r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 30c30d01178fc74ac5266ee64c3ee85b
c0c2af8a864c00aa85a8775d55f85ab107150a3b
c15644f69fbfeb99074c7e9711dfc9452ee164fa78eb981b6bae4fb7e3585f2a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C15644F69FBFEB99074C7E9711DFC9452EE164FA78EB981B6BAE4FB7E3585F2A"
Last-Modified: Wed, 16 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6471
Expires: Fri, 18 Nov 2022 14:43:28 GMT
Date: Fri, 18 Nov 2022 12:55:37 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 67f53a639d57dd6237b5be86fe4f6c1b
287f09532dc331228d09c20b75f4160e91e9800a
41913a8af366685c42af59e9d8e02fccedbe68a3313d2d9fe353deb0c1019075
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6100
Cache-Control: max-age=170230
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 12:55:37 GMT
Etag: "63775eeb-1d7"
Expires: Sun, 20 Nov 2022 12:12:47 GMT
Last-Modified: Fri, 18 Nov 2022 10:31:07 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4e84f361a3c81abc5d665a5f441452a8
7aa4b9cb0a7ba1daa514dbb48fe8e74fdf09b60d
04d64920cc8e6b096841938b0c1140889f5d7a04eabd440934a31f1c7ab90352
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "04D64920CC8E6B096841938B0C1140889F5D7A04EABD440934A31F1C7AB90352"
Last-Modified: Wed, 16 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7007
Expires: Fri, 18 Nov 2022 14:52:24 GMT
Date: Fri, 18 Nov 2022 12:55:37 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 4d7e4eed097b9c4e5d509419f1cfc85a
290bb3d428a7c6330e2e3d73a952b16f820896c8
0dc9ca0f57af15adcd416035e92794711434e3d53a1feff21d8481d6d500986c
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Length, Alert, Backoff, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 18 Nov 2022 12:45:03 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 634
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: r3/T2zO375/QfcBrz/T9Lnqajn+bdx94XS7amclTRpTeXqmFv5FgspNwLehFIXSq7hfGkkU6P7M=
x-amz-request-id: P3SDVN9NRP6MYN0X
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 18 Nov 2022 12:15:36 GMT
age: 2401
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 18 Nov 2022 12:55:37 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
c.adup.app/34953
68.183.246.137200 OK 4.1 kB IP 68.183.246.137:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (303), with CRLF line terminators
Hash 0e44a651d2713c2c4fcb09b071700d43
82969f054425277d0e8f56cb3bbfe411425e71ca
6b44f7798c7410f2fc8a9257aed0d279aa2b2e86b59bebe159f9060940e8d7be
Analyzer Verdict Alert fortinet Phishing
GET /34953 HTTP/1.1
Host: c.adup.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
x-powered-by: Express
surrogate-control: no-store
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
pragma: no-cache
expires: 0
content-type: text/html; charset=utf-8
content-length: 4117
etag: W/"1015-gpafBUQlJ30Oj1bLO7/kEUJecco"
vary: Accept-Encoding
date: Fri, 18 Nov 2022 12:55:38 GMT
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Cache-Control, ETag, Pragma, Expires, Backoff, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 18 Nov 2022 12:25:01 GMT
cache-control: public,max-age=3600
age: 1837
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 312 B IP 93.184.220.29:0
Hash dfbbcd2cedcebeaa16a7fc11a9daf0a3
b53aba3a701a8c518a76ad5c2bb69c4be85c0a17
16bb8e0a591018059362c94d84f009f3957d2c6a55491f4ddb9d43f3c861abd1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3740
Cache-Control: max-age=129361
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 12:55:38 GMT
Etag: "6376c87f-138"
Expires: Sun, 20 Nov 2022 00:51:39 GMT
Last-Modified: Thu, 17 Nov 2022 23:49:19 GMT
Server: ECS (amb/6BB4)
X-Cache: HIT
Content-Length: 312
mobligent.g2afse.com/click?pid=773&offer_id=1653&sub1=22K18182538A034953031608y0dZj
34.147.1.177302 Found 0 B URL HTTP/2 mobligent.g2afse.com/click?pid=773&offer_id=1653&sub1=22K18182538A034953031608y0dZj
IP 34.147.1.177:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?pid=773&offer_id=1653&sub1=22K18182538A034953031608y0dZj HTTP/1.1
Host: mobligent.g2afse.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://c.adup.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Fri, 18 Nov 2022 12:55:38 GMT
content-length: 0
location: http://games.safaricom.com/sub.aspx?Ctg=OFG6KESFGLSD&clickid=637780caa52ab600017f05c7
x-adjust-use-original-forwarded-for: 1
set-cookie: afclick=637780caa52ab600017f05c7; expires=Sat, 18 Nov 2023 12:55:38 GMT; secure; SameSite=None
afoffers={"1653":1668776138}; expires=Sat, 18 Nov 2023 12:55:38 GMT; secure; SameSite=None
access-control-allow-origin: *
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash fe40cc6ea871d80382b6082111393fbe
281f75d0a35dc8ef908bb0500e57abd86bd5388e
6d15422cdf7a6d72d06497188f27af893682314e82ac8a189a0ee2d798cb62d7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1851
Cache-Control: max-age=160929
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 12:55:38 GMT
Etag: "63774b30-1d7"
Expires: Sun, 20 Nov 2022 09:37:47 GMT
Last-Modified: Fri, 18 Nov 2022 09:06:56 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
44.238.202.79101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 44.238.202.79:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: rwSnaRVAfvEbd8OHf7cJ2g==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Lb0/w58o19tEQqJCjY1hXKoqXF0=
games.safaricom.com/sub.aspx?Ctg=OFG6KESFGLSD&clickid=637780caa52ab600017f05c7
107.23.123.228302 Found 793 B URL HTTP/1.1 games.safaricom.com/sub.aspx?Ctg=OFG6KESFGLSD&clickid=637780caa52ab600017f05c7
IP 107.23.123.228:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash c2e14f0cb7e4baa08028bbf5d7479d2b
ab63e610b91ce5e2dd8a25ced5cb5b5b0b3acb01
70844c7c9516ff84ada94bf37e423620ca25becb6e30f6614620a5b50d187d46
GET /sub.aspx?Ctg=OFG6KESFGLSD&clickid=637780caa52ab600017f05c7 HTTP/1.1
Host: games.safaricom.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://c.adup.app/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: http://ke-webfun.upp.st/KSD-KESAF-NAZAR/gameslounge1-en-doi-web?trxID=pPbBv8htT4Fz
Server: Microsoft-IIS/8.0
Set-Cookie: ASP.NET_SessionId=kz1muklslkbjtjk4dwfgoh2k; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
x-frame-options: DENY, DENY
Access-Control-Allow-Origin: *
Date: Fri, 18 Nov 2022 12:55:38 GMT
Content-Length: 793
ke-webfun.upp.st/KSD-KESAF-NAZAR/gameslounge1-en-doi-web?trxID=pPbBv8htT4Fz
91.241.95.201200 OK 3.7 kB URL HTTP/1.1 ke-webfun.upp.st/KSD-KESAF-NAZAR/gameslounge1-en-doi-web?trxID=pPbBv8htT4Fz
IP 91.241.95.201:0
ASN #49582 Upstream Telecommunications And Software Systems S.A.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Hash 704ec937cf16f6f7ce972747a9ca263e
e281a987313f2eb26e85888440b5e6ea0160c2bc
2f6256a39f3037e7de2ffdb29b0e52ee905530663fb497a9b828c707c33f3815
GET /KSD-KESAF-NAZAR/gameslounge1-en-doi-web?trxID=pPbBv8htT4Fz HTTP/1.1
Host: ke-webfun.upp.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://c.adup.app/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Fri, 18 Nov 2022 12:55:39 GMT
Cache-Control: no-cache, private
X-Frame-Options: DENY
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
X-Varnish: 21305046
Age: 0
Via: 1.1 varnish (Varnish/6.0)
X-Cache: MISS
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
Content-Length: 3729
Set-Cookie: ng_session=eyJpdiI6InllbXhZaEdWem9jakhjdlcwN0hNb1E9PSIsInZhbHVlIjoiUGI2V0UwTnZ4V2xhbkhla0hLK1YrM2w3UmUwZHJQbUdibGVBc2x2S2FBR0NNQldRN3U5azdvZVlIbkNwbXVlVGp6VlU1RUxEeU5FZ3hXVVFFb29iMWZLME83VTVqUDVnY0lxd1YwMTZrL2lYZ0RVV28rVnRoNi9rVmxIMnA3bmUiLCJtYWMiOiJiZTJkOWJlNjhhMDIxNmIyMDEwMTkxYjVhMzYzNzVlZDhmN2Q2ZGVkNjI1YjEzMTljMzk5ZmYzYmUwZGY0MTBiIiwidGFnIjoiIn0%3D; expires=Fri, 18-Nov-2022 18:55:39 GMT; Max-Age=21600; path=/; httponly; samesite=lax
ctxid=eyJpdiI6Ikc3SElmTnpyWEl6M3FMSkZiTnZaS3c9PSIsInZhbHVlIjoibW0yS21sS2NUSmQySVRSa296TGlaK3lLdTNBWk5UbzFCT1M0SHVwL3ZVSCtwSFRKRUplaSt6UEFnbGJ4WEw2djlWWXlyUDlMS2RZZkhoV0xQSG9HbXovQkhGN1hDMWlWTjRSQzQrRWxhWEE9IiwibWFjIjoiY2NkYmU5MGExOTY3YjYwNTY5ZGVmNTAxYWY0MTMxNDYyYjY2OWQyNmZiOWFjZWM2NzNlOTc5NTVkMDVlNjk4NiIsInRhZyI6IiJ9; expires=Mon, 15-Nov-2032 12:55:39 GMT; Max-Age=315360000; path=/; httponly; samesite=lax
rd=deleted; expires=Thu, 18-Nov-2021 12:55:38 GMT; Max-Age=0; path=/; httponly; samesite=lax
userSessionID=eyJpdiI6IlpSYlNKY1dEN3ZaQ3gwbEE5RXcyN3c9PSIsInZhbHVlIjoiMFN0SDZ5MzJ6ODd0WitZSTJMVUZiRVlOK3NxbzN1QTFqTnVmTzk0c1FJUDNlZ2JKMW5sckxWSGIxUEY1aW9McWVsVGNtK1RPUkZzUnk4RkJ6d1FzZ1hrd0V1K0N5OTdtSmc4QTNiN1djMlk9IiwibWFjIjoiOGRjZmFkYmRmMTVkNWUzNGUwODEzZjJlNDFlNjhlYmJlOGExMGYyMmVlMzExNTMxYWZiNGUwOGQzYTQyNzIxZiIsInRhZyI6IiJ9; expires=Fri, 18-Nov-2022 13:25:39 GMT; Max-Age=1800; path=/; httponly; samesite=lax
userPermID=eyJpdiI6Ik1WeXQ0ZUtoMXRlWHpOdllzbkl0RGc9PSIsInZhbHVlIjoiQnVxUWxuSWJPU0xpcDdZeWN1Smg2N3p3NHArc3cwTGZ2a1VYcDVZcXN3Y2JVMm5NUEJJdzIxNEJpL1BLT2J5T0F1WXoxanRMUWg2MFhNWTZ4aFVsZVJoZGxGeUVCcm5idzdPTTVEVkNzUmM9IiwibWFjIjoiZmE2N2ZiNWQ0MjAzZGIxYjY0ODExNmU4ZmMzMDg5M2FlNTE2NmU2ZWJlMWJiMWRjNGU3OTcwMTczZjdjNDMxMSIsInRhZyI6IiJ9; expires=Mon, 15-Nov-2032 12:55:39 GMT; Max-Age=315360000; path=/; httponly; samesite=lax
TS016b227f=01b02e3e89ce18c6b606556b03ef4e534c1267c92dd92d960a89395c1581a8fca44ba1f4d2bf6ed12bfdcacc21b963642273b55152; Path=/
Keep-Alive: timeout=5, max=1000
Connection: Keep-Alive
ke-webfun.upp.st/KSD-KESAF-NAZAR/assets/KSD-KESAF-NAZAR-gameslounge1-en-doi-web.css?ver=8
91.241.95.201200 OK 2.4 kB URL HTTP/1.1 ke-webfun.upp.st/KSD-KESAF-NAZAR/assets/KSD-KESAF-NAZAR-gameslounge1-en-doi-web.css?ver=8
IP 91.241.95.201:0
ASN #49582 Upstream Telecommunications And Software Systems S.A.
Hash 7cf52e5f08a2d17b859bf7e7662747e8
a3243ca14335c0421f937ba74048f20a008bdccb
6c1719acf28c64104b7381f6a32dc8a8910f427232697cd211ed9057b2f57d87
GET /KSD-KESAF-NAZAR/assets/KSD-KESAF-NAZAR-gameslounge1-en-doi-web.css?ver=8 HTTP/1.1
Host: ke-webfun.upp.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ke-webfun.upp.st/KSD-KESAF-NAZAR/gameslounge1-en-doi-web?trxID=pPbBv8htT4Fz
Cookie: ng_session=eyJpdiI6InllbXhZaEdWem9jakhjdlcwN0hNb1E9PSIsInZhbHVlIjoiUGI2V0UwTnZ4V2xhbkhla0hLK1YrM2w3UmUwZHJQbUdibGVBc2x2S2FBR0NNQldRN3U5azdvZVlIbkNwbXVlVGp6VlU1RUxEeU5FZ3hXVVFFb29iMWZLME83VTVqUDVnY0lxd1YwMTZrL2lYZ0RVV28rVnRoNi9rVmxIMnA3bmUiLCJtYWMiOiJiZTJkOWJlNjhhMDIxNmIyMDEwMTkxYjVhMzYzNzVlZDhmN2Q2ZGVkNjI1YjEzMTljMzk5ZmYzYmUwZGY0MTBiIiwidGFnIjoiIn0%3D; ctxid=eyJpdiI6Ikc3SElmTnpyWEl6M3FMSkZiTnZaS3c9PSIsInZhbHVlIjoibW0yS21sS2NUSmQySVRSa296TGlaK3lLdTNBWk5UbzFCT1M0SHVwL3ZVSCtwSFRKRUplaSt6UEFnbGJ4WEw2djlWWXlyUDlMS2RZZkhoV0xQSG9HbXovQkhGN1hDMWlWTjRSQzQrRWxhWEE9IiwibWFjIjoiY2NkYmU5MGExOTY3YjYwNTY5ZGVmNTAxYWY0MTMxNDYyYjY2OWQyNmZiOWFjZWM2NzNlOTc5NTVkMDVlNjk4NiIsInRhZyI6IiJ9; userSessionID=eyJpdiI6IlpSYlNKY1dEN3ZaQ3gwbEE5RXcyN3c9PSIsInZhbHVlIjoiMFN0SDZ5MzJ6ODd0WitZSTJMVUZiRVlOK3NxbzN1QTFqTnVmTzk0c1FJUDNlZ2JKMW5sckxWSGIxUEY1aW9McWVsVGNtK1RPUkZzUnk4RkJ6d1FzZ1hrd0V1K0N5OTdtSmc4QTNiN1djMlk9IiwibWFjIjoiOGRjZmFkYmRmMTVkNWUzNGUwODEzZjJlNDFlNjhlYmJlOGExMGYyMmVlMzExNTMxYWZiNGUwOGQzYTQyNzIxZiIsInRhZyI6IiJ9; userPermID=eyJpdiI6Ik1WeXQ0ZUtoMXRlWHpOdllzbkl0RGc9PSIsInZhbHVlIjoiQnVxUWxuSWJPU0xpcDdZeWN1Smg2N3p3NHArc3cwTGZ2a1VYcDVZcXN3Y2JVMm5NUEJJdzIxNEJpL1BLT2J5T0F1WXoxanRMUWg2MFhNWTZ4aFVsZVJoZGxGeUVCcm5idzdPTTVEVkNzUmM9IiwibWFjIjoiZmE2N2ZiNWQ0MjAzZGIxYjY0ODExNmU4ZmMzMDg5M2FlNTE2NmU2ZWJlMWJiMWRjNGU3OTcwMTczZjdjNDMxMSIsInRhZyI6IiJ9; TS016b227f=01b02e3e89ce18c6b606556b03ef4e534c1267c92dd92d960a89395c1581a8fca44ba1f4d2bf6ed12bfdcacc21b963642273b55152
HTTP/1.1 200 OK
Date: Fri, 18 Nov 2022 12:54:01 GMT
Last-Modified: Tue, 19 Jul 2022 07:56:54 GMT
ETag: "4217-5e423d3f0161c-gzip"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2418
Content-Type: text/css
X-Varnish: 21305048 21400238
Age: 98
Via: 1.1 varnish (Varnish/6.0)
X-Cache: HIT
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=999
Connection: Keep-Alive
ke-webfun.upp.st/KSD-KESAF-NAZAR/assets/images/GamesLounge/gl_logo_v2.png
91.241.95.201200 OK 6.4 kB URL HTTP/1.1 ke-webfun.upp.st/KSD-KESAF-NAZAR/assets/images/GamesLounge/gl_logo_v2.png
IP 91.241.95.201:0
ASN #49582 Upstream Telecommunications And Software Systems S.A.
File type PNG image data, 132 x 35, 8-bit/color RGBA, non-interlaced\012- data
Hash 2b02d17cb9fec32a58ff5064d952baca
68518cd2b4d554a76936acb24cd37c501682010e
eb786e798913fead459762e7aa130178303e84f9647dd705ae203533fb0b4c2d
GET /KSD-KESAF-NAZAR/assets/images/GamesLounge/gl_logo_v2.png HTTP/1.1
Host: ke-webfun.upp.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ke-webfun.upp.st/KSD-KESAF-NAZAR/gameslounge1-en-doi-web?trxID=pPbBv8htT4Fz
Cookie: ng_session=eyJpdiI6InllbXhZaEdWem9jakhjdlcwN0hNb1E9PSIsInZhbHVlIjoiUGI2V0UwTnZ4V2xhbkhla0hLK1YrM2w3UmUwZHJQbUdibGVBc2x2S2FBR0NNQldRN3U5azdvZVlIbkNwbXVlVGp6VlU1RUxEeU5FZ3hXVVFFb29iMWZLME83VTVqUDVnY0lxd1YwMTZrL2lYZ0RVV28rVnRoNi9rVmxIMnA3bmUiLCJtYWMiOiJiZTJkOWJlNjhhMDIxNmIyMDEwMTkxYjVhMzYzNzVlZDhmN2Q2ZGVkNjI1YjEzMTljMzk5ZmYzYmUwZGY0MTBiIiwidGFnIjoiIn0%3D; ctxid=eyJpdiI6Ikc3SElmTnpyWEl6M3FMSkZiTnZaS3c9PSIsInZhbHVlIjoibW0yS21sS2NUSmQySVRSa296TGlaK3lLdTNBWk5UbzFCT1M0SHVwL3ZVSCtwSFRKRUplaSt6UEFnbGJ4WEw2djlWWXlyUDlMS2RZZkhoV0xQSG9HbXovQkhGN1hDMWlWTjRSQzQrRWxhWEE9IiwibWFjIjoiY2NkYmU5MGExOTY3YjYwNTY5ZGVmNTAxYWY0MTMxNDYyYjY2OWQyNmZiOWFjZWM2NzNlOTc5NTVkMDVlNjk4NiIsInRhZyI6IiJ9; userSessionID=eyJpdiI6IlpSYlNKY1dEN3ZaQ3gwbEE5RXcyN3c9PSIsInZhbHVlIjoiMFN0SDZ5MzJ6ODd0WitZSTJMVUZiRVlOK3NxbzN1QTFqTnVmTzk0c1FJUDNlZ2JKMW5sckxWSGIxUEY1aW9McWVsVGNtK1RPUkZzUnk4RkJ6d1FzZ1hrd0V1K0N5OTdtSmc4QTNiN1djMlk9IiwibWFjIjoiOGRjZmFkYmRmMTVkNWUzNGUwODEzZjJlNDFlNjhlYmJlOGExMGYyMmVlMzExNTMxYWZiNGUwOGQzYTQyNzIxZiIsInRhZyI6IiJ9; userPermID=eyJpdiI6Ik1WeXQ0ZUtoMXRlWHpOdllzbkl0RGc9PSIsInZhbHVlIjoiQnVxUWxuSWJPU0xpcDdZeWN1Smg2N3p3NHArc3cwTGZ2a1VYcDVZcXN3Y2JVMm5NUEJJdzIxNEJpL1BLT2J5T0F1WXoxanRMUWg2MFhNWTZ4aFVsZVJoZGxGeUVCcm5idzdPTTVEVkNzUmM9IiwibWFjIjoiZmE2N2ZiNWQ0MjAzZGIxYjY0ODExNmU4ZmMzMDg5M2FlNTE2NmU2ZWJlMWJiMWRjNGU3OTcwMTczZjdjNDMxMSIsInRhZyI6IiJ9; TS016b227f=01b02e3e89ce18c6b606556b03ef4e534c1267c92dd92d960a89395c1581a8fca44ba1f4d2bf6ed12bfdcacc21b963642273b55152
HTTP/1.1 200 OK
Date: Tue, 25 Oct 2022 10:10:21 GMT
Last-Modified: Fri, 10 Dec 2021 13:48:44 GMT
ETag: "18ff-5d2cafb4330a4"
Content-Length: 6399
Cache-Control: max-age=5184000
Expires: Sat, 24 Dec 2022 10:10:21 GMT
Content-Type: image/png
X-Varnish: 20625346 393224
Age: 2083517
Via: 1.1 varnish (Varnish/6.0)
X-Cache: HIT
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=1000
Connection: Keep-Alive
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 16bbadb18616687351d4047aedc2ab45
979123c7ad6726befbbab2c07b50ecca31aa2d18
de8231c6ee426b7a76ebf574998dec11ce908efc0a745c2182fb7b61c5915e9a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 12:55:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 16bbadb18616687351d4047aedc2ab45
979123c7ad6726befbbab2c07b50ecca31aa2d18
de8231c6ee426b7a76ebf574998dec11ce908efc0a745c2182fb7b61c5915e9a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 12:55:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ke-webfun.upp.st/KSD-KESAF-NAZAR/assets/wr-images/close-wap.png
91.241.95.201200 OK 213 B URL HTTP/1.1 ke-webfun.upp.st/KSD-KESAF-NAZAR/assets/wr-images/close-wap.png
IP 91.241.95.201:0
ASN #49582 Upstream Telecommunications And Software Systems S.A.
File type PNG image data, 21 x 21, 8-bit/color RGBA, non-interlaced\012- data
Hash d249b874e72ea9acce9f630517b48c4e
78a06a4b69bbd59d7fa9c70723640c775caf37cc
1861c75e1a0c132e357bccf763069d785f5954fe959d784abb1773f93b87bd28
GET /KSD-KESAF-NAZAR/assets/wr-images/close-wap.png HTTP/1.1
Host: ke-webfun.upp.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ke-webfun.upp.st/KSD-KESAF-NAZAR/gameslounge1-en-doi-web?trxID=pPbBv8htT4Fz
Cookie: ng_session=eyJpdiI6InllbXhZaEdWem9jakhjdlcwN0hNb1E9PSIsInZhbHVlIjoiUGI2V0UwTnZ4V2xhbkhla0hLK1YrM2w3UmUwZHJQbUdibGVBc2x2S2FBR0NNQldRN3U5azdvZVlIbkNwbXVlVGp6VlU1RUxEeU5FZ3hXVVFFb29iMWZLME83VTVqUDVnY0lxd1YwMTZrL2lYZ0RVV28rVnRoNi9rVmxIMnA3bmUiLCJtYWMiOiJiZTJkOWJlNjhhMDIxNmIyMDEwMTkxYjVhMzYzNzVlZDhmN2Q2ZGVkNjI1YjEzMTljMzk5ZmYzYmUwZGY0MTBiIiwidGFnIjoiIn0%3D; ctxid=eyJpdiI6Ikc3SElmTnpyWEl6M3FMSkZiTnZaS3c9PSIsInZhbHVlIjoibW0yS21sS2NUSmQySVRSa296TGlaK3lLdTNBWk5UbzFCT1M0SHVwL3ZVSCtwSFRKRUplaSt6UEFnbGJ4WEw2djlWWXlyUDlMS2RZZkhoV0xQSG9HbXovQkhGN1hDMWlWTjRSQzQrRWxhWEE9IiwibWFjIjoiY2NkYmU5MGExOTY3YjYwNTY5ZGVmNTAxYWY0MTMxNDYyYjY2OWQyNmZiOWFjZWM2NzNlOTc5NTVkMDVlNjk4NiIsInRhZyI6IiJ9; userSessionID=eyJpdiI6IlpSYlNKY1dEN3ZaQ3gwbEE5RXcyN3c9PSIsInZhbHVlIjoiMFN0SDZ5MzJ6ODd0WitZSTJMVUZiRVlOK3NxbzN1QTFqTnVmTzk0c1FJUDNlZ2JKMW5sckxWSGIxUEY1aW9McWVsVGNtK1RPUkZzUnk4RkJ6d1FzZ1hrd0V1K0N5OTdtSmc4QTNiN1djMlk9IiwibWFjIjoiOGRjZmFkYmRmMTVkNWUzNGUwODEzZjJlNDFlNjhlYmJlOGExMGYyMmVlMzExNTMxYWZiNGUwOGQzYTQyNzIxZiIsInRhZyI6IiJ9; userPermID=eyJpdiI6Ik1WeXQ0ZUtoMXRlWHpOdllzbkl0RGc9PSIsInZhbHVlIjoiQnVxUWxuSWJPU0xpcDdZeWN1Smg2N3p3NHArc3cwTGZ2a1VYcDVZcXN3Y2JVMm5NUEJJdzIxNEJpL1BLT2J5T0F1WXoxanRMUWg2MFhNWTZ4aFVsZVJoZGxGeUVCcm5idzdPTTVEVkNzUmM9IiwibWFjIjoiZmE2N2ZiNWQ0MjAzZGIxYjY0ODExNmU4ZmMzMDg5M2FlNTE2NmU2ZWJlMWJiMWRjNGU3OTcwMTczZjdjNDMxMSIsInRhZyI6IiJ9; TS016b227f=01b02e3e89ce18c6b606556b03ef4e534c1267c92dd92d960a89395c1581a8fca44ba1f4d2bf6ed12bfdcacc21b963642273b55152
HTTP/1.1 200 OK
Date: Tue, 25 Oct 2022 10:10:31 GMT
Last-Modified: Tue, 28 Jun 2022 15:01:58 GMT
ETag: "d5-5e283517487c7"
Content-Length: 213
Cache-Control: max-age=5184000
Expires: Sat, 24 Dec 2022 10:10:31 GMT
Content-Type: image/png
X-Varnish: 21147847 983057
Age: 2083508
Via: 1.1 varnish (Varnish/6.0)
X-Cache: HIT
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=1000
Connection: Keep-Alive
www.googletagmanager.com/gtm.js?id=GTM-NKLC98G
142.250.74.168200 OK 62 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-NKLC98G
IP 142.250.74.168:0
File type ASCII text, with very long lines (1921)
Hash cef4fcf5e11624d0057b97c3485ff272
47c152b0ae0ab8c88e41974b3ea80f4503e2a0ab
333867e8b507d50cb6b2497c350b7989efed3b5f012b76911830c83979688f9d
GET /gtm.js?id=GTM-NKLC98G HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ke-webfun.upp.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 18 Nov 2022 12:55:39 GMT
expires: Fri, 18 Nov 2022 12:55:39 GMT
cache-control: private, max-age=900
last-modified: Fri, 18 Nov 2022 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 61479
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ke-webfun.upp.st/KSD-KESAF-NAZAR/assets/assets/images/KSC-GamesLounge7-2-bg.jpg
91.241.95.201200 OK 36 kB URL HTTP/1.1 ke-webfun.upp.st/KSD-KESAF-NAZAR/assets/assets/images/KSC-GamesLounge7-2-bg.jpg
IP 91.241.95.201:0
ASN #49582 Upstream Telecommunications And Software Systems S.A.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 320x480, components 3\012- data
Hash 99bbd0f54e8f7dc64175d078c4324ca8
abe03cfe72f1ec3a52bd0e1157a83f81bef92626
1da4de741ba6c07866c3824ba6077dd763971406c5dd9ab3065c4cdc32d8b060
GET /KSD-KESAF-NAZAR/assets/assets/images/KSC-GamesLounge7-2-bg.jpg HTTP/1.1
Host: ke-webfun.upp.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ke-webfun.upp.st/KSD-KESAF-NAZAR/assets/KSD-KESAF-NAZAR-gameslounge1-en-doi-web.css?ver=8
Cookie: ng_session=eyJpdiI6InllbXhZaEdWem9jakhjdlcwN0hNb1E9PSIsInZhbHVlIjoiUGI2V0UwTnZ4V2xhbkhla0hLK1YrM2w3UmUwZHJQbUdibGVBc2x2S2FBR0NNQldRN3U5azdvZVlIbkNwbXVlVGp6VlU1RUxEeU5FZ3hXVVFFb29iMWZLME83VTVqUDVnY0lxd1YwMTZrL2lYZ0RVV28rVnRoNi9rVmxIMnA3bmUiLCJtYWMiOiJiZTJkOWJlNjhhMDIxNmIyMDEwMTkxYjVhMzYzNzVlZDhmN2Q2ZGVkNjI1YjEzMTljMzk5ZmYzYmUwZGY0MTBiIiwidGFnIjoiIn0%3D; ctxid=eyJpdiI6Ikc3SElmTnpyWEl6M3FMSkZiTnZaS3c9PSIsInZhbHVlIjoibW0yS21sS2NUSmQySVRSa296TGlaK3lLdTNBWk5UbzFCT1M0SHVwL3ZVSCtwSFRKRUplaSt6UEFnbGJ4WEw2djlWWXlyUDlMS2RZZkhoV0xQSG9HbXovQkhGN1hDMWlWTjRSQzQrRWxhWEE9IiwibWFjIjoiY2NkYmU5MGExOTY3YjYwNTY5ZGVmNTAxYWY0MTMxNDYyYjY2OWQyNmZiOWFjZWM2NzNlOTc5NTVkMDVlNjk4NiIsInRhZyI6IiJ9; userSessionID=eyJpdiI6IlpSYlNKY1dEN3ZaQ3gwbEE5RXcyN3c9PSIsInZhbHVlIjoiMFN0SDZ5MzJ6ODd0WitZSTJMVUZiRVlOK3NxbzN1QTFqTnVmTzk0c1FJUDNlZ2JKMW5sckxWSGIxUEY1aW9McWVsVGNtK1RPUkZzUnk4RkJ6d1FzZ1hrd0V1K0N5OTdtSmc4QTNiN1djMlk9IiwibWFjIjoiOGRjZmFkYmRmMTVkNWUzNGUwODEzZjJlNDFlNjhlYmJlOGExMGYyMmVlMzExNTMxYWZiNGUwOGQzYTQyNzIxZiIsInRhZyI6IiJ9; userPermID=eyJpdiI6Ik1WeXQ0ZUtoMXRlWHpOdllzbkl0RGc9PSIsInZhbHVlIjoiQnVxUWxuSWJPU0xpcDdZeWN1Smg2N3p3NHArc3cwTGZ2a1VYcDVZcXN3Y2JVMm5NUEJJdzIxNEJpL1BLT2J5T0F1WXoxanRMUWg2MFhNWTZ4aFVsZVJoZGxGeUVCcm5idzdPTTVEVkNzUmM9IiwibWFjIjoiZmE2N2ZiNWQ0MjAzZGIxYjY0ODExNmU4ZmMzMDg5M2FlNTE2NmU2ZWJlMWJiMWRjNGU3OTcwMTczZjdjNDMxMSIsInRhZyI6IiJ9; TS016b227f=01b02e3e89ce18c6b606556b03ef4e534c1267c92dd92d960a89395c1581a8fca44ba1f4d2bf6ed12bfdcacc21b963642273b55152
HTTP/1.1 200 OK
Date: Tue, 25 Oct 2022 10:10:23 GMT
Last-Modified: Wed, 08 Jun 2022 08:36:09 GMT
ETag: "8d63-5e0eb98ceabdb"
Content-Length: 36195
Cache-Control: max-age=5184000
Expires: Sat, 24 Dec 2022 10:10:23 GMT
Content-Type: image/jpeg
X-Varnish: 21305049 1376271
Age: 2083516
Via: 1.1 varnish (Varnish/6.0)
X-Cache: HIT
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=998
Connection: Keep-Alive
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 16bbadb18616687351d4047aedc2ab45
979123c7ad6726befbbab2c07b50ecca31aa2d18
de8231c6ee426b7a76ebf574998dec11ce908efc0a745c2182fb7b61c5915e9a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 12:55:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ke-webfun.upp.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Fri, 18 Nov 2022 12:41:09 GMT
expires: Fri, 18 Nov 2022 14:41:09 GMT
cache-control: public, max-age=7200
age: 871
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f7c5da16d7c4384a4c2454d6b0d84710
69fd80fdf2f1ce27b25617589c867cd1c6e5d2ab
a80d1b813523e44d2e59d7c2edd6919c0354873637bb15bccc88f66f5c24e05d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A80D1B813523E44D2E59D7C2EDD6919C0354873637BB15BCCC88F66F5C24E05D"
Last-Modified: Thu, 17 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7601
Expires: Fri, 18 Nov 2022 15:02:21 GMT
Date: Fri, 18 Nov 2022 12:55:40 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f7c5da16d7c4384a4c2454d6b0d84710
69fd80fdf2f1ce27b25617589c867cd1c6e5d2ab
a80d1b813523e44d2e59d7c2edd6919c0354873637bb15bccc88f66f5c24e05d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A80D1B813523E44D2E59D7C2EDD6919C0354873637BB15BCCC88F66F5C24E05D"
Last-Modified: Thu, 17 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7601
Expires: Fri, 18 Nov 2022 15:02:21 GMT
Date: Fri, 18 Nov 2022 12:55:40 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f7c5da16d7c4384a4c2454d6b0d84710
69fd80fdf2f1ce27b25617589c867cd1c6e5d2ab
a80d1b813523e44d2e59d7c2edd6919c0354873637bb15bccc88f66f5c24e05d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A80D1B813523E44D2E59D7C2EDD6919C0354873637BB15BCCC88F66F5C24E05D"
Last-Modified: Thu, 17 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7601
Expires: Fri, 18 Nov 2022 15:02:21 GMT
Date: Fri, 18 Nov 2022 12:55:40 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3f1b43b0-5ba1-4c6c-9a53-bfae9befdd7d.jpeg
34.120.237.76200 OK 6.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3f1b43b0-5ba1-4c6c-9a53-bfae9befdd7d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a9d32fa3866dd741de610a61a93ad893
4cb2141b1ef1e5bf19a3b355995dcd8fa36f695e
4492338de536cfae6fb42fd37170c60f4fbc281a2a924efe6d2b5af352cd102c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3f1b43b0-5ba1-4c6c-9a53-bfae9befdd7d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6344
x-amzn-requestid: cac35b04-be3b-4ae1-bb5e-8cedcd7a7db4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: btqOVFCXIAMFcOg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63755728-45c28fa333b748520be29b57;Sampled=0
x-amzn-remapped-date: Wed, 16 Nov 2022 21:33:28 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: RQqPegf6sdVW0qmrGnUo6EORLuT7BRikwhtF08LAxWNCpLGwGZnG8Q==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 b48dedcc55e63f14261aa92cf2d61522.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 21:34:03 GMT
age: 55297
etag: "4cb2141b1ef1e5bf19a3b355995dcd8fa36f695e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9672fb80-baaa-4ab8-b080-dc8c1ce94400.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9672fb80-baaa-4ab8-b080-dc8c1ce94400.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 05289172c1455c4134e496c6f4606efd
ce1bb33256b0754f9acc01e7e9f3e5dc85f89244
a8b4411a0310cc376efe2aec7c0830b8d3b63b8827631b0ff43ec092f1f80f82
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9672fb80-baaa-4ab8-b080-dc8c1ce94400.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12065
x-amzn-requestid: 45c97153-71c7-4985-a1ad-fc21a509d153
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bw-K5FyVIAMFtDg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6376aa45-0f9d22dd544a4580570f3089;Sampled=0
x-amzn-remapped-date: Thu, 17 Nov 2022 21:40:21 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: dxT2WJB7m5tUhgBn2PwTIN4Zskzm3X7CW-29hl1nCyNPbKt5j6q5iA==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 989017835f43d594873bde5a7ee7fe5e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 22:02:57 GMT
age: 53563
etag: "ce1bb33256b0754f9acc01e7e9f3e5dc85f89244"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F20ddb38f-d459-45e6-9351-068a5306b3a1.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F20ddb38f-d459-45e6-9351-068a5306b3a1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7d16e5ff718353c095d266b080fe547f
fa7c5c9a1d16355859196271f3d13f3850931888
9a94d8eb20cc56d0898b1e2b80c0006ebbef75c15ad94e907050c5be4e19a960
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F20ddb38f-d459-45e6-9351-068a5306b3a1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10349
x-amzn-requestid: fc85e078-a81a-4fed-899e-15249961f59c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bw-7tHGLIAMF00Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6376ab7d-4224d193517794684fcdc0ad;Sampled=0
x-amzn-remapped-date: Thu, 17 Nov 2022 21:45:34 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: UK-XD_8EcfPwfLb-QVwfLr8aG-sqVBoUJcbPb5hKAlQS68eOxdgM5g==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 22:05:52 GMT
age: 53388
etag: "fa7c5c9a1d16355859196271f3d13f3850931888"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F92501a28-163f-4c6e-aed7-d31c29354d1e.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F92501a28-163f-4c6e-aed7-d31c29354d1e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 032386e5c9dffff1ba1ee5e8a322d438
dd4fd6c803a9b333bace9a541c6bd183d0c56bb9
0e9f559a0aa7e114c5810a27ba243c0da7b44dc0bf7aec2b7ab32b8f0e2b536c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F92501a28-163f-4c6e-aed7-d31c29354d1e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11667
x-amzn-requestid: 4778d1bd-28c3-4665-89da-046e356087f0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bjyD1HE-oAMF0QQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637163b1-53c7330c5fd36d3c4d9e6aed;Sampled=0
x-amzn-remapped-date: Sun, 13 Nov 2022 21:37:53 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: CHi9V7-WaWmG6Y0249CZJnhe_RjvleaGFVXoOnJ62cjrcXoLLKwzgw==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 02d90bf99fd6253b329a53c82f19e224.cloudfront.net (CloudFront), 1.1 google
date: Fri, 18 Nov 2022 07:20:30 GMT
age: 20110
etag: "dd4fd6c803a9b333bace9a541c6bd183d0c56bb9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F484ffe7b-1073-4220-bf53-ccbfc7e9654e.webp
34.120.237.76200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F484ffe7b-1073-4220-bf53-ccbfc7e9654e.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 14649d486602810c1b218b96b27b2cc4
96c6cbfe31e7247c64dfa8c3759967627f8c6286
80f5d7573fd2bf4e6a6038ebf1335d159ad37c391ee539918455963d6ee88654
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F484ffe7b-1073-4220-bf53-ccbfc7e9654e.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8884
x-amzn-requestid: 3739b8f5-bb0c-4798-a931-e955dd6df81d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bw-MiGFxoAMFlxA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6376aa50-74c24a2f737634b655a5b47c;Sampled=0
x-amzn-remapped-date: Thu, 17 Nov 2022 21:40:32 GMT
x-amz-cf-pop: SEA73-P2, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: d_bLYyZzi1phYwQ2e5uvUmzO0GuvNu9Ubi2PQ0ChilQJegKr3uUiRw==
via: 1.1 79880188a81becf1687ba18c0e064230.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 22:08:13 GMT
age: 53247
etag: "96c6cbfe31e7247c64dfa8c3759967627f8c6286"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1e93b023-2729-4761-a4ea-05612c0917fb.jpeg
34.120.237.76200 OK 3.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1e93b023-2729-4761-a4ea-05612c0917fb.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5d0b6106f00f9fd8b89c2d484a559a1a
399ac393209dcdac7d2188d7aa8d95f04570ef7c
5d8151c9eb558f4a2b8bd2952c6845606ddb0c27e36f6e49aca7e60908cd9fe4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1e93b023-2729-4761-a4ea-05612c0917fb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3759
x-amzn-requestid: 8c91ac59-89dc-4218-b69f-0cebb29f301b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bw-wJHgxoAMF-hQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6376ab33-4dac305614a92bc52c038222;Sampled=0
x-amzn-remapped-date: Thu, 17 Nov 2022 21:44:19 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Mb2-PTjNmt06Wd5jOjQ5WoLY-0NgI80CKPXtwgzBt4n5km8Pu_WN0Q==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 22:08:54 GMT
age: 53206
etag: "399ac393209dcdac7d2188d7aa8d95f04570ef7c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash eaa6a3200eda9bf5788df6d9eb04d84c
12efbb66692df6d76c1103b152808d751c0e49f1
6d815027ae40ea2603c0ed5adac0821cd5526f11c2eeb0ada5294b6f2ec3492d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 12:55:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-128733194-88&cid=1423862101.1668776138&jid=848902690&gjid=504329&_gid=192894454.1668776138&_u=YGBAgEABAAAAAEAAI~&z=1014776424
142.251.1.155200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-128733194-88&cid=1423862101.1668776138&jid=848902690&gjid=504329&_gid=192894454.1668776138&_u=YGBAgEABAAAAAEAAI~&z=1014776424
IP 142.251.1.155:0
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-128733194-88&cid=1423862101.1668776138&jid=848902690&gjid=504329&_gid=192894454.1668776138&_u=YGBAgEABAAAAAEAAI~&z=1014776424 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: http://ke-webfun.upp.st
Connection: keep-alive
Referer: http://ke-webfun.upp.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: http://ke-webfun.upp.st
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Fri, 18 Nov 2022 12:55:40 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash eaa6a3200eda9bf5788df6d9eb04d84c
12efbb66692df6d76c1103b152808d751c0e49f1
6d815027ae40ea2603c0ed5adac0821cd5526f11c2eeb0ada5294b6f2ec3492d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 12:55:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash d3ba0eba720a8e5904bee6e804873c24
df1f9c79e39f777ab12225af0af60b9f26af6485
76500b32cbac4ad40e3f42c7dfd46832f3854ba88c3a6d5a9d2b5633e8e1f27b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 12:55:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash eb5405ca08a5b1038b26ae8f2e3788f3
3341c3d5bed51686ed6c8d85aa59c59a27c652a3
6ffea4a38a9fc074321b874bce4a78eefbf657f1f2a05897fb32d0a9bffa08a1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 12:55:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-128733194-88&cid=1423862101.1668776138&jid=848902690&_u=YGBAgEABAAAAAEAAI~&z=972544177
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-128733194-88&cid=1423862101.1668776138&jid=848902690&_u=YGBAgEABAAAAAEAAI~&z=972544177
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-128733194-88&cid=1423862101.1668776138&jid=848902690&_u=YGBAgEABAAAAAEAAI~&z=972544177 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ke-webfun.upp.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 18 Nov 2022 12:55:40 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-128733194-88&cid=1423862101.1668776138&jid=848902690&_u=YGBAgEABAAAAAEAAI~&z=972544177
142.250.74.164200 OK 42 B URL HTTP/2 www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-128733194-88&cid=1423862101.1668776138&jid=848902690&_u=YGBAgEABAAAAAEAAI~&z=972544177
IP 142.250.74.164:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-128733194-88&cid=1423862101.1668776138&jid=848902690&_u=YGBAgEABAAAAAEAAI~&z=972544177 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ke-webfun.upp.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 18 Nov 2022 12:55:40 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash eb5405ca08a5b1038b26ae8f2e3788f3
3341c3d5bed51686ed6c8d85aa59c59a27c652a3
6ffea4a38a9fc074321b874bce4a78eefbf657f1f2a05897fb32d0a9bffa08a1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 12:55:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash c15be7bf1c6987951ddd348d6f6b4db1
9faac1fb81abc8fce6d4ae81777c76b8bc11e9b0
7f1d01e3fc0b69e331fd30326ea8fd9b1e3e06a0a93ae4768e7addd03a121025
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 12:55:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
header.safaricombeats.co.ke/
196.201.213.123200 OK 432 B URL HTTP/1.1 header.safaricombeats.co.ke/
IP 196.201.213.123:0
ASN #33771 SAFARICOM-LIMITED
File type XML 1.0 document text\012- XML document, ASCII text
Hash e4f06d88d699f6d83b5bc22d538949db
496cb8adc4ee7f8eed2f618c7dfa9d0e4ed60af2
fcc5006a99f7e7f5f20df2afddb9509878147e6912cc0b895876a35f8cc19119
GET / HTTP/1.1
Host: header.safaricombeats.co.ke
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://ke-webfun.upp.st
Connection: keep-alive
Referer: http://ke-webfun.upp.st/
HTTP/1.1 200 OK
Date: Fri, 18 Nov 2022 12:55:40 GMT
Server: Web Server
Access-Control-Allow-Origin: *
Content-Length: 432
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/xml;charset=UTF-8
ke-webfun.upp.st/KSD-KESAF-NAZAR/gameslounge1-en-doi-wifi?trxID=pPbBv8htT4Fz
91.241.95.201200 OK 2.7 kB URL HTTP/1.1 ke-webfun.upp.st/KSD-KESAF-NAZAR/gameslounge1-en-doi-wifi?trxID=pPbBv8htT4Fz
IP 91.241.95.201:0
ASN #49582 Upstream Telecommunications And Software Systems S.A.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Hash bc5320e8a290c6bc5008d892bd13d0c0
4184b5ff299ea39ae27a608021133ca7e7aea108
d2f7b48e9ba09cbe986c950fb8d0fe53b3a0b9d4a5e79b9a6df5e0b82b3d6fbf
GET /KSD-KESAF-NAZAR/gameslounge1-en-doi-wifi?trxID=pPbBv8htT4Fz HTTP/1.1
Host: ke-webfun.upp.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ke-webfun.upp.st/KSD-KESAF-NAZAR/gameslounge1-en-doi-web?trxID=pPbBv8htT4Fz
Cookie: ng_session=eyJpdiI6InllbXhZaEdWem9jakhjdlcwN0hNb1E9PSIsInZhbHVlIjoiUGI2V0UwTnZ4V2xhbkhla0hLK1YrM2w3UmUwZHJQbUdibGVBc2x2S2FBR0NNQldRN3U5azdvZVlIbkNwbXVlVGp6VlU1RUxEeU5FZ3hXVVFFb29iMWZLME83VTVqUDVnY0lxd1YwMTZrL2lYZ0RVV28rVnRoNi9rVmxIMnA3bmUiLCJtYWMiOiJiZTJkOWJlNjhhMDIxNmIyMDEwMTkxYjVhMzYzNzVlZDhmN2Q2ZGVkNjI1YjEzMTljMzk5ZmYzYmUwZGY0MTBiIiwidGFnIjoiIn0%3D; ctxid=eyJpdiI6Ikc3SElmTnpyWEl6M3FMSkZiTnZaS3c9PSIsInZhbHVlIjoibW0yS21sS2NUSmQySVRSa296TGlaK3lLdTNBWk5UbzFCT1M0SHVwL3ZVSCtwSFRKRUplaSt6UEFnbGJ4WEw2djlWWXlyUDlMS2RZZkhoV0xQSG9HbXovQkhGN1hDMWlWTjRSQzQrRWxhWEE9IiwibWFjIjoiY2NkYmU5MGExOTY3YjYwNTY5ZGVmNTAxYWY0MTMxNDYyYjY2OWQyNmZiOWFjZWM2NzNlOTc5NTVkMDVlNjk4NiIsInRhZyI6IiJ9; userSessionID=eyJpdiI6IlpSYlNKY1dEN3ZaQ3gwbEE5RXcyN3c9PSIsInZhbHVlIjoiMFN0SDZ5MzJ6ODd0WitZSTJMVUZiRVlOK3NxbzN1QTFqTnVmTzk0c1FJUDNlZ2JKMW5sckxWSGIxUEY1aW9McWVsVGNtK1RPUkZzUnk4RkJ6d1FzZ1hrd0V1K0N5OTdtSmc4QTNiN1djMlk9IiwibWFjIjoiOGRjZmFkYmRmMTVkNWUzNGUwODEzZjJlNDFlNjhlYmJlOGExMGYyMmVlMzExNTMxYWZiNGUwOGQzYTQyNzIxZiIsInRhZyI6IiJ9; userPermID=eyJpdiI6Ik1WeXQ0ZUtoMXRlWHpOdllzbkl0RGc9PSIsInZhbHVlIjoiQnVxUWxuSWJPU0xpcDdZeWN1Smg2N3p3NHArc3cwTGZ2a1VYcDVZcXN3Y2JVMm5NUEJJdzIxNEJpL1BLT2J5T0F1WXoxanRMUWg2MFhNWTZ4aFVsZVJoZGxGeUVCcm5idzdPTTVEVkNzUmM9IiwibWFjIjoiZmE2N2ZiNWQ0MjAzZGIxYjY0ODExNmU4ZmMzMDg5M2FlNTE2NmU2ZWJlMWJiMWRjNGU3OTcwMTczZjdjNDMxMSIsInRhZyI6IiJ9; TS016b227f=01b02e3e89ce18c6b606556b03ef4e534c1267c92dd92d960a89395c1581a8fca44ba1f4d2bf6ed12bfdcacc21b963642273b55152; _gcl_au=1.1.108516900.1668776138; _ga=GA1.2.1423862101.1668776138; _gid=GA1.2.192894454.1668776138; _dc_gtm_UA-128733194-88=1
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Fri, 18 Nov 2022 12:55:40 GMT
Cache-Control: no-cache, private
X-Frame-Options: DENY
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
X-Varnish: 20818485
Age: 0
Via: 1.1 varnish (Varnish/6.0)
X-Cache: MISS
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
Set-Cookie: ng_session=eyJpdiI6IkM4dUpGU3IrMmJ0ODkrRkxlbmU5S0E9PSIsInZhbHVlIjoieWdaQlU3bmEvbmx4WVVIeWZPYlZuOU9uUVdZbnJIRFZoT1Y4Z1Z2NTZsRmRCRUdOVllrTk1kL2l6RDZxdmtZR0ErL2NtelhvOUw2MllHOUc3S2ZIWE1iYlluVytMTW1mZ1RZbFVDbzB1THh6UUpLbFVLbVBIVXlKVzUvOUw0UkQiLCJtYWMiOiI1MjU0NDFlODEyZmY1OTlkOGNjYjg3ZTNiNmNmZDFmZTA5M2E4YTdlYzc5YWJlMjU3NDE4YmIzZTg4Y2NjODQwIiwidGFnIjoiIn0%3D; expires=Fri, 18-Nov-2022 18:55:40 GMT; Max-Age=21600; path=/; httponly; samesite=lax
userPermID=eyJpdiI6ImllN1lVc3RYK1Nxa0I2WUx6UGRIWFE9PSIsInZhbHVlIjoic0J1RjlKVWV2bmpNVGlqRjRrYUQ4VVRROWY1RFRmM2FHNTdXRHZQbWRVUnltNXgzK2pHaXpCT0ZxUnh2eGhzU21oU3gvUDh4RnRMSlZGbitxUjBqVUF5OFFEUmNaZmpjNzJQSncwb3NqNjQ9IiwibWFjIjoiMzM0YzI5M2Q2MGQ3NTk3ZWZkZjE1ZTUxNTBhN2RhODIwODhmNDdlYTBiNjI5MjA2N2U4ZjliZWM3MDBiYWFiNSIsInRhZyI6IiJ9; expires=Mon, 15-Nov-2032 12:55:40 GMT; Max-Age=315360000; path=/; httponly; samesite=lax
userSessionID=eyJpdiI6IitjOUdoVWozaXJlZ3pCQXFtYW80OUE9PSIsInZhbHVlIjoiMWlXRUQwcDRsMk8ycjhPYVFEQmwrZXMzR1JhcEhqaHprZGZOS04yVU94VWNiVVliL1djYVkyNjhoZ3NObDBUYmZVQnI2QjNMbFpvaUJHRVRiSXQwNHlIYkM5U0oxcHV0dHBEWWE2VjVWU2s9IiwibWFjIjoiNmU2ZjRmMjUwYjVhOWJlM2QyZDc0MmQwZmNlNDI5MWJkNmU5YzQ2MGExYWJmZmVlNjA2OTQ3MjUwMTAzMTMxNiIsInRhZyI6IiJ9; expires=Fri, 18-Nov-2022 13:25:40 GMT; Max-Age=1800; path=/; httponly; samesite=lax
ctxid=eyJpdiI6ImJQZjNDVUI1Q0JoTHh4VFljSFN5VWc9PSIsInZhbHVlIjoic1BRbWtVNHdHY1pzVEk1VmpDeXNuaVN5aWxZa2RkcUFYU1lqK0NpMHltZGNCSDhYaEQxUWxPbDBTaTBRYlQ1M3pqZDR6bHgxZWEvb1ViNStLSDJ3VzVPOHhFZXBYaFNMQVpGZHRBeVlTWXM9IiwibWFjIjoiN2JlMWZhOWVhODQ5NzRkZDU1Yzg2ZmViNjYxYzJlMDdmOGFhNTU1MGNjOWViMDk3N2RkM2Q0NmI4YTZkNTNlMCIsInRhZyI6IiJ9; expires=Mon, 15-Nov-2032 12:55:40 GMT; Max-Age=315360000; path=/; httponly; samesite=lax
rd=deleted; expires=Thu, 18-Nov-2021 12:55:39 GMT; Max-Age=0; path=/; httponly; samesite=lax
TS016b227f=01b02e3e89ce18c6b606556b03ef4e534c1267c92dd92d960a89395c1581a8fca44ba1f4d2bf6ed12bfdcacc21b963642273b55152; Path=/
Keep-Alive: timeout=5, max=997
Connection: Keep-Alive
Transfer-Encoding: chunked
ke-webfun.upp.st/KSD-KESAF-NAZAR/assets/KSD-KESAF-NAZAR-gameslounge1-en-doi-wifi.css?ver=7
91.241.95.201200 OK 2.4 kB URL HTTP/1.1 ke-webfun.upp.st/KSD-KESAF-NAZAR/assets/KSD-KESAF-NAZAR-gameslounge1-en-doi-wifi.css?ver=7
IP 91.241.95.201:0
ASN #49582 Upstream Telecommunications And Software Systems S.A.
Hash bfc9fc70d6a011b8d42625f8168ab037
417b11b89807dbb8111faf44ae218f878ff8c097
62ca3ad9a9bf81246c1bfbb79e9e939798d8acf9759595101524b262721a8cd0
GET /KSD-KESAF-NAZAR/assets/KSD-KESAF-NAZAR-gameslounge1-en-doi-wifi.css?ver=7 HTTP/1.1
Host: ke-webfun.upp.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ke-webfun.upp.st/KSD-KESAF-NAZAR/gameslounge1-en-doi-wifi?trxID=pPbBv8htT4Fz
Cookie: ng_session=eyJpdiI6IkM4dUpGU3IrMmJ0ODkrRkxlbmU5S0E9PSIsInZhbHVlIjoieWdaQlU3bmEvbmx4WVVIeWZPYlZuOU9uUVdZbnJIRFZoT1Y4Z1Z2NTZsRmRCRUdOVllrTk1kL2l6RDZxdmtZR0ErL2NtelhvOUw2MllHOUc3S2ZIWE1iYlluVytMTW1mZ1RZbFVDbzB1THh6UUpLbFVLbVBIVXlKVzUvOUw0UkQiLCJtYWMiOiI1MjU0NDFlODEyZmY1OTlkOGNjYjg3ZTNiNmNmZDFmZTA5M2E4YTdlYzc5YWJlMjU3NDE4YmIzZTg4Y2NjODQwIiwidGFnIjoiIn0%3D; ctxid=eyJpdiI6ImJQZjNDVUI1Q0JoTHh4VFljSFN5VWc9PSIsInZhbHVlIjoic1BRbWtVNHdHY1pzVEk1VmpDeXNuaVN5aWxZa2RkcUFYU1lqK0NpMHltZGNCSDhYaEQxUWxPbDBTaTBRYlQ1M3pqZDR6bHgxZWEvb1ViNStLSDJ3VzVPOHhFZXBYaFNMQVpGZHRBeVlTWXM9IiwibWFjIjoiN2JlMWZhOWVhODQ5NzRkZDU1Yzg2ZmViNjYxYzJlMDdmOGFhNTU1MGNjOWViMDk3N2RkM2Q0NmI4YTZkNTNlMCIsInRhZyI6IiJ9; userSessionID=eyJpdiI6IitjOUdoVWozaXJlZ3pCQXFtYW80OUE9PSIsInZhbHVlIjoiMWlXRUQwcDRsMk8ycjhPYVFEQmwrZXMzR1JhcEhqaHprZGZOS04yVU94VWNiVVliL1djYVkyNjhoZ3NObDBUYmZVQnI2QjNMbFpvaUJHRVRiSXQwNHlIYkM5U0oxcHV0dHBEWWE2VjVWU2s9IiwibWFjIjoiNmU2ZjRmMjUwYjVhOWJlM2QyZDc0MmQwZmNlNDI5MWJkNmU5YzQ2MGExYWJmZmVlNjA2OTQ3MjUwMTAzMTMxNiIsInRhZyI6IiJ9; userPermID=eyJpdiI6ImllN1lVc3RYK1Nxa0I2WUx6UGRIWFE9PSIsInZhbHVlIjoic0J1RjlKVWV2bmpNVGlqRjRrYUQ4VVRROWY1RFRmM2FHNTdXRHZQbWRVUnltNXgzK2pHaXpCT0ZxUnh2eGhzU21oU3gvUDh4RnRMSlZGbitxUjBqVUF5OFFEUmNaZmpjNzJQSncwb3NqNjQ9IiwibWFjIjoiMzM0YzI5M2Q2MGQ3NTk3ZWZkZjE1ZTUxNTBhN2RhODIwODhmNDdlYTBiNjI5MjA2N2U4ZjliZWM3MDBiYWFiNSIsInRhZyI6IiJ9; TS016b227f=01b02e3e89ce18c6b606556b03ef4e534c1267c92dd92d960a89395c1581a8fca44ba1f4d2bf6ed12bfdcacc21b963642273b55152; _gcl_au=1.1.108516900.1668776138; _ga=GA1.2.1423862101.1668776138; _gid=GA1.2.192894454.1668776138; _dc_gtm_UA-128733194-88=1
HTTP/1.1 200 OK
Date: Fri, 18 Nov 2022 12:54:59 GMT
Last-Modified: Tue, 19 Jul 2022 07:56:57 GMT
ETag: "420b-5e423d41c17b8-gzip"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2412
Content-Type: text/css
X-Varnish: 20625347 20596782
Age: 41
Via: 1.1 varnish (Varnish/6.0)
X-Cache: HIT
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=999
Connection: Keep-Alive
www.googletagmanager.com/gtm.js?id=GTM-M9LC97C
142.250.74.168200 OK 0 B URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-M9LC97C
IP 142.250.74.168:0
GET /gtm.js?id=GTM-M9LC97C HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ke-webfun.upp.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 18 Nov 2022 12:55:39 GMT
expires: Fri, 18 Nov 2022 12:55:39 GMT
cache-control: private, max-age=900
last-modified: Fri, 18 Nov 2022 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 61209
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2