firefox.settings.services.mozilla.com/v1/
54.230.111.65200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 54.230.111.65:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=259200
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 05 Oct 2022 15:47:18 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 8ac66e1d6983a0f44cf391b1ec3b1cce.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 08p2d0OANpeg8_i0uKIByC-O4FjxetpZERMg7gdCfgDgK68hVGI1Hg==
Age: 101934
m.lepetitdiary.com/?utm_medium=efbbdd747f282d4b4da3306894b00c3b5847713e&utm_campaign=1-US-&1=&cb=wjo713mhijsracij2thpvreo
184.154.10.250200 Let's rock 1.5 kB URL HTTP/1.1 m.lepetitdiary.com/?utm_medium=efbbdd747f282d4b4da3306894b00c3b5847713e&utm_campaign=1-US-&1=&cb=wjo713mhijsracij2thpvreo
IP 184.154.10.250:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3336), with no line terminators
Hash 4d64ccfaff42a87f77eec22c4123af91
5f761a7f80c804d8160c0f61765fab834aaf9914
030dabbfcf629611aea96ad7a7ed5b5db2495e5dc62504a4c648768751c1eab9
GET /?utm_medium=efbbdd747f282d4b4da3306894b00c3b5847713e&utm_campaign=1-US-&1=&cb=wjo713mhijsracij2thpvreo HTTP/1.1
Host: m.lepetitdiary.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 Let's rock
Server: nginx
Date: Thu, 06 Oct 2022 20:06:12 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/8.1.9
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: u=fec5ea909d2f2baf1ea55116d44a4ab0; expires=Fri, 06-Oct-2023 20:06:12 GMT; Max-Age=31536000; path=/
Location: http://m.lepetitdiary.com/?utm_term=7151493230758985736&ver=4viyaptcjo
Content-Encoding: gzip
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 282f6e1328452c1cb41f6a6272fff757
20b9ff1b5f4f81b645769bd4b4cf7bf7dfc16262
6a8070ebe51259cb11db68cca2c81f3c7408fad481d8c14cc1c38912442c63f4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6A8070EBE51259CB11DB68CCA2C81F3C7408FAD481D8C14CC1C38912442C63F4"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8502
Expires: Thu, 06 Oct 2022 22:27:54 GMT
Date: Thu, 06 Oct 2022 20:06:12 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4ab7d8709d334de0e46dcb86aabfbff1
f221138a8ad9d0bfa3c054370dcdb363a67dc310
b91d37f606eaf448b9c7dfc05566a11de004ce44503409e1a776288ee2622805
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B91D37F606EAF448B9C7DFC05566A11DE004CE44503409E1A776288EE2622805"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15842
Expires: Fri, 07 Oct 2022 00:30:14 GMT
Date: Thu, 06 Oct 2022 20:06:12 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: E1QZH3YrWd0hr2fsFpczk68lHPioDrA1J3BkPbJhYtzga6gL/EYZ30YMAoC8/7afoB9sjz60UPQ=
x-amz-request-id: R3YEYHCVJE4V40MG
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 06 Oct 2022 19:58:52 GMT
age: 440
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 20:06:12 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
m.lepetitdiary.com/?utm_term=7151493230758985736&ver=4viyaptcjo&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b380b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f097979b8790cacbf9c9fffdf4fdc2f2f0f3f2c7c4c5dadbecebedefefefeae5e5e9e7e5e4e1191351
184.154.10.250200 OK 4.7 kB URL HTTP/1.1 m.lepetitdiary.com/?utm_term=7151493230758985736&ver=4viyaptcjo&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b380b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f097979b8790cacbf9c9fffdf4fdc2f2f0f3f2c7c4c5dadbecebedefefefeae5e5e9e7e5e4e1191351
IP 184.154.10.250:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3526), with CRLF, LF line terminators
Hash cd680b0ebcd481a6efca721cbddac7cb
9f2cf0e5e73a593fd418205f4e2b12fecab90003
4a64c5553ae87debe570e721a29ca215ad7bdde5d9a77862039410178d267e62
GET /?utm_term=7151493230758985736&ver=4viyaptcjo&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b380b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f097979b8790cacbf9c9fffdf4fdc2f2f0f3f2c7c4c5dadbecebedefefefeae5e5e9e7e5e4e1191351 HTTP/1.1
Host: m.lepetitdiary.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://m.lepetitdiary.com/?utm_medium=efbbdd747f282d4b4da3306894b00c3b5847713e&utm_campaign=1-US-&1=&cb=wjo713mhijsracij2thpvreo
Cookie: u=fec5ea909d2f2baf1ea55116d44a4ab0
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 06 Oct 2022 20:06:12 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/8.1.9
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Encoding: gzip
m.lepetitdiary.com/proc.php?33ab495a40a9d3b453a842241bd36a588b65c9cc
184.154.10.250200 Let's rock 1.5 kB URL HTTP/1.1 m.lepetitdiary.com/proc.php?33ab495a40a9d3b453a842241bd36a588b65c9cc
IP 184.154.10.250:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3584), with no line terminators
Hash 4272b15f30980fec5be61e23ddd1e540
525795cba86393ebd21601704164ad82449da65d
37ef19a50ece37ce323da2dca79a351dde64f2cdcf25077071166263794a444d
Analyzer Verdict Alert fortinet Malware
GET /proc.php?33ab495a40a9d3b453a842241bd36a588b65c9cc HTTP/1.1
Host: m.lepetitdiary.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://m.lepetitdiary.com/?utm_term=7151493230758985736&ver=4viyaptcjo&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b380b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f097979b8790cacbf9c9fffdf4fdc2f2f0f3f2c7c4c5dadbecebedefefefeae5e5e9e7e5e4e1191351
Cookie: u=fec5ea909d2f2baf1ea55116d44a4ab0
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 Let's rock
Server: nginx
Date: Thu, 06 Oct 2022 20:06:12 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/8.1.9
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7151493230758985736&website=4048-4091d70z&placement=4048
Content-Encoding: gzip
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
54.230.111.65200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 54.230.111.65:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Pragma, Content-Length, Backoff, Last-Modified, Cache-Control, Content-Type, Retry-After, ETag, Expires, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Thu, 06 Oct 2022 19:29:41 GMT
Expires: Thu, 06 Oct 2022 20:07:30 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: KHeULbn4wEnHqDwY-gBmZ_7NrzdPnmHcIvS9TxeTbREAkU-I8kKjdA==
Age: 2191
www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7151493230758985736&website=4048-4091d70z&placement=4048&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5daefeaeaeeeceee5e4e6e8e0e4e7e0e61266
51.68.81.31200 OK 5.2 kB URL HTTP/1.1 www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7151493230758985736&website=4048-4091d70z&placement=4048&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5daefeaeaeeeceee5e4e6e8e0e4e7e0e61266
IP 51.68.81.31:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3753)
Hash dfe51348d6c59ad827916177f0a47c36
0f9a2a21719f160e1baec8b90f218dda62f1f27b
adce4ef4efe575d3cacfb8aac1664ed420d48a5d7d6dba70270a7076e278ff8b
GET /?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7151493230758985736&website=4048-4091d70z&placement=4048&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5daefeaeaeeeceee5e4e6e8e0e4e7e0e61266 HTTP/1.1
Host: www.wewillserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://m.lepetitdiary.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 20:06:13 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-transform
www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7151493230758985736&website=4048-4091d70z&placement=4048&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5daefeaeaeeeceee5e4e6e8e0e4e7e0e61266&eyeg=e359b3621775a1df98cdc615da1a6437&eyer=0.5085544709087161&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef=m.lepetitdiary.com
51.68.81.31302 Found 0 B URL HTTP/1.1 www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7151493230758985736&website=4048-4091d70z&placement=4048&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5daefeaeaeeeceee5e4e6e8e0e4e7e0e61266&eyeg=e359b3621775a1df98cdc615da1a6437&eyer=0.5085544709087161&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef=m.lepetitdiary.com
IP 51.68.81.31:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7151493230758985736&website=4048-4091d70z&placement=4048&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5daefeaeaeeeceee5e4e6e8e0e4e7e0e61266&eyeg=e359b3621775a1df98cdc615da1a6437&eyer=0.5085544709087161&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef=m.lepetitdiary.com HTTP/1.1
Host: www.wewillserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Found
Date: Thu, 06 Oct 2022 20:06:13 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-transform
Location: https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7151493230758985736&website=4048-4091d70z&placement=4048&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5daefeaeaeeeceee5e4e6e8e0e4e7e0e61266&eyeg=3&eyer=0.5085544709087161&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef=m.lepetitdiary.com
www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7151493230758985736&website=4048-4091d70z&placement=4048&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5daefeaeaeeeceee5e4e6e8e0e4e7e0e61266&eyeg=3&eyer=0.5085544709087161&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef=m.lepetitdiary.com
51.68.81.31302 Found 0 B URL HTTP/1.1 www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7151493230758985736&website=4048-4091d70z&placement=4048&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5daefeaeaeeeceee5e4e6e8e0e4e7e0e61266&eyeg=3&eyer=0.5085544709087161&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef=m.lepetitdiary.com
IP 51.68.81.31:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7151493230758985736&website=4048-4091d70z&placement=4048&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5daefeaeaeeeceee5e4e6e8e0e4e7e0e61266&eyeg=3&eyer=0.5085544709087161&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef=m.lepetitdiary.com HTTP/1.1
Host: www.wewillserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Found
Date: Thu, 06 Oct 2022 20:06:13 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-transform
Location: https://admoustache.go2affise.com/sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=330006b4614e34baa20a87c7ceb1e0453820d1006-202210-flb*5467509-4538f*M7151493230758985736*sl_5467509-4538f*034edb6779b96f943524300eba6049b17eb1eb57*4048-4091d70z*4048
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 8be5570b9a5ca76c580da007a824b029
38840f2ac6476bdd5608121c5653e338c7ad9715
0b94e05080ef85432b1815eb3c6c7594c9613cfde1b51eeabee46d0d9fde64b2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6347
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 20:06:13 GMT
Last-Modified: Thu, 06 Oct 2022 18:20:27 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 471
www.wewillserv.com/favicon.ico
51.68.81.31204 No Content 0 B URL HTTP/1.1 www.wewillserv.com/favicon.ico
IP 51.68.81.31:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: www.wewillserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 204 No Content
Server: openresty
Date: Thu, 06 Oct 2022 20:06:13 GMT
Connection: keep-alive
ocsp.godaddy.com/
192.124.249.24200 OK 1.8 kB IP 192.124.249.24:0
Hash 33761a5af4a02282723cb6d0ee216cfa
63bef35493dcf5fa392837f16dddfa870106b9f0
656948e647a0520eb91fccd52f6fa241747b8b53af76770084c3c3fc14c198ad
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Thu, 06 Oct 2022 20:06:13 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Wed, 05 Oct 2022 23:50:43 GMT
Expires: Thu, 06 Oct 2022 23:50:43 GMT
ETag: "63bef35493dcf5fa392837f16dddfa870106b9f0"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
admoustache.go2affise.com/sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=330006b4614e34baa20a87c7ceb1e0453820d1006-202210-flb*5467509-4538f*M7151493230758985736*sl_5467509-4538f*034edb6779b96f943524300eba6049b17eb1eb57*4048-4091d70z*4048
34.141.137.168302 Found 0 B URL HTTP/2 admoustache.go2affise.com/sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=330006b4614e34baa20a87c7ceb1e0453820d1006-202210-flb*5467509-4538f*M7151493230758985736*sl_5467509-4538f*034edb6779b96f943524300eba6049b17eb1eb57*4048-4091d70z*4048
IP 34.141.137.168:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=330006b4614e34baa20a87c7ceb1e0453820d1006-202210-flb*5467509-4538f*M7151493230758985736*sl_5467509-4538f*034edb6779b96f943524300eba6049b17eb1eb57*4048-4091d70z*4048 HTTP/1.1
Host: admoustache.go2affise.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Thu, 06 Oct 2022 20:06:13 GMT
content-length: 0
location: https://myofferplus.com/rc/a91581ead4?affclick=633f35354b5b44000198cbef&pubid=503
set-cookie: afclick=633f35354b5b44000198cbef; expires=Fri, 06 Oct 2023 20:06:13 GMT; secure; SameSite=None
access-control-allow-origin: *
X-Firefox-Spdy: h2
push.services.mozilla.com/
44.237.51.86101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 44.237.51.86:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: U7dLhD/UtM3uVhC3PjI38Q==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: ZyrQxZr9qXQDwYvEWmD87/QUfKc=
139.59.49.76/34363?click=pubcc7da5ae76994fc1ad15b2ec3fbd6b2f&pubid=8063a697
139.59.49.76302 Found 226 B URL HTTP/1.1 139.59.49.76/34363?click=pubcc7da5ae76994fc1ad15b2ec3fbd6b2f&pubid=8063a697
IP 139.59.49.76:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document, ASCII text, with no line terminators
Hash bf32c208f43e1072a2372a1b0886be9c
6a0d9cb2fd1e5c07a1c8cf8a876f4c6379e47a72
492de991043517a7bbed5bc770c8ac0e72ea8a2d46c0ee3e5546ff2269e0235e
GET /34363?click=pubcc7da5ae76994fc1ad15b2ec3fbd6b2f&pubid=8063a697 HTTP/1.1
Host: 139.59.49.76
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
x-powered-by: Express
surrogate-control: no-store
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
pragma: no-cache
expires: 0
location: https://surf.ueive.com/rc/736006a179?affclick=22J07013614A0343630128299RDcv&pubid=34363
vary: Accept, Accept-Encoding
content-type: text/html; charset=utf-8
content-length: 226
date: Thu, 06 Oct 2022 20:06:14 GMT
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e825fc3ba1ec6c169fbc10ffef8dffb0
6bf9cffa8468b37068aebed5a43dbc911086fc84
b0c59e715d8c38c061cfa06ec64c69f442f9417d6bc9c76e393c1fa00b11af86
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B0C59E715D8C38C061CFA06EC64C69F442F9417D6BC9C76E393C1FA00B11AF86"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12360
Expires: Thu, 06 Oct 2022 23:32:14 GMT
Date: Thu, 06 Oct 2022 20:06:14 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e825fc3ba1ec6c169fbc10ffef8dffb0
6bf9cffa8468b37068aebed5a43dbc911086fc84
b0c59e715d8c38c061cfa06ec64c69f442f9417d6bc9c76e393c1fa00b11af86
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B0C59E715D8C38C061CFA06EC64C69F442F9417D6BC9C76E393C1FA00B11AF86"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12360
Expires: Thu, 06 Oct 2022 23:32:14 GMT
Date: Thu, 06 Oct 2022 20:06:14 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e825fc3ba1ec6c169fbc10ffef8dffb0
6bf9cffa8468b37068aebed5a43dbc911086fc84
b0c59e715d8c38c061cfa06ec64c69f442f9417d6bc9c76e393c1fa00b11af86
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B0C59E715D8C38C061CFA06EC64C69F442F9417D6BC9C76E393C1FA00B11AF86"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12360
Expires: Thu, 06 Oct 2022 23:32:14 GMT
Date: Thu, 06 Oct 2022 20:06:14 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e825fc3ba1ec6c169fbc10ffef8dffb0
6bf9cffa8468b37068aebed5a43dbc911086fc84
b0c59e715d8c38c061cfa06ec64c69f442f9417d6bc9c76e393c1fa00b11af86
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B0C59E715D8C38C061CFA06EC64C69F442F9417D6BC9C76E393C1FA00B11AF86"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12360
Expires: Thu, 06 Oct 2022 23:32:14 GMT
Date: Thu, 06 Oct 2022 20:06:14 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e825fc3ba1ec6c169fbc10ffef8dffb0
6bf9cffa8468b37068aebed5a43dbc911086fc84
b0c59e715d8c38c061cfa06ec64c69f442f9417d6bc9c76e393c1fa00b11af86
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B0C59E715D8C38C061CFA06EC64C69F442F9417D6BC9C76E393C1FA00B11AF86"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12360
Expires: Thu, 06 Oct 2022 23:32:14 GMT
Date: Thu, 06 Oct 2022 20:06:14 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb3178d2f-9a52-4d0e-a26b-5a90ef8578f2.jpeg
34.120.237.76200 OK 3.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb3178d2f-9a52-4d0e-a26b-5a90ef8578f2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 488ec5b4267ccb1cdc4e6e08556f7f3b
42dd7ec0c606dbd3ccc0074f61d3b4b12f2e3c88
d9b05fe92962a58b9a8e8dbd4757969aa361be12018107ae649ffcdb8a0f8d84
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb3178d2f-9a52-4d0e-a26b-5a90ef8578f2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3430
x-amzn-requestid: 9b3b52d6-08b4-4893-962b-3dfe67e2f11d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZjTijF0vIAMFq3Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633dffa9-0a128734418b6c4d6375e2ac;Sampled=0
x-amzn-remapped-date: Wed, 05 Oct 2022 22:05:29 GMT
x-amz-cf-pop: SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: G0mKHnEonkmY4EDpNGAbg_DF37oxElJt58Lv6IJ4ro-hiG61wEAqVQ==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 95785220a566cd050f3ad80928463374.cloudfront.net (CloudFront), 1.1 google
date: Thu, 06 Oct 2022 09:57:45 GMT
age: 36509
etag: "42dd7ec0c606dbd3ccc0074f61d3b4b12f2e3c88"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd38ec9d6-fb69-4c6e-aae2-136fd254ae50.jpeg
34.120.237.76200 OK 7.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd38ec9d6-fb69-4c6e-aae2-136fd254ae50.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e238ccaa3b9fa88476a8514855e8232f
447cbf348ef10d0136a1811e843c46937defbba1
43dce3c1eb388dfaddca4176acb6eb32f76fc4c03fca18e7a315c9ddb43d2b02
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd38ec9d6-fb69-4c6e-aae2-136fd254ae50.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7270
x-amzn-requestid: e5d0bb7a-b9d5-49b1-b51c-8db019da641f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZjQOGEQloAMFjgw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633dfa5a-519d91fb0b83920960da479d;Sampled=0
x-amzn-remapped-date: Wed, 05 Oct 2022 21:42:50 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: l1HGT5ycH36vVojsOPFptRSU1YJFvLbBsgiWJqzRlRIGgm2o5vf6jg==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 34c44cb7892e57a3b6c51812bcf68ee4.cloudfront.net (CloudFront), 1.1 google
date: Wed, 05 Oct 2022 21:58:56 GMT
etag: "447cbf348ef10d0136a1811e843c46937defbba1"
content-type: image/jpeg
age: 79638
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fccecc8c9-b6da-4470-b2be-fa8d46df1cc2.webp
34.120.237.76200 OK 9.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fccecc8c9-b6da-4470-b2be-fa8d46df1cc2.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 70ea26af79226e9ff06d6198e2c019dc
ae2c476667f63c7f642f0d9f4d0bc0d846b0ef57
f9393e7b8cbaedc8e1ef87fd89c617cf102f58813d84d866ff68e3124f94d44c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fccecc8c9-b6da-4470-b2be-fa8d46df1cc2.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9044
x-amzn-requestid: 127bce04-9f75-4bb1-bbe7-33bf1694d96c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZdZPmHG5oAMFehw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633ba263-3896085b3b73ff5403237206;Sampled=0
x-amzn-remapped-date: Tue, 04 Oct 2022 03:02:59 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: E4yZTPRLFdK717YfwjOIFOJDi0wYpyA736dQELeM5iPLvGDXBosEWg==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Thu, 06 Oct 2022 05:04:17 GMT
age: 54117
etag: "ae2c476667f63c7f642f0d9f4d0bc0d846b0ef57"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ecef3b6-b278-4a22-86dd-6a19875e1cc1.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ecef3b6-b278-4a22-86dd-6a19875e1cc1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9e520f87cae411cfc2ed1c8a14184385
69ad212cb7ae309d4f02019552887135bfae67da
723b10bfbcde201b5811e3bd0560f02f90775e4d18b28d19e6c814899f2da71a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ecef3b6-b278-4a22-86dd-6a19875e1cc1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7511
x-amzn-requestid: 995b51dd-5484-4b4c-ad40-550f7fd85930
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZjO6uG70IAMFjBw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633df844-70f17f6f24dce0003d03902a;Sampled=0
x-amzn-remapped-date: Wed, 05 Oct 2022 21:33:56 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: BddSUzh-PKiFmfw2p9gPW-B0qtrXWxCXfee29Pk-wLqN7RO21Yic6g==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 f7283f3fe2c258cf54f8b7d3dd272e0e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 05 Oct 2022 21:37:06 GMT
age: 80948
etag: "69ad212cb7ae309d4f02019552887135bfae67da"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5ce3d070-3bf1-47cd-bdd7-2bda7b826976.jpeg
34.120.237.76200 OK 4.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5ce3d070-3bf1-47cd-bdd7-2bda7b826976.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash dbba56f647bf5989ca51863632bbebfc
26694f34166345ee5693653e0101db6b910e68ba
ec5cc38f2a77e8e655aeeb7a376cf882ccb7163e4ef9d1ce4633ab4754e48765
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5ce3d070-3bf1-47cd-bdd7-2bda7b826976.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4140
x-amzn-requestid: f3cb33c4-26b6-4fd8-9293-dfb42be34600
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZjOZiEZ4IAMFvLg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633df770-424459547db8b3d721d75e54;Sampled=0
x-amzn-remapped-date: Wed, 05 Oct 2022 21:30:24 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: q70sezhl0h-lASzUDh5_WQ6KraRa3fWYl_tO0iuE0CpbJ5GeiihgMw==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 95785220a566cd050f3ad80928463374.cloudfront.net (CloudFront), 1.1 google
date: Wed, 05 Oct 2022 21:37:06 GMT
etag: "26694f34166345ee5693653e0101db6b910e68ba"
content-type: image/jpeg
age: 80948
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7fac259b-7a22-4aa2-ba3f-682cb749091c.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7fac259b-7a22-4aa2-ba3f-682cb749091c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2277f8f2d93b4bc3b05d348343177892
531d9e4ec9078cd2d7376a19fcb287084af36c82
62907648de4a2ed390232a71ab7dce49f1e9c3363cde6a2f30ecae10ab67f93a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7fac259b-7a22-4aa2-ba3f-682cb749091c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11080
x-amzn-requestid: 8fa4d19d-87a5-46c5-96c5-4aec793daad9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZjO7xE5eoAMFQLw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633df84b-5c422c7a168c014f57559037;Sampled=0
x-amzn-remapped-date: Wed, 05 Oct 2022 21:34:03 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: LySueW1si-yWLwecUILV1s57IEV2FdcQ9_pH1Aoe4AYISi7QXXfd3A==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 34c44cb7892e57a3b6c51812bcf68ee4.cloudfront.net (CloudFront), 1.1 google
date: Wed, 05 Oct 2022 21:39:28 GMT
age: 80806
etag: "531d9e4ec9078cd2d7376a19fcb287084af36c82"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash b2481229838c68000d1e2b5a895f2333
3ae4f531cf731240ca5ae6394150818e0a13d34e
edbdb25b145b96f0fea6c38f6c451a29f83ddd94c27918f6d291ccf35f3fab95
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 20:06:15 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 05 Oct 2022 03:34:03 GMT
Expires: Wed, 12 Oct 2022 03:34:02 GMT
Etag: "3ae4f531cf731240ca5ae6394150818e0a13d34e"
Cache-Control: max-age=458266,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7561043b7ba30b31-OSL
track.gositego.live/sl?id=62dfc1354b8cd38db57f7466&pid=930&sub1=pub0ceb86d31575472e99082eb41030ab3a&sub2=a617a0f9_34363
34.141.179.97302 Found 0 B URL HTTP/2 track.gositego.live/sl?id=62dfc1354b8cd38db57f7466&pid=930&sub1=pub0ceb86d31575472e99082eb41030ab3a&sub2=a617a0f9_34363
IP 34.141.179.97:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sl?id=62dfc1354b8cd38db57f7466&pid=930&sub1=pub0ceb86d31575472e99082eb41030ab3a&sub2=a617a0f9_34363 HTTP/1.1
Host: track.gositego.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://surf.ueive.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Thu, 06 Oct 2022 20:06:15 GMT
content-length: 0
location: https://kixa.jukminung.com/rc/19aff8b744?affclick=633f35371b0b600001b15f1d&pubid=930_a617a0f9_34363
set-cookie: afclick=633f35371b0b600001b15f1d; expires=Fri, 06 Oct 2023 20:06:15 GMT; secure; SameSite=None
access-control-allow-origin: *
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 5ef27f568daa6019d8334a461352460b
8246a23f2b0ce762c458bff583a4b766af3d8cd1
9433bbf1b568d232bba5585c1f2b0d9f2b13f4cee7771c0534e093737f88133a
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "9433BBF1B568D232BBA5585C1F2B0D9F2B13F4CEE7771C0534E093737F88133A"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15641
Expires: Fri, 07 Oct 2022 00:26:56 GMT
Date: Thu, 06 Oct 2022 20:06:15 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 5ef27f568daa6019d8334a461352460b
8246a23f2b0ce762c458bff583a4b766af3d8cd1
9433bbf1b568d232bba5585c1f2b0d9f2b13f4cee7771c0534e093737f88133a
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "9433BBF1B568D232BBA5585C1F2B0D9F2B13F4CEE7771C0534E093737F88133A"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15641
Expires: Fri, 07 Oct 2022 00:26:56 GMT
Date: Thu, 06 Oct 2022 20:06:15 GMT
Connection: keep-alive
139.59.49.76/34363?click=pub81aa292de20049d1a7ddf29338c7455f&pubid=9637449d
139.59.49.76302 Found 378 B URL HTTP/1.1 139.59.49.76/34363?click=pub81aa292de20049d1a7ddf29338c7455f&pubid=9637449d
IP 139.59.49.76:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document, ASCII text, with very long lines (378), with no line terminators
Hash ee7d81a8941d371e9f7400795636f422
dcd65b9e4016c837a041fc6b205464339c609c73
02de3512f446ee82337824bfc90c802636612b8601e40550c9674b0237a67db5
GET /34363?click=pub81aa292de20049d1a7ddf29338c7455f&pubid=9637449d HTTP/1.1
Host: 139.59.49.76
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
x-powered-by: Express
surrogate-control: no-store
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
pragma: no-cache
expires: 0
location: https://armr.trckswrm.com/recommendation?rec_link_id=309&pub_id=90&pub_click_id=22J07013616A034363029890rQig7&pub_sub_id=34363&pub_sub_sub_id=undefined
vary: Accept, Accept-Encoding
content-type: text/html; charset=utf-8
content-length: 378
date: Thu, 06 Oct 2022 20:06:16 GMT
zerossl.ocsp.sectigo.com/
104.18.32.68200 OK 727 B URL HTTP/1.1 zerossl.ocsp.sectigo.com/
IP 104.18.32.68:0
Hash efff095c8c29a13e99e69f82df805294
1d225d203e392693dc062ac40434083b03f192bd
b9a1fc1e48b83aef0009452a569801415ec2b1fcab85e82af3254d585b56a433
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 20:06:16 GMT
Content-Type: application/ocsp-response
Content-Length: 727
Connection: keep-alive
Last-Modified: Wed, 05 Oct 2022 01:54:56 GMT
Expires: Wed, 12 Oct 2022 01:54:55 GMT
Etag: "1d225d203e392693dc062ac40434083b03f192bd"
Cache-Control: max-age=452318,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75610441bbd1b4eb-OSL
armr.trckswrm.com/recommendation?rec_link_id=309&pub_id=90&pub_click_id=22J07013616A034363029890rQig7&pub_sub_id=34363&pub_sub_sub_id=undefined
5.9.7.122200 OK 218 B URL HTTP/1.1 armr.trckswrm.com/recommendation?rec_link_id=309&pub_id=90&pub_click_id=22J07013616A034363029890rQig7&pub_sub_id=34363&pub_sub_sub_id=undefined
IP 5.9.7.122:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document, ASCII text
Hash 11dd0861e27ec118a69a793d962646d7
c8ee13e4e7230f8c6e462adb28321f752a64697e
93107477b116e794265628df4fdda5eb62589535fbe7ef35c9a801127ceb289b
GET /recommendation?rec_link_id=309&pub_id=90&pub_click_id=22J07013616A034363029890rQig7&pub_sub_id=34363&pub_sub_sub_id=undefined HTTP/1.1
Host: armr.trckswrm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
content-length: 218
date: Thu, 06 Oct 2022 20:06:16 GMT
armr.trckswrm.com/favicon.ico
5.9.7.122404 Not Found 0 B URL HTTP/1.1 armr.trckswrm.com/favicon.ico
IP 5.9.7.122:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: armr.trckswrm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://armr.trckswrm.com/recommendation?rec_link_id=309&pub_id=90&pub_click_id=22J07013616A034363029890rQig7&pub_sub_id=34363&pub_sub_sub_id=undefined
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
content-length: 0
date: Thu, 06 Oct 2022 20:06:16 GMT
surf.ueive.com/rc/736006a179?affclick=22J07013614A0343630128299RDcv&pubid=34363
172.67.185.86200 OK 1.6 kB URL HTTP/2 surf.ueive.com/rc/736006a179?affclick=22J07013614A0343630128299RDcv&pubid=34363
IP 172.67.185.86:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1531)
Hash 71e7032b6fe52e5dedc7555c8b04794c
df77080002e2d66f7c4bd6db36f512c9dac6ea09
af91e6dad9f3593b059127e0ffa9b6261878a84ec912bb10b01d4d62de85f7a6
GET /rc/736006a179?affclick=22J07013614A0343630128299RDcv&pubid=34363 HTTP/1.1
Host: surf.ueive.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 06 Oct 2022 20:06:14 GMT
content-type: text/html; charset=utf-8
set-cookie: AWSALB=7/s0KKYTQLUg7d2BaJyp2vLzpQ48sl15ybHDaUm5Gc1aivSPGmt/WrozV9zhDxdS9lCHowOaPo29cDBurlklfs1moFVLLXAjgNgJUdgxsmi4wlVokWCjJg6DKr6S; Expires=Thu, 13 Oct 2022 20:06:14 GMT; Path=/
AWSALBCORS=7/s0KKYTQLUg7d2BaJyp2vLzpQ48sl15ybHDaUm5Gc1aivSPGmt/WrozV9zhDxdS9lCHowOaPo29cDBurlklfs1moFVLLXAjgNgJUdgxsmi4wlVokWCjJg6DKr6S; Expires=Thu, 13 Oct 2022 20:06:14 GMT; Path=/; SameSite=None
vary: Accept-Encoding, Accept-Language, Cookie
content-language: en
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ORxkPbFjcSXQgxuIdeqxGtq1In4i88H%2F9jEDtZPcw6giIRJC1CM2gaFL%2Fmqw6IrAt8ZWmLYbqrHdwJHIWDUYbNbTg0CS2%2FHL2q9SL1P5Ii7p23r5y44mORWeIBrxptpRsA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75610433c9bcb4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 0afd3a3b284c5a8b23179b378ee970ef
619fe05b3f70d644df6892abfc760aef36efeeb9
7d6ea9aaa99456903f8903b6f925f514caee9bbe6dda09d56f54f0c03db0e9db
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "7D6EA9AAA99456903F8903B6F925F514CAEE9BBE6DDA09D56F54F0C03DB0E9DB"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11162
Expires: Thu, 06 Oct 2022 23:12:19 GMT
Date: Thu, 06 Oct 2022 20:06:17 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 36ed3a14de5b4a82fa425cc48b2f4705
922ca17d9cd88cf08dcad9150eb8e2739d882809
7faaca19bb6d63abfd06e70e1eae3fec825206635b414e91e792586dfcaf14bc
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "7FAACA19BB6D63ABFD06E70E1EAE3FEC825206635B414E91E792586DFCAF14BC"
Last-Modified: Tue, 04 Oct 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21570
Expires: Fri, 07 Oct 2022 02:05:47 GMT
Date: Thu, 06 Oct 2022 20:06:17 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 36ed3a14de5b4a82fa425cc48b2f4705
922ca17d9cd88cf08dcad9150eb8e2739d882809
7faaca19bb6d63abfd06e70e1eae3fec825206635b414e91e792586dfcaf14bc
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "7FAACA19BB6D63ABFD06E70E1EAE3FEC825206635B414E91E792586DFCAF14BC"
Last-Modified: Tue, 04 Oct 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21570
Expires: Fri, 07 Oct 2022 02:05:47 GMT
Date: Thu, 06 Oct 2022 20:06:17 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a938f022ad1a1123773cef52cf9fcf1d
51bf1194bfcdf459ccef746f97a542ccd0b229b0
e8c154dac696c85c20b2743a62120fa4c84e56880f6e8194bbd404c4de1efd4f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E8C154DAC696C85C20B2743A62120FA4C84E56880F6E8194BBD404C4DE1EFD4F"
Last-Modified: Thu, 06 Oct 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17365
Expires: Fri, 07 Oct 2022 00:55:43 GMT
Date: Thu, 06 Oct 2022 20:06:18 GMT
Connection: keep-alive
goaserver.com/tracking_sl.php?hash=5d4ce6e096b07d9fb281439916e67b74&aff_sub=bmconv_20221006220617_e8d2ec16_7817_4a1e_a5d4_cf9d9b410210&source=139445&sub_source=ww
185.32.28.169200 OK 20 B URL HTTP/1.1 goaserver.com/tracking_sl.php?hash=5d4ce6e096b07d9fb281439916e67b74&aff_sub=bmconv_20221006220617_e8d2ec16_7817_4a1e_a5d4_cf9d9b410210&source=139445&sub_source=ww
IP 185.32.28.169:0
ASN #15699 OGIC Informatica S.L.
Hash 7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2
GET /tracking_sl.php?hash=5d4ce6e096b07d9fb281439916e67b74&aff_sub=bmconv_20221006220617_e8d2ec16_7817_4a1e_a5d4_cf9d9b410210&source=139445&sub_source=ww HTTP/1.1
Host: goaserver.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://trk75.zzzperform.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 06 Oct 2022 20:06:15 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Refresh: 0; url=https://1d658ac571c.nobhere.com/?p=2781&media_type=mainstream&click_id=1665086775goa633f3537e96f1&pi=314
Content-Encoding: gzip
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 14f303290f369222645295906694caba
81c77104479e801bb00d28a9a439f14b91862ab8
d1764c18cfd31856ace9277255383e1b822ba84062b8402be9e32b4bdf75d20a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D1764C18CFD31856ACE9277255383E1B822BA84062B8402BE9E32B4BDF75D20A"
Last-Modified: Wed, 05 Oct 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21494
Expires: Fri, 07 Oct 2022 02:04:32 GMT
Date: Thu, 06 Oct 2022 20:06:18 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 2.2 kB IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 84d617c11447a4a4141be3987ad237cb
c8f4a31459b19aa9b9434d4dab109c4c8457f21e
75b3d58de1ec64fa277d467cec9e7afc2cef7b1be61e8db0f4e29874b71188ee
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4FDDC560D2100882C49949049672F6E5704676D5392985DB0AB829221DD1FE6D"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7639
Expires: Thu, 06 Oct 2022 22:13:37 GMT
Date: Thu, 06 Oct 2022 20:06:18 GMT
Connection: keep-alive
4c92068b8.srtrak.com/163-908-3-2559?external_clickid=5whawrmdf8eqhb14z474004c4,16377010,5,2781
91.132.60.212301 Moved Permanently 162 B URL HTTP/2 4c92068b8.srtrak.com/163-908-3-2559?external_clickid=5whawrmdf8eqhb14z474004c4,16377010,5,2781
IP 91.132.60.212:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /163-908-3-2559?external_clickid=5whawrmdf8eqhb14z474004c4,16377010,5,2781 HTTP/1.1
Host: 4c92068b8.srtrak.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: nginx
date: Thu, 06 Oct 2022 20:06:18 GMT
content-type: text/html
content-length: 162
location: https://4c92068b8.srtrak.com/promo.php?id=163&page=908&set=3&link=2559&external_clickid=5whawrmdf8eqhb14z474004c4,16377010,5,2781
x-robots-tag: noindex, nofollow, nosnippet, noarchive
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 30209450f091adb3f629f222f4e581a2
e7f47c53b4e32b7729647afa40d5a9f8a0bd296c
74cc3508bf2364e8a6cd026c196d2ba486e917535daaf9ab3d29544075b9cec0
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 20:06:19 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 06 Oct 2022 03:42:24 GMT
Expires: Thu, 13 Oct 2022 03:42:23 GMT
Etag: "e7f47c53b4e32b7729647afa40d5a9f8a0bd296c"
Cache-Control: max-age=545163,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75610451bd750b31-OSL
4c92068b8.srtrak.com/promo.php?id=163&page=908&set=3&link=2559&external_clickid=5whawrmdf8eqhb14z474004c4,16377010,5,2781
91.132.60.212301 Moved Permanently 0 B URL HTTP/2 4c92068b8.srtrak.com/promo.php?id=163&page=908&set=3&link=2559&external_clickid=5whawrmdf8eqhb14z474004c4,16377010,5,2781
IP 91.132.60.212:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /promo.php?id=163&page=908&set=3&link=2559&external_clickid=5whawrmdf8eqhb14z474004c4,16377010,5,2781 HTTP/1.1
Host: 4c92068b8.srtrak.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
server: nginx
date: Thu, 06 Oct 2022 20:06:18 GMT
content-type: text/html; charset=UTF-8
location: https://0f7c4419e.srtrak.com/promo-tools/direct-offers/mainstream/apps/operagx/?idev_id=163&set=3&link=2559&page=908&external_clickid=5whawrmdf8eqhb14z474004c4,16377010,5,2781&clickid=8c1ccfeadffdbd7c4f7d095457141aa2399a9c68a4c840ed87064d32d713678e
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: _s=15745p0lerhmkareb6nnb5453e; path=/; HttpOnly
sr=163--3-2559-------https%3A%2F%2F0f7c4419e.srtrak.com%2Fpromo-tools%2Fdirect-offers%2Fmainstream%2Fapps%2Foperagx%2F; expires=Fri, 23-Sep-2072 20:06:18 GMT; Max-Age=1576800000; path=/; domain=.srtrak.com
referrer-policy: no-referrer
x-robots-tag: noindex, nofollow, nosnippet, noarchive
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
54.230.245.110200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.110:0
Hash 53383ad0e624301fd8f5ae7dd8659df9
9f7bfb5dd5ad9bda763e5c7c11245a5adc6f20ce
a103af891ad3435d0f950814cdfdc5f56e95a50059fcc5e06f59951a5051040a
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Thu, 06 Oct 2022 20:06:19 GMT
Last-Modified: Thu, 06 Oct 2022 19:00:09 GMT
Server: ECS (nyb/1D35)
X-Cache: Miss from cloudfront
Via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: j_QIcCIsI2z5LvpejOi8tm-ImJmZ1cjOrIH7jiWmBqofHltmMBBvsw==
Age: 3970
www.gxpowered.com/ef/assets/xm1k.png
54.230.111.51200 OK 122 kB URL HTTP/2 www.gxpowered.com/ef/assets/xm1k.png
IP 54.230.111.51:0
File type PNG image data, 532 x 400, 8-bit/color RGBA, non-interlaced\012- data
Size 122 kB (121947 bytes)
Hash fb296fd6be55555670e23ef9e4d3176a
97b7aa60b59260cd2ba4c8ea163403ac210780dd
c5e800a0f0f0b3b5ee1e6be0d7dceef5b7c2f88a33345e310afea6aa846fd01e
GET /ef/assets/xm1k.png HTTP/1.1
Host: www.gxpowered.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gxpowered.com/ef/?tl=aHR0cHM6Ly93d3cub3N0bG9uLmNvbS9jbXAvM1NHVERIMS9QNUhQSEIv&sub1=1320852&sub2=df0f817pmb72t052
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 121947
date: Thu, 06 Oct 2022 03:46:49 GMT
last-modified: Tue, 22 Mar 2022 14:50:52 GMT
etag: "fb296fd6be55555670e23ef9e4d3176a"
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 01674xDJ3fYbFEbx3VcSD2DSPbiZ8tGPQ3dOZop_6zcJ5fH3V4MSuQ==
age: 58770
X-Firefox-Spdy: h2
www.gxpowered.com/ef/assets/brazil.png
54.230.111.51200 OK 161 kB URL HTTP/2 www.gxpowered.com/ef/assets/brazil.png
IP 54.230.111.51:0
File type PNG image data, 532 x 400, 8-bit/color RGBA, non-interlaced\012- data
Size 161 kB (161255 bytes)
Hash 7159e04db522cc24e82254743f459124
67f5522a6b11aacd1936e105b11b0e956a541cf7
707a37320e6f6123c37faeb10a457b84524a350556414863f59f4266a44a0eb2
GET /ef/assets/brazil.png HTTP/1.1
Host: www.gxpowered.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gxpowered.com/ef/?tl=aHR0cHM6Ly93d3cub3N0bG9uLmNvbS9jbXAvM1NHVERIMS9QNUhQSEIv&sub1=1320852&sub2=df0f817pmb72t052
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 161255
last-modified: Tue, 22 Mar 2022 14:50:49 GMT
accept-ranges: bytes
server: AmazonS3
date: Thu, 06 Oct 2022 06:08:30 GMT
etag: "7159e04db522cc24e82254743f459124"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: JK_xxfAUCNPEq7vbtbwWa_zTE7ikpbdyHQiowzafy2t3OvrzQSU5yw==
age: 50270
X-Firefox-Spdy: h2
www.gxpowered.com/ef/assets/3809.png
54.230.111.51200 OK 7.3 kB URL HTTP/2 www.gxpowered.com/ef/assets/3809.png
IP 54.230.111.51:0
File type PNG image data, 260 x 67, 8-bit/color RGBA, non-interlaced\012- data
Hash 21f7ce215aae34f2e02075c53073aad6
86908885e487fc10674541b47aad6e5b650db373
8a9a18c629393d37153b6e200a557b36ab68bb6bb5068061f4d2a752733e720c
GET /ef/assets/3809.png HTTP/1.1
Host: www.gxpowered.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gxpowered.com/ef/?tl=aHR0cHM6Ly93d3cub3N0bG9uLmNvbS9jbXAvM1NHVERIMS9QNUhQSEIv&sub1=1320852&sub2=df0f817pmb72t052
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 7265
last-modified: Tue, 22 Mar 2022 14:50:52 GMT
accept-ranges: bytes
server: AmazonS3
date: Thu, 06 Oct 2022 02:05:20 GMT
etag: "21f7ce215aae34f2e02075c53073aad6"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: yIK0zw14IVFdutmDT8USogrSdZo2Q9DocfM3uYp4p1QO_iIWcuszmg==
age: 64860
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 18e0e019cd697bb16806d8f00408a319
60ceb13c31595e6cf9bb6800657e4593a1fbd670
7cb0778c80be637b67a5d198ca180a76bbfa4c32e502a0fa472a4c6946ffb56e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 20:06:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.gxpowered.com/ef/assets/xwk9.png
54.230.111.51200 OK 327 kB URL HTTP/2 www.gxpowered.com/ef/assets/xwk9.png
IP 54.230.111.51:0
File type PNG image data, 1930 x 1085, 8-bit/color RGBA, non-interlaced\012- data
Size 327 kB (326592 bytes)
Hash 98bad9c0e22d83f92c81af7450e962a3
999d7edcf7cdff3669f8ef0ba937a695b0cd5238
8065cf86dfb65f5edf4a56a0dabb581f5248216922d4e4a198f2358279721565
GET /ef/assets/xwk9.png HTTP/1.1
Host: www.gxpowered.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gxpowered.com/ef/?tl=aHR0cHM6Ly93d3cub3N0bG9uLmNvbS9jbXAvM1NHVERIMS9QNUhQSEIv&sub1=1320852&sub2=df0f817pmb72t052
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 326592
date: Thu, 06 Oct 2022 09:42:03 GMT
last-modified: Tue, 22 Mar 2022 14:50:52 GMT
etag: "98bad9c0e22d83f92c81af7450e962a3"
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 4L94ZsZfZoEWKocrruFP7KPL_ND_kU6eYa9y2yl2ZhoEAq7npSt7qA==
age: 37458
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash b0e8a79f3e381ab34a44278947ac7c7e
70d01e6fdc8565c661b6ae8c5a043ddf2da16530
885a8c234fca85e6f6bb3e8fcab6672b9a9742b5d3f74681b17a330fa295d549
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 20:06:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 87465c15992fe10c24c62a185f8c171d
fa938b624d06d1e2927c8eda6a44b2a32d930f59
239ef7fe5df8c396d96a928c20d66c842a5ec3e9ff71a3cd7c0068906fc3e537
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 20:06:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash ff5f22aafa6751c60631736c305a4c7c
278b89e5c1a978e070be4b66bb780862894b8504
b501664d7591e6dfe95c8641e0020e04b76f16f5cb80a7fc0ee0b36af60a6382
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 20:06:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash aea480478c3be7392d09e8a92826542f
b660fb42c8122efb07b3d1de1a8907ad1f6e1a60
ee691969e4d61ba3145fe90b28c5051367c223f31c0e0ee001d8481035090760
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 20:06:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 5eee2baed68ec922370bd283860860fd
7d1e7dfdb9577dcd11587bb162e17c56eaf8e4c4
7931afabb9286276c385564aa73ed67927d31e12ab35eb92da84048a7896f27d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 20:06:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/chakrapetch/v9/cIflMapbsEk7TDLdtEz1BwkeQI51R5_F.woff2
216.58.207.195200 OK 9.2 kB URL HTTP/2 fonts.gstatic.com/s/chakrapetch/v9/cIflMapbsEk7TDLdtEz1BwkeQI51R5_F.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 9156, version 1.0\012- data
Hash 5383f3ce890e025fd8d85a23662397c9
78a5eac04cfe53d3f1fdcd178288e2cef45032e4
ace012ca5db0bd782a22d938f8bf4a7ecdda284f9515f0c79418356efd5153f5
GET /s/chakrapetch/v9/cIflMapbsEk7TDLdtEz1BwkeQI51R5_F.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.gxpowered.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 9156
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 30 Sep 2022 00:44:17 GMT
expires: Sat, 30 Sep 2023 00:44:17 GMT
cache-control: public, max-age=31536000
age: 588123
last-modified: Thu, 21 Apr 2022 18:49:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.googleapis.com/css2?family=Chakra+Petch:wght@300;600&display=swap
142.250.74.10200 OK 10 kB URL HTTP/2 fonts.googleapis.com/css2?family=Chakra+Petch:wght@300;600&display=swap
IP 142.250.74.10:0
Hash 158ffe7589dd0c18c7a6590ca7539551
18b03770ae3cab8a2c003e114321db6dfa5619e0
23207e5ed1a695828077302f7404a06bed95c4462f8b8c3be34fa73dbb8ddd2c
GET /css2?family=Chakra+Petch:wght@300;600&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gxpowered.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 06 Oct 2022 20:06:20 GMT
date: Thu, 06 Oct 2022 20:06:20 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.googletagmanager.com/gtm.js?id=GTM-W22TDPP
142.250.74.168200 OK 58 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-W22TDPP
IP 142.250.74.168:0
File type ASCII text, with very long lines (3129)
Hash e343307b285945920257655e7a0721ea
34a715e4722fe016b9e5df09de4bc4c8ab48a3a5
ebd092523dcb5e595ba96c37074b21c8f08e1b86d7b8b48b95874662c86beb1d
GET /gtm.js?id=GTM-W22TDPP HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gxpowered.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 06 Oct 2022 20:06:20 GMT
expires: Thu, 06 Oct 2022 20:06:20 GMT
cache-control: private, max-age=900
last-modified: Thu, 06 Oct 2022 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 58143
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
1d658ac571c.nobhere.com/?p=2781&media_type=mainstream&click_id=1665086775goa633f3537e96f1&pi=314
94.237.103.119200 OK 3.6 kB URL HTTP/2 1d658ac571c.nobhere.com/?p=2781&media_type=mainstream&click_id=1665086775goa633f3537e96f1&pi=314
IP 94.237.103.119:0
Hash 2400482f86b8eec6922528d474b0ab76
ac44b23dbf2af83c92fc9ed54e84d07b26e6be18
5ba0bf491473c076fb0459f45b64129cf17d8f507863723418a8b9d23fd63859
GET /?p=2781&media_type=mainstream&click_id=1665086775goa633f3537e96f1&pi=314 HTTP/1.1
Host: 1d658ac571c.nobhere.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 06 Oct 2022 20:06:18 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: rts-trck=1; expires=Thu, 06-Oct-2022 20:16:18 GMT; Max-Age=600; path=/; domain=1d658ac571c.nobhere.com
t-uuid=5whawrmdj739hg9canlcswswk; expires=Wed, 06-Oct-2032 20:06:18 GMT; Max-Age=315619200; path=/; domain=.nobhere.com
rts-trck=1; expires=Thu, 06-Oct-2022 20:16:18 GMT; Max-Age=600; path=/; domain=1d658ac571c.nobhere.com
traffic-back=ok; expires=Thu, 06-Oct-2022 20:06:48 GMT; Max-Age=30; path=/; domain=.nobhere.com
last-modified: Thu, 6 Oct 2022 20:06:18 GMT
expires: Thu, 6 Oct 2022 20:06:18 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
x-robots-tag: noindex, nofollow
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash ff5f22aafa6751c60631736c305a4c7c
278b89e5c1a978e070be4b66bb780862894b8504
b501664d7591e6dfe95c8641e0020e04b76f16f5cb80a7fc0ee0b36af60a6382
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 20:06:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 5eee2baed68ec922370bd283860860fd
7d1e7dfdb9577dcd11587bb162e17c56eaf8e4c4
7931afabb9286276c385564aa73ed67927d31e12ab35eb92da84048a7896f27d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 20:06:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 87465c15992fe10c24c62a185f8c171d
fa938b624d06d1e2927c8eda6a44b2a32d930f59
239ef7fe5df8c396d96a928c20d66c842a5ec3e9ff71a3cd7c0068906fc3e537
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 20:06:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.youtube.com/s/player/55fdc514/www-player.css
142.250.74.110200 OK 50 kB URL HTTP/2 www.youtube.com/s/player/55fdc514/www-player.css
IP 142.250.74.110:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash ce9b3268e83e864464ee0b1c1bcbd395
aec0d122b7a1674fd2c903e350d7c1e345bdda9a
eccc42a16e7cb2c976a2f247265ef435954d636410182b6e8d6443457252d0e6
GET /s/player/55fdc514/www-player.css HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/embed/Uv-jwjKxZsk?controls=0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding, Origin
content-encoding: br
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 50095
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 05 Oct 2022 14:56:31 GMT
expires: Thu, 05 Oct 2023 14:56:31 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 05 Oct 2022 00:20:53 GMT
content-type: text/css
age: 104989
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.youtube.com/s/player/55fdc514/www-embed-player.vflset/www-embed-player.js
142.250.74.110200 OK 97 kB URL HTTP/2 www.youtube.com/s/player/55fdc514/www-embed-player.vflset/www-embed-player.js
IP 142.250.74.110:0
File type ASCII text, with very long lines (572)
Hash 25913148e87059714551dcf4917e9cda
77186ee8b563a941961829ca4df183e6c0b63660
2c1f6b675637c3df7fce30c177b7a16047d026aca38b4f2e562b8328d775acf0
GET /s/player/55fdc514/www-embed-player.vflset/www-embed-player.js HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/embed/Uv-jwjKxZsk?controls=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding, Origin
content-encoding: br
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 97396
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 05 Oct 2022 14:56:31 GMT
expires: Thu, 05 Oct 2023 14:56:31 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 05 Oct 2022 00:20:53 GMT
content-type: text/javascript
age: 104989
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.youtube.com/s/player/55fdc514/player_ias.vflset/en_US/base.js
142.250.74.110200 OK 592 kB URL HTTP/2 www.youtube.com/s/player/55fdc514/player_ias.vflset/en_US/base.js
IP 142.250.74.110:0
File type ASCII text, with very long lines (554)
Size 592 kB (592045 bytes)
Hash 49f27d11dc9dba238fee54e219f9bb6c
a952ae8d9115266720c306df517a4bd3633379ed
691ca616c64c4f020e9363c94e83406d0fa241238b7a719a4cb055783e9e74c3
GET /s/player/55fdc514/player_ias.vflset/en_US/base.js HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/embed/Uv-jwjKxZsk?controls=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
vary: Accept-Encoding, Origin
content-encoding: br
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 592045
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 05 Oct 2022 15:04:49 GMT
expires: Thu, 05 Oct 2023 15:04:49 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 05 Oct 2022 00:20:53 GMT
content-type: text/javascript
age: 104491
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.youtube.com/s/player/55fdc514/fetch-polyfill.vflset/fetch-polyfill.js
142.250.74.110200 OK 2.8 kB URL HTTP/2 www.youtube.com/s/player/55fdc514/fetch-polyfill.vflset/fetch-polyfill.js
IP 142.250.74.110:0
File type Algol 68 source text\012- Pascal source, ASCII text, with very long lines (555)
Hash 80fe2d229007996c8397073b00755dc7
121f82c77bcf2a297a1085e3b092415c463fcafe
033dfa8941482c82d4f1aaa4a9172fb379b9e46a02d5b36297c5476bbbfdea2c
GET /s/player/55fdc514/fetch-polyfill.vflset/fetch-polyfill.js HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/embed/Uv-jwjKxZsk?controls=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding, Origin
content-encoding: br
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 2786
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 05 Oct 2022 14:56:31 GMT
expires: Thu, 05 Oct 2023 14:56:31 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 05 Oct 2022 00:20:53 GMT
content-type: text/javascript
age: 104989
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
11442918.fls.doubleclick.net/activityi;src=11442918;type=pageview;cat=opera0;ord=1;num=1298518378175;gtm=2wga50;auiddc=1718513473.1665086780;~oref=https%3A%2F%2Fwww.gxpowered.com%2Fef%2F%3Ftl%3DaHR0cHM6Ly93d3cub3N0bG9uLmNvbS9jbXAvM1NHVERIMS9QNUhQSEIv%26sub1%3D1320852%26sub2%3Ddf0f817pmb72t052?
142.250.74.70200 OK 446 B URL HTTP/2 11442918.fls.doubleclick.net/activityi;src=11442918;type=pageview;cat=opera0;ord=1;num=1298518378175;gtm=2wga50;auiddc=1718513473.1665086780;~oref=https%3A%2F%2Fwww.gxpowered.com%2Fef%2F%3Ftl%3DaHR0cHM6Ly93d3cub3N0bG9uLmNvbS9jbXAvM1NHVERIMS9QNUhQSEIv%26sub1%3D1320852%26sub2%3Ddf0f817pmb72t052?
IP 142.250.74.70:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (569), with no line terminators
Hash c0747c183fceb831d28a65b21fe786af
686c840d6a104e8c685566eb7663b5c7e0cc5978
f5bc079897c58ea30891c8006c5afe2aa6faf473ab01f5b5643cc9deacab97f0
GET /activityi;src=11442918;type=pageview;cat=opera0;ord=1;num=1298518378175;gtm=2wga50;auiddc=1718513473.1665086780;~oref=https%3A%2F%2Fwww.gxpowered.com%2Fef%2F%3Ftl%3DaHR0cHM6Ly93d3cub3N0bG9uLmNvbS9jbXAvM1NHVERIMS9QNUhQSEIv%26sub1%3D1320852%26sub2%3Ddf0f817pmb72t052? HTTP/1.1
Host: 11442918.fls.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gxpowered.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 06 Oct 2022 20:06:20 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 446
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 06-Oct-2022 20:21:20 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 96423370618a4e8cef79532d1bebee5b
4c0a07466a54f9355819062fb899f86f21716876
1c6ca25ca73d54ab1186a44ef9b3d3ac75d936a4acc11e4d3dbb103a8cb150e2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 20:06:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.com/ddm/fls/i/src=11442918;type=pageview;cat=opera0;ord=1;num=1298518378175;gtm=2wga50;auiddc=1718513473.1665086780;~oref=https%3A%2F%2Fwww.gxpowered.com%2Fef%2F%3Ftl%3DaHR0cHM6Ly93d3cub3N0bG9uLmNvbS9jbXAvM1NHVERIMS9QNUhQSEIv%26sub1%3D1320852%26sub2%3Ddf0f817pmb72t052
142.250.74.66200 OK 446 B URL HTTP/2 adservice.google.com/ddm/fls/i/src=11442918;type=pageview;cat=opera0;ord=1;num=1298518378175;gtm=2wga50;auiddc=1718513473.1665086780;~oref=https%3A%2F%2Fwww.gxpowered.com%2Fef%2F%3Ftl%3DaHR0cHM6Ly93d3cub3N0bG9uLmNvbS9jbXAvM1NHVERIMS9QNUhQSEIv%26sub1%3D1320852%26sub2%3Ddf0f817pmb72t052
IP 142.250.74.66:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (568), with no line terminators
Hash 8894dab0cfd942e75f6bdc87089dca3b
77ad8553d3314a4bf301bcda22b98d59f53fd6f7
4b04fd8b73c038c18c212edd75690596d4da3dd701d90e2cf5bfe0cf5ae9f2d9
GET /ddm/fls/i/src=11442918;type=pageview;cat=opera0;ord=1;num=1298518378175;gtm=2wga50;auiddc=1718513473.1665086780;~oref=https%3A%2F%2Fwww.gxpowered.com%2Fef%2F%3Ftl%3DaHR0cHM6Ly93d3cub3N0bG9uLmNvbS9jbXAvM1NHVERIMS9QNUhQSEIv%26sub1%3D1320852%26sub2%3Ddf0f817pmb72t052 HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://11442918.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 06 Oct 2022 20:06:20 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 446
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
bat.bing.com/action/0?ti=11002730&tm=gtm002&Ver=2&mid=e8d88cd3-2ed3-4b3b-94ad-c1e234b6932e&sid=5852783045b211eda120f9b9a92a9f62&vid=5852964045b211edb12513914679d32c&vids=1&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=Opera%20GX&p=https%3A%2F%2Fwww.gxpowered.com%2Fef%2F%3Ftl%3DaHR0cHM6Ly93d3cub3N0bG9uLmNvbS9jbXAvM1NHVERIMS9QNUhQSEIv%26sub1%3D1320852%26sub2%3Ddf0f817pmb72t052&r=<=1442&evt=pageLoad&sv=1&rn=582943
13.107.21.200204 No Content 0 B URL HTTP/2 bat.bing.com/action/0?ti=11002730&tm=gtm002&Ver=2&mid=e8d88cd3-2ed3-4b3b-94ad-c1e234b6932e&sid=5852783045b211eda120f9b9a92a9f62&vid=5852964045b211edb12513914679d32c&vids=1&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=Opera%20GX&p=https%3A%2F%2Fwww.gxpowered.com%2Fef%2F%3Ftl%3DaHR0cHM6Ly93d3cub3N0bG9uLmNvbS9jbXAvM1NHVERIMS9QNUhQSEIv%26sub1%3D1320852%26sub2%3Ddf0f817pmb72t052&r=<=1442&evt=pageLoad&sv=1&rn=582943
IP 13.107.21.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /action/0?ti=11002730&tm=gtm002&Ver=2&mid=e8d88cd3-2ed3-4b3b-94ad-c1e234b6932e&sid=5852783045b211eda120f9b9a92a9f62&vid=5852964045b211edb12513914679d32c&vids=1&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=Opera%20GX&p=https%3A%2F%2Fwww.gxpowered.com%2Fef%2F%3Ftl%3DaHR0cHM6Ly93d3cub3N0bG9uLmNvbS9jbXAvM1NHVERIMS9QNUhQSEIv%26sub1%3D1320852%26sub2%3Ddf0f817pmb72t052&r=<=1442&evt=pageLoad&sv=1&rn=582943 HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gxpowered.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=2C8DF4E1FB4A688B1F82E6D4FABF69CD; domain=.bing.com; expires=Tue, 31-Oct-2023 20:06:20 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 4E6609EC4F6341ED955AC051888A7594 Ref B: OSL30EDGE0509 Ref C: 2022-10-06T20:06:20Z
date: Thu, 06 Oct 2022 20:06:19 GMT
X-Firefox-Spdy: h2
bat.bing.com/p/action/11002730.js
13.107.21.200200 OK 667 B URL HTTP/2 bat.bing.com/p/action/11002730.js
IP 13.107.21.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
File type ASCII text, with CRLF line terminators
Hash c9bda5c49926f819d6af80ac84237a43
34dd0984e6ed5cab47dc7b4de397b9a20087338d
37d5e081575f389993187b9533528f923e67fc7f812ccf842e7941b8420f0feb
GET /p/action/11002730.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gxpowered.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: private,max-age=60
content-length: 667
content-type: application/javascript; charset=utf-8
content-encoding: gzip
vary: Accept-Encoding
set-cookie: MUID=02A150CF3BE668F63FE442FA3A1369F7; domain=.bing.com; expires=Tue, 31-Oct-2023 20:06:20 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: A3A9D8B7D505456E82F50C2B9368CF02 Ref B: OSL30EDGE0509 Ref C: 2022-10-06T20:06:20Z
date: Thu, 06 Oct 2022 20:06:19 GMT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 1d4c3917173bd92c4b3208cdf2c7c345
726a9aa16eef5844afde825f9faf1b505d31e69b
572eebfaf735eb8aa1b3563d0317d52f5d22e9e83e5f5b6723f65da83fb15f22
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 20:06:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.no/ddm/fls/i/src=11442918;type=pageview;cat=opera0;ord=1;num=1298518378175;gtm=2wga50;auiddc=1718513473.1665086780;~oref=https%3A%2F%2Fwww.gxpowered.com%2Fef%2F%3Ftl%3DaHR0cHM6Ly93d3cub3N0bG9uLmNvbS9jbXAvM1NHVERIMS9QNUhQSEIv%26sub1%3D1320852%26sub2%3Ddf0f817pmb72t052
216.58.207.226200 OK 177 B URL HTTP/2 adservice.google.no/ddm/fls/i/src=11442918;type=pageview;cat=opera0;ord=1;num=1298518378175;gtm=2wga50;auiddc=1718513473.1665086780;~oref=https%3A%2F%2Fwww.gxpowered.com%2Fef%2F%3Ftl%3DaHR0cHM6Ly93d3cub3N0bG9uLmNvbS9jbXAvM1NHVERIMS9QNUhQSEIv%26sub1%3D1320852%26sub2%3Ddf0f817pmb72t052
IP 216.58.207.226:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Hash 9393b28661a65a763699c108887882eb
c237ba6491e6fb9ca57da33dd9d048ca8e86cfda
2bdce28c6fb3cb210861d4aba734ab7aedfc979a8fa273512a61d8cf8afc78b0
GET /ddm/fls/i/src=11442918;type=pageview;cat=opera0;ord=1;num=1298518378175;gtm=2wga50;auiddc=1718513473.1665086780;~oref=https%3A%2F%2Fwww.gxpowered.com%2Fef%2F%3Ftl%3DaHR0cHM6Ly93d3cub3N0bG9uLmNvbS9jbXAvM1NHVERIMS9QNUhQSEIv%26sub1%3D1320852%26sub2%3Ddf0f817pmb72t052 HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 06 Oct 2022 20:06:20 GMT
expires: Thu, 06 Oct 2022 20:06:20 GMT
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 177
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 1cecd042e106c70af7e8f0d9863ca3d9
fa94604e9e99c752d18708abcec8584a5eee66ea
3525f542ce5a72795646c2bba144333920f67f3e9938748f9d3bd3aff9ac496e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 20:06:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.clarity.ms/tag/uet/11002730
13.107.213.53200 OK 1.5 kB URL HTTP/2 www.clarity.ms/tag/uet/11002730
IP 13.107.213.53:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
File type ASCII text, with very long lines (1522)
Hash 82b7fe885841efa27e07260c40a4f73b
1a7fffa17929770957523f76725d3641dc4e0bb5
ef50b7fb1358336d924068cebe9dd41caab63d7dfa4cbf34c794999cbd39c723
GET /tag/uet/11002730 HTTP/1.1
Host: www.clarity.ms
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gxpowered.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: no-cache, no-store
content-type: application/x-javascript
expires: -1
set-cookie: CLID=517e41a6838341c2bc444d83e9812b3a.20221006.20231006; expires=Fri, 06 Oct 2023 20:06:20 GMT; path=/; secure; samesite=none; httponly
request-context: appId=cid-v1:593e4080-f032-4d00-a652-e17f01252a9d
x-cache: CONFIG_NOCACHE
x-azure-ref: 0PDU/YwAAAAD0ZGraWLOtSI3gEFyFEcIyU1ZHMjBFREdFMDYyMQA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
date: Thu, 06 Oct 2022 20:06:20 GMT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 05cdf02bcbbeed0122679c1118a350ce
b5311d6866b69206bec8f67a19cfeeefed233ef1
4b7235ec2ca2295957e75e79fdc718fbacc13bfd5674d1aeb7cbe5bed9fe9ead
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 20:06:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.clarity.ms/eus2/s/0.6.42/clarity.js
13.107.213.53200 OK 23 kB URL HTTP/2 www.clarity.ms/eus2/s/0.6.42/clarity.js
IP 13.107.213.53:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
File type Unicode text, UTF-8 text, with very long lines (54141)
Hash f016daac053b80575e11e20b6644142b
bc23277b8eae567b77c3dfc3f03b91fb054feda7
ee91529c076bf5e87a26b3c045e0b6e63326e6aa871dafea1c1509f73454123d
GET /eus2/s/0.6.42/clarity.js HTTP/1.1
Host: www.clarity.ms
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gxpowered.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public,max-age=86400
content-length: 23382
content-type: application/javascript;charset=utf-8
content-encoding: br
last-modified: Wed, 01 Jun 2022 12:22:22 GMT
accept-ranges: bytes
etag: "1d8d8e58fdaa9d4"
vary: Accept-Encoding
request-context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64
x-cache: CONFIG_NOCACHE
x-azure-ref: 0PTU/YwAAAAD+nW5gUOTESrzvHATYQ+nWU1ZHMjBFREdFMDYyMQA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
date: Thu, 06 Oct 2022 20:06:20 GMT
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/id
142.250.74.162302 Found 0 B URL HTTP/2 googleads.g.doubleclick.net/pagead/id
IP 142.250.74.162:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pagead/id HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
access-control-allow-credentials: true
access-control-allow-origin: https://www.youtube.com
date: Thu, 06 Oct 2022 20:06:21 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
142.250.74.106200 OK 0 B URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
IP 142.250.74.106:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Referer: https://www.youtube.com/
Origin: https://www.youtube.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://www.youtube.com
vary: origin, referer, x-origin
access-control-allow-credentials: true
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-max-age: 3600
date: Thu, 06 Oct 2022 20:06:21 GMT
content-type: text/html
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/id?slf_rd=1
142.250.74.162200 OK 120 B URL HTTP/2 googleads.g.doubleclick.net/pagead/id?slf_rd=1
IP 142.250.74.162:0
Hash ebef237362f453907974d181b8ab6b26
9554610ef5b3fe0a8c575991286651e9a48b34c6
5b9ba6d3fd285d325512d23fa0a1de6ebb3b96bfac52edc460053ae0901078fa
GET /pagead/id?slf_rd=1 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.youtube.com
Referer: https://www.youtube.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: https://www.youtube.com
content-type: application/json; charset=UTF-8
date: Thu, 06 Oct 2022 20:06:21 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 120
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
142.250.74.106200 OK 31 kB URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
IP 142.250.74.106:0
File type JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Hash 2ee1dea19b0ceba2e7394f95ff6a7ab9
d56094f49cf4429ff3bb7cd4833d78b07d0a93c7
281f820dab7ef33d77e0814dbe70a404680eafb1b422fa36e81446ba71c6cf0f
POST /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Content-Length: 24
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json+protobuf; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Thu, 06 Oct 2022 20:06:21 GMT
server: ESF
cache-control: private
content-length: 30784
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
access-control-allow-credentials: true
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 40a4de06678d96242b71d5318f2fd4ef
546a7d1d92df81916f14155943427b5453ae3924
aed9af25ae57c181702a137d48cb00f5b30297180161451de3b628359dc9ec6f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 20:06:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash eac86f868b3967f1946c7f5fc712b25f
e2ae8eb09715a0af0791c085eb35bf66e0548e30
bceb14e7a478c0e34a0f1d8286eb954566c62051e996bc36189de922a76a6e06
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 20:06:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/js/th/qs_eGd-h9f3_frMeplByuCjrJjGTr5iyl3j-JE2Mo0s.js
142.250.74.164200 OK 14 kB URL HTTP/2 www.google.com/js/th/qs_eGd-h9f3_frMeplByuCjrJjGTr5iyl3j-JE2Mo0s.js
IP 142.250.74.164:0
File type ASCII text, with very long lines (36351)
Hash fca4c84446cae474dbf63fcf44f061ca
399275019a515b324eb48ac6f2042f30dd15cd18
86a4021c55d56c050bc7e8de79f895d7555279bccbc8777f975f0945a5a2a4f2
GET /js/th/qs_eGd-h9f3_frMeplByuCjrJjGTr5iyl3j-JE2Mo0s.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-length: 14350
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 05 Oct 2022 16:28:36 GMT
expires: Thu, 05 Oct 2023 16:28:36 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 27 Sep 2022 17:00:00 GMT
content-type: text/javascript
age: 99465
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
c.clarity.ms/c.gif
20.234.93.27302 Found 0 B IP 20.234.93.27:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /c.gif HTTP/1.1
Host: c.clarity.ms
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gxpowered.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
location: https://c.bing.com/c.gif?CtsSyncId=0F4CC5A2697B4800BE7E601F799A40AF&RedC=c.clarity.ms&MXFR=14EFFC31AB986B263D89EE04AF9865CA
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
set-cookie: SM=T; domain=c.clarity.ms; path=/; SameSite=None; Secure;
MUID=14EFFC31AB986B263D89EE04AF9865CA; domain=.clarity.ms; expires=Tue, 31-Oct-2023 20:06:21 GMT; path=/; SameSite=None; Secure; Priority=High;
date: Thu, 06 Oct 2022 20:06:20 GMT
content-length: 0
X-Firefox-Spdy: h2
poqueras.com/noid/slope?lame=2H9bknzlz6BNNCcn10k5gQ%3D%3D
172.67.160.121200 OK 0 B URL HTTP/2 poqueras.com/noid/slope?lame=2H9bknzlz6BNNCcn10k5gQ%3D%3D
IP 172.67.160.121:0
GET /noid/slope?lame=2H9bknzlz6BNNCcn10k5gQ%3D%3D HTTP/1.1
Host: poqueras.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bercioles.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 06 Oct 2022 20:06:17 GMT
content-type: text/html;charset=ISO-8859-1
referrer-policy: origin
cache-control: no-store, no-cache
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JGkgepHxEjGdMsTSUPw06gCzm%2BprWF8JZ%2BaEZ9WrIJjctAviDgUI3ngJuLmvgr975m8NR4NKmRo2ZeHHpgjNu3B4hVrmN1PMjezyG1TruBJ9tdft3UQ2FmXKtaDRls8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75610444fcd01bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
adexico.xyz/click.php?key=eizvfwu9ujf9h2ho3rpl&click=633f353b1551be00019ce11a&pid=2455&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=
157.230.52.75302 Found 0 B URL HTTP/2 adexico.xyz/click.php?key=eizvfwu9ujf9h2ho3rpl&click=633f353b1551be00019ce11a&pid=2455&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=
IP 157.230.52.75:0
ASN #14061 DIGITALOCEAN-ASN
GET /click.php?key=eizvfwu9ujf9h2ho3rpl&click=633f353b1551be00019ce11a&pid=2455&sub3=&sub4=&sub5=&sub6=&sub7=&sub8= HTTP/1.1
Host: adexico.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx/1.18.0
date: Thu, 06 Oct 2022 20:06:19 GMT
content-type: text/html; charset=UTF-8
location: https://www.gxpowered.com/ef/?tl=aHR0cHM6Ly93d3cub3N0bG9uLmNvbS9jbXAvM1NHVERIMS9QNUhQSEIv&sub1=1320852&sub2=df0f817pmb72t052
set-cookie: uclick=17pmb72t; expires=Fri, 07-Oct-2022 20:06:19 GMT; Max-Age=86400; path=/
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
www.youtube.com/embed/Uv-jwjKxZsk?controls=0
142.250.74.110200 OK 0 B URL HTTP/2 www.youtube.com/embed/Uv-jwjKxZsk?controls=0
IP 142.250.74.110:0
GET /embed/Uv-jwjKxZsk?controls=0 HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gxpowered.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=utf-8
x-content-type-options: nosniff
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 06 Oct 2022 20:06:20 GMT
strict-transport-security: max-age=31536000
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: YSC=gSVrdOx4vZY; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
VISITOR_INFO1_LIVE=_RAN8m7-lAc; Domain=.youtube.com; Expires=Tue, 04-Apr-2023 20:06:20 GMT; Path=/; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+424; expires=Sat, 05-Oct-2024 20:06:20 GMT; path=/; domain=.youtube.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.addlnk.com/redirect.css
172.67.191.221200 OK 0 B URL HTTP/2 cdn.addlnk.com/redirect.css
IP 172.67.191.221:0
GET /redirect.css HTTP/1.1
Host: cdn.addlnk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://surf.ueive.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 06 Oct 2022 20:06:14 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=1680
etag: W/"3ae56d32551602b41f9046c14d1cfde2"
last-modified: Wed, 13 Mar 2019 00:03:12 GMT
x-amz-id-2: BUW6rlWHZvzQnvJHp4gBkVRIGc8DfdhWdOpgruWqMqu7ownlHIapox/IYSueiBqz+QseNtzP+2A=
x-amz-request-id: KYXF7EGSHW20KRRM
cf-cache-status: HIT
age: 3880
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9JqXkiLv7Ra3QQWZ%2FG2yYDyfBhzOP%2FPh1KuM40PvjHmwu8B8v6afF%2BDxXbPjF2U8YphPqPvthT7uS8%2FE%2Bq7zKK1RUrmOX6QxPxFMND83v9uWgFlCVGzXW7Fp8use37VgTQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 756104351e79b51d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.addlnk.com/redirect.css
104.21.20.70200 OK 0 B URL HTTP/2 cdn.addlnk.com/redirect.css
IP 104.21.20.70:0
GET /redirect.css HTTP/1.1
Host: cdn.addlnk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://myofferplus.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 06 Oct 2022 20:06:13 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=1680
etag: W/"3ae56d32551602b41f9046c14d1cfde2"
last-modified: Wed, 13 Mar 2019 00:03:12 GMT
x-amz-id-2: BUW6rlWHZvzQnvJHp4gBkVRIGc8DfdhWdOpgruWqMqu7ownlHIapox/IYSueiBqz+QseNtzP+2A=
x-amz-request-id: KYXF7EGSHW20KRRM
cf-cache-status: HIT
age: 3879
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WKNqZsOAwiyl6YhSLrzCghiEg2V4Ap6lS6%2Fo8rorympTLYAZbECacYIUivfomwcMAQuT9E%2BG8FsAJptqZS2blIt5Ut0kFqoN7CcqeAFDhyXLjJNWCjvdTjQ1dvXqGl61bQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7561042f6e89b51d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
kixa.jukminung.com/rc/19aff8b744?affclick=633f35371b0b600001b15f1d&pubid=930_a617a0f9_34363
104.21.28.174200 OK 0 B URL HTTP/2 kixa.jukminung.com/rc/19aff8b744?affclick=633f35371b0b600001b15f1d&pubid=930_a617a0f9_34363
IP 104.21.28.174:0
GET /rc/19aff8b744?affclick=633f35371b0b600001b15f1d&pubid=930_a617a0f9_34363 HTTP/1.1
Host: kixa.jukminung.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://surf.ueive.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 06 Oct 2022 20:06:15 GMT
content-type: text/html; charset=utf-8
set-cookie: AWSALB=n68w6BRkSp16E0bF+AS7nLHk6IAcf9G1lCNAJ5YsdmNRotHpADGnx9d/XKhSpqE5p8so6LJeaZtCglpf15r0kPBUrAakuc3PQy7+C9J0BoDVHNNoegZcx1baIQ7H; Expires=Thu, 13 Oct 2022 20:06:15 GMT; Path=/
AWSALBCORS=n68w6BRkSp16E0bF+AS7nLHk6IAcf9G1lCNAJ5YsdmNRotHpADGnx9d/XKhSpqE5p8so6LJeaZtCglpf15r0kPBUrAakuc3PQy7+C9J0BoDVHNNoegZcx1baIQ7H; Expires=Thu, 13 Oct 2022 20:06:15 GMT; Path=/; SameSite=None
vary: Accept-Encoding, Accept-Language, Cookie
content-language: en
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EE2JuH7KHVELN30f8xY5ksUWH1zXBFDeydMAEw%2Fc4qB2Y6E2Cqhg02adne5wEES%2FBmdp9UVyCZBo4nrouRya507A3VSAgzkpC1Db5ojoQXbtMYuVSN39Y7vmOw%2Fd6GEO3w57bDk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7561043c9e3db50f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.addlnk.com/redirect.css
104.21.20.70200 OK 0 B URL HTTP/2 cdn.addlnk.com/redirect.css
IP 104.21.20.70:0
GET /redirect.css HTTP/1.1
Host: cdn.addlnk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kixa.jukminung.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 06 Oct 2022 20:06:16 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=1680
etag: W/"3ae56d32551602b41f9046c14d1cfde2"
last-modified: Wed, 13 Mar 2019 00:03:12 GMT
x-amz-id-2: BUW6rlWHZvzQnvJHp4gBkVRIGc8DfdhWdOpgruWqMqu7ownlHIapox/IYSueiBqz+QseNtzP+2A=
x-amz-request-id: KYXF7EGSHW20KRRM
cf-cache-status: HIT
age: 3882
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Sso8bJvkv2CvU8i2SjkSWHN44cGWS1RKkrGwD4oKKSe1CdTI4ZfKCgsD0%2BnjM6PlhLazxizV9%2F4t9dgbkh4SQ8q2dhNAjZrSIEAQlAhqCB0ysQiKPRX3eFXu7b0TfS0GeA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7561043e0cc91c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bercioles.com/redirect?id=737&auth=337e46e86a8ca0952bfc1828039f4d15ccd12eea&sid=90&clk=BMscld4AAAGDrufl6wAAAycAAABaAAABNQAAAAAP
172.67.138.217200 OK 0 B URL HTTP/2 bercioles.com/redirect?id=737&auth=337e46e86a8ca0952bfc1828039f4d15ccd12eea&sid=90&clk=BMscld4AAAGDrufl6wAAAycAAABaAAABNQAAAAAP
IP 172.67.138.217:0
GET /redirect?id=737&auth=337e46e86a8ca0952bfc1828039f4d15ccd12eea&sid=90&clk=BMscld4AAAGDrufl6wAAAycAAABaAAABNQAAAAAP HTTP/1.1
Host: bercioles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://armr.trckswrm.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 06 Oct 2022 20:06:17 GMT
content-type: text/html;charset=utf-8
referrer-policy: origin
vary: accept-encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jV3PuYnrT6CdUkpDKCoW%2B4g8%2Fw2s%2BICWsXg1QBetROhtbIud7W5iPMUMNjzkq3zEGt63mLJwsw93FOPAV%2Fh6a52DxyaCKX8GoXaDgcpDyGG6UY1uBF3MN8IBmx0YfuNV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 756104439d43b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.gxpowered.com/ef/?tl=aHR0cHM6Ly93d3cub3N0bG9uLmNvbS9jbXAvM1NHVERIMS9QNUhQSEIv&sub1=1320852&sub2=df0f817pmb72t052
54.230.111.51200 OK 0 B URL HTTP/2 www.gxpowered.com/ef/?tl=aHR0cHM6Ly93d3cub3N0bG9uLmNvbS9jbXAvM1NHVERIMS9QNUhQSEIv&sub1=1320852&sub2=df0f817pmb72t052
IP 54.230.111.51:0
GET /ef/?tl=aHR0cHM6Ly93d3cub3N0bG9uLmNvbS9jbXAvM1NHVERIMS9QNUhQSEIv&sub1=1320852&sub2=df0f817pmb72t052 HTTP/1.1
Host: www.gxpowered.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
last-modified: Wed, 23 Mar 2022 18:56:12 GMT
server: AmazonS3
content-encoding: br
date: Wed, 05 Oct 2022 23:20:54 GMT
etag: W/"c1a229519b4038e2a3e01d0b5dfd7870"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ggeBlV93j9GIKYPFcltPXwGLM77eXZqhV8V9DwogAsEQzaUl-wclLA==
age: 74726
X-Firefox-Spdy: h2
myofferplus.com/rc/a91581ead4?affclick=633f35354b5b44000198cbef&pubid=503
172.67.217.200200 OK 0 B URL HTTP/2 myofferplus.com/rc/a91581ead4?affclick=633f35354b5b44000198cbef&pubid=503
IP 172.67.217.200:0
GET /rc/a91581ead4?affclick=633f35354b5b44000198cbef&pubid=503 HTTP/1.1
Host: myofferplus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 06 Oct 2022 20:06:13 GMT
content-type: text/html; charset=utf-8
set-cookie: AWSALB=1GwfNsp/wi+3dcXPjKFSPvcmXG5j8zHkWGczGXCSZCXZTwRau5upIPhIlHjK1hq7+F4JnQHQBPlXny3D1LywhRPJP3GC8/P9tJJrG1FqIkihoW+E6XeDpROgOc36; Expires=Thu, 13 Oct 2022 20:06:13 GMT; Path=/
AWSALBCORS=1GwfNsp/wi+3dcXPjKFSPvcmXG5j8zHkWGczGXCSZCXZTwRau5upIPhIlHjK1hq7+F4JnQHQBPlXny3D1LywhRPJP3GC8/P9tJJrG1FqIkihoW+E6XeDpROgOc36; Expires=Thu, 13 Oct 2022 20:06:13 GMT; Path=/; SameSite=None
vary: Accept-Encoding, Accept-Language, Cookie
content-language: en
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IOnbsIiJwgBzjjTEAXR85CM8p5ApckKGvemtTywncvnWM%2B4dvdU2Fg%2F9YG%2FEJPwvXurmzBuJ46aTardHJA6XBT5V1eflaDwHW7RIfpuoWynlzS6mdc%2FrSzOu1HNK2rDVvBQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7561042e0de60b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2