Overview

URL pdxx-7fmavzpxk2xlm-4-2.lowsea.fun/emw/v1/dt?sid=8.android.webview-android.&k=bfb&url=sapo.trffcsource.com&xrw=&lid=631ae33673198816e01294a8
IP5.161.78.177
ASNHetzner Online GmbH
Location United States
Report completed2022-09-09 06:55:11 UTC
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-09-09 2 go.gkrtmc.com/rd.html?go=https%3A%2F%2Fodzrea.speciaidates.com%2Fc%2F1e3a4e (...) Phishing
2022-09-09 2 odzrea.speciaidates.com/js/pushjs/1.0.0/subscriber.js Phishing
2022-09-09 2 odzrea.speciaidates.com/js/pushjs/1.0.0/utils.js Phishing
2022-09-09 2 odzrea.speciaidates.com/js/service-worker.js Phishing
mnemonic secure dns  No alerts detected
Quad9 DNS  No alerts detected


Files

No files detected



Passive DNS (29)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS sapo.trffcsource.com (1) 97493 2021-09-13 15:04:31 UTC 2022-09-09 04:08:03 UTC 51.83.143.92
mnemonic passive DNS track.vxctr.com (1) 505034 2021-12-02 14:44:47 UTC 2022-09-09 06:38:01 UTC 18.195.174.160
mnemonic passive DNS fonts.googleapis.com (1) 8877 2014-07-21 13:19:55 UTC 2022-09-09 00:43:48 UTC 142.250.74.10
mnemonic passive DNS c.mybestclick.net (1) 103231 2018-10-18 14:06:05 UTC 2022-09-06 12:39:54 UTC 192.241.144.203
mnemonic passive DNS www.endorico.com (1) 0 2022-02-05 05:06:44 UTC 2022-09-06 19:11:10 UTC 195.160.203.18 Unknown ranking
mnemonic passive DNS go.gkrtmc.com (4) 0 2022-01-24 12:45:18 UTC 2022-09-08 21:46:30 UTC 172.255.248.105 Unknown ranking
mnemonic passive DNS ocsp.pki.goog (6) 175 2017-06-14 07:23:31 UTC 2022-09-08 04:58:43 UTC 142.250.74.3
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-09-09 04:47:11 UTC 143.204.55.110
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-09-08 04:58:06 UTC 34.117.237.239
mnemonic passive DNS eu.pushnow.net (1) 0 2022-03-23 00:35:15 UTC 2022-09-08 15:29:14 UTC 38.100.129.67 Unknown ranking
mnemonic passive DNS ocsp.sectigo.com (2) 487 2018-12-17 11:31:55 UTC 2022-09-09 00:39:44 UTC 104.18.32.68
mnemonic passive DNS xml-eu.mediaxchange.co (1) 0 2022-06-20 05:28:13 UTC 2022-09-06 20:12:45 UTC 77.245.57.64 Domain (mediaxchange.co) ranked at: 76579
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-09-09 05:37:59 UTC 143.204.55.36
mnemonic passive DNS redir.findthewind.xyz (1) 0 2022-08-11 09:16:56 UTC 2022-09-09 04:08:05 UTC 198.211.113.186 Unknown ranking
mnemonic passive DNS ocsp.sca1b.amazontrust.com (1) 1015 2017-03-03 15:20:51 UTC 2019-03-27 04:05:54 UTC 143.204.42.158
mnemonic passive DNS omgtds.com (1) 255060 2021-05-25 17:34:53 UTC 2022-09-09 00:17:37 UTC 185.162.87.41
mnemonic passive DNS 8.us.findthewnd.xyz (1) 0 2022-08-03 12:58:01 UTC 2022-09-09 04:08:04 UTC 23.235.251.114 Unknown ranking
mnemonic passive DNS r.goaffmy.com (2) 175104 2017-10-06 14:26:29 UTC 2022-09-09 05:31:43 UTC 34.90.46.36
mnemonic passive DNS odzrea.speciaidates.com (4) 0 2022-06-06 15:56:46 UTC 2022-09-08 13:35:13 UTC 52.19.101.114 Unknown ranking
mnemonic passive DNS r3.o.lencr.org (11) 344 2020-12-02 08:52:13 UTC 2022-09-09 04:40:05 UTC 23.36.77.32
mnemonic passive DNS cdn-dimi.akamaized.net (41) 0 2022-07-07 13:18:25 UTC 2022-09-08 21:54:43 UTC 184.31.15.67 Domain (akamaized.net) ranked at: 280
mnemonic passive DNS fonts.gstatic.com (1) 0 2014-08-29 13:43:22 UTC 2022-09-09 04:41:01 UTC 142.250.74.163 Domain (gstatic.com) ranked at: 540
mnemonic passive DNS pdxx-7fmavzpxk2xlm-4-2.lowsea.fun (1) 0 2022-08-21 08:58:43 UTC 2022-09-09 06:16:27 UTC 5.161.78.177 Unknown ranking
mnemonic passive DNS loncha.trffcsource.com (1) 0 2021-09-13 15:04:31 UTC 2022-09-08 16:00:33 UTC 51.83.143.92 Domain (trffcsource.com) ranked at: 75319
mnemonic passive DNS ocsp.digicert.com (1) 86 2012-05-21 07:02:23 UTC 2022-09-09 06:05:00 UTC 93.184.220.29
mnemonic passive DNS push.services.mozilla.com (1) 2140 2015-09-03 10:29:36 UTC 2022-09-09 04:43:53 UTC 34.212.166.60
mnemonic passive DNS img-getpocket.cdn.mozilla.net (6) 1631 2017-09-01 03:40:57 UTC 2022-09-09 04:40:33 UTC 34.120.237.76
mnemonic passive DNS fancycrab.net (2) 0 2022-07-26 11:44:37 UTC 2022-09-08 22:27:55 UTC 168.119.67.99 Unknown ranking
mnemonic passive DNS dates-for-flirt.com (1) 0 2022-07-04 02:34:46 UTC 2022-09-08 22:22:25 UTC 35.156.235.222 Unknown ranking


Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 5.161.78.177

Date UQ / IDS / BL URL IP
2022-11-28 03:54:56 +0000
0 - 0 - 4 pdxx-7fmavzpxk2xlm-4-2.lowsea.fun/emw/v1/dt?s (...) 5.161.78.177
2022-11-26 07:57:12 +0000
0 - 0 - 4 pdxx-7fmavzpxk2xlm-4-2.lowsea.fun/emw/v1/dt?s (...) 5.161.78.177
2022-11-25 00:57:05 +0000
0 - 0 - 4 pdxx-7fmavzpxk2xlm-4-2.lowsea.fun/emw/v1/dt?s (...) 5.161.78.177
2022-11-24 18:56:04 +0000
0 - 0 - 5 pdxx-7fmavzpxk2xlm-4-2.lowsea.fun/emw/v1/dt?s (...) 5.161.78.177
2022-11-22 20:21:18 +0000
0 - 0 - 5 pdxx-7fmavzpxk2xlm-4-2.lowsea.fun/emw/v1/dt?s (...) 5.161.78.177

Last 5 reports on ASN: Hetzner Online GmbH

Date UQ / IDS / BL URL IP
2022-11-28 16:06:00 +0000
0 - 0 - 1 vrify-1dent1ty.com 5.161.116.42
2022-11-28 03:54:56 +0000
0 - 0 - 4 pdxx-7fmavzpxk2xlm-4-2.lowsea.fun/emw/v1/dt?s (...) 5.161.78.177
2022-11-26 09:42:19 +0000
0 - 0 - 1 urbanskiiinsurance.com/ 5.161.133.189
2022-11-26 07:57:12 +0000
0 - 0 - 4 pdxx-7fmavzpxk2xlm-4-2.lowsea.fun/emw/v1/dt?s (...) 5.161.78.177
2022-11-25 00:57:05 +0000
0 - 0 - 4 pdxx-7fmavzpxk2xlm-4-2.lowsea.fun/emw/v1/dt?s (...) 5.161.78.177

Last 5 reports on domain: lowsea.fun

Date UQ / IDS / BL URL IP
2022-11-28 03:54:56 +0000
0 - 0 - 4 pdxx-7fmavzpxk2xlm-4-2.lowsea.fun/emw/v1/dt?s (...) 5.161.78.177
2022-11-26 07:57:12 +0000
0 - 0 - 4 pdxx-7fmavzpxk2xlm-4-2.lowsea.fun/emw/v1/dt?s (...) 5.161.78.177
2022-11-25 00:57:05 +0000
0 - 0 - 4 pdxx-7fmavzpxk2xlm-4-2.lowsea.fun/emw/v1/dt?s (...) 5.161.78.177
2022-11-24 18:56:04 +0000
0 - 0 - 5 pdxx-7fmavzpxk2xlm-4-2.lowsea.fun/emw/v1/dt?s (...) 5.161.78.177
2022-11-22 20:21:18 +0000
0 - 0 - 5 pdxx-7fmavzpxk2xlm-4-2.lowsea.fun/emw/v1/dt?s (...) 5.161.78.177

Last 5 reports with similar screenshot

Date UQ / IDS / BL URL IP
2022-11-12 20:46:40 +0000
0 - 0 - 3 true.loveandsex.biz/click?affid=12625&offerid (...) 172.67.192.35
2022-11-09 09:04:37 +0000
0 - 0 - 1 a.vfgtg.com/ccdef8a3-26db-481e-bf27-b568f737488e 18.192.108.151
2022-10-11 04:22:02 +0000
0 - 0 - 2 lavavq.amazlngdate.com/c/1e3a4e532f1c7040?s1= (...) 52.19.101.114
2022-10-09 13:32:27 +0000
0 - 0 - 2 lavavq.amazlngdate.com/c/1e3a4e532f1c7040?s1= (...) 52.19.101.114
2022-10-07 18:37:35 +0000
0 - 0 - 2 argbq.lncredlbiedate.com/c/da57dc555e50572d?c (...) 52.19.101.114


JavaScript

Executed Scripts (21)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (99)


Request Response
                                        
                                            GET /emw/v1/dt?sid=8.android.webview-android.&k=bfb&url=sapo.trffcsource.com&xrw=&lid=631ae33673198816e01294a8 HTTP/1.1 
Host: pdxx-7fmavzpxk2xlm-4-2.lowsea.fun
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         5.161.78.177
HTTP/1.1 307 Temporary Redirect
Content-Type: text/html
                                        
Date: Fri, 09 Sep 2022 06:55:00 GMT
Content-Length: 164
Connection: keep-alive
Keep-Alive: timeout=10
Set-Cookie: emwxcid_4_1=9Ocr93aikRlIa4UOGN3DHDLZ6og6Hi6E1sQJ4OQsErz2ELeajh; expires=Sat, Sep 09 2023 06:55:00 GMT; Max-Age=31536000; path=/; domain=lowsea.fun; SameSite=Lax
Location: https://loncha.trffcsource.com/e.php?p=c:7omnig4vv01k_f6ui&d=6213b4b0ff85982fd6331e4b&s=8.android.webview-android.


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   164
Md5:    813f9846b49c0ada805648edf1b2fdbd
Sha1:   caa24890460f73e6a72bb49426351e67e83b053d
Sha256: 8f03491247cbfa8a2e60e0f7ec62d63b5070659f60383a1c81abeb2b20221be3
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "4B09E1D2B887DED061E4EC5F82EC70CE699EEED428ACC6B4FD3EF10ED9233C89"
Last-Modified: Thu, 08 Sep 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9928
Expires: Fri, 09 Sep 2022 09:40:28 GMT
Date: Fri, 09 Sep 2022 06:55:00 GMT
Connection: keep-alive

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.36
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Alert, Content-Length, Content-Type, Backoff
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Fri, 09 Sep 2022 05:58:08 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 dac7cf040932e0c072eeed10afdd7b3e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: _0PWlL5hGQE-0s1eRABViOQYqjxOKnoqGCaolfxBHXn2YtUARSWxBQ==
Age: 3412


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    b593eb39329cfe060d55be5e4a5405e2
Sha1:   78e46c1028e9f94f8569303ad2d90d7df13a059a
Sha256: 08a810103557efe55ca4425ff0cf82593f1f54633df899127eaec9bee05d4d04
                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.110
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Fri, 09 Sep 2022 03:46:35 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 8ddb6d7670d8c5a85c04a10525a71b90.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: kJzYTgfXp7BWas1m_dspfOhnP10EcLA_SNNZj1ij2CNe_d82vb4rLg==
age: 11306
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    742edb4038f38bc533514982f3d2e861
Sha1:   cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
Sha256: b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "D62032E46C2514A5B34EE43ADDAF461D231DE5BC7119BE7E9FADDA348F824AD2"
Last-Modified: Wed, 07 Sep 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2424
Expires: Fri, 09 Sep 2022 07:35:24 GMT
Date: Fri, 09 Sep 2022 06:55:00 GMT
Connection: keep-alive

                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Fri, 09 Sep 2022 06:55:00 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /e.php?p=c:7omnig4vv01k_f6ui&d=6213b4b0ff85982fd6331e4b&s=8.android.webview-android. HTTP/1.1 
Host: loncha.trffcsource.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                         
                                         51.83.143.92
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Fri, 09 Sep 2022 06:55:00 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Round: 12cca187zq
Raund: 2gu
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document, ASCII text, with no line terminators
Size:   193
Md5:    df1b1d440bfa1cd26569086ee0b92551
Sha1:   936ce9d7a247421a573410dbfc5db225ddb04a0f
Sha256: 7a7a3a968d21450c99c0ab9ca1196ad8a63ab5151052ed7ebe270ec1f53da5c0
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.36
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Fri, 09 Sep 2022 05:56:07 GMT
Cache-Control: max-age=3600
Expires: Fri, 09 Sep 2022 06:26:02 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 057fdebf738f5915bf38a78949190758.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: WU5ncfAMppNibkJxZfP6fRk71Pg8r74OMbcfNy-9ixi2bbdxPv_E9g==
Age: 3533


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            GET /v.php?p=c:ta9_53qhga_krzx5f&d=62fb8110fa240e28771bb35b&s=8.android.webview-android.&pid=631ae3447df42426cc51e085 HTTP/1.1 
Host: sapo.trffcsource.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site

                                         
                                         51.83.143.92
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Fri, 09 Sep 2022 06:55:00 GMT
Content-Length: 0
Connection: keep-alive
Round: 11yr45wnwa
Raund: 10uu72ypsp-10vor7qos4-1qr
Location: https://8.us.findthewnd.xyz/feed/?link=true&tid=8&subid=8.no&ref=&s1=631ae344c3336d24242ff89e

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5947
Cache-Control: 'max-age=158059'
Date: Fri, 09 Sep 2022 06:55:01 GMT
Last-Modified: Fri, 09 Sep 2022 05:15:54 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "E1BFD68D5AD5ACF33C84A4B33FCEBC784B4E7CDC5E51585FD944010E85892AF2"
Last-Modified: Wed, 07 Sep 2022 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Fri, 09 Sep 2022 12:55:01 GMT
Date: Fri, 09 Sep 2022 06:55:01 GMT
Connection: keep-alive

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: PQhBe7yVHvzGNNb2lRuroQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         34.212.166.60
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: AVg7bm7vvyJ83WEJ3LJ59MAqOmc=

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "48B4321F3BDA8FD67C5BC75F98B0DFE6DF2BFDA8DCF5E708AECD47270AE03217"
Last-Modified: Wed, 07 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4605
Expires: Fri, 09 Sep 2022 08:11:47 GMT
Date: Fri, 09 Sep 2022 06:55:02 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "48B4321F3BDA8FD67C5BC75F98B0DFE6DF2BFDA8DCF5E708AECD47270AE03217"
Last-Modified: Wed, 07 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4605
Expires: Fri, 09 Sep 2022 08:11:47 GMT
Date: Fri, 09 Sep 2022 06:55:02 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F93fb3e60-781f-438a-8602-d6632160df67.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4014
x-amzn-requestid: 28c3042e-24ab-44c5-b838-f8d1c0c5955e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YIqqKEyUIAMFbgA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6319be40-3a9997121c9585884eecf245;Sampled=0
x-amzn-remapped-date: Thu, 08 Sep 2022 10:04:48 GMT
x-amz-cf-pop: SFO5-C3, SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: 6n0-pAX6Wp1YJQ75dJgPhJ-HEHNIcl38MZ1eiKHuyDxnvWRYvXiLpA==
via: 1.1 2ac6b2644462a8466362b046856a127e.cloudfront.net (CloudFront), 1.1 ca66331b52971370c4e54619e8a952cc.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Sep 2022 21:49:26 GMT
age: 41721
etag: "b50cbeafea3f65610cff83f3946c2452fa70e191"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4014
Md5:    90fc2601a0ca4581ebc880dd11408bda
Sha1:   b50cbeafea3f65610cff83f3946c2452fa70e191
Sha256: 6f72acb93226b6772a6afb6893d95379a448cda4a3e86f8a88e7f05526c1eea4
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6c7c5434-1873-4130-a7ce-78209ce54bf0.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10950
x-amzn-requestid: 435fc2f4-fbcb-4eec-81d8-a23154dcec61
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YFUwZEfvIAMFjCQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63186802-2348a4000430702d4e9ea132;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 09:44:34 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ORlM8dFTc_iThvJghFakY86D3ToJ5TCmP8Ip2PcvXCCkSKKHpWQ0Zw==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Sep 2022 22:04:02 GMT
age: 31860
etag: "f930fcb22325e28592bc39b0b1974f5197c19afd"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10950
Md5:    15249f3dafdd1690bc87ebb4fa6d518d
Sha1:   f930fcb22325e28592bc39b0b1974f5197c19afd
Sha256: a0b9e88c78e85a037363e0b0e4e03478718f8715fe69e72bfd159922eca28301
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe94f950b-af66-4803-868a-b00031195100.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7646
x-amzn-requestid: 1f48393e-8665-4591-a2a6-07953a68bb16
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YEaGTGwdIAMF47A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63180a28-1116d4bf11e2133503ac1429;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 03:04:08 GMT
x-amz-cf-pop: SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: S1y8if_u-ZqeKT0Wx9eyOaKNOmhcaydzfxwQeBQ-hArLtQG6ckJ8EQ==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 f7283f3fe2c258cf54f8b7d3dd272e0e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Sep 2022 03:38:26 GMT
age: 11796
etag: "08b4d519a099b04a9f1515377d02e51575f3321f"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7646
Md5:    b7d3752fb9bfaa323218e5a7b93aa5c6
Sha1:   08b4d519a099b04a9f1515377d02e51575f3321f
Sha256: fa33f2240aea7395b0be62683743523beb1f0f11cb390f4d532e3474610a812c
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F134e6c5d-5cc9-4c6a-9a5c-5703f2809918.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4776
x-amzn-requestid: 49312697-395a-4058-8899-0203e69bf26b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YDU5jHA_IAMFhkw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63179b70-7b17771e456072e87327ff23;Sampled=0
x-amzn-remapped-date: Tue, 06 Sep 2022 19:11:44 GMT
x-amz-cf-pop: SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: -cYK4EezC3z14SwCy_1oIM5MuqfBtoiQAErl-h4t7sT1vajRvoBX1A==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 d8d9c12d1a621129f4bc739038e7c72e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Sep 2022 22:06:24 GMT
age: 31718
etag: "b868b62d5f2bc802c565d35ea59e200aaf6ab986"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4776
Md5:    ee9340025af774eed83fa3ae0ebb4b65
Sha1:   b868b62d5f2bc802c565d35ea59e200aaf6ab986
Sha256: 729127258be88fe97e4c777b08ba709900028c41a052b6868cab515e545e8c56
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc935f3d1-f1ad-4753-8e03-988c366f974f.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7787
x-amzn-requestid: 3dba260f-c87d-40ac-b840-ec3ce2f315d5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YKRjNF5RIAMFncA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631a62e1-5e73894d42ccca495868d250;Sampled=0
x-amzn-remapped-date: Thu, 08 Sep 2022 21:47:13 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: zrQLwxeZFERUfVE9TRzCEiDp1VX--enE-R7_gjebT-8VyW4lkDVstg==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 79880188a81becf1687ba18c0e064230.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Sep 2022 21:57:04 GMT
age: 32278
etag: "69582548ae31d56ebd4a140e000ae6ab1a6a399b"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7787
Md5:    356d258ee8fe7dd3a49d6e910ad4e6d1
Sha1:   69582548ae31d56ebd4a140e000ae6ab1a6a399b
Sha256: 32394386d1762e03f6ee1cbc5c6ed40a0a745745da646d8879fc8b59a089b887
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F498f96cc-d02c-4ca3-a7e2-0be324253465.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 3125
x-amzn-requestid: 5820e798-6469-40f9-8d70-ee71f1a163b9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YLM5GGQAoAMF8eQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631ac1d3-3a0e9db848ea7ab145f1cffa;Sampled=0
x-amzn-remapped-date: Fri, 09 Sep 2022 04:32:19 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: eZaKpjBYe3Qn7vs3zF52Cxob-xu3LMFs8esQAu6Lp6bzM0aOEHoXVg==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 1352c0a623ff0601dd16439f3f225f70.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Sep 2022 04:32:20 GMT
etag: "113393e0dbabb3aff949d19ab6517ba1082b622d"
age: 8562
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   3125
Md5:    0078c7a407144a1ede33aef6f734eecf
Sha1:   113393e0dbabb3aff949d19ab6517ba1082b622d
Sha256: 42afcaf15e45dfa9aff14f59f69d60a3de127005e35783d2d35a4cfa652b57b3
                                        
                                            GET /feed/?link=true&tid=8&subid=8.no&ref=&s1=631ae344c3336d24242ff89e HTTP/1.1 
Host: 8.us.findthewnd.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         23.235.251.114
HTTP/1.1 301 Moved Permanently
                                        
Cache-Control: no-cache
Location: https://redir.findthewind.xyz/feed/click/?t1=128&tid=8&uid=3&subid=8.no&id=6dd15d5e27ed24e4996ef5a0e7afcb49:e687131599ce41146db833f2e2d2ac0bd18358c6dab1c3ad6974b20941a8af28e475e870f92a7ae7caff95fc8cde8c419ae310276e84a9bcb733c84a3eb7b7a043444ac5d2269634af314d24dd2c3002389d07b0a0cfdf316751e1c83decea30ccab1550c048ea26195cb32adf81f3d2d770638dfb845e5a75feae537529be1a0cac92e91d480e262ba2bed0efae401217ec1363a4b153f34c1ccaffdfef029ece40ebccfcfdde45e71c9587f590f4be66568b82fe46db5fe9068abf2a46eefb4703086022fd716c90dbaad26e4e73ce424df1e69b8a279ee3ce033f3ccd1ae27e1930e1c2ca54e7149b5d2196819576b72d3d871290fb741ac05c07814deb16418a15662b958b0c5e01a3ead44db5b015fb8f45e02cd90c2a1f36eca45754ecf398d9a962491dd11939ffcdda19025f3281517ab098ed920fff6d61fe6370c4a0ee938b64950208fcc25c5226c1bf98f7a0ef3515cc094bd46bd3a74d5da4c63c2a3be0f755f22216fdd579cceb77e32ffbf91c262b9099f4b5e6b7ffa35b979dcddb264d0fa13b53b6ea59e50b24c4e24517f141ebb02fc1c43bbd8ece43665b1ca4f5f5ec93adcff719088cd0423bba5dc6d136ccbffcdc79e98c9ad25a723dda1951560516d6a3dab5e216e8de97f317f4c5ee2054a07eade5dbb282263ce29fb3f12b75940d61b0364dc80c999d6a9c413f63dd6b41d69fd883cd03ca8b2de8ce567ead5471bbcd300d5841c23be1e998ce545d22d1d0ee0abb2e3f2f68492008b9af9f14e466559df602da583cc0f8e03d21728567ffc47044916b3d8dcb1be9940e2867cb2c63e2ba85f256251b24ea58c20f5bc032802f0b84c0052dce4d0e93c51f0447d71afb849b0dfef43ad03385dafa91771a55292283b786d2c7ed5c94122ac66d9175d9346fda8f9fa2d9b055ef6d576bbf1c68f5cfe3da30d71d776ca967858d7ae8fbe7fbb0fc4e2e31182a7f2eb67e70e70e32ac300b040d7c95e875aae61fba05af88566e7ffbe773c1e947303aa882db6b652181c47edbe88d2d7effcaf19566aa715ebad59e206a16a874466c8b4567635c8f484ce2e8f929814909122c8fec7aeafa5b0997dca9dab19602d1b7e14c58f2929d30217e3ef640ac27b6d2dd98bb1eac39797dc5fcc660675558c8d57b75b41e76823e5b837bdd10d9c4ca5bc5bcc3f1de6c774f0527877408967669e7453447486989ee50a273da11a92dc24d5fd7e9f0259ecb29498b4a52e7e1493661ab363cffa84c0e6238e8ec03f224fe4a383f554737cac3ce24b02ca6bf39ca805c5d4e0277849df2205241c9124ad37876d2609b94f1a1c19a08718fdce453afa3b370ffa2&s1=631ae344c3336d24242ff89e
Date: Fri, 09 Sep 2022 06:55:02 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Transfer-Encoding: chunked

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "7019270FCCE4C6A74694F7C05E98EA33336BE8FC54EB97F5931647EB25C5CDAD"
Last-Modified: Wed, 07 Sep 2022 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11529
Expires: Fri, 09 Sep 2022 10:07:11 GMT
Date: Fri, 09 Sep 2022 06:55:02 GMT
Connection: keep-alive

                                        
                                            GET /feed/click/?t1=128&tid=8&uid=3&subid=8.no&id=6dd15d5e27ed24e4996ef5a0e7afcb49:e687131599ce41146db833f2e2d2ac0bd18358c6dab1c3ad6974b20941a8af28e475e870f92a7ae7caff95fc8cde8c419ae310276e84a9bcb733c84a3eb7b7a043444ac5d2269634af314d24dd2c3002389d07b0a0cfdf316751e1c83decea30ccab1550c048ea26195cb32adf81f3d2d770638dfb845e5a75feae537529be1a0cac92e91d480e262ba2bed0efae401217ec1363a4b153f34c1ccaffdfef029ece40ebccfcfdde45e71c9587f590f4be66568b82fe46db5fe9068abf2a46eefb4703086022fd716c90dbaad26e4e73ce424df1e69b8a279ee3ce033f3ccd1ae27e1930e1c2ca54e7149b5d2196819576b72d3d871290fb741ac05c07814deb16418a15662b958b0c5e01a3ead44db5b015fb8f45e02cd90c2a1f36eca45754ecf398d9a962491dd11939ffcdda19025f3281517ab098ed920fff6d61fe6370c4a0ee938b64950208fcc25c5226c1bf98f7a0ef3515cc094bd46bd3a74d5da4c63c2a3be0f755f22216fdd579cceb77e32ffbf91c262b9099f4b5e6b7ffa35b979dcddb264d0fa13b53b6ea59e50b24c4e24517f141ebb02fc1c43bbd8ece43665b1ca4f5f5ec93adcff719088cd0423bba5dc6d136ccbffcdc79e98c9ad25a723dda1951560516d6a3dab5e216e8de97f317f4c5ee2054a07eade5dbb282263ce29fb3f12b75940d61b0364dc80c999d6a9c413f63dd6b41d69fd883cd03ca8b2de8ce567ead5471bbcd300d5841c23be1e998ce545d22d1d0ee0abb2e3f2f68492008b9af9f14e466559df602da583cc0f8e03d21728567ffc47044916b3d8dcb1be9940e2867cb2c63e2ba85f256251b24ea58c20f5bc032802f0b84c0052dce4d0e93c51f0447d71afb849b0dfef43ad03385dafa91771a55292283b786d2c7ed5c94122ac66d9175d9346fda8f9fa2d9b055ef6d576bbf1c68f5cfe3da30d71d776ca967858d7ae8fbe7fbb0fc4e2e31182a7f2eb67e70e70e32ac300b040d7c95e875aae61fba05af88566e7ffbe773c1e947303aa882db6b652181c47edbe88d2d7effcaf19566aa715ebad59e206a16a874466c8b4567635c8f484ce2e8f929814909122c8fec7aeafa5b0997dca9dab19602d1b7e14c58f2929d30217e3ef640ac27b6d2dd98bb1eac39797dc5fcc660675558c8d57b75b41e76823e5b837bdd10d9c4ca5bc5bcc3f1de6c774f0527877408967669e7453447486989ee50a273da11a92dc24d5fd7e9f0259ecb29498b4a52e7e1493661ab363cffa84c0e6238e8ec03f224fe4a383f554737cac3ce24b02ca6bf39ca805c5d4e0277849df2205241c9124ad37876d2609b94f1a1c19a08718fdce453afa3b370ffa2&s1=631ae344c3336d24242ff89e HTTP/1.1 
Host: redir.findthewind.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         198.211.113.186
HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
                                        
X-Powered-By: Express
Surrogate-Control: no-store
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate
Pragma: no-cache
Expires: 0
Location: https://c.mybestclick.net/feed/click/?t1=128&tid=3115&uid=4465&subid=8_8.no&id=e67545a801fbff52e8650d0cbf37cbe9:c43acdc40a2fce6c56c820dcfd17f4adfec0b23bc75966fb471302570a753f1310d6f5537032f4f56f7c6e17a6e8dd4f769af3272e8658f003c60e8c502888e52672ee2e4c872757ab511a4a7ef28abd52b7f9b364ed4020e6cd4daaa9faab38b12024e91c336f27d612a513b5b4b1c6c9571f4387b63d0f9273243c99170b959b02be671fe1c9f4fbdd9e5ee4f2867b2ffa23411f1ec824a282e98a9f553176f244736d98dda0501bfa8a4a141eadf48c499b39a70c12a2de371496e4600227198b14c266e164c75c7a6b4e9679152c44453a0819192b345d8f90da75880de18145f4d8a380352c83f76f11e4f1d062243d1e9e6094b48254f2033ea724f0557edf51a45b02beded5acd4e997259593c9bd93c0e3e0b3bed3167ece9b7ba9ac2a3aee462abf22e3456104871fa36b93830a16743d629d3d76a9a77174981054
Vary: Accept
Content-Length: 1580
Date: Fri, 09 Sep 2022 06:55:02 GMT
Connection: keep-alive
Keep-Alive: timeout=5


--- Additional Info ---
Magic:  HTML document, ASCII text, with very long lines (1580), with no line terminators
Size:   1580
Md5:    11cb8e4230f7f738853f7f5eb2e038ec
Sha1:   e5f57ed3179081918a3411442281fcb9f28c8463
Sha256: 9fb5ac7817373bfb7e164b17e115acd260966624bbae68dc616ae935b53a9f7c
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "1417D3D445F3D8A33BB0E67446DFE8E90E173A72B02D55E221886E244D9118E1"
Last-Modified: Thu, 08 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14463
Expires: Fri, 09 Sep 2022 10:56:06 GMT
Date: Fri, 09 Sep 2022 06:55:03 GMT
Connection: keep-alive

                                        
                                            GET /feed/click/?t1=128&tid=3115&uid=4465&subid=8_8.no&id=e67545a801fbff52e8650d0cbf37cbe9:c43acdc40a2fce6c56c820dcfd17f4adfec0b23bc75966fb471302570a753f1310d6f5537032f4f56f7c6e17a6e8dd4f769af3272e8658f003c60e8c502888e52672ee2e4c872757ab511a4a7ef28abd52b7f9b364ed4020e6cd4daaa9faab38b12024e91c336f27d612a513b5b4b1c6c9571f4387b63d0f9273243c99170b959b02be671fe1c9f4fbdd9e5ee4f2867b2ffa23411f1ec824a282e98a9f553176f244736d98dda0501bfa8a4a141eadf48c499b39a70c12a2de371496e4600227198b14c266e164c75c7a6b4e9679152c44453a0819192b345d8f90da75880de18145f4d8a380352c83f76f11e4f1d062243d1e9e6094b48254f2033ea724f0557edf51a45b02beded5acd4e997259593c9bd93c0e3e0b3bed3167ece9b7ba9ac2a3aee462abf22e3456104871fa36b93830a16743d629d3d76a9a77174981054 HTTP/1.1 
Host: c.mybestclick.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         192.241.144.203
HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
                                        
X-Powered-By: Express
Surrogate-Control: no-store
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate
Pragma: no-cache
Expires: 0
Location: https://eu.pushnow.net/postback/click?key=v2-1662706501593-4-5479-1170242-ef5a6c07-19e6-6e00-b629-7752209827f8
Vary: Accept
Content-Length: 264
Date: Fri, 09 Sep 2022 06:55:03 GMT
Connection: keep-alive
Keep-Alive: timeout=5


--- Additional Info ---
Magic:  HTML document, ASCII text, with no line terminators
Size:   264
Md5:    344bbe9efe29ccb20cee68de5d3902b6
Sha1:   aa2884374eb7eedb096e4634ad39fcbbf9c20d7b
Sha256: 429e3e943366475f6e647944e879933d5c70215fc98aa1264ab89a1922c66b9e
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F9C831E4E7E4B8CBD40265BDC937DB0317ED0E7393C8555FBD4562E44E2822B7"
Last-Modified: Thu, 08 Sep 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4821
Expires: Fri, 09 Sep 2022 08:15:24 GMT
Date: Fri, 09 Sep 2022 06:55:03 GMT
Connection: keep-alive

                                        
                                            GET /postback/click?key=v2-1662706501593-4-5479-1170242-ef5a6c07-19e6-6e00-b629-7752209827f8 HTTP/1.1 
Host: eu.pushnow.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         38.100.129.67
HTTP/2 302 Found
                                        
server: openresty/1.15.8.3
date: Fri, 09 Sep 2022 06:55:03 GMT
content-length: 0
set-cookie: platform_user_id=desktop:7980a459be274bf511db30c901634a36 platform_user_id_3rd_party=desktop:7980a459be274bf511db30c901634a36; SameSite=None; Secure; Max-Age=31556952 platform_user_id_from_ssp=platform:b310886c8cb8215a4fcc6e1349868920 platform_user_id_from_ssp_3rd_party=platform:b310886c8cb8215a4fcc6e1349868920; SameSite=None; Secure; Max-Age=31556952
location: https://fancycrab.net/click?a=BfTt&e=gAAAAABjGuNFlhLti0JZkTi_4TfuMp_BeNxU_7RFVXbuBQPO4W20_n87-7xLBu9WtXwmgbG9q8j_KMRrPPFtjpGL9cc6EA6eDEYBb1Dnk9cm2Yu33XHb2SaoFf_uHaDOG8PAaSxzEMToJN8oH8ID44wuK-BYGKTRkc5FUEb37pAcRfUfUcEk6iAPoyfU0Ou3l1vS5-1-UEPqvVRFBu5JYLd46oX2o7M36AbccvNECSMJu19PGhnjLjG6_PmQXXioklwl1JqV8yAYvHzaTsok6POru1-cnyH554TwSKDgpCeUfKgvEmUChdYcUU2W_YIz3Rq7ZI6KV2CrYf8s7J_2Km92atdJ0unaA8FzvqGnxXGl034hY_FHqBXyLfGqfZz6DdFEvP5OiH1wI9z2TWF7jazsSrSOsBtpmdOWBLFfVFqvHHCewu3uLbVHlZTOCR-HpEmTMHDcwmbb
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 09 Sep 2022 06:55:04 GMT
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 09 Sep 2022 05:21:53 GMT
Expires: Fri, 16 Sep 2022 05:21:52 GMT
Etag: "c92d580a8956a080328076dbc9c4b76c9321e0b8"
Cache-Control: max-age=598607,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 747e0421dda5b4eb-OSL

                                        
                                            GET /sc?a=BfTt&c=fduy2jmWySsMdNV6TXz3mP&e=gAAAAABjGuNIq71COn_KysIebIdJZLEs0zx7XwEfM21gk8bpdZ9WRpQ4qJ9P-SpU3hwKCi7wWM1FkqpfLfUFfvr6-3dlAZjP8xFP3Rn7nG560biHIrVN25Wy0kkJ5z5E4WEoC6ytYLZJezLZ7IRyDUc8fvP1BDjFOaApH7NM89ZX7HeqRTnCs4WuLQx_Ucv5pHP1cOug4pniH6frEjov1nkhJd7TPFtgK0wvGWaIrLXgcjeF6IJX9muwhOrRWJg_4--wV3SxZtfcXHBa_4LBl4VHyyP7N9kh4q6q4EstA1e7qGU2sAgiMJiIPE8R_VEsLHGdB3PVd0eTVo-jZuajMWsmkq_gSCCrnTxlCHVzt8p0ykbLGFYw6DU650tr7v8Apl0cSITULXgfnHY3AlSCgZGuZHbynN-0i05mlpaoobGkBvKcneUqle088uCiCvKe1XC-BUTogf00&f=0 HTTP/1.1 
Host: fancycrab.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fancycrab.net/click?a=BfTt&e=gAAAAABjGuNFlhLti0JZkTi_4TfuMp_BeNxU_7RFVXbuBQPO4W20_n87-7xLBu9WtXwmgbG9q8j_KMRrPPFtjpGL9cc6EA6eDEYBb1Dnk9cm2Yu33XHb2SaoFf_uHaDOG8PAaSxzEMToJN8oH8ID44wuK-BYGKTRkc5FUEb37pAcRfUfUcEk6iAPoyfU0Ou3l1vS5-1-UEPqvVRFBu5JYLd46oX2o7M36AbccvNECSMJu19PGhnjLjG6_PmQXXioklwl1JqV8yAYvHzaTsok6POru1-cnyH554TwSKDgpCeUfKgvEmUChdYcUU2W_YIz3Rq7ZI6KV2CrYf8s7J_2Km92atdJ0unaA8FzvqGnxXGl034hY_FHqBXyLfGqfZz6DdFEvP5OiH1wI9z2TWF7jazsSrSOsBtpmdOWBLFfVFqvHHCewu3uLbVHlZTOCR-HpEmTMHDcwmbb
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         168.119.67.99
HTTP/2 302 Found
content-type: text/html; charset=utf-8
                                        
server: nginx/1.19.1
date: Fri, 09 Sep 2022 06:55:04 GMT
content-length: 75
location: https://xml-eu.mediaxchange.co/click?i=YPg6Bn7ZcBQ_0
strict-transport-security: max-age=15724800; includeSubDomains
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document, ASCII text
Size:   75
Md5:    6b6336c7abd17d29aac3d08f1aea7da9
Sha1:   c43f4d83c25f5acdc33d8da6a7714f5a710a540f
Sha256: 0fe355ccfc16c6f6a89eff4569e58694ec0a94231d901049bba205bd62407be7
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 09 Sep 2022 06:55:04 GMT
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 05 Sep 2022 19:10:37 GMT
Expires: Mon, 12 Sep 2022 19:10:36 GMT
Etag: "d2adcfcbcad420ce3dab978198f49c44b3f1922a"
Cache-Control: max-age=302731,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 747e0425caa5b4eb-OSL

                                        
                                            GET /click?i=YPg6Bn7ZcBQ_0 HTTP/1.1 
Host: xml-eu.mediaxchange.co
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fancycrab.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         77.245.57.64
HTTP/1.1 302 Found
                                        
Server: nginx
Date: Fri, 09 Sep 2022 06:55:04 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Location: https://dates-for-flirt.com/tds/rsl?tdsId=s3677ser_r&tds_campaign=s3677ser&utm_source=arba&utm_campaign=27bc27d8&utm_term=mob_ext_nor_pop&s1=arb&data2=3j9uWzjACeY&s2=0&utm_content=0&p1=422238_&p5=428632&p7=*
Pragma: no-cache

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         143.204.42.158
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Fri, 09 Sep 2022 06:55:04 GMT
Last-Modified: Fri, 09 Sep 2022 05:23:56 GMT
Server: ECS (nyb/1D35)
X-Cache: Miss from cloudfront
Via: 1.1 f66e3db0f0449307dba3fbf72bbf3bac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: zbpgWZQAAEiyVo1FeM_dzwruc5v0i0iRq6kqPLSxM-jTv9atqt6zZg==
Age: 5468

                                        
                                            GET /click?a=BfTt&e=gAAAAABjGuNFlhLti0JZkTi_4TfuMp_BeNxU_7RFVXbuBQPO4W20_n87-7xLBu9WtXwmgbG9q8j_KMRrPPFtjpGL9cc6EA6eDEYBb1Dnk9cm2Yu33XHb2SaoFf_uHaDOG8PAaSxzEMToJN8oH8ID44wuK-BYGKTRkc5FUEb37pAcRfUfUcEk6iAPoyfU0Ou3l1vS5-1-UEPqvVRFBu5JYLd46oX2o7M36AbccvNECSMJu19PGhnjLjG6_PmQXXioklwl1JqV8yAYvHzaTsok6POru1-cnyH554TwSKDgpCeUfKgvEmUChdYcUU2W_YIz3Rq7ZI6KV2CrYf8s7J_2Km92atdJ0unaA8FzvqGnxXGl034hY_FHqBXyLfGqfZz6DdFEvP5OiH1wI9z2TWF7jazsSrSOsBtpmdOWBLFfVFqvHHCewu3uLbVHlZTOCR-HpEmTMHDcwmbb HTTP/1.1 
Host: fancycrab.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         168.119.67.99
HTTP/2 200 OK
content-type: text/html; charset=utf-8
                                        
server: nginx/1.19.1
date: Fri, 09 Sep 2022 06:55:04 GMT
vary: Accept-Encoding
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   1210
Md5:    47394543f62e9d2ce67c0c8a34a7a8c2
Sha1:   9de9eb591fb71599f2615e830efbae49934d2f94
Sha256: 491b9a9572439d5d34f179ac05b5753566135c66705e1a40a658d679d91e54f4
                                        
                                            GET /click?sub1=3681e0961601d8726d3f3651a3c4bba3cffa0bda&pid=3739&offer_id=2606&sub2=b6659ser HTTP/1.1 
Host: r.goaffmy.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fancycrab.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         34.90.46.36
HTTP/2 302 Found
                                        
server: nginx
date: Fri, 09 Sep 2022 06:55:05 GMT
content-length: 0
location: https://omgtds.com/c1/652d1ae4-50ba-4605-902d-143db04df43e?aff=3739&source=b6659ser&externalId=631ae349d663a30001c199dd&sub2=b6659ser&sub3=3739&pp=1
set-cookie: afclick=631ae349d663a30001c199dd; expires=Sat, 09 Sep 2023 06:55:05 GMT; secure; SameSite=None afoffers={"2606":1662706505}; expires=Sat, 09 Sep 2023 06:55:05 GMT; secure; SameSite=None
access-control-allow-origin: *
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "27C748B0FEE090C3D1EF488D45FDA6BE01FC5D9F10E7F71B720A5F99F7897C5F"
Last-Modified: Wed, 07 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18181
Expires: Fri, 09 Sep 2022 11:58:06 GMT
Date: Fri, 09 Sep 2022 06:55:05 GMT
Connection: keep-alive

                                        
                                            GET /c1/652d1ae4-50ba-4605-902d-143db04df43e?aff=3739&source=b6659ser&externalId=631ae349d663a30001c199dd&sub2=b6659ser&sub3=3739&pp=1 HTTP/1.1 
Host: omgtds.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fancycrab.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         185.162.87.41
HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
                                        
Server: nginx/1.22.0
Date: Fri, 09 Sep 2022 06:55:05 GMT
Content-Length: 194
Connection: keep-alive
Location: https://r.goaffmy.com/click?pid=11972&offer_id=3594&sub1=ccde6id1su2qcqe07fjg&sub2=b6659ser&sub3=3739&sub5=631ae349d663a30001c199dd&sub7=&sub8=
Set-Cookie: uid=6UmerNYtp; Path=/; Domain=omgtds.com; Max-Age=86400; HttpOnly
X-Clickid: ccde6id1su2qcqe07fjg


--- Additional Info ---
Magic:  HTML document, ASCII text
Size:   194
Md5:    cdb6afb87f292b4dbd22f7827f5cb558
Sha1:   64a87e9c8f5099f20000b66cec4faa417f0866cf
Sha256: 985c92c2e5ab67174851537362a135820004a43cac5831c462b7ca76d11fae70
                                        
                                            GET /click?pid=11972&offer_id=3594&sub1=ccde6id1su2qcqe07fjg&sub2=b6659ser&sub3=3739&sub5=631ae349d663a30001c199dd&sub7=&sub8= HTTP/1.1 
Host: r.goaffmy.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fancycrab.net/
Connection: keep-alive
Cookie: afclick=631ae349d663a30001c199dd; afoffers={"2606":1662706505}
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         34.90.46.36
HTTP/2 302 Found
                                        
server: nginx
date: Fri, 09 Sep 2022 06:55:05 GMT
content-length: 0
location: https://www.endorico.com/Smartlink/Dating?w=47402&ws=3739_b6659ser&wt=631ae349a59964000135f779
referer:
referrer-policy: no-referrer
set-cookie: afclick=631ae349a59964000135f779; expires=Sat, 09 Sep 2023 06:55:05 GMT; secure; SameSite=None afoffers={"2606":1662706505,"3594":1662706505}; expires=Sat, 09 Sep 2023 06:55:05 GMT; secure; SameSite=None
access-control-allow-origin: *
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "305EE5E49B42E26C7FFD387C8753369D1C532CEE6EC43FBED931F07C2923A20F"
Last-Modified: Thu, 08 Sep 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4741
Expires: Fri, 09 Sep 2022 08:14:06 GMT
Date: Fri, 09 Sep 2022 06:55:05 GMT
Connection: keep-alive

                                        
                                            GET /Smartlink/Dating?w=47402&ws=3739_b6659ser&wt=631ae349a59964000135f779 HTTP/1.1 
Host: www.endorico.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         195.160.203.18
HTTP/2 307 Temporary Redirect
content-type: text/html; charset=UTF-8
                                        
access-control-allow-origin: *
set-cookie: w=47402; expires=Fri, 09-Sep-2022 06:55:05 GMT; Max-Age=0; SameSite=Lax ws=3739_b6659ser; expires=Fri, 09-Sep-2022 06:55:05 GMT; Max-Age=0; SameSite=Lax wt=631ae349a59964000135f779; expires=Fri, 09-Sep-2022 06:55:05 GMT; Max-Age=0; SameSite=Lax sid=%89%DF%A3Ic%95%DA%82%B1%04%E1%BA%8B8%24%02%97%B8%AC%FA4%B1v%A7Iia%3F%A3%91%96%EA; expires=Sun, 11-Sep-2022 08:55:05 GMT; Max-Age=180000; path=/; SameSite=Strict CSRFToken=30492f0df19e7694d18cca10456a06640e3200f43860a74172b656573baf06fc.1662706505; expires=Fri, 09-Sep-2022 07:25:05 GMT; Max-Age=1800; path=/; SameSite=Strict
location: https://track.vxctr.com/6bf88c65-a931-4e34-ae1f-07a6fb81850d?adtv=11136.11104_98d52c_220ff&w=47402&ws=3739_b6659ser&wt=631ae349a59964000135f779
content-encoding: gzip
vary: Accept-Encoding
content-length: 20
date: Fri, 09 Sep 2022 06:55:05 GMT
server: Webserver
X-Firefox-Spdy: h2

                                        
                                            GET /6bf88c65-a931-4e34-ae1f-07a6fb81850d?adtv=11136.11104_98d52c_220ff&w=47402&ws=3739_b6659ser&wt=631ae349a59964000135f779 HTTP/1.1 
Host: track.vxctr.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         18.195.174.160
HTTP/2 302 Found
                                        
server: nginx
date: Fri, 09 Sep 2022 06:55:05 GMT
content-length: 0
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://go.gkrtmc.com/aff_c?offer_id=4898&aff_id=48945&url_id=0&aff_sub5=member-area&source=6bf88c65-a931-4e34-ae1f-07a6fb81850d&click_id=w8o76guoj30rhmti2a5c8a9s
pragma: no-cache
set-cookie: 6bf88c65-a931-4e34-ae1f-07a6fb81850d-v4=riG4IwzyJa9BQV8Va37v-jiJUW5i3LWjEKaUarJdiEs; Max-Age=86400; Expires=Sat, 10-Sep-2022 06:55:05 GMT; Domain=track.vxctr.com; Path=/; Secure; HttpOnly;SameSite=None cc-v4=kc8jVrHr5OkwPdQkLl6WivErZcTt2XyBvu7MMMDSJi0fvoHYXZWkxF3iLU0zKRcJMjhx4IfHv1wDUTc%2BcVWwM4v4uP0y5gx9jzAxLN9o2ruyffBfPvrfyqEctzT2LECtIyp%2FO31v1fDfbifmhHrriw%3D%3D; Max-Age=31536000; Expires=Sat, 09-Sep-2023 06:55:05 GMT; Domain=track.vxctr.com; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2

                                        
                                            GET /aff_c?offer_id=4898&aff_id=48945&url_id=0&aff_sub5=member-area&source=6bf88c65-a931-4e34-ae1f-07a6fb81850d&click_id=w8o76guoj30rhmti2a5c8a9s HTTP/1.1 
Host: go.gkrtmc.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         172.255.248.105
HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
                                        
Server: nginx
Date: Fri, 09 Sep 2022 06:55:06 GMT
Content-Length: 338
Connection: keep-alive
X-DNS-Prefetch-Control: off
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Download-Options: noopen
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Set-Cookie: language=en; Domain=go.gkrtmc.com; Path=/; Expires=Sun, 09 Oct 2022 06:55:06 GMT test=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT
Location: aff_c?offer_id=4177&aff_id=48945&aff_sub5=member-area&source=6bf88c65-a931-4e34-ae1f-07a6fb81850d&click_id=w8o76guoj30rhmti2a5c8a9s
Vary: Accept
Cache-Control: no-store, no-cache


--- Additional Info ---
Magic:  HTML document, ASCII text, with very long lines (338), with no line terminators
Size:   338
Md5:    8c05d516c139642799952a13aadfd602
Sha1:   8de5c37edde663bb473bb0911b4c253b87066f80
Sha256: 2f4775e2384b1fc3d31024679f052b2ad53741e0afab9393a3537c351b230039
                                        
                                            GET /aff_c?offer_id=4177&aff_id=48945&aff_sub5=member-area&source=6bf88c65-a931-4e34-ae1f-07a6fb81850d&click_id=w8o76guoj30rhmti2a5c8a9s HTTP/1.1 
Host: go.gkrtmc.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: language=en
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         172.255.248.105
HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
                                        
Server: nginx
Date: Fri, 09 Sep 2022 06:55:06 GMT
Content-Length: 516
Connection: keep-alive
X-DNS-Prefetch-Control: off
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Download-Options: noopen
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Set-Cookie: language=en; Domain=go.gkrtmc.com; Path=/; Expires=Sun, 09 Oct 2022 06:55:06 GMT test=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT 4177=37_48945_4177_664a484a32e46d24f5175de968741451; Domain=go.gkrtmc.com; Path=/; Expires=Sun, 09 Oct 2022 06:55:06 GMT op_4177=0; Domain=go.gkrtmc.com; Path=/; Expires=Sun, 09 Oct 2022 06:55:06 GMT user_id=ea2214eb-3b54-4ed8-8889-5d8a2ca65dd4_29a9c7f6df1591213dfa041d6dfbcaf2; Domain=go.gkrtmc.com; Path=/; Expires=Wed, 08 Sep 2027 06:55:06 GMT; Secure; SameSite=None
Location: /rd.html?go=https%3A%2F%2Fodzrea.speciaidates.com%2Fc%2F1e3a4e532f1c7040%3Fs1%3D116914%26s2%3D1419167%26s3%3D48945%26s5%3D6bf88c65-a931-4e34-ae1f-07a6fb81850d%26click_id%3D37_48945_4177_664a484a32e46d24f5175de968741451%26j1%3D1%26j8%3D1
Vary: Accept
Cache-Control: no-store, no-cache


--- Additional Info ---
Magic:  HTML document, ASCII text, with very long lines (516), with no line terminators
Size:   516
Md5:    fed8b6e9cb0c3c939c5f25c8d21b8a8b
Sha1:   d9edeaacff696ceffade827c6abf969c1dc1791e
Sha256: e97ece8048b4deeb312707157fb3db61226222fb0678fd069f875381b17a01d8
                                        
                                            GET /rd.html?go=https%3A%2F%2Fodzrea.speciaidates.com%2Fc%2F1e3a4e532f1c7040%3Fs1%3D116914%26s2%3D1419167%26s3%3D48945%26s5%3D6bf88c65-a931-4e34-ae1f-07a6fb81850d%26click_id%3D37_48945_4177_664a484a32e46d24f5175de968741451%26j1%3D1%26j8%3D1 HTTP/1.1 
Host: go.gkrtmc.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: language=en; 4177=37_48945_4177_664a484a32e46d24f5175de968741451; op_4177=0; user_id=ea2214eb-3b54-4ed8-8889-5d8a2ca65dd4_29a9c7f6df1591213dfa041d6dfbcaf2
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         172.255.248.105
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Server: nginx
Date: Fri, 09 Sep 2022 06:55:06 GMT
Last-Modified: Fri, 13 Aug 2021 14:56:49 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"61168831-149"
Cache-Control: no-store, no-cache
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   255
Md5:    997bfcab4e7a51023ff8da026ed4374a
Sha1:   35d15ad133e52c1b9dea0b3696a8719521387a9e
Sha256: 070d804ff334e0de872b9ac4c28c1bc578a043771099d2e9556782974ed560a3

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "E90106F9A1A9255C750C99F0243426F1EB6FCAD564407B8BCAF1C68A64D9151A"
Last-Modified: Wed, 07 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16961
Expires: Fri, 09 Sep 2022 11:37:47 GMT
Date: Fri, 09 Sep 2022 06:55:06 GMT
Connection: keep-alive

                                        
                                            GET /favicon.ico HTTP/1.1 
Host: go.gkrtmc.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.gkrtmc.com/rd.html?go=https%3A%2F%2Fodzrea.speciaidates.com%2Fc%2F1e3a4e532f1c7040%3Fs1%3D116914%26s2%3D1419167%26s3%3D48945%26s5%3D6bf88c65-a931-4e34-ae1f-07a6fb81850d%26click_id%3D37_48945_4177_664a484a32e46d24f5175de968741451%26j1%3D1%26j8%3D1
Cookie: language=en; 4177=37_48945_4177_664a484a32e46d24f5175de968741451; op_4177=0; user_id=ea2214eb-3b54-4ed8-8889-5d8a2ca65dd4_29a9c7f6df1591213dfa041d6dfbcaf2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         172.255.248.105
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Server: nginx
Date: Fri, 09 Sep 2022 06:55:06 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   123
Md5:    c728bf241d9141b8d3100ae5140e09c5
Sha1:   07f0da1bdfadd0354b090781f1e3264ac22b6c39
Sha256: 34f3447a0b669f7c583609861bd783e8940b379cf642df02901cee86233a355a
                                        
                                            GET /landings/273765/1661963103/css/popup.css?1661963104 HTTP/1.1 
Host: cdn-dimi.akamaized.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odzrea.speciaidates.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         184.31.15.67
HTTP/1.1 200 OK
Content-Type: text/css
                                        
x-amz-id-2: 3lCeFG5JS9D6fLoaI1yh7qshsY7JjHVbF1cSbcEflIFnX39k+y78iFlGL+pLKrP4dagsoxTIqKY=
x-amz-request-id: 68MANXCT8WJZXCTQ
Last-Modified: Wed, 31 Aug 2022 16:25:10 GMT
ETag: "e43bad8a7da8b62b8eb981230df1c042"
Accept-Ranges: bytes
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Fri, 09 Sep 2022 06:55:06 GMT
Content-Length: 573
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   573
Md5:    49fd3d42563c4535cbdd6f95c11016d5
Sha1:   40606364ce01c442ba79daa01c4db5f7c8f57020
Sha256: c19c9920be6d3f5d0d09047d20a5ec3ae01bae5008a0e3cc930594ca4520aaf9
                                        
                                            GET /landings/273765/1661963103/css/reviews.css?1661963104 HTTP/1.1 
Host: cdn-dimi.akamaized.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odzrea.speciaidates.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         184.31.15.67
HTTP/1.1 200 OK
Content-Type: text/css
                                        
x-amz-id-2: OSdj6/UssI57z9kjjVILsxPG6xxTauVeEKyqCgmOv495K33+BpX6re/NZsw+4FNeWGe8Hp+DxXY=
x-amz-request-id: 68M59JW4ASW9CG2X
Last-Modified: Wed, 31 Aug 2022 16:25:10 GMT
ETag: "857b2cf98ab42f59d65b12682ec0a0d1"
Accept-Ranges: bytes
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Fri, 09 Sep 2022 06:55:06 GMT
Content-Length: 1203
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"


--- Additional Info ---
Magic:  ASCII text
Size:   1203
Md5:    f8e34736b47fc5b24d5e10cfc4f24278
Sha1:   5c2e559605ea7033492979de5813aab2ba1916c8
Sha256: 4dcf6971507f58e1cc5ee128a2ff8f7f1f94f54b5f78e4de226bc3ea4d51bf83
                                        
                                            GET /landings/273765/1661963103/css/style.css?1661963104 HTTP/1.1 
Host: cdn-dimi.akamaized.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odzrea.speciaidates.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         184.31.15.67
HTTP/1.1 200 OK
Content-Type: text/css
                                        
x-amz-id-2: eCiqEHx9EM3es/A2HUFMTjHYXIT40Hc5AG5hVAQ0IjkosaqySaYZXwDzhOqbyV8Dvd0YXkuLAX8=
x-amz-request-id: 68MBXN12J6MK9E2G
Last-Modified: Wed, 31 Aug 2022 16:25:10 GMT
ETag: "2ba1556e403b195120caeb21662b4cf7"
Accept-Ranges: bytes
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Fri, 09 Sep 2022 06:55:06 GMT
Content-Length: 4973
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"


--- Additional Info ---
Magic:  ASCII text
Size:   4973
Md5:    c6c9d8d7ca52515070991974d6e9eb96
Sha1:   aae622e99af429ae24891b0983b7d3e30d34eb90
Sha256: e10c4ad63549535f264eb585216bf0ee4f08cdfc6e455ef1c3cd7d0424f60817
                                        
                                            GET /landings/273765/1661963103/css/swiper.min.css?1661963104 HTTP/1.1 
Host: cdn-dimi.akamaized.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odzrea.speciaidates.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         184.31.15.67
HTTP/1.1 200 OK
Content-Type: text/css
                                        
x-amz-id-2: EPH3QeqrfBCmLyF+byiCctsdAwrwnBsoWEODB8+s76d1due6xpmqdOqO4KezH7bWZcL375TkTCg=
x-amz-request-id: 68MAXES3T5G6H1AB
Last-Modified: Wed, 31 Aug 2022 16:25:10 GMT
ETag: "4c1cd5a790e39f9f07ce100396606d26"
Accept-Ranges: bytes
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Fri, 09 Sep 2022 06:55:06 GMT
Content-Length: 4127
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"


--- Additional Info ---
Magic:  ASCII text, with very long lines (13419)
Size:   4127
Md5:    c0016dbfebc8868314240b90a2246ee8
Sha1:   15b0f31da3235f8f9f8875fa04d032974215145c
Sha256: 10816d39633fdece78130581374a4845ba52bf11d36cff45959763f6e9613987
                                        
                                            GET /landings/273765/1661963103/js/trls.js?1661963104 HTTP/1.1 
Host: cdn-dimi.akamaized.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odzrea.speciaidates.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         184.31.15.67
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
x-amz-id-2: IzcCDf6uowT8OBo9fLfAe3joWIpq8P4oPEnd1gUkSKfPi8uXORVePA+xzq49jo57ZrLsSVMCdMc=
x-amz-request-id: QQHC2G5VQ07H3QY7
Last-Modified: Wed, 31 Aug 2022 16:25:10 GMT
ETag: "dca4f0b0f022c4c8bf1a754b77d78d58"
Accept-Ranges: bytes
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Fri, 09 Sep 2022 06:55:06 GMT
Content-Length: 12801
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"


--- Additional Info ---
Magic:  Unicode text, UTF-8 text
Size:   12801
Md5:    d86262927ea09f3e261df1719c5b3778
Sha1:   670644bb22041350ea46f31e6051df60f470b834
Sha256: 3657d88d817d44dddc645f1979f76f91aa5d36d540bc4c9be2a5b16e6402213d
                                        
                                            GET /landings/273765/1661963103/js/jquery.min.js?1661963104 HTTP/1.1 
Host: cdn-dimi.akamaized.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odzrea.speciaidates.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         184.31.15.67
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
x-amz-id-2: +Ghla84/kKwAKJe9afMbggfura4Es+kKSB/S6WBoGdjsdPoKcwcATObbFuTmkw3DNLrawhD7MF8=
x-amz-request-id: 68MASNPQ7VSZG90Q
Last-Modified: Wed, 31 Aug 2022 16:25:10 GMT
ETag: "b091a47f6b91e26c93a848092c6f3788"
Accept-Ranges: bytes
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Fri, 09 Sep 2022 06:55:06 GMT
Content-Length: 33315
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"


--- Additional Info ---
Magic:  ASCII text, with very long lines (32038)
Size:   33315
Md5:    f32bc3ff91b7d8e3cee993d93ba616bc
Sha1:   70902bada7722edb4e6be6f90453d6c2c03bbad8
Sha256: fbdef831016761a2ad211333df4d830aae94cc768f440af5546f78677379fc2e
                                        
                                            GET /landings/273765/1661963103/js/main_alt.js?1661963104 HTTP/1.1 
Host: cdn-dimi.akamaized.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odzrea.speciaidates.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         184.31.15.67
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
x-amz-id-2: QWJC5n36lrW/kUZrZ3BbJ78OlV+NOxBcr/IeVLZyGFjf3Zotbh1lMKbGTUQLofU7plGnvRyzPLg=
x-amz-request-id: QQH45JGTW66WX890
Last-Modified: Wed, 31 Aug 2022 16:25:10 GMT
ETag: "949590b2dcd7b3f095730a16debf6842"
Accept-Ranges: bytes
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Fri, 09 Sep 2022 06:55:06 GMT
Content-Length: 6169
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"


--- Additional Info ---
Magic:  ASCII text, with very long lines (332)
Size:   6169
Md5:    699888c7e0d1d6a922ad6a031605e45e
Sha1:   f455bc5c0ee3b386bf54855bc73a34739598eeb5
Sha256: edb4d84f456e601b25bd25e0ff5b3402925aa1fa24bee95573473033fb38e835
                                        
                                            GET /landings/273765/1661963103/js/translates-review.js?1661963104 HTTP/1.1 
Host: cdn-dimi.akamaized.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odzrea.speciaidates.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         184.31.15.67
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
x-amz-id-2: AgEonhPXAFeQThlJqU0efi7R2bnQepfqDpCwGlvExPUi9vOb6rPQxXS/MGKk9igoYwbljKi524E=
x-amz-request-id: QS002G58CSE1DXMZ
Last-Modified: Wed, 31 Aug 2022 16:25:10 GMT
ETag: "09cf03d0a77b07d6c8969b853e74ee80"
Accept-Ranges: bytes
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Fri, 09 Sep 2022 06:55:06 GMT
Content-Length: 16602
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with CRLF line terminators
Size:   16602
Md5:    d708297aefc5b8d49a3bfd335b775806
Sha1:   964ff9e651d4dc26bf81c4d34d9a586e1983ea62
Sha256: 06a439afe49b086cebf4a654afea5b654170953bcef987f7229b6c01071f977d
                                        
                                            GET /landings/273765/1661963103/js/transl-sb.js?1661963104 HTTP/1.1 
Host: cdn-dimi.akamaized.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odzrea.speciaidates.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         184.31.15.67
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
x-amz-id-2: sgz/9d/Bo95vydrNomiiTnSvJuCO04kehdR9dAZiQSfW8O6paJpOan6pgveT70QkBEA59m7wqzo=
x-amz-request-id: QS03WVVP4TC5Q60K
Last-Modified: Wed, 31 Aug 2022 16:25:10 GMT
ETag: "2873c50f584a0ecc0e878c84ca22a67a"
Accept-Ranges: bytes
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Fri, 09 Sep 2022 06:55:06 GMT
Content-Length: 1998
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with CRLF line terminators
Size:   1998
Md5:    1e0d2c655db08220da06f5ceb7222ef8
Sha1:   83232c5ecc575b33d52ae60eb2a0279f993839b9
Sha256: e1be7226ec934304e5ca5b783aaf06b1f3fe497308c46613e2962eaed7e81c3c
                                        
                                            GET /landings/273765/1661963103/js/swiper.min.js?1661963104 HTTP/1.1 
Host: cdn-dimi.akamaized.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odzrea.speciaidates.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         184.31.15.67
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
x-amz-id-2: dWQOXuKYr2rZ2gCbzhcb/BtmzWG5DhIg7mUFGKUyR9aSvjMuD75ZtNi1FzLl0pl9qtDDMzU+bZ0=
x-amz-request-id: QQH02155226JNWDM
Last-Modified: Wed, 31 Aug 2022 16:25:10 GMT
ETag: "70610853eb13bcedd94269762ff7e9fd"
Accept-Ranges: bytes
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Fri, 09 Sep 2022 06:55:06 GMT
Content-Length: 38997
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"


--- Additional Info ---
Magic:  ASCII text, with very long lines (790)
Size:   38997
Md5:    2ba7c48fe2c5ab2343d8666220ef1bd7
Sha1:   cec8c61c7abc2f3fb3405182938963ada4c1eb0e
Sha256: 6a00e257157534430b71a24e695822885ab0ad33b3460ad96519ee7353d75ed9
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 09 Sep 2022 06:55:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /landings/273765/1661963103/images/card-1.png HTTP/1.1 
Host: cdn-dimi.akamaized.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odzrea.speciaidates.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         184.31.15.67
HTTP/1.1 200 OK
Content-Type: image/png
                                        
x-amz-id-2: Siam/huzt9q3/Zlc2S4LhK0LkmSTTP0A74jeV3tu87VxMcstAn/ryCYOZlKOUiPf14+PuBhUTGc=
x-amz-request-id: QS05M0GMYG0XQGJX
Last-Modified: Wed, 31 Aug 2022 16:25:06 GMT
ETag: "4823fb9861645d16f1908a8e8838423d"
Accept-Ranges: bytes
Server: AmazonS3
Content-Length: 8188
Date: Fri, 09 Sep 2022 06:55:06 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"


--- Additional Info ---
Magic:  PNG image data, 184 x 280, 8-bit colormap, non-interlaced\012- data
Size:   8188
Md5:    4823fb9861645d16f1908a8e8838423d
Sha1:   f56396aa2a5ee196b0601bfef435730073f0db8b
Sha256: c90456072060ccc1a91c2b32eb13361457873c533bafc754bce7c29976bb8150
                                        
                                            GET /landings/273765/1661963103/images/card-8.png HTTP/1.1 
Host: cdn-dimi.akamaized.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odzrea.speciaidates.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         184.31.15.67
HTTP/1.1 200 OK
Content-Type: image/png
                                        
x-amz-id-2: /MBH3EVavxCorV0wea4sZ7JyYKw3E6PzQj9ATtbKpmapYsIjM/zfl3YMakbopOadSgfe8hv/KHg=
x-amz-request-id: F9W0BAR8NCNHS2DG
Last-Modified: Wed, 31 Aug 2022 16:25:06 GMT
ETag: "40de263f2f3e4ff12149f2e93a668533"
Accept-Ranges: bytes
Server: AmazonS3
Content-Length: 8400
Date: Fri, 09 Sep 2022 06:55:06 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"


--- Additional Info ---
Magic:  PNG image data, 184 x 280, 8-bit colormap, non-interlaced\012- data
Size:   8400
Md5:    40de263f2f3e4ff12149f2e93a668533
Sha1:   aa4e908ffaf7ed99c52d8af0e46690cf4df8a1d3
Sha256: a5518dda847b7093a2c72b207f3143cc0198f5e4e52c37d74ab32e90c6f29aa5
                                        
                                            GET /landings/273765/1661963103/images/card-6.png HTTP/1.1 
Host: cdn-dimi.akamaized.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odzrea.speciaidates.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         184.31.15.67
HTTP/1.1 200 OK
Content-Type: image/png
                                        
x-amz-id-2: FLxHKYXgiCeDn+NwbCrHiW6dWlK12L7FChJnWhtBLMlDM7eJ5XDJIQgHrkOmP7ckAbt1R+DKNGI=
x-amz-request-id: F9W4A6K5CYQB66W2
Last-Modified: Wed, 31 Aug 2022 16:25:06 GMT
ETag: "efe7dcd66d5ef0c7f85a57e0e453ef94"
Accept-Ranges: bytes
Server: AmazonS3
Content-Length: 9015
Date: Fri, 09 Sep 2022 06:55:06 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"


--- Additional Info ---
Magic:  PNG image data, 184 x 280, 8-bit colormap, non-interlaced\012- data
Size:   9015
Md5:    efe7dcd66d5ef0c7f85a57e0e453ef94
Sha1:   c2dcb1d3c1883a7500cf3956b1a86f3120acef74
Sha256: a1317f032be5cb4cd2141aa0df1446394e2841fc5d76b83c38e3fdca5058bdae
                                        
                                            GET /landings/273765/1661963103/images/heart-2.svg HTTP/1.1 
Host: cdn-dimi.akamaized.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odzrea.speciaidates.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         184.31.15.67
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
x-amz-id-2: SFd/O7/hJOqYybgJZRos62zNMY1hF0QoM67ziiHoHf6SOHB+hAT/2Rlj84Hs/mUMB4Iq/xZqLrE=
x-amz-request-id: PCD5XSPH096MY3TN
Last-Modified: Wed, 31 Aug 2022 16:25:07 GMT
ETag: "98114f47dd620b7ae7c33fd7894c8138"
Accept-Ranges: bytes
Server: AmazonS3
Content-Length: 583
Date: Fri, 09 Sep 2022 06:55:06 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (479)
Size:   583
Md5:    98114f47dd620b7ae7c33fd7894c8138
Sha1:   8b1e6d4d2e1cefdd2a7e658bfcf247d9e3eef5f6
Sha256: 8f24bcc0885cf70237882b379d9069413c6f6a2e684ba1dd1fc3fcd5250b5ca1
                                        
                                            GET /landings/273765/1661963103/images/heart-3.svg HTTP/1.1 
Host: cdn-dimi.akamaized.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odzrea.speciaidates.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         184.31.15.67
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
x-amz-id-2: nSkrLFHZPttIlDuEEdkVRSvCYD1Gc5Ku0lP7BN3qSSHFO02ZbSFtf4LgMnXG3+0f7DH9NNAMtm4=
x-amz-request-id: PCD31JF6DSC632AN
Last-Modified: Wed, 31 Aug 2022 16:25:07 GMT
ETag: "022da77708b2dd876e1bb511d4f3d812"
Accept-Ranges: bytes
Server: AmazonS3
Content-Length: 576
Date: Fri, 09 Sep 2022 06:55:06 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (472)
Size:   576
Md5:    022da77708b2dd876e1bb511d4f3d812
Sha1:   bd991b5567ee72b20b4382c6265afdc650da3eed
Sha256: 41be38d88784fde6eeabe4b448b5a85040742ad7f6ea0299e2ddfd0e2fafdb81
                                        
                                            GET /landings/273765/1661963103/images/card-7.png HTTP/1.1 
Host: cdn-dimi.akamaized.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odzrea.speciaidates.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         184.31.15.67
HTTP/1.1 200 OK
Content-Type: image/png
                                        
x-amz-id-2: vH3CQFZxTNy6B8T0DYMm/0mflzopAT+SPSprqFRQmVzfUSDosPOOqvKygY5seI80CaARYrF353A=
x-amz-request-id: F9W79QMHANYZRE1S
Last-Modified: Wed, 31 Aug 2022 16:25:06 GMT
ETag: "4823fb9861645d16f1908a8e8838423d"
Accept-Ranges: bytes
Server: AmazonS3
Content-Length: 8188
Date: Fri, 09 Sep 2022 06:55:06 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"


--- Additional Info ---
Magic:  PNG image data, 184 x 280, 8-bit colormap, non-interlaced\012- data
Size:   8188
Md5:    4823fb9861645d16f1908a8e8838423d
Sha1:   f56396aa2a5ee196b0601bfef435730073f0db8b
Sha256: c90456072060ccc1a91c2b32eb13361457873c533bafc754bce7c29976bb8150
                                        
                                            GET /landings/273765/1661963103/images/1-eu.jpg HTTP/1.1 
Host: cdn-dimi.akamaized.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odzrea.speciaidates.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         184.31.15.67
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
x-amz-id-2: AmU9UvMqXeQNy3OD8OHR9lPajQj4syfEMt/qMEaLS2pevTHouTccdKNGmjHsmQleugbj3KjUzco=
x-amz-request-id: F9W4P95N21KHJJQ1
Last-Modified: Wed, 31 Aug 2022 16:25:08 GMT
ETag: "6e6d0b84c81d847e24671a711115a781"
Accept-Ranges: bytes
Server: AmazonS3
Content-Length: 4292
Date: Fri, 09 Sep 2022 06:55:06 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 80x80, components 3\012- data
Size:   4292
Md5:    6e6d0b84c81d847e24671a711115a781
Sha1:   20dc2d359e437dc10ceefea4d3c7b5189c2e58d0
Sha256: 515974c9245ead07b3332ca22fa1581622118c75955941452140a602646aa553
                                        
                                            GET /landings/273765/1661963103/images/3-eu.jpg HTTP/1.1 
Host: cdn-dimi.akamaized.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odzrea.speciaidates.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         184.31.15.67
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
x-amz-id-2: LISAMH5328j8jvMpN+HDq03XYqdvF6UqKpB08+Hv4juCMex9BR0kvHwfT8tcfm2Gnh8VypAksMg=
x-amz-request-id: PCDFFTVYWDWEEJ3T
Last-Modified: Wed, 31 Aug 2022 16:25:08 GMT
ETag: "1dc512dcb0850f22cfa72c789578085c"
Accept-Ranges: bytes
Server: AmazonS3
Content-Length: 3946
Date: Fri, 09 Sep 2022 06:55:06 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 80x80, components 3\012- data
Size:   3946
Md5:    1dc512dcb0850f22cfa72c789578085c
Sha1:   933e9c5648e782c9f9a1504d2248f0acb4b9950b
Sha256: 7a27ad3bbf259cc02f80f496c19e6033d958362c1b5075c1957bb502f2666d00
                                        
                                            GET /landings/273765/1661963103/images/heart-1.svg HTTP/1.1 
Host: cdn-dimi.akamaized.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odzrea.speciaidates.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         184.31.15.67
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
x-amz-id-2: oZFKvDEN6SW0dNm/RHNm/hg/TYnt7+Vfchj4M0vPdgi/UQKuE4coL+1pE/AX/9ECY1tTOzKl91g=
x-amz-request-id: PCDBV0644SZ2NYBJ
Last-Modified: Wed, 31 Aug 2022 16:25:07 GMT
ETag: "e5569cccfb34cc29fd00bd1e578b1ab5"
Accept-Ranges: bytes
Server: AmazonS3
Content-Length: 581
Date: Fri, 09 Sep 2022 06:55:06 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (477)
Size:   581
Md5:    e5569cccfb34cc29fd00bd1e578b1ab5
Sha1:   8eda17d718bc597483724134340f544f2fa4e0d7
Sha256: 3cad9aef6aeef409dc6a504e3ff9066bebc4ac33f8b704382b6a2e04bf39607d
                                        
                                            GET /landings/273765/1661963103/images/heart-4.svg HTTP/1.1 
Host: cdn-dimi.akamaized.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odzrea.speciaidates.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         184.31.15.67
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
x-amz-id-2: Q32AklLJFEjKbaweY5InU+uF6V/BZAXHf95Dmz8/zQU+aWdhErVUo6MzoTQOoN8N4aOm39lDwOY=
x-amz-request-id: PCD0ZFX83ZCW0TQH
Last-Modified: Wed, 31 Aug 2022 16:25:07 GMT
ETag: "9724e85af00aac05c81cdc79eb7accde"
Accept-Ranges: bytes
Server: AmazonS3
Content-Length: 582
Date: Fri, 09 Sep 2022 06:55:06 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (478)
Size:   582
Md5:    9724e85af00aac05c81cdc79eb7accde
Sha1:   19ad4a0970a809eee93e8922d5fb79a9e914ab65
Sha256: 89b53afd46dfe41deec4c20b59216b1b94ab09ee9dba714fe915afadc96c9d45
                                        
                                            GET /landings/273765/1661963103/images/unlock.svg HTTP/1.1 
Host: cdn-dimi.akamaized.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odzrea.speciaidates.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         184.31.15.67
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
x-amz-id-2: zwwHfWsNbHhsHUAW/dMhBa3HLznM7uWy+J7SZXXXoouHl9mVR4gHbeM/ZgdxNm+z2RGI0h/QAnQ=
x-amz-request-id: PCDE0Z5HKW8SDQ54
Last-Modified: Wed, 31 Aug 2022 16:25:09 GMT
ETag: "a732e1e06affb4575c050fdb0131e5ca"
Accept-Ranges: bytes
Server: AmazonS3
Content-Length: 2378
Date: Fri, 09 Sep 2022 06:55:06 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (944)
Size:   2378
Md5:    a732e1e06affb4575c050fdb0131e5ca
Sha1:   da4f4f204a4d22c7424274a91520e0ea993c48c7
Sha256: e17f481e5fe197e600ffe6cf53a94a4e49a73b6b817ff560cd92c3dd501d603f
                                        
                                            GET /landings/273765/1661963103/images/4-eu.jpg HTTP/1.1 
Host: cdn-dimi.akamaized.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odzrea.speciaidates.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         184.31.15.67
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
x-amz-id-2: 4ldy75UDgHBjfmYidAluGFWis219CZg0Qla7nNgzPD3N38w2wrtSGvmSQOaK/A+tdx0E7EQVuOE=
x-amz-request-id: F9W40VXBYB5Y7KBP
Last-Modified: Wed, 31 Aug 2022 16:25:09 GMT
ETag: "cb3aff7c886e4f72a98172b873b5e62d"
Accept-Ranges: bytes
Server: AmazonS3
Content-Length: 2586
Date: Fri, 09 Sep 2022 06:55:06 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 80x80, components 3\012- data
Size:   2586
Md5:    cb3aff7c886e4f72a98172b873b5e62d
Sha1:   33de244dcb4db4abe54b6508ae8d1546eb279aa5
Sha256: d22825c9a1ff2c18506f0c2c3abaf3bb77f8352ba7bd410d50d35f20adbab08e
                                        
                                            GET /landings/273765/1661963103/images/5-eu.jpg HTTP/1.1 
Host: cdn-dimi.akamaized.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odzrea.speciaidates.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         184.31.15.67
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
x-amz-id-2: 6iWi3sWySj6/EWhv6PgcTDgVFxSRpx/YDAHitaEzq9L0U9FmBkEbrlv92510y0y8c/XHDNOJjng=
x-amz-request-id: F9WDSERE4BECRZFH
Last-Modified: Wed, 31 Aug 2022 16:25:09 GMT
ETag: "27109a247208262e6293950ca8f5450d"
Accept-Ranges: bytes
Server: AmazonS3
Content-Length: 2879
Date: Fri, 09 Sep 2022 06:55:06 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 80x80, components 3\012- data
Size:   2879
Md5:    27109a247208262e6293950ca8f5450d
Sha1:   cea89616d15ad45a0f2b04082dff608abd96b800
Sha256: 86755df878f9f09c1b06deb1ac049db77b1931d3b0f650548fac960b3fedaa96
                                        
                                            GET /landings/273765/1661963103/images/6-eu.jpg HTTP/1.1 
Host: cdn-dimi.akamaized.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odzrea.speciaidates.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         184.31.15.67
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
x-amz-id-2: p4KQwSUBiRBHj2ijBwbtEkE4ZtzjgO7nxcwVxFRT/q9VJmUyICpUKDY/eWT9sbN09uOj8XLDAZ4=
x-amz-request-id: F9W6XGJ9G6HXASF3
Last-Modified: Wed, 31 Aug 2022 16:25:09 GMT
ETag: "9a6870069cb979e16b239f9ed485fb3c"
Accept-Ranges: bytes
Server: AmazonS3
Content-Length: 3256
Date: Fri, 09 Sep 2022 06:55:06 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 80x80, components 3\012- data
Size:   3256
Md5:    9a6870069cb979e16b239f9ed485fb3c
Sha1:   c1dc7f3620c8cc391648c550f91b269b04d3c612
Sha256: 3e280ac6e0be5142f62957076a5c99e792eb61533e23f33b165aea4d522de818
                                        
                                            GET /landings/273765/1661963103/images/shield.svg HTTP/1.1 
Host: cdn-dimi.akamaized.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odzrea.speciaidates.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         184.31.15.67
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
x-amz-id-2: FweeJs5sa1j24Hod7hADNgHMgLg/KRGNheTO8VrhDE2X0TVw6AcDkrSTmx/ymPxIWe055v9K0KY=
x-amz-request-id: F9W2ET6CHV5HJFTQ
Last-Modified: Wed, 31 Aug 2022 16:25:09 GMT
ETag: "0c7a0dfd64cf020cd8a6dc0c3df1dbdf"
Accept-Ranges: bytes
Server: AmazonS3
Content-Length: 1539
Date: Fri, 09 Sep 2022 06:55:06 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (310)
Size:   1539
Md5:    0c7a0dfd64cf020cd8a6dc0c3df1dbdf
Sha1:   f705635388aebebae1223d828c38233067f28ab1
Sha256: 856fdb53067254df9495660a355e5ed91936803b567867f1053ce5fb97107888
                                        
                                            GET /landings/273765/1661963103/images/password.svg HTTP/1.1 
Host: cdn-dimi.akamaized.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odzrea.speciaidates.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         184.31.15.67
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
x-amz-id-2: /Erm3q6sAF7XvmYcjwSuDUPB+MIZap9gVDg3OCZT6eqVhwaGuLM/04DLmKzcy/QIEtYUYqgBwoU=
x-amz-request-id: PCD7EWRRAR6CND40
Last-Modified: Wed, 31 Aug 2022 16:25:09 GMT
ETag: "f42aef7f97d4c9bdb074673081f38ac7"
Accept-Ranges: bytes
Server: AmazonS3
Content-Length: 1339
Date: Fri, 09 Sep 2022 06:55:06 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (330)
Size:   1339
Md5:    f42aef7f97d4c9bdb074673081f38ac7
Sha1:   0231df782e371d139c826e091279acd9a07e691c
Sha256: 5fca7f589cd825e1f152e0a1677d6cbd0a3ee3ecde05905d572af87e8b453eac
                                        
                                            GET /landings/273765/1661963103/images/8-eu.jpg HTTP/1.1 
Host: cdn-dimi.akamaized.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odzrea.speciaidates.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         184.31.15.67
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
x-amz-id-2: jPGCXKSV14aPyyZMWKknTby98sAhYwYYYTywpsh7g8MLqWIEcRqrpWHWX43Bcj6IX5bXfv2cN90=
x-amz-request-id: 5V09H78Q9WA9Y4K0
Last-Modified: Wed, 31 Aug 2022 16:25:09 GMT
ETag: "41bbda91cef3f22db1d45d66f7ca0961"
Accept-Ranges: bytes
Server: AmazonS3
Content-Length: 2458
Date: Fri, 09 Sep 2022 06:55:06 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 80x80, components 3\012- data
Size:   2458
Md5:    41bbda91cef3f22db1d45d66f7ca0961
Sha1:   e2f8f56674e0180063a4f8287931dc0b273baf8e
Sha256: d0f8fe31f17be4afd352a60628de61eef59ee08ac0ecddac9cfe4e4a504f4f0e
                                        
                                            GET /landings/273765/1661963103/images/blocked-icon.png HTTP/1.1 
Host: cdn-dimi.akamaized.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odzrea.speciaidates.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         184.31.15.67
HTTP/1.1 200 OK
Content-Type: image/png
                                        
x-amz-id-2: 54i9gnTCz9tdpc/Wk6UGKT2JP0Qr/JPtQAWlPx+wUF7YY4vu1aXQzDtn7DeBfd2l43PQanox0z0=
x-amz-request-id: 5V070QMNZ85K884Q
Last-Modified: Wed, 31 Aug 2022 16:25:08 GMT
ETag: "dd7797e823529164e0f6fc39efd2376a"
Accept-Ranges: bytes
Server: AmazonS3
Content-Length: 303
Date: Fri, 09 Sep 2022 06:55:06 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"


--- Additional Info ---
Magic:  PNG image data, 22 x 28, 8-bit colormap, non-interlaced\012- data
Size:   303
Md5:    dd7797e823529164e0f6fc39efd2376a
Sha1:   d6c98e421a97f34945f94861eeba4a9f00376b50
Sha256: c8eef62a31b18850097e892dc99ce4af5a795f451f424148f8463bd6b0162521
                                        
                                            GET /landings/273765/1661963103/images/logo.svg HTTP/1.1 
Host: cdn-dimi.akamaized.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odzrea.speciaidates.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         184.31.15.67
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
x-amz-id-2: ix8cWu4xenKoUjStxpQhCeNrM/xcq9RADVu+54xvDMhaUH5EBYTE2mkobbbrE19OWqEkJB9/ots=
x-amz-request-id: QS0CQNEZ7NGG1YTC
Last-Modified: Wed, 31 Aug 2022 16:25:08 GMT
ETag: "8c7ac40cbb3b09d628f0e04da43a597e"
Accept-Ranges: bytes
Server: AmazonS3
Content-Length: 7208
Date: Fri, 09 Sep 2022 06:55:06 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (4317)
Size:   7208
Md5:    8c7ac40cbb3b09d628f0e04da43a597e
Sha1:   8a3bd6042a1ce39c2bc59f90299894b0e5c2d64c
Sha256: 29b773e1e21f12741ab91bf1550e128ba699284a81350329ecacc38e9875e3d1
                                        
                                            GET /landings/273765/1661963103/images/poster_alt2.jpg HTTP/1.1 
Host: cdn-dimi.akamaized.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odzrea.speciaidates.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         184.31.15.67
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
x-amz-id-2: lufw848y5bFJLVLGEhygV3f7yGb1Od/X4lxlY8PwNhZSRdJHPZ9/3usnM0TCJL9K/uJKgdT8V44=
x-amz-request-id: PCD39NHSJPPYFPQ7
Last-Modified: Wed, 31 Aug 2022 16:25:10 GMT
ETag: "ede102f18b2c145f552919e17fe24301"
Accept-Ranges: bytes
Server: AmazonS3
Content-Length: 24209
Date: Fri, 09 Sep 2022 06:55:06 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 622x720, components 3\012- data
Size:   24209
Md5:    ede102f18b2c145f552919e17fe24301
Sha1:   ba53d2eb76da4da2faf4e1025e7ca3ab0c187733
Sha256: 18ab56d668596cdcdcf9b1fc56810635b4a84dfab986efea31f1141e9cffa21c
                                        
                                            GET /landings/273765/1661963103/images/2-eu.jpg HTTP/1.1 
Host: cdn-dimi.akamaized.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odzrea.speciaidates.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         184.31.15.67
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
x-amz-id-2: B5lx6fZNTx1UB54cGc76N72sJW857fZ2cTaSwWT8qsPAi6FNbG+QI4UWYFcSe39qiYN7llAjR68=
x-amz-request-id: F9WESTQ09DQDD42X
Last-Modified: Wed, 31 Aug 2022 16:25:08 GMT
ETag: "66b6dc51bd19c799dcadf1dbeb628d9c"
Accept-Ranges: bytes
Server: AmazonS3
Content-Length: 2009
Date: Fri, 09 Sep 2022 06:55:06 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 80x80, components 3\012- data
Size:   2009
Md5:    66b6dc51bd19c799dcadf1dbeb628d9c
Sha1:   ff7fe6049e944186764bfc5041d624ec11f8d362
Sha256: d3c1502509ae60909fe60c46cc58c41c1a9fe53ee7aeffb92d37a074ba8550f0
                                        
                                            GET /landings/273765/1661963103/images/card-2.png HTTP/1.1 
Host: cdn-dimi.akamaized.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odzrea.speciaidates.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         184.31.15.67
HTTP/1.1 200 OK
Content-Type: image/png
                                        
x-amz-id-2: vbahFq4UtRmOZI2ucCwcQ+oKNtNiaKuCITA0KygWanZnhOou58z07nikMqdadUS6qusJSZzDrAU=
x-amz-request-id: PCD9QZ9ND8D44GCV
Last-Modified: Wed, 31 Aug 2022 16:25:06 GMT
ETag: "97fdbd5fd4286a683fb7fe2dacc9ae04"
Accept-Ranges: bytes
Server: AmazonS3
Content-Length: 9344
Date: Fri, 09 Sep 2022 06:55:06 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"


--- Additional Info ---
Magic:  PNG image data, 184 x 280, 8-bit colormap, non-interlaced\012- data
Size:   9344
Md5:    97fdbd5fd4286a683fb7fe2dacc9ae04
Sha1:   5f3b04b7d2ebe334031cdb54ce265445ea201be2
Sha256: 8dafaa1ff9a2fc6b98aa7b248d5b0a282a16fac520aac86429850891c7d4cbbb
                                        
                                            GET /landings/273765/1661963103/images/card-4.png HTTP/1.1 
Host: cdn-dimi.akamaized.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odzrea.speciaidates.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         184.31.15.67
HTTP/1.1 200 OK
Content-Type: image/png
                                        
x-amz-id-2: EU+fLaWqmDUW2fEZMZ4WPf3sNrhZKJ83D8h1VQHKmm+fMml//WE3yH4d9PNbhNoucx5KuzoQYrI=
x-amz-request-id: PCD41KVK8NQF5YH5
Last-Modified: Wed, 31 Aug 2022 16:25:06 GMT
ETag: "2c064aae31305ad28aec8cd38499d9de"
Accept-Ranges: bytes
Server: AmazonS3
Content-Length: 8321
Date: Fri, 09 Sep 2022 06:55:06 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"


--- Additional Info ---
Magic:  PNG image data, 184 x 280, 8-bit colormap, non-interlaced\012- data
Size:   8321
Md5:    2c064aae31305ad28aec8cd38499d9de
Sha1:   c0e3e307a3fbfc0b8072fa625e80e9ccf6e90320
Sha256: f1abc5e31c804b10bcabdeddd2f4d4147e4727e9fdfe264654e87aabb6a031a6
                                        
                                            GET /landings/273765/1661963103/images/7-eu.jpg HTTP/1.1 
Host: cdn-dimi.akamaized.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odzrea.speciaidates.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         184.31.15.67
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
x-amz-id-2: qEmKafCJGgr75n59tUggqYjipj78ZVksBt86tb7aL9y/HA8NOBbQXZPzgbsaJy+QHBMJnBZaqyc=
x-amz-request-id: 5V03PA03HXFNADEZ
Last-Modified: Wed, 31 Aug 2022 16:25:09 GMT
ETag: "8155d8ecc7dc2d9b29cf99ab85c3d2a8"
Accept-Ranges: bytes
Server: AmazonS3
Content-Length: 2282
Date: Fri, 09 Sep 2022 06:55:06 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 80x80, components 3\012- data
Size:   2282
Md5:    8155d8ecc7dc2d9b29cf99ab85c3d2a8
Sha1:   ba784563c7787760b318af24ea274ad6df2c5b89
Sha256: 7e368b2c331e65b43d9e6977dde473b4ee4ed25f0253e0d086ca676438b97d27
                                        
                                            GET /landings/273765/1661963103/images/card-5.png HTTP/1.1 
Host: cdn-dimi.akamaized.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odzrea.speciaidates.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         184.31.15.67
HTTP/1.1 200 OK
Content-Type: image/png
                                        
x-amz-id-2: qEz1VHts9EuBVL5Orhlzej83HS5Qo3hEr2/KNHw0vUWpgKAN5jWCRpBsCJr5sALWg/6Ig2Adpsg=
x-amz-request-id: PCDA6SCCSJE5X3ZJ
Last-Modified: Wed, 31 Aug 2022 16:25:06 GMT
ETag: "40de263f2f3e4ff12149f2e93a668533"
Accept-Ranges: bytes
Server: AmazonS3
Content-Length: 8400
Date: Fri, 09 Sep 2022 06:55:06 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"


--- Additional Info ---
Magic:  PNG image data, 184 x 280, 8-bit colormap, non-interlaced\012- data
Size:   8400
Md5:    40de263f2f3e4ff12149f2e93a668533
Sha1:   aa4e908ffaf7ed99c52d8af0e46690cf4df8a1d3
Sha256: a5518dda847b7093a2c72b207f3143cc0198f5e4e52c37d74ab32e90c6f29aa5
                                        
                                            GET /landings/273765/1661963103/images/card-3.png HTTP/1.1 
Host: cdn-dimi.akamaized.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odzrea.speciaidates.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         184.31.15.67
HTTP/1.1 200 OK
Content-Type: image/png
                                        
x-amz-id-2: zeSi24hWvYHMwMtMctEBaybHTLGq7mAS0eoCo++GrQyAy6DLTleHCrc3OzlKxOmrFQZaGWdWb0I=
x-amz-request-id: PCDC7DS8TG6ZQ9DM
Last-Modified: Wed, 31 Aug 2022 16:25:06 GMT
ETag: "efe7dcd66d5ef0c7f85a57e0e453ef94"
Accept-Ranges: bytes
Server: AmazonS3
Content-Length: 9015
Date: Fri, 09 Sep 2022 06:55:06 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"


--- Additional Info ---
Magic:  PNG image data, 184 x 280, 8-bit colormap, non-interlaced\012- data
Size:   9015
Md5:    efe7dcd66d5ef0c7f85a57e0e453ef94
Sha1:   c2dcb1d3c1883a7500cf3956b1a86f3120acef74
Sha256: a1317f032be5cb4cd2141aa0df1446394e2841fc5d76b83c38e3fdca5058bdae
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 09 Sep 2022 06:55:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /css2?family=Inter:wght@400;500;600;700&display=swap HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn-dimi.akamaized.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.10
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 09 Sep 2022 06:55:06 GMT
date: Fri, 09 Sep 2022 06:55:06 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   2393
Md5:    608afe2541fcd261d85632ed39cce583
Sha1:   f96ed89bc8ba4b7c809e047f9f6d41503ab034e5
Sha256: 8120572cd49f2288ded87867d4970311dbc4f885d7adc6bb4bb8a4c4e30bbe97
                                        
                                            GET /landings/273765/1661963103/images/poster_alt.jpg HTTP/1.1 
Host: cdn-dimi.akamaized.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn-dimi.akamaized.net/landings/273765/1661963103/css/style.css?1661963104
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         184.31.15.67
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
x-amz-id-2: sqvdGTOWFMQFz8iKH9dCy95kghnJJ6uPV9Sr1DR8S4AxXtdGSB1wAPvteghS7vkdwk6h1Trn+1E=
x-amz-request-id: F9WARRPTQ9DP8YZ8
Last-Modified: Wed, 31 Aug 2022 16:25:07 GMT
ETag: "e5f8511eeaa81d41b49a476ba6faed4c"
Accept-Ranges: bytes
Server: AmazonS3
Content-Length: 12312
Date: Fri, 09 Sep 2022 06:55:06 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 375x779, components 3\012- data
Size:   12312
Md5:    e5f8511eeaa81d41b49a476ba6faed4c
Sha1:   1676dae39aa9de9acf19a742f7100c68d3a30581
Sha256: 5d3d02ee61c7766afba36ef11b030daa59dcd9ea2ad38fb2a8c84724ecaf34e0
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 09 Sep 2022 06:55:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 09 Sep 2022 06:55:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 09 Sep 2022 06:55:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /s/inter/v12/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://odzrea.speciaidates.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.163
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 37924
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 08 Sep 2022 06:03:56 GMT
expires: Fri, 08 Sep 2023 06:03:56 GMT
cache-control: public, max-age=31536000
age: 89470
last-modified: Mon, 11 Jul 2022 20:54:46 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 37924, version 1.0\012- data
Size:   37924
Md5:    e08be6d5d433944f7ad52902e4d24db5
Sha1:   e2600c1d60d12d397b3ee44411a021231d71e974
Sha256: 450f3ba4e47ee174bd9692b396f264b907d37d2528f53911760f3d0edb785f7e
                                        
                                            GET /landings/273765/1661963103/images/1.mp4 HTTP/1.1 
Host: cdn-dimi.akamaized.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=1409024-
Connection: keep-alive
Referer: https://odzrea.speciaidates.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         184.31.15.67
HTTP/1.1 206 Partial Content
Content-Type: video/mp4
                                        
x-amz-id-2: BXOBJmYu4Cgdcr5kN0MLrnOvDp3dqHGJrDqp5BEZdx2TITt3UUmsCg1zwE8uC0PIEjqROoF/R3g=
x-amz-request-id: 5V0A03NM3T9QJ0WR
Last-Modified: Wed, 31 Aug 2022 16:25:09 GMT
ETag: "9bcfa52d111b14fc68090d2456c0ef1b"
Accept-Ranges: bytes
Server: AmazonS3
Date: Fri, 09 Sep 2022 06:55:06 GMT
Content-Range: bytes 1409024-1432429/1432430
Content-Length: 23406
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"


--- Additional Info ---
Magic:  data
Size:   23406
Md5:    cde05e3f7ff171d68d630b596984b7af
Sha1:   96dbcecbb223b67d56b030bd1c043ce50438ca34
Sha256: 4abc58824bec1b66f85b3d96dcbca31e9cab7f22550664a251354913350d9d2f
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 09 Sep 2022 06:55:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /images/favicon.ico HTTP/1.1 
Host: cdn-dimi.akamaized.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odzrea.speciaidates.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         184.31.15.67
HTTP/1.1 200 OK
Content-Type: image/x-icon
                                        
x-amz-id-2: 3PLd1JbxzMUZnvLfJ08LlqJVa0X1bm3g8lDKKuDaPcpHRGpUOyvL763tb+Zgy/zeSb8kMvb/P10=
x-amz-request-id: 2XWP9N688THY1C8H
Last-Modified: Wed, 07 Nov 2018 08:41:38 GMT
ETag: "4cdf3256cd7b8ec3917adb79d6bf457e"
Accept-Ranges: bytes
Server: AmazonS3
Content-Length: 4103
Date: Fri, 09 Sep 2022 06:55:06 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"


--- Additional Info ---
Magic:  PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced\012- data
Size:   4103
Md5:    4cdf3256cd7b8ec3917adb79d6bf457e
Sha1:   bc615337e9223183a126c8fb649774866fb53e69
Sha256: fbfff44a653dc193b93620f1035d221d3aaddf3238742270b3385482986ef7f0
                                        
                                            GET /landings/273765/1661963103/images/1.mp4 HTTP/1.1 
Host: cdn-dimi.akamaized.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=196608-
Connection: keep-alive
Referer: https://odzrea.speciaidates.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         184.31.15.67
HTTP/1.1 206 Partial Content
Content-Type: video/mp4
                                        
x-amz-id-2: BXOBJmYu4Cgdcr5kN0MLrnOvDp3dqHGJrDqp5BEZdx2TITt3UUmsCg1zwE8uC0PIEjqROoF/R3g=
x-amz-request-id: 5V0A03NM3T9QJ0WR
Last-Modified: Wed, 31 Aug 2022 16:25:09 GMT
ETag: "9bcfa52d111b14fc68090d2456c0ef1b"
Accept-Ranges: bytes
Server: AmazonS3
Date: Fri, 09 Sep 2022 06:55:06 GMT
Content-Range: bytes 196608-1432429/1432430
Content-Length: 1235822
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"


--- Additional Info ---
Magic:  data
Size:   1235822
Md5:    a14c50402659a5ead77bb48b0a8f7d45
Sha1:   72d88acb9992cb0667ab0590c103ab87db4811d4
Sha256: 09c4e1624550426bf2b57fee43c7d483720daae12e39c4a479a117a0bafa8ee2
                                        
                                            GET /tds/rsl?tdsId=s3677ser_r&tds_campaign=s3677ser&utm_source=arba&utm_campaign=27bc27d8&utm_term=mob_ext_nor_pop&s1=arb&data2=3j9uWzjACeY&s2=0&utm_content=0&p1=422238_&p5=428632&p7=* HTTP/1.1 
Host: dates-for-flirt.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fancycrab.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         35.156.235.222
HTTP/2 302 Found
                                        
date: Fri, 09 Sep 2022 06:55:05 GMT
location: https://r.goaffmy.com/click?sub1=3681e0961601d8726d3f3651a3c4bba3cffa0bda&pid=3739&offer_id=2606&sub2=b6659ser
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
accept-ch: UA, Platform, Model, Mobile, Arch
set-cookie: dci=00e68ec1bdc7802c59e435a1250677881dbb4049; Max-Age=31536000; Domain=.dates-for-flirt.com; Path=/; Expires=Sat, 09 Sep 2023 06:55:05 GMT; Secure; SameSite=None dm=fe450dd0d1dadc615429144d33241f42; Max-Age=432000; Path=/; Expires=Wed, 14 Sep 2022 06:55:05 GMT
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /js/pushjs/1.0.0/subscriber.js HTTP/1.1 
Host: odzrea.speciaidates.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odzrea.speciaidates.com/c/1e3a4e532f1c7040?s1=116914&s2=1419167&s3=48945&s5=backuser&click_id=37_48945_4177_664a484a32e46d24f5175de968741451&iexpp=1&j1=1&j8=1
Cookie: unique_id=631a5db80004bf00; unique_id2=631ae34a000fbdd6; 631ae34a000fbdd6_c=1; ref_token=144562_120749_116914; impression=; 631ae34a000fbdd6_sl=[273765]
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         52.19.101.114
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Fri, 09 Sep 2022 06:55:06 GMT
expires: Fri, 16 Sep 2022 06:55:06 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /js/pushjs/1.0.0/utils.js HTTP/1.1 
Host: odzrea.speciaidates.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odzrea.speciaidates.com/c/1e3a4e532f1c7040?s1=116914&s2=1419167&s3=48945&s5=backuser&click_id=37_48945_4177_664a484a32e46d24f5175de968741451&iexpp=1&j1=1&j8=1
Cookie: unique_id=631a5db80004bf00; unique_id2=631ae34a000fbdd6; 631ae34a000fbdd6_c=1; ref_token=144562_120749_116914; impression=; 631ae34a000fbdd6_sl=[273765]
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         52.19.101.114
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Fri, 09 Sep 2022 06:55:06 GMT
expires: Fri, 16 Sep 2022 06:55:06 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /landings/273765/1661963103/images/1.mp4 HTTP/1.1 
Host: cdn-dimi.akamaized.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://odzrea.speciaidates.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         184.31.15.67
HTTP/1.1 206 Partial Content
Content-Type: video/mp4
                                        
x-amz-id-2: BXOBJmYu4Cgdcr5kN0MLrnOvDp3dqHGJrDqp5BEZdx2TITt3UUmsCg1zwE8uC0PIEjqROoF/R3g=
x-amz-request-id: 5V0A03NM3T9QJ0WR
Last-Modified: Wed, 31 Aug 2022 16:25:09 GMT
ETag: "9bcfa52d111b14fc68090d2456c0ef1b"
Accept-Ranges: bytes
Server: AmazonS3
Date: Fri, 09 Sep 2022 06:55:06 GMT
Content-Range: bytes 0-1432429/1432430
Content-Length: 1432430
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"


--- Additional Info ---
                                        
                                            GET /js/service-worker.js HTTP/1.1 
Host: odzrea.speciaidates.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: unique_id=631a5db80004bf00; unique_id2=631ae34a000fbdd6; 631ae34a000fbdd6_c=1; ref_token=144562_120749_116914; impression=; 631ae34a000fbdd6_sl=[273765]
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                         
                                         52.19.101.114
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Fri, 09 Sep 2022 06:55:06 GMT
expires: Fri, 16 Sep 2022 06:55:06 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /c/1e3a4e532f1c7040?s1=116914&s2=1419167&s3=48945&s5=6bf88c65-a931-4e34-ae1f-07a6fb81850d&click_id=37_48945_4177_664a484a32e46d24f5175de968741451&j1=1&j8=1 HTTP/1.1 
Host: odzrea.speciaidates.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.gkrtmc.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         52.19.101.114
HTTP/2 200 OK
content-type: text/html; charset=utf-8
                                        
server: nginx
date: Fri, 09 Sep 2022 06:55:06 GMT
set-cookie: unique_id=631a5db80004bf00; Path=/; Expires=Tue, 08 Nov 2022 06:55:06 GMT; Secure; SameSite=None unique_id2=631ae34a000fbdd6; Path=/; Expires=Thu, 08 Dec 2022 06:55:06 GMT; Secure; SameSite=None 631ae34a000fbdd6_c=1; Path=/; Expires=Thu, 08 Dec 2022 06:55:06 GMT; Secure; SameSite=None ref_token=144562_120749_116914; Path=/; Expires=Sun, 09 Oct 2022 06:55:06 GMT; Secure; SameSite=None impression=; Path=/; Expires=Fri, 09 Sep 2022 06:55:06 GMT; Secure; SameSite=None 631ae34a000fbdd6_sl=[273765]; Path=/; Expires=Fri, 23 Sep 2022 06:55:06 GMT; Secure; SameSite=None
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---