r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a2104f935c638b4767ca5ae0d738ef23
85c6af15af749be0ceeae6de17c36925b750f166
5d4789a3696bd7faa9916768cb627bbc89bf70a756d80e53860cbac13c2bc8b1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5D4789A3696BD7FAA9916768CB627BBC89BF70A756D80E53860CBAC13C2BC8B1"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8999
Expires: Sun, 29 Jan 2023 19:51:18 GMT
Date: Sun, 29 Jan 2023 17:21:19 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 81dd5c5cc5b3278876cb44dcb520a60f
c0511a59e9eccdcdda98717b87c89c5d59974808
41736c303afdb3d31e48724b107dcb22883cae02f3562308eb52d9164001a2de
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "41736C303AFDB3D31E48724B107DCB22883CAE02F3562308EB52D9164001A2DE"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11415
Expires: Sun, 29 Jan 2023 20:31:34 GMT
Date: Sun, 29 Jan 2023 17:21:19 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 302c7548412192add063ad6c8b99cf3b
e5d178931a27db036ce8daae302594d3ff7050b8
fc2bd9091006189e67e8074093805ee5492ce16e1dbfba32e083abeeae34969d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FC2BD9091006189E67E8074093805EE5492CE16E1DBFBA32E083ABEEAE34969D"
Last-Modified: Sat, 28 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4201
Expires: Sun, 29 Jan 2023 18:31:20 GMT
Date: Sun, 29 Jan 2023 17:21:19 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Retry-After, Content-Type, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 29 Jan 2023 16:35:38 GMT
content-type: application/json
age: 2741
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: rJcQVFRFGXPTZ3cxuLiGyPCMrjKoPveHHNgnml+oQI/x5oNmylFTywqAFJHI54RPteNEBX7z1JA=
x-amz-request-id: 29NGM2VWPBXFT1HT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 29 Jan 2023 16:21:27 GMT
age: 3592
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 17:21:19 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Last-Modified, ETag, Content-Length, Expires, Cache-Control, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 29 Jan 2023 16:41:41 GMT
age: 2379
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 16a7b6a7128312e2f985d30df18c4487
6017bff79ffb525d9c7f9f32b999b74b5dc69602
663fd12209627f08e759c2ed1c76278a5da79dae1e0b46082dd1bb44775f7a16
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "663FD12209627F08E759C2ED1C76278A5DA79DAE1E0B46082DD1BB44775F7A16"
Last-Modified: Fri, 27 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9970
Expires: Sun, 29 Jan 2023 20:07:30 GMT
Date: Sun, 29 Jan 2023 17:21:20 GMT
Connection: keep-alive
push.services.mozilla.com/
35.164.216.3101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.164.216.3:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: XOnql4q2g61hmTyGYHKRuw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: pvfqEEOoOap1jb0yVrhFEIpc09M=
netflox.de/
64.190.63.111200 OK 1.3 kB IP 64.190.63.111:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (756)
Hash 75d53142345fe082359a8f5c5dc44518
9c70ab578f46f75b3d8d09604546e39b410ecf60
c23518b19247293ea0dac22d279430371e3a87c25b27cb010b81d5e8016e703f
Analyzer Verdict Alert fortinet Phishing
GET / HTTP/1.1
Host: netflox.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
date: Sun, 29 Jan 2023 17:21:21 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
vary: Accept-Encoding
x-powered-by: PHP/8.1.9
expires: Mon, 26 Jul 1997 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_t0WJvrSoHxtNWP4IBnYvhWNuxQ3kDCNKBiS24ml0mTFjdLWb58DyCEY72CcjrTn1plRNqyoJQasiEUJXXIaLGQ==
last-modified: Sun, 29 Jan 2023 17:21:19 GMT
x-cache-miss-from: parking-7649dfd87f-24nt6
server: NginX
content-encoding: gzip
img.sedoparking.com/images/js_preloader.gif
205.234.175.175200 OK 4.3 kB URL HTTP/1.1 img.sedoparking.com/images/js_preloader.gif
IP 205.234.175.175:0
File type GIF image data, version 89a, 16 x 16\012- data
Hash 90c93102a88c2ab94bff1575b7a6e86e
56d71bf13de464534643db9d127629a0a3bf677a
5f6ad7031600056b578a6e8c6b34bc718d13125cc8256aa4a9050e549576f81a
GET /images/js_preloader.gif HTTP/1.1
Host: img.sedoparking.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://netflox.de/
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 17:21:21 GMT
Content-Type: image/gif
Content-Length: 4254
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=604800
Expires: Sun, 05 Feb 2023 17:21:21 GMT
X-CFHash: "90c93102a88c2ab94bff1575b7a6e86e"
X-CFF: B
Last-Modified: Fri, 15 Mar 2019 12:24:07 GMT
X-CF3: M
CF4Age: 0
x-cf-tsc: 1672141863
CF4ttl: 31536000.000
X-CF2: H
Server: CFS 0215
X-CF-ReqID: d3fb4698b6f527488a84f6140468c95f
X-CF1: 11696:fA.arn1:cf:cacheN.arn1-01:H
Accept-Ranges: bytes
netflox.de/search/tsc.php?200=MzM5MDM0ODM4&21=OTEuOTAuNDIuMTU0&681=MTY3NTAxMjg4MWJiNGMxZTk3MDZlZmJhNDJiMjNlNjlkM2VkNzUwNjUy&crc=338a66a52fee8c75d5b31772c8a91bf7d750f0fd&cv=1
64.190.63.111200 OK 0 B URL HTTP/1.1 netflox.de/search/tsc.php?200=MzM5MDM0ODM4&21=OTEuOTAuNDIuMTU0&681=MTY3NTAxMjg4MWJiNGMxZTk3MDZlZmJhNDJiMjNlNjlkM2VkNzUwNjUy&crc=338a66a52fee8c75d5b31772c8a91bf7d750f0fd&cv=1
IP 64.190.63.111:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /search/tsc.php?200=MzM5MDM0ODM4&21=OTEuOTAuNDIuMTU0&681=MTY3NTAxMjg4MWJiNGMxZTk3MDZlZmJhNDJiMjNlNjlkM2VkNzUwNjUy&crc=338a66a52fee8c75d5b31772c8a91bf7d750f0fd&cv=1 HTTP/1.1
Host: netflox.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://netflox.de/
HTTP/1.1 200 OK
date: Sun, 29 Jan 2023 17:21:21 GMT
content-type: text/html; charset=UTF-8
content-length: 0
x-powered-by: PHP/8.1.9
x-cache-miss-from: parking-7649dfd87f-5kphn
server: NginX
netflox.de/search/redirect.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DYjsnqiSuV9I_0&v=Mzk2Y2I4ODcxN2E2NTA1OWNkMDI3NjM3M2NhOThjMTUJMQluZXRmbG94LmRlNjNkNmFiMGY5MWY2MjUuNTQ2NTkxMDgJbmV0ZmxveC5kZTYzZDZhYjBmOTFmOTA1Ljc3NzIwODAwCTE2NzUwMTI4ODEJYWRfNjNfMA==&l=OAkwN2M4OTY2YzgwZjQ0NWM1YmRkMGEzMmE2ZjYyYjU1NwkwCTM1CTAJYWVlMDFkZjNjMmRhMTUyODg0ZTMzOTAyODBlNWM5N2QJMzM5MDM0ODM4CW5ldGZsb3gJMAk2Mwk2CTIJMTY3NTAxMjg4MQkwLjAwNTE0MwlOCTAJMAkwCTEyMDUJMTgzNzc5MDQ1CTkxLjkwLjQyLjE1NAkw
64.190.63.111302 Found 0 B URL HTTP/1.1 netflox.de/search/redirect.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DYjsnqiSuV9I_0&v=Mzk2Y2I4ODcxN2E2NTA1OWNkMDI3NjM3M2NhOThjMTUJMQluZXRmbG94LmRlNjNkNmFiMGY5MWY2MjUuNTQ2NTkxMDgJbmV0ZmxveC5kZTYzZDZhYjBmOTFmOTA1Ljc3NzIwODAwCTE2NzUwMTI4ODEJYWRfNjNfMA==&l=OAkwN2M4OTY2YzgwZjQ0NWM1YmRkMGEzMmE2ZjYyYjU1NwkwCTM1CTAJYWVlMDFkZjNjMmRhMTUyODg0ZTMzOTAyODBlNWM5N2QJMzM5MDM0ODM4CW5ldGZsb3gJMAk2Mwk2CTIJMTY3NTAxMjg4MQkwLjAwNTE0MwlOCTAJMAkwCTEyMDUJMTgzNzc5MDQ1CTkxLjkwLjQyLjE1NAkw
IP 64.190.63.111:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /search/redirect.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DYjsnqiSuV9I_0&v=Mzk2Y2I4ODcxN2E2NTA1OWNkMDI3NjM3M2NhOThjMTUJMQluZXRmbG94LmRlNjNkNmFiMGY5MWY2MjUuNTQ2NTkxMDgJbmV0ZmxveC5kZTYzZDZhYjBmOTFmOTA1Ljc3NzIwODAwCTE2NzUwMTI4ODEJYWRfNjNfMA==&l=OAkwN2M4OTY2YzgwZjQ0NWM1YmRkMGEzMmE2ZjYyYjU1NwkwCTM1CTAJYWVlMDFkZjNjMmRhMTUyODg0ZTMzOTAyODBlNWM5N2QJMzM5MDM0ODM4CW5ldGZsb3gJMAk2Mwk2CTIJMTY3NTAxMjg4MQkwLjAwNTE0MwlOCTAJMAkwCTEyMDUJMTgzNzc5MDQ1CTkxLjkwLjQyLjE1NAkw HTTP/1.1
Host: netflox.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://netflox.de/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
date: Sun, 29 Jan 2023 17:21:21 GMT
content-type: text/html; charset=UTF-8
content-length: 0
x-powered-by: PHP/8.1.9
expires: Mon, 26 Jul 1997 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
last-modified: Sun, 29 Jan 2023 17:21:21 GMT
location: /search/tcerider.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DYjsnqiSuV9I_0&v=Mzk2Y2I4ODcxN2E2NTA1OWNkMDI3NjM3M2NhOThjMTUJMQluZXRmbG94LmRlNjNkNmFiMGY5MWY2MjUuNTQ2NTkxMDgJbmV0ZmxveC5kZTYzZDZhYjBmOTFmOTA1Ljc3NzIwODAwCTE2NzUwMTI4ODEJYWRfNjNfMA==&l=OAkwN2M4OTY2YzgwZjQ0NWM1YmRkMGEzMmE2ZjYyYjU1NwkwCTM1CTAJYWVlMDFkZjNjMmRhMTUyODg0ZTMzOTAyODBlNWM5N2QJMzM5MDM0ODM4CW5ldGZsb3gJMAk2Mwk2CTIJMTY3NTAxMjg4MQkwLjAwNTE0MwlOCTAJMAkwCTEyMDUJMTgzNzc5MDQ1CTkxLjkwLjQyLjE1NAkw
x-cache-miss-from: parking-7649dfd87f-8jz64
server: NginX
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15408
Expires: Sun, 29 Jan 2023 21:38:09 GMT
Date: Sun, 29 Jan 2023 17:21:21 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15408
Expires: Sun, 29 Jan 2023 21:38:09 GMT
Date: Sun, 29 Jan 2023 17:21:21 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15408
Expires: Sun, 29 Jan 2023 21:38:09 GMT
Date: Sun, 29 Jan 2023 17:21:21 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8d4cfe7c-2bbe-4efd-b73a-59ea603c332f.jpeg
34.120.237.76200 OK 5.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8d4cfe7c-2bbe-4efd-b73a-59ea603c332f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4c77437e3a7361861aed8bfecbfe6bd6
fefd238c13c0fdfb7d964c90fcc8a8cbbf953034
282d15c443cb6232ae0a30046a0dc24360617355a4651cdba59b11e6f7313d8a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8d4cfe7c-2bbe-4efd-b73a-59ea603c332f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5594
x-amzn-requestid: d56c9b84-dc1f-4d5c-91bf-7db55058bf67
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fLyeEGOloAMFpzA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ce3126-5013a6b971d6800c5c85a4eb;Sampled=0
x-amzn-remapped-date: Mon, 23 Jan 2023 07:03:02 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: D2ZAelkDgsd0wjoOSoPRwTzhozs84_aIcgwU-QmbDrTnHztVD0VL_A==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 05:26:16 GMT
age: 42905
etag: "fefd238c13c0fdfb7d964c90fcc8a8cbbf953034"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg
34.120.237.76200 OK 4.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4205d8106659e00fff1cbe9262918b8c
ab4f6528594a1725934727dc7d834c028a79c609
31f1a28602a194bd0856495d4d81d5c72cd7ff4e5bad6bdd1a31ec3041f4a2cc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4475
x-amzn-requestid: b7b272d6-3089-4f33-89b5-5cb388640e10
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_e6HsaIAMF5Lg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d445f8-1789f7f4264270916da323db;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:45:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 4jPbm4WufkUKm7ljLvpHrJUFhr-JQ_nl3iYfI5S8nTqEszFdUtz9EQ==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 05:24:09 GMT
etag: "ab4f6528594a1725934727dc7d834c028a79c609"
content-type: image/jpeg
age: 43032
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc7f9ffe5-495a-4f90-a1f3-01e6bafe9287.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc7f9ffe5-495a-4f90-a1f3-01e6bafe9287.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d8744995437fb5a3fa77a14c2e72ac6f
f8ad682561dd204e1193bd6ea1fb7e8eccd51610
76445eced51bce8532ffd0ef6131b5c6d8f38a15267bcad99767795f9191efd9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc7f9ffe5-495a-4f90-a1f3-01e6bafe9287.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10213
x-amzn-requestid: f95cebd1-4305-4dda-b750-4801a441a6a5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_vkFR5oAMFQQA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d44663-59ba391e439557731d323660;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:47:15 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: XR5NrPkuizerZFKPiaAF9TWk8RNPKJIwymg928epIbo3kaTvPj_Lmg==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 28 Jan 2023 22:05:06 GMT
age: 69375
etag: "f8ad682561dd204e1193bd6ea1fb7e8eccd51610"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9a423a9-16ee-4e3f-b9b4-34f6a469aba9.jpeg
34.120.237.76200 OK 9.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9a423a9-16ee-4e3f-b9b4-34f6a469aba9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3be81f83687ddb6c93d3ff3c09a9dba2
50a48e737310d3f31840db4301b25927fbcc12c5
e78c909e2381898e7f546183784a05dff47c31734c95358aaada8c2777ad47be
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9a423a9-16ee-4e3f-b9b4-34f6a469aba9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9167
x-amzn-requestid: e6e0789c-a4a9-4ffa-a0ae-691770d1035b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fPF9YEBmIAMF0kQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cf8388-01d2093432d3959903671a69;Sampled=0
x-amzn-remapped-date: Tue, 24 Jan 2023 07:06:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: awfNeaKbFw2bjiTGwUrwUTxU-qbVS2eTjn948H8kn1hy7pi_DwLMlQ==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 28 Jan 2023 17:35:56 GMT
age: 85525
etag: "50a48e737310d3f31840db4301b25927fbcc12c5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdf6aeac1-fd74-4724-86b5-f0e86d98c915.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdf6aeac1-fd74-4724-86b5-f0e86d98c915.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 43c4a8e963936a8064dbd2bd3c67b905
8508727c97127c98b886833af28b3470306216c2
070c29fe7c0a227029483d675eac863904ab6b291467acdf62167f4845699c21
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdf6aeac1-fd74-4724-86b5-f0e86d98c915.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8652
x-amzn-requestid: 5a5a883e-d7d4-4fc5-925a-3a95830c504e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fVguyG7BIAMFm8g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d214c4-390b59a32060e41203533c58;Sampled=0
x-amzn-remapped-date: Thu, 26 Jan 2023 05:51:00 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ewSsCY4u9DwRtaj00U9JCim9tYeCgHRuIQFpdHm4ttI6L02-e44iDQ==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Sat, 28 Jan 2023 23:11:24 GMT
age: 65397
etag: "8508727c97127c98b886833af28b3470306216c2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fce27f1aa-8d31-4110-a47f-73de0b95926d.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fce27f1aa-8d31-4110-a47f-73de0b95926d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 10a6491e2c1dfde68c7cd7297e70700f
d0f195319825a6d3e5e50ad15b2fcab27cb65896
4d9353d5874e5ea03c25e1562db5f479c222a48db526fdd10ede7c2e6a4dd874
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fce27f1aa-8d31-4110-a47f-73de0b95926d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11470
x-amzn-requestid: 62d61967-9380-4ca9-b11a-531425dbd2ae
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fIf6WFgAIAMF6gw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cce042-6d9fe51029094b7f37c0a648;Sampled=0
x-amzn-remapped-date: Sun, 22 Jan 2023 07:05:38 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: rUIvvkZQ028ey3klplI-x9oZFugon5HsAWT-SN2GQo5hBeBJWqoMAg==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Sat, 28 Jan 2023 23:12:28 GMT
age: 65333
etag: "d0f195319825a6d3e5e50ad15b2fcab27cb65896"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
netflox.de/search/tcerider.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DYjsnqiSuV9I_0&v=Mzk2Y2I4ODcxN2E2NTA1OWNkMDI3NjM3M2NhOThjMTUJMQluZXRmbG94LmRlNjNkNmFiMGY5MWY2MjUuNTQ2NTkxMDgJbmV0ZmxveC5kZTYzZDZhYjBmOTFmOTA1Ljc3NzIwODAwCTE2NzUwMTI4ODEJYWRfNjNfMA==&l=OAkwN2M4OTY2YzgwZjQ0NWM1YmRkMGEzMmE2ZjYyYjU1NwkwCTM1CTAJYWVlMDFkZjNjMmRhMTUyODg0ZTMzOTAyODBlNWM5N2QJMzM5MDM0ODM4CW5ldGZsb3gJMAk2Mwk2CTIJMTY3NTAxMjg4MQkwLjAwNTE0MwlOCTAJMAkwCTEyMDUJMTgzNzc5MDQ1CTkxLjkwLjQyLjE1NAkw
64.190.63.111302 Found 311 B URL HTTP/1.1 netflox.de/search/tcerider.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DYjsnqiSuV9I_0&v=Mzk2Y2I4ODcxN2E2NTA1OWNkMDI3NjM3M2NhOThjMTUJMQluZXRmbG94LmRlNjNkNmFiMGY5MWY2MjUuNTQ2NTkxMDgJbmV0ZmxveC5kZTYzZDZhYjBmOTFmOTA1Ljc3NzIwODAwCTE2NzUwMTI4ODEJYWRfNjNfMA==&l=OAkwN2M4OTY2YzgwZjQ0NWM1YmRkMGEzMmE2ZjYyYjU1NwkwCTM1CTAJYWVlMDFkZjNjMmRhMTUyODg0ZTMzOTAyODBlNWM5N2QJMzM5MDM0ODM4CW5ldGZsb3gJMAk2Mwk2CTIJMTY3NTAxMjg4MQkwLjAwNTE0MwlOCTAJMAkwCTEyMDUJMTgzNzc5MDQ1CTkxLjkwLjQyLjE1NAkw
IP 64.190.63.111:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 119475d0a664ed08bb104edb8572db6e
b10eff1bece6761ecf40a096f8e062d00f1a91ca
0e025216483d4712de4b7604584cf285199a2154394a2f63bf24eac302ffa4aa
GET /search/tcerider.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DYjsnqiSuV9I_0&v=Mzk2Y2I4ODcxN2E2NTA1OWNkMDI3NjM3M2NhOThjMTUJMQluZXRmbG94LmRlNjNkNmFiMGY5MWY2MjUuNTQ2NTkxMDgJbmV0ZmxveC5kZTYzZDZhYjBmOTFmOTA1Ljc3NzIwODAwCTE2NzUwMTI4ODEJYWRfNjNfMA==&l=OAkwN2M4OTY2YzgwZjQ0NWM1YmRkMGEzMmE2ZjYyYjU1NwkwCTM1CTAJYWVlMDFkZjNjMmRhMTUyODg0ZTMzOTAyODBlNWM5N2QJMzM5MDM0ODM4CW5ldGZsb3gJMAk2Mwk2CTIJMTY3NTAxMjg4MQkwLjAwNTE0MwlOCTAJMAkwCTEyMDUJMTgzNzc5MDQ1CTkxLjkwLjQyLjE1NAkw HTTP/1.1
Host: netflox.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://netflox.de/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
date: Sun, 29 Jan 2023 17:21:22 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
x-powered-by: PHP/8.1.9
expires: Mon, 26 Jul 1997 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
last-modified: Sun, 29 Jan 2023 17:21:22 GMT
location: http://xml.sedodna.com/click?i=YjsnqiSuV9I_0
x-cache-miss-from: parking-7649dfd87f-fkmp4
server: NginX
xml.sedodna.com/click?i=YjsnqiSuV9I_0
173.239.53.32302 Found 0 B URL HTTP/1.1 xml.sedodna.com/click?i=YjsnqiSuV9I_0
IP 173.239.53.32:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?i=YjsnqiSuV9I_0 HTTP/1.1
Host: xml.sedodna.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://netflox.de/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: http://orest-vlv.com/zcvisitor/586e7361-9ff9-11ed-b93d-0aab7f682411/9232f590-d991-493f-b95d-d38c0c6cdd28?campaignid=df3bc130-90e1-11ed-9150-12beee04f19b
Pragma: no-cache
orest-vlv.com/zcvisitor/586e7361-9ff9-11ed-b93d-0aab7f682411/9232f590-d991-493f-b95d-d38c0c6cdd28?campaignid=df3bc130-90e1-11ed-9150-12beee04f19b
52.7.54.238200 1.1 kB URL HTTP/1.1 orest-vlv.com/zcvisitor/586e7361-9ff9-11ed-b93d-0aab7f682411/9232f590-d991-493f-b95d-d38c0c6cdd28?campaignid=df3bc130-90e1-11ed-9150-12beee04f19b
IP 52.7.54.238:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 5478c4f3d11e00799a427ba496349a06
f7713f8570d920da2ebfb26aa2d0bd7912ccaed1
87a39423e60e75ae579e51f019a7adabd169ff48ae3d853234b531e7f0115264
GET /zcvisitor/586e7361-9ff9-11ed-b93d-0aab7f682411/9232f590-d991-493f-b95d-d38c0c6cdd28?campaignid=df3bc130-90e1-11ed-9150-12beee04f19b HTTP/1.1
Host: orest-vlv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://netflox.de/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200
Date: Sun, 29 Jan 2023 17:21:22 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Server: LRLlLtia
orest-vlv.com/zcredirect?visitid=586e7361-9ff9-11ed-b93d-0aab7f682411&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false
52.7.54.238200 868 B URL HTTP/1.1 orest-vlv.com/zcredirect?visitid=586e7361-9ff9-11ed-b93d-0aab7f682411&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false
IP 52.7.54.238:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (391)
Hash 9d11071f237b6b5651606466da749219
ec891e02006cab008e2be559ac3c3d5af6344864
3f1424a6ba055f4aad3151719ea5b12626497050b8b806cacd5b033d5daf7b83
GET /zcredirect?visitid=586e7361-9ff9-11ed-b93d-0aab7f682411&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false HTTP/1.1
Host: orest-vlv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://orest-vlv.com/zcvisitor/586e7361-9ff9-11ed-b93d-0aab7f682411/9232f590-d991-493f-b95d-d38c0c6cdd28?campaignid=df3bc130-90e1-11ed-9150-12beee04f19b
Upgrade-Insecure-Requests: 1
HTTP/1.1 200
Date: Sun, 29 Jan 2023 17:21:22 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
redirected: JS
Server: rgaRFeSO
ocsp.pki.goog/s/gts1d4/vIoVB82rt54
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/vIoVB82rt54
IP 142.250.74.131:0
Hash 3c5d86f13280f5c839a8aecbf9928caf
e95819a2e09a7f9072c7a13c890523931e7a020e
e5ff5cd9b4737a6db30d2482b666f230b15a878d3618fbe1e4e7d127bc4657aa
POST /s/gts1d4/vIoVB82rt54 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 17:21:23 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
go.govod.co/6243/5015/?clickid=wvmo0gkuvdbb2h8m213gr7em&pub=3ac189c5-7204-4c42-a8b3-8838952bb667&sub_pub_id=(sub_pub_id)&extra=(extra)
35.244.177.158302 Found 0 B URL HTTP/2 go.govod.co/6243/5015/?clickid=wvmo0gkuvdbb2h8m213gr7em&pub=3ac189c5-7204-4c42-a8b3-8838952bb667&sub_pub_id=(sub_pub_id)&extra=(extra)
IP 35.244.177.158:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /6243/5015/?clickid=wvmo0gkuvdbb2h8m213gr7em&pub=3ac189c5-7204-4c42-a8b3-8838952bb667&sub_pub_id=(sub_pub_id)&extra=(extra) HTTP/1.1
Host: go.govod.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sun, 29 Jan 2023 17:21:22 GMT
server: Apache/2.4.38 (Debian)
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
location: https://lp.popcornlinks.com/0233/?camp=6243&theme=0233&clickid=wvmo0gkuvdbb2h8m213gr7em&pub=3ac189c5-7204-4c42-a8b3-8838952bb667&sub_pub_id=(sub_pub_id)&extra=(extra)&country=NO&hash=hbHwUjpHE78P9Z%2Boz0QPwA%2BUuWZVDb28pXXRT3Mru%2F0OPDgxvujyP1TLvGvwrejDjCPmY1%2FhDauOwYa0TYb8cL7blhPS44YxFK%2FmKSQ%2BQ4XZGZRpDUO7IwB9tl1UbGT4V8mqqoFhIbzp6oxSaGxhCyuGZlVO9llz6OvxMPf6ObzKcddVb%2FNkyNTgsB45%2FzeISF%2BfCb9DYDKgJfSPo%2FEMXbAfIrYHz%2Fac8P9%2Bxbowivc%3D
content-length: 0
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1d4/vIoVB82rt54
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/vIoVB82rt54
IP 142.250.74.131:0
Hash 3c5d86f13280f5c839a8aecbf9928caf
e95819a2e09a7f9072c7a13c890523931e7a020e
e5ff5cd9b4737a6db30d2482b666f230b15a878d3618fbe1e4e7d127bc4657aa
POST /s/gts1d4/vIoVB82rt54 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 17:21:23 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1d4/kT3I6WbMx9o
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/kT3I6WbMx9o
IP 142.250.74.131:0
Hash 2c61c44115bfa4a4497dfb0eb55ed49d
3098e5cb092c1060ff82d1c276b5136165911f05
bc54086d44b6a15b633b609067d52980c4142f60c36b3fcbd814e81dbf08f36b
POST /s/gts1d4/kT3I6WbMx9o HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 17:21:23 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
lp.popcornlinks.com/0233/?camp=6243&theme=0233&clickid=wvmo0gkuvdbb2h8m213gr7em&pub=3ac189c5-7204-4c42-a8b3-8838952bb667&sub_pub_id=(sub_pub_id)&extra=(extra)&country=NO&hash=hbHwUjpHE78P9Z%2Boz0QPwA%2BUuWZVDb28pXXRT3Mru%2F0OPDgxvujyP1TLvGvwrejDjCPmY1%2FhDauOwYa0TYb8cL7blhPS44YxFK%2FmKSQ%2BQ4XZGZRpDUO7IwB9tl1UbGT4V8mqqoFhIbzp6oxSaGxhCyuGZlVO9llz6OvxMPf6ObzKcddVb%2FNkyNTgsB45%2FzeISF%2BfCb9DYDKgJfSPo%2FEMXbAfIrYHz%2Fac8P9%2Bxbowivc%3D
34.120.90.98200 OK 1.3 kB URL HTTP/2 lp.popcornlinks.com/0233/?camp=6243&theme=0233&clickid=wvmo0gkuvdbb2h8m213gr7em&pub=3ac189c5-7204-4c42-a8b3-8838952bb667&sub_pub_id=(sub_pub_id)&extra=(extra)&country=NO&hash=hbHwUjpHE78P9Z%2Boz0QPwA%2BUuWZVDb28pXXRT3Mru%2F0OPDgxvujyP1TLvGvwrejDjCPmY1%2FhDauOwYa0TYb8cL7blhPS44YxFK%2FmKSQ%2BQ4XZGZRpDUO7IwB9tl1UbGT4V8mqqoFhIbzp6oxSaGxhCyuGZlVO9llz6OvxMPf6ObzKcddVb%2FNkyNTgsB45%2FzeISF%2BfCb9DYDKgJfSPo%2FEMXbAfIrYHz%2Fac8P9%2Bxbowivc%3D
IP 34.120.90.98:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (6825)
Hash 0c25934fd69a2d65abf5df015c4e1158
3324f565ede8ab61ad3f3af8db119b1d6c4f43fb
f5d11ec7c38a304e2bb3367a56e96638f09c1c6d6902e037548593b585f3291a
GET /0233/?camp=6243&theme=0233&clickid=wvmo0gkuvdbb2h8m213gr7em&pub=3ac189c5-7204-4c42-a8b3-8838952bb667&sub_pub_id=(sub_pub_id)&extra=(extra)&country=NO&hash=hbHwUjpHE78P9Z%2Boz0QPwA%2BUuWZVDb28pXXRT3Mru%2F0OPDgxvujyP1TLvGvwrejDjCPmY1%2FhDauOwYa0TYb8cL7blhPS44YxFK%2FmKSQ%2BQ4XZGZRpDUO7IwB9tl1UbGT4V8mqqoFhIbzp6oxSaGxhCyuGZlVO9llz6OvxMPf6ObzKcddVb%2FNkyNTgsB45%2FzeISF%2BfCb9DYDKgJfSPo%2FEMXbAfIrYHz%2Fac8P9%2Bxbowivc%3D HTTP/1.1
Host: lp.popcornlinks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-guploader-uploadid: ADPycdsbIAsfdsXFeOBWWtiMdFkEc2hdJVg1wmoomzGsWdIMq4lGa5sY1VuktEr_j0_hR-YouQe-0H1_lnKXiYo6L-JVzWDtLcyp
date: Sun, 29 Jan 2023 17:21:23 GMT
cache-control: no-transform
expires: Mon, 29 Jan 2024 17:21:23 GMT
last-modified: Wed, 25 Jan 2023 12:36:19 GMT
etag: "0c25934fd69a2d65abf5df015c4e1158"
x-goog-generation: 1674650179528245
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
x-goog-stored-content-length: 1337
content-type: text/html
content-encoding: gzip
content-language: en
x-goog-hash: crc32c=4P/ejA==, md5=DCWTT9aaLWWr9d8BXE4RWA==
x-goog-storage-class: STANDARD
accept-ranges: bytes
content-length: 1337
server: UploadServer
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1d4/kT3I6WbMx9o
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/kT3I6WbMx9o
IP 142.250.74.131:0
Hash 2c61c44115bfa4a4497dfb0eb55ed49d
3098e5cb092c1060ff82d1c276b5136165911f05
bc54086d44b6a15b633b609067d52980c4142f60c36b3fcbd814e81dbf08f36b
POST /s/gts1d4/kT3I6WbMx9o HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 17:21:23 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
lp.popcornlinks.com/0233/runtime.040962ed49b21db8.js
34.120.90.98200 OK 654 B URL HTTP/2 lp.popcornlinks.com/0233/runtime.040962ed49b21db8.js
IP 34.120.90.98:0
File type ASCII text, with very long lines (1068), with no line terminators
Hash 116e456e74d84dadc9da576f5a964ea0
3b83e8e0c39eff1932e264c126ed7952a5bf43c4
e12f1696c89a64925e6b82a29d639adaad6719e2d6cd53ed49bf5ccde57af4ae
GET /0233/runtime.040962ed49b21db8.js HTTP/1.1
Host: lp.popcornlinks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lp.popcornlinks.com/0233/?camp=6243&theme=0233&clickid=wvmo0gkuvdbb2h8m213gr7em&pub=3ac189c5-7204-4c42-a8b3-8838952bb667&sub_pub_id=(sub_pub_id)&extra=(extra)&country=NO&hash=hbHwUjpHE78P9Z%2Boz0QPwA%2BUuWZVDb28pXXRT3Mru%2F0OPDgxvujyP1TLvGvwrejDjCPmY1%2FhDauOwYa0TYb8cL7blhPS44YxFK%2FmKSQ%2BQ4XZGZRpDUO7IwB9tl1UbGT4V8mqqoFhIbzp6oxSaGxhCyuGZlVO9llz6OvxMPf6ObzKcddVb%2FNkyNTgsB45%2FzeISF%2BfCb9DYDKgJfSPo%2FEMXbAfIrYHz%2Fac8P9%2Bxbowivc%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-guploader-uploadid: ADPycdumtdyilDlP7iTbf2Rbj8ubTNczKBk-iRmPlAF0idGKwRn5grOk03Inn6qBSHiqR8M2oevI1SwdJOjpY-4B5A5C8g
x-goog-generation: 1674650179544942
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
x-goog-stored-content-length: 654
content-encoding: gzip
content-language: en
x-goog-hash: crc32c=f3rxZQ==, md5=EW5FbnTYTa3J2ldvWpZOoA==
x-goog-storage-class: STANDARD
accept-ranges: bytes
content-length: 654
server: UploadServer
date: Sun, 29 Jan 2023 17:21:23 GMT
expires: Mon, 29 Jan 2024 17:21:23 GMT
cache-control: no-transform
last-modified: Wed, 25 Jan 2023 12:36:19 GMT
etag: "116e456e74d84dadc9da576f5a964ea0"
content-type: application/javascript
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
lp.popcornlinks.com/0233/styles.ef46db3751d8e999.css
34.120.90.98200 OK 32 B URL HTTP/2 lp.popcornlinks.com/0233/styles.ef46db3751d8e999.css
IP 34.120.90.98:0
Hash 2e666d28f1c6ee4f3380325f606eb715
dc71c4c49e1f373a42a67c2c242aa8a32dc00308
6b3b25f9b82e07624f7092d0b3094184e38bc31c312bee4d6e304711bff32092
GET /0233/styles.ef46db3751d8e999.css HTTP/1.1
Host: lp.popcornlinks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lp.popcornlinks.com/0233/?camp=6243&theme=0233&clickid=wvmo0gkuvdbb2h8m213gr7em&pub=3ac189c5-7204-4c42-a8b3-8838952bb667&sub_pub_id=(sub_pub_id)&extra=(extra)&country=NO&hash=hbHwUjpHE78P9Z%2Boz0QPwA%2BUuWZVDb28pXXRT3Mru%2F0OPDgxvujyP1TLvGvwrejDjCPmY1%2FhDauOwYa0TYb8cL7blhPS44YxFK%2FmKSQ%2BQ4XZGZRpDUO7IwB9tl1UbGT4V8mqqoFhIbzp6oxSaGxhCyuGZlVO9llz6OvxMPf6ObzKcddVb%2FNkyNTgsB45%2FzeISF%2BfCb9DYDKgJfSPo%2FEMXbAfIrYHz%2Fac8P9%2Bxbowivc%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-guploader-uploadid: ADPycdsGtRbhh8oDot0ohRLvFvipfoj9cnpteFQDBxT2bD7Vmh3q0w6GSODmGrfCWLRmA5L7QMSsK3rZcc5PsUDxzheMKA
x-goog-generation: 1674650179540526
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
x-goog-stored-content-length: 32
content-encoding: gzip
content-language: en
x-goog-hash: crc32c=7uWS8Q==, md5=LmZtKPHG7k8zgDJfYG63FQ==
x-goog-storage-class: STANDARD
accept-ranges: bytes
content-length: 32
server: UploadServer
date: Sun, 29 Jan 2023 17:21:23 GMT
expires: Mon, 29 Jan 2024 17:21:23 GMT
cache-control: no-transform
last-modified: Wed, 25 Jan 2023 12:36:19 GMT
etag: "2e666d28f1c6ee4f3380325f606eb715"
content-type: text/css
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
lp.popcornlinks.com/0233/polyfills.de110f5eb90419cb.js
34.120.90.98200 OK 12 kB URL HTTP/2 lp.popcornlinks.com/0233/polyfills.de110f5eb90419cb.js
IP 34.120.90.98:0
File type ASCII text, with very long lines (33812), with no line terminators
Hash 0f4ef07570e86d3b5eff5d953ab1581f
70fc3fa3291b5beaa8c2767347f163109704c99e
6637677cbd16350f99bac758a70cfa327e887d9875b82165897d37648bd5f40e
GET /0233/polyfills.de110f5eb90419cb.js HTTP/1.1
Host: lp.popcornlinks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lp.popcornlinks.com/0233/?camp=6243&theme=0233&clickid=wvmo0gkuvdbb2h8m213gr7em&pub=3ac189c5-7204-4c42-a8b3-8838952bb667&sub_pub_id=(sub_pub_id)&extra=(extra)&country=NO&hash=hbHwUjpHE78P9Z%2Boz0QPwA%2BUuWZVDb28pXXRT3Mru%2F0OPDgxvujyP1TLvGvwrejDjCPmY1%2FhDauOwYa0TYb8cL7blhPS44YxFK%2FmKSQ%2BQ4XZGZRpDUO7IwB9tl1UbGT4V8mqqoFhIbzp6oxSaGxhCyuGZlVO9llz6OvxMPf6ObzKcddVb%2FNkyNTgsB45%2FzeISF%2BfCb9DYDKgJfSPo%2FEMXbAfIrYHz%2Fac8P9%2Bxbowivc%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-guploader-uploadid: ADPycdtZywH5f2W8Y93oO1IA3Khyybc20SU_En8vwwRpJgbOXjM3O-ujWZXTk7cH38xczDXduSLzjR2utXItruepUYwt8A
x-goog-generation: 1674650179547197
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
x-goog-stored-content-length: 11943
content-encoding: gzip
content-language: en
x-goog-hash: crc32c=sLznPQ==, md5=D07wdXDobTte/12VOrFYHw==
x-goog-storage-class: STANDARD
accept-ranges: bytes
content-length: 11943
server: UploadServer
date: Sun, 29 Jan 2023 17:21:23 GMT
expires: Mon, 29 Jan 2024 17:21:23 GMT
cache-control: no-transform
last-modified: Wed, 25 Jan 2023 12:36:19 GMT
etag: "0f4ef07570e86d3b5eff5d953ab1581f"
content-type: application/javascript
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
lp.popcornlinks.com/0233/main.8d0c86f3455120ed.js
34.120.90.98200 OK 66 kB URL HTTP/2 lp.popcornlinks.com/0233/main.8d0c86f3455120ed.js
IP 34.120.90.98:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 0c96df7200fb7e2a10eb9afdd248174b
8fa84ef17cc2198fe28489bafc9d785b3c308a36
ba163f1107312fb8f9922ae440dd4483fe5cc41d1375f1049260e02da602c8f7
GET /0233/main.8d0c86f3455120ed.js HTTP/1.1
Host: lp.popcornlinks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lp.popcornlinks.com/0233/?camp=6243&theme=0233&clickid=wvmo0gkuvdbb2h8m213gr7em&pub=3ac189c5-7204-4c42-a8b3-8838952bb667&sub_pub_id=(sub_pub_id)&extra=(extra)&country=NO&hash=hbHwUjpHE78P9Z%2Boz0QPwA%2BUuWZVDb28pXXRT3Mru%2F0OPDgxvujyP1TLvGvwrejDjCPmY1%2FhDauOwYa0TYb8cL7blhPS44YxFK%2FmKSQ%2BQ4XZGZRpDUO7IwB9tl1UbGT4V8mqqoFhIbzp6oxSaGxhCyuGZlVO9llz6OvxMPf6ObzKcddVb%2FNkyNTgsB45%2FzeISF%2BfCb9DYDKgJfSPo%2FEMXbAfIrYHz%2Fac8P9%2Bxbowivc%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-guploader-uploadid: ADPycdvEPQsJ47XDSl5PXdkb8DFlelTMcu1YNajpbqYWvodk3y3RI6FCbJgzhXno0f_M8Pi-orkiZmWINQKeI2fcdz9C7uuolf1t
x-goog-generation: 1674650179621718
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
x-goog-stored-content-length: 66500
content-encoding: gzip
content-language: en
x-goog-hash: crc32c=IbIqrA==, md5=DJbfcgD7fioQ65r90kgXSw==
x-goog-storage-class: STANDARD
accept-ranges: bytes
content-length: 66500
server: UploadServer
date: Sun, 29 Jan 2023 17:21:23 GMT
expires: Mon, 29 Jan 2024 17:21:23 GMT
cache-control: no-transform
last-modified: Wed, 25 Jan 2023 12:36:19 GMT
etag: "0c96df7200fb7e2a10eb9afdd248174b"
content-type: application/javascript
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1d4/jEC2BEoxFHg
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/jEC2BEoxFHg
IP 142.250.74.131:0
Hash 1cd3806fa066da276f15e1ec13e3321b
8c1ace5277feb9a0a88d4d91f59f348ec6abbcd6
db935fe5d5ea88c3f69f08164be13848121d64806f41ca877e8329f314659c3f
POST /s/gts1d4/jEC2BEoxFHg HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 17:21:24 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash db3290a85d0ba4da27406ae9636aa618
4c69da45eddd66a1e26fce5562fc45eda7005309
19db4d0cc84bff9586883a5fa69c426af0b5fc1c2760ee7c259b0307c8afa6b2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 17:21:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLEj6Z1xlFd2JQEk.woff2
216.58.207.227200 OK 8.0 kB URL HTTP/2 fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLEj6Z1xlFd2JQEk.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 8000, version 1.0\012- data
Hash 72993dddf88a63e8f226656f7de88e57
179f97ec0275f09603a8db94d4380eb584d81cd5
f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149
GET /s/poppins/v20/pxiByp8kv8JHgFVrLEj6Z1xlFd2JQEk.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://lp.popcornlinks.com
Connection: keep-alive
Referer: https://lp.popcornlinks.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 8000
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 29 Jan 2023 12:48:45 GMT
expires: Mon, 29 Jan 2024 12:48:45 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 27 Apr 2022 16:59:03 GMT
content-type: font/woff2
age: 16359
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
scided-mington.com/redirect?target=BASE64aHR0cHM6Ly9nby5nb3ZvZC5jby82MjQzLzUwMTUvP2NsaWNraWQ9d3ZtbzBna3V2ZGJiMmg4bTIxM2dyN2VtJnB1Yj0zYWMxODljNS03MjA0LTRjNDItYThiMy04ODM4OTUyYmI2Njcmc3ViX3B1Yl9pZD0oc3ViX3B1Yl9pZCkmZXh0cmE9KGV4dHJhKQ&ts=1675012882799&hash=LNIsNec448E0t8LeJHvYSrYIVe_cQ-LV4UvD_4LYxhw&rm=DJ
18.195.174.160200 OK 1.1 kB URL HTTP/2 scided-mington.com/redirect?target=BASE64aHR0cHM6Ly9nby5nb3ZvZC5jby82MjQzLzUwMTUvP2NsaWNraWQ9d3ZtbzBna3V2ZGJiMmg4bTIxM2dyN2VtJnB1Yj0zYWMxODljNS03MjA0LTRjNDItYThiMy04ODM4OTUyYmI2Njcmc3ViX3B1Yl9pZD0oc3ViX3B1Yl9pZCkmZXh0cmE9KGV4dHJhKQ&ts=1675012882799&hash=LNIsNec448E0t8LeJHvYSrYIVe_cQ-LV4UvD_4LYxhw&rm=DJ
IP 18.195.174.160:0
Hash a57a34692d4b09010c93cb6565963127
f3826a6e4fc51be47e78400acfcb7c6f4f082da0
e9e614c1d9924ee72a4b9fdda66d1f1711155065b645ef653cb541018f0b11df
GET /redirect?target=BASE64aHR0cHM6Ly9nby5nb3ZvZC5jby82MjQzLzUwMTUvP2NsaWNraWQ9d3ZtbzBna3V2ZGJiMmg4bTIxM2dyN2VtJnB1Yj0zYWMxODljNS03MjA0LTRjNDItYThiMy04ODM4OTUyYmI2Njcmc3ViX3B1Yl9pZD0oc3ViX3B1Yl9pZCkmZXh0cmE9KGV4dHJhKQ&ts=1675012882799&hash=LNIsNec448E0t8LeJHvYSrYIVe_cQ-LV4UvD_4LYxhw&rm=DJ HTTP/1.1
Host: scided-mington.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: cc-v4=zKJfJ%2FiQ2cB%2BpyZbUWlHFdNPvqvA5TaoRVNLEPmSTTrgb2JLeH7EruH6vtz4RMeu2RGOuOTSrM5zbZc%2Bj8u0hJh%2FaYq9ZLLGA%2Fir2eS5GDcf2lfrID2cx27U2D0Yj7Y5ORpeL9sJGD%2FOnL97v1h8IA%3D%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 17:21:22 GMT
content-type: text/html;charset=UTF-8
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 8cf65fcdafa84b63cf7005fe57927fcb
3f7d163a96e7f00eb2de9828624ec46e22b4b40a
dfcf629cc49444f646f3a014014a91e36251b4b43655ce2e2eca55263dd196e3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 17:21:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 8cf65fcdafa84b63cf7005fe57927fcb
3f7d163a96e7f00eb2de9828624ec46e22b4b40a
dfcf629cc49444f646f3a014014a91e36251b4b43655ce2e2eca55263dd196e3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 17:21:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 8cf65fcdafa84b63cf7005fe57927fcb
3f7d163a96e7f00eb2de9828624ec46e22b4b40a
dfcf629cc49444f646f3a014014a91e36251b4b43655ce2e2eca55263dd196e3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 17:21:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecnFHGPc.woff2
216.58.207.227200 OK 7.9 kB URL HTTP/2 fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecnFHGPc.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 7884, version 1.0\012- data
Hash 9212f6f9860f9fc6c69b02fedf6db8c3
ac6d71b4d5fdd2b3dabc9a06ff6c001e4251da0b
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
GET /s/poppins/v20/pxiEyp8kv8JHgFVrJJfecnFHGPc.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://lp.popcornlinks.com
Connection: keep-alive
Referer: https://lp.popcornlinks.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7884
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 25 Jan 2023 19:27:01 GMT
expires: Thu, 25 Jan 2024 19:27:01 GMT
cache-control: public, max-age=31536000
age: 338063
last-modified: Wed, 27 Apr 2022 16:07:00 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFd2JQEk.woff2
216.58.207.227200 OK 7.7 kB URL HTTP/2 fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFd2JQEk.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 7748, version 1.0\012- data
Hash a09f2fccfee35b7247b08a1a266f0328
0da2d17e738f46d2a09e6fb7969da451719a9820
cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446
GET /s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFd2JQEk.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://lp.popcornlinks.com
Connection: keep-alive
Referer: https://lp.popcornlinks.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7748
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 28 Jan 2023 21:50:07 GMT
expires: Sun, 28 Jan 2024 21:50:07 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 27 Apr 2022 16:10:09 GMT
content-type: font/woff2
age: 70277
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLDD4Z1xlFd2JQEk.woff2
216.58.207.227200 OK 7.8 kB URL HTTP/2 fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLDD4Z1xlFd2JQEk.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 7824, version 1.0\012- data
Hash af4d371a10271dafeb343f1eace762bc
6d11d743bc3cfb169d70bc86450f18351dc1a905
60bf0aba6526436f3930c58c12047687fbb6bff4dd180cce4613458ed3439ea2
GET /s/poppins/v20/pxiByp8kv8JHgFVrLDD4Z1xlFd2JQEk.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://lp.popcornlinks.com
Connection: keep-alive
Referer: https://lp.popcornlinks.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7824
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 25 Jan 2023 12:24:21 GMT
expires: Thu, 25 Jan 2024 12:24:21 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 27 Apr 2022 16:15:29 GMT
content-type: font/woff2
age: 363423
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLDz8Z1xlFd2JQEk.woff2
216.58.207.227200 OK 7.8 kB URL HTTP/2 fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLDz8Z1xlFd2JQEk.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 7840, version 1.0\012- data
Hash 8d91ec1ca2d8b56640a47117e313a3e9
a9e9bafe64666f4595051a0e895b47a5fa39e67e
78bc3aa78faec288bbb3bf26c9a0fa4eb67b1e69da94a17233c5cab60525efdb
GET /s/poppins/v20/pxiByp8kv8JHgFVrLDz8Z1xlFd2JQEk.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://lp.popcornlinks.com
Connection: keep-alive
Referer: https://lp.popcornlinks.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7840
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 29 Jan 2023 00:55:57 GMT
expires: Mon, 29 Jan 2024 00:55:57 GMT
cache-control: public, max-age=31536000
age: 59127
last-modified: Wed, 27 Apr 2022 16:05:46 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 8cf65fcdafa84b63cf7005fe57927fcb
3f7d163a96e7f00eb2de9828624ec46e22b4b40a
dfcf629cc49444f646f3a014014a91e36251b4b43655ce2e2eca55263dd196e3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 17:21:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
srv.popcornlinks.com/rest/client/getCountryInfo/NO
130.211.31.128200 OK 78 B URL HTTP/2 srv.popcornlinks.com/rest/client/getCountryInfo/NO
IP 130.211.31.128:0
File type JSON data\012- , ASCII text, with no line terminators
Hash b341e94426d33762a2495bebce00e4b9
c12eb9bf99f6cbdbda1b2a564b748ce8925f46fe
49f0f1abac5a097ffb8be8668759e82ef16d985d685c436873807de97f596fb7
GET /rest/client/getCountryInfo/NO HTTP/1.1
Host: srv.popcornlinks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lp.popcornlinks.com
Connection: keep-alive
Referer: https://lp.popcornlinks.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 17:21:24 GMT
server: Apache/2.4.54 (Debian)
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
access-control-allow-origin: *
access-control-allow-credentials: true
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
x-frame-options: DENY
content-type: application/json
content-length: 78
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1d4/jEC2BEoxFHg
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/jEC2BEoxFHg
IP 142.250.74.131:0
Hash 1cd3806fa066da276f15e1ec13e3321b
8c1ace5277feb9a0a88d4d91f59f348ec6abbcd6
db935fe5d5ea88c3f69f08164be13848121d64806f41ca877e8329f314659c3f
POST /s/gts1d4/jEC2BEoxFHg HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 17:21:24 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash fcf5eb43598d79cf5e85577aa4ae95c0
331363b02ee3984157f3370fefef83d82e7916e6
3f32c097d7b05757a2cca591b03eefa4a532b7a72710013cb9827f8ee4c73ee0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3F32C097D7B05757A2CCA591B03EEFA4A532B7A72710013CB9827F8EE4C73EE0"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10636
Expires: Sun, 29 Jan 2023 20:18:40 GMT
Date: Sun, 29 Jan 2023 17:21:24 GMT
Connection: keep-alive
static.neopush.io/sdk/sdk.js
23.88.7.145200 OK 27 kB URL HTTP/1.1 static.neopush.io/sdk/sdk.js
IP 23.88.7.145:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (26964), with no line terminators
Hash ab346442eb95b8521b6bf63c72e50db7
203122d51e46b3c1aa10548f0072af2189f3ce0b
ab60c16ff9f9bc6a87547c5814ce7715eb6ec29c68ea18d87b6457415fcb126f
GET /sdk/sdk.js HTTP/1.1
Host: static.neopush.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lp.popcornlinks.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 29 Jan 2023 17:21:24 GMT
Content-Type: application/javascript
Content-Length: 26964
Last-Modified: Wed, 11 Jan 2023 08:03:00 GMT
Connection: keep-alive
ETag: "63be6d34-6954"
Accept-Ranges: bytes
srv.popcornlinks.com/rest/client/trackingdata
130.211.31.128200 OK 0 B URL HTTP/2 srv.popcornlinks.com/rest/client/trackingdata
IP 130.211.31.128:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /rest/client/trackingdata HTTP/1.1
Host: srv.popcornlinks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://lp.popcornlinks.com/
Origin: https://lp.popcornlinks.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 17:21:24 GMT
server: Apache/2.4.54 (Debian)
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
access-control-allow-origin: *
access-control-allow-methods: OPTIONS,HEAD,GET,PUT,POST,DELETE,PATCH
access-control-allow-headers: content-type
access-control-allow-credentials: true
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
x-frame-options: DENY
content-length: 0
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 65c399df1e81b033c5681a9eb74fd920
8f9d41b97bcf1bd65c9a9ef927e47c724659d57d
bc88e421d369fe9b68263e50c10dd8a4d1d067dd1ce13fd4dfcc63054cf40830
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BC88E421D369FE9B68263E50C10DD8A4D1D067DD1CE13FD4DFCC63054CF40830"
Last-Modified: Sat, 28 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12742
Expires: Sun, 29 Jan 2023 20:53:46 GMT
Date: Sun, 29 Jan 2023 17:21:24 GMT
Connection: keep-alive
api.neopush.io/np/v1/config?si=1ed7afce-7740-6100-e1ef-1a6e500f3969
23.88.7.145200 OK 372 B URL HTTP/1.1 api.neopush.io/np/v1/config?si=1ed7afce-7740-6100-e1ef-1a6e500f3969
IP 23.88.7.145:0
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , ASCII text, with very long lines (372), with no line terminators
Hash d3e2459bce86860473418ba88bb704a4
7124bda6ee73606a919e870c99c29e76ed0669bc
ed925d1008f9e0447ab2d39fd17062d1bb1c7bac7c407563284aa81a3926f108
GET /np/v1/config?si=1ed7afce-7740-6100-e1ef-1a6e500f3969 HTTP/1.1
Host: api.neopush.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lp.popcornlinks.com/
Origin: https://lp.popcornlinks.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 29 Jan 2023 17:21:24 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 372
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: https://lp.popcornlinks.com
Vary: Origin
ETag: W/"174-cSS9pu5zYGqRnocMmcKedu0Gabw"
www.clarity.ms/eus/s/0.7.1/clarity.js
13.107.238.53200 OK 23 kB URL HTTP/2 www.clarity.ms/eus/s/0.7.1/clarity.js
IP 13.107.238.53:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type Unicode text, UTF-8 text, with very long lines (56646)
Hash 7cd76e3ffcccbcdee01fb2a44360d2f9
50631e6482a31ab36e0a3be207bbeeea49130c9f
5d5d1fd21e0a7671003d80068a814034b051f244575628cdeee455dcd7732391
GET /eus/s/0.7.1/clarity.js HTTP/1.1
Host: www.clarity.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lp.popcornlinks.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public,max-age=86400
content-type: application/javascript;charset=utf-8
content-encoding: br
last-modified: Wed, 01 Jun 2022 12:22:22 GMT
accept-ranges: bytes
etag: "1d928dd7500799e"
server: Microsoft-IIS/10.0
x-cache: TCP_HIT
request-context: appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111
x-azure-ref-originshield: 0gW3VYwAAAABr+MpdSwlST73dcu6iGuA0RlJBMjMxMDUwNDE3MDE3ADZjZmJlZWUwLTUwMjctNDg0Yi04OTY3LTRhMjlhZjc3ZjFlMQ==
x-azure-ref: 0FavWYwAAAAC7Uk7DpH6CQ49Tzj5uaNFOQ1BIMzBFREdFMDQyMAA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
date: Sun, 29 Jan 2023 17:21:24 GMT
X-Firefox-Spdy: h2
c.clarity.ms/c.gif
20.234.93.27302 Found 0 B IP 20.234.93.27:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /c.gif HTTP/1.1
Host: c.clarity.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lp.popcornlinks.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
location: https://c.bing.com/c.gif?CtsSyncId=22D165B6FA8B4E10987E094F3F162D74&RedC=c.clarity.ms&MXFR=266164693AB161D210DC76C13EB16FE3
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
set-cookie: SM=T; domain=c.clarity.ms; path=/; SameSite=None; Secure;
MUID=266164693AB161D210DC76C13EB16FE3; domain=.clarity.ms; expires=Fri, 23-Feb-2024 17:21:25 GMT; path=/; SameSite=None; Secure; Priority=High;
date: Sun, 29 Jan 2023 17:21:24 GMT
content-length: 0
X-Firefox-Spdy: h2
api.neopush.io/np/v1/report
23.88.7.145204 No Content 0 B URL HTTP/1.1 api.neopush.io/np/v1/report
IP 23.88.7.145:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /np/v1/report HTTP/1.1
Host: api.neopush.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://lp.popcornlinks.com/
Origin: https://lp.popcornlinks.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 29 Jan 2023 17:21:25 GMT
Content-Length: 0
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: https://lp.popcornlinks.com
Vary: Origin, Access-Control-Request-Headers
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Headers: content-type
api.neopush.io/np/v1/report
23.88.7.145201 Created 66 B URL HTTP/1.1 api.neopush.io/np/v1/report
IP 23.88.7.145:0
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash 2a26d7001d36ffe8c91eabd004f306c3
309f563ce057fc736f40fb5e469ce0f2a8291426
c2d8c470a49c2ca69f32d2f54bf8d132cc17dec81793b237cbb0958d85c1b844
POST /np/v1/report HTTP/1.1
Host: api.neopush.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lp.popcornlinks.com/
Content-Type: application/json
Origin: https://lp.popcornlinks.com
Content-Length: 117
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 201 Created
Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 29 Jan 2023 17:21:25 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 66
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: https://lp.popcornlinks.com
Vary: Origin
ETag: W/"42-MJ9WPOBX/HNvQPteRpzg8qgpFCY"
api.neopush.io/np/v1/v_event
23.88.7.145204 No Content 0 B URL HTTP/1.1 api.neopush.io/np/v1/v_event
IP 23.88.7.145:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /np/v1/v_event HTTP/1.1
Host: api.neopush.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://lp.popcornlinks.com/
Origin: https://lp.popcornlinks.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 29 Jan 2023 17:21:25 GMT
Content-Length: 0
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: https://lp.popcornlinks.com
Vary: Origin, Access-Control-Request-Headers
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Headers: content-type
api.neopush.io/np/v1/v_event
23.88.7.145204 No Content 0 B URL HTTP/1.1 api.neopush.io/np/v1/v_event
IP 23.88.7.145:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /np/v1/v_event HTTP/1.1
Host: api.neopush.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://lp.popcornlinks.com/
Origin: https://lp.popcornlinks.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 29 Jan 2023 17:21:25 GMT
Content-Length: 0
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: https://lp.popcornlinks.com
Vary: Origin, Access-Control-Request-Headers
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Headers: content-type
api.neopush.io/np/v1/v_event
23.88.7.145201 Created 15 B URL HTTP/1.1 api.neopush.io/np/v1/v_event
IP 23.88.7.145:0
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash 0c776997933eb60833b37beaf43814c8
bff63526eb02853c6b414ccfb4d00ac9ca283930
3d23d39a30bb7323f8ccfd64c52cf286138fba4f83e78f7edcf66703b7c23aaa
POST /np/v1/v_event HTTP/1.1
Host: api.neopush.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lp.popcornlinks.com/
Content-Type: application/json
Origin: https://lp.popcornlinks.com
Content-Length: 129
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 201 Created
Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 29 Jan 2023 17:21:25 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 15
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: https://lp.popcornlinks.com
Vary: Origin
ETag: W/"f-v/Y1JusChTxrQUzPtNAKycooOTA"
api.neopush.io/np/v1/v_event
23.88.7.145201 Created 15 B URL HTTP/1.1 api.neopush.io/np/v1/v_event
IP 23.88.7.145:0
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash 0c776997933eb60833b37beaf43814c8
bff63526eb02853c6b414ccfb4d00ac9ca283930
3d23d39a30bb7323f8ccfd64c52cf286138fba4f83e78f7edcf66703b7c23aaa
POST /np/v1/v_event HTTP/1.1
Host: api.neopush.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lp.popcornlinks.com/
Content-Type: application/json
Origin: https://lp.popcornlinks.com
Content-Length: 130
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 201 Created
Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 29 Jan 2023 17:21:25 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 15
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: https://lp.popcornlinks.com
Vary: Origin
ETag: W/"f-v/Y1JusChTxrQUzPtNAKycooOTA"
d.clarity.ms/collect
40.76.174.66204 No Content 0 B IP 40.76.174.66:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /collect HTTP/1.1
Host: d.clarity.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 33596
Origin: https://lp.popcornlinks.com
Connection: keep-alive
Referer: https://lp.popcornlinks.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
vary: Origin
server: Microsoft-IIS/10.0
request-context: appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111
access-control-allow-origin: https://lp.popcornlinks.com
access-control-allow-credentials: true
date: Sun, 29 Jan 2023 17:21:25 GMT
X-Firefox-Spdy: h2
c.bing.com/c.gif?CtsSyncId=22D165B6FA8B4E10987E094F3F162D74&RedC=c.clarity.ms&MXFR=266164693AB161D210DC76C13EB16FE3
204.79.197.200302 Found 0 B URL HTTP/2 c.bing.com/c.gif?CtsSyncId=22D165B6FA8B4E10987E094F3F162D74&RedC=c.clarity.ms&MXFR=266164693AB161D210DC76C13EB16FE3
IP 204.79.197.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /c.gif?CtsSyncId=22D165B6FA8B4E10987E094F3F162D74&RedC=c.clarity.ms&MXFR=266164693AB161D210DC76C13EB16FE3 HTTP/1.1
Host: c.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lp.popcornlinks.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
location: https://c.clarity.ms/c.gif?CtsSyncId=22D165B6FA8B4E10987E094F3F162D74&MUID=1F710A13295F6948105018BB28086861
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
set-cookie: SRM_B=1F710A13295F6948105018BB28086861; domain=c.bing.com; expires=Fri, 23-Feb-2024 17:21:25 GMT; path=/; SameSite=None; Secure;
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B00705D35C7848B1B37F351D8B622418 Ref B: OSL30EDGE0420 Ref C: 2023-01-29T17:21:25Z
date: Sun, 29 Jan 2023 17:21:24 GMT
content-length: 0
X-Firefox-Spdy: h2
c.clarity.ms/c.gif?CtsSyncId=22D165B6FA8B4E10987E094F3F162D74&MUID=1F710A13295F6948105018BB28086861
20.234.93.27200 OK 42 B URL HTTP/2 c.clarity.ms/c.gif?CtsSyncId=22D165B6FA8B4E10987E094F3F162D74&MUID=1F710A13295F6948105018BB28086861
IP 20.234.93.27:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type GIF image data, version 89a, 1 x 1\012- data
Hash 32023bb33cfb2a1990a4ef2d85b6ac16
23dcc6d4b5bfe00357fd0248bb5955b8e36bb8f1
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
GET /c.gif?CtsSyncId=22D165B6FA8B4E10987E094F3F162D74&MUID=1F710A13295F6948105018BB28086861 HTTP/1.1
Host: c.clarity.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lp.popcornlinks.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
content-type: image/gif
last-modified: Tue, 17 Jan 2023 20:36:49 GMT
accept-ranges: bytes
etag: "b1c8df6cb32ad91:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
set-cookie: ANONCHK=0; domain=c.clarity.ms; expires=Sun, 29-Jan-2023 17:31:25 GMT; path=/; SameSite=None; Secure;
date: Sun, 29 Jan 2023 17:21:25 GMT
content-length: 42
X-Firefox-Spdy: h2
d.clarity.ms/collect
40.76.174.66204 No Content 0 B IP 40.76.174.66:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /collect HTTP/1.1
Host: d.clarity.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 294
Origin: https://lp.popcornlinks.com
Connection: keep-alive
Referer: https://lp.popcornlinks.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
vary: Origin
server: Microsoft-IIS/10.0
request-context: appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111
access-control-allow-origin: https://lp.popcornlinks.com
access-control-allow-credentials: true
date: Sun, 29 Jan 2023 17:21:26 GMT
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe8f2806c-ec5e-41a0-85d8-007f6d34d108.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe8f2806c-ec5e-41a0-85d8-007f6d34d108.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6021d6a06bff2826eb341747e82484f7
a817ff1ba206234627706551820d0d9856b398de
f0ba6de8709fdb73e94dbdace635232c76b9d70dad73badaca0542d9ad49604d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe8f2806c-ec5e-41a0-85d8-007f6d34d108.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 11624
x-amzn-requestid: dff12902-8b83-4df1-a2c9-a2ee9565830f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fIhnjEmpIAMFdlA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cce2fc-0216188a3154167648f7d976;Sampled=0
x-amzn-remapped-date: Sun, 22 Jan 2023 07:17:16 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: kxzVU1bNn09g_-73AY-mNvzhHo-dTyQinPkfPEqhDcKFfrTnbDpaZQ==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 28 Jan 2023 23:15:07 GMT
age: 65181
etag: "a817ff1ba206234627706551820d0d9856b398de"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
scided-mington.com/zp-redirect?target=https%3A%2F%2Fgo.govod.co%2F6243%2F5015%2F%3Fclickid%3Dwvmo0gkuvdbb2h8m213gr7em%26pub%3D3ac189c5-7204-4c42-a8b3-8838952bb667%26sub_pub_id%3D%28sub_pub_id%29%26extra%3D%28extra%29&caid=3ac189c5-7204-4c42-a8b3-8838952bb667&zpid=586e7361-9ff9-11ed-b93d-0aab7f682411&cid=wvmo0gkuvdbb2h8m213gr7em&rt=DJ
18.195.174.160200 OK 0 B URL HTTP/2 scided-mington.com/zp-redirect?target=https%3A%2F%2Fgo.govod.co%2F6243%2F5015%2F%3Fclickid%3Dwvmo0gkuvdbb2h8m213gr7em%26pub%3D3ac189c5-7204-4c42-a8b3-8838952bb667%26sub_pub_id%3D%28sub_pub_id%29%26extra%3D%28extra%29&caid=3ac189c5-7204-4c42-a8b3-8838952bb667&zpid=586e7361-9ff9-11ed-b93d-0aab7f682411&cid=wvmo0gkuvdbb2h8m213gr7em&rt=DJ
IP 18.195.174.160:0
GET /zp-redirect?target=https%3A%2F%2Fgo.govod.co%2F6243%2F5015%2F%3Fclickid%3Dwvmo0gkuvdbb2h8m213gr7em%26pub%3D3ac189c5-7204-4c42-a8b3-8838952bb667%26sub_pub_id%3D%28sub_pub_id%29%26extra%3D%28extra%29&caid=3ac189c5-7204-4c42-a8b3-8838952bb667&zpid=586e7361-9ff9-11ed-b93d-0aab7f682411&cid=wvmo0gkuvdbb2h8m213gr7em&rt=DJ HTTP/1.1
Host: scided-mington.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://orest-vlv.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 17:21:22 GMT
content-type: text/html;charset=UTF-8
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
set-cookie: cc-v4=zKJfJ%2FiQ2cB%2BpyZbUWlHFdNPvqvA5TaoRVNLEPmSTTrgb2JLeH7EruH6vtz4RMeu2RGOuOTSrM5zbZc%2Bj8u0hJh%2FaYq9ZLLGA%2Fir2eS5GDcf2lfrID2cx27U2D0Yj7Y5ORpeL9sJGD%2FOnL97v1h8IA%3D%3D; Max-Age=31536000; Expires=Mon, 29-Jan-2024 17:21:22 GMT; Domain=scided-mington.com; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2
www.clarity.ms/tag/bwtaqwyp9a
13.107.238.53200 OK 0 B URL HTTP/2 www.clarity.ms/tag/bwtaqwyp9a
IP 13.107.238.53:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
GET /tag/bwtaqwyp9a HTTP/1.1
Host: www.clarity.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lp.popcornlinks.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: no-cache, no-store
content-type: application/x-javascript
expires: -1
set-cookie: CLID=5d46e6ae5226410c938e144bd46228b6.20230129.20240129; expires=Mon, 29 Jan 2024 17:21:24 GMT; path=/; secure; samesite=none; httponly
request-context: appId=cid-v1:dfa4d45a-f309-4181-9ede-77e6e6c0ecf0
x-cache: CONFIG_NOCACHE
x-azure-ref: 0FKvWYwAAAACdt41bVyl5T5sS7bBaFsdTQ1BIMzBFREdFMDQyMAA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
date: Sun, 29 Jan 2023 17:21:24 GMT
X-Firefox-Spdy: h2