r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash cfec3d7283a9b66d2be426ce54d210f3
808c1feb1ba918951d1928c1f6bfc0c253262774
1bad6c06aa3e88dcbc125fc98a6cb753eb2b18d2c8dd61da21d12209aeeda3f9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1BAD6C06AA3E88DCBC125FC98A6CB753EB2B18D2C8DD61DA21D12209AEEDA3F9"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16042
Expires: Sun, 04 Dec 2022 14:54:50 GMT
Date: Sun, 04 Dec 2022 10:27:28 GMT
Connection: keep-alive
ocsp.digicert.com/
200 OK 471 B IP
Hash 67e9370f1bf3e4946a01f346eeae8966
aaab391d1134302d718de7a0d5edbedf884633e6
27a8654fb14db88d4b2bb3b45c1b197fc498cd94143d4a68687742fa48a41358
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4515
Cache-Control: max-age=91139
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 10:27:28 GMT
Etag: "638b2570-1d7"
Expires: Mon, 05 Dec 2022 11:46:27 GMT
Last-Modified: Sat, 03 Dec 2022 10:31:12 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 04 Dec 2022 10:20:05 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 444
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 1ea206ac3c440825741687351f8c6e4e
2f38dafd8c43dcce2411a0590bc5c02cd6286735
7d7232c8c91bcd18161ba2c9d23e3bff159604e058bd5b3fc1c7fcbcd03a7ee3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D7232C8C91BCD18161BA2C9D23E3BFF159604E058BD5B3FC1C7FCBCD03A7EE3"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8462
Expires: Sun, 04 Dec 2022 12:48:31 GMT
Date: Sun, 04 Dec 2022 10:27:29 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 1e4L7YqqH46WU/iOXTga9kDqYFbOnWcAPY4/qNQ2eThLdI4x2CCa7WsquyZze9CJ02Xc95eJKbU=
x-amz-request-id: 65MAV623VYWBGGPG
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 04 Dec 2022 09:47:30 GMT
age: 2399
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 10:27:29 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, ETag, Alert, Expires, Cache-Control, Backoff, Content-Length, Content-Type, Pragma, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 04 Dec 2022 10:08:58 GMT
cache-control: public,max-age=3600
age: 1111
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash a151c326c67e1abb747847c1427db76f
80885d30ef8ba867bf33c40b861976958a27493a
de2b573ee1c8af980e593352e0c331b2595f62bd4499300ace30821d20814760
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4517
Cache-Control: max-age=86079
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 10:27:29 GMT
Etag: "638b11ab-1d7"
Expires: Mon, 05 Dec 2022 10:22:08 GMT
Last-Modified: Sat, 03 Dec 2022 09:06:51 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: ZsV2i6uv00aHZJuz5V3Omw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: FCHq8i8P9hTHrR1OUda11fOLoDM=
4.us.silverwinds.xyz/feed/?link=true&tid=4&subid=4.us.android.webview-android&ref=pdxx-7fmavzpxk2xlm-4-2.lowsea.fun&s1=638c76048431de4e61416d43
301 Moved Permanently 0 B URL HTTP/1.1 4.us.silverwinds.xyz/feed/?link=true&tid=4&subid=4.us.android.webview-android&ref=pdxx-7fmavzpxk2xlm-4-2.lowsea.fun&s1=638c76048431de4e61416d43
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /feed/?link=true&tid=4&subid=4.us.android.webview-android&ref=pdxx-7fmavzpxk2xlm-4-2.lowsea.fun&s1=638c76048431de4e61416d43 HTTP/1.1
Host: 4.us.silverwinds.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Cache-Control: no-cache
Location: https://redir.tealwinds.xyz/click/invalid/?tid=4&subid=4.us.android.webview-android
Date: Sun, 04 Dec 2022 10:27:30 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Transfer-Encoding: chunked
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 9d40f28787eeff8816f7e47c24c14698
eb9ba37aeafc89f15845170eca39efbdcf4ea2ad
901e8defd588bc978f1a615b0b6409f13845c1c865b96d95b4781f4573010fdc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "901E8DEFD588BC978F1A615B0B6409F13845C1C865B96D95B4781F4573010FDC"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17226
Expires: Sun, 04 Dec 2022 15:14:36 GMT
Date: Sun, 04 Dec 2022 10:27:30 GMT
Connection: keep-alive
redir.tealwinds.xyz/click/invalid/?tid=4&subid=4.us.android.webview-android
302 Found 230 B URL HTTP/1.1 redir.tealwinds.xyz/click/invalid/?tid=4&subid=4.us.android.webview-android
IP
ASN #14061 DIGITALOCEAN-ASN
File type HTML document, ASCII text, with no line terminators
Hash bf1ea261d68c3cae104a4434b2ed8723
5c2720cc951f801f2f7091867636e73490adcc78
67be18803779206c2595f60be36782945e42e8ba6ce70f8595a405c6861670d0
GET /click/invalid/?tid=4&subid=4.us.android.webview-android HTTP/1.1
Host: redir.tealwinds.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 302 Found
X-Powered-By: Express
Surrogate-Control: no-store
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate
Pragma: no-cache
Expires: 0
Location: https://leche.labtrffc.com/p.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240?s=nxs_4
Vary: Accept
Content-Type: text/html; charset=utf-8
Content-Length: 230
Date: Sun, 04 Dec 2022 10:27:30 GMT
Connection: keep-alive
Keep-Alive: timeout=5
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 1c6fc30dd55f14f108e4d035b0ccafb4
fff2b9e01e0fe7e7ee2dbca6a01f991ade6eaa64
9abea2f87c7c60501e4e373a971923b2e28e9ce2a4e7e514a2a7f4df7f836732
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9ABEA2F87C7C60501E4E373A971923B2E28E9CE2A4E7E514A2A7F4DF7F836732"
Last-Modified: Fri, 02 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16474
Expires: Sun, 04 Dec 2022 15:02:04 GMT
Date: Sun, 04 Dec 2022 10:27:30 GMT
Connection: keep-alive
leche.labtrffc.com/p.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240?s=nxs_4
302 Found 0 B URL HTTP/1.1 leche.labtrffc.com/p.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240?s=nxs_4
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /p.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240?s=nxs_4 HTTP/1.1
Host: leche.labtrffc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 302 Found
Server: nginx
Date: Sun, 04 Dec 2022 10:27:30 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Round:
Raund:
Location: https://pdxx-7fmavzpxk2xlm-4-2.lowsea.fun/emw/v1/dt?sid=888b&k=bfb&url=&xrw=&lid=638c7612296f7c2bb542e803&fid=888fb
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash da372d033a6555a5243eb50b178b009b
6d31d18148769488ec0042f3d1bba4f5cc8849c9
fa88e5c74267aa20aadbfef4fd0c6e3368ee13c1b6f52dc9dafaa31800b70aac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FA88E5C74267AA20AADBFEF4FD0C6E3368EE13C1B6F52DC9DAFAA31800B70AAC"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2068
Expires: Sun, 04 Dec 2022 11:01:59 GMT
Date: Sun, 04 Dec 2022 10:27:31 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2327
Expires: Sun, 04 Dec 2022 11:06:18 GMT
Date: Sun, 04 Dec 2022 10:27:31 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2327
Expires: Sun, 04 Dec 2022 11:06:18 GMT
Date: Sun, 04 Dec 2022 10:27:31 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2327
Expires: Sun, 04 Dec 2022 11:06:18 GMT
Date: Sun, 04 Dec 2022 10:27:31 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2327
Expires: Sun, 04 Dec 2022 11:06:18 GMT
Date: Sun, 04 Dec 2022 10:27:31 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2327
Expires: Sun, 04 Dec 2022 11:06:18 GMT
Date: Sun, 04 Dec 2022 10:27:31 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F61cc2744-b517-4404-bfa2-25fadadfa3f3.jpeg
200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F61cc2744-b517-4404-bfa2-25fadadfa3f3.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2636f91bb8fa4d9bb7bef114c248a9ae
8637105f41058bc0d2b259d462b560881928adb6
3d93fd8fcf1af31d00ccbd453142dbea5f2b91d7f58373095943ed40a31ed1f7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F61cc2744-b517-4404-bfa2-25fadadfa3f3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10431
x-amzn-requestid: f79ab5e7-8c1b-4827-a531-aaa19c1d80aa
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clsCGEwxIAMF34g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc073-6358d2950955884c470c0a89;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:35 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: PQ7xh995cd1UVi3z42EVZGjQjHLLvtAP5BBC-xLEEGr4mEiXS6fC-w==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:47:06 GMT
age: 45625
etag: "8637105f41058bc0d2b259d462b560881928adb6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae18d1b5-3b75-4897-bd1b-03651e437c2e.jpeg
200 OK 4.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae18d1b5-3b75-4897-bd1b-03651e437c2e.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c01fe1cccdb3b672bbade6d98217ffe9
a9a529dc9894827f6243a1bf57f81caa4fe88fc2
c43da6212c79a08e22e78e04e99e8f5422e64b4b0a87f30b7907f1b4bc675c71
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae18d1b5-3b75-4897-bd1b-03651e437c2e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4666
x-amzn-requestid: 850d341f-5ccb-453c-8adf-a8194f8fbdad
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clr_-GiboAMFwww=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc066-766293f2526e637235067aca;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:22 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: z5uqgjB-Bsl0U55a8aFi37cpJ65Vnbjm6bJ2GnMpaO7RXsMZsOCbPQ==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:44:01 GMT
age: 45810
etag: "a9a529dc9894827f6243a1bf57f81caa4fe88fc2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbe8e3477-9245-4318-82d9-b30607246872.jpeg
200 OK 6.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbe8e3477-9245-4318-82d9-b30607246872.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 89e5fc40e9e626a035abde2964ba0959
e800712e4f8d9589670d8ee3a744ac0aedf7b6e3
64a41309871b71682370e2b2f3735ac70039802fff4e1e46013f5aa1f15b4084
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbe8e3477-9245-4318-82d9-b30607246872.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6901
x-amzn-requestid: 5dd4545b-c48a-4fa2-8aa5-c7d0a5efeafe
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clsByFqCoAMF4CA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc071-6b96e54876cde366748564d6;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:33 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Yy5pEWjBXne3kPQxZCLQdqdamtqa4udO00I6ro3bMUDTybHTZY_DgA==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:53:43 GMT
age: 45228
etag: "e800712e4f8d9589670d8ee3a744ac0aedf7b6e3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df54ea7-8915-4ac7-af2b-6a71ce14dbf4.webp
200 OK 5.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df54ea7-8915-4ac7-af2b-6a71ce14dbf4.webp
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 43309032a892c486f9985ef520df696e
36f4682ca6a33ff80ee02129c77e6f27e996ede0
24225ff504f30405d9ec3feb2555c738fcca0d6b265f285aa9c73a64c78a496e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df54ea7-8915-4ac7-af2b-6a71ce14dbf4.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5681
x-amzn-requestid: 8f0d66b8-d532-48d9-9a29-74540cd6ab3a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cltXnEotIAMFqkA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc296-27349a376ff819ab63b04a81;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:41:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Uz-wJTZjej3sjP-O68BQ4hB_kkAecG0o7GkeZUan90ZgV87g0Cg_ZA==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 3cd7af07832481c336aa1c93c9b4a6fe.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:52:38 GMT
age: 45293
etag: "36f4682ca6a33ff80ee02129c77e6f27e996ede0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d571e0e-b14e-436b-8156-2e49aad75d4f.png
200 OK 16 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d571e0e-b14e-436b-8156-2e49aad75d4f.png
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 14dcca2a9c4792d835ee709bcd947402
1d702df3a64258628f4124eafd580695f2d350af
da01dcd8fef7c50bdb6f7a8a6a4955694092f479df3dba72f7fa69d7280d07b2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d571e0e-b14e-436b-8156-2e49aad75d4f.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 16143
x-amzn-requestid: dc86fad4-4e53-42c9-9b0a-5e4d2cfcd087
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cdGyLGqmoAMFnaA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638851a7-0ea324b31e8c6578098b8ab9;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 07:03:03 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: kRs3oBWnSs5asyPdvz6kkooy7pqm2Yr8R_2x8EXCVn3dBz_aEJurRQ==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 07:26:41 GMT
age: 10850
etag: "1d702df3a64258628f4124eafd580695f2d350af"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F19c9bb39-be15-49f9-aad9-2cc511601111.jpeg
200 OK 9.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F19c9bb39-be15-49f9-aad9-2cc511601111.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a6e7b32ac999cf3c899a234c621fa91a
fc5d4f3163ebb9faf85968cbb1d194e8e68418be
f12db3aed126006fee00649aba0b3eaae900de200b85b9523866a90b5494f18e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F19c9bb39-be15-49f9-aad9-2cc511601111.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8989
x-amzn-requestid: abce0b01-f70c-42ad-b242-5a24735fe4c2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cltl4Gk2oAMFSWQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc2f2-1cccffff5199dffe70264a95;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:43:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: PFl7VUrzRkMFNnTiIw_cbGCyrEFn43eUSlZfT0nUhUmjjyXT7JfjMA==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:50:01 GMT
age: 45450
etag: "fc5d4f3163ebb9faf85968cbb1d194e8e68418be"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
pdxx-7fmavzpxk2xlm-4-2.lowsea.fun/emw/v1/dt?sid=888b&k=bfb&url=&xrw=&lid=638c7612296f7c2bb542e803&fid=888fb
307 Temporary Redirect 164 B URL HTTP/2 pdxx-7fmavzpxk2xlm-4-2.lowsea.fun/emw/v1/dt?sid=888b&k=bfb&url=&xrw=&lid=638c7612296f7c2bb542e803&fid=888fb
IP
ASN #213230 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 813f9846b49c0ada805648edf1b2fdbd
caa24890460f73e6a72bb49426351e67e83b053d
8f03491247cbfa8a2e60e0f7ec62d63b5070659f60383a1c81abeb2b20221be3
GET /emw/v1/dt?sid=888b&k=bfb&url=&xrw=&lid=638c7612296f7c2bb542e803&fid=888fb HTTP/1.1
Host: pdxx-7fmavzpxk2xlm-4-2.lowsea.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 307 Temporary Redirect
date: Sun, 04 Dec 2022 10:27:31 GMT
content-type: text/html
content-length: 164
location: https://ron.trffclb.com/a.php?p=c:7omnig4vw718godha&d=6213b4b0ff85982fd6331e4b&s=888b
set-cookie: emwxcid_4_1=kXT32NNiMGF4vaNXC6GfQkgQBNWwdiyuQL0TcTafJCsq60lsik; expires=Mon, Dec 04 2023 10:27:31 GMT; Max-Age=31536000; path=/; domain=lowsea.fun; SameSite=Lax
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 1c6fc30dd55f14f108e4d035b0ccafb4
fff2b9e01e0fe7e7ee2dbca6a01f991ade6eaa64
9abea2f87c7c60501e4e373a971923b2e28e9ce2a4e7e514a2a7f4df7f836732
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9ABEA2F87C7C60501E4E373A971923B2E28E9CE2A4E7E514A2A7F4DF7F836732"
Last-Modified: Fri, 02 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16473
Expires: Sun, 04 Dec 2022 15:02:04 GMT
Date: Sun, 04 Dec 2022 10:27:31 GMT
Connection: keep-alive
ron.trffclb.com/a.php?p=c:7omnig4vw718godha&d=6213b4b0ff85982fd6331e4b&s=888b
200 OK 158 B URL HTTP/1.1 ron.trffclb.com/a.php?p=c:7omnig4vw718godha&d=6213b4b0ff85982fd6331e4b&s=888b
IP
File type HTML document text\012- HTML document, ASCII text, with no line terminators
Hash c87457594ef907d482eb114aaab14561
a528b0dfb11add9a369a0ad1f1dd462ea345f86e
83c06d15d0da3d5a81c885e5c71ba39c406d464738a421bb732a69f1c7dabf72
Analyzer Verdict Alert quad9 Sinkholed
GET /a.php?p=c:7omnig4vw718godha&d=6213b4b0ff85982fd6331e4b&s=888b HTTP/1.1
Host: ron.trffclb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 10:27:31 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Round: 11hx4alk7e
Raund: 1zd
Content-Encoding: gzip
samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int_888b
200 OK 494 B URL HTTP/1.1 samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int_888b
IP
File type HTML document text\012- HTML document, ASCII text, with very long lines (541)
Hash ddcd1c0555ffc7a9a956a9b92d2ba892
b80262fb4c813aea5661fa8aee0fe02cf60fa0f0
000551961e61a86c5e82322ee7863095c9ade632f96288463ab3cab23b5712fe
Analyzer Verdict Alert quad9 Sinkholed
GET /l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int_888b HTTP/1.1
Host: samba.trffclb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 10:27:31 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: bt-603611c5b7eaf46891533240=638c761342621f5648330da7; expires=Wed, 07-Dec-2022 10:27:31 GMT; Max-Age=259200; path=/; domain=samba.trffclb.com; HttpOnly
Content-Encoding: gzip
samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int_888b&bv=1
302 Found 0 B URL HTTP/1.1 samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int_888b&bv=1
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int_888b&bv=1 HTTP/1.1
Host: samba.trffclb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int_888b
Cookie: bt-603611c5b7eaf46891533240=638c761342621f5648330da7
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Found
Server: nginx
Date: Sun, 04 Dec 2022 10:27:31 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Set-Cookie: bt-603611c5b7eaf46891533240=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=samba.trffclb.com; HttpOnly
Round: 119cdtswvl
Raund: 2si
Location: https://popcash.net/world/go/134600/317194
ocsp.digicert.com/
200 OK 279 B IP
Hash 4c117f290bb481e51ef6abbe97d090f0
bd6becedb9ac3e8701b33df0b44659811576d9ac
7318cd7480b3d1f248b125d4019f20d3883fd592743bcf768419e0938320c115
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3620
Cache-Control: max-age=149255
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 10:27:31 GMT
Etag: "638c0bf6-117"
Expires: Tue, 06 Dec 2022 03:55:06 GMT
Last-Modified: Sun, 04 Dec 2022 02:54:46 GMT
Server: ECS (amb/6B90)
X-Cache: HIT
Content-Length: 279
samba.trffclb.com/favicon.ico
200 OK 20 B URL HTTP/1.1 samba.trffclb.com/favicon.ico
IP
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: samba.trffclb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int_888b
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 10:27:31 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
popcash.net/world/go/134600/317194
301 Moved Permanently 162 B URL HTTP/2 popcash.net/world/go/134600/317194
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /world/go/134600/317194 HTTP/1.1
Host: popcash.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://samba.trffclb.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Sun, 04 Dec 2022 10:27:32 GMT
content-type: text/html
content-length: 162
location: http://ps.popcash.net/go/134600/317194
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xKE3PBQX36XP%2BrJOW2Afq65%2BiJcA6%2Fj91wfItdQKFUeKp9dT2oAvrUubbemsCGGU%2BEQ0vDkfeszps9lpj5JiJ9PxMCJz%2FXMBUPinCnOY1XoK01uqr0ZeEIPaBgP9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7743d99c5815fac0-OSL
X-Firefox-Spdy: h2
ps.popcash.net/go/134600/317194
200 OK 272 B URL HTTP/1.1 ps.popcash.net/go/134600/317194
IP
File type HTML document, ASCII text
Hash 7db0c887d6db577abfcb1cd6f66ef6bb
5d0edd583bb6b8232a000b5b2123900362ff4912
03981428b562c40b2bb25d5243056675aec606d3b5b3a9abf306fbd7098a5e66
Analyzer Verdict Alert fortinet Malware
GET /go/134600/317194 HTTP/1.1
Host: ps.popcash.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Encoding: gzip
Content-Type: text/html
Date: Sun, 04 Dec 2022 10:27:32 GMT
Server: nginx
Vary: Accept-Encoding
Content-Length: 272
Connection: keep-alive
ps.popcash.net/ad/ad?p=134600&w=317194&t=23523ce563a5b94f&r=&vw=1280&vh=0
303 See Other 0 B URL HTTP/1.1 ps.popcash.net/ad/ad?p=134600&w=317194&t=23523ce563a5b94f&r=&vw=1280&vh=0
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ad/ad?p=134600&w=317194&t=23523ce563a5b94f&r=&vw=1280&vh=0 HTTP/1.1
Host: ps.popcash.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ps.popcash.net/go/134600/317194
Upgrade-Insecure-Requests: 1
HTTP/1.1 303 See Other
Date: Sun, 04 Dec 2022 10:27:32 GMT
Location: http://dipaka-ead.com/zcvisitor/4345c5e0-73be-11ed-b3c5-1225d7af0e1b/7fcf9220-c93c-11e7-9820-0e06c6fba698?campaignid=7d7c3280-6dab-11ed-9d23-12beee04f19b#pc151445
Server: nginx
Content-Length: 0
Connection: keep-alive
dipaka-ead.com/zcvisitor/4345c5e0-73be-11ed-b3c5-1225d7af0e1b/7fcf9220-c93c-11e7-9820-0e06c6fba698?campaignid=7d7c3280-6dab-11ed-9d23-12beee04f19b
302 0 B URL HTTP/1.1 dipaka-ead.com/zcvisitor/4345c5e0-73be-11ed-b3c5-1225d7af0e1b/7fcf9220-c93c-11e7-9820-0e06c6fba698?campaignid=7d7c3280-6dab-11ed-9d23-12beee04f19b
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /zcvisitor/4345c5e0-73be-11ed-b3c5-1225d7af0e1b/7fcf9220-c93c-11e7-9820-0e06c6fba698?campaignid=7d7c3280-6dab-11ed-9d23-12beee04f19b HTTP/1.1
Host: dipaka-ead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ps.popcash.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302
Date: Sun, 04 Dec 2022 10:27:33 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Location: https://bnr.thedataclicks.com/get/Y2x1uwhzCQUWsRki19S5Fpdr?target=whiskey-ria-ss9gkru3z&source=vitellary-lion&keyword=mainstream&match=&zid=zr4345c5e073be11edb3c51225d7af0e1be5c1b0c0589b44a79ce61c8dec98b962069466a8efdae54054&trafficType=POPUP&visitorType=NON-ADULT&campaignId=1998166&longCampaignId=7d7c3280-6dab-11ed-9d23-12beee04f19b&campaignName=NEW+-+ZP5+-+NO&cost=0.000160
Server: aVaGlhqH
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash 200d28e6a9655889b1a39b013f132941
7af8e008ea286c5b63d04bab1ef64dbaa5aabb8e
4fdf8ab38984ca3d620431117540c61f76539f3f6cd09330acfd14aa595bab5d
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=159820
Date: Sun, 04 Dec 2022 10:27:33 GMT
Etag: "638c3d1e-1d7"
Expires: Tue, 06 Dec 2022 06:51:13 GMT
Last-Modified: Sun, 04 Dec 2022 06:24:30 GMT
Server: ECS (dcb/7F5D)
X-Cache: Miss from cloudfront
Via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 0PL4otQlDcK3YPuDbOGkvh_wi_-9eVnD7d1EesNnm7K1eT5ORPntlQ==
Age: 1603
bnr.thedataclicks.com/get/Y2x1uwhzCQUWsRki19S5Fpdr?target=whiskey-ria-ss9gkru3z&source=vitellary-lion&keyword=mainstream&match=&zid=zr4345c5e073be11edb3c51225d7af0e1be5c1b0c0589b44a79ce61c8dec98b962069466a8efdae54054&trafficType=POPUP&visitorType=NON-ADULT&campaignId=1998166&longCampaignId=7d7c3280-6dab-11ed-9d23-12beee04f19b&campaignName=NEW+-+ZP5+-+NO&cost=0.000160
200 OK 1.6 kB URL HTTP/2 bnr.thedataclicks.com/get/Y2x1uwhzCQUWsRki19S5Fpdr?target=whiskey-ria-ss9gkru3z&source=vitellary-lion&keyword=mainstream&match=&zid=zr4345c5e073be11edb3c51225d7af0e1be5c1b0c0589b44a79ce61c8dec98b962069466a8efdae54054&trafficType=POPUP&visitorType=NON-ADULT&campaignId=1998166&longCampaignId=7d7c3280-6dab-11ed-9d23-12beee04f19b&campaignName=NEW+-+ZP5+-+NO&cost=0.000160
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (793)
Hash a87e17976d9722587c2521c00a83436d
f7a5adab5e3481ccf431d03d228914e8fc94942b
255e6155a3b44726cb48118a4e3f1086c240f944bfe5154f02483ba4b0dacc4b
GET /get/Y2x1uwhzCQUWsRki19S5Fpdr?target=whiskey-ria-ss9gkru3z&source=vitellary-lion&keyword=mainstream&match=&zid=zr4345c5e073be11edb3c51225d7af0e1be5c1b0c0589b44a79ce61c8dec98b962069466a8efdae54054&trafficType=POPUP&visitorType=NON-ADULT&campaignId=1998166&longCampaignId=7d7c3280-6dab-11ed-9d23-12beee04f19b&campaignName=NEW+-+ZP5+-+NO&cost=0.000160 HTTP/1.1
Host: bnr.thedataclicks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ps.popcash.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: awselb/2.0
date: Sun, 04 Dec 2022 10:27:33 GMT
content-type: text/html
content-length: 1571
X-Firefox-Spdy: h2
d1aaucsx2ftut2.cloudfront.net/jcm-mm/dbf22d50eb3f9d835a7399371403565c.jpg
200 OK 184 kB URL HTTP/2 d1aaucsx2ftut2.cloudfront.net/jcm-mm/dbf22d50eb3f9d835a7399371403565c.jpg
IP
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 800x575, components 3\012- data
Size 184 kB (184529 bytes)
Hash ef60018c5db320c478ea0738b33966e5
9dd467554cf4b76fc7df3eaac3766d29bdb2b543
9789121067d1f5aa7eeb3267b926014932e6d089fa6053ff05289875f9b262e5
GET /jcm-mm/dbf22d50eb3f9d835a7399371403565c.jpg HTTP/1.1
Host: d1aaucsx2ftut2.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnr.thedataclicks.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 184529
last-modified: Wed, 15 Apr 2020 16:57:11 GMT
accept-ranges: bytes
server: AmazonS3
date: Sun, 04 Dec 2022 00:13:27 GMT
etag: "ef60018c5db320c478ea0738b33966e5"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a6d89f7e2d55548b941f1ff5d5b3c8d4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: x6Vg_2BTo4U5t1bc3sN4yW4f-411mwQWVh9gSWy6MK3Fr7pBpbVXgA==
age: 36847
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash 9d65732e17f0804e3b5931d47ffac9df
cf5f0701856fc925a86e4f1e1498c795c92142c3
f8f86a8031a14849bdf0afb637172225680ee45a91af830bc892e1ab7f993c62
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=94499
Date: Sun, 04 Dec 2022 10:27:34 GMT
Etag: "638b2ddf-1d7"
Expires: Mon, 05 Dec 2022 12:42:33 GMT
Last-Modified: Sat, 03 Dec 2022 11:07:11 GMT
Server: ECS (bsa/EB24)
X-Cache: Miss from cloudfront
Via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: lxy1TTkEoxvSF6mkDBVgm30F2gD_347OfEyNzaPjGgKAw8Grsqifjg==
Age: 5722
lnk.clickadsolutions.com/trk/Y2x1uwhzCQUWsRki19S5Fpdr?campaignId=1998166&campaignName=NEW+-+ZP5+-+NO&cost=0.000160&keyword=mainstream&longCampaignId=7d7c3280-6dab-11ed-9d23-12beee04f19b&match=&source=vitellary-lion&target=whiskey-ria-ss9gkru3z&trafficType=POPUP&visitorType=NON-ADULT&zid=zr4345c5e073be11edb3c51225d7af0e1be5c1b0c0589b44a79ce61c8dec98b962069466a8efdae54054&c2=true&vpw=1280&vph=1024
200 OK 9.2 kB URL HTTP/2 lnk.clickadsolutions.com/trk/Y2x1uwhzCQUWsRki19S5Fpdr?campaignId=1998166&campaignName=NEW+-+ZP5+-+NO&cost=0.000160&keyword=mainstream&longCampaignId=7d7c3280-6dab-11ed-9d23-12beee04f19b&match=&source=vitellary-lion&target=whiskey-ria-ss9gkru3z&trafficType=POPUP&visitorType=NON-ADULT&zid=zr4345c5e073be11edb3c51225d7af0e1be5c1b0c0589b44a79ce61c8dec98b962069466a8efdae54054&c2=true&vpw=1280&vph=1024
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (890)
Hash 2a5f8bf2cc536e7a95d08b1a41ffcff8
6207e1eb74b3fbddda661c7a71fd2c4fa1214d29
2d9269624cb99fc3a98c725eec91712ae5cd68c41feac719998fd21fea10c4c9
GET /trk/Y2x1uwhzCQUWsRki19S5Fpdr?campaignId=1998166&campaignName=NEW+-+ZP5+-+NO&cost=0.000160&keyword=mainstream&longCampaignId=7d7c3280-6dab-11ed-9d23-12beee04f19b&match=&source=vitellary-lion&target=whiskey-ria-ss9gkru3z&trafficType=POPUP&visitorType=NON-ADULT&zid=zr4345c5e073be11edb3c51225d7af0e1be5c1b0c0589b44a79ce61c8dec98b962069466a8efdae54054&c2=true&vpw=1280&vph=1024 HTTP/1.1
Host: lnk.clickadsolutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnr.thedataclicks.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 10:27:34 GMT
content-type: text/html;charset=UTF-8
set-cookie: v=t; Path=/; Domain=lnk.clickadsolutions.com; Max-Age=31536000; Expires=Mon, 04 Dec 2023 10:27:34 GMT; Secure; SameSite=None
cas=3451:1798:1798:1; Path=/; Domain=lnk.clickadsolutions.com; Max-Age=31536000; Expires=Mon, 04 Dec 2023 10:27:34 GMT; Secure; SameSite=None
rls=265182:1798:1798:1; Path=/; Domain=lnk.clickadsolutions.com; Max-Age=31536000; Expires=Mon, 04 Dec 2023 10:27:34 GMT; Secure; SameSite=None
com=9312:166:NO:1798:1798:1; Path=/; Domain=lnk.clickadsolutions.com; Max-Age=31536000; Expires=Mon, 04 Dec 2023 10:27:34 GMT; Secure; SameSite=None
content-language: en-US
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 3c4319f54a5675ee9acda96c58f97ac6
210ea86db1836d430b321d59b4bd1b016c914f22
cb20ad3ec895ed3a2ae9b1a90dda6b7cc174d8851f3a15ba054a435746cbdc65
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 10:27:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
lnk.clickadsolutions.com/?bt=srw.bannerwidget.tech&ref=&friend=&u=as.ad4m.at%252Fad%252Ftur%253Fa%253D916%2526c%253Dhttps%25253A%25252F%25252Fcountryinns.com%2526b%253D638c7616b1f3ab3faf565c62265182&log=false&type=ROTATOR_LINK&linkId=265182&clickId=638c7616b1f3ab3faf565c62&br=false
200 OK 1.6 kB URL HTTP/2 lnk.clickadsolutions.com/?bt=srw.bannerwidget.tech&ref=&friend=&u=as.ad4m.at%252Fad%252Ftur%253Fa%253D916%2526c%253Dhttps%25253A%25252F%25252Fcountryinns.com%2526b%253D638c7616b1f3ab3faf565c62265182&log=false&type=ROTATOR_LINK&linkId=265182&clickId=638c7616b1f3ab3faf565c62&br=false
IP
Hash 2cc931a083da0304b6f838d6ad5d7709
dbf21e38ade10a201cda6f21fb15b84f766c799f
304cbd76474ecb3dd21cc166193649efa7a1183f1551056d04f38d55de05bb8e
GET /?bt=srw.bannerwidget.tech&ref=&friend=&u=as.ad4m.at%252Fad%252Ftur%253Fa%253D916%2526c%253Dhttps%25253A%25252F%25252Fcountryinns.com%2526b%253D638c7616b1f3ab3faf565c62265182&log=false&type=ROTATOR_LINK&linkId=265182&clickId=638c7616b1f3ab3faf565c62&br=false HTTP/1.1
Host: lnk.clickadsolutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lnk.clickadsolutions.com/trk/Y2x1uwhzCQUWsRki19S5Fpdr?campaignId=1998166&campaignName=NEW+-+ZP5+-+NO&cost=0.000160&keyword=mainstream&longCampaignId=7d7c3280-6dab-11ed-9d23-12beee04f19b&match=&source=vitellary-lion&target=whiskey-ria-ss9gkru3z&trafficType=POPUP&visitorType=NON-ADULT&zid=zr4345c5e073be11edb3c51225d7af0e1be5c1b0c0589b44a79ce61c8dec98b962069466a8efdae54054&c2=true&vpw=1280&vph=1024
Cookie: v=t; cas=3451:1798:1798:1; rls=265182:1798:1798:1; com=9312:166:NO:1798:1798:1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 10:27:34 GMT
content-type: text/html;charset=UTF-8
content-language: en-US
X-Firefox-Spdy: h2
www.google-analytics.com/collect?v=1&tid=UA-142209760-1&t=pageview&ds=web&aip=1&cs=referral&cm=4242&cn=%28not+set%29&cc=%28not+set%29&dh=www.radissonhotels.com&dp=%2Fen-us%2F&dt=Radisson+Hotels+Official+Site+%7C+Book+Rooms+Worldwide&dr=&vp=1280x1024&sr=1280x1024&je=0&ul=en-US&cid=1153895863.1898525446
200 OK 35 B URL HTTP/2 www.google-analytics.com/collect?v=1&tid=UA-142209760-1&t=pageview&ds=web&aip=1&cs=referral&cm=4242&cn=%28not+set%29&cc=%28not+set%29&dh=www.radissonhotels.com&dp=%2Fen-us%2F&dt=Radisson+Hotels+Official+Site+%7C+Book+Rooms+Worldwide&dr=&vp=1280x1024&sr=1280x1024&je=0&ul=en-US&cid=1153895863.1898525446
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
GET /collect?v=1&tid=UA-142209760-1&t=pageview&ds=web&aip=1&cs=referral&cm=4242&cn=%28not+set%29&cc=%28not+set%29&dh=www.radissonhotels.com&dp=%2Fen-us%2F&dt=Radisson+Hotels+Official+Site+%7C+Book+Rooms+Worldwide&dr=&vp=1280x1024&sr=1280x1024&je=0&ul=en-US&cid=1153895863.1898525446 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lnk.clickadsolutions.com
Connection: keep-alive
Referer: https://lnk.clickadsolutions.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
pragma: no-cache
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 35
date: Sun, 04 Dec 2022 05:07:20 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
age: 19214
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google-analytics.com/collect?cs=Tredia&cc=265182&ck=42259&cm=Advanced+Store&cn=Radisson+Hotels&tid=UA-207042490-1&v=1&t=pageview&ds=web&aip=1&dh=www.radissonhotels.com&dp=%2Fen-us%2F&dt=Radisson+Hotels+Official+Site+%7C+Book+Rooms+Worldwide&dr=&vp=1280x1024&sr=1280x1024&je=0&ul=en-US&cid=1842288441.1738407723
200 OK 35 B URL HTTP/2 www.google-analytics.com/collect?cs=Tredia&cc=265182&ck=42259&cm=Advanced+Store&cn=Radisson+Hotels&tid=UA-207042490-1&v=1&t=pageview&ds=web&aip=1&dh=www.radissonhotels.com&dp=%2Fen-us%2F&dt=Radisson+Hotels+Official+Site+%7C+Book+Rooms+Worldwide&dr=&vp=1280x1024&sr=1280x1024&je=0&ul=en-US&cid=1842288441.1738407723
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
GET /collect?cs=Tredia&cc=265182&ck=42259&cm=Advanced+Store&cn=Radisson+Hotels&tid=UA-207042490-1&v=1&t=pageview&ds=web&aip=1&dh=www.radissonhotels.com&dp=%2Fen-us%2F&dt=Radisson+Hotels+Official+Site+%7C+Book+Rooms+Worldwide&dr=&vp=1280x1024&sr=1280x1024&je=0&ul=en-US&cid=1842288441.1738407723 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lnk.clickadsolutions.com
Connection: keep-alive
Referer: https://lnk.clickadsolutions.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
pragma: no-cache
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 35
date: Sun, 04 Dec 2022 05:07:20 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
age: 19214
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 3c4319f54a5675ee9acda96c58f97ac6
210ea86db1836d430b321d59b4bd1b016c914f22
cb20ad3ec895ed3a2ae9b1a90dda6b7cc174d8851f3a15ba054a435746cbdc65
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 10:27:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.r2m01.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.r2m01.amazontrust.com/
IP
Hash 8780cc3803302c23d2fe213eb2f96c43
41ee597905d9262739116aa3b1e777d7ee2acbe8
7f93a479e5fe05c3e62286410f9aa6ae4744fa78b5c93f2cd59c5377c5501898
POST / HTTP/1.1
Host: ocsp.r2m01.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=116080
Date: Sun, 04 Dec 2022 10:27:34 GMT
Etag: "638b9318-1d7"
Expires: Mon, 05 Dec 2022 18:42:14 GMT
Last-Modified: Sat, 03 Dec 2022 18:19:04 GMT
Server: ECS (nyb/1DCD)
X-Cache: Miss from cloudfront
Via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 8wbT_G4U7F3SZDBvwg29AYF8PiRB-yVh8S90qu9uVYsY4wK7pk2NqQ==
Age: 1390
ocsp.digicert.com/
200 OK 279 B IP
Hash 3fa51dff36f0b2b7d39c7713af5cb03f
ad0123908ac3a508e5c5f30da4a6a9bc5c3a9a33
20ba3184e8140a17dbb61167dfc907cc2618bc5446dad3e9ff51435f4e582189
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5998
Cache-Control: max-age=141193
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 10:27:34 GMT
Etag: "638be331-117"
Expires: Tue, 06 Dec 2022 01:40:47 GMT
Last-Modified: Sun, 04 Dec 2022 00:00:49 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
200 OK 279 B IP
Hash 3fa51dff36f0b2b7d39c7713af5cb03f
ad0123908ac3a508e5c5f30da4a6a9bc5c3a9a33
20ba3184e8140a17dbb61167dfc907cc2618bc5446dad3e9ff51435f4e582189
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5999
Cache-Control: max-age=141193
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 10:27:35 GMT
Etag: "638be331-117"
Expires: Tue, 06 Dec 2022 01:40:48 GMT
Last-Modified: Sun, 04 Dec 2022 00:00:49 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
200 OK 278 B IP
Hash a825bada62ae68d6b7feece91b1c4759
c4fcc39fe357c3a16f1a7088a9e7d528b4974aa2
74012ada7644d9ef9ebf6712bc71578cbd998b39afad4f95bc3e63eea75056b0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1750
Cache-Control: max-age=126849
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 10:27:35 GMT
Etag: "638bbbc3-116"
Expires: Mon, 05 Dec 2022 21:41:44 GMT
Last-Modified: Sat, 03 Dec 2022 21:12:35 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 278
ocsp.digicert.com/
200 OK 278 B IP
Hash a825bada62ae68d6b7feece91b1c4759
c4fcc39fe357c3a16f1a7088a9e7d528b4974aa2
74012ada7644d9ef9ebf6712bc71578cbd998b39afad4f95bc3e63eea75056b0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1750
Cache-Control: max-age=126849
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 10:27:35 GMT
Etag: "638bbbc3-116"
Expires: Mon, 05 Dec 2022 21:41:44 GMT
Last-Modified: Sat, 03 Dec 2022 21:12:35 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 278
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash 4ee03e4c638ac0fb625fcfd0f2bdbecd
619fd55282588b6a6fa879d613d5d189365fc228
246904760ae67f6009307ad5f440bae82ebb3dfeea3ca1f2534882dd77a5b3e3
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sun, 04 Dec 2022 10:27:35 GMT
Etag: "638b5268-1d7"
Last-Modified: Sun, 04 Dec 2022 09:18:41 GMT
Server: ECS (bsa/EB1A)
X-Cache: Miss from cloudfront
Via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: u7JeDLRBT9YfMPyBO88AJkgDijZ66Kll8DfE0-8llc39CO0j_t7vVA==
Age: 4134
as.ad4m.at/ad/tur?a=916&c=https%3A%2F%2Fcountryinns.com&b=638c7616b1f3ab3faf565c62265182
307 Temporary Redirect 35 B URL HTTP/2 as.ad4m.at/ad/tur?a=916&c=https%3A%2F%2Fcountryinns.com&b=638c7616b1f3ab3faf565c62265182
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
GET /ad/tur?a=916&c=https%3A%2F%2Fcountryinns.com&b=638c7616b1f3ab3faf565c62265182 HTTP/1.1
Host: as.ad4m.at
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://srw.bannerwidget.tech/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
date: Sun, 04 Dec 2022 10:27:34 GMT
location: https://www.smartredirect.de/redir/clickGate.php?u=RkkuMW4M&m=1&p=Fr5xngjWXe&t=iRhdghTT&url=https%3A%2F%2Fwww.countryinns.com&r=https%3A%2F%2Fwww.advancedstore.com&s=oneidzj3tRfYfk9dDh7tGcpcJCBxGTVSZtDfWoneid_638c7616b1f3ab3faf565c62265182
x-content-type-options: nosniff
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
pragma: no-cache
referrer-policy: no-referrer-when-downgrade
expires: 0
x-download-options: noopen
cross-origin-embedder-policy: unsafe-none
cross-origin-opener-policy: unsafe-none
x-xss-protection: 1; mode=block
vary: accept-encoding
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=86400; includeSubDomains; preload
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
surrogate-control: no-store
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7743d9af4e82b4fd-OSL
X-Firefox-Spdy: h2
www.google-analytics.com/collect?cs=Tredia&cc=265182&ck=42259&cm=Advanced+Store&cn=Radisson+Hotels&tid=UA-207042490-1&v=1&t=pageview&ds=web&aip=1&dh=www.radissonhotels.com&dp=%2Fen-us%2F&dt=Radisson+Hotels+Official+Site+%7C+Book+Rooms+Worldwide&dr=&vp=1280x1024&sr=1280x1024&je=0&ul=en-US&cid=1842288441.1738407723
200 OK 35 B URL HTTP/2 www.google-analytics.com/collect?cs=Tredia&cc=265182&ck=42259&cm=Advanced+Store&cn=Radisson+Hotels&tid=UA-207042490-1&v=1&t=pageview&ds=web&aip=1&dh=www.radissonhotels.com&dp=%2Fen-us%2F&dt=Radisson+Hotels+Official+Site+%7C+Book+Rooms+Worldwide&dr=&vp=1280x1024&sr=1280x1024&je=0&ul=en-US&cid=1842288441.1738407723
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
GET /collect?cs=Tredia&cc=265182&ck=42259&cm=Advanced+Store&cn=Radisson+Hotels&tid=UA-207042490-1&v=1&t=pageview&ds=web&aip=1&dh=www.radissonhotels.com&dp=%2Fen-us%2F&dt=Radisson+Hotels+Official+Site+%7C+Book+Rooms+Worldwide&dr=&vp=1280x1024&sr=1280x1024&je=0&ul=en-US&cid=1842288441.1738407723 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lnk.clickadsolutions.com
Connection: keep-alive
Referer: https://lnk.clickadsolutions.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
pragma: no-cache
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 35
date: Sun, 04 Dec 2022 05:07:20 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
age: 19215
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
srw.bannerwidget.tech/
200 OK 1.9 kB IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash c9e882df8e9f06cc6734dc3b73143021
db59542d1a343e179321475c0b1c423022a7e5b7
0519b57c1dc6b13b76db16be7802d2e9078212fea44d7591ca5a7ab52b812f0f
POST / HTTP/1.1
Host: srw.bannerwidget.tech
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 204
Origin: https://lnk.clickadsolutions.com
Connection: keep-alive
Referer: https://lnk.clickadsolutions.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 10:27:34 GMT
content-type: text/html;charset=UTF-8
content-language: en-US
X-Firefox-Spdy: h2
www.radissonhotels.com/?facilitatorId=ADMITAD&cid=a%3Aaf+b%3Aadm+c%3Aemea+e%3Arhg+g%3Acl+v%3Acf&tagtag_uid=58e1d9ebc511b8df10e63e21120ec140
302 Found 0 B URL HTTP/2 www.radissonhotels.com/?facilitatorId=ADMITAD&cid=a%3Aaf+b%3Aadm+c%3Aemea+e%3Arhg+g%3Acl+v%3Acf&tagtag_uid=58e1d9ebc511b8df10e63e21120ec140
IP
ASN #1299 Telia Company AB
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?facilitatorId=ADMITAD&cid=a%3Aaf+b%3Aadm+c%3Aemea+e%3Arhg+g%3Acl+v%3Acf&tagtag_uid=58e1d9ebc511b8df10e63e21120ec140 HTTP/1.1
Host: www.radissonhotels.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://srw.bannerwidget.tech/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-length: 0
location: https://www.radissonhotels.com/en-us/?facilitatorId=ADMITAD&cid=a%3Aaf+b%3Aadm+c%3Aemea+e%3Arhg+g%3Acl+v%3Acf&tagtag_uid=58e1d9ebc511b8df10e63e21120ec140
date: Sun, 04 Dec 2022 10:27:35 GMT
set-cookie: rhg-device-info=city=OSLO&country=NO&is_mobile=false&is_tablet=false&is_wireless_device=false; path=/; domain=.radissonhotels.com; secure
AKA_A2=A; expires=Sun, 04-Dec-2022 11:27:35 GMT; path=/; domain=radissonhotels.com; secure; HttpOnly
_abck=B8B5A4544E5AADF5E3429EB6D2E95CED~-1~YAAQrIVlXwErl3yEAQAAi02t3AlknEgfyTs0zkX6bLFRuOxlFFDa7iptMlZM68Dw6KG/hL+SACQE2DaCmizX8lrhhXuwsnh7mVNgMp/9u51TmpWQl8TW9MPvYJuZg3kQNv9aMp+yuRbLPkeHfSmCRKv1g6fSNT8tizl9caE/i6p79ImM0HzijQRB/pKgmfBGagwgogEZCkfUczN26tqRKOF4tEtAW7LB+fU0VN7z7+cMuJrzMtErRDDdPYrRG4ppxNnharqFB5WVTLw/Py9Seae3aHSjVrzyPc+i0ka07yJ07IqZ98GleJoNovgCGoXZlCWJD5sSNg9PaiiXCmDt17QIp4Hzw4lBuLOnr8usBSoXvUWoml+w8mw+3lirZ2r5r1Tc7B0=~-1~-1~-1; Domain=.radissonhotels.com; Path=/; Expires=Mon, 04 Dec 2023 10:27:35 GMT; Max-Age=31536000; Secure
bm_sz=12CAA7B4E24D3643040853C138B78BB9~YAAQrIVlXwIrl3yEAQAAi02t3BLlzFj4wYEjvpfd4Su8s7hQd5GGF12DkDHZqMt7y5asUgraaIAZZMzTofoqa8fbfmjGzB6r0w587IkHtjZQeIy2REczodI8b9sN2d5vtO22SyJpt6l6RGBjX4xxcOL3xfY8ADC50rRDzuDu6YMHODCgR8quMkYREuZq69VafLVJdMS2rT4CXc+nDdTP3Pk4l2YW85BkzSqH+RhyuHSosin+8CJStaDoQR3JXI48AtkLXpT4RJCAnrNPuP0vk7V/+hqBouVrkZFV04SYXkuje9k71IfeS7uK5g==~3223878~4407856; Domain=.radissonhotels.com; Path=/; Expires=Sun, 04 Dec 2022 14:27:35 GMT; Max-Age=14400
server-timing: cdn-cache; desc=HIT, edge; dur=1
link: <https://statics.radissonhotels.com>;rel="preconnect"
content-security-policy: upgrade-insecure-requests
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
www.radissonhotels.com/en-us/?facilitatorId=ADMITAD&cid=a%3Aaf+b%3Aadm+c%3Aemea+e%3Arhg+g%3Acl+v%3Acf&tagtag_uid=58e1d9ebc511b8df10e63e21120ec140
200 OK 21 kB URL HTTP/2 www.radissonhotels.com/en-us/?facilitatorId=ADMITAD&cid=a%3Aaf+b%3Aadm+c%3Aemea+e%3Arhg+g%3Acl+v%3Acf&tagtag_uid=58e1d9ebc511b8df10e63e21120ec140
IP
ASN #1299 Telia Company AB
Hash 7d84e963f513a997eb683c60e1c65bf3
22d6045ef75342343e06a01a34833895df2d2499
28df68ebc7fafc335e9c24bc4d63587af4fa1c18b53d489f05208efb42da9b53
GET /en-us/?facilitatorId=ADMITAD&cid=a%3Aaf+b%3Aadm+c%3Aemea+e%3Arhg+g%3Acl+v%3Acf&tagtag_uid=58e1d9ebc511b8df10e63e21120ec140 HTTP/1.1
Host: www.radissonhotels.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://srw.bannerwidget.tech/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html;charset=UTF-8
x-oneagent-js-injection: true
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
x-page-cache: HIT
x-akamai-transformed: 9 - 0 pmb=mTOE,2mRUM,2
content-encoding: gzip
cache-control: max-age=3600
expires: Sun, 04 Dec 2022 11:27:36 GMT
date: Sun, 04 Dec 2022 10:27:36 GMT
vary: Accept-Encoding
set-cookie: rhg-device-info=city=OSLO&country=NO&is_mobile=false&is_tablet=false&is_wireless_device=false; path=/; domain=.radissonhotels.com; secure
AKA_A2=A; expires=Sun, 04-Dec-2022 11:27:36 GMT; path=/; domain=radissonhotels.com; secure; HttpOnly
_abck=13E9852668B24ADEE7A8638592A9FD76~-1~YAAQrIVlXwQrl3yEAQAALU6t3AnyU8gz26GC1Ki5+G7yJxa1JhlyRAKPii+R+9+IeYGzzmX6x6PtxluXX4vW12xL9j7xJSArbmsZ+g8EnwWGDfDGS8YDlc4qEF8Pm7QWdV/Ph6KVNMI5Y8aeSGSTgrA94E3DMfntw5vFneN7PXkpI+QztVpqjmUEc1fzByB8KLYaDbKOucQb+FIsxWS/cqN9264CnekRlK1mKLLBv8NAK/QEmdNNl2Z/zAiQi9RrGRJhi4NHDIxKNGy1+16JjRLKywOcx6SZvs7Dx+DBnJF9IB8Mtfo5jIhoiNVgi4f5Iv4Z6gW6TXk/de84mFPILvTNDJ40/cB/paFgj1kVvUSGX3TiKt2WkWnhuR+Fivijo5vGqfk=~-1~-1~-1; Domain=.radissonhotels.com; Path=/; Expires=Mon, 04 Dec 2023 10:27:36 GMT; Max-Age=31536000; Secure
ak_bmsc=0BBC90C29ABD68CF999AD33CE195BA6E~000000000000000000000000000000~YAAQrIVlXwUrl3yEAQAALU6t3BJN6/jYl6G3xjbjRonNNO8yAr2WvuSDnCJcq0Qb27xeEzFBDquBHqchUJ6VXu8GwzEKTvmWXij6605vFFZmhz9Yq9ufNph/Vijp9B6FpZyNeuh3z4iavaeleMGUDeDXc9pYtvvaBUA33XFe5oXUcnQe89PpESoF8qA6rhdTwOojE4QEaDr9+cWbbYrU8JMUj20VyYJ4e5v367SqAjuhXHgI3i33D39Ghrb3rqXthvwcE90zgn4uRN5k0X/iiPCOCtg87CKjAQsrKzP8ukzQHkGStRM3l2RbjBq7NvJro3UxiR+uRNsHqQvmDpntJCXAivTnmW0i9O2cDMy4b9WYUxPgQRB88eYoSIXf2S7bFxMarqlFOaN3qgBPPgyYVG4=; Domain=.radissonhotels.com; Path=/; Expires=Sun, 04 Dec 2022 12:27:35 GMT; Max-Age=7199; HttpOnly
bm_mi=BA045758B1FC9AEC937E250A7788A267~YAAQrIVlXwYrl3yEAQAALk6t3BJU1GllwC+OoIxTEi6RZ0+yy5LRRJUAJO9y/ni3wDMc2xaRWEW6pZkBIVV3wrFh/0p465+uE2s8vn55d88ym1U8c+xWmC5eXsz8yvCmf7VTcwYJ7eG3C3QR8MppHqy5peZ5tccnGZ9l5GnM7/1i0Qbg/b/eVrw06z/t+7UBlFnRY7fLVA9xVqTbELJmokVwOX82+Kklw0kgLnSkDBWuV1Aj+y/EUvyiHh3K8isSIIcoUMSMOBujNZyHC+cuJkMB+a9ROYlSyHa8XrR6y2mUOeXKlRzzowHYG9sQuBW40ya9dkx4P0P9Dn4T~1; Domain=.radissonhotels.com; Path=/; Expires=Sun, 04 Dec 2022 10:27:36 GMT; Max-Age=0; Secure
bm_sz=34E878CB51A16EA684CFA4EEF744A097~YAAQrIVlXwcrl3yEAQAALk6t3BKrhMVYLKJ8STQoNtSewdVj9nNb0QSEEUjNdBj3+kt+zfmvPxIdSzsZ5eix8yCRNYoJaAwfBLOxCvL5Vx2tQAqHsr4B1lR8ZPbfRO/9f0IGzyP1WaZA4rkgNVmVN/pshQnV5r1UQxNx8nMLiI7fPS8GFzdCytVPjRDa6NUYiZF/1275bb9mR+e+1v5cD21/weXmIHT5Pzss8VjQtdDq9feq4I4ppxZPMCA1cxQij5KPZJ74OvFZhNQ55RJq89YJoGYUv/iT67Y6L1M6UJY4+YU5+griI8J9RQ==~3223878~4407856; Domain=.radissonhotels.com; Path=/; Expires=Sun, 04 Dec 2022 14:27:35 GMT; Max-Age=14399
server-timing: cdn-cache; desc=HIT, edge; dur=28, dtRpid;desc="1387907196", dtSInfo;desc="0"
link: <https://aswpsdkus.com>;rel="preconnect",<https://tags.tiqcdn.com>;rel="preconnect",<https://ssl.p.jwpcdn.com>;rel="preconnect", <https://statics.radissonhotels.com>;rel="preconnect"
x-page-api-rule-hit: True
content-security-policy: upgrade-insecure-requests
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F85837b29-ffdd-4915-a6ab-8d0721427d1b.jpeg
200 OK 9.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F85837b29-ffdd-4915-a6ab-8d0721427d1b.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 591104ff3c76193fe3c24fbbbb332f7d
aa134912d4f5ddfb371c45d9975506246af68400
af0cbb5c37c901019c1e684fe9a019bb7a2fb8359909ab831b7ff86cbc3d0fec
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F85837b29-ffdd-4915-a6ab-8d0721427d1b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 9356
x-amzn-requestid: 11f22578-a356-4f74-99bf-6d8462e25fdf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ckdKGG8RIAMFc9Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638b4240-5c5fa5332d60db084c8d3bb6;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 12:34:08 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: LHI_AR5lwe0vmuK0mOQapt3YQW0WE7BLN-PSn4pVMBTWoYbv4IV9ow==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 04:19:12 GMT
age: 22106
etag: "aa134912d4f5ddfb371c45d9975506246af68400"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.smartredirect.de/redir/clickGate.php?u=RkkuMW4M&m=1&p=Fr5xngjWXe&t=iRhdghTT&url=https%3A%2F%2Fwww.countryinns.com&r=https%3A%2F%2Fwww.advancedstore.com&s=oneidzj3tRfYfk9dDh7tGcpcJCBxGTVSZtDfWoneid_638c7616b1f3ab3faf565c62265182
302 Found 0 B URL HTTP/2 www.smartredirect.de/redir/clickGate.php?u=RkkuMW4M&m=1&p=Fr5xngjWXe&t=iRhdghTT&url=https%3A%2F%2Fwww.countryinns.com&r=https%3A%2F%2Fwww.advancedstore.com&s=oneidzj3tRfYfk9dDh7tGcpcJCBxGTVSZtDfWoneid_638c7616b1f3ab3faf565c62265182
IP
GET /redir/clickGate.php?u=RkkuMW4M&m=1&p=Fr5xngjWXe&t=iRhdghTT&url=https%3A%2F%2Fwww.countryinns.com&r=https%3A%2F%2Fwww.advancedstore.com&s=oneidzj3tRfYfk9dDh7tGcpcJCBxGTVSZtDfWoneid_638c7616b1f3ab3faf565c62265182 HTTP/1.1
Host: www.smartredirect.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://srw.bannerwidget.tech/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sun, 04 Dec 2022 10:27:35 GMT
content-type: text/html; charset=UTF-8
location: https://de.trck.one/redir/clickGate.php?u=RkkuMW4M&m=1&p=Fr5xngjWXe&t=iRhdghTT&url=https%3A%2F%2Fwww.countryinns.com&r=https%3A%2F%2Fwww.advancedstore.com&s=oneidzj3tRfYfk9dDh7tGcpcJCBxGTVSZtDfWoneid_638c7616b1f3ab3faf565c62265182
cache-control: no-cache, post-check=0, pre-check=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Sun, 04 Dec 2022 10:27:35 GMT
p3p: policyref="/w3c/p3p.xml", CP="NOI CUR OUR STP"
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GfAXdRltK6K9Q2vhJmGOoX2nz8kShn4YwFJN9hYY%2BSVDqzLtSRpd%2FNfTYmTGfkRp8u2sd%2FrDDCooaQngRUyTv1XymB%2BtkL8V50uRBKR8lprXbx6JxRXg37to2LzBSOiB%2BCjQzYo%2Bgw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7743d9afe84e0b3d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
de.trck.one/redir/clickGate.php?u=RkkuMW4M&m=1&p=Fr5xngjWXe&t=iRhdghTT&url=https%3A%2F%2Fwww.countryinns.com&r=https%3A%2F%2Fwww.advancedstore.com&s=oneidzj3tRfYfk9dDh7tGcpcJCBxGTVSZtDfWoneid_638c7616b1f3ab3faf565c62265182
302 Found 0 B URL HTTP/2 de.trck.one/redir/clickGate.php?u=RkkuMW4M&m=1&p=Fr5xngjWXe&t=iRhdghTT&url=https%3A%2F%2Fwww.countryinns.com&r=https%3A%2F%2Fwww.advancedstore.com&s=oneidzj3tRfYfk9dDh7tGcpcJCBxGTVSZtDfWoneid_638c7616b1f3ab3faf565c62265182
IP
GET /redir/clickGate.php?u=RkkuMW4M&m=1&p=Fr5xngjWXe&t=iRhdghTT&url=https%3A%2F%2Fwww.countryinns.com&r=https%3A%2F%2Fwww.advancedstore.com&s=oneidzj3tRfYfk9dDh7tGcpcJCBxGTVSZtDfWoneid_638c7616b1f3ab3faf565c62265182 HTTP/1.1
Host: de.trck.one
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://srw.bannerwidget.tech/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sun, 04 Dec 2022 10:27:35 GMT
content-type: text/html; charset=UTF-8
location: https://ad.admitad.com/g/px3if4gwymb31ddf000f61ffe955ce/?subid=3CeoaGF46IBDLORG8UdJTNpGrfwPGCXlslckISH3puF4xZ&subid2=advanced-store.com&subid3=&subid4=3CeoaGF46IBDLORG8UdJTNpGrfwPGCXlslckISH3puF4xZ
server: nginx
cache-control: no-cache, private
X-Firefox-Spdy: h2
23.235.251.114
51.83.143.92
104.21.0.237
23.53.61.109
35.156.26.226
93.184.220.29
23.36.77.32