t.y1h1.com/visit/5d282e030142b6000661240f?type=lpkeyerror_type_1&srctrafficsource=redirect&srccampaign=0_autosmartlink_auto&srcpub=1962&srcoffer=ww_3592_smartlink_randompub&exid=1670190321-oxtdpy
172.67.75.44301 Moved Permanently 0 B URL HTTP/1.1 t.y1h1.com/visit/5d282e030142b6000661240f?type=lpkeyerror_type_1&srctrafficsource=redirect&srccampaign=0_autosmartlink_auto&srcpub=1962&srcoffer=ww_3592_smartlink_randompub&exid=1670190321-oxtdpy
IP 172.67.75.44:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /visit/5d282e030142b6000661240f?type=lpkeyerror_type_1&srctrafficsource=redirect&srccampaign=0_autosmartlink_auto&srcpub=1962&srcoffer=ww_3592_smartlink_randompub&exid=1670190321-oxtdpy HTTP/1.1
Host: t.y1h1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Mon, 05 Dec 2022 05:31:14 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Mon, 05 Dec 2022 06:31:14 GMT
Location: https://t.y1h1.com/visit/5d282e030142b6000661240f?type=lpkeyerror_type_1&srctrafficsource=redirect&srccampaign=0_autosmartlink_auto&srcpub=1962&srcoffer=ww_3592_smartlink_randompub&exid=1670190321-oxtdpy
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bSQUsGHtSohVQkTm%2Ft9aH%2BH2VppmJBFKDVgVzsXUq57gtfSmT5Gj2MIde35Wx%2BTN9hzEWC5KBN1d1IJOzCk6J61y3%2BBZ4uiO%2BJj%2F3J38LyZi9PRwmro5SdTRPvE8"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 774a64f58e77b51d-OSL
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash cfec3d7283a9b66d2be426ce54d210f3
808c1feb1ba918951d1928c1f6bfc0c253262774
1bad6c06aa3e88dcbc125fc98a6cb753eb2b18d2c8dd61da21d12209aeeda3f9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1BAD6C06AA3E88DCBC125FC98A6CB753EB2B18D2C8DD61DA21D12209AEEDA3F9"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18524
Expires: Mon, 05 Dec 2022 10:39:58 GMT
Date: Mon, 05 Dec 2022 05:31:14 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash fb2c0697c6d9a96a5411dd2952947458
79e57f831ec396bbdaa5bfe9472a05e6c9fb31f4
3fd7edcc349ab4402f62e54a142be6b4cecf0e7ee3f431d3168bdf0643ba4d92
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 546
Cache-Control: max-age=104949
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 05:31:14 GMT
Etag: "638c76f5-1d7"
Expires: Tue, 06 Dec 2022 10:40:23 GMT
Last-Modified: Sun, 04 Dec 2022 10:31:17 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 1ea206ac3c440825741687351f8c6e4e
2f38dafd8c43dcce2411a0590bc5c02cd6286735
7d7232c8c91bcd18161ba2c9d23e3bff159604e058bd5b3fc1c7fcbcd03a7ee3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D7232C8C91BCD18161BA2C9D23E3BFF159604E058BD5B3FC1C7FCBCD03A7EE3"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4173
Expires: Mon, 05 Dec 2022 06:40:47 GMT
Date: Mon, 05 Dec 2022 05:31:14 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 05 Dec 2022 05:20:13 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 661
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: Kt0Y4loidlvjTbg0RwTUgnynshVbT3Mv4c+vqzz0kL9oNI1Am8zgpfyc4NCylNz8dGTG5jLE12Fzj/cPLaCtew==
x-amz-request-id: 47J0308V8452SZAC
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 05 Dec 2022 04:47:50 GMT
age: 2604
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 05:31:14 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 67eaf80416802078cf20f6f8328ca0bb
d9cbffdc1972eec762e18fb620e4efe5169be163
12c2cddb038dc58e56c84a521b6f17b66ec54427a738fb8a46a4d95ceec9abbd
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 05:31:14 GMT
Server: ECS (amb/6BB9)
Content-Length: 279
t.y1h1.com/visit/5d282e030142b6000661240f?type=lpkeyerror_type_1&srctrafficsource=redirect&srccampaign=0_autosmartlink_auto&srcpub=1962&srcoffer=ww_3592_smartlink_randompub&exid=1670190321-oxtdpy
172.67.75.44200 OK 279 B URL HTTP/2 t.y1h1.com/visit/5d282e030142b6000661240f?type=lpkeyerror_type_1&srctrafficsource=redirect&srccampaign=0_autosmartlink_auto&srcpub=1962&srcoffer=ww_3592_smartlink_randompub&exid=1670190321-oxtdpy
IP 172.67.75.44:0
File type HTML document text\012- HTML document, ASCII text, with no line terminators
Hash bbc2990e3107fac5791252bc76bcd3c3
97583f3f800173b05137e976b183d08eb078099f
0003ea37e1f87d30705cd7fdae260ef3840916ab9f2a07ce73274922600ed220
GET /visit/5d282e030142b6000661240f?type=lpkeyerror_type_1&srctrafficsource=redirect&srccampaign=0_autosmartlink_auto&srcpub=1962&srcoffer=ww_3592_smartlink_randompub&exid=1670190321-oxtdpy HTTP/1.1
Host: t.y1h1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Mon, 05 Dec 2022 05:31:14 GMT
content-length: 279
refresh: 0;URL=https://t.y1h1.com/visit/61e55f98081ec20007c7f606?exid=1670218274-ZanFiL&srcTrafficSource=Redirect&srcCampaign=0_Redirect_Auto&srcPub=%7Bsub1%7D&type=Cloak
set-cookie: vid=1670218274-ZanFiL; Path=/; Domain=y1h1.com; Max-Age=604800; Expires=Mon, 12 Dec 2022 05:31:14 GMT; Secure; HttpOnly; SameSite=None
lv_5d282e030142b6000661240f=1670218274-ZanFiL; Path=/; Domain=y1h1.com; Max-Age=3600; Expires=Mon, 05 Dec 2022 06:31:14 GMT; Secure; HttpOnly; SameSite=None
vn_5d282e030142b6000661240f=1; Path=/; Domain=y1h1.com; Max-Age=3600; Expires=Mon, 05 Dec 2022 06:31:14 GMT; Secure; HttpOnly; SameSite=None
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QQ5zrneDlJF29m%2BmNc%2BKKBj5L6FpBVQJlV2pa9a3O0wsJs5j6rjEGo2DswGHPaQ3lcbq4%2Fp0N%2F7DWvdYxS0HK2eGzLLW%2BmNGpiM2qo7xeFAdBLPoAofW6UCLStSx"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774a64f85882b4f9-OSL
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Pragma, Last-Modified, ETag, Alert, Expires, Retry-After, Cache-Control, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 05 Dec 2022 05:08:58 GMT
cache-control: public,max-age=3600
age: 1336
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
t.y1h1.com/visit/61e55f98081ec20007c7f606?exid=1670218274-ZanFiL&srcTrafficSource=Redirect&srcCampaign=0_Redirect_Auto&srcPub=%7Bsub1%7D&type=Cloak
172.67.75.44200 OK 432 B URL HTTP/2 t.y1h1.com/visit/61e55f98081ec20007c7f606?exid=1670218274-ZanFiL&srcTrafficSource=Redirect&srcCampaign=0_Redirect_Auto&srcPub=%7Bsub1%7D&type=Cloak
IP 172.67.75.44:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (432), with no line terminators
Hash b13d5da39627da2aedd97089085dba4d
51dad42eefeeaf90023c9ab1b3fad939447dfbe8
2f9d31f7c782f9f66e5e9cf72bcdf49ed3425bb6e4a2705a75ab074034b600b3
GET /visit/61e55f98081ec20007c7f606?exid=1670218274-ZanFiL&srcTrafficSource=Redirect&srcCampaign=0_Redirect_Auto&srcPub=%7Bsub1%7D&type=Cloak HTTP/1.1
Host: t.y1h1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: vid=1670218274-ZanFiL; lv_5d282e030142b6000661240f=1670218274-ZanFiL; vn_5d282e030142b6000661240f=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Dec 2022 05:31:15 GMT
content-length: 432
refresh: 0;URL=https://gift6541.goggle.vip/sweeps/ww/iphonesurvey1/index_en-us.php?vid=1670218275-YgFsla&utm_medium=%7Bsub1%7D&utm_source=Redirect&utm_campaign=0_AutoSmartlink_Auto&utm_content=Smartlink_With_Push_RandomPub&isp=Blix+Group+AS&city=Oslo&br=0&sp=1&iw=False&checked=0&trans=1&ipp=0&lpkey=169670b221d888c575&ck=2
set-cookie: vid=1670218275-YgFsla; Path=/; Domain=y1h1.com; Max-Age=604800; Expires=Mon, 12 Dec 2022 05:31:15 GMT; Secure; HttpOnly; SameSite=None
lv_61e55f98081ec20007c7f606=1670218275-YgFsla; Path=/; Domain=y1h1.com; Max-Age=3600; Expires=Mon, 05 Dec 2022 06:31:15 GMT; Secure; HttpOnly; SameSite=None
vn_61e55f98081ec20007c7f606=1; Path=/; Domain=y1h1.com; Max-Age=3600; Expires=Mon, 05 Dec 2022 06:31:15 GMT; Secure; HttpOnly; SameSite=None
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=StHxuvQTNwd53Dh5SunkQ%2F6SJ%2B9Pq2j4BZ%2Fvqo7UpX6KqmNX4p2szckD%2FDTB5B5IdO83dSoqTOwRBvMsw%2FCUykU1qF7u3fdmfSNyUPltTQ7vD%2F2Ic99XFv%2FdQx5w"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774a64fab9c2b4f9-OSL
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 31b129c94a90b1e695b21395cb54e378
a3cae46b48d469cc61ab0581303bcd5f5b654db9
fac3f681be358a20f78958dff10c89b7a91365c5114c81246c1bc34c1362ba1e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 545
Cache-Control: max-age=99881
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 05:31:15 GMT
Etag: "638c632b-1d7"
Expires: Tue, 06 Dec 2022 09:15:56 GMT
Last-Modified: Sun, 04 Dec 2022 09:06:51 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash db3a7a835850d29f73d539bca13fbf71
73ac03148286bef3e4b7eae537a0fe79991a7a7a
a9be93a07d46c2a66f335d712ddefec393b6cae451238e78c9dab1e259aff2eb
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=161598
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 05:31:15 GMT
Etag: "638d5661-118"
Expires: Wed, 07 Dec 2022 02:24:33 GMT
Last-Modified: Mon, 05 Dec 2022 02:24:33 GMT
Server: nginx
Content-Length: 280
push.services.mozilla.com/
44.240.159.184101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 44.240.159.184:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Scy5e+GYHTNcU5UQFy5zyA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: V+Ey6nh5Sum/S4BhP/NBqOO2358=
rs.y1h1.com/recaptcha.css
104.26.3.157200 OK 28 B URL HTTP/2 rs.y1h1.com/recaptcha.css
IP 104.26.3.157:0
File type ASCII text, with no line terminators
Hash 8f48e083a831bd16da0aada175478aaa
df342632e700b5453c189d3129a1e7c5a27598c6
ec8e585ab06e164d11e99adcf9b18d3074de0ece7c922fc6cc99d86fad4d9ea7
GET /recaptcha.css HTTP/1.1
Host: rs.y1h1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 05 Dec 2022 05:31:15 GMT
content-type: text/css
content-length: 28
cache-control: max-age=43200
cf-bgj: minify
cf-polished: origSize=31
etag: "5dc0edfb-1f"
expires: Mon, 05 Dec 2022 17:28:35 GMT
last-modified: Tue, 05 Nov 2019 03:35:23 GMT
cf-cache-status: HIT
age: 160
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MuHIpw%2BJjN95lKTEbfNpBcW2RzCpeGRrPFd%2FMBv5XxiK0sZFHoFBF%2BLVYeP3G3bYTNt1ZRkDSYSjKgXtvRen4K7pL1iCv15NhnkgjlqaG%2BEdxkVlqZrKkSgy2ilOZA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 774a64fe9b54b521-OSL
X-Firefox-Spdy: h2
rs.y1h1.com/confetti.css
104.26.3.157200 OK 2.1 kB IP 104.26.3.157:0
File type ASCII text, with no line terminators
Hash dfcd833784c8f2d1a1e0be2c3e029f65
b4017dccc5cfef8eaf82a2844ab9d061456ef7c2
8f23f3977c9a0fed1f520ef61a99cbc86b586c7ee535f8230d053b455f95a3a9
GET /confetti.css HTTP/1.1
Host: rs.y1h1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 05 Dec 2022 05:31:15 GMT
content-type: text/css
cache-control: max-age=43200
cf-bgj: minify
cf-polished: origSize=160
etag: W/"60cda835-a0"
expires: Mon, 05 Dec 2022 05:40:38 GMT
last-modified: Sat, 19 Jun 2021 08:17:57 GMT
cf-cache-status: HIT
age: 42637
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gxvCm42mstUe1FAGj6Tly%2FLNO1XrEl%2Bc%2F9TNIU56IpLJxxh9QJ7KZvDLmdj2QIKTR%2BppXLPIwjYPM26%2FXSMjYBTfXPfdKp2RZaPofo6Zv8EV9MUCyj7HdQiEabwJ%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 774a64feab55b521-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.google.com/recaptcha/api.js?render=6LcXQ7EUAAAAAEY-1sgLx4eGQQDwXNdzlKssae-Y
216.58.211.4200 OK 584 B URL HTTP/2 www.google.com/recaptcha/api.js?render=6LcXQ7EUAAAAAEY-1sgLx4eGQQDwXNdzlKssae-Y
IP 216.58.211.4:0
File type ASCII text, with very long lines (884), with no line terminators
Hash 62c89ebf7cba36af8481f17c85946e3c
a77ddfb4fe4693b13f7b3706682702612f5d4a71
52c384765209e563f5f92173aae019176cefd21cbabfc6f4e6c01c756775d387
GET /recaptcha/api.js?render=6LcXQ7EUAAAAAEY-1sgLx4eGQQDwXNdzlKssae-Y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Mon, 05 Dec 2022 05:31:15 GMT
date: Mon, 05 Dec 2022 05:31:15 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 584
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
gift6541.goggle.vip/sweeps/ww/iphonesurvey1/index_en-us.php?vid=1670218275-YgFsla&utm_medium=%7Bsub1%7D&utm_source=Redirect&utm_campaign=0_AutoSmartlink_Auto&utm_content=Smartlink_With_Push_RandomPub&isp=Blix+Group+AS&city=Oslo&br=0&sp=1&iw=False&checked=0&trans=1&ipp=0&lpkey=169670b221d888c575&ck=2
104.26.12.100200 OK 3.2 kB URL HTTP/2 gift6541.goggle.vip/sweeps/ww/iphonesurvey1/index_en-us.php?vid=1670218275-YgFsla&utm_medium=%7Bsub1%7D&utm_source=Redirect&utm_campaign=0_AutoSmartlink_Auto&utm_content=Smartlink_With_Push_RandomPub&isp=Blix+Group+AS&city=Oslo&br=0&sp=1&iw=False&checked=0&trans=1&ipp=0&lpkey=169670b221d888c575&ck=2
IP 104.26.12.100:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF, LF line terminators
Hash 878d4fd57489180379eaa56fd2f91e25
b93dbf95edd02dd6d86138257297eef4a4c16d00
7477041e90f295661fc3bc68a59942c05a10e8edf43cfc98a61c216952d26773
Analyzer Verdict Alert quad9 Sinkholed
GET /sweeps/ww/iphonesurvey1/index_en-us.php?vid=1670218275-YgFsla&utm_medium=%7Bsub1%7D&utm_source=Redirect&utm_campaign=0_AutoSmartlink_Auto&utm_content=Smartlink_With_Push_RandomPub&isp=Blix+Group+AS&city=Oslo&br=0&sp=1&iw=False&checked=0&trans=1&ipp=0&lpkey=169670b221d888c575&ck=2 HTTP/1.1
Host: gift6541.goggle.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 05 Dec 2022 05:31:15 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qmpQXssdzo6cbIl7B0bUrwi%2FBEiCSFtpxKTSD4AYCcA53vMmpbvZQief1SL3vkbzv06fVQqTQE%2F6%2FeGdpad7N30N%2FB0Dlakg4pJ%2Bn0HdAHOoB6RitGHDznX1oFIZro0reyVUnRm7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774a64fd6dd0b505-OSL
content-encoding: br
X-Firefox-Spdy: h2
gift6541.goggle.vip/sweeps/ww/iphonesurvey1/index_files/iphone13.png
104.26.12.100200 OK 310 kB URL HTTP/2 gift6541.goggle.vip/sweeps/ww/iphonesurvey1/index_files/iphone13.png
IP 104.26.12.100:0
File type PNG image data, 1000 x 1000, 8-bit/color RGBA, non-interlaced\012- data
Size 310 kB (309952 bytes)
Hash 88ba0dfc0338ae2f5b92bfb1b7f6130c
05166508588b528027d2792db7bc85c1e53fd735
1eff7675a17efaea49f406c55bc18ee34b24f71ad8f9537a54a9ef2d4368f3a5
Analyzer Verdict Alert quad9 Sinkholed
GET /sweeps/ww/iphonesurvey1/index_files/iphone13.png HTTP/1.1
Host: gift6541.goggle.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Dec 2022 05:31:15 GMT
content-type: image/png
content-length: 309952
last-modified: Fri, 17 Sep 2021 10:19:36 GMT
etag: "61446bb8-4bac0"
expires: Wed, 04 Jan 2023 05:31:15 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cPoYVwF146rYrluFA2NgGscoYl1L4fqiXCmSh5xEaL7qfMirGmqWDoSDMEZ7OSHYcujq0TiP23FrY5WmZHIZL3BElH4bgCoqTx2ampilpmM1KxnvVIB2KhmYDwvDL%2FY1VrxpZLzF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 774a64fe8eb2b505-OSL
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 5f16a534222e5749ef240d413826c2f6
11683d84d420dd6f919425094edb8961278f7fed
691ebf7feb1f7d6ae7e5e7efd678626c62042dda520506f262c7d9a67a48e3ed
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 05:31:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 67eaf80416802078cf20f6f8328ca0bb
d9cbffdc1972eec762e18fb620e4efe5169be163
12c2cddb038dc58e56c84a521b6f17b66ec54427a738fb8a46a4d95ceec9abbd
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 05:31:16 GMT
Last-Modified: Mon, 05 Dec 2022 05:31:14 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 279
www.googletagmanager.com/gtag/js?id=G-37GE99Q100
142.250.74.168200 OK 76 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=G-37GE99Q100
IP 142.250.74.168:0
File type ASCII text, with very long lines (20080)
Hash c1cc60b6f0d4b04e9f3db3d52ced0792
4ed14e454549bb8b32d160a2b595d37483560893
9d539417a4ae07aa92f5e29f7bb92c64626017c736b30b307f4da3ed08e6deca
GET /gtag/js?id=G-37GE99Q100 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 05 Dec 2022 05:31:16 GMT
expires: Mon, 05 Dec 2022 05:31:16 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 76333
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 5f16a534222e5749ef240d413826c2f6
11683d84d420dd6f919425094edb8961278f7fed
691ebf7feb1f7d6ae7e5e7efd678626c62042dda520506f262c7d9a67a48e3ed
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 05:31:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
t.y1h1.com/update?eventSub3=view&event3=1
172.67.75.44200 OK 2 B URL HTTP/2 t.y1h1.com/update?eventSub3=view&event3=1
IP 172.67.75.44:0
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
GET /update?eventSub3=view&event3=1 HTTP/1.1
Host: t.y1h1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gift6541.goggle.vip
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 05 Dec 2022 05:31:16 GMT
content-type: text/plain;charset=UTF-8
content-length: 2
access-control-allow-origin: https://gift6541.goggle.vip
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h9CXNAEO8UX3Hylnr4X6YkscOVA1IBAvCHfB0sARC3H9j0UtToojqk74dOA91xSgcXYCzHNavb%2FH7liP9tDvbhuugx3%2FpDacFSkq1SITSBXfs1dFebvCghdxmBQw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774a6501b853b52d-OSL
X-Firefox-Spdy: h2
gift6541.goggle.vip/favicon.ico
104.26.12.100200 OK 11 kB URL HTTP/2 gift6541.goggle.vip/favicon.ico
IP 104.26.12.100:0
File type MS Windows icon resource - 1 icon, -128x-128, 32 bits/pixel\012- data
Hash 8a4475384a8ac5e0049b27556a0c9692
50c057354e772a22c80b7ff90f277f16852aba79
463926ac8385a951a26c4f397aca3e27891ce6f5aee130028d1529ade805143d
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: gift6541.goggle.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Dec 2022 05:31:16 GMT
content-type: image/x-icon
last-modified: Mon, 10 Jan 2022 06:10:46 GMT
etag: W/"61dbcde6-1083e"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lNqS0%2Fa42lyYdId0GtHPlpwV%2FYsBpYYJaU%2B5Bz0BGTE7g73kS9bVrPQ%2FTciHeNtsHIZhpKWIJBd%2BJFSnvV6Y573%2BnjIzj7V4JeujbKIJctMyRMADL0afM3cKUIwL8Ag4OdpDxE0K"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 774a6500a843b505-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 8ead0ac4ce19cef2471bae0458759d89
af02fd3fcd2e10cfa2458407c0c2e59a43e18517
507b93c64bab73e393cf8d8131415ef4d4b01e65e0f2ab73597715197845e75e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 05:31:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 79c225db327a78b782f5a9512b07eaf0
398a1be3a70264d959146d6670d2ca54cdf4e91a
8539ea44d81775448ae8c6179d54d8a397c559b112291fa78abcf6ac6c480815
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 05:31:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js
142.250.74.35200 OK 163 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js
IP 142.250.74.35:0
File type ASCII text, with very long lines (730)
Size 163 kB (162976 bytes)
Hash 79d18cf4265108d7cecca1bf4ada6109
e51d0285a545381d4c39e9e0292a650ffeeecbb9
59ce7253f371df0833c3f72d4748ef812002b90a49413c56d0ca7c40bb5a0ab6
GET /recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gift6541.goggle.vip
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 162976
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 28 Nov 2022 19:09:57 GMT
expires: Tue, 28 Nov 2023 19:09:57 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 14 Nov 2022 03:01:59 GMT
content-type: text/javascript
age: 555679
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 79c225db327a78b782f5a9512b07eaf0
398a1be3a70264d959146d6670d2ca54cdf4e91a
8539ea44d81775448ae8c6179d54d8a397c559b112291fa78abcf6ac6c480815
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 05:31:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 7dfb548d8f8a99d32050803775fad5d6
8b47999a01db7c2217d76a1cec576809a229cf1b
68dd2a1e5a0002f4d25d3b5884ab55bc6b5a91e38f6dc464c4261b19c6e5887e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 05:31:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
translate.googleapis.com/translate_static/css/translateelement.css
142.250.74.138200 OK 3.6 kB URL HTTP/2 translate.googleapis.com/translate_static/css/translateelement.css
IP 142.250.74.138:0
File type ASCII text, with very long lines (18670)
Hash 897ba9a21d9625286674da769dacc2e2
84b4923ab7dee562395160824d53496314499b77
696cbf5c2f3f1efae555562b72abbbb22bed02eff03d62074555cab241190ae0
GET /translate_static/css/translateelement.css HTTP/1.1
Host: translate.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="rosetta"
report-to: {"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]}
content-length: 3619
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 05 Dec 2022 05:17:04 GMT
expires: Mon, 05 Dec 2022 06:17:04 GMT
cache-control: public, max-age=3600
age: 852
last-modified: Wed, 17 Aug 2022 23:38:00 GMT
content-type: text/css
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.no.qvkLIg6MEVc.O/d=1/exm=el_conf/ed=1/rs=AN8SPfoxsXHCM1CnEJ_o5xsmnbdq_po64A/m=el_main
142.250.74.138200 OK 75 kB URL HTTP/2 translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.no.qvkLIg6MEVc.O/d=1/exm=el_conf/ed=1/rs=AN8SPfoxsXHCM1CnEJ_o5xsmnbdq_po64A/m=el_main
IP 142.250.74.138:0
File type ASCII text, with very long lines (1613)
Hash 110765e1accf41111543c29721c78b52
3eeceb853d592a297162325f20f0420e136c875a
b5fb084ee4491e64fca48643106c0eb338212638caafdad88ff91e0d4198b589
GET /_/translate_http/_/js/k=translate_http.tr.no.qvkLIg6MEVc.O/d=1/exm=el_conf/ed=1/rs=AN8SPfoxsXHCM1CnEJ_o5xsmnbdq_po64A/m=el_main HTTP/1.1
Host: translate.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="rosetta"
report-to: {"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]}
content-length: 75035
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 00:23:32 GMT
expires: Thu, 30 Nov 2023 00:23:32 GMT
cache-control: public, max-age=31536000
age: 450464
last-modified: Sat, 12 Nov 2022 06:10:12 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 7dfb548d8f8a99d32050803775fad5d6
8b47999a01db7c2217d76a1cec576809a229cf1b
68dd2a1e5a0002f4d25d3b5884ab55bc6b5a91e38f6dc464c4261b19c6e5887e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 05:31:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3910
Expires: Mon, 05 Dec 2022 06:36:26 GMT
Date: Mon, 05 Dec 2022 05:31:16 GMT
Connection: keep-alive
rs.y1h1.com/common.js
104.26.3.157200 OK 7.5 kB IP 104.26.3.157:0
File type C source, ASCII text, with very long lines (17150), with no line terminators
Hash 121843c43f0498d8a60b09db04e4069e
114cdd0458c786406d8a7919a8c41359b1b5492e
a24738595216a715e54a9d82fe4b5de34d4c23031514bba39e6f1e7bde3b3765
GET /common.js HTTP/1.1
Host: rs.y1h1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Dec 2022 05:31:15 GMT
content-type: application/javascript
cache-control: max-age=43200
cf-bgj: minify
etag: W/"6214ae9e-42fe"
expires: Mon, 05 Dec 2022 17:28:35 GMT
last-modified: Tue, 22 Feb 2022 09:36:30 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 160
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TsLb7yb74JyGa%2B5LUqoo0RkYE4XAeELU6JDnrhgsk6v1LPQWZbiZZDdbpTCMa2e8wYHpml35ZNKqjJnHqzY%2BSXz%2FaEZckeCcu3EX%2B2yTOPhp4683DJwYuR6BXZgzaQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774a64ff5bcab521-OSL
content-encoding: br
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3910
Expires: Mon, 05 Dec 2022 06:36:26 GMT
Date: Mon, 05 Dec 2022 05:31:16 GMT
Connection: keep-alive
rs.y1h1.com/checkbot.js
104.26.3.157200 OK 12 kB IP 104.26.3.157:0
File type ASCII text, with very long lines (8175), with no line terminators
Hash cdf37c3f60b518cbc847e1b41e175efc
8fecce44b21f1adcedd3f3e4ee437f777f20fce2
42b411dd35918406214a4aa7d17c02305e40b5e3322426698fac3bbe15edcfbf
GET /checkbot.js HTTP/1.1
Host: rs.y1h1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Dec 2022 05:31:15 GMT
content-type: application/javascript
cache-control: max-age=43200
cf-bgj: minify
etag: W/"6222c2ff-1fef"
expires: Mon, 05 Dec 2022 17:28:35 GMT
last-modified: Sat, 05 Mar 2022 01:55:11 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 160
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NhEw9hoDbtt4he%2BQ%2BgmAt4guVWzO%2BEjhLZgXEjOX7SGHqQVrvLAYickEJ8wYCkMYhLXwyveL139n9sbkVtIXYPrPhd%2FzRap5LqjOyexgxINO%2BqnQEReXGqOP%2B3CThQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774a64ff5bc7b521-OSL
content-encoding: br
X-Firefox-Spdy: h2
rs.y1h1.com/load.js
104.26.3.157200 OK 13 kB IP 104.26.3.157:0
File type ASCII text, with very long lines (7056), with no line terminators
Hash 1abd12c16d9e07a6d4781220d1e68645
afb44cf1c3b6d62465bdeb4dc6aab2891e7658b6
92a8647c0e9c10a70e2af0a6cf0a7945e6ade17c4418512edcbe8e38563cacdc
GET /load.js HTTP/1.1
Host: rs.y1h1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Dec 2022 05:31:15 GMT
content-type: application/javascript
cache-control: max-age=43200
cf-bgj: minify
etag: W/"6311dce6-1b90"
expires: Mon, 05 Dec 2022 17:28:35 GMT
last-modified: Fri, 02 Sep 2022 10:37:26 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 160
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5rkqG2rknpagNmnWduEE9vKqAVmC9TfChzPIkCGDGsYyzg%2BPkf6EVXLE4lc%2F7iqYWQq2peLW89WsyQahRZFrAelSOgFLOZ%2BM3gWqNK6Fxr3gDTjIAKQ1VF7Vj8E5%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774a64ff5bc9b521-OSL
content-encoding: br
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1d81855b-98f7-4c0c-bfb4-78957d8c433d.jpeg
34.120.237.76200 OK 7.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1d81855b-98f7-4c0c-bfb4-78957d8c433d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9b475d52dd164b9cc0efbecfd58282b6
973e77db7fb34c60e08719dc7196d865e8831cb2
3985e24217a2bd811a0ea9bf0223eb0cda31604986f3467fae028a086a8b827e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1d81855b-98f7-4c0c-bfb4-78957d8c433d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7028
x-amzn-requestid: 4d20bc36-d129-468d-b30d-f6b571d528af
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cjKz6G86oAMF9oA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638abe7f-5f9353c04487352b64ba3bf8;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 03:11:59 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: GnsrHp9gMnOF7C1LS_suYeIrdrXQyAAvdrROmuVBRoI8xd6Dujlq_A==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 03:26:36 GMT
age: 7480
etag: "973e77db7fb34c60e08719dc7196d865e8831cb2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba66ee21-e2f8-434c-a2b3-004950fdfd58.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba66ee21-e2f8-434c-a2b3-004950fdfd58.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 557fea28a0a540d2ffdadd828e03de0b
c314368e2e73dabf2c5d856e2c3e1fae610a3005
0fdd195911cdfff46a6dd8ba7b760953e5317fd7ee88abf1e19458518979fdee
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba66ee21-e2f8-434c-a2b3-004950fdfd58.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11253
x-amzn-requestid: e0561a00-8657-4af0-b24c-08b328282f79
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: co_wKE9coAMFjmQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638d1334-2844266d51d5c5672f34ff61;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 21:37:56 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: v2OgP5Rhp06ijoZU2F8vOhLjBfHdBMPa2mOIg6EiYJrgCRbrKgJz2g==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 21:52:07 GMT
age: 27549
etag: "c314368e2e73dabf2c5d856e2c3e1fae610a3005"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
rs.y1h1.com/backbutton.js
104.26.3.157200 OK 8.6 kB URL HTTP/2 rs.y1h1.com/backbutton.js
IP 104.26.3.157:0
File type ASCII text, with very long lines (4816), with no line terminators
Hash ae781b6eb5322806d30426eb9ebe1c32
605aaa6f9226a45ab58a0b30362f817d5da55f2b
03b621b11304f98629fc3cd84f3a2f8a94c60521c0468894014b48c677d08f66
GET /backbutton.js HTTP/1.1
Host: rs.y1h1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Dec 2022 05:31:15 GMT
content-type: application/javascript
cache-control: max-age=43200
cf-bgj: minify
etag: W/"61d46677-12d0"
expires: Mon, 05 Dec 2022 17:28:35 GMT
last-modified: Tue, 04 Jan 2022 15:23:35 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 160
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tjzzntLpDMZquMbMmusVySB8h8p%2FP9UuYNcduQdnEvjf%2FKm1NZanfVVrnMDEqZVNIhy2ybAH18vshZThZk94rKmimst%2FHNdyPDLsuUCcLDRGYWq7POZPYZlxHfcNag%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774a64ff5bc8b521-OSL
content-encoding: br
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8d407108-e7e2-4672-80f5-d4b4c3e66151.jpeg
34.120.237.76200 OK 6.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8d407108-e7e2-4672-80f5-d4b4c3e66151.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3130c86c084c4c925fb9179dfa5c145d
203f27660f3885d5c1bc68a535baef4e48ff6582
faf2c48c2286fe2149908947de9037640007d32e13694c1261f610250caf3f8f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8d407108-e7e2-4672-80f5-d4b4c3e66151.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6173
x-amzn-requestid: dc73ee0d-b1ec-407f-8e98-3ba264725ee3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: co_sqHqwIAMFwqA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638d131d-56d74e8d45baa9e87136708f;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 21:37:33 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Gp9v8CfWmPctcSly9jWOxy0VCbBOE-CZs9z636yfpgpVi8eNt_PVvg==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 21:48:29 GMT
etag: "203f27660f3885d5c1bc68a535baef4e48ff6582"
content-type: image/jpeg
age: 27767
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
142.250.74.35200 OK 15 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Hash 5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 01 Dec 2022 21:48:03 GMT
expires: Fri, 01 Dec 2023 21:48:03 GMT
cache-control: public, max-age=31536000
age: 286993
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
142.250.74.35200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Hash 285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 01 Dec 2022 16:40:43 GMT
expires: Fri, 01 Dec 2023 16:40:43 GMT
cache-control: public, max-age=31536000
age: 305433
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
region1.google-analytics.com/g/collect?v=2&tid=G-37GE99Q100>m=2oebu0&_p=722319127&cid=953771596.1670218274&ul=en-us&sr=1280x1024&_s=1&sid=1670218273&sct=1&seg=0&dl=https%3A%2F%2Fgift6541.goggle.vip%2Fsweeps%2Fww%2Fiphonesurvey1%2Findex_en-us.php%3Fvid%3D1670218275-YgFsla%26utm_medium%3D%257Bsub1%257D%26utm_source%3DRedirect%26utm_campaign%3D0_AutoSmartlink_Auto%26utm_content%3DSmartlink_With_Push_RandomPub%26isp%3DBlix%2BGroup%2BAS%26city%3DOslo%26br%3D0%26sp%3D1%26iw%3DFalse%26checked%3D0%26trans%3D1%26ipp%3D0%26lpkey%3D169670b221d888c575%26ck%3D2&dt=%E2%98%91%EF%B8%8F%20iPhone%2013&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
216.239.34.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-37GE99Q100>m=2oebu0&_p=722319127&cid=953771596.1670218274&ul=en-us&sr=1280x1024&_s=1&sid=1670218273&sct=1&seg=0&dl=https%3A%2F%2Fgift6541.goggle.vip%2Fsweeps%2Fww%2Fiphonesurvey1%2Findex_en-us.php%3Fvid%3D1670218275-YgFsla%26utm_medium%3D%257Bsub1%257D%26utm_source%3DRedirect%26utm_campaign%3D0_AutoSmartlink_Auto%26utm_content%3DSmartlink_With_Push_RandomPub%26isp%3DBlix%2BGroup%2BAS%26city%3DOslo%26br%3D0%26sp%3D1%26iw%3DFalse%26checked%3D0%26trans%3D1%26ipp%3D0%26lpkey%3D169670b221d888c575%26ck%3D2&dt=%E2%98%91%EF%B8%8F%20iPhone%2013&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
IP 216.239.34.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-37GE99Q100>m=2oebu0&_p=722319127&cid=953771596.1670218274&ul=en-us&sr=1280x1024&_s=1&sid=1670218273&sct=1&seg=0&dl=https%3A%2F%2Fgift6541.goggle.vip%2Fsweeps%2Fww%2Fiphonesurvey1%2Findex_en-us.php%3Fvid%3D1670218275-YgFsla%26utm_medium%3D%257Bsub1%257D%26utm_source%3DRedirect%26utm_campaign%3D0_AutoSmartlink_Auto%26utm_content%3DSmartlink_With_Push_RandomPub%26isp%3DBlix%2BGroup%2BAS%26city%3DOslo%26br%3D0%26sp%3D1%26iw%3DFalse%26checked%3D0%26trans%3D1%26ipp%3D0%26lpkey%3D169670b221d888c575%26ck%3D2&dt=%E2%98%91%EF%B8%8F%20iPhone%2013&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: null
date: Mon, 05 Dec 2022 05:31:16 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
rs.y1h1.com/trans.css
104.26.3.157200 OK 0 B IP 104.26.3.157:0
GET /trans.css HTTP/1.1
Host: rs.y1h1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Dec 2022 05:31:16 GMT
content-type: text/css
cache-control: max-age=43200
cf-bgj: minify
cf-polished: origSize=417
etag: W/"60837b07-1a1"
expires: Mon, 05 Dec 2022 08:23:48 GMT
last-modified: Sat, 24 Apr 2021 01:57:27 GMT
cf-cache-status: HIT
age: 32848
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fXl4NGwKSqfU%2BrorpxL%2B5FynoCpS4RWBJPgv043%2B2gFpt2RUsZViqGXd6nYQHUc%2B0uOLVrOEffIS4g5JTiRAVx0FK7rDUWyJozFpGV%2F3OZqo93uOLWyhwiGbdjKiog%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 774a6500fcafb521-OSL
content-encoding: br
X-Firefox-Spdy: h2
rs.y1h1.com/push.js
104.26.3.157200 OK 0 B IP 104.26.3.157:0
GET /push.js HTTP/1.1
Host: rs.y1h1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Dec 2022 05:31:16 GMT
content-type: application/javascript
cache-control: max-age=43200
cf-bgj: minify
etag: W/"61d4671f-2950"
expires: Mon, 05 Dec 2022 06:52:49 GMT
last-modified: Tue, 04 Jan 2022 15:26:23 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 38306
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BCVzTFhSCZZwqlHDdIxHA1s2dlMB8dtzF7W6vW3g5fzT4rxtISvtgUbFl7BgI9XZEQPJ3rlyxCdyvxufsn%2B0hjadoDau34W37AonlT%2B7%2FxE5R1r8%2FTd4jBLoFrhwXA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774a6500fcaeb521-OSL
content-encoding: br
X-Firefox-Spdy: h2
rs.y1h1.com/copy.js
104.26.3.157200 OK 0 B IP 104.26.3.157:0
GET /copy.js HTTP/1.1
Host: rs.y1h1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Dec 2022 05:31:15 GMT
content-type: application/javascript
cache-control: max-age=43200
cf-bgj: minify
etag: W/"6308a3c6-ea8"
expires: Mon, 05 Dec 2022 17:28:35 GMT
last-modified: Fri, 26 Aug 2022 10:43:18 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 160
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XJvRLtV2FXhStKixU%2FlvjUc%2B6e%2Fbc8b5XnVP7rkml26gbSDgvmM6m%2F8fRvvSsuerhnMgrJ%2Bm%2F5Hl1FKoQdLuIahbQz6i2pWReaDcq%2FNcmzX2bJkMN5qIMZxNkcSKKg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774a64ff4bc1b521-OSL
content-encoding: br
X-Firefox-Spdy: h2
rs.y1h1.com/jquery-3.5.1.min.js
104.26.3.157200 OK 0 B URL HTTP/2 rs.y1h1.com/jquery-3.5.1.min.js
IP 104.26.3.157:0
GET /jquery-3.5.1.min.js HTTP/1.1
Host: rs.y1h1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Dec 2022 05:31:15 GMT
content-type: application/javascript
last-modified: Sun, 20 Jun 2021 08:52:33 GMT
vary: Accept-Encoding
etag: W/"60cf01d1-15d84"
expires: Mon, 05 Dec 2022 05:40:39 GMT
cache-control: max-age=43200
cf-cache-status: HIT
age: 42636
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KR4UaXrAib%2B%2F0s%2F%2BJFLNBvHzlTSv9dTO0a5P4Oo4xiZIp0HtmhCU9oEG8fbF6OJifayw48F9QDQlc3CZ2ZVuJhSlrDG2igspm78Ij3WiKSzK%2BAELlzzKTafG1VTP%2Fw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774a64ff5bcbb521-OSL
content-encoding: br
X-Firefox-Spdy: h2
translate.google.com/translate_a/element.js?cb=googleTranslateElementInit
216.58.211.14200 OK 0 B URL HTTP/2 translate.google.com/translate_a/element.js?cb=googleTranslateElementInit
IP 216.58.211.14:0
GET /translate_a/element.js?cb=googleTranslateElementInit HTTP/1.1
Host: translate.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 05 Dec 2022 05:31:16 GMT
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
set-cookie: CONSENT=PENDING+858; expires=Wed, 04-Dec-2024 05:31:16 GMT; path=/; domain=.google.com; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
gift6541.goggle.vip/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
104.26.12.100200 OK 0 B URL HTTP/2 gift6541.goggle.vip/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
IP 104.26.12.100:0
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js HTTP/1.1
Host: gift6541.goggle.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Dec 2022 05:31:15 GMT
content-type: application/javascript
last-modified: Wed, 30 Nov 2022 18:31:41 GMT
etag: W/"6387a18d-302c"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FgaFGNG6uDFyjwYgfOPia6V3lv6h3EXYoDB71t3Y0krDfmJ5hjlAvxEYvZmQurox9ZOzmpuRc0gvW7qhHI3TQmmudDpLr4Gm97%2BTbdiZrzx%2BKBZoOWqHouUt%2FV7ae2C5dr8rjSzD"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 774a64fe8eb3b505-OSL
x-frame-options: DENY
x-content-type-options: nosniff
expires: Wed, 07 Dec 2022 05:31:15 GMT
cache-control: max-age=172800, public
content-encoding: gzip
X-Firefox-Spdy: h2
rs.y1h1.com/trans.js
104.26.3.157200 OK 0 B IP 104.26.3.157:0
GET /trans.js HTTP/1.1
Host: rs.y1h1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Dec 2022 05:31:16 GMT
content-type: application/javascript
cache-control: max-age=43200
cf-bgj: minify
cf-polished: origSize=337
etag: W/"60837b56-151"
expires: Mon, 05 Dec 2022 07:37:41 GMT
last-modified: Sat, 24 Apr 2021 01:58:46 GMT
cf-cache-status: HIT
age: 35615
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F0yvjkkz9E2wSTfDPCz7nFDwUpmbTSrsbHoUfIT3NbBBOD7gBunsLuTYHb0%2BR137gyw304BGG87K3VAZszJ9P%2F3Sg5Jj4fdAdvhyZro1Q24IF9bYdpTZ73lzv52z%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 774a6500fcb2b521-OSL
content-encoding: br
X-Firefox-Spdy: h2
t.y1h1.com/recaptcha/verify?token=03AEkXODDboY6OfjVgWpv5OptzRkhUgf2Xk18aWL6a72tI1dKMLRzZVsCV7p0mzxZdhKcq40SFV-GKyvFoNsi6tPnpGLm3A7QrlIQEsyqFOYFDcA5zryhSmGVs8WbzXrg_EDvN-HEmA_TjKyHpTwg5RYf_arvQPPSAKJ303U3VDyL45GMjYM8VO_x78nD_5BOdRPMqMg3Jukhkyed9QuF7T_jlQtoul2UL7IligT1zfOQthpbLtFlToLEKAY8RD9AM5XW8loIqMuGE338u5R_JyawJDorRCyaPMu5AUFzGmkJ8A3-Y7PhsV2b7SgeuqGGXum59Z5iAK-gSenimfenE7Ld_Oj99ofeCASh9b4WBp2GEK0Eln1m_N6W5ZkQGYl6K08V8qTjVZyak998sIZLSUdmAtyx3VzxIVDLkzp7smkrxJfSyJqrzOGiPRnvvNelJ75Blre_mwM7XfCPyGurxyHzHcAZa-Bg72NI1mwThg5jlFQdrwBCxZl-dOMR2NI0Y33dCt4gxWbFy&vid=1670218275-YgFsla&eventSubField=eventSub9&eventField=event9&botScore=0.5
172.67.75.44200 OK 0 B URL HTTP/2 t.y1h1.com/recaptcha/verify?token=03AEkXODDboY6OfjVgWpv5OptzRkhUgf2Xk18aWL6a72tI1dKMLRzZVsCV7p0mzxZdhKcq40SFV-GKyvFoNsi6tPnpGLm3A7QrlIQEsyqFOYFDcA5zryhSmGVs8WbzXrg_EDvN-HEmA_TjKyHpTwg5RYf_arvQPPSAKJ303U3VDyL45GMjYM8VO_x78nD_5BOdRPMqMg3Jukhkyed9QuF7T_jlQtoul2UL7IligT1zfOQthpbLtFlToLEKAY8RD9AM5XW8loIqMuGE338u5R_JyawJDorRCyaPMu5AUFzGmkJ8A3-Y7PhsV2b7SgeuqGGXum59Z5iAK-gSenimfenE7Ld_Oj99ofeCASh9b4WBp2GEK0Eln1m_N6W5ZkQGYl6K08V8qTjVZyak998sIZLSUdmAtyx3VzxIVDLkzp7smkrxJfSyJqrzOGiPRnvvNelJ75Blre_mwM7XfCPyGurxyHzHcAZa-Bg72NI1mwThg5jlFQdrwBCxZl-dOMR2NI0Y33dCt4gxWbFy&vid=1670218275-YgFsla&eventSubField=eventSub9&eventField=event9&botScore=0.5
IP 172.67.75.44:0
GET /recaptcha/verify?token=03AEkXODDboY6OfjVgWpv5OptzRkhUgf2Xk18aWL6a72tI1dKMLRzZVsCV7p0mzxZdhKcq40SFV-GKyvFoNsi6tPnpGLm3A7QrlIQEsyqFOYFDcA5zryhSmGVs8WbzXrg_EDvN-HEmA_TjKyHpTwg5RYf_arvQPPSAKJ303U3VDyL45GMjYM8VO_x78nD_5BOdRPMqMg3Jukhkyed9QuF7T_jlQtoul2UL7IligT1zfOQthpbLtFlToLEKAY8RD9AM5XW8loIqMuGE338u5R_JyawJDorRCyaPMu5AUFzGmkJ8A3-Y7PhsV2b7SgeuqGGXum59Z5iAK-gSenimfenE7Ld_Oj99ofeCASh9b4WBp2GEK0Eln1m_N6W5ZkQGYl6K08V8qTjVZyak998sIZLSUdmAtyx3VzxIVDLkzp7smkrxJfSyJqrzOGiPRnvvNelJ75Blre_mwM7XfCPyGurxyHzHcAZa-Bg72NI1mwThg5jlFQdrwBCxZl-dOMR2NI0Y33dCt4gxWbFy&vid=1670218275-YgFsla&eventSubField=eventSub9&eventField=event9&botScore=0.5 HTTP/1.1
Host: t.y1h1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gift6541.goggle.vip
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Dec 2022 05:31:17 GMT
content-type: text/plain;charset=UTF-8
access-control-allow-origin: https://gift6541.goggle.vip
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xW8krrZHHoMhRosGzZ%2FfBbaaMLczWq0jglrX5jyh6QXeP%2BZQiasiiC1oN20jHR8Fr86hFydGs9dvHfENMFXvp3mFyhZPyTYZOGS%2Byz%2BzfHEzk0M6CN2yIBcluCuv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774a6507faf3b52d-OSL
content-encoding: br
X-Firefox-Spdy: h2