urlquery - report: lkjkui.5ef48.bh.wy5532.com/

Fully Qualifying Domain Name	Rank	First Seen	Last Seen	IP	Comment
contile.services.mozilla.com (1)	1114	2021-05-27 18:32:35 UTC	2022-11-29 05:51:44 UTC	34.117.237.239
rtbstream.com (2)	231176	2017-02-02 05:02:14 UTC	2022-11-27 23:14:19 UTC	192.99.158.241
drivegoals-1.net (1)	0	2022-10-20 05:07:40 UTC	2022-11-29 05:16:13 UTC	15.197.224.234	Unknown ranking
fonts.googleapis.com (2)	8877	2013-06-10 20:14:26 UTC	2022-11-29 09:35:58 UTC	142.250.74.106
content-signature-2.cdn.mozilla.net (1)	1152	No data	No data	34.160.144.191
ocsp.digicert.com (2)	86	2012-05-21 07:02:23 UTC	2020-05-02 20:58:10 UTC	93.184.220.29
push.services.mozilla.com (1)	2140	2014-10-24 08:27:06 UTC	2020-05-03 10:09:39 UTC	52.38.198.114
www.googletagmanager.com (1)	75	2013-05-22 02:07:37 UTC	2022-11-29 06:48:06 UTC	142.250.74.40
r3.o.lencr.org (4)	344	No data	No data	23.36.76.226
click.expmediadirect1.com (1)	55957	No data	No data	198.134.116.30
code.jquery.com (1)	634	2012-05-21 17:28:02 UTC	2020-04-21 12:46:20 UTC	69.16.175.42
ocsp.pki.goog (9)	175	2018-07-01 06:43:07 UTC	2020-05-02 20:58:16 UTC	142.250.74.131
fonts.gstatic.com (1)	0	2014-09-09 00:40:21 UTC	2022-11-29 07:36:52 UTC	216.58.207.227	Domain (gstatic.com) ranked at: 540
img-getpocket.cdn.mozilla.net (6)	1631	2018-06-21 23:36:00 UTC	2020-02-19 04:43:25 UTC	34.120.237.76
firefox.settings.services.mozilla.com (2)	867	2020-06-04 20:08:41 UTC	2022-11-29 05:48:55 UTC	34.102.187.140
ad-free.info (6)	0	2018-01-15 22:18:50 UTC	2022-11-28 08:58:17 UTC	178.128.246.195	Unknown ranking
www.gstatic.com (2)	0	2016-07-26 09:37:06 UTC	2022-11-29 09:50:47 UTC	142.250.74.35	Domain (gstatic.com) ranked at: 540
translate.googleapis.com (2)	1005	2014-07-21 13:19:59 UTC	2022-11-29 09:54:13 UTC	216.58.211.10
region1.google-analytics.com (1)	0	2022-03-17 11:26:33 UTC	2022-11-29 06:11:22 UTC	216.239.34.36	Domain (google-analytics.com) ranked at: 8401
www.google.com (1)	7	2016-03-22 03:56:07 UTC	2022-11-29 09:16:29 UTC	142.250.74.164
translate.google.com (1)	1156	2012-05-30 01:30:32 UTC	2020-04-26 20:04:42 UTC	216.58.211.14
lkjkui.5ef48.bh.wy5532.com (1)	0	No data	No data	172.93.103.102	Unknown ranking

Scan Date	Severity	Indicator	Comment
2022-11-29	2	lkjkui.5ef48.bh.wy5532.com/	Malware

Date	UQ / IDS / BL	URL	IP
2023-01-31 15:40:52 +0000	0 - 0 - 5	gapfile.me/dxx	37.48.65.150
2023-01-31 06:10:16 +0000	0 - 0 - 1	zcvbnnn.2d660.zi.wy5532.com/	37.48.65.150
2023-01-31 05:59:04 +0000	0 - 0 - 1	tgrrre.6232e.ab.wy5532.com/	37.48.65.150
2023-01-31 05:58:54 +0000	0 - 2 - 9	lulroqdk.cn.wy5532.com/	37.48.65.150
2023-01-30 21:13:25 +0000	0 - 2 - 6	89f52.xb.wy5532.com/	37.48.65.150

Date	UQ / IDS / BL	URL	IP
2023-02-02 01:30:45 +0000	0 - 0 - 2	tpbproxyone.org/torrent/4970359/Weeds.S05E03. (...)	37.48.65.151
2023-02-02 01:01:30 +0000	0 - 0 - 5	shridurgadevelopers.com/scb/prelogon/preauth/ (...)	37.48.65.149
2023-02-02 00:59:58 +0000	0 - 0 - 1	nutrakitpro.com/Secumd-AuthenticationV6/login.php	213.227.149.201
2023-02-02 00:55:52 +0000	0 - 0 - 1	friendlycabdavis.com/wp-content/themes/hub/ch (...)	212.32.237.91
2023-02-02 00:17:09 +0000	0 - 0 - 3	1de74.moedcc.wy5532.com/	81.171.22.5

Date	UQ / IDS / BL	URL	IP
2023-02-02 00:45:04 +0000	0 - 0 - 3	uyclvmqe.tt.wy5532.com/	199.115.115.116
2023-02-02 00:17:09 +0000	0 - 0 - 3	1de74.moedcc.wy5532.com/	81.171.22.5
2023-02-01 23:43:06 +0000	0 - 0 - 3	cn925f8.bq.wy5532.com/	185.107.56.200
2023-02-01 23:26:05 +0000	0 - 0 - 3	hfgfgf.3de78.wl.wy5532.com/	185.107.56.200
2023-02-01 22:52:40 +0000	0 - 0 - 3	gov.3680d.mw.wy5532.com/	185.107.56.200

Date	UQ / IDS / BL	URL	IP
2022-12-15 06:52:08 +0000	0 - 0 - 1	uqorxal.wy5532.com/	37.48.65.149
2022-12-14 01:55:14 +0000	0 - 0 - 1	rghvzqud.gov.wy5532.com/	185.107.56.199
2022-12-14 01:44:51 +0000	0 - 0 - 1	poaytcsx.cn.wy5532.com/	185.107.56.199
2022-12-12 16:00:55 +0000	0 - 0 - 1	trerw40b59.jw.wy5532.com/	199.115.115.116
2022-12-11 06:27:43 +0000	0 - 0 - 1	iuyuy.72818.eu.wy5532.com/	199.115.115.119

Request	Response
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.76.226 HASH: 94fb64c1c826ed7099283c0bedb3cea7ac7e1d9526794cb9fad6e761f5989d32 23.36.76.226 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "94FB64C1C826ED7099283C0BEDB3CEA7AC7E1D9526794CB9FAD6E761F5989D32" Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=3619 Expires: Tue, 29 Nov 2022 18:52:20 GMT Date: Tue, 29 Nov 2022 17:52:01 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: a5daf4dc99951793ae2315d4795e8146 Sha1: 4427507ca4d3a5632cc8f598afbc85e2195d00bd Sha256: 94fb64c1c826ed7099283c0bedb3cea7ac7e1d9526794cb9fad6e761f5989d32
POST / HTTP/1.1 Host: ocsp.digicert.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: ocsp.digicert.com/ FQDN: ocsp.digicert.com IP: 93.184.220.29 HASH: b723d770d0dec7441d8505dc5a4e7d34f55c9f564ec52f20d9b70c7c3a0d9d35 93.184.220.29 HTTP/1.1 200 OK Content-Type: application/ocsp-response Accept-Ranges: bytes Age: 4442 Cache-Control: max-age=150792 Date: Tue, 29 Nov 2022 17:52:01 GMT Etag: "6385df6f-1d7" Expires: Thu, 01 Dec 2022 11:45:13 GMT Last-Modified: Tue, 29 Nov 2022 10:31:11 GMT Server: ECS (ska/F70A) X-Cache: HIT Content-Length: 471 --- Additional Info --- Magic: data Size: 471 Md5: 4ed065cb23b5fca1a179dd73b3c5b7b2 Sha1: 4422eb24688f5e056fc1b18b127c7f63b1dbf5e0 Sha256: b723d770d0dec7441d8505dc5a4e7d34f55c9f564ec52f20d9b70c7c3a0d9d35
GET /v1/ HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: firefox.settings.services.mozilla.com/v1/ FQDN: firefox.settings.services.mozilla.com IP: 34.102.187.140 HASH: b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e 34.102.187.140 HTTP/2 200 OK content-type: application/json access-control-allow-origin: * access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; strict-transport-security: max-age=31536000 x-content-type-options: nosniff content-length: 939 via: 1.1 google date: Tue, 29 Nov 2022 17:17:55 GMT cache-control: public,max-age=3600 age: 2046 alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JSON data\012- , ASCII text, with very long lines (939), with no line terminators Size: 939 Md5: 30db107dcf4380cef05efea409c2e6a3 Sha1: 96e6a306fbc07299aba64e5c14e2bfca35872fa9 Sha256: b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.76.226 HASH: f18ac558cb786126bb7efb159e03353d268d5f5796bcfd2691a349dfc68d863c 23.36.76.226 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "F18AC558CB786126BB7EFB159E03353D268D5F5796BCFD2691A349DFC68D863C" Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=9225 Expires: Tue, 29 Nov 2022 20:25:46 GMT Date: Tue, 29 Nov 2022 17:52:01 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 6d9d34c96b9a826ae5676640c966469c Sha1: 8052a16d41a637e420478b7de1ff5a2dc951fccd Sha256: f18ac558cb786126bb7efb159e03353d268d5f5796bcfd2691a349dfc68d863c
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1 Host: content-signature-2.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site	URL: content-signature-2.cdn.mozilla.net/chains/remote-setti (...) FQDN: content-signature-2.cdn.mozilla.net IP: 34.160.144.191 HASH: 74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5 34.160.144.191 HTTP/2 200 OK content-type: binary/octet-stream x-amz-id-2: necRkWyxVwUGJn2ueWRe6r/OoOUWAP1jZAGpEe91N06+NzgZizCPee6/xtUegknKdnG+VAx2qbU= x-amz-request-id: XECQZ4TZT2N759YE content-disposition: attachment accept-ranges: bytes server: AmazonS3 content-length: 5348 via: 1.1 google date: Tue, 29 Nov 2022 17:44:54 GMT age: 427 last-modified: Thu, 10 Nov 2022 09:21:27 GMT etag: "9ebddc2b260d081ebbefee47c037cb28" cache-control: public,max-age=3600 alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: PEM certificate\012- , ASCII text Size: 5348 Md5: 9ebddc2b260d081ebbefee47c037cb28 Sha1: 492bad62a7ca6a74738921ef5ae6f0be5edebf39 Sha256: 74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /v1/tiles HTTP/1.1 Host: contile.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: contile.services.mozilla.com/v1/tiles FQDN: contile.services.mozilla.com IP: 34.117.237.239 HASH: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3 34.117.237.239 HTTP/2 200 OK content-type: application/json server: nginx date: Tue, 29 Nov 2022 17:52:01 GMT content-length: 12 strict-transport-security: max-age=31536000 via: 1.1 google alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JSON data\012- , ASCII text, with no line terminators Size: 12 Md5: 23e88fb7b99543fb33315b29b1fad9d6 Sha1: a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET / HTTP/1.1 Host: lkjkui.5ef48.bh.wy5532.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Cookie: sid=687d162e-700d-11ed-a253-41021800bcc5 Upgrade-Insecure-Requests: 1	URL: lkjkui.5ef48.bh.wy5532.com/ FQDN: lkjkui.5ef48.bh.wy5532.com IP: 172.93.103.102 HASH: e55fb1a1d731153e943b68844af12dcce8bfac917c98ffdea64c80da0607dd47 172.93.103.102 HTTP/1.1 302 Found cache-control: max-age=0, private, must-revalidate connection: close content-length: 11 date: Tue, 29 Nov 2022 17:52:00 GMT location: http://rtbstream.com/click?data=NFJhbU9PU2g0UTB0LVo4NC1GSW84NVFKQ3Ffa0lIR3FSVFVkZ05iU3F3aU9LdHE2RGhPS2NlX0NUN0lxNVlwVTlaWFhOTFVDYzRaRHkzTUphbU5Cbi11NkVhS0tWdDljb1VoejJJUlpLdUZmUVk0dnBLNWRiWU5FZXc2T1pQT1NtM0pyMF96NmJwM0FDYVAzUGVmQlh3Mg2&id=36191473-b326-4283-bbc0-d24b536777bb server: nginx --- Additional Info --- Magic: ASCII text, with no line terminators Size: 11 Md5: 32682312d17c7cbf18e73594f5570319 Sha1: 60e22121bdd0bc71cdb2bae2a3aa577006b2eae9 Sha256: e55fb1a1d731153e943b68844af12dcce8bfac917c98ffdea64c80da0607dd47 Alerts: Blocklists: - fortinet: Malware
GET /click?data=NFJhbU9PU2g0UTB0LVo4NC1GSW84NVFKQ3Ffa0lIR3FSVFVkZ05iU3F3aU9LdHE2RGhPS2NlX0NUN0lxNVlwVTlaWFhOTFVDYzRaRHkzTUphbU5Cbi11NkVhS0tWdDljb1VoejJJUlpLdUZmUVk0dnBLNWRiWU5FZXc2T1pQT1NtM0pyMF96NmJwM0FDYVAzUGVmQlh3Mg2&id=36191473-b326-4283-bbc0-d24b536777bb HTTP/1.1 Host: rtbstream.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Upgrade-Insecure-Requests: 1	URL: rtbstream.com/click?data=NFJhbU9PU2g0UTB0LVo4NC1GSW84NV (...) FQDN: rtbstream.com IP: 192.99.158.241 HASH: 67290dfdede6bf0b62f44d3e845b0c7f554dce3460a2cd78f850d70c16d4a41a 192.99.158.241 HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Cache-Control: private Server: Microsoft-IIS/10.0 X-AspNetMvc-Version: 5.2 X-AspNet-Version: 4.0.30319 Set-Cookie: RwZyvEbxuUaKlGV=RwZyvEbxuUaKlGV; path=/ X-Powered-By: ASP.NET Access-Control-Allow-Origin: * Access-Control-Allow-Headers: Content-Type Date: Tue, 29 Nov 2022 17:52:01 GMT Content-Length: 5412 --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (320), with CRLF line terminators Size: 5412 Md5: 14cf885a34c589adaf5550b41845e5f7 Sha1: 4d72175595cf0ddf002d69d59301431e7cfbf603 Sha256: 67290dfdede6bf0b62f44d3e845b0c7f554dce3460a2cd78f850d70c16d4a41a
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: application/json Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: application/json Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: firefox.settings.services.mozilla.com/v1/buckets/main/c (...) FQDN: firefox.settings.services.mozilla.com IP: 34.102.187.140 HASH: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300 34.102.187.140 HTTP/2 200 OK content-type: application/json access-control-allow-origin: * access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; strict-transport-security: max-age=31536000 x-content-type-options: nosniff content-length: 329 via: 1.1 google date: Tue, 29 Nov 2022 17:08:56 GMT cache-control: public,max-age=3600 age: 2586 last-modified: Fri, 25 Mar 2022 17:45:46 GMT etag: "1648230346554" alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JSON data\012- , ASCII text, with very long lines (329), with no line terminators Size: 329 Md5: 0333b0655111aa68de771adfcc4db243 Sha1: 63f295a144ac87a7c8e23417626724eeca68a7eb Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
POST / HTTP/1.1 Host: ocsp.digicert.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: ocsp.digicert.com/ FQDN: ocsp.digicert.com IP: 93.184.220.29 HASH: 516138ca79703b45e904d32d7dde1c1e9fd35995b9f1bb1331c547542745676d 93.184.220.29 HTTP/1.1 200 OK Content-Type: application/ocsp-response Accept-Ranges: bytes Age: 2053 Cache-Control: max-age=143339 Date: Tue, 29 Nov 2022 17:52:02 GMT Etag: "6385cba8-1d7" Expires: Thu, 01 Dec 2022 09:41:01 GMT Last-Modified: Tue, 29 Nov 2022 09:06:48 GMT Server: ECS (ska/F70A) X-Cache: HIT Content-Length: 471 --- Additional Info --- Magic: data Size: 471 Md5: 3c8c689bd654417640d85f3da51af313 Sha1: 85123b6d46230a23d03768bf304b386e5d301305 Sha256: 516138ca79703b45e904d32d7dde1c1e9fd35995b9f1bb1331c547542745676d
POST /Redirect/ HTTP/1.1 Host: rtbstream.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded Content-Length: 330 Origin: http://rtbstream.com Connection: keep-alive Referer: http://rtbstream.com/click?data=NFJhbU9PU2g0UTB0LVo4NC1GSW84NVFKQ3Ffa0lIR3FSVFVkZ05iU3F3aU9LdHE2RGhPS2NlX0NUN0lxNVlwVTlaWFhOTFVDYzRaRHkzTUphbU5Cbi11NkVhS0tWdDljb1VoejJJUlpLdUZmUVk0dnBLNWRiWU5FZXc2T1pQT1NtM0pyMF96NmJwM0FDYVAzUGVmQlh3Mg2&id=36191473-b326-4283-bbc0-d24b536777bb Cookie: RwZyvEbxuUaKlGV=RwZyvEbxuUaKlGV Upgrade-Insecure-Requests: 1	URL: rtbstream.com/Redirect/ FQDN: rtbstream.com IP: 192.99.158.241 HASH: 32ca8fae45da1dabf763306c8a156e98885fb0eb55be19f73baedad1f290edcf 192.99.158.241 HTTP/1.1 302 Found Content-Type: text/html; charset=utf-8 Cache-Control: private Location: http://click.expmediadirect1.com/click?i=rytqL29EaAs_0 Server: Microsoft-IIS/10.0 X-AspNetMvc-Version: 5.2 X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Access-Control-Allow-Origin: * Access-Control-Allow-Headers: Content-Type Date: Tue, 29 Nov 2022 17:52:02 GMT Content-Length: 171 --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators Size: 171 Md5: 3d0d281976463db94298b5eb6e1e10da Sha1: 7328415a169f315b993b11145cb9d5d526936c47 Sha256: 32ca8fae45da1dabf763306c8a156e98885fb0eb55be19f73baedad1f290edcf
GET / HTTP/1.1 Host: push.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Sec-WebSocket-Version: 13 Origin: wss://push.services.mozilla.com/ Sec-WebSocket-Protocol: push-notification Sec-WebSocket-Extensions: permessage-deflate Sec-WebSocket-Key: nyuN/3dd3mHH9bxNwV4IzQ== Connection: keep-alive, Upgrade Sec-Fetch-Dest: websocket Sec-Fetch-Mode: websocket Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache Upgrade: websocket	URL: push.services.mozilla.com/ FQDN: push.services.mozilla.com IP: 52.38.198.114 HASH: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 52.38.198.114 HTTP/1.1 101 Switching Protocols Connection: Upgrade Upgrade: websocket Sec-WebSocket-Accept: OtCI/dlBYXOeygAYmkCL9hYQPbY= --- Additional Info --- Magic: Size: 0 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?i=rytqL29EaAs_0 HTTP/1.1 Host: click.expmediadirect1.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://rtbstream.com/ Connection: keep-alive Upgrade-Insecure-Requests: 1	URL: click.expmediadirect1.com/click?i=rytqL29EaAs_0 FQDN: click.expmediadirect1.com IP: 198.134.116.30 HASH: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 198.134.116.30 HTTP/1.1 302 Found Cache-Control: no-store Content-Length: 0 Age: 0 Connection: keep-alive Location: http://drivegoals-1.net/api/v1/px?xmlid=EaQXj8tOyRb2QBYz7MbLUXC0or4C0uhlJgL14QU8 Pragma: no-cache --- Additional Info --- Magic: Size: 0 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/v1/px?xmlid=EaQXj8tOyRb2QBYz7MbLUXC0or4C0uhlJgL14QU8 HTTP/1.1 Host: drivegoals-1.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://rtbstream.com/ Connection: keep-alive Upgrade-Insecure-Requests: 1	URL: drivegoals-1.net/api/v1/px?xmlid=EaQXj8tOyRb2QBYz7MbLUX (...) FQDN: drivegoals-1.net IP: 15.197.224.234 HASH: 0a1b409993102aacf9f9c74336ee945c0712cdb39d34dd187e60119c3d8de380 15.197.224.234 HTTP/1.1 302 Found Content-Type: text/html; charset=utf-8 Date: Tue, 29 Nov 2022 17:52:03 GMT Content-Length: 178 Connection: keep-alive Access-Control-Allow-Origin: * Location: https://ad-free.info/?z=123&c=456789&subid=Fill_kif_setting Vary: Accept --- Additional Info --- Magic: HTML document, ASCII text, with no line terminators Size: 178 Md5: 9c36f7fa7b2cc61d23f5c148285e68a4 Sha1: d32bbfcaeb9a2e401ee59d5a24f1d2e8aff6be1b Sha256: 0a1b409993102aacf9f9c74336ee945c0712cdb39d34dd187e60119c3d8de380
GET /?z=123&c=456789&subid=Fill_kif_setting HTTP/1.1 Host: ad-free.info User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: http://rtbstream.com/ Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site	URL: ad-free.info/?z=123&c=456789&subid=Fill_kif_setting FQDN: ad-free.info IP: 178.128.246.195 HASH: 803ac2530cfdc516b772b8c39dd54b6270635a59bdb5d3ca68ead45a21684ed1 178.128.246.195 HTTP/1.1 200 OK Content-Type: text/html Server: nginx/1.14.2 Date: Tue, 29 Nov 2022 17:52:03 GMT Last-Modified: Fri, 30 Sep 2022 10:28:31 GMT Transfer-Encoding: chunked Connection: keep-alive ETag: W/"6336c4cf-4fcb" Strict-Transport-Security: max-age=63072000; includeSubdomains Content-Encoding: gzip --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1533), with CRLF line terminators Size: 6761 Md5: 5e3fb071bc872d2127d5d75c5e58ac7e Sha1: 2edf4fa64dfdc73378ff9770d5c54c9715e6cc54 Sha256: 803ac2530cfdc516b772b8c39dd54b6270635a59bdb5d3ca68ead45a21684ed1
GET /css/styles.css?2 HTTP/1.1 Host: ad-free.info User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin	URL: ad-free.info/css/styles.css?2 FQDN: ad-free.info IP: 178.128.246.195 HASH: 9f68e1942cf962266a0e1d445711d70480deb89b6edfacf2753ba43ef95d6040 178.128.246.195 HTTP/1.1 200 OK Content-Type: text/css Server: nginx/1.14.2 Date: Tue, 29 Nov 2022 17:52:03 GMT Content-Length: 16942 Last-Modified: Fri, 06 May 2022 08:32:41 GMT Connection: keep-alive ETag: "6274dd29-422e" Strict-Transport-Security: max-age=63072000; includeSubdomains Accept-Ranges: bytes --- Additional Info --- Magic: assembler source, ASCII text, with very long lines (387), with CRLF line terminators Size: 16942 Md5: 7e5f253c8b9e0ad3e1682f3eb88e95d8 Sha1: a58ac3f122dccc3e7b2a6ea88a1fe73010847faf Sha256: 9f68e1942cf962266a0e1d445711d70480deb89b6edfacf2753ba43ef95d6040
GET /jquery-3.6.0.js HTTP/1.1 Host: code.jquery.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site	URL: code.jquery.com/jquery-3.6.0.js FQDN: code.jquery.com IP: 69.16.175.42 HASH: 37508a443be057a2fab1c4eee8d03632f406eaed15d09a26ac8dabe7877616e2 69.16.175.42 HTTP/2 200 OK content-type: application/javascript; charset=utf-8 date: Tue, 29 Nov 2022 17:52:03 GMT content-encoding: gzip content-length: 84714 last-modified: Wed, 16 Feb 2022 10:50:39 GMT accept-ranges: bytes server: nginx etag: W/"620cd6ff-46744" cache-control: max-age=315360000, public access-control-allow-origin: * vary: Accept-Encoding x-hw: 1669744323.dop205.sk1.t,1669744323.cds222.sk1.hn,1669744323.cds214.sk1.c X-Firefox-Spdy: h2 --- Additional Info --- Magic: ASCII text Size: 84714 Md5: 416559bad4fc1149eba631e644a23a6e Sha1: 20f8f18f94c74dbc1bde934719cbfa87d51828cf Sha256: 37508a443be057a2fab1c4eee8d03632f406eaed15d09a26ac8dabe7877616e2
POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 84 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: ocsp.pki.goog/gts1c3 FQDN: ocsp.pki.goog IP: 142.250.74.131 HASH: c8c7b7cd00d5818bbe4a4ddb1b734a1b766dc6474cce300171bd5a0947adc6b2 142.250.74.131 HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Tue, 29 Nov 2022 17:52:03 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 472 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN --- Additional Info --- Magic: data Size: 472 Md5: 07b8296613be09905e34b09dce4a203f Sha1: c97c67e8c4b1247423d089c028c31e05734f124e Sha256: c8c7b7cd00d5818bbe4a4ddb1b734a1b766dc6474cce300171bd5a0947adc6b2
GET /idb.js HTTP/1.1 Host: ad-free.info User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin	URL: ad-free.info/idb.js FQDN: ad-free.info IP: 178.128.246.195 HASH: a5dd5c3f8afb3604650604774c3f5fe89043a38135cb1325a242300edf802d1d 178.128.246.195 HTTP/1.1 200 OK Content-Type: application/javascript Server: nginx/1.14.2 Date: Tue, 29 Nov 2022 17:52:03 GMT Content-Length: 2637 Last-Modified: Fri, 19 Oct 2018 10:36:47 GMT Connection: keep-alive ETag: "5bc9b3bf-a4d" Strict-Transport-Security: max-age=63072000; includeSubdomains Accept-Ranges: bytes --- Additional Info --- Magic: ASCII text, with CRLF line terminators Size: 2637 Md5: c13f1306227fced1506d250fe914d3e8 Sha1: 7b56f20689cb8339f444767629623e278e90f958 Sha256: a5dd5c3f8afb3604650604774c3f5fe89043a38135cb1325a242300edf802d1d
POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 84 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: ocsp.pki.goog/gts1c3 FQDN: ocsp.pki.goog IP: 142.250.74.131 HASH: ebd9b6c3f67865c297d08802839c940994424000df3bf8a3f1316b8e13666e94 142.250.74.131 HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Tue, 29 Nov 2022 17:52:03 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 472 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN --- Additional Info --- Magic: data Size: 472 Md5: f50fd635895870df33a17fe377a6a038 Sha1: dd65dfbbc810b095432cfd59f971af04a9e31ab7 Sha256: ebd9b6c3f67865c297d08802839c940994424000df3bf8a3f1316b8e13666e94
POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 84 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: ocsp.pki.goog/gts1c3 FQDN: ocsp.pki.goog IP: 142.250.74.131 HASH: 531e5685527861b3ed7e8e3865c5a6a40d3f92f5c9d89df3f385dab72406fb56 142.250.74.131 HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Tue, 29 Nov 2022 17:52:03 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 472 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN --- Additional Info --- Magic: data Size: 472 Md5: 49eee25f3ccd585a29e34e80cf5bb160 Sha1: 73eca8be91deedd049304862759a3d8084c0b07e Sha256: 531e5685527861b3ed7e8e3865c5a6a40d3f92f5c9d89df3f385dab72406fb56
POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 84 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: ocsp.pki.goog/gts1c3 FQDN: ocsp.pki.goog IP: 142.250.74.131 HASH: 531e5685527861b3ed7e8e3865c5a6a40d3f92f5c9d89df3f385dab72406fb56 142.250.74.131 HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Tue, 29 Nov 2022 17:52:03 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 472 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN --- Additional Info --- Magic: data Size: 472 Md5: 49eee25f3ccd585a29e34e80cf5bb160 Sha1: 73eca8be91deedd049304862759a3d8084c0b07e Sha256: 531e5685527861b3ed7e8e3865c5a6a40d3f92f5c9d89df3f385dab72406fb56
GET /images/rocket.svg HTTP/1.1 Host: ad-free.info User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin	URL: ad-free.info/images/rocket.svg FQDN: ad-free.info IP: 178.128.246.195 HASH: f27f73621b439da67360b910d8d696e444e2b02a7dde37e9508ccfa720b0aa3f 178.128.246.195 HTTP/1.1 200 OK Content-Type: image/svg+xml Server: nginx/1.14.2 Date: Tue, 29 Nov 2022 17:52:03 GMT Content-Length: 2509 Last-Modified: Tue, 26 Apr 2022 13:11:42 GMT Connection: keep-alive ETag: "6267ef8e-9cd" Strict-Transport-Security: max-age=63072000; includeSubdomains Accept-Ranges: bytes --- Additional Info --- Magic: SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators Size: 2509 Md5: ab782785504f7290d6b79683a2c118cc Sha1: f65e0f9012cf6022d393499ab5d9e10229298389 Sha256: f27f73621b439da67360b910d8d696e444e2b02a7dde37e9508ccfa720b0aa3f
GET /images/logo.svg HTTP/1.1 Host: ad-free.info User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin	URL: ad-free.info/images/logo.svg FQDN: ad-free.info IP: 178.128.246.195 HASH: 0ea3fe7531ca3e4c230f3ad366baa36114a1de6b70c821c93fee659081dadf16 178.128.246.195 HTTP/1.1 200 OK Content-Type: image/svg+xml Server: nginx/1.14.2 Date: Tue, 29 Nov 2022 17:52:03 GMT Content-Length: 6159 Last-Modified: Thu, 22 Sep 2022 12:58:22 GMT Connection: keep-alive ETag: "632c5bee-180f" Strict-Transport-Security: max-age=63072000; includeSubdomains Accept-Ranges: bytes --- Additional Info --- Magic: SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators Size: 6159 Md5: b4257f035193fdffb17134f75d01972d Sha1: 068ed406ea09eb84f6b2cf4b88a04684f7355f8b Sha256: 0ea3fe7531ca3e4c230f3ad366baa36114a1de6b70c821c93fee659081dadf16
GET /gtag/js?id=G-0H01VB5FB9 HTTP/1.1 Host: www.googletagmanager.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site	URL: www.googletagmanager.com/gtag/js?id=G-0H01VB5FB9 FQDN: www.googletagmanager.com IP: 142.250.74.40 HASH: 3aff9a3cd7a6f1f4b0ac20478b42320e7bcf2789b08460317d67cbed16015696 142.250.74.40 HTTP/2 200 OK content-type: application/javascript; charset=UTF-8 access-control-allow-origin: * access-control-allow-credentials: true access-control-allow-headers: Cache-Control content-encoding: br vary: Accept-Encoding date: Tue, 29 Nov 2022 17:52:03 GMT expires: Tue, 29 Nov 2022 17:52:03 GMT cache-control: private, max-age=900 strict-transport-security: max-age=31536000; includeSubDomains cross-origin-resource-policy: cross-origin server: Google Tag Manager content-length: 76535 x-xss-protection: 0 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" X-Firefox-Spdy: h2 --- Additional Info --- Magic: ASCII text, with very long lines (21484) Size: 76535 Md5: 07b7214d29bd3219f414551b095b7ea2 Sha1: b4295762f8914fd021ec7098e839d915ce11e1cb Sha256: 3aff9a3cd7a6f1f4b0ac20478b42320e7bcf2789b08460317d67cbed16015696
GET /firebasejs/5.4.0/firebase-messaging.js HTTP/1.1 Host: www.gstatic.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site	URL: www.gstatic.com/firebasejs/5.4.0/firebase-messaging.js FQDN: www.gstatic.com IP: 142.250.74.35 HASH: 28d3a6e18950b0d42849e3e817d757b2b6164ca8440e912b2e022af1107306ac 142.250.74.35 HTTP/2 200 OK content-type: text/javascript; charset=UTF-8 accept-ranges: bytes vary: Accept-Encoding content-encoding: gzip access-control-allow-origin: * content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js cross-origin-resource-policy: cross-origin cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js" report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]} content-length: 10046 x-content-type-options: nosniff server: sffe x-xss-protection: 0 date: Tue, 29 Nov 2022 15:55:26 GMT expires: Wed, 29 Nov 2023 15:55:26 GMT cache-control: public, max-age=31536000 age: 6997 last-modified: Thu, 16 Aug 2018 18:59:55 GMT alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" X-Firefox-Spdy: h2 --- Additional Info --- Magic: ASCII text, with very long lines (35630) Size: 10046 Md5: 5afb079bc2331bd0ce1f1e38698808f7 Sha1: 92febc8e7c35b819a9a104901297e62a2d53b98c Sha256: 28d3a6e18950b0d42849e3e817d757b2b6164ca8440e912b2e022af1107306ac
GET /firebasejs/5.4.0/firebase-app.js HTTP/1.1 Host: www.gstatic.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site	URL: www.gstatic.com/firebasejs/5.4.0/firebase-app.js FQDN: www.gstatic.com IP: 142.250.74.35 HASH: ae91c816008514b73c098bf96e2e38d72bd0b8f70d77db534d7b14107af60919 142.250.74.35 HTTP/2 200 OK content-type: text/javascript; charset=UTF-8 accept-ranges: bytes vary: Accept-Encoding content-encoding: gzip access-control-allow-origin: * content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js cross-origin-resource-policy: cross-origin cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js" report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]} content-length: 12419 x-content-type-options: nosniff server: sffe x-xss-protection: 0 date: Tue, 22 Nov 2022 18:59:37 GMT expires: Wed, 22 Nov 2023 18:59:37 GMT cache-control: public, max-age=31536000 age: 600747 last-modified: Thu, 16 Aug 2018 18:59:55 GMT alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" X-Firefox-Spdy: h2 --- Additional Info --- Magic: ASCII text, with very long lines (34802) Size: 12419 Md5: b4754e15e3b954ae32ae259d8e7a0415 Sha1: b61d406ddc724fb7af0f5562f0aab0274e57db9a Sha256: ae91c816008514b73c098bf96e2e38d72bd0b8f70d77db534d7b14107af60919
POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 84 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: ocsp.pki.goog/gts1c3 FQDN: ocsp.pki.goog IP: 142.250.74.131 HASH: c8c7b7cd00d5818bbe4a4ddb1b734a1b766dc6474cce300171bd5a0947adc6b2 142.250.74.131 HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Tue, 29 Nov 2022 17:52:04 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 472 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN --- Additional Info --- Magic: data Size: 472 Md5: 07b8296613be09905e34b09dce4a203f Sha1: c97c67e8c4b1247423d089c028c31e05734f124e Sha256: c8c7b7cd00d5818bbe4a4ddb1b734a1b766dc6474cce300171bd5a0947adc6b2
POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 84 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: ocsp.pki.goog/gts1c3 FQDN: ocsp.pki.goog IP: 142.250.74.131 HASH: ebd9b6c3f67865c297d08802839c940994424000df3bf8a3f1316b8e13666e94 142.250.74.131 HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Tue, 29 Nov 2022 17:52:04 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 472 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN --- Additional Info --- Magic: data Size: 472 Md5: f50fd635895870df33a17fe377a6a038 Sha1: dd65dfbbc810b095432cfd59f971af04a9e31ab7 Sha256: ebd9b6c3f67865c297d08802839c940994424000df3bf8a3f1316b8e13666e94
POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 84 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: ocsp.pki.goog/gts1c3 FQDN: ocsp.pki.goog IP: 142.250.74.131 HASH: 195fa531e0462be58d5c62ebbe6060e147c94bdb1d38ff46c341c74e0ab2671a 142.250.74.131 HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Tue, 29 Nov 2022 17:52:04 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 472 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN --- Additional Info --- Magic: data Size: 472 Md5: abd55ecd24d357a9f02612558f723a90 Sha1: 6a1e6963864f0b53ddc6205d35225e6cf0bcbeec Sha256: 195fa531e0462be58d5c62ebbe6060e147c94bdb1d38ff46c341c74e0ab2671a
POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 84 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: ocsp.pki.goog/gts1c3 FQDN: ocsp.pki.goog IP: 142.250.74.131 HASH: 531e5685527861b3ed7e8e3865c5a6a40d3f92f5c9d89df3f385dab72406fb56 142.250.74.131 HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Tue, 29 Nov 2022 17:52:04 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 472 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN --- Additional Info --- Magic: data Size: 472 Md5: 49eee25f3ccd585a29e34e80cf5bb160 Sha1: 73eca8be91deedd049304862759a3d8084c0b07e Sha256: 531e5685527861b3ed7e8e3865c5a6a40d3f92f5c9d89df3f385dab72406fb56
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1 Host: fonts.gstatic.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: identity Origin: https://ad-free.info Connection: keep-alive Referer: https://fonts.googleapis.com/ Sec-Fetch-Dest: font Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWb (...) FQDN: fonts.gstatic.com IP: 216.58.207.227 HASH: 8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db 216.58.207.227 HTTP/2 200 OK content-type: font/woff2 accept-ranges: bytes access-control-allow-origin: * content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy: cross-origin cross-origin-opener-policy: same-origin; report-to="apps-themes" report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} timing-allow-origin: * content-length: 44856 x-content-type-options: nosniff server: sffe x-xss-protection: 0 date: Mon, 28 Nov 2022 18:52:41 GMT expires: Tue, 28 Nov 2023 18:52:41 GMT cache-control: public, max-age=31536000 age: 82763 last-modified: Mon, 15 Aug 2022 18:20:18 GMT alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" X-Firefox-Spdy: h2 --- Additional Info --- Magic: Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data Size: 44856 Md5: 565ce506190ad3af920b40baf1794cec Sha1: ad3cba5d06100e09449a864d3b5e58403b478b3d Sha256: 8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /translate_static/css/translateelement.css HTTP/1.1 Host: translate.googleapis.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site	URL: translate.googleapis.com/translate_static/css/translate (...) FQDN: translate.googleapis.com IP: 216.58.211.10 HASH: 696cbf5c2f3f1efae555562b72abbbb22bed02eff03d62074555cab241190ae0 216.58.211.10 HTTP/2 200 OK content-type: text/css accept-ranges: bytes vary: Accept-Encoding content-encoding: gzip access-control-allow-origin: * content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta cross-origin-resource-policy: cross-origin cross-origin-opener-policy: same-origin; report-to="rosetta" report-to: {"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]} content-length: 3619 x-content-type-options: nosniff server: sffe x-xss-protection: 0 date: Tue, 29 Nov 2022 17:32:06 GMT expires: Tue, 29 Nov 2022 18:32:06 GMT cache-control: public, max-age=3600 age: 1198 last-modified: Wed, 17 Aug 2022 23:38:00 GMT alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" X-Firefox-Spdy: h2 --- Additional Info --- Magic: ASCII text, with very long lines (18670) Size: 3619 Md5: 897ba9a21d9625286674da769dacc2e2 Sha1: 84b4923ab7dee562395160824d53496314499b77 Sha256: 696cbf5c2f3f1efae555562b72abbbb22bed02eff03d62074555cab241190ae0
GET /_/translate_http/_/js/k=translate_http.tr.no.qvkLIg6MEVc.O/d=1/exm=el_conf/ed=1/rs=AN8SPfoxsXHCM1CnEJ_o5xsmnbdq_po64A/m=el_main HTTP/1.1 Host: translate.googleapis.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site TE: trailers	URL: translate.googleapis.com/_/translate_http/_/js/k=transl (...) FQDN: translate.googleapis.com IP: 216.58.211.10 HASH: b5fb084ee4491e64fca48643106c0eb338212638caafdad88ff91e0d4198b589 216.58.211.10 HTTP/2 200 OK content-type: text/javascript; charset=UTF-8 accept-ranges: bytes vary: Accept-Encoding content-encoding: gzip access-control-allow-origin: * content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta cross-origin-resource-policy: cross-origin cross-origin-opener-policy: same-origin; report-to="rosetta" report-to: {"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]} content-length: 75035 x-content-type-options: nosniff server: sffe x-xss-protection: 0 date: Tue, 29 Nov 2022 16:18:10 GMT expires: Wed, 29 Nov 2023 16:18:10 GMT cache-control: public, max-age=31536000 age: 5634 last-modified: Sat, 12 Nov 2022 06:10:12 GMT alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" X-Firefox-Spdy: h2 --- Additional Info --- Magic: ASCII text, with very long lines (1613) Size: 75035 Md5: 110765e1accf41111543c29721c78b52 Sha1: 3eeceb853d592a297162325f20f0420e136c875a Sha256: b5fb084ee4491e64fca48643106c0eb338212638caafdad88ff91e0d4198b589
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.76.226 HASH: 39bb874a415db37a81432942eb84151b0134d1aacaa31d364b6dadae4388c6a1 23.36.76.226 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "39BB874A415DB37A81432942EB84151B0134D1AACAA31D364B6DADAE4388C6A1" Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=13431 Expires: Tue, 29 Nov 2022 21:35:55 GMT Date: Tue, 29 Nov 2022 17:52:04 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: a97c452e75cf1d4833e777d7ba7f2c47 Sha1: 58f15763fd33f742ce870f49f1c2dbed5b41205f Sha256: 39bb874a415db37a81432942eb84151b0134d1aacaa31d364b6dadae4388c6a1
GET /favicon.ico HTTP/1.1 Host: ad-free.info User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin	URL: ad-free.info/favicon.ico FQDN: ad-free.info IP: 178.128.246.195 HASH: 648d8e644dcbdc4ec115a30bd51d8054071891a3e4971aee01963f1cb17fb4ca 178.128.246.195 HTTP/1.1 404 Not Found Content-Type: text/html Server: nginx/1.14.2 Date: Tue, 29 Nov 2022 17:52:04 GMT Transfer-Encoding: chunked Connection: keep-alive Content-Encoding: gzip --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators Size: 132 Md5: 3d06c0eef8d0d7b16c06a4d59d7b9a8a Sha1: f1b09ab082acf6c0cc7208e344eb3f6619c49cf9 Sha256: 648d8e644dcbdc4ec115a30bd51d8054071891a3e4971aee01963f1cb17fb4ca
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.76.226 HASH: 39bb874a415db37a81432942eb84151b0134d1aacaa31d364b6dadae4388c6a1 23.36.76.226 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "39BB874A415DB37A81432942EB84151B0134D1AACAA31D364B6DADAE4388C6A1" Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=13431 Expires: Tue, 29 Nov 2022 21:35:55 GMT Date: Tue, 29 Nov 2022 17:52:04 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: a97c452e75cf1d4833e777d7ba7f2c47 Sha1: 58f15763fd33f742ce870f49f1c2dbed5b41205f Sha256: 39bb874a415db37a81432942eb84151b0134d1aacaa31d364b6dadae4388c6a1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1c32283b-8309-408e-85df-cad97da6bc80.png HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: 81fb954fa569955907952987e9d8efd1dac80e0e4a682826abf3c5d90eb31771 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 10176 x-amzn-requestid: 768fc69c-e91b-4dd9-8add-63634762b2d0 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: cMpbgEFOIAMF71A= x-content-type-options: nosniff x-amzn-trace-id: Root=1-6381bc49-21756db31c4714af0553f21b;Sampled=0 x-amzn-remapped-date: Sat, 26 Nov 2022 07:12:09 GMT x-amz-cf-pop: SEA19-C2 x-cache: Miss from cloudfront x-amz-cf-id: jS-AS3x8V3XacXRNkU63UJjBxA6unvBer5WcxUYseR5p4eZPK64o2g== via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google date: Tue, 29 Nov 2022 04:52:21 GMT age: 46783 etag: "772d86ad983042a728ee3490630a9cf1134ad0dd" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 10176 Md5: 03014221d7f49b50ffc2d1b0a0e75457 Sha1: 772d86ad983042a728ee3490630a9cf1134ad0dd Sha256: 81fb954fa569955907952987e9d8efd1dac80e0e4a682826abf3c5d90eb31771
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3527eb28-888e-447d-90fd-1226d5b94433.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: 7d89669e23682f167b2fe1eff9edc5939112ec66b6b4e6389ef8aec78ccbdfe5 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 8921 x-amzn-requestid: 98baf100-c007-4c44-89aa-b9cf55fa3f94 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: cVNnwFYToAMFoWg= x-content-type-options: nosniff x-amzn-trace-id: Root=1-63852964-1227b5a9100c206e0c64f4b2;Sampled=0 x-amzn-remapped-date: Mon, 28 Nov 2022 21:34:28 GMT x-amz-cf-pop: HIO50-C1, SEA19-C2 x-cache: Miss from cloudfront x-amz-cf-id: awi49MMMlK51wHPbyBrBkL4N4g9lX3ea40LxyrYbYxe_FsfqelTcTQ== via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google date: Mon, 28 Nov 2022 21:57:05 GMT etag: "c501de9eaa581a10b0b5fce40b54bb10f57f7c29" age: 71699 cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 8921 Md5: 823e92f62ff7b3c2093828817d7f2866 Sha1: c501de9eaa581a10b0b5fce40b54bb10f57f7c29 Sha256: 7d89669e23682f167b2fe1eff9edc5939112ec66b6b4e6389ef8aec78ccbdfe5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fabddece8-6c4f-4cb5-9041-4d427b16b826.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: 9b5d0e5dd11d4cbf1c78a71730cd63544170c91ab635bf3cf917827ac84874e6 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 4417 x-amzn-requestid: 01de83c2-51d2-4329-98f6-09a0edf46942 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: cVNnGEcRIAMFaXA= x-content-type-options: nosniff x-amzn-trace-id: Root=1-63852960-34583b6c588a0e937fcfaa46;Sampled=0 x-amzn-remapped-date: Mon, 28 Nov 2022 21:34:24 GMT x-amz-cf-pop: HIO50-C1, SEA19-C2 x-cache: Hit from cloudfront x-amz-cf-id: Jb1eLyzn88lV_UTId-Fl3OnftDn8c7o5j8d16_nzHCNST_68MZ1pvA== via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google date: Mon, 28 Nov 2022 21:50:08 GMT age: 72116 etag: "e2b4d2e15bb7c086333c0da438873e4c139ba931" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 4417 Md5: a2a5c8d4113d282600462749315f2c4f Sha1: e2b4d2e15bb7c086333c0da438873e4c139ba931 Sha256: 9b5d0e5dd11d4cbf1c78a71730cd63544170c91ab635bf3cf917827ac84874e6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F165667de-df17-4cc6-832c-94f49703bdf2.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: b587a3249e4f20112088608e3651c2ccbc44225a5c9d88d3bf5884d7f0e9029c 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 9430 x-amzn-requestid: 454ca8bd-a256-45f2-8b41-feee86c5af82 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: cR7wyGCIIAMFhgw= x-content-type-options: nosniff x-amzn-trace-id: Root=1-6383d99e-1488f8ce71a91ebc3ad6b7e0;Sampled=0 x-amzn-remapped-date: Sun, 27 Nov 2022 21:41:50 GMT x-amz-cf-pop: SEA19-C2 x-cache: Miss from cloudfront x-amz-cf-id: ibLuLI6j9EWh0dgk51O7kiPBRyURZ0UdNtlgbBD-SXnDg_GT_tJm8Q== via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google date: Tue, 29 Nov 2022 02:55:32 GMT age: 53792 etag: "075531f525e625b117b2497f31139c9824d0e9c5" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 9430 Md5: 1f434933b5bd6377d299ada22d1ae7ef Sha1: 075531f525e625b117b2497f31139c9824d0e9c5 Sha256: b587a3249e4f20112088608e3651c2ccbc44225a5c9d88d3bf5884d7f0e9029c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffe5e6403-f1a3-4b44-a62d-0e47d56bb08e.webp HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: 1fea143e23bb0156062f4c06569824900a67ed83cb99fd635d4c4ab968dc65e9 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 4916 x-amzn-requestid: b8c80a6c-e3f1-4f20-beb8-27b0af760692 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: cPYcrELFoAMFaeQ= x-content-type-options: nosniff x-amzn-trace-id: Root=1-6382d450-155cfb365525173c0ede8adb;Sampled=0 x-amzn-remapped-date: Sun, 27 Nov 2022 03:06:56 GMT x-amz-cf-pop: SEA19-C2 x-cache: Miss from cloudfront x-amz-cf-id: Twtw6dO3pjTB9OLi0HliKKCDgCuHRqgtx4PFTczrZQ9f8JztgXZoSg== via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google date: Tue, 29 Nov 2022 03:01:17 GMT age: 53447 etag: "2e3f7326aeea6be8a34bf2c39b34862c07bfdc41" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 4916 Md5: 83c1fedec73299637cc7dc47c48af758 Sha1: 2e3f7326aeea6be8a34bf2c39b34862c07bfdc41 Sha256: 1fea143e23bb0156062f4c06569824900a67ed83cb99fd635d4c4ab968dc65e9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc326607e-c0fa-4e9d-b8d4-1c9173793bed.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: 4530e34a47ef78c2c2b0d34a0511253a61f1927b192ab42f82361002ff10819e 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 9376 x-amzn-requestid: c52b3092-90d2-4289-b6e0-ab99c9d4710a x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: cPmz3EVUoAMFWUw= x-content-type-options: nosniff x-amzn-trace-id: Root=1-6382eb4b-39f46c89238eff696e9f2dba;Sampled=0 x-amzn-remapped-date: Sun, 27 Nov 2022 04:44:59 GMT x-amz-cf-pop: SEA19-C2 x-cache: Miss from cloudfront x-amz-cf-id: ofQEhaEiX1vE25a_1xHeab9Px9zgGpk8omlX_aHmLE1oN1aZTPzWxQ== via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google date: Mon, 28 Nov 2022 21:58:57 GMT age: 71587 etag: "28c165bac8cf68cd1b0763c311aece00672cb3a5" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 9376 Md5: cce27a1fe8c0222811a5ce0e7f89e1cb Sha1: 28c165bac8cf68cd1b0763c311aece00672cb3a5 Sha256: 4530e34a47ef78c2c2b0d34a0511253a61f1927b192ab42f82361002ff10819e
POST /g/collect?v=2&tid=G-0H01VB5FB9&gtm=2oeb90&_p=1391204856&cid=619146273.1669744324&ul=en-us&sr=1280x1024&_s=1&sid=1669744323&sct=1&seg=0&dl=https%3A%2F%2Fad-free.info%2F%3Fz%3D123%26c%3D456789%26subid%3DFill_kif_setting&dr=http%3A%2F%2Frtbstream.com%2F&dt=Ad-Free&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1 HTTP/1.1 Host: region1.google-analytics.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Content-Length: 0	URL: region1.google-analytics.com/g/collect?v=2&tid=G-0H01VB (...) FQDN: region1.google-analytics.com IP: 216.239.34.36 HASH: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 216.239.34.36 HTTP/2 204 No Content content-type: text/plain access-control-allow-origin: null date: Tue, 29 Nov 2022 17:52:05 GMT pragma: no-cache expires: Fri, 01 Jan 1990 00:00:00 GMT cache-control: no-cache, no-store, must-revalidate access-control-allow-credentials: true cross-origin-resource-policy: cross-origin server: Golfe2 content-length: 0 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" X-Firefox-Spdy: h2 --- Additional Info --- Magic: Size: 0 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 84 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: ocsp.pki.goog/gts1c3 FQDN: ocsp.pki.goog IP: 142.250.74.131 HASH: 03caeb65ab9e22f6d6fe0d344d327950d20ee9ed144e2da0e5e062943a03fc56 142.250.74.131 HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Tue, 29 Nov 2022 17:52:05 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 472 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN --- Additional Info --- Magic: data Size: 472 Md5: a0fe20d41a043db700a84924cd9793f3 Sha1: c0da481fef6cd00558f6e68b074acb34bef8292f Sha256: 03caeb65ab9e22f6d6fe0d344d327950d20ee9ed144e2da0e5e062943a03fc56
GET /images/cleardot.gif HTTP/1.1 Host: www.google.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://ad-free.info/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site	URL: www.google.com/images/cleardot.gif FQDN: www.google.com IP: 142.250.74.164 HASH: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363 142.250.74.164 HTTP/2 200 OK content-type: image/gif accept-ranges: bytes cross-origin-resource-policy: cross-origin cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable" report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]} content-length: 43 date: Tue, 29 Nov 2022 17:52:05 GMT pragma: no-cache expires: Fri, 01 Jan 1990 00:00:00 GMT cache-control: no-cache, no-store, must-revalidate last-modified: Tue, 22 Oct 2019 18:30:00 GMT x-content-type-options: nosniff server: sffe x-xss-protection: 0 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" X-Firefox-Spdy: h2 --- Additional Info --- Magic: GIF image data, version 89a, 1 x 1\012- data Size: 43 Md5: fc94fb0c3ed8a8f909dbc7630a0987ff Sha1: 56d45f8a17f5078a20af9962c992ca4678450765 Sha256: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
GET /translate_a/element.js?cb=googleTranslateElementInit HTTP/1.1 Host: translate.google.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site	URL: translate.google.com/translate_a/element.js?cb=googleTr (...) FQDN: translate.google.com IP: 216.58.211.14 216.58.211.14 HTTP/2 200 OK content-type: text/javascript; charset=utf-8 cache-control: no-cache, no-store, max-age=0, must-revalidate pragma: no-cache expires: Mon, 01 Jan 1990 00:00:00 GMT date: Tue, 29 Nov 2022 17:52:03 GMT cross-origin-resource-policy: cross-origin cross-origin-opener-policy: same-origin-allow-popups content-encoding: gzip server: ESF x-xss-protection: 0 x-frame-options: SAMEORIGIN x-content-type-options: nosniff set-cookie: CONSENT=PENDING+258; expires=Thu, 28-Nov-2024 17:52:03 GMT; path=/; domain=.google.com; Secure p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info." alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" X-Firefox-Spdy: h2 --- Additional Info ---
GET /css2?family=Open+Sans:wght@100;300;400;500;600;700;900&display=swap HTTP/1.1 Host: fonts.googleapis.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site	URL: fonts.googleapis.com/css2?family=Open+Sans:wght@100;300 (...) FQDN: fonts.googleapis.com IP: 142.250.74.106 142.250.74.106 HTTP/2 200 OK content-type: text/css; charset=utf-8 access-control-allow-origin: * timing-allow-origin: * link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin strict-transport-security: max-age=31536000 expires: Tue, 29 Nov 2022 17:52:03 GMT date: Tue, 29 Nov 2022 17:52:03 GMT cache-control: private, max-age=86400 cross-origin-resource-policy: cross-origin cross-origin-opener-policy: same-origin-allow-popups content-encoding: gzip server: ESF x-xss-protection: 0 x-frame-options: SAMEORIGIN x-content-type-options: nosniff alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" X-Firefox-Spdy: h2 --- Additional Info ---
GET /css2?family=Roboto&display=swap HTTP/1.1 Host: fonts.googleapis.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://ad-free.info/ Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site TE: trailers	URL: fonts.googleapis.com/css2?family=Roboto&display=swap FQDN: fonts.googleapis.com IP: 142.250.74.106 142.250.74.106 HTTP/2 200 OK content-type: text/css; charset=utf-8 access-control-allow-origin: * timing-allow-origin: * link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin strict-transport-security: max-age=31536000 expires: Tue, 29 Nov 2022 17:52:03 GMT date: Tue, 29 Nov 2022 17:52:03 GMT cache-control: private, max-age=86400 cross-origin-opener-policy: same-origin-allow-popups cross-origin-resource-policy: cross-origin content-encoding: gzip server: ESF x-xss-protection: 0 x-frame-options: SAMEORIGIN x-content-type-options: nosniff alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" X-Firefox-Spdy: h2 --- Additional Info ---

                                        
                                            POST / HTTP/1.1 

                                        
                                            
Host: r3.o.lencr.org

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Content-Type: application/ocsp-request 

                                        
                                            
Content-Length: 85 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Pragma: no-cache 

                                        
                                            
Cache-Control: no-cache

                                         23.36.76.226

                                        
                                            HTTP/1.1 200 OK 

                                        
                                            
Content-Type: application/ocsp-response

                                        

                                        
                                            
Server: nginx 

                                        
                                            
Content-Length: 503 

                                        
                                            
ETag: "94FB64C1C826ED7099283C0BEDB3CEA7AC7E1D9526794CB9FAD6E761F5989D32" 

                                        
                                            
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC 

                                        
                                            
Cache-Control: public, no-transform, must-revalidate, max-age=3619 

                                        
                                            
Expires: Tue, 29 Nov 2022 18:52:20 GMT 

                                        
                                            
Date: Tue, 29 Nov 2022 17:52:01 GMT 

                                        
                                            
Connection: keep-alive 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  data

                                                Size:   503

                                                Md5:    a5daf4dc99951793ae2315d4795e8146

                                                Sha1:   4427507ca4d3a5632cc8f598afbc85e2195d00bd

                                                Sha256: 94fb64c1c826ed7099283c0bedb3cea7ac7e1d9526794cb9fad6e761f5989d32

                                        
                                            GET /v1/ HTTP/1.1 

                                        
                                            
Host: firefox.settings.services.mozilla.com

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Sec-Fetch-Dest: empty 

                                        
                                            
Sec-Fetch-Mode: cors 

                                        
                                            
Sec-Fetch-Site: cross-site

                                         34.102.187.140

                                        
                                            HTTP/2 200 OK 

                                        
                                            
content-type: application/json

                                        

                                        
                                            
access-control-allow-origin: * 

                                        
                                            
access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert 

                                        
                                            
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; 

                                        
                                            
strict-transport-security: max-age=31536000 

                                        
                                            
x-content-type-options: nosniff 

                                        
                                            
content-length: 939 

                                        
                                            
via: 1.1 google 

                                        
                                            
date: Tue, 29 Nov 2022 17:17:55 GMT 

                                        
                                            
cache-control: public,max-age=3600 

                                        
                                            
age: 2046 

                                        
                                            
alt-svc: clear 

                                        
                                            
X-Firefox-Spdy: h2 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators

                                                Size:   939

                                                Md5:    30db107dcf4380cef05efea409c2e6a3

                                                Sha1:   96e6a306fbc07299aba64e5c14e2bfca35872fa9

                                                Sha256: b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1 

                                        
                                            
Host: content-signature-2.cdn.mozilla.net

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Sec-Fetch-Dest: empty 

                                        
                                            
Sec-Fetch-Mode: no-cors 

                                        
                                            
Sec-Fetch-Site: cross-site

                                         34.160.144.191

                                        
                                            HTTP/2 200 OK 

                                        
                                            
content-type: binary/octet-stream

                                        

                                        
                                            
x-amz-id-2: necRkWyxVwUGJn2ueWRe6r/OoOUWAP1jZAGpEe91N06+NzgZizCPee6/xtUegknKdnG+VAx2qbU= 

                                        
                                            
x-amz-request-id: XECQZ4TZT2N759YE 

                                        
                                            
content-disposition: attachment 

                                        
                                            
accept-ranges: bytes 

                                        
                                            
server: AmazonS3 

                                        
                                            
content-length: 5348 

                                        
                                            
via: 1.1 google 

                                        
                                            
date: Tue, 29 Nov 2022 17:44:54 GMT 

                                        
                                            
age: 427 

                                        
                                            
last-modified: Thu, 10 Nov 2022 09:21:27 GMT 

                                        
                                            
etag: "9ebddc2b260d081ebbefee47c037cb28" 

                                        
                                            
cache-control: public,max-age=3600 

                                        
                                            
alt-svc: clear 

                                        
                                            
X-Firefox-Spdy: h2 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  PEM certificate\012- , ASCII text

                                                Size:   5348

                                                Md5:    9ebddc2b260d081ebbefee47c037cb28

                                                Sha1:   492bad62a7ca6a74738921ef5ae6f0be5edebf39

                                                Sha256: 74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5

                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 

                                        
                                            
Host: firefox.settings.services.mozilla.com

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: application/json 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Content-Type: application/json 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Sec-Fetch-Dest: empty 

                                        
                                            
Sec-Fetch-Mode: cors 

                                        
                                            
Sec-Fetch-Site: cross-site

                                         34.102.187.140

                                        
                                            HTTP/2 200 OK 

                                        
                                            
content-type: application/json

                                        

                                        
                                            
access-control-allow-origin: * 

                                        
                                            
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert 

                                        
                                            
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; 

                                        
                                            
strict-transport-security: max-age=31536000 

                                        
                                            
x-content-type-options: nosniff 

                                        
                                            
content-length: 329 

                                        
                                            
via: 1.1 google 

                                        
                                            
date: Tue, 29 Nov 2022 17:08:56 GMT 

                                        
                                            
cache-control: public,max-age=3600 

                                        
                                            
age: 2586 

                                        
                                            
last-modified: Fri, 25 Mar 2022 17:45:46 GMT 

                                        
                                            
etag: "1648230346554" 

                                        
                                            
alt-svc: clear 

                                        
                                            
X-Firefox-Spdy: h2 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators

                                                Size:   329

                                                Md5:    0333b0655111aa68de771adfcc4db243

                                                Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb

                                                Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

                                        
                                            POST /Redirect/ HTTP/1.1 

                                        
                                            
Host: rtbstream.com

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Content-Type: application/x-www-form-urlencoded 

                                        
                                            
Content-Length: 330 

                                        
                                            
Origin: http://rtbstream.com 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Referer: http://rtbstream.com/click?data=NFJhbU9PU2g0UTB0LVo4NC1GSW84NVFKQ3Ffa0lIR3FSVFVkZ05iU3F3aU9LdHE2RGhPS2NlX0NUN0lxNVlwVTlaWFhOTFVDYzRaRHkzTUphbU5Cbi11NkVhS0tWdDljb1VoejJJUlpLdUZmUVk0dnBLNWRiWU5FZXc2T1pQT1NtM0pyMF96NmJwM0FDYVAzUGVmQlh3Mg2&id=36191473-b326-4283-bbc0-d24b536777bb 

                                        
                                            
Cookie: RwZyvEbxuUaKlGV=RwZyvEbxuUaKlGV 

                                        
                                            
Upgrade-Insecure-Requests: 1

                                         192.99.158.241

                                        
                                            HTTP/1.1 302 Found 

                                        
                                            
Content-Type: text/html; charset=utf-8

                                        

                                        
                                            
Cache-Control: private 

                                        
                                            
Location: http://click.expmediadirect1.com/click?i=rytqL29EaAs_0 

                                        
                                            
Server: Microsoft-IIS/10.0 

                                        
                                            
X-AspNetMvc-Version: 5.2 

                                        
                                            
X-AspNet-Version: 4.0.30319 

                                        
                                            
X-Powered-By: ASP.NET 

                                        
                                            
Access-Control-Allow-Origin: * 

                                        
                                            
Access-Control-Allow-Headers: Content-Type 

                                        
                                            
Date: Tue, 29 Nov 2022 17:52:02 GMT 

                                        
                                            
Content-Length: 171 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators

                                                Size:   171

                                                Md5:    3d0d281976463db94298b5eb6e1e10da

                                                Sha1:   7328415a169f315b993b11145cb9d5d526936c47

                                                Sha256: 32ca8fae45da1dabf763306c8a156e98885fb0eb55be19f73baedad1f290edcf

                                        
                                            GET /click?i=rytqL29EaAs_0 HTTP/1.1 

                                        
                                            
Host: click.expmediadirect1.com

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Referer: http://rtbstream.com/ 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Upgrade-Insecure-Requests: 1

                                         198.134.116.30

                                        
                                            HTTP/1.1 302 Found

                                        

                                        
                                            
Cache-Control: no-store 

                                        
                                            
Content-Length: 0 

                                        
                                            
Age: 0 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Location: http://drivegoals-1.net/api/v1/px?xmlid=EaQXj8tOyRb2QBYz7MbLUXC0or4C0uhlJgL14QU8 

                                        
                                            
Pragma: no-cache 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  

                                                Size:   0

                                                Md5:    d41d8cd98f00b204e9800998ecf8427e

                                                Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                        
                                            GET /?z=123&c=456789&subid=Fill_kif_setting HTTP/1.1 

                                        
                                            
Host: ad-free.info

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Referer: http://rtbstream.com/ 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Upgrade-Insecure-Requests: 1 

                                        
                                            
Sec-Fetch-Dest: document 

                                        
                                            
Sec-Fetch-Mode: navigate 

                                        
                                            
Sec-Fetch-Site: cross-site

                                         178.128.246.195

                                        
                                            HTTP/1.1 200 OK 

                                        
                                            
Content-Type: text/html

                                        

                                        
                                            
Server: nginx/1.14.2 

                                        
                                            
Date: Tue, 29 Nov 2022 17:52:03 GMT 

                                        
                                            
Last-Modified: Fri, 30 Sep 2022 10:28:31 GMT 

                                        
                                            
Transfer-Encoding: chunked 

                                        
                                            
Connection: keep-alive 

                                        
                                            
ETag: W/"6336c4cf-4fcb" 

                                        
                                            
Strict-Transport-Security: max-age=63072000; includeSubdomains 

                                        
                                            
Content-Encoding: gzip 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1533), with CRLF line terminators

                                                Size:   6761

                                                Md5:    5e3fb071bc872d2127d5d75c5e58ac7e

                                                Sha1:   2edf4fa64dfdc73378ff9770d5c54c9715e6cc54

                                                Sha256: 803ac2530cfdc516b772b8c39dd54b6270635a59bdb5d3ca68ead45a21684ed1

                                        
                                            GET /jquery-3.6.0.js HTTP/1.1 

                                        
                                            
Host: code.jquery.com

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Sec-Fetch-Dest: script 

                                        
                                            
Sec-Fetch-Mode: no-cors 

                                        
                                            
Sec-Fetch-Site: cross-site

                                         69.16.175.42

                                        
                                            HTTP/2 200 OK 

                                        
                                            
content-type: application/javascript; charset=utf-8

                                        

                                        
                                            
date: Tue, 29 Nov 2022 17:52:03 GMT 

                                        
                                            
content-encoding: gzip 

                                        
                                            
content-length: 84714 

                                        
                                            
last-modified: Wed, 16 Feb 2022 10:50:39 GMT 

                                        
                                            
accept-ranges: bytes 

                                        
                                            
server: nginx 

                                        
                                            
etag: W/"620cd6ff-46744" 

                                        
                                            
cache-control: max-age=315360000, public 

                                        
                                            
access-control-allow-origin: * 

                                        
                                            
vary: Accept-Encoding 

                                        
                                            
x-hw: 1669744323.dop205.sk1.t,1669744323.cds222.sk1.hn,1669744323.cds214.sk1.c 

                                        
                                            
X-Firefox-Spdy: h2 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  ASCII text

                                                Size:   84714

                                                Md5:    416559bad4fc1149eba631e644a23a6e

                                                Sha1:   20f8f18f94c74dbc1bde934719cbfa87d51828cf

                                                Sha256: 37508a443be057a2fab1c4eee8d03632f406eaed15d09a26ac8dabe7877616e2

                                        
                                            GET /idb.js HTTP/1.1 

                                        
                                            
Host: ad-free.info

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Sec-Fetch-Dest: script 

                                        
                                            
Sec-Fetch-Mode: no-cors 

                                        
                                            
Sec-Fetch-Site: same-origin

                                         178.128.246.195

                                        
                                            HTTP/1.1 200 OK 

                                        
                                            
Content-Type: application/javascript

                                        

                                        
                                            
Server: nginx/1.14.2 

                                        
                                            
Date: Tue, 29 Nov 2022 17:52:03 GMT 

                                        
                                            
Content-Length: 2637 

                                        
                                            
Last-Modified: Fri, 19 Oct 2018 10:36:47 GMT 

                                        
                                            
Connection: keep-alive 

                                        
                                            
ETag: "5bc9b3bf-a4d" 

                                        
                                            
Strict-Transport-Security: max-age=63072000; includeSubdomains 

                                        
                                            
Accept-Ranges: bytes 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  ASCII text, with CRLF line terminators

                                                Size:   2637

                                                Md5:    c13f1306227fced1506d250fe914d3e8

                                                Sha1:   7b56f20689cb8339f444767629623e278e90f958

                                                Sha256: a5dd5c3f8afb3604650604774c3f5fe89043a38135cb1325a242300edf802d1d

                                        
                                            POST /gts1c3 HTTP/1.1 

                                        
                                            
Host: ocsp.pki.goog

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Content-Type: application/ocsp-request 

                                        
                                            
Content-Length: 84 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Pragma: no-cache 

                                        
                                            
Cache-Control: no-cache

                                         142.250.74.131

                                        
                                            HTTP/1.1 200 OK 

                                        
                                            
Content-Type: application/ocsp-response

                                        

                                        
                                            
Date: Tue, 29 Nov 2022 17:52:03 GMT 

                                        
                                            
Cache-Control: public, max-age=14400 

                                        
                                            
Server: ocsp_responder 

                                        
                                            
Content-Length: 472 

                                        
                                            
X-XSS-Protection: 0 

                                        
                                            
X-Frame-Options: SAMEORIGIN 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  data

                                                Size:   472

                                                Md5:    49eee25f3ccd585a29e34e80cf5bb160

                                                Sha1:   73eca8be91deedd049304862759a3d8084c0b07e

                                                Sha256: 531e5685527861b3ed7e8e3865c5a6a40d3f92f5c9d89df3f385dab72406fb56

                                        
                                            GET /images/rocket.svg HTTP/1.1 

                                        
                                            
Host: ad-free.info

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: image/avif,image/webp,*/* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Sec-Fetch-Dest: image 

                                        
                                            
Sec-Fetch-Mode: no-cors 

                                        
                                            
Sec-Fetch-Site: same-origin

                                         178.128.246.195

                                        
                                            HTTP/1.1 200 OK 

                                        
                                            
Content-Type: image/svg+xml

                                        

                                        
                                            
Server: nginx/1.14.2 

                                        
                                            
Date: Tue, 29 Nov 2022 17:52:03 GMT 

                                        
                                            
Content-Length: 2509 

                                        
                                            
Last-Modified: Tue, 26 Apr 2022 13:11:42 GMT 

                                        
                                            
Connection: keep-alive 

                                        
                                            
ETag: "6267ef8e-9cd" 

                                        
                                            
Strict-Transport-Security: max-age=63072000; includeSubdomains 

                                        
                                            
Accept-Ranges: bytes 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators

                                                Size:   2509

                                                Md5:    ab782785504f7290d6b79683a2c118cc

                                                Sha1:   f65e0f9012cf6022d393499ab5d9e10229298389

                                                Sha256: f27f73621b439da67360b910d8d696e444e2b02a7dde37e9508ccfa720b0aa3f

                                        
                                            GET /gtag/js?id=G-0H01VB5FB9 HTTP/1.1 

                                        
                                            
Host: www.googletagmanager.com

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Sec-Fetch-Dest: script 

                                        
                                            
Sec-Fetch-Mode: no-cors 

                                        
                                            
Sec-Fetch-Site: cross-site

                                         142.250.74.40

                                        
                                            HTTP/2 200 OK 

                                        
                                            
content-type: application/javascript; charset=UTF-8

                                        

                                        
                                            
access-control-allow-origin: * 

                                        
                                            
access-control-allow-credentials: true 

                                        
                                            
access-control-allow-headers: Cache-Control 

                                        
                                            
content-encoding: br 

                                        
                                            
vary: Accept-Encoding 

                                        
                                            
date: Tue, 29 Nov 2022 17:52:03 GMT 

                                        
                                            
expires: Tue, 29 Nov 2022 17:52:03 GMT 

                                        
                                            
cache-control: private, max-age=900 

                                        
                                            
strict-transport-security: max-age=31536000; includeSubDomains 

                                        
                                            
cross-origin-resource-policy: cross-origin 

                                        
                                            
server: Google Tag Manager 

                                        
                                            
content-length: 76535 

                                        
                                            
x-xss-protection: 0 

                                        
                                            
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" 

                                        
                                            
X-Firefox-Spdy: h2 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  ASCII text, with very long lines (21484)

                                                Size:   76535

                                                Md5:    07b7214d29bd3219f414551b095b7ea2

                                                Sha1:   b4295762f8914fd021ec7098e839d915ce11e1cb

                                                Sha256: 3aff9a3cd7a6f1f4b0ac20478b42320e7bcf2789b08460317d67cbed16015696

                                        
                                            GET /firebasejs/5.4.0/firebase-app.js HTTP/1.1 

                                        
                                            
Host: www.gstatic.com

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Sec-Fetch-Dest: script 

                                        
                                            
Sec-Fetch-Mode: no-cors 

                                        
                                            
Sec-Fetch-Site: cross-site

                                         142.250.74.35

                                        
                                            HTTP/2 200 OK 

                                        
                                            
content-type: text/javascript; charset=UTF-8

                                        

                                        
                                            
accept-ranges: bytes 

                                        
                                            
vary: Accept-Encoding 

                                        
                                            
content-encoding: gzip 

                                        
                                            
access-control-allow-origin: * 

                                        
                                            
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js 

                                        
                                            
cross-origin-resource-policy: cross-origin 

                                        
                                            
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js" 

                                        
                                            
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]} 

                                        
                                            
content-length: 12419 

                                        
                                            
x-content-type-options: nosniff 

                                        
                                            
server: sffe 

                                        
                                            
x-xss-protection: 0 

                                        
                                            
date: Tue, 22 Nov 2022 18:59:37 GMT 

                                        
                                            
expires: Wed, 22 Nov 2023 18:59:37 GMT 

                                        
                                            
cache-control: public, max-age=31536000 

                                        
                                            
age: 600747 

                                        
                                            
last-modified: Thu, 16 Aug 2018 18:59:55 GMT 

                                        
                                            
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" 

                                        
                                            
X-Firefox-Spdy: h2 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  ASCII text, with very long lines (34802)

                                                Size:   12419

                                                Md5:    b4754e15e3b954ae32ae259d8e7a0415

                                                Sha1:   b61d406ddc724fb7af0f5562f0aab0274e57db9a

                                                Sha256: ae91c816008514b73c098bf96e2e38d72bd0b8f70d77db534d7b14107af60919

                                        
                                            POST /gts1c3 HTTP/1.1 

                                        
                                            
Host: ocsp.pki.goog

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Content-Type: application/ocsp-request 

                                        
                                            
Content-Length: 84 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Pragma: no-cache 

                                        
                                            
Cache-Control: no-cache

                                         142.250.74.131

                                        
                                            HTTP/1.1 200 OK 

                                        
                                            
Content-Type: application/ocsp-response

                                        

                                        
                                            
Date: Tue, 29 Nov 2022 17:52:04 GMT 

                                        
                                            
Cache-Control: public, max-age=14400 

                                        
                                            
Server: ocsp_responder 

                                        
                                            
Content-Length: 472 

                                        
                                            
X-XSS-Protection: 0 

                                        
                                            
X-Frame-Options: SAMEORIGIN 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  data

                                                Size:   472

                                                Md5:    f50fd635895870df33a17fe377a6a038

                                                Sha1:   dd65dfbbc810b095432cfd59f971af04a9e31ab7

                                                Sha256: ebd9b6c3f67865c297d08802839c940994424000df3bf8a3f1316b8e13666e94

                                        
                                            POST /gts1c3 HTTP/1.1 

                                        
                                            
Host: ocsp.pki.goog

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Content-Type: application/ocsp-request 

                                        
                                            
Content-Length: 84 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Pragma: no-cache 

                                        
                                            
Cache-Control: no-cache

                                         142.250.74.131

                                        
                                            HTTP/1.1 200 OK 

                                        
                                            
Content-Type: application/ocsp-response

                                        

                                        
                                            
Date: Tue, 29 Nov 2022 17:52:04 GMT 

                                        
                                            
Cache-Control: public, max-age=14400 

                                        
                                            
Server: ocsp_responder 

                                        
                                            
Content-Length: 472 

                                        
                                            
X-XSS-Protection: 0 

                                        
                                            
X-Frame-Options: SAMEORIGIN 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  data

                                                Size:   472

                                                Md5:    49eee25f3ccd585a29e34e80cf5bb160

                                                Sha1:   73eca8be91deedd049304862759a3d8084c0b07e

                                                Sha256: 531e5685527861b3ed7e8e3865c5a6a40d3f92f5c9d89df3f385dab72406fb56

                                        
                                            GET /translate_static/css/translateelement.css HTTP/1.1 

                                        
                                            
Host: translate.googleapis.com

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: text/css,*/*;q=0.1 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Sec-Fetch-Dest: style 

                                        
                                            
Sec-Fetch-Mode: no-cors 

                                        
                                            
Sec-Fetch-Site: cross-site

                                         216.58.211.10

                                        
                                            HTTP/2 200 OK 

                                        
                                            
content-type: text/css

                                        

                                        
                                            
accept-ranges: bytes 

                                        
                                            
vary: Accept-Encoding 

                                        
                                            
content-encoding: gzip 

                                        
                                            
access-control-allow-origin: * 

                                        
                                            
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta 

                                        
                                            
cross-origin-resource-policy: cross-origin 

                                        
                                            
cross-origin-opener-policy: same-origin; report-to="rosetta" 

                                        
                                            
report-to: {"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]} 

                                        
                                            
content-length: 3619 

                                        
                                            
x-content-type-options: nosniff 

                                        
                                            
server: sffe 

                                        
                                            
x-xss-protection: 0 

                                        
                                            
date: Tue, 29 Nov 2022 17:32:06 GMT 

                                        
                                            
expires: Tue, 29 Nov 2022 18:32:06 GMT 

                                        
                                            
cache-control: public, max-age=3600 

                                        
                                            
age: 1198 

                                        
                                            
last-modified: Wed, 17 Aug 2022 23:38:00 GMT 

                                        
                                            
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" 

                                        
                                            
X-Firefox-Spdy: h2 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  ASCII text, with very long lines (18670)

                                                Size:   3619

                                                Md5:    897ba9a21d9625286674da769dacc2e2

                                                Sha1:   84b4923ab7dee562395160824d53496314499b77

                                                Sha256: 696cbf5c2f3f1efae555562b72abbbb22bed02eff03d62074555cab241190ae0

                                        
                                            POST / HTTP/1.1 

                                        
                                            
Host: r3.o.lencr.org

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Content-Type: application/ocsp-request 

                                        
                                            
Content-Length: 85 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Pragma: no-cache 

                                        
                                            
Cache-Control: no-cache

                                         23.36.76.226

                                        
                                            HTTP/1.1 200 OK 

                                        
                                            
Content-Type: application/ocsp-response

                                        

                                        
                                            
Server: nginx 

                                        
                                            
Content-Length: 503 

                                        
                                            
ETag: "39BB874A415DB37A81432942EB84151B0134D1AACAA31D364B6DADAE4388C6A1" 

                                        
                                            
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC 

                                        
                                            
Cache-Control: public, no-transform, must-revalidate, max-age=13431 

                                        
                                            
Expires: Tue, 29 Nov 2022 21:35:55 GMT 

                                        
                                            
Date: Tue, 29 Nov 2022 17:52:04 GMT 

                                        
                                            
Connection: keep-alive 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  data

                                                Size:   503

                                                Md5:    a97c452e75cf1d4833e777d7ba7f2c47

                                                Sha1:   58f15763fd33f742ce870f49f1c2dbed5b41205f

                                                Sha256: 39bb874a415db37a81432942eb84151b0134d1aacaa31d364b6dadae4388c6a1

                                        
                                            POST / HTTP/1.1 

                                        
                                            
Host: r3.o.lencr.org

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Content-Type: application/ocsp-request 

                                        
                                            
Content-Length: 85 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Pragma: no-cache 

                                        
                                            
Cache-Control: no-cache

                                         23.36.76.226

                                        
                                            HTTP/1.1 200 OK 

                                        
                                            
Content-Type: application/ocsp-response

                                        

                                        
                                            
Server: nginx 

                                        
                                            
Content-Length: 503 

                                        
                                            
ETag: "39BB874A415DB37A81432942EB84151B0134D1AACAA31D364B6DADAE4388C6A1" 

                                        
                                            
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC 

                                        
                                            
Cache-Control: public, no-transform, must-revalidate, max-age=13431 

                                        
                                            
Expires: Tue, 29 Nov 2022 21:35:55 GMT 

                                        
                                            
Date: Tue, 29 Nov 2022 17:52:04 GMT 

                                        
                                            
Connection: keep-alive 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  data

                                                Size:   503

                                                Md5:    a97c452e75cf1d4833e777d7ba7f2c47

                                                Sha1:   58f15763fd33f742ce870f49f1c2dbed5b41205f

                                                Sha256: 39bb874a415db37a81432942eb84151b0134d1aacaa31d364b6dadae4388c6a1

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3527eb28-888e-447d-90fd-1226d5b94433.jpeg HTTP/1.1 

                                        
                                            
Host: img-getpocket.cdn.mozilla.net

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: image/avif,image/webp,*/* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Origin: null 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Sec-Fetch-Dest: image 

                                        
                                            
Sec-Fetch-Mode: cors 

                                        
                                            
Sec-Fetch-Site: cross-site

                                         34.120.237.76

                                        
                                            HTTP/2 200 OK 

                                        
                                            
content-type: image/jpeg

                                        

                                        
                                            
server: nginx 

                                        
                                            
content-length: 8921 

                                        
                                            
x-amzn-requestid: 98baf100-c007-4c44-89aa-b9cf55fa3f94 

                                        
                                            
x-xss-protection: 1; mode=block 

                                        
                                            
access-control-allow-origin: * 

                                        
                                            
strict-transport-security: max-age=63072000; includeSubdomains; preload 

                                        
                                            
x-frame-options: DENY 

                                        
                                            
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' 

                                        
                                            
x-amz-apigw-id: cVNnwFYToAMFoWg= 

                                        
                                            
x-content-type-options: nosniff 

                                        
                                            
x-amzn-trace-id: Root=1-63852964-1227b5a9100c206e0c64f4b2;Sampled=0 

                                        
                                            
x-amzn-remapped-date: Mon, 28 Nov 2022 21:34:28 GMT 

                                        
                                            
x-amz-cf-pop: HIO50-C1, SEA19-C2 

                                        
                                            
x-cache: Miss from cloudfront 

                                        
                                            
x-amz-cf-id: awi49MMMlK51wHPbyBrBkL4N4g9lX3ea40LxyrYbYxe_FsfqelTcTQ== 

                                        
                                            
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google 

                                        
                                            
date: Mon, 28 Nov 2022 21:57:05 GMT 

                                        
                                            
etag: "c501de9eaa581a10b0b5fce40b54bb10f57f7c29" 

                                        
                                            
age: 71699 

                                        
                                            
cache-control: max-age=3600,public,public 

                                        
                                            
alt-svc: clear 

                                        
                                            
X-Firefox-Spdy: h2 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

                                                Size:   8921

                                                Md5:    823e92f62ff7b3c2093828817d7f2866

                                                Sha1:   c501de9eaa581a10b0b5fce40b54bb10f57f7c29

                                                Sha256: 7d89669e23682f167b2fe1eff9edc5939112ec66b6b4e6389ef8aec78ccbdfe5

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F165667de-df17-4cc6-832c-94f49703bdf2.jpeg HTTP/1.1 

                                        
                                            
Host: img-getpocket.cdn.mozilla.net

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: image/avif,image/webp,*/* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Origin: null 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Sec-Fetch-Dest: image 

                                        
                                            
Sec-Fetch-Mode: cors 

                                        
                                            
Sec-Fetch-Site: cross-site

                                         34.120.237.76

                                        
                                            HTTP/2 200 OK 

                                        
                                            
content-type: image/jpeg

                                        

                                        
                                            
server: nginx 

                                        
                                            
content-length: 9430 

                                        
                                            
x-amzn-requestid: 454ca8bd-a256-45f2-8b41-feee86c5af82 

                                        
                                            
x-xss-protection: 1; mode=block 

                                        
                                            
access-control-allow-origin: * 

                                        
                                            
strict-transport-security: max-age=63072000; includeSubdomains; preload 

                                        
                                            
x-frame-options: DENY 

                                        
                                            
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' 

                                        
                                            
x-amz-apigw-id: cR7wyGCIIAMFhgw= 

                                        
                                            
x-content-type-options: nosniff 

                                        
                                            
x-amzn-trace-id: Root=1-6383d99e-1488f8ce71a91ebc3ad6b7e0;Sampled=0 

                                        
                                            
x-amzn-remapped-date: Sun, 27 Nov 2022 21:41:50 GMT 

                                        
                                            
x-amz-cf-pop: SEA19-C2 

                                        
                                            
x-cache: Miss from cloudfront 

                                        
                                            
x-amz-cf-id: ibLuLI6j9EWh0dgk51O7kiPBRyURZ0UdNtlgbBD-SXnDg_GT_tJm8Q== 

                                        
                                            
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google 

                                        
                                            
date: Tue, 29 Nov 2022 02:55:32 GMT 

                                        
                                            
age: 53792 

                                        
                                            
etag: "075531f525e625b117b2497f31139c9824d0e9c5" 

                                        
                                            
cache-control: max-age=3600,public,public 

                                        
                                            
alt-svc: clear 

                                        
                                            
X-Firefox-Spdy: h2 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

                                                Size:   9430

                                                Md5:    1f434933b5bd6377d299ada22d1ae7ef

                                                Sha1:   075531f525e625b117b2497f31139c9824d0e9c5

                                                Sha256: b587a3249e4f20112088608e3651c2ccbc44225a5c9d88d3bf5884d7f0e9029c

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc326607e-c0fa-4e9d-b8d4-1c9173793bed.jpeg HTTP/1.1 

                                        
                                            
Host: img-getpocket.cdn.mozilla.net

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: image/avif,image/webp,*/* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Origin: null 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Sec-Fetch-Dest: image 

                                        
                                            
Sec-Fetch-Mode: cors 

                                        
                                            
Sec-Fetch-Site: cross-site

                                         34.120.237.76

                                        
                                            HTTP/2 200 OK 

                                        
                                            
content-type: image/jpeg

                                        

                                        
                                            
server: nginx 

                                        
                                            
content-length: 9376 

                                        
                                            
x-amzn-requestid: c52b3092-90d2-4289-b6e0-ab99c9d4710a 

                                        
                                            
x-xss-protection: 1; mode=block 

                                        
                                            
access-control-allow-origin: * 

                                        
                                            
strict-transport-security: max-age=63072000; includeSubdomains; preload 

                                        
                                            
x-frame-options: DENY 

                                        
                                            
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' 

                                        
                                            
x-amz-apigw-id: cPmz3EVUoAMFWUw= 

                                        
                                            
x-content-type-options: nosniff 

                                        
                                            
x-amzn-trace-id: Root=1-6382eb4b-39f46c89238eff696e9f2dba;Sampled=0 

                                        
                                            
x-amzn-remapped-date: Sun, 27 Nov 2022 04:44:59 GMT 

                                        
                                            
x-amz-cf-pop: SEA19-C2 

                                        
                                            
x-cache: Miss from cloudfront 

                                        
                                            
x-amz-cf-id: ofQEhaEiX1vE25a_1xHeab9Px9zgGpk8omlX_aHmLE1oN1aZTPzWxQ== 

                                        
                                            
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google 

                                        
                                            
date: Mon, 28 Nov 2022 21:58:57 GMT 

                                        
                                            
age: 71587 

                                        
                                            
etag: "28c165bac8cf68cd1b0763c311aece00672cb3a5" 

                                        
                                            
cache-control: max-age=3600,public,public 

                                        
                                            
alt-svc: clear 

                                        
                                            
X-Firefox-Spdy: h2 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

                                                Size:   9376

                                                Md5:    cce27a1fe8c0222811a5ce0e7f89e1cb

                                                Sha1:   28c165bac8cf68cd1b0763c311aece00672cb3a5

                                                Sha256: 4530e34a47ef78c2c2b0d34a0511253a61f1927b192ab42f82361002ff10819e

                                        
                                            POST /gts1c3 HTTP/1.1 

                                        
                                            
Host: ocsp.pki.goog

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Content-Type: application/ocsp-request 

                                        
                                            
Content-Length: 84 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Pragma: no-cache 

                                        
                                            
Cache-Control: no-cache

                                         142.250.74.131

                                        
                                            HTTP/1.1 200 OK 

                                        
                                            
Content-Type: application/ocsp-response

                                        

                                        
                                            
Date: Tue, 29 Nov 2022 17:52:05 GMT 

                                        
                                            
Cache-Control: public, max-age=14400 

                                        
                                            
Server: ocsp_responder 

                                        
                                            
Content-Length: 472 

                                        
                                            
X-XSS-Protection: 0 

                                        
                                            
X-Frame-Options: SAMEORIGIN 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  data

                                                Size:   472

                                                Md5:    a0fe20d41a043db700a84924cd9793f3

                                                Sha1:   c0da481fef6cd00558f6e68b074acb34bef8292f

                                                Sha256: 03caeb65ab9e22f6d6fe0d344d327950d20ee9ed144e2da0e5e062943a03fc56

                                        
                                            GET /translate_a/element.js?cb=googleTranslateElementInit HTTP/1.1 

                                        
                                            
Host: translate.google.com

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Sec-Fetch-Dest: script 

                                        
                                            
Sec-Fetch-Mode: no-cors 

                                        
                                            
Sec-Fetch-Site: cross-site

                                         216.58.211.14

                                        
                                            HTTP/2 200 OK 

                                        
                                            
content-type: text/javascript; charset=utf-8

                                        

                                        
                                            
cache-control: no-cache, no-store, max-age=0, must-revalidate 

                                        
                                            
pragma: no-cache 

                                        
                                            
expires: Mon, 01 Jan 1990 00:00:00 GMT 

                                        
                                            
date: Tue, 29 Nov 2022 17:52:03 GMT 

                                        
                                            
cross-origin-resource-policy: cross-origin 

                                        
                                            
cross-origin-opener-policy: same-origin-allow-popups 

                                        
                                            
content-encoding: gzip 

                                        
                                            
server: ESF 

                                        
                                            
x-xss-protection: 0 

                                        
                                            
x-frame-options: SAMEORIGIN 

                                        
                                            
x-content-type-options: nosniff 

                                        
                                            
set-cookie: CONSENT=PENDING+258; expires=Thu, 28-Nov-2024 17:52:03 GMT; path=/; domain=.google.com; Secure 

                                        
                                            
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info." 

                                        
                                            
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" 

                                        
                                            
X-Firefox-Spdy: h2 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                        
                                            GET /css2?family=Roboto&display=swap HTTP/1.1 

                                        
                                            
Host: fonts.googleapis.com

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: text/css,*/*;q=0.1 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Referer: https://ad-free.info/ 

                                        
                                            
Sec-Fetch-Dest: style 

                                        
                                            
Sec-Fetch-Mode: no-cors 

                                        
                                            
Sec-Fetch-Site: cross-site 

                                        
                                            
TE: trailers

                                         142.250.74.106

                                        
                                            HTTP/2 200 OK 

                                        
                                            
content-type: text/css; charset=utf-8

                                        

                                        
                                            
access-control-allow-origin: * 

                                        
                                            
timing-allow-origin: * 

                                        
                                            
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin 

                                        
                                            
strict-transport-security: max-age=31536000 

                                        
                                            
expires: Tue, 29 Nov 2022 17:52:03 GMT 

                                        
                                            
date: Tue, 29 Nov 2022 17:52:03 GMT 

                                        
                                            
cache-control: private, max-age=86400 

                                        
                                            
cross-origin-opener-policy: same-origin-allow-popups 

                                        
                                            
cross-origin-resource-policy: cross-origin 

                                        
                                            
content-encoding: gzip 

                                        
                                            
server: ESF 

                                        
                                            
x-xss-protection: 0 

                                        
                                            
x-frame-options: SAMEORIGIN 

                                        
                                            
x-content-type-options: nosniff 

                                        
                                            
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" 

                                        
                                            
X-Firefox-Spdy: h2 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

URL	lkjkui.5ef48.bh.wy5532.com/
IP	37.48.65.150 (Netherlands)
ASN	#60781 LeaseWeb Netherlands B.V.
UserAgent	Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed	2022-11-29 17:52:12 UTC
Status	Loading report..
IDS alerts	0
Blocklist alert	1
urlquery alerts	No alerts detected
Tags	None

Overview

Domain Summary (22)

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Blocklists

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 37.48.65.150

Last 5 reports on ASN: LeaseWeb Netherlands B.V.

Last 5 reports on domain: wy5532.com

Last 5 reports with similar screenshot

JavaScript

Executed Scripts (14)

Executed Evals (0)

Executed Writes (3)

#1 JavaScript::Write (size: 2866) - SHA256: bd9b9037f2231777bcc799f76eeeae2e5a01663cce765e72e2ed1bda49cc926c

#2 JavaScript::Write (size: 382) - SHA256: d2485660acb012ca34ca118cb59e6fbb11edb83ea98a0e050dd9bed186ee9274

#3 JavaScript::Write (size: 382) - SHA256: c68c84b340115ef05318c4438aed24d3cd6198fdac59ac30dc7bac98452fda69

HTTP Transactions (49)

Overview

Domain Summary (22)

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro

Blocklists

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 37.48.65.150

Last 5 reports on ASN: LeaseWeb Netherlands B.V.

Last 5 reports on domain: wy5532.com

Last 5 reports with similar screenshot

JavaScript

Executed Scripts (14)

Executed Evals (0)

Executed Writes (3)

#1 JavaScript::Write (size: 2866) - SHA256: bd9b9037f2231777bcc799f76eeeae2e5a01663cce765e72e2ed1bda49cc926c

#2 JavaScript::Write (size: 382) - SHA256: d2485660acb012ca34ca118cb59e6fbb11edb83ea98a0e050dd9bed186ee9274

#3 JavaScript::Write (size: 382) - SHA256: c68c84b340115ef05318c4438aed24d3cd6198fdac59ac30dc7bac98452fda69

HTTP Transactions (49)

Network Intrusion Detection Systems