mega-clean-phone.com/wap2/update-ss4-2_bb-cln/
5.189.255.67301 Moved Permanently 162 B URL HTTP/1.1 mega-clean-phone.com/wap2/update-ss4-2_bb-cln/
IP 5.189.255.67:0
ASN #35277 Llhost Inc. Srl
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
Analyzer Verdict Alert fortinet Malware
GET /wap2/update-ss4-2_bb-cln/ HTTP/1.1
Host: mega-clean-phone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sun, 25 Dec 2022 22:13:02 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://mega-clean-phone.com/wap2/update-ss4-2_bb-cln/
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 96defe1601ba891731eee83f0830649d
ba500679fd337488c3f60543561740ff0dfc1898
d2a320a9feb1a874af3da921db2a8619513968724ef8eb0715c010291c4cf8d9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D2A320A9FEB1A874AF3DA921DB2A8619513968724EF8EB0715C010291C4CF8D9"
Last-Modified: Sun, 25 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3922
Expires: Sun, 25 Dec 2022 23:18:24 GMT
Date: Sun, 25 Dec 2022 22:13:02 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 9cce060ddc316540d079e6816a1e7412
709a74969d1996d2b35ef0f7f34ae18455169f1e
6d58b895476c9ab451d8fc51df98809adca445bc6e9d720430e80a0c85242879
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6D58B895476C9AB451D8FC51DF98809ADCA445BC6E9D720430E80A0C85242879"
Last-Modified: Sun, 25 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7483
Expires: Mon, 26 Dec 2022 00:17:45 GMT
Date: Sun, 25 Dec 2022 22:13:02 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Content-Type, Content-Length, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 25 Dec 2022 21:34:59 GMT
content-type: application/json
age: 2283
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6b1d63d9d906daa309dc263b4991bbe9
04680ddd86781d46dfe6a9671571b3ad1f3758f3
46fff7230b88de4cd81dfb0feb783d2dec27e49041f9257d2fb891030781bf6c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "46FFF7230B88DE4CD81DFB0FEB783D2DEC27E49041F9257D2FB891030781BF6C"
Last-Modified: Fri, 23 Dec 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19397
Expires: Mon, 26 Dec 2022 03:36:19 GMT
Date: Sun, 25 Dec 2022 22:13:02 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash b1fcd419a4245617397846e8d17233f6
2a037ce244587640b27ead9a0ec2af4f862d91b2
e059b6d834c06e58494c43fb2ff42acbc27c1a1d8f7f30e2f32ca0e167599e2f
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: hjcIq+tyO9Mn4AlDT9wV6wkHomcHMSCKLOmFpIRBof1jvyIw3G9S+vKv1ziFKo0LHbqbD31EkBE=
x-amz-request-id: 6DD8NFCA1Y6PZ4R5
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 25 Dec 2022 21:57:10 GMT
age: 952
last-modified: Tue, 20 Dec 2022 14:47:58 GMT
etag: "b1fcd419a4245617397846e8d17233f6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 25 Dec 2022 22:13:02 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e056a639af810db69dc7512dd93a144b
ae57bcaaa04733c4e8d11936a648d63a27bacc83
0190f15e55361e387428eba2ef8a729ef6270ef5e89a6fa62b65b69776684040
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0190F15E55361E387428EBA2EF8A729EF6270EF5E89A6FA62B65B69776684040"
Last-Modified: Fri, 23 Dec 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21593
Expires: Mon, 26 Dec 2022 04:12:56 GMT
Date: Sun, 25 Dec 2022 22:13:03 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, ETag, Pragma, Last-Modified, Expires, Alert, Content-Type, Retry-After, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 25 Dec 2022 22:08:04 GMT
age: 299
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
mega-clean-phone.com/wap2/update-ss4-2_bb-cln/
5.189.255.67200 OK 11 kB URL HTTP/1.1 mega-clean-phone.com/wap2/update-ss4-2_bb-cln/
IP 5.189.255.67:0
ASN #35277 Llhost Inc. Srl
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (423)
Hash c567e6f63154d0afd896289f3a58b3ff
6e389b2b1af5692eee6e73c0b9185340c250f467
53c4d60291229e9d36e009a494056b3c7eec38be2547f3f8825ab27ddbb8bf15
Analyzer Verdict Alert fortinet Malware
GET /wap2/update-ss4-2_bb-cln/ HTTP/1.1
Host: mega-clean-phone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 25 Dec 2022 22:13:03 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
mega-clean-phone.com/wap2/update-ss4-2_bb-cln/scripts/language-set.js
5.189.255.67200 OK 24 kB URL HTTP/1.1 mega-clean-phone.com/wap2/update-ss4-2_bb-cln/scripts/language-set.js
IP 5.189.255.67:0
ASN #35277 Llhost Inc. Srl
Hash 626a818f4ba42c2fedb822a097e09fe6
7823445b1cca0bf756bff0cf5a1c9857deb87b9e
4b35a50ef9b38a4965bf885b189eb74ce669053bc11ba923787e79c63019b1a6
Analyzer Verdict Alert fortinet Malware
GET /wap2/update-ss4-2_bb-cln/scripts/language-set.js HTTP/1.1
Host: mega-clean-phone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mega-clean-phone.com/wap2/update-ss4-2_bb-cln/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 25 Dec 2022 22:13:03 GMT
Content-Type: application/javascript
Content-Length: 23745
Last-Modified: Mon, 19 Sep 2022 09:05:13 GMT
Connection: keep-alive
ETag: "632830c9-5cc1"
Accept-Ranges: bytes
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash bdc6ddd27a64c85bd15f78b39a79874c
965b8f1b763483b4b4dfe35526d27393d1fdf05c
d2f4dee4d920109e0751634731bea278c9ea9e6c0120ac07969eba74ddbfe615
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6589
Cache-Control: max-age=132214
Content-Type: application/ocsp-response
Date: Sun, 25 Dec 2022 22:13:03 GMT
Etag: "63a812a8-1d7"
Expires: Tue, 27 Dec 2022 10:56:37 GMT
Last-Modified: Sun, 25 Dec 2022 09:06:48 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471
mega-clean-phone.com/wap2/update-ss4-2_bb-cln/scripts/bbms.js
5.189.255.67200 OK 237 B URL HTTP/1.1 mega-clean-phone.com/wap2/update-ss4-2_bb-cln/scripts/bbms.js
IP 5.189.255.67:0
ASN #35277 Llhost Inc. Srl
Hash 7d28b6cbe87e8f21c3f3b924ad2fce84
a0fcb29b5007430efcedea382a71414b19a5700c
1fe518c0a3dc387ca3984382c6ed29c0c2c1018b40547523a619666040b3e760
Analyzer Verdict Alert fortinet Malware
GET /wap2/update-ss4-2_bb-cln/scripts/bbms.js HTTP/1.1
Host: mega-clean-phone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mega-clean-phone.com/wap2/update-ss4-2_bb-cln/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 25 Dec 2022 22:13:03 GMT
Content-Type: application/javascript
Content-Length: 237
Last-Modified: Mon, 19 Sep 2022 09:07:36 GMT
Connection: keep-alive
ETag: "63283158-ed"
Accept-Ranges: bytes
mega-clean-phone.com/wap2/update-ss4-2_bb-cln/scripts/ua-parser.min.js
5.189.255.67200 OK 31 kB URL HTTP/1.1 mega-clean-phone.com/wap2/update-ss4-2_bb-cln/scripts/ua-parser.min.js
IP 5.189.255.67:0
ASN #35277 Llhost Inc. Srl
File type Unicode text, UTF-8 text, with very long lines (466)
Hash 510b0ae5ba4fc01505e69ab357e95d53
0dd62e18e3295c4661c768f33e33834591667690
c50b4e4800fd99d1c8d6ac79ee98b616378b678ba4a13e586731c28a3c986bf7
Analyzer Verdict Alert fortinet Malware
GET /wap2/update-ss4-2_bb-cln/scripts/ua-parser.min.js HTTP/1.1
Host: mega-clean-phone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mega-clean-phone.com/wap2/update-ss4-2_bb-cln/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 25 Dec 2022 22:13:03 GMT
Content-Type: application/javascript
Content-Length: 31101
Last-Modified: Mon, 19 Sep 2022 09:05:16 GMT
Connection: keep-alive
ETag: "632830cc-797d"
Accept-Ranges: bytes
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 101c1468c27370553a0a5b54995480d9
ed622cd83f43164094da4b2b7a439c1844f2e932
86e37dcf1bad25349983eafa1d88c4772f0d3bee6195c6f5635f78fb0255295d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5591
Cache-Control: max-age=135156
Content-Type: application/ocsp-response
Date: Sun, 25 Dec 2022 22:13:03 GMT
Etag: "63a8220c-117"
Expires: Tue, 27 Dec 2022 11:45:39 GMT
Last-Modified: Sun, 25 Dec 2022 10:12:28 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 279
push.services.mozilla.com/
52.34.56.119101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.34.56.119:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: xsAU79xNnuaEPUT2YJZ4oA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: SycnmIb0eYHstGzUnftK+M0T1c0=
mega-clean-phone.com/favicon.ico
5.189.255.67404 Not Found 107 B URL HTTP/1.1 mega-clean-phone.com/favicon.ico
IP 5.189.255.67:0
ASN #35277 Llhost Inc. Srl
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 1f1ab1003fec1cbbe630f8a25a93a2bf
8cec320eff3e038626b6f5edb5be9e98d5a5bbca
085420c1207434394ec6e170849d50b661e59c6e0a977ab43f5c74a37de71fcd
GET /favicon.ico HTTP/1.1
Host: mega-clean-phone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mega-clean-phone.com/wap2/update-ss4-2_bb-cln/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Server: nginx
Date: Sun, 25 Dec 2022 22:13:03 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
js.dynssp.com/ps/ps.js?id=VjcizwzY4EaTOffpi_xUYw
46.148.125.182200 OK 22 kB URL HTTP/2 js.dynssp.com/ps/ps.js?id=VjcizwzY4EaTOffpi_xUYw
IP 46.148.125.182:0
ASN #35277 Llhost Inc. Srl
File type Unicode text, UTF-8 text, with very long lines (21535), with no line terminators
Hash 79943cfb318595b82a2d67b088de266f
1b84e9fcdfdbee62e5cca73476a04b952c95a490
3bf0785fdb79eadbb1f7cdcf70ecc8245b350bf8fcf6da24c2dff9a41f5a480f
GET /ps/ps.js?id=VjcizwzY4EaTOffpi_xUYw HTTP/1.1
Host: js.dynssp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mega-clean-phone.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 25 Dec 2022 22:13:04 GMT
content-type: application/javascript
content-length: 21776
set-cookie: __psu=12cecf51-513e-4297-9280-89c6962f3ede; expires=Wed, 25 Dec 2024 22:13:04 GMT; path=/; secure; samesite=none
cache-control: max-age=0, no-cache, no-store, must-revalidate
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash a4887aa0a07d726c889d8dfbddc359c6
83658ae9db1abb14fb2b869bf451caa97ef58e4d
085603732bde2eb04b81ae99e116350593ad282d21e81bfd624c0f9543247cd9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Dec 2022 22:13:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.gstatic.com/firebasejs/8.4.1/firebase-app.js
142.250.74.35200 OK 6.8 kB URL HTTP/2 www.gstatic.com/firebasejs/8.4.1/firebase-app.js
IP 142.250.74.35:0
File type ASCII text, with very long lines (21158)
Hash cc9770d1cd023f5acf160f83840856fe
3b9c4a75943e3101e25a612ff975d03e9ef6f5ab
6b37f2d363f4b788f0b1473c7f51522bd85fe319ac39e7fb1c70aceaf35fe42e
GET /firebasejs/8.4.1/firebase-app.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mega-clean-phone.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 6763
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 23 Dec 2022 13:33:41 GMT
expires: Sat, 23 Dec 2023 13:33:41 GMT
cache-control: public, max-age=31536000
age: 203963
last-modified: Tue, 13 Apr 2021 06:56:11 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js
142.250.74.35200 OK 11 kB URL HTTP/2 www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js
IP 142.250.74.35:0
File type ASCII text, with very long lines (40976)
Hash 65fc850cb32508517dcbc63b09aa7909
b6a0811a047ac43a061b326c424e57e3b125eaee
cb0497203016e7af18b3989110eaca26fed09c7c2e1ae0fda9a159b6784f69d5
GET /firebasejs/8.4.1/firebase-messaging.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mega-clean-phone.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 10908
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 21 Dec 2022 13:37:31 GMT
expires: Thu, 21 Dec 2023 13:37:31 GMT
cache-control: public, max-age=31536000
age: 376533
last-modified: Tue, 13 Apr 2021 06:56:17 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash a4887aa0a07d726c889d8dfbddc359c6
83658ae9db1abb14fb2b869bf451caa97ef58e4d
085603732bde2eb04b81ae99e116350593ad282d21e81bfd624c0f9543247cd9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Dec 2022 22:13:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
mega-clean-phone.com/VjcizwzY4EaTOffpi_xUYw.js
5.189.255.67200 OK 2.0 kB URL HTTP/1.1 mega-clean-phone.com/VjcizwzY4EaTOffpi_xUYw.js
IP 5.189.255.67:0
ASN #35277 Llhost Inc. Srl
File type ASCII text, with CRLF line terminators
Hash ea77c46c7fb5b138355ea9c334e3aae7
ea99ee249baba680d304b5a28e0fac09b66cd3aa
35ae68ba26f86239bf9b6236b67a1f9407d7c9be44debbeb51cc9d17021e9acf
GET /VjcizwzY4EaTOffpi_xUYw.js HTTP/1.1
Host: mega-clean-phone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 25 Dec 2022 22:13:04 GMT
Content-Type: application/javascript
Content-Length: 2032
Last-Modified: Tue, 21 Dec 2021 09:49:31 GMT
Connection: keep-alive
ETag: "61c1a32b-7f0"
Accept-Ranges: bytes
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 796e102a616f07b0de39f5476179ccd5
bf1d8b0944ffa91afc7d31d2ffb3291652f903c3
6881d46edd3d3730884da6719176d7d4bc79aa6d05cda0f4ef97ac10c4591279
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6881D46EDD3D3730884DA6719176D7D4BC79AA6D05CDA0F4EF97AC10C4591279"
Last-Modified: Sun, 25 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14530
Expires: Mon, 26 Dec 2022 02:15:14 GMT
Date: Sun, 25 Dec 2022 22:13:04 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 796e102a616f07b0de39f5476179ccd5
bf1d8b0944ffa91afc7d31d2ffb3291652f903c3
6881d46edd3d3730884da6719176d7d4bc79aa6d05cda0f4ef97ac10c4591279
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6881D46EDD3D3730884DA6719176D7D4BC79AA6D05CDA0F4EF97AC10C4591279"
Last-Modified: Sun, 25 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14530
Expires: Mon, 26 Dec 2022 02:15:14 GMT
Date: Sun, 25 Dec 2022 22:13:04 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 796e102a616f07b0de39f5476179ccd5
bf1d8b0944ffa91afc7d31d2ffb3291652f903c3
6881d46edd3d3730884da6719176d7d4bc79aa6d05cda0f4ef97ac10c4591279
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6881D46EDD3D3730884DA6719176D7D4BC79AA6D05CDA0F4EF97AC10C4591279"
Last-Modified: Sun, 25 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14530
Expires: Mon, 26 Dec 2022 02:15:14 GMT
Date: Sun, 25 Dec 2022 22:13:04 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 796e102a616f07b0de39f5476179ccd5
bf1d8b0944ffa91afc7d31d2ffb3291652f903c3
6881d46edd3d3730884da6719176d7d4bc79aa6d05cda0f4ef97ac10c4591279
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6881D46EDD3D3730884DA6719176D7D4BC79AA6D05CDA0F4EF97AC10C4591279"
Last-Modified: Sun, 25 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14530
Expires: Mon, 26 Dec 2022 02:15:14 GMT
Date: Sun, 25 Dec 2022 22:13:04 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2a394e27-3391-4992-8278-c17b6af6f6e6.jpeg
34.120.237.76200 OK 5.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2a394e27-3391-4992-8278-c17b6af6f6e6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b4c1c005f6a410f9a70bb3dfca6e3946
db8224a2f6a985ae37c1ba6b7edd669e8fd2b097
62018c535821be673031b5a9f48e0a208763ce2ba270cf1211b96a6bee950fbe
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2a394e27-3391-4992-8278-c17b6af6f6e6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5205
x-amzn-requestid: e77f5360-eb30-4e16-b481-e9823a2b94a2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: duMunF_YIAMF_MA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a8c190-5727986253815e4d5fe64ee9;Sampled=0
x-amzn-remapped-date: Sun, 25 Dec 2022 21:33:04 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: hSuINwOLEb9yadXYM8-wjj5s50dflddwYw_WqqNuNiV7fUW0PUvRnw==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Dec 2022 21:51:28 GMT
age: 1296
etag: "db8224a2f6a985ae37c1ba6b7edd669e8fd2b097"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F15ba8929-c657-48a6-a579-360324426927.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F15ba8929-c657-48a6-a579-360324426927.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8403a671b2c4b3b2ce2f8a9eba9de2c0
5437391241a500b6b0d2118120e835d2673e7d39
1e52a144b08ff6efe2da52dfdfeccbc4cea9270536cf5e7a2a769bbff9cd7d2f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F15ba8929-c657-48a6-a579-360324426927.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11249
x-amzn-requestid: 6fdd6489-ffea-400f-9199-a20789160ba8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dlFk6FvuoAMFYcQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a51c85-6805b25c54c3390e5c39c6e1;Sampled=0
x-amzn-remapped-date: Fri, 23 Dec 2022 03:12:05 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: gfO9Ei1XEd8cvE7CBnK5AUz1wIr890fLc9vwcZje7I23ZEjJkFLUDg==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 ee8246c5442dace7525c74f6a799bb46.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Dec 2022 03:46:12 GMT
age: 66412
etag: "5437391241a500b6b0d2118120e835d2673e7d39"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5272da38-01a8-4043-804a-cb62488152e1.jpeg
34.120.237.76200 OK 8.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5272da38-01a8-4043-804a-cb62488152e1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0eedc9584ce3db2443c98e94536e9dbb
779c88e1e3ef3f8ad5fc2b4dc545cda6298eeb74
ca4bde46fc0a3b1e17704ac46c011405e82ceb7a2780886ce70f0a798bc47f6b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5272da38-01a8-4043-804a-cb62488152e1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8423
x-amzn-requestid: 29317808-72e9-404e-b4d7-2a2ca85c1ab2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: duNZzHywoAMFcKA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a8c2a4-5a2a88970fbc7d1d2f9da797;Sampled=0
x-amzn-remapped-date: Sun, 25 Dec 2022 21:37:40 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: n2tDc6R0yKValING-YZqmchO90g5ATryaSbcxFMeioWSFEVnGDM0CA==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Dec 2022 21:50:07 GMT
age: 1377
etag: "779c88e1e3ef3f8ad5fc2b4dc545cda6298eeb74"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F41f5188d-f96d-4ff9-b031-6deaf492f9eb.jpeg
34.120.237.76200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F41f5188d-f96d-4ff9-b031-6deaf492f9eb.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5aa58dca6b2b5be1164a0ef094269f3f
02286c6089b03e288b54d1dc4075dc9fe2c1a633
c51e9a68ff1d6e96c7b933dcfe09a1039d24410846e9eb8d7bf43e9265511a30
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F41f5188d-f96d-4ff9-b031-6deaf492f9eb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8861
x-amzn-requestid: 23cc6525-1409-46f4-b2cb-99721981ddbb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: duNZzE84oAMFl5Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a8c2a4-13f642154e4da26315cd47aa;Sampled=0
x-amzn-remapped-date: Sun, 25 Dec 2022 21:37:40 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Q0rpD9gFBkVbScXgDCu3-sEElsVNMRsQsHanighWBhLb2Sw-dIeSdA==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Dec 2022 21:51:20 GMT
age: 1304
etag: "02286c6089b03e288b54d1dc4075dc9fe2c1a633"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb12e2114-0241-4da7-bd1e-899e349748e5.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb12e2114-0241-4da7-bd1e-899e349748e5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d168ba736203efdefa90d8882fc40505
c661ff487be1f6c6d8fbe8fd671aa55159052b13
03154c7d275e14a4a2174e710e0a8be4ffee79070052f210e3496f0c0b5f37c7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb12e2114-0241-4da7-bd1e-899e349748e5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12097
x-amzn-requestid: aae402bd-c19f-4245-98e9-e89ca85c4d25
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: duNcOHqcIAMFpYg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a8c2b4-0038899d5108109039e9d46a;Sampled=0
x-amzn-remapped-date: Sun, 25 Dec 2022 21:37:56 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: N54ZNk6rFLXw2TwRtNLAt4e1gBHqKMZ4uN0_fD5Fm7wtofseV-IgWQ==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Dec 2022 21:51:30 GMT
age: 1294
etag: "c661ff487be1f6c6d8fbe8fd671aa55159052b13"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2a3cb4f6-331d-4465-b755-12d991be2472.jpeg
34.120.237.76200 OK 8.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2a3cb4f6-331d-4465-b755-12d991be2472.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ced54fefc5e80f92168942e38c6cd43e
645f142095ea14906727cb9d1d73f9b9b1961ff5
5dc47559db3b92ec3755fe7deb07357a00f26e8d262133c1f468ad2c2971c5d4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2a3cb4f6-331d-4465-b755-12d991be2472.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7991
x-amzn-requestid: 3755e28d-3aa3-4686-bb71-b5c7d22482e8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: duMupE5GoAMFdXQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a8c190-6c291ca45fc58fce35245ed4;Sampled=0
x-amzn-remapped-date: Sun, 25 Dec 2022 21:33:04 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: kY1Cb57db7eEzstTwogLIQH1Ir61sUyrmJ8KCpMhXR7cjrLVc05igQ==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Dec 2022 21:51:20 GMT
age: 1304
etag: "645f142095ea14906727cb9d1d73f9b9b1961ff5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
js-cdn.imghst-de.com/push_config.json
172.67.73.113200 OK 0 B URL HTTP/2 js-cdn.imghst-de.com/push_config.json
IP 172.67.73.113:0
GET /push_config.json HTTP/1.1
Host: js-cdn.imghst-de.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mega-clean-phone.com/
Origin: https://mega-clean-phone.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 25 Dec 2022 22:13:03 GMT
content-type: application/json
last-modified: Thu, 22 Dec 2022 14:18:25 GMT
etag: W/"63a46731-26b6"
access-control-allow-origin: *
cache-control: max-age=691200
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c9hh0aeWIM2w7HCi1CqR74Nq7ztf%2BM5RxEBqABSePVRD7Y9%2Bamw1l7v%2FFc6W9Vjp%2BnFHnn%2BXIOWaxrsHIGtn41JAP5M%2Bsrx0QxrZjPi%2BKrdld0qSXW0X09nIFDI3R%2BzH8Z5nuExG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77f4ebfa5c6bb4fa-OSL
content-encoding: br
X-Firefox-Spdy: h2
feed.cdnpsh.com/ps/config.js?id=VjcizwzY4EaTOffpi_xUYw
5.75.133.219200 OK 0 B URL HTTP/2 feed.cdnpsh.com/ps/config.js?id=VjcizwzY4EaTOffpi_xUYw
IP 5.75.133.219:0
ASN #24940 Hetzner Online GmbH
GET /ps/config.js?id=VjcizwzY4EaTOffpi_xUYw HTTP/1.1
Host: feed.cdnpsh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mega-clean-phone.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 25 Dec 2022 22:13:04 GMT
content-type: application/javascript
vary: Accept-Encoding
set-cookie: __psu=7f1209f8-a200-4140-93a9-7589ca69639e; expires=Wed, 25 Dec 2024 22:13:04 GMT; path=/; secure; samesite=none
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-encoding: gzip
X-Firefox-Spdy: h2