Report - c.adup.app/34953

Report Overview

Submitted URL
c.adup.app/34953
IP
68.183.246.137
ASN
#14061 DIGITALOCEAN-ASN
Submitted
2022-11-18 12:55:49
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
c.adup.app	140529	2019-02-11T20:22:16Z	2023-03-10T14:54:11Z	347 B	4.5 kB	68.183.246.137
games.safaricom.com	unknown	2016-02-25T03:35:15Z	2023-01-16T11:05:19Z	438 B	1.2 kB	107.23.123.228
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-10T05:11:10Z	3.1 kB	6.3 kB	142.250.74.3
www.googletagmanager.com	75	2013-05-22T04:07:37Z	2023-03-10T13:03:15Z	762 B	63 kB	142.250.74.168
www.google.com	7	2015-05-10T13:11:19Z	2023-03-10T12:19:40Z	517 B	694 B	142.250.74.164
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-10T13:49:44Z	1.0 kB	2.2 kB	93.184.220.29
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-10T05:10:00Z	782 B	2.4 kB	34.102.187.140
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-10T05:10:02Z	606 B	127 B	44.238.202.79
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-10T05:12:35Z	413 B	5.8 kB	34.160.144.191
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-10T05:10:00Z	333 B	229 B	34.117.237.239
www.google.no	25607	2016-04-05T21:50:59Z	2023-03-10T07:09:08Z	516 B	694 B	142.250.74.3
header.safaricombeats.co.ke	unknown	2019-04-14T14:41:28Z	2023-01-28T09:03:36Z	315 B	653 B	196.201.213.123
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-10T05:09:10Z	1.7 kB	4.4 kB	23.36.76.226
mobligent.g2afse.com	686721	2022-03-02T10:58:10Z	2023-03-09T11:34:10Z	527 B	477 B	34.147.1.177
ke-webfun.upp.st	unknown	2022-06-02T22:10:38Z	2023-03-10T06:51:46Z	12 kB	61 kB	91.241.95.201
www.google-analytics.com	40	2012-10-03T03:04:21Z	2023-03-10T13:35:34Z	372 B	21 kB	142.250.74.174
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-10T05:10:04Z	3.2 kB	59 kB	34.120.237.76
stats.g.doubleclick.net	96	2013-06-10T22:21:11Z	2023-03-10T12:41:09Z	603 B	710 B	142.251.1.155

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-11-18	medium	c.adup.app/34953	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (16)

	URL	Size	First Seen	Last Seen
	c.adup.app/34953	3.2 kB	2023-03-11	2023-03-11
Pretty URL c.adup.app/34953 IP 68.183.246.137 ASN #14061 DIGITALOCEAN-ASN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 14:00:59 Last Seen2023-03-11 14:00:59 Times Seen1 Hash 3cc3394b1c7a3931b94f865f12a054ed bf277412b1efe8133aa471606faa2b698e43d868 943c1cfd74842c66e1010db4547eb386f3bc73f8bb9ebaae502562b434502ea9 Loading...

	ke-webfun.upp.st/KSD-KESAF-NAZAR/gameslounge1-en-doi-web?trxID=pPbBv8htT4Fz	75 B	2023-03-07	2024-04-18
Pretty URL ke-webfun.upp.st/KSD-KESAF-NAZAR/gameslounge1-en-doi-web?trxID=pPbBv8htT4Fz IP 91.241.95.201 ASN #49582 Upstream Telecommunications And Software Systems S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:42:38 Last Seen2024-04-18 12:30:04 Times Seen649 Hash 219540904c0178c788f7876c475cf695 34be8b20e8abc01ba107bb54f70c2319511043b7 328ca9901193cec5051c6c7fe1404faf85e4ce1cfed2d9bb7bc429a8573d90ca Loading...

	ke-webfun.upp.st/KSD-KESAF-NAZAR/gameslounge1-en-doi-web?trxID=pPbBv8htT4Fz	217 B	2023-03-11	2023-03-11
Pretty URL ke-webfun.upp.st/KSD-KESAF-NAZAR/gameslounge1-en-doi-web?trxID=pPbBv8htT4Fz IP 91.241.95.201 ASN #49582 Upstream Telecommunications And Software Systems S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 14:00:59 Last Seen2023-03-11 14:00:59 Times Seen1 Hash c8b919a44dfe4d22aaf15e85b072c711 42c3bb9d8c9d9b51c5f11304ae704917642569c5 17767375f6f97eafa3a8198199d62cecc717d10fe8f4565537c3924866683dea Loading...

	www.googletagmanager.com/gtm.js?id=GTM-M9LC97C	162 kB	2023-03-11	2023-03-11
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-M9LC97C IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 14:00:59 Last Seen2023-03-11 14:00:59 Times Seen1 Hash 085e41af5b9370ba34f05f4758d41b1b 7efe0850fbe26f06c38c8c303f8fe7623bc58a41 244be16c46435450aea4cf0fe7c59b8ebe62406070cd258fe93f1f658b198a87 Loading...

	ke-webfun.upp.st/KSD-KESAF-NAZAR/gameslounge1-en-doi-wifi?trxID=pPbBv8htT4Fz	337 B	2023-03-09	2024-03-04
Pretty URL ke-webfun.upp.st/KSD-KESAF-NAZAR/gameslounge1-en-doi-wifi?trxID=pPbBv8htT4Fz IP 91.241.95.201 ASN #49582 Upstream Telecommunications And Software Systems S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:01:18 Last Seen2024-03-04 05:23:34 Times Seen8 Hash 758a5fa96b8928e5475df873bdcab39a ed115357b2ea302f560c8395f91a1c8812e2fa3a f6f0cad06659dd8270c1e2da479262c03dd4578020be20415b9f264a94b5ded3 Loading...

	ke-webfun.upp.st/KSD-KESAF-NAZAR/gameslounge1-en-doi-web?trxID=pPbBv8htT4Fz	548 B	2023-03-11	2023-03-11
Pretty URL ke-webfun.upp.st/KSD-KESAF-NAZAR/gameslounge1-en-doi-web?trxID=pPbBv8htT4Fz IP 91.241.95.201 ASN #49582 Upstream Telecommunications And Software Systems S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 14:00:59 Last Seen2023-03-11 14:00:59 Times Seen1 Hash 8d82a314e74cf88fafa3c7b226184b65 dee6a52e267a7b174fec992b217817bbd7adbd5a 807180e20e5f17be748696aaff3a27964ddb0b0985a0d4ebb271caec34b4b763 Loading...

	ke-webfun.upp.st/KSD-KESAF-NAZAR/gameslounge1-en-doi-web?trxID=pPbBv8htT4Fz	227 B	2023-03-11	2023-03-11
Pretty URL ke-webfun.upp.st/KSD-KESAF-NAZAR/gameslounge1-en-doi-web?trxID=pPbBv8htT4Fz IP 91.241.95.201 ASN #49582 Upstream Telecommunications And Software Systems S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 14:00:59 Last Seen2023-03-11 14:00:59 Times Seen1 Hash 5b055d0d6040102e8b20d79113bf1766 b0155f0394b60979c17d8dda26b935721ea65ad1 13f23dcaf5427c60c69bf2322f38b9777155f60ced8e4e20f67b21efdaced133 Loading...

	www.google-analytics.com/analytics.js	50 kB	2023-03-08	2024-04-19
Pretty URL www.google-analytics.com/analytics.js IP 142.250.74.174 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 05:22:31 Last Seen2024-04-19 07:47:47 Times Seen1515 Hash fda30e8a22c9bcd954fd8d0fadd0e77c ae47cd34cbde081a48d7f92fc80aaf06a1381193 b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719 Loading...

	ke-webfun.upp.st/KSD-KESAF-NAZAR/gameslounge1-en-doi-wifi?trxID=pPbBv8htT4Fz	229 B	2023-03-11	2023-03-11
Pretty URL ke-webfun.upp.st/KSD-KESAF-NAZAR/gameslounge1-en-doi-wifi?trxID=pPbBv8htT4Fz IP 91.241.95.201 ASN #49582 Upstream Telecommunications And Software Systems S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 14:00:59 Last Seen2023-03-11 14:00:59 Times Seen1 Hash e4f3f5a50399a2bbdd83cec51bb2a9a1 b328896ce9c9ec8a008232f6d8619bca3a6b5274 62cb04b6ca9cc81236b1899c6dedfc604cdaf0c11511544a02f1bf67bd11abbc Loading...

	unknown	0 B	2023-03-07	2024-04-19
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-19 13:50:36 Times Seen36960658 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	www.googletagmanager.com/gtm.js?id=GTM-NKLC98G	163 kB	2023-03-11	2023-03-11
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-NKLC98G IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 14:00:59 Last Seen2023-03-11 14:00:59 Times Seen1 Hash 3d4949cce50c088f6a40b60f8ccc293d 32215bfaa6c995dd149b71ad58f6e67d236cd406 3966d99c4327086f7549a0e27e1315033ab3234354e810b1de67a2af51ed9446 Loading...

	c.adup.app/34953	314 B	2023-03-11	2023-03-11
Pretty URL c.adup.app/34953 IP 68.183.246.137 ASN #14061 DIGITALOCEAN-ASN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 14:00:59 Last Seen2023-03-11 14:00:59 Times Seen1 Hash e5eb14d047ddc74adf7f462b12416529 f584e169b4e839c6d2f53668a6d6a8a112cc485a 9348f6c00ba2c86376535480876c5e3fd3277346faf661408da13e550add1bd1 Loading...

	ke-webfun.upp.st/KSD-KESAF-NAZAR/gameslounge1-en-doi-web?trxID=pPbBv8htT4Fz	548 B	2023-03-11	2023-03-11
Pretty URL ke-webfun.upp.st/KSD-KESAF-NAZAR/gameslounge1-en-doi-web?trxID=pPbBv8htT4Fz IP 91.241.95.201 ASN #49582 Upstream Telecommunications And Software Systems S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 14:00:59 Last Seen2023-03-11 14:00:59 Times Seen1 Hash 6b4c73b680023cc95f94f9634536884e 72feaff62c624dca38a7128a8f55859432255d9d 862f022fa1391b0c31757a2f49e0b91e50ad41616c47155ae80aaf9383e6ec5f Loading...

	ke-webfun.upp.st/KSD-KESAF-NAZAR/gameslounge1-en-doi-web?trxID=pPbBv8htT4Fz	56 B	2023-03-07	2024-04-18
Pretty URL ke-webfun.upp.st/KSD-KESAF-NAZAR/gameslounge1-en-doi-web?trxID=pPbBv8htT4Fz IP 91.241.95.201 ASN #49582 Upstream Telecommunications And Software Systems S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:42:38 Last Seen2024-04-18 12:30:04 Times Seen321 Hash e633aa08ae12366911d8e26c62df0ac7 a16f61cc6d9dbd371d1111eaff9b8e9ab3532ad7 4d9920d1b0a027e9d1e7994912dede5626a56cef010170b15fb45edc85f882ed Loading...

	ke-webfun.upp.st/KSD-KESAF-NAZAR/gameslounge1-en-doi-web?trxID=pPbBv8htT4Fz	2.5 kB	2023-03-11	2023-03-11
Pretty URL ke-webfun.upp.st/KSD-KESAF-NAZAR/gameslounge1-en-doi-web?trxID=pPbBv8htT4Fz IP 91.241.95.201 ASN #49582 Upstream Telecommunications And Software Systems S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 14:00:59 Last Seen2023-03-11 14:00:59 Times Seen1 Hash 44a94a1a96fbfa81b11d23db39cafc38 798d96ce6f43075f8eda9c059d66e2f4f5436111 e92c7484592c4809d67ffd1c447cf089d16ef4ad27b8dd55e265fff267ea20e2 Loading...

	ke-webfun.upp.st/KSD-KESAF-NAZAR/gameslounge1-en-doi-web?trxID=pPbBv8htT4Fz	3.0 kB	2023-03-11	2023-03-11
Pretty URL ke-webfun.upp.st/KSD-KESAF-NAZAR/gameslounge1-en-doi-web?trxID=pPbBv8htT4Fz IP 91.241.95.201 ASN #49582 Upstream Telecommunications And Software Systems S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 14:00:59 Last Seen2023-03-11 14:00:59 Times Seen1 Hash c89834e133c28ba71cd6bfb50f5b5c90 d1cf555095b431c646d3b0628f78e743bd635595 ee5fa097f69ad9465010eae0cfbe6389ea97c79caa5103a2e7e2f017e13e19b7 Loading...

HTTP Transactions (45)

URL IP Response Size

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
30c30d01178fc74ac5266ee64c3ee85b
c0c2af8a864c00aa85a8775d55f85ab107150a3b
c15644f69fbfeb99074c7e9711dfc9452ee164fa78eb981b6bae4fb7e3585f2a

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C15644F69FBFEB99074C7E9711DFC9452EE164FA78EB981B6BAE4FB7E3585F2A"
Last-Modified: Wed, 16 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6471
Expires: Fri, 18 Nov 2022 14:43:28 GMT
Date: Fri, 18 Nov 2022 12:55:37 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
67f53a639d57dd6237b5be86fe4f6c1b
287f09532dc331228d09c20b75f4160e91e9800a
41913a8af366685c42af59e9d8e02fccedbe68a3313d2d9fe353deb0c1019075

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6100
Cache-Control: max-age=170230
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 12:55:37 GMT
Etag: "63775eeb-1d7"
Expires: Sun, 20 Nov 2022 12:12:47 GMT
Last-Modified: Fri, 18 Nov 2022 10:31:07 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
4e84f361a3c81abc5d665a5f441452a8
7aa4b9cb0a7ba1daa514dbb48fe8e74fdf09b60d
04d64920cc8e6b096841938b0c1140889f5d7a04eabd440934a31f1c7ab90352

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "04D64920CC8E6B096841938B0C1140889F5D7A04EABD440934A31F1C7AB90352"
Last-Modified: Wed, 16 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7007
Expires: Fri, 18 Nov 2022 14:52:24 GMT
Date: Fri, 18 Nov 2022 12:55:37 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
4d7e4eed097b9c4e5d509419f1cfc85a
290bb3d428a7c6330e2e3d73a952b16f820896c8
0dc9ca0f57af15adcd416035e92794711434e3d53a1feff21d8481d6d500986c

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Length, Alert, Backoff, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 18 Nov 2022 12:45:03 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 634
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: r3/T2zO375/QfcBrz/T9Lnqajn+bdx94XS7amclTRpTeXqmFv5FgspNwLehFIXSq7hfGkkU6P7M=
x-amz-request-id: P3SDVN9NRP6MYN0X
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 18 Nov 2022 12:15:36 GMT
age: 2401
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 18 Nov 2022 12:55:37 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

c.adup.app/34953

68.183.246.137

200 OK

4.1 kB

URL HTTP/1.1
c.adup.app/34953
IP
68.183.246.137:0
ASN
#14061 DIGITALOCEAN-ASN

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (303), with CRLF line terminators
Size
4.1 kB (4117 bytes)
Hash
0e44a651d2713c2c4fcb09b071700d43
82969f054425277d0e8f56cb3bbfe411425e71ca
6b44f7798c7410f2fc8a9257aed0d279aa2b2e86b59bebe159f9060940e8d7be

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /34953 HTTP/1.1
Host: c.adup.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
x-powered-by: Express
surrogate-control: no-store
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
pragma: no-cache
expires: 0
content-type: text/html; charset=utf-8
content-length: 4117
etag: W/"1015-gpafBUQlJ30Oj1bLO7/kEUJecco"
vary: Accept-Encoding
date: Fri, 18 Nov 2022 12:55:38 GMT

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Cache-Control, ETag, Pragma, Expires, Backoff, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 18 Nov 2022 12:25:01 GMT
cache-control: public,max-age=3600
age: 1837
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

312 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
312 B (312 bytes)
Hash
dfbbcd2cedcebeaa16a7fc11a9daf0a3
b53aba3a701a8c518a76ad5c2bb69c4be85c0a17
16bb8e0a591018059362c94d84f009f3957d2c6a55491f4ddb9d43f3c861abd1

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3740
Cache-Control: max-age=129361
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 12:55:38 GMT
Etag: "6376c87f-138"
Expires: Sun, 20 Nov 2022 00:51:39 GMT
Last-Modified: Thu, 17 Nov 2022 23:49:19 GMT
Server: ECS (amb/6BB4)
X-Cache: HIT
Content-Length: 312

mobligent.g2afse.com/click?pid=773&offer_id=1653&sub1=22K18182538A034953031608y0dZj

34.147.1.177

302 Found

0 B

URL HTTP/2
mobligent.g2afse.com/click?pid=773&offer_id=1653&sub1=22K18182538A034953031608y0dZj
IP
34.147.1.177:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /click?pid=773&offer_id=1653&sub1=22K18182538A034953031608y0dZj HTTP/1.1
Host: mobligent.g2afse.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://c.adup.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
server: nginx
date: Fri, 18 Nov 2022 12:55:38 GMT
content-length: 0
location: http://games.safaricom.com/sub.aspx?Ctg=OFG6KESFGLSD&clickid=637780caa52ab600017f05c7
x-adjust-use-original-forwarded-for: 1
set-cookie: afclick=637780caa52ab600017f05c7; expires=Sat, 18 Nov 2023 12:55:38 GMT; secure; SameSite=None
afoffers={"1653":1668776138}; expires=Sat, 18 Nov 2023 12:55:38 GMT; secure; SameSite=None
access-control-allow-origin: *
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
fe40cc6ea871d80382b6082111393fbe
281f75d0a35dc8ef908bb0500e57abd86bd5388e
6d15422cdf7a6d72d06497188f27af893682314e82ac8a189a0ee2d798cb62d7

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1851
Cache-Control: max-age=160929
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 12:55:38 GMT
Etag: "63774b30-1d7"
Expires: Sun, 20 Nov 2022 09:37:47 GMT
Last-Modified: Fri, 18 Nov 2022 09:06:56 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

44.238.202.79

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
44.238.202.79:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: rwSnaRVAfvEbd8OHf7cJ2g==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Lb0/w58o19tEQqJCjY1hXKoqXF0=

games.safaricom.com/sub.aspx?Ctg=OFG6KESFGLSD&clickid=637780caa52ab600017f05c7

107.23.123.228

302 Found

793 B

URL HTTP/1.1
games.safaricom.com/sub.aspx?Ctg=OFG6KESFGLSD&clickid=637780caa52ab600017f05c7
IP
107.23.123.228:0
ASN
#14618 AMAZON-AES

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size
793 B (793 bytes)
Hash
c2e14f0cb7e4baa08028bbf5d7479d2b
ab63e610b91ce5e2dd8a25ced5cb5b5b0b3acb01
70844c7c9516ff84ada94bf37e423620ca25becb6e30f6614620a5b50d187d46

HTTP Headers

GET /sub.aspx?Ctg=OFG6KESFGLSD&clickid=637780caa52ab600017f05c7 HTTP/1.1
Host: games.safaricom.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://c.adup.app/
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: http://ke-webfun.upp.st/KSD-KESAF-NAZAR/gameslounge1-en-doi-web?trxID=pPbBv8htT4Fz
Server: Microsoft-IIS/8.0
Set-Cookie: ASP.NET_SessionId=kz1muklslkbjtjk4dwfgoh2k; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
x-frame-options: DENY, DENY
Access-Control-Allow-Origin: *
Date: Fri, 18 Nov 2022 12:55:38 GMT
Content-Length: 793

ke-webfun.upp.st/KSD-KESAF-NAZAR/gameslounge1-en-doi-web?trxID=pPbBv8htT4Fz

91.241.95.201

200 OK

3.7 kB

URL HTTP/1.1
ke-webfun.upp.st/KSD-KESAF-NAZAR/gameslounge1-en-doi-web?trxID=pPbBv8htT4Fz
IP
91.241.95.201:0
ASN
#49582 Upstream Telecommunications And Software Systems S.A.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Size
3.7 kB (3729 bytes)
Hash
704ec937cf16f6f7ce972747a9ca263e
e281a987313f2eb26e85888440b5e6ea0160c2bc
2f6256a39f3037e7de2ffdb29b0e52ee905530663fb497a9b828c707c33f3815

HTTP Headers

GET /KSD-KESAF-NAZAR/gameslounge1-en-doi-web?trxID=pPbBv8htT4Fz HTTP/1.1
Host: ke-webfun.upp.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://c.adup.app/
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Fri, 18 Nov 2022 12:55:39 GMT
Cache-Control: no-cache, private
X-Frame-Options: DENY
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
X-Varnish: 21305046
Age: 0
Via: 1.1 varnish (Varnish/6.0)
X-Cache: MISS
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
Content-Length: 3729
Set-Cookie: ng_session=eyJpdiI6InllbXhZaEdWem9jakhjdlcwN0hNb1E9PSIsInZhbHVlIjoiUGI2V0UwTnZ4V2xhbkhla0hLK1YrM2w3UmUwZHJQbUdibGVBc2x2S2FBR0NNQldRN3U5azdvZVlIbkNwbXVlVGp6VlU1RUxEeU5FZ3hXVVFFb29iMWZLME83VTVqUDVnY0lxd1YwMTZrL2lYZ0RVV28rVnRoNi9rVmxIMnA3bmUiLCJtYWMiOiJiZTJkOWJlNjhhMDIxNmIyMDEwMTkxYjVhMzYzNzVlZDhmN2Q2ZGVkNjI1YjEzMTljMzk5ZmYzYmUwZGY0MTBiIiwidGFnIjoiIn0%3D; expires=Fri, 18-Nov-2022 18:55:39 GMT; Max-Age=21600; path=/; httponly; samesite=lax
ctxid=eyJpdiI6Ikc3SElmTnpyWEl6M3FMSkZiTnZaS3c9PSIsInZhbHVlIjoibW0yS21sS2NUSmQySVRSa296TGlaK3lLdTNBWk5UbzFCT1M0SHVwL3ZVSCtwSFRKRUplaSt6UEFnbGJ4WEw2djlWWXlyUDlMS2RZZkhoV0xQSG9HbXovQkhGN1hDMWlWTjRSQzQrRWxhWEE9IiwibWFjIjoiY2NkYmU5MGExOTY3YjYwNTY5ZGVmNTAxYWY0MTMxNDYyYjY2OWQyNmZiOWFjZWM2NzNlOTc5NTVkMDVlNjk4NiIsInRhZyI6IiJ9; expires=Mon, 15-Nov-2032 12:55:39 GMT; Max-Age=315360000; path=/; httponly; samesite=lax
rd=deleted; expires=Thu, 18-Nov-2021 12:55:38 GMT; Max-Age=0; path=/; httponly; samesite=lax
userSessionID=eyJpdiI6IlpSYlNKY1dEN3ZaQ3gwbEE5RXcyN3c9PSIsInZhbHVlIjoiMFN0SDZ5MzJ6ODd0WitZSTJMVUZiRVlOK3NxbzN1QTFqTnVmTzk0c1FJUDNlZ2JKMW5sckxWSGIxUEY1aW9McWVsVGNtK1RPUkZzUnk4RkJ6d1FzZ1hrd0V1K0N5OTdtSmc4QTNiN1djMlk9IiwibWFjIjoiOGRjZmFkYmRmMTVkNWUzNGUwODEzZjJlNDFlNjhlYmJlOGExMGYyMmVlMzExNTMxYWZiNGUwOGQzYTQyNzIxZiIsInRhZyI6IiJ9; expires=Fri, 18-Nov-2022 13:25:39 GMT; Max-Age=1800; path=/; httponly; samesite=lax
userPermID=eyJpdiI6Ik1WeXQ0ZUtoMXRlWHpOdllzbkl0RGc9PSIsInZhbHVlIjoiQnVxUWxuSWJPU0xpcDdZeWN1Smg2N3p3NHArc3cwTGZ2a1VYcDVZcXN3Y2JVMm5NUEJJdzIxNEJpL1BLT2J5T0F1WXoxanRMUWg2MFhNWTZ4aFVsZVJoZGxGeUVCcm5idzdPTTVEVkNzUmM9IiwibWFjIjoiZmE2N2ZiNWQ0MjAzZGIxYjY0ODExNmU4ZmMzMDg5M2FlNTE2NmU2ZWJlMWJiMWRjNGU3OTcwMTczZjdjNDMxMSIsInRhZyI6IiJ9; expires=Mon, 15-Nov-2032 12:55:39 GMT; Max-Age=315360000; path=/; httponly; samesite=lax
TS016b227f=01b02e3e89ce18c6b606556b03ef4e534c1267c92dd92d960a89395c1581a8fca44ba1f4d2bf6ed12bfdcacc21b963642273b55152; Path=/
Keep-Alive: timeout=5, max=1000
Connection: Keep-Alive

ke-webfun.upp.st/KSD-KESAF-NAZAR/assets/KSD-KESAF-NAZAR-gameslounge1-en-doi-web.css?ver=8

91.241.95.201

200 OK

2.4 kB

URL HTTP/1.1
ke-webfun.upp.st/KSD-KESAF-NAZAR/assets/KSD-KESAF-NAZAR-gameslounge1-en-doi-web.css?ver=8
IP
91.241.95.201:0
ASN
#49582 Upstream Telecommunications And Software Systems S.A.

File type
ASCII text
Size
2.4 kB (2418 bytes)
Hash
7cf52e5f08a2d17b859bf7e7662747e8
a3243ca14335c0421f937ba74048f20a008bdccb
6c1719acf28c64104b7381f6a32dc8a8910f427232697cd211ed9057b2f57d87

HTTP Headers

GET /KSD-KESAF-NAZAR/assets/KSD-KESAF-NAZAR-gameslounge1-en-doi-web.css?ver=8 HTTP/1.1
Host: ke-webfun.upp.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ke-webfun.upp.st/KSD-KESAF-NAZAR/gameslounge1-en-doi-web?trxID=pPbBv8htT4Fz
Cookie: ng_session=eyJpdiI6InllbXhZaEdWem9jakhjdlcwN0hNb1E9PSIsInZhbHVlIjoiUGI2V0UwTnZ4V2xhbkhla0hLK1YrM2w3UmUwZHJQbUdibGVBc2x2S2FBR0NNQldRN3U5azdvZVlIbkNwbXVlVGp6VlU1RUxEeU5FZ3hXVVFFb29iMWZLME83VTVqUDVnY0lxd1YwMTZrL2lYZ0RVV28rVnRoNi9rVmxIMnA3bmUiLCJtYWMiOiJiZTJkOWJlNjhhMDIxNmIyMDEwMTkxYjVhMzYzNzVlZDhmN2Q2ZGVkNjI1YjEzMTljMzk5ZmYzYmUwZGY0MTBiIiwidGFnIjoiIn0%3D; ctxid=eyJpdiI6Ikc3SElmTnpyWEl6M3FMSkZiTnZaS3c9PSIsInZhbHVlIjoibW0yS21sS2NUSmQySVRSa296TGlaK3lLdTNBWk5UbzFCT1M0SHVwL3ZVSCtwSFRKRUplaSt6UEFnbGJ4WEw2djlWWXlyUDlMS2RZZkhoV0xQSG9HbXovQkhGN1hDMWlWTjRSQzQrRWxhWEE9IiwibWFjIjoiY2NkYmU5MGExOTY3YjYwNTY5ZGVmNTAxYWY0MTMxNDYyYjY2OWQyNmZiOWFjZWM2NzNlOTc5NTVkMDVlNjk4NiIsInRhZyI6IiJ9; userSessionID=eyJpdiI6IlpSYlNKY1dEN3ZaQ3gwbEE5RXcyN3c9PSIsInZhbHVlIjoiMFN0SDZ5MzJ6ODd0WitZSTJMVUZiRVlOK3NxbzN1QTFqTnVmTzk0c1FJUDNlZ2JKMW5sckxWSGIxUEY1aW9McWVsVGNtK1RPUkZzUnk4RkJ6d1FzZ1hrd0V1K0N5OTdtSmc4QTNiN1djMlk9IiwibWFjIjoiOGRjZmFkYmRmMTVkNWUzNGUwODEzZjJlNDFlNjhlYmJlOGExMGYyMmVlMzExNTMxYWZiNGUwOGQzYTQyNzIxZiIsInRhZyI6IiJ9; userPermID=eyJpdiI6Ik1WeXQ0ZUtoMXRlWHpOdllzbkl0RGc9PSIsInZhbHVlIjoiQnVxUWxuSWJPU0xpcDdZeWN1Smg2N3p3NHArc3cwTGZ2a1VYcDVZcXN3Y2JVMm5NUEJJdzIxNEJpL1BLT2J5T0F1WXoxanRMUWg2MFhNWTZ4aFVsZVJoZGxGeUVCcm5idzdPTTVEVkNzUmM9IiwibWFjIjoiZmE2N2ZiNWQ0MjAzZGIxYjY0ODExNmU4ZmMzMDg5M2FlNTE2NmU2ZWJlMWJiMWRjNGU3OTcwMTczZjdjNDMxMSIsInRhZyI6IiJ9; TS016b227f=01b02e3e89ce18c6b606556b03ef4e534c1267c92dd92d960a89395c1581a8fca44ba1f4d2bf6ed12bfdcacc21b963642273b55152

HTTP/1.1 200 OK
Date: Fri, 18 Nov 2022 12:54:01 GMT
Last-Modified: Tue, 19 Jul 2022 07:56:54 GMT
ETag: "4217-5e423d3f0161c-gzip"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2418
Content-Type: text/css
X-Varnish: 21305048 21400238
Age: 98
Via: 1.1 varnish (Varnish/6.0)
X-Cache: HIT
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=999
Connection: Keep-Alive

ke-webfun.upp.st/KSD-KESAF-NAZAR/assets/images/GamesLounge/gl_logo_v2.png

91.241.95.201

200 OK

6.4 kB

URL HTTP/1.1
ke-webfun.upp.st/KSD-KESAF-NAZAR/assets/images/GamesLounge/gl_logo_v2.png
IP
91.241.95.201:0
ASN
#49582 Upstream Telecommunications And Software Systems S.A.

File type
PNG image data, 132 x 35, 8-bit/color RGBA, non-interlaced\012- data
Size
6.4 kB (6399 bytes)
Hash
2b02d17cb9fec32a58ff5064d952baca
68518cd2b4d554a76936acb24cd37c501682010e
eb786e798913fead459762e7aa130178303e84f9647dd705ae203533fb0b4c2d

HTTP Headers

GET /KSD-KESAF-NAZAR/assets/images/GamesLounge/gl_logo_v2.png HTTP/1.1
Host: ke-webfun.upp.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ke-webfun.upp.st/KSD-KESAF-NAZAR/gameslounge1-en-doi-web?trxID=pPbBv8htT4Fz
Cookie: ng_session=eyJpdiI6InllbXhZaEdWem9jakhjdlcwN0hNb1E9PSIsInZhbHVlIjoiUGI2V0UwTnZ4V2xhbkhla0hLK1YrM2w3UmUwZHJQbUdibGVBc2x2S2FBR0NNQldRN3U5azdvZVlIbkNwbXVlVGp6VlU1RUxEeU5FZ3hXVVFFb29iMWZLME83VTVqUDVnY0lxd1YwMTZrL2lYZ0RVV28rVnRoNi9rVmxIMnA3bmUiLCJtYWMiOiJiZTJkOWJlNjhhMDIxNmIyMDEwMTkxYjVhMzYzNzVlZDhmN2Q2ZGVkNjI1YjEzMTljMzk5ZmYzYmUwZGY0MTBiIiwidGFnIjoiIn0%3D; ctxid=eyJpdiI6Ikc3SElmTnpyWEl6M3FMSkZiTnZaS3c9PSIsInZhbHVlIjoibW0yS21sS2NUSmQySVRSa296TGlaK3lLdTNBWk5UbzFCT1M0SHVwL3ZVSCtwSFRKRUplaSt6UEFnbGJ4WEw2djlWWXlyUDlMS2RZZkhoV0xQSG9HbXovQkhGN1hDMWlWTjRSQzQrRWxhWEE9IiwibWFjIjoiY2NkYmU5MGExOTY3YjYwNTY5ZGVmNTAxYWY0MTMxNDYyYjY2OWQyNmZiOWFjZWM2NzNlOTc5NTVkMDVlNjk4NiIsInRhZyI6IiJ9; userSessionID=eyJpdiI6IlpSYlNKY1dEN3ZaQ3gwbEE5RXcyN3c9PSIsInZhbHVlIjoiMFN0SDZ5MzJ6ODd0WitZSTJMVUZiRVlOK3NxbzN1QTFqTnVmTzk0c1FJUDNlZ2JKMW5sckxWSGIxUEY1aW9McWVsVGNtK1RPUkZzUnk4RkJ6d1FzZ1hrd0V1K0N5OTdtSmc4QTNiN1djMlk9IiwibWFjIjoiOGRjZmFkYmRmMTVkNWUzNGUwODEzZjJlNDFlNjhlYmJlOGExMGYyMmVlMzExNTMxYWZiNGUwOGQzYTQyNzIxZiIsInRhZyI6IiJ9; userPermID=eyJpdiI6Ik1WeXQ0ZUtoMXRlWHpOdllzbkl0RGc9PSIsInZhbHVlIjoiQnVxUWxuSWJPU0xpcDdZeWN1Smg2N3p3NHArc3cwTGZ2a1VYcDVZcXN3Y2JVMm5NUEJJdzIxNEJpL1BLT2J5T0F1WXoxanRMUWg2MFhNWTZ4aFVsZVJoZGxGeUVCcm5idzdPTTVEVkNzUmM9IiwibWFjIjoiZmE2N2ZiNWQ0MjAzZGIxYjY0ODExNmU4ZmMzMDg5M2FlNTE2NmU2ZWJlMWJiMWRjNGU3OTcwMTczZjdjNDMxMSIsInRhZyI6IiJ9; TS016b227f=01b02e3e89ce18c6b606556b03ef4e534c1267c92dd92d960a89395c1581a8fca44ba1f4d2bf6ed12bfdcacc21b963642273b55152

HTTP/1.1 200 OK
Date: Tue, 25 Oct 2022 10:10:21 GMT
Last-Modified: Fri, 10 Dec 2021 13:48:44 GMT
ETag: "18ff-5d2cafb4330a4"
Content-Length: 6399
Cache-Control: max-age=5184000
Expires: Sat, 24 Dec 2022 10:10:21 GMT
Content-Type: image/png
X-Varnish: 20625346 393224
Age: 2083517
Via: 1.1 varnish (Varnish/6.0)
X-Cache: HIT
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=1000
Connection: Keep-Alive

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
16bbadb18616687351d4047aedc2ab45
979123c7ad6726befbbab2c07b50ecca31aa2d18
de8231c6ee426b7a76ebf574998dec11ce908efc0a745c2182fb7b61c5915e9a

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 12:55:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
16bbadb18616687351d4047aedc2ab45
979123c7ad6726befbbab2c07b50ecca31aa2d18
de8231c6ee426b7a76ebf574998dec11ce908efc0a745c2182fb7b61c5915e9a

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 12:55:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ke-webfun.upp.st/KSD-KESAF-NAZAR/assets/wr-images/close-wap.png

91.241.95.201

200 OK

213 B

URL HTTP/1.1
ke-webfun.upp.st/KSD-KESAF-NAZAR/assets/wr-images/close-wap.png
IP
91.241.95.201:0
ASN
#49582 Upstream Telecommunications And Software Systems S.A.

File type
PNG image data, 21 x 21, 8-bit/color RGBA, non-interlaced\012- data
Size
213 B (213 bytes)
Hash
d249b874e72ea9acce9f630517b48c4e
78a06a4b69bbd59d7fa9c70723640c775caf37cc
1861c75e1a0c132e357bccf763069d785f5954fe959d784abb1773f93b87bd28

HTTP Headers

GET /KSD-KESAF-NAZAR/assets/wr-images/close-wap.png HTTP/1.1
Host: ke-webfun.upp.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ke-webfun.upp.st/KSD-KESAF-NAZAR/gameslounge1-en-doi-web?trxID=pPbBv8htT4Fz
Cookie: ng_session=eyJpdiI6InllbXhZaEdWem9jakhjdlcwN0hNb1E9PSIsInZhbHVlIjoiUGI2V0UwTnZ4V2xhbkhla0hLK1YrM2w3UmUwZHJQbUdibGVBc2x2S2FBR0NNQldRN3U5azdvZVlIbkNwbXVlVGp6VlU1RUxEeU5FZ3hXVVFFb29iMWZLME83VTVqUDVnY0lxd1YwMTZrL2lYZ0RVV28rVnRoNi9rVmxIMnA3bmUiLCJtYWMiOiJiZTJkOWJlNjhhMDIxNmIyMDEwMTkxYjVhMzYzNzVlZDhmN2Q2ZGVkNjI1YjEzMTljMzk5ZmYzYmUwZGY0MTBiIiwidGFnIjoiIn0%3D; ctxid=eyJpdiI6Ikc3SElmTnpyWEl6M3FMSkZiTnZaS3c9PSIsInZhbHVlIjoibW0yS21sS2NUSmQySVRSa296TGlaK3lLdTNBWk5UbzFCT1M0SHVwL3ZVSCtwSFRKRUplaSt6UEFnbGJ4WEw2djlWWXlyUDlMS2RZZkhoV0xQSG9HbXovQkhGN1hDMWlWTjRSQzQrRWxhWEE9IiwibWFjIjoiY2NkYmU5MGExOTY3YjYwNTY5ZGVmNTAxYWY0MTMxNDYyYjY2OWQyNmZiOWFjZWM2NzNlOTc5NTVkMDVlNjk4NiIsInRhZyI6IiJ9; userSessionID=eyJpdiI6IlpSYlNKY1dEN3ZaQ3gwbEE5RXcyN3c9PSIsInZhbHVlIjoiMFN0SDZ5MzJ6ODd0WitZSTJMVUZiRVlOK3NxbzN1QTFqTnVmTzk0c1FJUDNlZ2JKMW5sckxWSGIxUEY1aW9McWVsVGNtK1RPUkZzUnk4RkJ6d1FzZ1hrd0V1K0N5OTdtSmc4QTNiN1djMlk9IiwibWFjIjoiOGRjZmFkYmRmMTVkNWUzNGUwODEzZjJlNDFlNjhlYmJlOGExMGYyMmVlMzExNTMxYWZiNGUwOGQzYTQyNzIxZiIsInRhZyI6IiJ9; userPermID=eyJpdiI6Ik1WeXQ0ZUtoMXRlWHpOdllzbkl0RGc9PSIsInZhbHVlIjoiQnVxUWxuSWJPU0xpcDdZeWN1Smg2N3p3NHArc3cwTGZ2a1VYcDVZcXN3Y2JVMm5NUEJJdzIxNEJpL1BLT2J5T0F1WXoxanRMUWg2MFhNWTZ4aFVsZVJoZGxGeUVCcm5idzdPTTVEVkNzUmM9IiwibWFjIjoiZmE2N2ZiNWQ0MjAzZGIxYjY0ODExNmU4ZmMzMDg5M2FlNTE2NmU2ZWJlMWJiMWRjNGU3OTcwMTczZjdjNDMxMSIsInRhZyI6IiJ9; TS016b227f=01b02e3e89ce18c6b606556b03ef4e534c1267c92dd92d960a89395c1581a8fca44ba1f4d2bf6ed12bfdcacc21b963642273b55152

HTTP/1.1 200 OK
Date: Tue, 25 Oct 2022 10:10:31 GMT
Last-Modified: Tue, 28 Jun 2022 15:01:58 GMT
ETag: "d5-5e283517487c7"
Content-Length: 213
Cache-Control: max-age=5184000
Expires: Sat, 24 Dec 2022 10:10:31 GMT
Content-Type: image/png
X-Varnish: 21147847 983057
Age: 2083508
Via: 1.1 varnish (Varnish/6.0)
X-Cache: HIT
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=1000
Connection: Keep-Alive

www.googletagmanager.com/gtm.js?id=GTM-NKLC98G

142.250.74.168

200 OK

62 kB

URL HTTP/2
www.googletagmanager.com/gtm.js?id=GTM-NKLC98G
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1921)
Size
62 kB (61479 bytes)
Hash
cef4fcf5e11624d0057b97c3485ff272
47c152b0ae0ab8c88e41974b3ea80f4503e2a0ab
333867e8b507d50cb6b2497c350b7989efed3b5f012b76911830c83979688f9d

HTTP Headers

GET /gtm.js?id=GTM-NKLC98G HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ke-webfun.upp.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 18 Nov 2022 12:55:39 GMT
expires: Fri, 18 Nov 2022 12:55:39 GMT
cache-control: private, max-age=900
last-modified: Fri, 18 Nov 2022 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 61479
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ke-webfun.upp.st/KSD-KESAF-NAZAR/assets/assets/images/KSC-GamesLounge7-2-bg.jpg

91.241.95.201

200 OK

36 kB

URL HTTP/1.1
ke-webfun.upp.st/KSD-KESAF-NAZAR/assets/assets/images/KSC-GamesLounge7-2-bg.jpg
IP
91.241.95.201:0
ASN
#49582 Upstream Telecommunications And Software Systems S.A.

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 320x480, components 3\012- data
Size
36 kB (36195 bytes)
Hash
99bbd0f54e8f7dc64175d078c4324ca8
abe03cfe72f1ec3a52bd0e1157a83f81bef92626
1da4de741ba6c07866c3824ba6077dd763971406c5dd9ab3065c4cdc32d8b060

HTTP Headers

GET /KSD-KESAF-NAZAR/assets/assets/images/KSC-GamesLounge7-2-bg.jpg HTTP/1.1
Host: ke-webfun.upp.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ke-webfun.upp.st/KSD-KESAF-NAZAR/assets/KSD-KESAF-NAZAR-gameslounge1-en-doi-web.css?ver=8
Cookie: ng_session=eyJpdiI6InllbXhZaEdWem9jakhjdlcwN0hNb1E9PSIsInZhbHVlIjoiUGI2V0UwTnZ4V2xhbkhla0hLK1YrM2w3UmUwZHJQbUdibGVBc2x2S2FBR0NNQldRN3U5azdvZVlIbkNwbXVlVGp6VlU1RUxEeU5FZ3hXVVFFb29iMWZLME83VTVqUDVnY0lxd1YwMTZrL2lYZ0RVV28rVnRoNi9rVmxIMnA3bmUiLCJtYWMiOiJiZTJkOWJlNjhhMDIxNmIyMDEwMTkxYjVhMzYzNzVlZDhmN2Q2ZGVkNjI1YjEzMTljMzk5ZmYzYmUwZGY0MTBiIiwidGFnIjoiIn0%3D; ctxid=eyJpdiI6Ikc3SElmTnpyWEl6M3FMSkZiTnZaS3c9PSIsInZhbHVlIjoibW0yS21sS2NUSmQySVRSa296TGlaK3lLdTNBWk5UbzFCT1M0SHVwL3ZVSCtwSFRKRUplaSt6UEFnbGJ4WEw2djlWWXlyUDlMS2RZZkhoV0xQSG9HbXovQkhGN1hDMWlWTjRSQzQrRWxhWEE9IiwibWFjIjoiY2NkYmU5MGExOTY3YjYwNTY5ZGVmNTAxYWY0MTMxNDYyYjY2OWQyNmZiOWFjZWM2NzNlOTc5NTVkMDVlNjk4NiIsInRhZyI6IiJ9; userSessionID=eyJpdiI6IlpSYlNKY1dEN3ZaQ3gwbEE5RXcyN3c9PSIsInZhbHVlIjoiMFN0SDZ5MzJ6ODd0WitZSTJMVUZiRVlOK3NxbzN1QTFqTnVmTzk0c1FJUDNlZ2JKMW5sckxWSGIxUEY1aW9McWVsVGNtK1RPUkZzUnk4RkJ6d1FzZ1hrd0V1K0N5OTdtSmc4QTNiN1djMlk9IiwibWFjIjoiOGRjZmFkYmRmMTVkNWUzNGUwODEzZjJlNDFlNjhlYmJlOGExMGYyMmVlMzExNTMxYWZiNGUwOGQzYTQyNzIxZiIsInRhZyI6IiJ9; userPermID=eyJpdiI6Ik1WeXQ0ZUtoMXRlWHpOdllzbkl0RGc9PSIsInZhbHVlIjoiQnVxUWxuSWJPU0xpcDdZeWN1Smg2N3p3NHArc3cwTGZ2a1VYcDVZcXN3Y2JVMm5NUEJJdzIxNEJpL1BLT2J5T0F1WXoxanRMUWg2MFhNWTZ4aFVsZVJoZGxGeUVCcm5idzdPTTVEVkNzUmM9IiwibWFjIjoiZmE2N2ZiNWQ0MjAzZGIxYjY0ODExNmU4ZmMzMDg5M2FlNTE2NmU2ZWJlMWJiMWRjNGU3OTcwMTczZjdjNDMxMSIsInRhZyI6IiJ9; TS016b227f=01b02e3e89ce18c6b606556b03ef4e534c1267c92dd92d960a89395c1581a8fca44ba1f4d2bf6ed12bfdcacc21b963642273b55152

HTTP/1.1 200 OK
Date: Tue, 25 Oct 2022 10:10:23 GMT
Last-Modified: Wed, 08 Jun 2022 08:36:09 GMT
ETag: "8d63-5e0eb98ceabdb"
Content-Length: 36195
Cache-Control: max-age=5184000
Expires: Sat, 24 Dec 2022 10:10:23 GMT
Content-Type: image/jpeg
X-Varnish: 21305049 1376271
Age: 2083516
Via: 1.1 varnish (Varnish/6.0)
X-Cache: HIT
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=998
Connection: Keep-Alive

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
16bbadb18616687351d4047aedc2ab45
979123c7ad6726befbbab2c07b50ecca31aa2d18
de8231c6ee426b7a76ebf574998dec11ce908efc0a745c2182fb7b61c5915e9a

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 12:55:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google-analytics.com/analytics.js

142.250.74.174

200 OK

20 kB

URL HTTP/2
www.google-analytics.com/analytics.js
IP
142.250.74.174:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1325)
Size
20 kB (20039 bytes)
Hash
47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e

HTTP Headers

GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ke-webfun.upp.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Fri, 18 Nov 2022 12:41:09 GMT
expires: Fri, 18 Nov 2022 14:41:09 GMT
cache-control: public, max-age=7200
age: 871
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f7c5da16d7c4384a4c2454d6b0d84710
69fd80fdf2f1ce27b25617589c867cd1c6e5d2ab
a80d1b813523e44d2e59d7c2edd6919c0354873637bb15bccc88f66f5c24e05d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A80D1B813523E44D2E59D7C2EDD6919C0354873637BB15BCCC88F66F5C24E05D"
Last-Modified: Thu, 17 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7601
Expires: Fri, 18 Nov 2022 15:02:21 GMT
Date: Fri, 18 Nov 2022 12:55:40 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f7c5da16d7c4384a4c2454d6b0d84710
69fd80fdf2f1ce27b25617589c867cd1c6e5d2ab
a80d1b813523e44d2e59d7c2edd6919c0354873637bb15bccc88f66f5c24e05d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A80D1B813523E44D2E59D7C2EDD6919C0354873637BB15BCCC88F66F5C24E05D"
Last-Modified: Thu, 17 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7601
Expires: Fri, 18 Nov 2022 15:02:21 GMT
Date: Fri, 18 Nov 2022 12:55:40 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f7c5da16d7c4384a4c2454d6b0d84710
69fd80fdf2f1ce27b25617589c867cd1c6e5d2ab
a80d1b813523e44d2e59d7c2edd6919c0354873637bb15bccc88f66f5c24e05d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A80D1B813523E44D2E59D7C2EDD6919C0354873637BB15BCCC88F66F5C24E05D"
Last-Modified: Thu, 17 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7601
Expires: Fri, 18 Nov 2022 15:02:21 GMT
Date: Fri, 18 Nov 2022 12:55:40 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3f1b43b0-5ba1-4c6c-9a53-bfae9befdd7d.jpeg

34.120.237.76

200 OK

6.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3f1b43b0-5ba1-4c6c-9a53-bfae9befdd7d.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.3 kB (6344 bytes)
Hash
a9d32fa3866dd741de610a61a93ad893
4cb2141b1ef1e5bf19a3b355995dcd8fa36f695e
4492338de536cfae6fb42fd37170c60f4fbc281a2a924efe6d2b5af352cd102c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3f1b43b0-5ba1-4c6c-9a53-bfae9befdd7d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6344
x-amzn-requestid: cac35b04-be3b-4ae1-bb5e-8cedcd7a7db4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: btqOVFCXIAMFcOg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63755728-45c28fa333b748520be29b57;Sampled=0
x-amzn-remapped-date: Wed, 16 Nov 2022 21:33:28 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: RQqPegf6sdVW0qmrGnUo6EORLuT7BRikwhtF08LAxWNCpLGwGZnG8Q==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 b48dedcc55e63f14261aa92cf2d61522.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 21:34:03 GMT
age: 55297
etag: "4cb2141b1ef1e5bf19a3b355995dcd8fa36f695e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9672fb80-baaa-4ab8-b080-dc8c1ce94400.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (12065 bytes)
Hash
05289172c1455c4134e496c6f4606efd
ce1bb33256b0754f9acc01e7e9f3e5dc85f89244
a8b4411a0310cc376efe2aec7c0830b8d3b63b8827631b0ff43ec092f1f80f82

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9672fb80-baaa-4ab8-b080-dc8c1ce94400.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12065
x-amzn-requestid: 45c97153-71c7-4985-a1ad-fc21a509d153
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bw-K5FyVIAMFtDg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6376aa45-0f9d22dd544a4580570f3089;Sampled=0
x-amzn-remapped-date: Thu, 17 Nov 2022 21:40:21 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: dxT2WJB7m5tUhgBn2PwTIN4Zskzm3X7CW-29hl1nCyNPbKt5j6q5iA==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 989017835f43d594873bde5a7ee7fe5e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 22:02:57 GMT
age: 53563
etag: "ce1bb33256b0754f9acc01e7e9f3e5dc85f89244"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F20ddb38f-d459-45e6-9351-068a5306b3a1.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10349 bytes)
Hash
7d16e5ff718353c095d266b080fe547f
fa7c5c9a1d16355859196271f3d13f3850931888
9a94d8eb20cc56d0898b1e2b80c0006ebbef75c15ad94e907050c5be4e19a960

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F20ddb38f-d459-45e6-9351-068a5306b3a1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10349
x-amzn-requestid: fc85e078-a81a-4fed-899e-15249961f59c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bw-7tHGLIAMF00Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6376ab7d-4224d193517794684fcdc0ad;Sampled=0
x-amzn-remapped-date: Thu, 17 Nov 2022 21:45:34 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: UK-XD_8EcfPwfLb-QVwfLr8aG-sqVBoUJcbPb5hKAlQS68eOxdgM5g==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 22:05:52 GMT
age: 53388
etag: "fa7c5c9a1d16355859196271f3d13f3850931888"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F92501a28-163f-4c6e-aed7-d31c29354d1e.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (11667 bytes)
Hash
032386e5c9dffff1ba1ee5e8a322d438
dd4fd6c803a9b333bace9a541c6bd183d0c56bb9
0e9f559a0aa7e114c5810a27ba243c0da7b44dc0bf7aec2b7ab32b8f0e2b536c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F92501a28-163f-4c6e-aed7-d31c29354d1e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11667
x-amzn-requestid: 4778d1bd-28c3-4665-89da-046e356087f0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bjyD1HE-oAMF0QQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637163b1-53c7330c5fd36d3c4d9e6aed;Sampled=0
x-amzn-remapped-date: Sun, 13 Nov 2022 21:37:53 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: CHi9V7-WaWmG6Y0249CZJnhe_RjvleaGFVXoOnJ62cjrcXoLLKwzgw==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 02d90bf99fd6253b329a53c82f19e224.cloudfront.net (CloudFront), 1.1 google
date: Fri, 18 Nov 2022 07:20:30 GMT
age: 20110
etag: "dd4fd6c803a9b333bace9a541c6bd183d0c56bb9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F484ffe7b-1073-4220-bf53-ccbfc7e9654e.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.9 kB (8884 bytes)
Hash
14649d486602810c1b218b96b27b2cc4
96c6cbfe31e7247c64dfa8c3759967627f8c6286
80f5d7573fd2bf4e6a6038ebf1335d159ad37c391ee539918455963d6ee88654

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F484ffe7b-1073-4220-bf53-ccbfc7e9654e.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8884
x-amzn-requestid: 3739b8f5-bb0c-4798-a931-e955dd6df81d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bw-MiGFxoAMFlxA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6376aa50-74c24a2f737634b655a5b47c;Sampled=0
x-amzn-remapped-date: Thu, 17 Nov 2022 21:40:32 GMT
x-amz-cf-pop: SEA73-P2, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: d_bLYyZzi1phYwQ2e5uvUmzO0GuvNu9Ubi2PQ0ChilQJegKr3uUiRw==
via: 1.1 79880188a81becf1687ba18c0e064230.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 22:08:13 GMT
age: 53247
etag: "96c6cbfe31e7247c64dfa8c3759967627f8c6286"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

3.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1e93b023-2729-4761-a4ea-05612c0917fb.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
3.8 kB (3759 bytes)
Hash
5d0b6106f00f9fd8b89c2d484a559a1a
399ac393209dcdac7d2188d7aa8d95f04570ef7c
5d8151c9eb558f4a2b8bd2952c6845606ddb0c27e36f6e49aca7e60908cd9fe4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1e93b023-2729-4761-a4ea-05612c0917fb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 3759
x-amzn-requestid: 8c91ac59-89dc-4218-b69f-0cebb29f301b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bw-wJHgxoAMF-hQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6376ab33-4dac305614a92bc52c038222;Sampled=0
x-amzn-remapped-date: Thu, 17 Nov 2022 21:44:19 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Mb2-PTjNmt06Wd5jOjQ5WoLY-0NgI80CKPXtwgzBt4n5km8Pu_WN0Q==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 22:08:54 GMT
age: 53206
etag: "399ac393209dcdac7d2188d7aa8d95f04570ef7c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
eaa6a3200eda9bf5788df6d9eb04d84c
12efbb66692df6d76c1103b152808d751c0e49f1
6d815027ae40ea2603c0ed5adac0821cd5526f11c2eeb0ada5294b6f2ec3492d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 12:55:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-128733194-88&cid=1423862101.1668776138&jid=848902690&gjid=504329&_gid=192894454.1668776138&_u=YGBAgEABAAAAAEAAI~&z=1014776424

142.251.1.155

200 OK

4 B

URL HTTP/2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-128733194-88&cid=1423862101.1668776138&jid=848902690&gjid=504329&_gid=192894454.1668776138&_u=YGBAgEABAAAAAEAAI~&z=1014776424
IP
142.251.1.155:0
ASN
#15169 GOOGLE

File type
ASCII text, with no line terminators
Size
4 B (4 bytes)
Hash
48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a

HTTP Headers

POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-128733194-88&cid=1423862101.1668776138&jid=848902690&gjid=504329&_gid=192894454.1668776138&_u=YGBAgEABAAAAAEAAI~&z=1014776424 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: http://ke-webfun.upp.st
Connection: keep-alive
Referer: http://ke-webfun.upp.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: http://ke-webfun.upp.st
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Fri, 18 Nov 2022 12:55:40 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
eaa6a3200eda9bf5788df6d9eb04d84c
12efbb66692df6d76c1103b152808d751c0e49f1
6d815027ae40ea2603c0ed5adac0821cd5526f11c2eeb0ada5294b6f2ec3492d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 12:55:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
d3ba0eba720a8e5904bee6e804873c24
df1f9c79e39f777ab12225af0af60b9f26af6485
76500b32cbac4ad40e3f42c7dfd46832f3854ba88c3a6d5a9d2b5633e8e1f27b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 12:55:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
eb5405ca08a5b1038b26ae8f2e3788f3
3341c3d5bed51686ed6c8d85aa59c59a27c652a3
6ffea4a38a9fc074321b874bce4a78eefbf657f1f2a05897fb32d0a9bffa08a1

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 12:55:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-128733194-88&cid=1423862101.1668776138&jid=848902690&_u=YGBAgEABAAAAAEAAI~&z=972544177

142.250.74.3

200 OK

42 B

URL HTTP/2
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-128733194-88&cid=1423862101.1668776138&jid=848902690&_u=YGBAgEABAAAAAEAAI~&z=972544177
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-128733194-88&cid=1423862101.1668776138&jid=848902690&_u=YGBAgEABAAAAAEAAI~&z=972544177 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ke-webfun.upp.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 18 Nov 2022 12:55:40 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-128733194-88&cid=1423862101.1668776138&jid=848902690&_u=YGBAgEABAAAAAEAAI~&z=972544177

142.250.74.164

200 OK

42 B

URL HTTP/2
www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-128733194-88&cid=1423862101.1668776138&jid=848902690&_u=YGBAgEABAAAAAEAAI~&z=972544177
IP
142.250.74.164:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-128733194-88&cid=1423862101.1668776138&jid=848902690&_u=YGBAgEABAAAAAEAAI~&z=972544177 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ke-webfun.upp.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 18 Nov 2022 12:55:40 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
eb5405ca08a5b1038b26ae8f2e3788f3
3341c3d5bed51686ed6c8d85aa59c59a27c652a3
6ffea4a38a9fc074321b874bce4a78eefbf657f1f2a05897fb32d0a9bffa08a1

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 12:55:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c15be7bf1c6987951ddd348d6f6b4db1
9faac1fb81abc8fce6d4ae81777c76b8bc11e9b0
7f1d01e3fc0b69e331fd30326ea8fd9b1e3e06a0a93ae4768e7addd03a121025

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 12:55:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

header.safaricombeats.co.ke/

196.201.213.123

200 OK

432 B

URL HTTP/1.1
header.safaricombeats.co.ke/
IP
196.201.213.123:0
ASN
#33771 SAFARICOM-LIMITED

File type
XML 1.0 document text\012- XML document, ASCII text
Size
432 B (432 bytes)
Hash
e4f06d88d699f6d83b5bc22d538949db
496cb8adc4ee7f8eed2f618c7dfa9d0e4ed60af2
fcc5006a99f7e7f5f20df2afddb9509878147e6912cc0b895876a35f8cc19119

HTTP Headers

GET / HTTP/1.1
Host: header.safaricombeats.co.ke
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://ke-webfun.upp.st
Connection: keep-alive
Referer: http://ke-webfun.upp.st/

HTTP/1.1 200 OK
Date: Fri, 18 Nov 2022 12:55:40 GMT
Server: Web Server
Access-Control-Allow-Origin: *
Content-Length: 432
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/xml;charset=UTF-8

ke-webfun.upp.st/KSD-KESAF-NAZAR/gameslounge1-en-doi-wifi?trxID=pPbBv8htT4Fz

91.241.95.201

200 OK

2.7 kB

URL HTTP/1.1
ke-webfun.upp.st/KSD-KESAF-NAZAR/gameslounge1-en-doi-wifi?trxID=pPbBv8htT4Fz
IP
91.241.95.201:0
ASN
#49582 Upstream Telecommunications And Software Systems S.A.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Size
2.7 kB (2687 bytes)
Hash
bc5320e8a290c6bc5008d892bd13d0c0
4184b5ff299ea39ae27a608021133ca7e7aea108
d2f7b48e9ba09cbe986c950fb8d0fe53b3a0b9d4a5e79b9a6df5e0b82b3d6fbf

HTTP Headers

GET /KSD-KESAF-NAZAR/gameslounge1-en-doi-wifi?trxID=pPbBv8htT4Fz HTTP/1.1
Host: ke-webfun.upp.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ke-webfun.upp.st/KSD-KESAF-NAZAR/gameslounge1-en-doi-web?trxID=pPbBv8htT4Fz
Cookie: ng_session=eyJpdiI6InllbXhZaEdWem9jakhjdlcwN0hNb1E9PSIsInZhbHVlIjoiUGI2V0UwTnZ4V2xhbkhla0hLK1YrM2w3UmUwZHJQbUdibGVBc2x2S2FBR0NNQldRN3U5azdvZVlIbkNwbXVlVGp6VlU1RUxEeU5FZ3hXVVFFb29iMWZLME83VTVqUDVnY0lxd1YwMTZrL2lYZ0RVV28rVnRoNi9rVmxIMnA3bmUiLCJtYWMiOiJiZTJkOWJlNjhhMDIxNmIyMDEwMTkxYjVhMzYzNzVlZDhmN2Q2ZGVkNjI1YjEzMTljMzk5ZmYzYmUwZGY0MTBiIiwidGFnIjoiIn0%3D; ctxid=eyJpdiI6Ikc3SElmTnpyWEl6M3FMSkZiTnZaS3c9PSIsInZhbHVlIjoibW0yS21sS2NUSmQySVRSa296TGlaK3lLdTNBWk5UbzFCT1M0SHVwL3ZVSCtwSFRKRUplaSt6UEFnbGJ4WEw2djlWWXlyUDlMS2RZZkhoV0xQSG9HbXovQkhGN1hDMWlWTjRSQzQrRWxhWEE9IiwibWFjIjoiY2NkYmU5MGExOTY3YjYwNTY5ZGVmNTAxYWY0MTMxNDYyYjY2OWQyNmZiOWFjZWM2NzNlOTc5NTVkMDVlNjk4NiIsInRhZyI6IiJ9; userSessionID=eyJpdiI6IlpSYlNKY1dEN3ZaQ3gwbEE5RXcyN3c9PSIsInZhbHVlIjoiMFN0SDZ5MzJ6ODd0WitZSTJMVUZiRVlOK3NxbzN1QTFqTnVmTzk0c1FJUDNlZ2JKMW5sckxWSGIxUEY1aW9McWVsVGNtK1RPUkZzUnk4RkJ6d1FzZ1hrd0V1K0N5OTdtSmc4QTNiN1djMlk9IiwibWFjIjoiOGRjZmFkYmRmMTVkNWUzNGUwODEzZjJlNDFlNjhlYmJlOGExMGYyMmVlMzExNTMxYWZiNGUwOGQzYTQyNzIxZiIsInRhZyI6IiJ9; userPermID=eyJpdiI6Ik1WeXQ0ZUtoMXRlWHpOdllzbkl0RGc9PSIsInZhbHVlIjoiQnVxUWxuSWJPU0xpcDdZeWN1Smg2N3p3NHArc3cwTGZ2a1VYcDVZcXN3Y2JVMm5NUEJJdzIxNEJpL1BLT2J5T0F1WXoxanRMUWg2MFhNWTZ4aFVsZVJoZGxGeUVCcm5idzdPTTVEVkNzUmM9IiwibWFjIjoiZmE2N2ZiNWQ0MjAzZGIxYjY0ODExNmU4ZmMzMDg5M2FlNTE2NmU2ZWJlMWJiMWRjNGU3OTcwMTczZjdjNDMxMSIsInRhZyI6IiJ9; TS016b227f=01b02e3e89ce18c6b606556b03ef4e534c1267c92dd92d960a89395c1581a8fca44ba1f4d2bf6ed12bfdcacc21b963642273b55152; _gcl_au=1.1.108516900.1668776138; _ga=GA1.2.1423862101.1668776138; _gid=GA1.2.192894454.1668776138; _dc_gtm_UA-128733194-88=1
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Fri, 18 Nov 2022 12:55:40 GMT
Cache-Control: no-cache, private
X-Frame-Options: DENY
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
X-Varnish: 20818485
Age: 0
Via: 1.1 varnish (Varnish/6.0)
X-Cache: MISS
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
Set-Cookie: ng_session=eyJpdiI6IkM4dUpGU3IrMmJ0ODkrRkxlbmU5S0E9PSIsInZhbHVlIjoieWdaQlU3bmEvbmx4WVVIeWZPYlZuOU9uUVdZbnJIRFZoT1Y4Z1Z2NTZsRmRCRUdOVllrTk1kL2l6RDZxdmtZR0ErL2NtelhvOUw2MllHOUc3S2ZIWE1iYlluVytMTW1mZ1RZbFVDbzB1THh6UUpLbFVLbVBIVXlKVzUvOUw0UkQiLCJtYWMiOiI1MjU0NDFlODEyZmY1OTlkOGNjYjg3ZTNiNmNmZDFmZTA5M2E4YTdlYzc5YWJlMjU3NDE4YmIzZTg4Y2NjODQwIiwidGFnIjoiIn0%3D; expires=Fri, 18-Nov-2022 18:55:40 GMT; Max-Age=21600; path=/; httponly; samesite=lax
userPermID=eyJpdiI6ImllN1lVc3RYK1Nxa0I2WUx6UGRIWFE9PSIsInZhbHVlIjoic0J1RjlKVWV2bmpNVGlqRjRrYUQ4VVRROWY1RFRmM2FHNTdXRHZQbWRVUnltNXgzK2pHaXpCT0ZxUnh2eGhzU21oU3gvUDh4RnRMSlZGbitxUjBqVUF5OFFEUmNaZmpjNzJQSncwb3NqNjQ9IiwibWFjIjoiMzM0YzI5M2Q2MGQ3NTk3ZWZkZjE1ZTUxNTBhN2RhODIwODhmNDdlYTBiNjI5MjA2N2U4ZjliZWM3MDBiYWFiNSIsInRhZyI6IiJ9; expires=Mon, 15-Nov-2032 12:55:40 GMT; Max-Age=315360000; path=/; httponly; samesite=lax
userSessionID=eyJpdiI6IitjOUdoVWozaXJlZ3pCQXFtYW80OUE9PSIsInZhbHVlIjoiMWlXRUQwcDRsMk8ycjhPYVFEQmwrZXMzR1JhcEhqaHprZGZOS04yVU94VWNiVVliL1djYVkyNjhoZ3NObDBUYmZVQnI2QjNMbFpvaUJHRVRiSXQwNHlIYkM5U0oxcHV0dHBEWWE2VjVWU2s9IiwibWFjIjoiNmU2ZjRmMjUwYjVhOWJlM2QyZDc0MmQwZmNlNDI5MWJkNmU5YzQ2MGExYWJmZmVlNjA2OTQ3MjUwMTAzMTMxNiIsInRhZyI6IiJ9; expires=Fri, 18-Nov-2022 13:25:40 GMT; Max-Age=1800; path=/; httponly; samesite=lax
ctxid=eyJpdiI6ImJQZjNDVUI1Q0JoTHh4VFljSFN5VWc9PSIsInZhbHVlIjoic1BRbWtVNHdHY1pzVEk1VmpDeXNuaVN5aWxZa2RkcUFYU1lqK0NpMHltZGNCSDhYaEQxUWxPbDBTaTBRYlQ1M3pqZDR6bHgxZWEvb1ViNStLSDJ3VzVPOHhFZXBYaFNMQVpGZHRBeVlTWXM9IiwibWFjIjoiN2JlMWZhOWVhODQ5NzRkZDU1Yzg2ZmViNjYxYzJlMDdmOGFhNTU1MGNjOWViMDk3N2RkM2Q0NmI4YTZkNTNlMCIsInRhZyI6IiJ9; expires=Mon, 15-Nov-2032 12:55:40 GMT; Max-Age=315360000; path=/; httponly; samesite=lax
rd=deleted; expires=Thu, 18-Nov-2021 12:55:39 GMT; Max-Age=0; path=/; httponly; samesite=lax
TS016b227f=01b02e3e89ce18c6b606556b03ef4e534c1267c92dd92d960a89395c1581a8fca44ba1f4d2bf6ed12bfdcacc21b963642273b55152; Path=/
Keep-Alive: timeout=5, max=997
Connection: Keep-Alive
Transfer-Encoding: chunked

ke-webfun.upp.st/KSD-KESAF-NAZAR/assets/KSD-KESAF-NAZAR-gameslounge1-en-doi-wifi.css?ver=7

91.241.95.201

200 OK

2.4 kB

URL HTTP/1.1
ke-webfun.upp.st/KSD-KESAF-NAZAR/assets/KSD-KESAF-NAZAR-gameslounge1-en-doi-wifi.css?ver=7
IP
91.241.95.201:0
ASN
#49582 Upstream Telecommunications And Software Systems S.A.

File type
ASCII text
Size
2.4 kB (2412 bytes)
Hash
bfc9fc70d6a011b8d42625f8168ab037
417b11b89807dbb8111faf44ae218f878ff8c097
62ca3ad9a9bf81246c1bfbb79e9e939798d8acf9759595101524b262721a8cd0

HTTP Headers

GET /KSD-KESAF-NAZAR/assets/KSD-KESAF-NAZAR-gameslounge1-en-doi-wifi.css?ver=7 HTTP/1.1
Host: ke-webfun.upp.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ke-webfun.upp.st/KSD-KESAF-NAZAR/gameslounge1-en-doi-wifi?trxID=pPbBv8htT4Fz
Cookie: ng_session=eyJpdiI6IkM4dUpGU3IrMmJ0ODkrRkxlbmU5S0E9PSIsInZhbHVlIjoieWdaQlU3bmEvbmx4WVVIeWZPYlZuOU9uUVdZbnJIRFZoT1Y4Z1Z2NTZsRmRCRUdOVllrTk1kL2l6RDZxdmtZR0ErL2NtelhvOUw2MllHOUc3S2ZIWE1iYlluVytMTW1mZ1RZbFVDbzB1THh6UUpLbFVLbVBIVXlKVzUvOUw0UkQiLCJtYWMiOiI1MjU0NDFlODEyZmY1OTlkOGNjYjg3ZTNiNmNmZDFmZTA5M2E4YTdlYzc5YWJlMjU3NDE4YmIzZTg4Y2NjODQwIiwidGFnIjoiIn0%3D; ctxid=eyJpdiI6ImJQZjNDVUI1Q0JoTHh4VFljSFN5VWc9PSIsInZhbHVlIjoic1BRbWtVNHdHY1pzVEk1VmpDeXNuaVN5aWxZa2RkcUFYU1lqK0NpMHltZGNCSDhYaEQxUWxPbDBTaTBRYlQ1M3pqZDR6bHgxZWEvb1ViNStLSDJ3VzVPOHhFZXBYaFNMQVpGZHRBeVlTWXM9IiwibWFjIjoiN2JlMWZhOWVhODQ5NzRkZDU1Yzg2ZmViNjYxYzJlMDdmOGFhNTU1MGNjOWViMDk3N2RkM2Q0NmI4YTZkNTNlMCIsInRhZyI6IiJ9; userSessionID=eyJpdiI6IitjOUdoVWozaXJlZ3pCQXFtYW80OUE9PSIsInZhbHVlIjoiMWlXRUQwcDRsMk8ycjhPYVFEQmwrZXMzR1JhcEhqaHprZGZOS04yVU94VWNiVVliL1djYVkyNjhoZ3NObDBUYmZVQnI2QjNMbFpvaUJHRVRiSXQwNHlIYkM5U0oxcHV0dHBEWWE2VjVWU2s9IiwibWFjIjoiNmU2ZjRmMjUwYjVhOWJlM2QyZDc0MmQwZmNlNDI5MWJkNmU5YzQ2MGExYWJmZmVlNjA2OTQ3MjUwMTAzMTMxNiIsInRhZyI6IiJ9; userPermID=eyJpdiI6ImllN1lVc3RYK1Nxa0I2WUx6UGRIWFE9PSIsInZhbHVlIjoic0J1RjlKVWV2bmpNVGlqRjRrYUQ4VVRROWY1RFRmM2FHNTdXRHZQbWRVUnltNXgzK2pHaXpCT0ZxUnh2eGhzU21oU3gvUDh4RnRMSlZGbitxUjBqVUF5OFFEUmNaZmpjNzJQSncwb3NqNjQ9IiwibWFjIjoiMzM0YzI5M2Q2MGQ3NTk3ZWZkZjE1ZTUxNTBhN2RhODIwODhmNDdlYTBiNjI5MjA2N2U4ZjliZWM3MDBiYWFiNSIsInRhZyI6IiJ9; TS016b227f=01b02e3e89ce18c6b606556b03ef4e534c1267c92dd92d960a89395c1581a8fca44ba1f4d2bf6ed12bfdcacc21b963642273b55152; _gcl_au=1.1.108516900.1668776138; _ga=GA1.2.1423862101.1668776138; _gid=GA1.2.192894454.1668776138; _dc_gtm_UA-128733194-88=1

HTTP/1.1 200 OK
Date: Fri, 18 Nov 2022 12:54:59 GMT
Last-Modified: Tue, 19 Jul 2022 07:56:57 GMT
ETag: "420b-5e423d41c17b8-gzip"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2412
Content-Type: text/css
X-Varnish: 20625347 20596782
Age: 41
Via: 1.1 varnish (Varnish/6.0)
X-Cache: HIT
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=999
Connection: Keep-Alive

www.googletagmanager.com/gtm.js?id=GTM-M9LC97C

142.250.74.168

200 OK

0 B

URL HTTP/2
www.googletagmanager.com/gtm.js?id=GTM-M9LC97C
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /gtm.js?id=GTM-M9LC97C HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ke-webfun.upp.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 18 Nov 2022 12:55:39 GMT
expires: Fri, 18 Nov 2022 12:55:39 GMT
cache-control: private, max-age=900
last-modified: Fri, 18 Nov 2022 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 61209
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (16)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations