx8ByJ-cnHDzZbLxcuZHYZH-8P0i0peE0sbZAYuxNbFn0MLMRfjDFfDNfBtisj_-OB4UkMZJBGQvbyQCVxW4lw2S8PHvU2LKVf27fHtEsvxkm4yL1_rKy946hkwfYkf3BLQw_pGg68K46jcubMuGrBFp5U2MegI8vtmwpQO8zj_eBYKnE69agH6C0iYAGo4nZrNr2yIZQoAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_1qt7rdLwiqYm1au1jQ7Og0vJuv2g%26client%3Dca-pub-8624516704918086%26adurl%3D HTTP/1.1
Host: ads.eu.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 22 Mar 2023 11:32:23 GMT
content-type: text/html
server: Kestrel
cache-control: private, max-age=0, no-cache
pragma: no-cache
expires: Mon, 26 Jul 1997 05:00:00 GMT
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cross-origin-resource-policy: cross-origin
p3p: CP='CUR ADM OUR NOR STA NID'
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=j6RUBf66QQgE_wbkFEoT7h-3eYm5PvHZStEV_UGPW955ySa6SUIdyOgxiggu4Nh2ac2gmLorDo3iFXTE0iu_QI82BReLIho1tbG5KWlg2NgjHS5llZRjqZLIvnJ-YzQbfu4ogJaBsbbkZWouTMYTC2swb72eRnsmk7XvU4zYaPBxo8nQ8usy4OOLsWay5VzMreKlHbafjn0KqLEBiXDrCVRGXMj00MBosa7m0aXYbxZebeG26q7I2zIC9PFoen_ZhTGtIw"}], "max_age": 86400}
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
server-processing-duration-in-ticks: 80084118
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
sfile.mobi/icon/smallicon/apk.svg
104.26.4.191200 OK 0 B URL HTTP/2 sfile.mobi/icon/smallicon/apk.svg
IP 104.26.4.191:0
Analyzer Verdict Alert fortinet Malware
GET /icon/smallicon/apk.svg HTTP/1.1
Host: sfile.mobi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sfile.mobi/bqgdEUXpRu7
Cookie: PHPSESSID=bqtm6opokaltkrcecnh4rn91l3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 22 Mar 2023 11:32:22 GMT
content-type: image/svg+xml
last-modified: Sun, 23 Jul 2017 05:51:20 GMT
etag: W/"995-554f5afff0600-gzip"
cache-control: max-age=604800
expires: Sun, 26 Mar 2023 22:53:17 GMT
vary: Accept-Encoding,User-Agent
x-frame-options: DENY
cf-cache-status: HIT
age: 218345
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UZJ47aUVNrlavLm32tSl7vb5XP39pTQ7%2FaTW7VxTQ83Hob6XbwYv1NyuPW5f37VowYo0Eqx4rMg7Br%2BC9OTeBRotbYKy2TP1WfKQGVR%2BqVSCUNQWYdyIS%2FRVygU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7abe1d1818471c12-OSL
content-encoding: br
X-Firefox-Spdy: h2
sfile.mobi/img/Sfile-Logo.svg
104.26.4.191200 OK 0 B URL HTTP/2 sfile.mobi/img/Sfile-Logo.svg
IP 104.26.4.191:0
Analyzer Verdict Alert fortinet Malware
GET /img/Sfile-Logo.svg HTTP/1.1
Host: sfile.mobi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sfile.mobi/bqgdEUXpRu7
Cookie: PHPSESSID=bqtm6opokaltkrcecnh4rn91l3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 22 Mar 2023 11:32:22 GMT
content-type: image/svg+xml
last-modified: Mon, 05 Oct 2020 09:51:24 GMT
etag: W/"15b1-5b0e96cdf5f00-gzip"
cache-control: max-age=604800
expires: Sat, 25 Mar 2023 12:04:55 GMT
vary: Accept-Encoding,User-Agent
x-frame-options: DENY
cf-cache-status: HIT
age: 343647
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cYdk5t%2FfPcQbj1vAYPQZ4AshUOwbCF8Y6iNJDs7ZTJWOZxiBBcPktDn%2FpGcOVbzzUmT7VCA79Tb%2Fgfe7zhJ%2BGqYiUPdiWogvlb78LNQAoL%2FaKNDGDAD7LfyxJO8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7abe1d1818431c12-OSL
content-encoding: br
X-Firefox-Spdy: h2
cat.fr.eu.criteo.com/delivery/lg.php?cppv=3&cpp=QRSqwCQZZAgpMUmg9__bTmPkCfJ44X0Zz_7soSW9kK8q9E2Z86Iro-px_lybBjinhRyCaS3CJmLA2ytH-w9S1cvHX4nlJhQ8VEFtztuQR2KnQ_pmNyTRiCiu_AGasMG3fC7sOWgsO2bVjEJwfeKeXN1Sb8E22-crpNykT7TqodEIOi-bVxHPxfhRqnQea7cvCdCN7A15Eo0H6KyjYOiAbfa-XuZlbXRJ7E4yFYv0fufSxwM5yYqidluMGazxFXy4U2XcDv7slX6td6Jr-aaML400rMv_CdO7N0foS5kCcuqnI0u8Bao3AgJJZw93QO50j5iWHTeMQh0GJ4_mBgZrD8CyojcPG7Ar4yoO0xc2KOYNy3hI5po7rjTkQjaXE4RbUtkr_ZNMMVzaUs2RykppCXMmpJk7fZAj4iUl6136PGgekbdH
178.250.0.160200 OK 0 B URL HTTP/2 cat.fr.eu.criteo.com/delivery/lg.php?cppv=3&cpp=QRSqwCQZZAgpMUmg9__bTmPkCfJ44X0Zz_7soSW9kK8q9E2Z86Iro-px_lybBjinhRyCaS3CJmLA2ytH-w9S1cvHX4nlJhQ8VEFtztuQR2KnQ_pmNyTRiCiu_AGasMG3fC7sOWgsO2bVjEJwfeKeXN1Sb8E22-crpNykT7TqodEIOi-bVxHPxfhRqnQea7cvCdCN7A15Eo0H6KyjYOiAbfa-XuZlbXRJ7E4yFYv0fufSxwM5yYqidluMGazxFXy4U2XcDv7slX6td6Jr-aaML400rMv_CdO7N0foS5kCcuqnI0u8Bao3AgJJZw93QO50j5iWHTeMQh0GJ4_mBgZrD8CyojcPG7Ar4yoO0xc2KOYNy3hI5po7rjTkQjaXE4RbUtkr_ZNMMVzaUs2RykppCXMmpJk7fZAj4iUl6136PGgekbdH
IP 178.250.0.160:0
GET /delivery/lg.php?cppv=3&cpp=QRSqwCQZZAgpMUmg9__bTmPkCfJ44X0Zz_7soSW9kK8q9E2Z86Iro-px_lybBjinhRyCaS3CJmLA2ytH-w9S1cvHX4nlJhQ8VEFtztuQR2KnQ_pmNyTRiCiu_AGasMG3fC7sOWgsO2bVjEJwfeKeXN1Sb8E22-crpNykT7TqodEIOi-bVxHPxfhRqnQea7cvCdCN7A15Eo0H6KyjYOiAbfa-XuZlbXRJ7E4yFYv0fufSxwM5yYqidluMGazxFXy4U2XcDv7slX6td6Jr-aaML400rMv_CdO7N0foS5kCcuqnI0u8Bao3AgJJZw93QO50j5iWHTeMQh0GJ4_mBgZrD8CyojcPG7Ar4yoO0xc2KOYNy3hI5po7rjTkQjaXE4RbUtkr_ZNMMVzaUs2RykppCXMmpJk7fZAj4iUl6136PGgekbdH HTTP/1.1
Host: cat.fr.eu.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.eu.criteo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Wed, 22 Mar 2023 11:32:23 GMT
content-type: image/gif
server: Kestrel
cache-control: no-cache
pragma: no-cache
expires: Mon, 26 Jul 1997 05:00:00 GMT
cross-origin-resource-policy: cross-origin
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
server-processing-duration-in-ticks: 2805012
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
cat.fr.eu.criteo.com/delivery/lg.php?cppv=3&cpp=FvMN1gVYFSihVjNm3k54cQA4C8IaA-HlQG3HBMHryEuJtSGvztOCFDrGhNhRbDnM8eIhtNHpbzkWNdYBl0AOptj-gBAkJnhmplGRHzseaPEDwFscuX-olTCadFQa9IJEyj5xaEAYG7iz7R2xfKdWMgN0r-vRitGMvyWM_qbT9jyf73GdKU6Y5saWRflX2jKcbz1Gi-I2bDriCuyPpzNjC8KeTXdyWWfg_0cT5S13OIR_VVPt4PY-J_fMdb-2uHzRvsdXuAEWpQtkhyEVgrWLweH0qFvABEg0g8OmH4h-jXcMXADsWem6daA0rL9eYcEVq6S3jQ56JngIYUue_Da5MSlZw7faX0MUBIuzibmtwRNCpvalGnHXfIBvjnb72sU-LCO-KgMHLz0iwkj6c4sqD4zuZJQ0bH5sFNbJncyyQkz-DXlm
178.250.0.160200 OK 0 B URL HTTP/2 cat.fr.eu.criteo.com/delivery/lg.php?cppv=3&cpp=FvMN1gVYFSihVjNm3k54cQA4C8IaA-HlQG3HBMHryEuJtSGvztOCFDrGhNhRbDnM8eIhtNHpbzkWNdYBl0AOptj-gBAkJnhmplGRHzseaPEDwFscuX-olTCadFQa9IJEyj5xaEAYG7iz7R2xfKdWMgN0r-vRitGMvyWM_qbT9jyf73GdKU6Y5saWRflX2jKcbz1Gi-I2bDriCuyPpzNjC8KeTXdyWWfg_0cT5S13OIR_VVPt4PY-J_fMdb-2uHzRvsdXuAEWpQtkhyEVgrWLweH0qFvABEg0g8OmH4h-jXcMXADsWem6daA0rL9eYcEVq6S3jQ56JngIYUue_Da5MSlZw7faX0MUBIuzibmtwRNCpvalGnHXfIBvjnb72sU-LCO-KgMHLz0iwkj6c4sqD4zuZJQ0bH5sFNbJncyyQkz-DXlm
IP 178.250.0.160:0
GET /delivery/lg.php?cppv=3&cpp=FvMN1gVYFSihVjNm3k54cQA4C8IaA-HlQG3HBMHryEuJtSGvztOCFDrGhNhRbDnM8eIhtNHpbzkWNdYBl0AOptj-gBAkJnhmplGRHzseaPEDwFscuX-olTCadFQa9IJEyj5xaEAYG7iz7R2xfKdWMgN0r-vRitGMvyWM_qbT9jyf73GdKU6Y5saWRflX2jKcbz1Gi-I2bDriCuyPpzNjC8KeTXdyWWfg_0cT5S13OIR_VVPt4PY-J_fMdb-2uHzRvsdXuAEWpQtkhyEVgrWLweH0qFvABEg0g8OmH4h-jXcMXADsWem6daA0rL9eYcEVq6S3jQ56JngIYUue_Da5MSlZw7faX0MUBIuzibmtwRNCpvalGnHXfIBvjnb72sU-LCO-KgMHLz0iwkj6c4sqD4zuZJQ0bH5sFNbJncyyQkz-DXlm HTTP/1.1
Host: cat.fr.eu.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.eu.criteo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Wed, 22 Mar 2023 11:32:24 GMT
content-type: image/gif
server: Kestrel
cache-control: no-cache
pragma: no-cache
expires: Mon, 26 Jul 1997 05:00:00 GMT
cross-origin-resource-policy: cross-origin
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
server-processing-duration-in-ticks: 2551820
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
cat.fr.eu.criteo.com/delivery/lg.php?cppv=3&cpp=tec63P_tgtRZSadEdVDr8Gxc-PrA4TLbQplPXCci-C8seZ2YuxnA3HdSQadECN2MZnI9hmiJdLWv7YvQqDbjqtgdtN1PR2p5mGe3UuNqWgsVxizeRVKJr4yd6Vncx3Q4TtkmQ7jTaa92xMGM5L0IiZ7--lsXO4iWbPcsQT3aOKhHsHrAa5rgbdoitU57N5xOxgu5_4ldhjbL3RBkCEkQMoJ1sAkw3jCczGllLT9qcEjob-ZZx5CUZ1ZiQkxuGA68-TtwoyjYCS2Mdo835-0yZC_oA3cnoISQxi4mCsjXZMQOn4lsyO_Rotg8vYWOvBg_1aWneps6eA7DsqiBJbnmWpY6Xu8L7_erPORqFhvGiXu5DxRGW0jnTj-PD_f2j8klm_kfEXTVQvrqtF4DCcLsBgDulBcND3IrJSCLt1ib5-SsR9f_
178.250.0.160200 OK 0 B URL HTTP/2 cat.fr.eu.criteo.com/delivery/lg.php?cppv=3&cpp=tec63P_tgtRZSadEdVDr8Gxc-PrA4TLbQplPXCci-C8seZ2YuxnA3HdSQadECN2MZnI9hmiJdLWv7YvQqDbjqtgdtN1PR2p5mGe3UuNqWgsVxizeRVKJr4yd6Vncx3Q4TtkmQ7jTaa92xMGM5L0IiZ7--lsXO4iWbPcsQT3aOKhHsHrAa5rgbdoitU57N5xOxgu5_4ldhjbL3RBkCEkQMoJ1sAkw3jCczGllLT9qcEjob-ZZx5CUZ1ZiQkxuGA68-TtwoyjYCS2Mdo835-0yZC_oA3cnoISQxi4mCsjXZMQOn4lsyO_Rotg8vYWOvBg_1aWneps6eA7DsqiBJbnmWpY6Xu8L7_erPORqFhvGiXu5DxRGW0jnTj-PD_f2j8klm_kfEXTVQvrqtF4DCcLsBgDulBcND3IrJSCLt1ib5-SsR9f_
IP 178.250.0.160:0
GET /delivery/lg.php?cppv=3&cpp=tec63P_tgtRZSadEdVDr8Gxc-PrA4TLbQplPXCci-C8seZ2YuxnA3HdSQadECN2MZnI9hmiJdLWv7YvQqDbjqtgdtN1PR2p5mGe3UuNqWgsVxizeRVKJr4yd6Vncx3Q4TtkmQ7jTaa92xMGM5L0IiZ7--lsXO4iWbPcsQT3aOKhHsHrAa5rgbdoitU57N5xOxgu5_4ldhjbL3RBkCEkQMoJ1sAkw3jCczGllLT9qcEjob-ZZx5CUZ1ZiQkxuGA68-TtwoyjYCS2Mdo835-0yZC_oA3cnoISQxi4mCsjXZMQOn4lsyO_Rotg8vYWOvBg_1aWneps6eA7DsqiBJbnmWpY6Xu8L7_erPORqFhvGiXu5DxRGW0jnTj-PD_f2j8klm_kfEXTVQvrqtF4DCcLsBgDulBcND3IrJSCLt1ib5-SsR9f_ HTTP/1.1
Host: cat.fr.eu.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.eu.criteo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Wed, 22 Mar 2023 11:32:23 GMT
content-type: image/gif
server: Kestrel
cache-control: no-cache
pragma: no-cache
expires: Mon, 26 Jul 1997 05:00:00 GMT
cross-origin-resource-policy: cross-origin
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
server-processing-duration-in-ticks: 2778647
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
static.criteo.net/flash/icon/criteo_logo_2021.svg
178.250.1.3200 OK 0 B URL HTTP/2 static.criteo.net/flash/icon/criteo_logo_2021.svg
IP 178.250.1.3:0
GET /flash/icon/criteo_logo_2021.svg HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.eu.criteo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 22 Mar 2023 11:32:23 GMT
content-type: image/svg+xml
last-modified: Thu, 27 May 2021 13:21:59 GMT
etag: W/"60af9cf7-891"
expires: Sat, 16 Mar 2024 11:32:23 GMT
cache-control: max-age=31104000, public
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
ads.eu.criteo.com/delivery/r/afr.php?z=ZBrnRwABkXoKwkRhAAPJP3osynVqaKjAZV_0Hw&u=%7Ce6iyrLb%2FZB5djZAcygkuscre3SnJUPWOcNbnJqfr5UI%3D%7C&c1=0n2XosTo5ckbeNFvq0zVIcsyhyT3WKD0PIixkNz--ZUG2JILUkurhSkBmqMNl2IWHL9APLQJ6z1MiR3q3hC8618mI1Sw7KdvT50u3R-l4yGSMbSGLx-i-1qMcf13ZK-NlHv12TCBldg1KUEcozk5YkEdvN0Nnwrg9CB2Om6k7Mh6FeF1Nmaav88rAtMyu5T8TtcOYQgoLkErp0CCKA1zVF3tHdHY4fTlgfRuOFnsILsviPHQNn2TiInoP44ZAkxMrTuU4nt8j2Ca4UnEuiLYp0Ta6pZUPTcqR8FvNu0-t6A-AQ3DFX9cH4h5a6nJmxqs1_rB-DnDuGnrqkwk_CZraGnCsW6eyo4M_V2RZtVIQfYWh_oZj0AQJlxdoU5riAYr3b0WEVdtQjeSCLWCbQYECC6oZHrclskQG6vGxgyaBS2W7cArM0JYdc8_EXnGOx79l0Gcxm1SKuxOT8-P0NtHDiijHYrxGQS1Eor20yBFay_9c-uhVsWd9d06vnPrhTHglHMV2xH0at9OFlHENiaFaeb5T6sZNA9dbADajER1JTeG5eVW7Zt55iUC1u49fWw836tWSwW_LWUuydyM9noCj8Fc08Y9zFEZ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCE_7ZR-caZPqiBuGIiQa_ko-IB8me0rFcvemV93DAjbcBEAEgAGDDhICAmBiCARdjYS1wdWItODYyNDUxNjcwNDkxODA4NsgBCakCBDZNAzURsj6oAwGqBOMBT9CCe01dbSA1PKeA01xUJXLLletSXEWWBta36kKTmKXgn0FU-23X5NxcSX0ZKDXi4yZkVcfvY3HEVLd4lFfwm-QjMDlrC5NDDUMZfiFtd-grI6bxfEwdcRNZA4cgsxXC0DqI24ndho4aU_w9vaNMzMj4BprW67mn6IdbrbvTrjzdC5ICZcy1VPE4psZ1TXQ6Kh43tXG8DwfhO4YsZjYMyi9rJ7GI_bbJlo97baRN5vbOGSDNY3XcrySrsa4XFtShNfsPwoeQ8rePus0V4q6FI6JGJ4xhH7aFPY0eNHeCQ9uKgCyABuWdo9n_-OHMEKAGIagHpr4bqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3fP2VvPV0Dc0zuXZ-Mex01YZOb4Q%26client%3Dca-pub-8624516704918086%26adurl%3D
178.250.0.138200 OK 0 B URL HTTP/2 ads.eu.criteo.com/delivery/r/afr.php?z=ZBrnRwABkXoKwkRhAAPJP3osynVqaKjAZV_0Hw&u=%7Ce6iyrLb%2FZB5djZAcygkuscre3SnJUPWOcNbnJqfr5UI%3D%7C&c1=0n2XosTo5ckbeNFvq0zVIcsyhyT3WKD0PIixkNz--ZUG2JILUkurhSkBmqMNl2IWHL9APLQJ6z1MiR3q3hC8618mI1Sw7KdvT50u3R-l4yGSMbSGLx-i-1qMcf13ZK-NlHv12TCBldg1KUEcozk5YkEdvN0Nnwrg9CB2Om6k7Mh6FeF1Nmaav88rAtMyu5T8TtcOYQgoLkErp0CCKA1zVF3tHdHY4fTlgfRuOFnsILsviPHQNn2TiInoP44ZAkxMrTuU4nt8j2Ca4UnEuiLYp0Ta6pZUPTcqR8FvNu0-t6A-AQ3DFX9cH4h5a6nJmxqs1_rB-DnDuGnrqkwk_CZraGnCsW6eyo4M_V2RZtVIQfYWh_oZj0AQJlxdoU5riAYr3b0WEVdtQjeSCLWCbQYECC6oZHrclskQG6vGxgyaBS2W7cArM0JYdc8_EXnGOx79l0Gcxm1SKuxOT8-P0NtHDiijHYrxGQS1Eor20yBFay_9c-uhVsWd9d06vnPrhTHglHMV2xH0at9OFlHENiaFaeb5T6sZNA9dbADajER1JTeG5eVW7Zt55iUC1u49fWw836tWSwW_LWUuydyM9noCj8Fc08Y9zFEZ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCE_7ZR-caZPqiBuGIiQa_ko-IB8me0rFcvemV93DAjbcBEAEgAGDDhICAmBiCARdjYS1wdWItODYyNDUxNjcwNDkxODA4NsgBCakCBDZNAzURsj6oAwGqBOMBT9CCe01dbSA1PKeA01xUJXLLletSXEWWBta36kKTmKXgn0FU-23X5NxcSX0ZKDXi4yZkVcfvY3HEVLd4lFfwm-QjMDlrC5NDDUMZfiFtd-grI6bxfEwdcRNZA4cgsxXC0DqI24ndho4aU_w9vaNMzMj4BprW67mn6IdbrbvTrjzdC5ICZcy1VPE4psZ1TXQ6Kh43tXG8DwfhO4YsZjYMyi9rJ7GI_bbJlo97baRN5vbOGSDNY3XcrySrsa4XFtShNfsPwoeQ8rePus0V4q6FI6JGJ4xhH7aFPY0eNHeCQ9uKgCyABuWdo9n_-OHMEKAGIagHpr4bqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3fP2VvPV0Dc0zuXZ-Mex01YZOb4Q%26client%3Dca-pub-8624516704918086%26adurl%3D
IP 178.250.0.138:0
GET /delivery/r/afr.php?z=ZBrnRwABkXoKwkRhAAPJP3osynVqaKjAZV_0Hw&u=%7Ce6iyrLb%2FZB5djZAcygkuscre3SnJUPWOcNbnJqfr5UI%3D%7C&c1=0n2XosTo5ckbeNFvq0zVIcsyhyT3WKD0PIixkNz--ZUG2JILUkurhSkBmqMNl2IWHL9APLQJ6z1MiR3q3hC8618mI1Sw7KdvT50u3R-l4yGSMbSGLx-i-1qMcf13ZK-NlHv12TCBldg1KUEcozk5YkEdvN0Nnwrg9CB2Om6k7Mh6FeF1Nmaav88rAtMyu5T8TtcOYQgoLkErp0CCKA1zVF3tHdHY4fTlgfRuOFnsILsviPHQNn2TiInoP44ZAkxMrTuU4nt8j2Ca4UnEuiLYp0Ta6pZUPTcqR8FvNu0-t6A-AQ3DFX9cH4h5a6nJmxqs1_rB-DnDuGnrqkwk_CZraGnCsW6eyo4M_V2RZtVIQfYWh_oZj0AQJlxdoU5riAYr3b0WEVdtQjeSCLWCbQYECC6oZHrclskQG6vGxgyaBS2W7cArM0JYdc8_EXnGOx79l0Gcxm1SKuxOT8-P0NtHDiijHYrxGQS1Eor20yBFay_9c-uhVsWd9d06vnPrhTHglHMV2xH0at9OFlHENiaFaeb5T6sZNA9dbADajER1JTeG5eVW7Zt55iUC1u49fWw836tWSwW_LWUuydyM9noCj8Fc08Y9zFEZ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCE_7ZR-caZPqiBuGIiQa_ko-IB8me0rFcvemV93DAjbcBEAEgAGDDhICAmBiCARdjYS1wdWItODYyNDUxNjcwNDkxODA4NsgBCakCBDZNAzURsj6oAwGqBOMBT9CCe01dbSA1PKeA01xUJXLLletSXEWWBta36kKTmKXgn0FU-23X5NxcSX0ZKDXi4yZkVcfvY3HEVLd4lFfwm-QjMDlrC5NDDUMZfiFtd-grI6bxfEwdcRNZA4cgsxXC0DqI24ndho4aU_w9vaNMzMj4BprW67mn6IdbrbvTrjzdC5ICZcy1VPE4psZ1TXQ6Kh43tXG8DwfhO4YsZjYMyi9rJ7GI_bbJlo97baRN5vbOGSDNY3XcrySrsa4XFtShNfsPwoeQ8rePus0V4q6FI6JGJ4xhH7aFPY0eNHeCQ9uKgCyABuWdo9n_-OHMEKAGIagHpr4bqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3fP2VvPV0Dc0zuXZ-Mex01YZOb4Q%26client%3Dca-pub-8624516704918086%26adurl%3D HTTP/1.1
Host: ads.eu.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 22 Mar 2023 11:32:24 GMT
content-type: text/html
server: Kestrel
cache-control: private, max-age=0, no-cache
pragma: no-cache
expires: Mon, 26 Jul 1997 05:00:00 GMT
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cross-origin-resource-policy: cross-origin
p3p: CP='CUR ADM OUR NOR STA NID'
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=FSPEI_66QQgE_wbk_amkCaKRoyC3mmQch8f9L4KmfKEb0AZ4xKuV9IHDoHncEuv73xWRbDek5jvV5X8vdHsIQ86xJ-bQiLycyTul450dt0YFQsp-4VLPtM-pZcMk9ZOoF3foyBtSzzO6d9L4qB9AGot9FDgj9X-wASFGGXyHYpikjJe0cBarYa4IaHUR9o71nDFlg8zJYS4Nm153NysgGJQHd3PIJY1mM5fxvAGHbbzujZ8knxDh_5O6Ioo"}], "max_age": 86400}
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
server-processing-duration-in-ticks: 30363560
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
sfile.mobi/includes/main-min.css
104.26.4.191200 OK 0 B URL HTTP/2 sfile.mobi/includes/main-min.css
IP 104.26.4.191:0
GET /includes/main-min.css HTTP/1.1
Host: sfile.mobi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sfile.mobi/bqgdEUXpRu7
Cookie: PHPSESSID=bqtm6opokaltkrcecnh4rn91l3
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 22 Mar 2023 11:32:22 GMT
content-type: text/css; charset=utf-8
last-modified: Sat, 05 Nov 2022 06:53:42 GMT
etag: W/"68ea-5ecb3a69a8980-gzip"
cache-control: max-age=2592000
expires: Sun, 16 Apr 2023 11:31:39 GMT
vary: Accept-Encoding,User-Agent
x-frame-options: DENY
cf-cache-status: HIT
age: 432043
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rmu2E0RCGDEK6J7m1RasqeVgTTnQvchFhu%2FKEPzxenUO6Hv2QhbhERQaucG3VsGue%2FI%2F1D54fNXGLT%2Fwg8SJT8jL3OyggslB51d%2BCkEPk2zoOV9RnvWrgov%2F%2BH4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7abe1d18083d1c12-OSL
content-encoding: br
X-Firefox-Spdy: h2
elevation.lu/download/Launcher.exe
172.67.216.138200 OK 0 B URL HTTP/2 elevation.lu/download/Launcher.exe
IP 172.67.216.138:0
GET /download/Launcher.exe HTTP/1.1
Host: elevation.lu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 22 Mar 2023 11:32:22 GMT
content-type: application/x-msdownload
content-length: 749816247
last-modified: Tue, 21 Mar 2023 14:14:52 GMT
cache-control: max-age=120
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IePoTKUJ8Be%2Bqwo%2F7tbDs%2FdFxrlHgtgEDZkMMOznsI7X4lFhGs9Ecz8WOd4pMqVOONpaSrqIDQs4%2BRr%2BeEk9Y%2Fhle5n5g0YYApkMcmVAf8yNDPhxOsv1EYLc3hWKdc8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7abe1d16cde9069b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
sfile.mobi/icon/smallicon/file.svg
104.26.4.191200 OK 0 B URL HTTP/2 sfile.mobi/icon/smallicon/file.svg
IP 104.26.4.191:0
Analyzer Verdict Alert fortinet Malware
GET /icon/smallicon/file.svg HTTP/1.1
Host: sfile.mobi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sfile.mobi/bqgdEUXpRu7
Cookie: PHPSESSID=bqtm6opokaltkrcecnh4rn91l3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 22 Mar 2023 11:32:22 GMT
content-type: image/svg+xml
last-modified: Sun, 23 Jul 2017 04:59:39 GMT
etag: W/"274-554f4f72984c0-gzip"
cache-control: max-age=604800
expires: Fri, 24 Mar 2023 04:05:17 GMT
vary: Accept-Encoding,User-Agent
x-frame-options: DENY
cf-cache-status: HIT
age: 458825
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K%2FHFUWiRaEkx7GspBzrZ%2FQMKuLjfUkivSEjY4wbdQL9%2FnAtLnPhwhIr3oovwZmppX4KcLA1tSCGPptz9Id%2BJekG60Rl1VWN0mJ4a%2FONn2GDy%2BxCrPp1NSP4x%2Bb0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7abe1d18184b1c12-OSL
content-encoding: br
X-Firefox-Spdy: h2
sfile.mobi/includes/analytics.js
104.26.4.191200 OK 0 B URL HTTP/2 sfile.mobi/includes/analytics.js
IP 104.26.4.191:0
GET /includes/analytics.js HTTP/1.1
Host: sfile.mobi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sfile.mobi/bqgdEUXpRu7
Cookie: PHPSESSID=bqtm6opokaltkrcecnh4rn91l3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 22 Mar 2023 11:32:22 GMT
content-type: application/javascript; charset=utf-8
cache-control: max-age=604800
cf-bgj: minify
cf-polished: origSize=50234
etag: W/"c43a-5f6dfff162daa-gzip"
expires: Wed, 22 Mar 2023 16:38:16 GMT
last-modified: Tue, 14 Mar 2023 18:00:01 GMT
vary: Accept-Encoding,User-Agent
x-frame-options: DENY
cf-cache-status: HIT
age: 586446
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sDsgJKwUfcZ22wney2bXL8dHODoq62w3i8P8hy9EQMadSu1TB2PpuDQNpV3kjbQsF9JUEaweEcSUF3kp6dqNS8yAW20bpHN7gjoFQOemY8RbzJTbY5Y8znqFCSo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7abe1d1868ea1c12-OSL
content-encoding: br
X-Firefox-Spdy: h2
ads.eu.criteo.com/delivery/r/afr.php?z=ZBrnRwABrqwKwlKFAAfVub0tmS6M_MaaR4TleA&u=%7Ce6iyrLb%2FZB4vviTNZbbIKzE3p4x713o4wW9FqpxGDOo%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyMCnTpn87UHNsuno7AgpGzm4RCiJiIGT5xwGwpq72AA93wQ_PILKRetWvU_TT3Bw4Wp9nLWeCMRTn5h4C1XZlHy0oUFd75-G400M8qdzJbAhfjbmIDvxZRs22JPFlQPF8x_8dpSBgQZQ8LU_Q9I91pfM85fTlKj33UXVBp-N_76grLx4Px6S96s88n49X7yjo8e63ZficzU5aQFrKQWMUqxrYMzfP0JRIxOsPxTjGfkQERL3IOI5aog89CWbUCOKcqH-GEduu0-ba6OIKjLIszQ3sU6qPxWfk6sG3WBJM3HGKx2AA5IijBekvKw5ovXnmLq0dVrZASjdssJbWeghAEMU1IZM3UAegueKlrHlBCynGdHWiBip-oE6jMV2NdkMF1CP2WCqOFJUeQEEcloJYG8GJcZpxtW3xNZfNdow8uZ21_D6wPMLHyijhBdEYLJn8gVrsHEm1nJDDhum7LEhzo12XQ7f2BC2qxlRb0KSIMhomAObIgjkODDtc_sB0apUy5u9TTjR8IZItBQ7UuQq0gEmd5QEqZdiDIkfKn9rM5a2xa4JzIqmJM8yk9H6TWj5FQ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC64AnR-caZKzdBoWliQa5q5-QDcme0rFchf6X93DAjbcBEAEgAGDDhICAmBiCARdjYS1wdWItODYyNDUxNjcwNDkxODA4NsgBCakCBDZNAzURsj6oAwGqBLABT9D5mn5d9it9yyGbJFokajgMbTX1BruKFY_ty6-XP2ORi5pVPevA_304Lnsje1ZGfgPltcF6K3lWuWWHYFky2g8F73tKcI9gkF1_nYKNVhi85AgLTmJA6jQcvOkfPWONXX3G5sozpzLYa4wsA3p87th6eE6MO2MocWoUN0-5h-NMEyZeIHlE25LllgKM_JhE-H-naCz6kDiBc5eimrr20OT_JHYja7FOn9nAyfg2XCeABv7X27HM1djD2wGgBiGoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3LKe776riRNceKuMHUFutH4h446Q%26client%3Dca-pub-8624516704918086%26adurl%3D
178.250.0.138200 OK 0 B URL HTTP/2 ads.eu.criteo.com/delivery/r/afr.php?z=ZBrnRwABrqwKwlKFAAfVub0tmS6M_MaaR4TleA&u=%7Ce6iyrLb%2FZB4vviTNZbbIKzE3p4x713o4wW9FqpxGDOo%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyMCnTpn87UHNsuno7AgpGzm4RCiJiIGT5xwGwpq72AA93wQ_PILKRetWvU_TT3Bw4Wp9nLWeCMRTn5h4C1XZlHy0oUFd75-G400M8qdzJbAhfjbmIDvxZRs22JPFlQPF8x_8dpSBgQZQ8LU_Q9I91pfM85fTlKj33UXVBp-N_76grLx4Px6S96s88n49X7yjo8e63ZficzU5aQFrKQWMUqxrYMzfP0JRIxOsPxTjGfkQERL3IOI5aog89CWbUCOKcqH-GEduu0-ba6OIKjLIszQ3sU6qPxWfk6sG3WBJM3HGKx2AA5IijBekvKw5ovXnmLq0dVrZASjdssJbWeghAEMU1IZM3UAegueKlrHlBCynGdHWiBip-oE6jMV2NdkMF1CP2WCqOFJUeQEEcloJYG8GJcZpxtW3xNZfNdow8uZ21_D6wPMLHyijhBdEYLJn8gVrsHEm1nJDDhum7LEhzo12XQ7f2BC2qxlRb0KSIMhomAObIgjkODDtc_sB0apUy5u9TTjR8IZItBQ7UuQq0gEmd5QEqZdiDIkfKn9rM5a2xa4JzIqmJM8yk9H6TWj5FQ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC64AnR-caZKzdBoWliQa5q5-QDcme0rFchf6X93DAjbcBEAEgAGDDhICAmBiCARdjYS1wdWItODYyNDUxNjcwNDkxODA4NsgBCakCBDZNAzURsj6oAwGqBLABT9D5mn5d9it9yyGbJFokajgMbTX1BruKFY_ty6-XP2ORi5pVPevA_304Lnsje1ZGfgPltcF6K3lWuWWHYFky2g8F73tKcI9gkF1_nYKNVhi85AgLTmJA6jQcvOkfPWONXX3G5sozpzLYa4wsA3p87th6eE6MO2MocWoUN0-5h-NMEyZeIHlE25LllgKM_JhE-H-naCz6kDiBc5eimrr20OT_JHYja7FOn9nAyfg2XCeABv7X27HM1djD2wGgBiGoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3LKe776riRNceKuMHUFutH4h446Q%26client%3Dca-pub-8624516704918086%26adurl%3D
IP 178.250.0.138:0
GET /delivery/r/afr.php?z=ZBrnRwABrqwKwlKFAAfVub0tmS6M_MaaR4TleA&u=%7Ce6iyrLb%2FZB4vviTNZbbIKzE3p4x713o4wW9FqpxGDOo%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyMCnTpn87UHNsuno7AgpGzm4RCiJiIGT5xwGwpq72AA93wQ_PILKRetWvU_TT3Bw4Wp9nLWeCMRTn5h4C1XZlHy0oUFd75-G400M8qdzJbAhfjbmIDvxZRs22JPFlQPF8x_8dpSBgQZQ8LU_Q9I91pfM85fTlKj33UXVBp-N_76grLx4Px6S96s88n49X7yjo8e63ZficzU5aQFrKQWMUqxrYMzfP0JRIxOsPxTjGfkQERL3IOI5aog89CWbUCOKcqH-GEduu0-ba6OIKjLIszQ3sU6qPxWfk6sG3WBJM3HGKx2AA5IijBekvKw5ovXnmLq0dVrZASjdssJbWeghAEMU1IZM3UAegueKlrHlBCynGdHWiBip-oE6jMV2NdkMF1CP2WCqOFJUeQEEcloJYG8GJcZpxtW3xNZfNdow8uZ21_D6wPMLHyijhBdEYLJn8gVrsHEm1nJDDhum7LEhzo12XQ7f2BC2qxlRb0KSIMhomAObIgjkODDtc_sB0apUy5u9TTjR8IZItBQ7UuQq0gEmd5QEqZdiDIkfKn9rM5a2xa4JzIqmJM8yk9H6TWj5FQ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC64AnR-caZKzdBoWliQa5q5-QDcme0rFchf6X93DAjbcBEAEgAGDDhICAmBiCARdjYS1wdWItODYyNDUxNjcwNDkxODA4NsgBCakCBDZNAzURsj6oAwGqBLABT9D5mn5d9it9yyGbJFokajgMbTX1BruKFY_ty6-XP2ORi5pVPevA_304Lnsje1ZGfgPltcF6K3lWuWWHYFky2g8F73tKcI9gkF1_nYKNVhi85AgLTmJA6jQcvOkfPWONXX3G5sozpzLYa4wsA3p87th6eE6MO2MocWoUN0-5h-NMEyZeIHlE25LllgKM_JhE-H-naCz6kDiBc5eimrr20OT_JHYja7FOn9nAyfg2XCeABv7X27HM1djD2wGgBiGoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3LKe776riRNceKuMHUFutH4h446Q%26client%3Dca-pub-8624516704918086%26adurl%3D HTTP/1.1
Host: ads.eu.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 22 Mar 2023 11:32:22 GMT
content-type: text/html
server: Kestrel
cache-control: private, max-age=0, no-cache
pragma: no-cache
expires: Mon, 26 Jul 1997 05:00:00 GMT
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cross-origin-resource-policy: cross-origin
p3p: CP='CUR ADM OUR NOR STA NID'
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=OCe7mP66QQgE_wbkCz9LNQ08pfMMckYnFqKn8Rsx6shuvCbg_U3Er-LqFlpR2xC5zB-WN_eGtRh3jDCw0n9YQEA0npJAMJYWZ0b6SfiEHwd7V2BpNqaredYuvubxmjIfasO4vupZLJdWuaZTJkZqIMKXARZt_k-rbPArV7NMz2nkNOA7fS7ivie8wPW7TqcCuZ66-eydIQKpJ6b0dSUN3DSOP6DktqsK-gXfUwPB9qmQuydE5sRA1exitYSPZgaK7PfDSg"}], "max_age": 86400}
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
server-processing-duration-in-ticks: 129981547
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2