urlquery - report: 12kbps.xyz/repo/vir/others/windowspolicepro.exe

Fully Qualifying Domain Name	Rank	First Seen	Last Seen	IP	Comment
firefox.settings.services.mozilla.com (2)	867	2020-05-25 20:06:39 UTC	2023-02-02 04:09:02 UTC	35.241.9.150
contile.services.mozilla.com (1)	1114	2021-05-27 18:32:35 UTC	2023-02-02 04:09:20 UTC	34.117.237.239
push.services.mozilla.com (1)	2140	2014-10-24 08:27:06 UTC	2023-02-02 04:10:44 UTC	34.223.234.225
ww1.12kbps.xyz (7)	0	2021-02-12 02:29:23 UTC	2023-02-02 22:56:48 UTC	199.59.243.222	Unknown ranking
afs.googleusercontent.com (2)	12123	2013-05-06 19:11:00 UTC	2023-02-02 04:10:29 UTC	142.250.74.97
fonts.googleapis.com (1)	8877	2012-05-23 12:41:44 UTC	2023-02-02 08:36:04 UTC	142.250.74.74
12kbps.xyz (3)	0	2017-12-23 15:29:12 UTC	2023-02-03 04:06:50 UTC	82.192.82.228	Unknown ranking
content-signature-2.cdn.mozilla.net (1)	1152	2020-11-03 12:26:46 UTC	2023-02-02 04:10:44 UTC	34.160.144.191
ocsp.pki.goog (11)	175	2017-06-14 07:23:31 UTC	2023-02-02 04:09:06 UTC	142.250.74.163
img-getpocket.cdn.mozilla.net (6)	1631	2017-09-01 03:40:57 UTC	2023-02-02 04:09:26 UTC	34.120.237.76
fonts.gstatic.com (1)	0	2014-04-02 10:51:04 UTC	2023-02-02 07:34:01 UTC	216.58.211.3	Domain (gstatic.com) ranked at: 540
r3.o.lencr.org (7)	344	2020-12-02 08:52:13 UTC	2023-02-02 04:09:15 UTC	23.36.77.32
partner.googleadservices.com (1)	798	2012-06-26 16:06:42 UTC	2023-02-02 04:12:16 UTC	216.58.211.2
www.google.com (1)	7	2012-11-08 00:08:21 UTC	2023-02-02 13:15:46 UTC	142.250.74.4

Timestamp	Severity	Source IP	Destination IP	Alert
2023-02-03 07:59:27 UTC	1	Client IP	82.192.82.228	ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016

Date	UQ / IDS / BL	URL	IP
2023-03-31 13:23:20 +0000	0 - 2 - 6	imgtaram.com/bul/bulgari-the-joy-of-gems.pdf	82.192.82.228
2023-03-31 11:48:11 +0000	0 - 1 - 0	12kbps.xyz/repo/vir/others/windowspolicepro.exe	82.192.82.228
2023-03-31 10:49:12 +0000	0 - 3 - 0	file-share.top/FSDownloader.exe	82.192.82.228
2023-03-29 19:06:00 +0000	0 - 1 - 0	12kbps.xyz/repo/vir/others/memz.exe	82.192.82.228
2023-03-29 19:05:37 +0000	0 - 1 - 0	12kbps.xyz/repo/vir/others/windowspolicepro.exe	82.192.82.228

Date	UQ / IDS / BL	URL	IP
2023-03-31 22:57:14 +0000	0 - 0 - 4	roto-offers.com/bitcoin-miner/index.html	81.171.22.6
2023-03-31 22:37:15 +0000	0 - 2 - 0	track.biobandreviewed.shop/640b764c25991b0001 (...)	37.48.87.182
2023-03-31 22:34:02 +0000	0 - 2 - 0	track.biobandreviewed.shop/640b764c25991b0001 (...)	37.48.87.182
2023-03-31 22:33:22 +0000	0 - 0 - 5	amaz0n.c0.jp-d36b44925ba4ee33c7fe3279e60ce232 (...)	37.48.65.153
2023-03-31 22:15:09 +0000	0 - 0 - 7	s.elns4a.com/splash.php?el&idzone=4855662&sub (...)	95.211.229.246

Date	UQ / IDS / BL	URL	IP
2023-03-31 11:48:11 +0000	0 - 1 - 0	12kbps.xyz/repo/vir/others/windowspolicepro.exe	82.192.82.228
2023-03-31 11:18:57 +0000	0 - 1 - 0	12kbps.xyz/repo/vir/others/memz.exe	69.162.95.6
2023-03-31 11:18:57 +0000	0 - 1 - 0	12kbps.xyz/repo/vir/others/windowspolicepro.exe	69.162.95.6
2023-03-31 10:16:30 +0000	0 - 1 - 0	12kbps.xyz/repo/vir/others/windowspolicepro.exe	82.192.82.226
2023-03-31 08:18:24 +0000	0 - 1 - 0	12kbps.xyz/repo/vir/others/memz.exe	185.107.56.195

Date	UQ / IDS / BL	URL	IP
2023-03-11 14:41:55 +0000	0 - 0 - 4	www.astronomics.co/	199.59.243.223
2023-02-23 18:23:23 +0000	0 - 0 - 4	as.macecri.com/	199.59.243.222
2023-02-19 17:47:51 +0000	0 - 1 - 0	12kbps.xyz/repo/vir/others/windowspolicepro.exe	82.192.82.227
2023-01-23 14:57:23 +0000	0 - 0 - 5	ganyrys.com/login.php	212.32.237.91
2023-01-12 14:30:01 +0000	0 - 0 - 5	ganyrys.com/login.php	23.82.12.32

Request	Response
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.77.32 HASH: eb0ce9ae50d156fe5924b2d77346735e4e93b5240cff301c9aa835bb0b385815 23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "EB0CE9AE50D156FE5924B2D77346735E4E93B5240CFF301C9AA835BB0B385815" Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=13836 Expires: Fri, 03 Feb 2023 11:49:33 GMT Date: Fri, 03 Feb 2023 07:58:57 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: e935ea42be4feaed61a824b0b903913e Sha1: f966cfa80d65a805cb9d7c6a53b3340865d7c51a Sha256: eb0ce9ae50d156fe5924b2d77346735e4e93b5240cff301c9aa835bb0b385815
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.77.32 HASH: 373799b5749d2cb08b5721699a3e4c6b94b0d41604ac07d4ef7179e47dabc71f 23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "373799B5749D2CB08B5721699A3E4C6B94B0D41604AC07D4EF7179E47DABC71F" Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=19822 Expires: Fri, 03 Feb 2023 13:29:19 GMT Date: Fri, 03 Feb 2023 07:58:57 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: d4e95d0d8982bcd07804baf6fc88231c Sha1: 5027abda0875bd2529dd4d6691784c74da71a9ee Sha256: 373799b5749d2cb08b5721699a3e4c6b94b0d41604ac07d4ef7179e47dabc71f
GET /v1/ HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: firefox.settings.services.mozilla.com/v1/ FQDN: firefox.settings.services.mozilla.com IP: 35.241.9.150 HASH: b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e 35.241.9.150 HTTP/2 200 OK content-type: application/json access-control-allow-origin: * access-control-expose-headers: Backoff, Retry-After, Content-Length, Alert, Content-Type content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; strict-transport-security: max-age=31536000 x-content-type-options: nosniff content-length: 939 via: 1.1 google date: Fri, 03 Feb 2023 07:36:10 GMT age: 1367 cache-control: max-age=3600,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JSON data\012- , ASCII text, with very long lines (939), with no line terminators Size: 939 Md5: 30db107dcf4380cef05efea409c2e6a3 Sha1: 96e6a306fbc07299aba64e5c14e2bfca35872fa9 Sha256: b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /repo/vir/others/windowspolicepro.exe HTTP/1.1 Host: 12kbps.xyz User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Upgrade-Insecure-Requests: 1	URL: 12kbps.xyz/repo/vir/others/windowspolicepro.exe FQDN: 12kbps.xyz IP: 82.192.82.228 HASH: 5eeedc0d95eb171a3696879cf4f54af20584ef2e7512b6508eb6868c62be5ddd 82.192.82.228 HTTP/1.1 200 OK content-type: text/html; charset=utf-8 accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile cache-control: max-age=0, private, must-revalidate connection: close content-length: 507 date: Fri, 03 Feb 2023 07:58:57 GMT server: nginx set-cookie: sid=9cbf1f0e-a398-11ed-8be0-810d81628e35; path=/; domain=.12kbps.xyz; expires=Wed, 21 Feb 2091 11:13:04 GMT; max-age=2147483647; HttpOnly --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (507), with no line terminators Size: 507 Md5: d910ab7429be0ecf1f099879118b122d Sha1: e8fb91b889d269be745b3b4d52e2fccda0385e67 Sha256: 5eeedc0d95eb171a3696879cf4f54af20584ef2e7512b6508eb6868c62be5ddd Alerts: IDS: - ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.77.32 HASH: de0e45969a2ad95e52f7e2fbd0d021d9075dd7b14666c929346efe111f648f7c 23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "DE0E45969A2AD95E52F7E2FBD0D021D9075DD7B14666C929346EFE111F648F7C" Last-Modified: Thu, 02 Feb 2023 16:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=6312 Expires: Fri, 03 Feb 2023 09:44:09 GMT Date: Fri, 03 Feb 2023 07:58:57 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 7d2222d41721947297aaeb5a6e3d0714 Sha1: 04cc1ee417c8bf6338657fd4c2e4e1c1ddfd3065 Sha256: de0e45969a2ad95e52f7e2fbd0d021d9075dd7b14666c929346efe111f648f7c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1 Host: content-signature-2.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site	URL: content-signature-2.cdn.mozilla.net/chains/remote-setti (...) FQDN: content-signature-2.cdn.mozilla.net IP: 34.160.144.191 HASH: adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c 34.160.144.191 HTTP/2 200 OK content-type: binary/octet-stream x-amz-id-2: pLGXeOEv8LH5Go9gNjvY/mEQuacefKWdMgygT+5KcuPQ5iuq6ZyVfMOj79UiGjhs9Zc9icS0lpw= x-amz-request-id: 3SV5HZEWQD354459 content-disposition: attachment accept-ranges: bytes server: AmazonS3 content-length: 5348 via: 1.1 google date: Fri, 03 Feb 2023 07:23:27 GMT age: 2131 last-modified: Mon, 09 Jan 2023 18:04:21 GMT etag: "7b922915ebf1fa3639b333f994c74f24" cache-control: public,max-age=3600 alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: PEM certificate\012- , ASCII text Size: 5348 Md5: 7b922915ebf1fa3639b333f994c74f24 Sha1: 144a3f80b98fd0652d4614f24cf6cbbee40f8938 Sha256: adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /v1/tiles HTTP/1.1 Host: contile.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: contile.services.mozilla.com/v1/tiles FQDN: contile.services.mozilla.com IP: 34.117.237.239 HASH: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3 34.117.237.239 HTTP/2 200 OK content-type: application/json server: nginx date: Fri, 03 Feb 2023 07:58:57 GMT content-length: 12 access-control-allow-credentials: true access-control-expose-headers: content-type vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers strict-transport-security: max-age=31536000 via: 1.1 google alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JSON data\012- , ASCII text, with no line terminators Size: 12 Md5: 23e88fb7b99543fb33315b29b1fad9d6 Sha1: a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /favicon.ico HTTP/1.1 Host: 12kbps.xyz User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://12kbps.xyz/repo/vir/others/windowspolicepro.exe Cookie: sid=9cbf1f0e-a398-11ed-8be0-810d81628e35	URL: 12kbps.xyz/favicon.ico FQDN: 12kbps.xyz IP: 82.192.82.228 HASH: 907ba78b4545338d3539683e63ecb51cf51c10adc9dabd86e92bd52339f298b9 82.192.82.228 HTTP/1.1 404 Not Found cache-control: max-age=0, private, must-revalidate connection: close content-length: 9 date: Fri, 03 Feb 2023 07:58:57 GMT server: nginx --- Additional Info --- Magic: ASCII text, with no line terminators Size: 9 Md5: d8f4a1993546cc4b850cde3599e27aec Sha1: 094b763b4cfcc0b05e5d040581cd513c3ca08067 Sha256: 907ba78b4545338d3539683e63ecb51cf51c10adc9dabd86e92bd52339f298b9
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: application/json Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: application/json Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: firefox.settings.services.mozilla.com/v1/buckets/main/c (...) FQDN: firefox.settings.services.mozilla.com IP: 35.241.9.150 HASH: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300 35.241.9.150 HTTP/2 200 OK content-type: application/json access-control-allow-origin: * access-control-expose-headers: Pragma, Backoff, Retry-After, Content-Length, Last-Modified, Expires, Cache-Control, ETag, Alert, Content-Type content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; strict-transport-security: max-age=31536000 x-content-type-options: nosniff content-length: 329 via: 1.1 google date: Fri, 03 Feb 2023 07:49:06 GMT age: 592 last-modified: Fri, 25 Mar 2022 17:45:46 GMT etag: "1648230346554" cache-control: max-age=3600,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JSON data\012- , ASCII text, with very long lines (329), with no line terminators Size: 329 Md5: 0333b0655111aa68de771adfcc4db243 Sha1: 63f295a144ac87a7c8e23417626724eeca68a7eb Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.77.32 HASH: 6a9838d00256431807ca382fc205064b07c08d5054f2895c2ae3cc4e9094179a 23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "6A9838D00256431807CA382FC205064B07C08D5054F2895C2AE3CC4E9094179A" Last-Modified: Wed, 01 Feb 2023 08:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=13364 Expires: Fri, 03 Feb 2023 11:41:42 GMT Date: Fri, 03 Feb 2023 07:58:58 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 8913af0be619500295008bb91f506660 Sha1: a7b8068ba9aa506205a295b24458c2616997a0d1 Sha256: 6a9838d00256431807ca382fc205064b07c08d5054f2895c2ae3cc4e9094179a
GET / HTTP/1.1 Host: push.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Sec-WebSocket-Version: 13 Origin: wss://push.services.mozilla.com/ Sec-WebSocket-Protocol: push-notification Sec-WebSocket-Extensions: permessage-deflate Sec-WebSocket-Key: SE9zOpQXG753QV9GCQL0/A== Connection: keep-alive, Upgrade Sec-Fetch-Dest: websocket Sec-Fetch-Mode: websocket Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache Upgrade: websocket	URL: push.services.mozilla.com/ FQDN: push.services.mozilla.com IP: 34.223.234.225 HASH: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 34.223.234.225 HTTP/1.1 101 Switching Protocols Connection: Upgrade Upgrade: websocket Sec-WebSocket-Accept: pjDhTs3i3WNqSovfdzxruCOsmmA= --- Additional Info --- Magic: Size: 0 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /repo/vir/others/windowspolicepro.exe?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY3NTQxODMzNywiaWF0IjoxNjc1NDExMTM3LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydDA0MzNjc2thNzFmcms2ZmMzdnZpMm4iLCJuYmYiOjE2NzU0MTExMzcsInRzIjoxNjc1NDExMTM3ODU1Nzk1fQ.hmxgiiCtzUkm13qobcpemkBD_6q5D_j7c2oEP5hMtvU&sid=9cbf1f0e-a398-11ed-8be0-810d81628e35 HTTP/1.1 Host: 12kbps.xyz User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://12kbps.xyz/repo/vir/others/windowspolicepro.exe Cookie: sid=9cbf1f0e-a398-11ed-8be0-810d81628e35 Upgrade-Insecure-Requests: 1	URL: 12kbps.xyz/repo/vir/others/windowspolicepro.exe?ch=1&js (...) FQDN: 12kbps.xyz IP: 82.192.82.228 HASH: e55fb1a1d731153e943b68844af12dcce8bfac917c98ffdea64c80da0607dd47 82.192.82.228 HTTP/1.1 302 Found cache-control: max-age=0, private, must-revalidate connection: close content-length: 11 date: Fri, 03 Feb 2023 07:58:58 GMT location: http://ww1.12kbps.xyz server: nginx set-cookie: sid=9cbf1f0e-a398-11ed-8be0-810d81628e35; path=/; domain=.12kbps.xyz; expires=Wed, 21 Feb 2091 11:13:06 GMT; max-age=2147483647; HttpOnly --- Additional Info --- Magic: ASCII text, with no line terminators Size: 11 Md5: 32682312d17c7cbf18e73594f5570319 Sha1: 60e22121bdd0bc71cdb2bae2a3aa577006b2eae9 Sha256: e55fb1a1d731153e943b68844af12dcce8bfac917c98ffdea64c80da0607dd47
GET / HTTP/1.1 Host: ww1.12kbps.xyz User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://12kbps.xyz/ Connection: keep-alive Cookie: sid=9cbf1f0e-a398-11ed-8be0-810d81628e35 Upgrade-Insecure-Requests: 1	URL: ww1.12kbps.xyz/ FQDN: ww1.12kbps.xyz IP: 199.59.243.222 HASH: f14146a0bf84a2e5c61fe1c6fba9f670f2092544c6a744a633447e8649fbe307 199.59.243.222 HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: openresty Date: Fri, 03 Feb 2023 07:58:59 GMT Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: parking_session=26450b52-a291-b1ab-2512-2801b2ad60b8; expires=Fri, 03-Feb-2023 08:13:59 GMT; Max-Age=900; path=/; HttpOnly X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_CU3U8s+aJWQokwTzuCTqIfK3S/ZirhSGCm/DN5AOAsZh2nXlS28YkoUZTT4LIWW7JXRKxLKJyv4SzRWDSniRag== Accept-CH: sec-ch-prefers-color-scheme Critical-CH: sec-ch-prefers-color-scheme Vary: sec-ch-prefers-color-scheme Expires: Thu, 01 Jan 1970 00:00:01 GMT Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Content-Encoding: gzip --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (895), with no line terminators Size: 686 Md5: 81233745b955ffae678fbcceb01034b3 Sha1: f7d0954b694d04ccd2b7b7029482f1b5d34407e0 Sha256: f14146a0bf84a2e5c61fe1c6fba9f670f2092544c6a744a633447e8649fbe307
GET /js/parking.2.102.1.js HTTP/1.1 Host: ww1.12kbps.xyz User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://ww1.12kbps.xyz/ Cookie: sid=9cbf1f0e-a398-11ed-8be0-810d81628e35; parking_session=26450b52-a291-b1ab-2512-2801b2ad60b8	URL: ww1.12kbps.xyz/js/parking.2.102.1.js FQDN: ww1.12kbps.xyz IP: 199.59.243.222 HASH: f5373227d07075bc46350f78d64dbaa8f93dec7320f2daec3719537b879456b5 199.59.243.222 HTTP/1.1 200 OK Content-Type: application/javascript; charset=utf-8 Server: openresty Date: Fri, 03 Feb 2023 07:58:59 GMT Last-Modified: Wed, 01 Feb 2023 19:08:53 GMT Transfer-Encoding: chunked Connection: keep-alive Expires: Thu, 01 Jan 1970 00:00:01 GMT Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Content-Encoding: gzip --- Additional Info --- Magic: HTML document, ASCII text, with very long lines (65536), with no line terminators Size: 22181 Md5: 7d62f7f843d18ff3c81f40cf33a3a263 Sha1: 871b82eb9c6fa397118c33ea3b0227ee967640dd Sha256: f5373227d07075bc46350f78d64dbaa8f93dec7320f2daec3719537b879456b5
POST /_fd HTTP/1.1 Host: ww1.12kbps.xyz User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: application/json Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://ww1.12kbps.xyz/ Content-Type: application/json Origin: http://ww1.12kbps.xyz Connection: keep-alive Cookie: sid=9cbf1f0e-a398-11ed-8be0-810d81628e35; parking_session=26450b52-a291-b1ab-2512-2801b2ad60b8 Content-Length: 0	URL: ww1.12kbps.xyz/_fd FQDN: ww1.12kbps.xyz IP: 199.59.243.222 HASH: f90aabe923252e63fedbace0cd4c905a5abe93cc3a190875714dcf316a01c788 199.59.243.222 HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: openresty Transfer-Encoding: chunked Connection: keep-alive Date: Fri, 03 Feb 2023 07:58:59 GMT X-Version: 2.102.1 Set-Cookie: parking_session=26450b52-a291-b1ab-2512-2801b2ad60b8; expires=Fri, 03-Feb-2023 08:13:59 GMT; Max-Age=900; path=/; httponly Expires: Thu, 01 Jan 1970 00:00:01 GMT Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Content-Encoding: gzip --- Additional Info --- Magic: ASCII text, with very long lines (5153), with no line terminators Size: 2594 Md5: 2e595acc294fc505ca84e41d08a1020d Sha1: 7da990dc43f13ee81f67e375b9a44717cb557093 Sha256: f90aabe923252e63fedbace0cd4c905a5abe93cc3a190875714dcf316a01c788
GET /px.gif?ch=1&rn=7.56807114323967 HTTP/1.1 Host: ww1.12kbps.xyz User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://ww1.12kbps.xyz/ Cookie: sid=9cbf1f0e-a398-11ed-8be0-810d81628e35; parking_session=26450b52-a291-b1ab-2512-2801b2ad60b8	URL: ww1.12kbps.xyz/px.gif?ch=1&rn=7.56807114323967 FQDN: ww1.12kbps.xyz IP: 199.59.243.222 HASH: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 199.59.243.222 HTTP/1.1 200 OK Content-Type: image/gif Server: openresty Date: Fri, 03 Feb 2023 07:58:59 GMT Content-Length: 42 Last-Modified: Wed, 15 Sep 2021 19:38:30 GMT Connection: keep-alive Expires: Thu, 01 Jan 1970 00:00:01 GMT Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Accept-Ranges: bytes --- Additional Info --- Magic: GIF image data, version 89a, 1 x 1\012- data Size: 42 Md5: d89746888da2d9510b64a9f031eaecd5 Sha1: d5fceb6532643d0d84ffe09c40c481ecdf59e15a Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /px.gif?ch=2&rn=7.56807114323967 HTTP/1.1 Host: ww1.12kbps.xyz User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://ww1.12kbps.xyz/ Cookie: sid=9cbf1f0e-a398-11ed-8be0-810d81628e35; parking_session=26450b52-a291-b1ab-2512-2801b2ad60b8	URL: ww1.12kbps.xyz/px.gif?ch=2&rn=7.56807114323967 FQDN: ww1.12kbps.xyz IP: 199.59.243.222 HASH: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 199.59.243.222 HTTP/1.1 200 OK Content-Type: image/gif Server: openresty Date: Fri, 03 Feb 2023 07:58:59 GMT Content-Length: 42 Last-Modified: Wed, 15 Sep 2021 19:38:30 GMT Connection: keep-alive Expires: Thu, 01 Jan 1970 00:00:01 GMT Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Accept-Ranges: bytes --- Additional Info --- Magic: GIF image data, version 89a, 1 x 1\012- data Size: 42 Md5: d89746888da2d9510b64a9f031eaecd5 Sha1: d5fceb6532643d0d84ffe09c40c481ecdf59e15a Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: ocsp.pki.goog/gts1c3 FQDN: ocsp.pki.goog IP: 142.250.74.163 HASH: e81c8aa45d0707079d9eba798fb447059042453be4834d14467839688ca66f5d 142.250.74.163 HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Fri, 03 Feb 2023 07:58:59 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 471 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN --- Additional Info --- Magic: data Size: 471 Md5: 4cf0ccf2909be74efd7a89dbe4228ffb Sha1: b4993da334b48312584d116a3de4be4cd71962cf Sha256: e81c8aa45d0707079d9eba798fb447059042453be4834d14467839688ca66f5d
GET /favicon.ico HTTP/1.1 Host: ww1.12kbps.xyz User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://ww1.12kbps.xyz/ Cookie: sid=9cbf1f0e-a398-11ed-8be0-810d81628e35; parking_session=26450b52-a291-b1ab-2512-2801b2ad60b8	URL: ww1.12kbps.xyz/favicon.ico FQDN: ww1.12kbps.xyz IP: 199.59.243.222 HASH: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 199.59.243.222 HTTP/1.1 200 OK Content-Type: image/x-icon Server: openresty Date: Fri, 03 Feb 2023 07:58:59 GMT Content-Length: 0 Last-Modified: Wed, 15 Sep 2021 19:38:30 GMT Connection: keep-alive ETag: "61424bb6-0" x-backend-server: ip-10-201-16-141.ec2.internal Accept-Ranges: bytes --- Additional Info --- Magic: Size: 0 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 84 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: ocsp.pki.goog/gts1c3 FQDN: ocsp.pki.goog IP: 142.250.74.163 HASH: a210a4599baaa980674b456f020282cd470559b319be263fdcf9eaec7cff0d3b 142.250.74.163 HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Fri, 03 Feb 2023 07:58:59 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 472 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN --- Additional Info --- Magic: data Size: 472 Md5: 0c15fd84f4711d994724c35236542194 Sha1: c47d77fe5b373a86bd9a116bd8baac07ec746add Sha256: a210a4599baaa980674b456f020282cd470559b319be263fdcf9eaec7cff0d3b
POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 84 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: ocsp.pki.goog/gts1c3 FQDN: ocsp.pki.goog IP: 142.250.74.163 HASH: 768a8260af372a1ca06f826c3a3f84b6bc4523130134b32998baf75b64d7de4b 142.250.74.163 HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Fri, 03 Feb 2023 07:58:59 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 472 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN --- Additional Info --- Magic: data Size: 472 Md5: ead5df3e30e38bb1a739ababb3292302 Sha1: b5986cff7222999bf19e360ced4a445a2202c82c Sha256: 768a8260af372a1ca06f826c3a3f84b6bc4523130134b32998baf75b64d7de4b
GET /gampad/cookie.js?domain=ww1.12kbps.xyz&client=dp-bodis30_3ph&product=SAS&callback=__sasCookie HTTP/1.1 Host: partner.googleadservices.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: http://ww1.12kbps.xyz/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site	URL: partner.googleadservices.com/gampad/cookie.js?domain=ww (...) FQDN: partner.googleadservices.com IP: 216.58.211.2 HASH: d96a7f2f388c74a59877690ddd5a71869933052327e9232dab7acfbcf5dbdb3e 216.58.211.2 HTTP/2 200 OK content-type: text/javascript; charset=UTF-8 p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" timing-allow-origin: * cross-origin-resource-policy: cross-origin x-content-type-options: nosniff content-disposition: attachment; filename="f.txt" content-encoding: gzip date: Fri, 03 Feb 2023 07:58:59 GMT server: cafe cache-control: private content-length: 241 x-xss-protection: 0 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2 --- Additional Info --- Magic: ASCII text, with very long lines (360), with no line terminators Size: 241 Md5: 50e952364bef75d08e15aff8d9bf27d1 Sha1: 21a8ebdb4687747b98530edfb0f4beccf9b83418 Sha256: d96a7f2f388c74a59877690ddd5a71869933052327e9232dab7acfbcf5dbdb3e
POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 84 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: ocsp.pki.goog/gts1c3 FQDN: ocsp.pki.goog IP: 142.250.74.163 HASH: 768a8260af372a1ca06f826c3a3f84b6bc4523130134b32998baf75b64d7de4b 142.250.74.163 HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Fri, 03 Feb 2023 07:58:59 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 472 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN --- Additional Info --- Magic: data Size: 472 Md5: ead5df3e30e38bb1a739ababb3292302 Sha1: b5986cff7222999bf19e360ced4a445a2202c82c Sha256: 768a8260af372a1ca06f826c3a3f84b6bc4523130134b32998baf75b64d7de4b
POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: ocsp.pki.goog/gts1c3 FQDN: ocsp.pki.goog IP: 142.250.74.163 HASH: 502c60a18a13b84598933731d182aafd4b83576bfc56451b36f9238c621a571d 142.250.74.163 HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Fri, 03 Feb 2023 07:59:00 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 471 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN --- Additional Info --- Magic: data Size: 471 Md5: bbeb609cbf32a8842bf96a124588e65e Sha1: 40c0f548bcb714731f62df5a27cad21adef0463d Sha256: 502c60a18a13b84598933731d182aafd4b83576bfc56451b36f9238c621a571d
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.77.32 HASH: 98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba 23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA" Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=14120 Expires: Fri, 03 Feb 2023 11:54:20 GMT Date: Fri, 03 Feb 2023 07:59:00 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: d719402de0cd695e55dab2767247da49 Sha1: f12f4795987a284820f6785ec16b5032b9861d79 Sha256: 98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.77.32 HASH: 98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba 23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA" Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=14120 Expires: Fri, 03 Feb 2023 11:54:20 GMT Date: Fri, 03 Feb 2023 07:59:00 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: d719402de0cd695e55dab2767247da49 Sha1: f12f4795987a284820f6785ec16b5032b9861d79 Sha256: 98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.77.32 HASH: 98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba 23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA" Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=14120 Expires: Fri, 03 Feb 2023 11:54:20 GMT Date: Fri, 03 Feb 2023 07:59:00 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: d719402de0cd695e55dab2767247da49 Sha1: f12f4795987a284820f6785ec16b5032b9861d79 Sha256: 98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F02b3a6ce-4c58-4537-b381-4408c9d874e0.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: 639d95e5e0d47333b64456d10fdf58a6b08fc0534bdbefd0fbf1f95a3114aae2 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 13256 x-amzn-requestid: 80e76cde-e3b4-4561-9dd5-41ed978b5179 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: fpc79HgtoAMFnxg= x-content-type-options: nosniff x-amzn-trace-id: Root=1-63da0eb2-79750d82126858473cdaab70;Sampled=0 x-amzn-remapped-date: Wed, 01 Feb 2023 07:03:14 GMT x-amz-cf-pop: SEA19-C2 x-cache: Miss from cloudfront x-amz-cf-id: M8V4C2TS29wrxVDbhXjneMEOx7lAfv9vVklCosiY5gZLas-MaVuO5g== via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google date: Fri, 03 Feb 2023 07:21:41 GMT age: 2239 etag: "158bbc1deaf9becfab7a022140881c7cdfa569ba" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 13256 Md5: d6ea028ef77181355868bb36e11a7b88 Sha1: 158bbc1deaf9becfab7a022140881c7cdfa569ba Sha256: 639d95e5e0d47333b64456d10fdf58a6b08fc0534bdbefd0fbf1f95a3114aae2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6fde7081-1c8d-41df-98c8-c063731c6202.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: 1f467ce5825e3f8b8f841293d1ce945dc7a577abbe2cb8a2caa16ace165f4857 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 3385 x-amzn-requestid: 30717e1a-7a08-4b11-90e7-cd175aa667d9 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: fuvzrEo4oAMF1qg= x-content-type-options: nosniff x-amzn-trace-id: Root=1-63dc2ce4-3bc1302b4cf47fa2520e3033;Sampled=0 x-amzn-remapped-date: Thu, 02 Feb 2023 21:36:36 GMT x-amz-cf-pop: HIO50-C1, SEA19-C2 x-cache: Hit from cloudfront x-amz-cf-id: M1ueeOY5WmuJwPyf4dPvRrjQfTU5d2G-2T3_6fLfTI4UTjuxZ-U4ow== via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google date: Thu, 02 Feb 2023 21:44:46 GMT age: 36854 etag: "4bdaa7e9e8d6408b73ea457e7aabb26fa2a5c81c" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 3385 Md5: 703c7834618fd34f3d7ce5c82a51abc0 Sha1: 4bdaa7e9e8d6408b73ea457e7aabb26fa2a5c81c Sha256: 1f467ce5825e3f8b8f841293d1ce945dc7a577abbe2cb8a2caa16ace165f4857
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8458d532-a4e7-4e54-9165-f01ff92729f5.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: 770a765c927c0f81d0c41acd45a7a24f5799f9497fcc73489cab4fafbf994bdb 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 5256 x-amzn-requestid: b0455eb8-b10c-4328-8abe-65c5184f6654 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: frx7uFcooAMFpxQ= x-content-type-options: nosniff x-amzn-trace-id: Root=1-63dafd17-553139816e1fb7b65e683dc6;Sampled=0 x-amzn-remapped-date: Thu, 02 Feb 2023 00:00:23 GMT x-amz-cf-pop: SEA19-C2 x-cache: Hit from cloudfront x-amz-cf-id: pwRBB72InX8OP4KXpQKTs9T4iMY0E3hPX8Nko9gd7m1BOm8_DqbRaA== via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google date: Fri, 03 Feb 2023 00:37:24 GMT age: 26496 etag: "28ce91c8643c4bc4dcc4cd26dfc69dc6219ce5bf" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 5256 Md5: fe87e986c62630127a7fdd979c802947 Sha1: 28ce91c8643c4bc4dcc4cd26dfc69dc6219ce5bf Sha256: 770a765c927c0f81d0c41acd45a7a24f5799f9497fcc73489cab4fafbf994bdb
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F524a46fd-88eb-4539-9d8b-1ac679ae5990.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: 5030244d4babd1023166f39c935029d789a91ba90aa3a44c6f4c88ddc947b678 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 8211 x-amzn-requestid: 6a1fd567-b34d-4787-aa05-5b7db3fc51c3 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: fflRBHU4IAMFnsw= x-content-type-options: nosniff x-amzn-trace-id: Root=1-63d61c06-2d1ec3206d2ebeb4780a84b4;Sampled=0 x-amzn-remapped-date: Sun, 29 Jan 2023 07:11:02 GMT x-amz-cf-pop: SEA19-C2 x-cache: Miss from cloudfront x-amz-cf-id: lUloQ6xaRWpnvMRh7kFvFIWhFotmILLZHfD_YK01RmrQ2vmYKVh46w== via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google date: Fri, 03 Feb 2023 03:08:32 GMT age: 17428 etag: "541e878afee68c8802bb52b0cbbe5a5a0a185392" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 8211 Md5: 114e345e134986d7451148fcea31b29d Sha1: 541e878afee68c8802bb52b0cbbe5a5a0a185392 Sha256: 5030244d4babd1023166f39c935029d789a91ba90aa3a44c6f4c88ddc947b678
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: 9d661c26effaec9efee16833f6459d6ecbe4f77b822c9c46e2a6433bda816e5c 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 11565 x-amzn-requestid: 87a84ffd-1176-4656-aac4-e98f38ec2cd9 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: fboIrFGboAMFyyQ= x-content-type-options: nosniff x-amzn-trace-id: Root=1-63d48704-162ed8114aa1809204500548;Sampled=0 x-amzn-remapped-date: Sat, 28 Jan 2023 02:23:00 GMT x-amz-cf-pop: SEA19-C2 x-cache: Hit from cloudfront x-amz-cf-id: w0Zm5V0TQxsQ7917U3fdhS_n7qKE143PuhI2JmNCDM_Pf0yPLyW6yA== via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google date: Thu, 02 Feb 2023 21:48:01 GMT age: 36659 etag: "a52c2883bad98fa20333aa639a5dd3a5bf544c8e" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 11565 Md5: e366b32074025aaf60bbae8bdb08d330 Sha1: a52c2883bad98fa20333aa639a5dd3a5bf544c8e Sha256: 9d661c26effaec9efee16833f6459d6ecbe4f77b822c9c46e2a6433bda816e5c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fedd456a0-d42f-4b40-ad63-ea1dcfaf69eb.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: 3fbd7441712035f4d53c17eec93bc278e6c072043f3b5a721cac349fc0dabe77 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 10166 x-amzn-requestid: 54fe0d12-360f-4d97-bcf3-b24747d956aa x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: fY_4zHEcoAMF1iA= x-content-type-options: nosniff x-amzn-trace-id: Root=1-63d379d1-4ba89e44005f616a0ed3ed24;Sampled=0 x-amzn-remapped-date: Fri, 27 Jan 2023 07:14:25 GMT x-amz-cf-pop: SEA19-C2 x-cache: Hit from cloudfront x-amz-cf-id: hSyEfSDToqgfnFIW68Krz-ANYUNQoUPWhyb-8xDUarI6mnVLXriHDQ== via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google date: Thu, 02 Feb 2023 21:59:54 GMT age: 35946 etag: "f52ccbe6cbced1994acb13a00b05436553b6813e" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 10166 Md5: 2a6aaf87a867f93dc9268a8b27973b97 Sha1: f52ccbe6cbced1994acb13a00b05436553b6813e Sha256: 3fbd7441712035f4d53c17eec93bc278e6c072043f3b5a721cac349fc0dabe77
POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: ocsp.pki.goog/gts1c3 FQDN: ocsp.pki.goog IP: 142.250.74.163 HASH: 502c60a18a13b84598933731d182aafd4b83576bfc56451b36f9238c621a571d 142.250.74.163 HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Fri, 03 Feb 2023 07:59:00 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 471 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN --- Additional Info --- Magic: data Size: 471 Md5: bbeb609cbf32a8842bf96a124588e65e Sha1: 40c0f548bcb714731f62df5a27cad21adef0463d Sha256: 502c60a18a13b84598933731d182aafd4b83576bfc56451b36f9238c621a571d
POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 84 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: ocsp.pki.goog/gts1c3 FQDN: ocsp.pki.goog IP: 142.250.74.163 HASH: 30cd3ac555fa6d8d5a5a1165b9ff3b78336c0c3c44e22f034879869a99f61043 142.250.74.163 HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Fri, 03 Feb 2023 07:59:00 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 472 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN --- Additional Info --- Magic: data Size: 472 Md5: 1c56c7c141fbb2647e4909546c5ee1ac Sha1: bf1479b20c78d135ce6397b0bff0e6573a3bcbef Sha256: 30cd3ac555fa6d8d5a5a1165b9ff3b78336c0c3c44e22f034879869a99f61043
POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 84 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: ocsp.pki.goog/gts1c3 FQDN: ocsp.pki.goog IP: 142.250.74.163 HASH: 30cd3ac555fa6d8d5a5a1165b9ff3b78336c0c3c44e22f034879869a99f61043 142.250.74.163 HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Fri, 03 Feb 2023 07:59:00 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 472 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN --- Additional Info --- Magic: data Size: 472 Md5: 1c56c7c141fbb2647e4909546c5ee1ac Sha1: bf1479b20c78d135ce6397b0bff0e6573a3bcbef Sha256: 30cd3ac555fa6d8d5a5a1165b9ff3b78336c0c3c44e22f034879869a99f61043
GET /ad_icons/standard/publisher_icon_image/call_to_action_arrow.svg?c=%23ffffff HTTP/1.1 Host: afs.googleusercontent.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://www.google.com/ Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site	URL: afs.googleusercontent.com/ad_icons/standard/publisher_i (...) FQDN: afs.googleusercontent.com IP: 142.250.74.97 HASH: 735f48c2876099e6a731c65fc46ec1ec133c316e0997d04eb0ee246741bee647 142.250.74.97 HTTP/2 200 OK content-type: image/svg+xml accept-ranges: bytes vary: Accept-Encoding content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers" report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]} content-length: 278 x-content-type-options: nosniff content-encoding: gzip server: sffe x-xss-protection: 0 date: Fri, 03 Feb 2023 03:24:30 GMT expires: Sat, 04 Feb 2023 02:24:30 GMT cache-control: public, max-age=82800 age: 16470 last-modified: Tue, 09 Feb 2021 14:15:00 GMT alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2 --- Additional Info --- Magic: SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (306) Size: 278 Md5: bb7fc36f627255dd4783f849dca0932e Sha1: 80e89ef8f3c2c8ee982523757fce214ea7323a69 Sha256: 735f48c2876099e6a731c65fc46ec1ec133c316e0997d04eb0ee246741bee647
POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: ocsp.pki.goog/gts1c3 FQDN: ocsp.pki.goog IP: 142.250.74.163 HASH: 093a4523b327faf080d2d200d6e8d9e615abe6e048a72d70c3bc8e9f89cc50bf 142.250.74.163 HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Fri, 03 Feb 2023 07:59:00 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 471 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN --- Additional Info --- Magic: data Size: 471 Md5: e3383a870b280d28b1d924543e6128af Sha1: 0e9ccaf308e10ae68774fe0d32e10d063f379e7d Sha256: 093a4523b327faf080d2d200d6e8d9e615abe6e048a72d70c3bc8e9f89cc50bf
GET /ad_icons/standard/publisher_icon_image/search.svg?c=%2302198b HTTP/1.1 Host: afs.googleusercontent.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://www.google.com/ Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site	URL: afs.googleusercontent.com/ad_icons/standard/publisher_i (...) FQDN: afs.googleusercontent.com IP: 142.250.74.97 HASH: 8622edbe2503910e3cbeecef073a09e662fd2507436c3aabf885d155afd96565 142.250.74.97 HTTP/2 200 OK content-type: image/svg+xml accept-ranges: bytes vary: Accept-Encoding content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers" report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]} content-length: 272 x-content-type-options: nosniff content-encoding: gzip server: sffe x-xss-protection: 0 date: Fri, 03 Feb 2023 02:00:10 GMT expires: Sat, 04 Feb 2023 01:00:10 GMT cache-control: public, max-age=82800 age: 21530 last-modified: Thu, 19 Dec 2019 14:15:00 GMT alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2 --- Additional Info --- Magic: SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (390) Size: 272 Md5: ab1acb76dd408583614a7a6cedf41866 Sha1: e2d2d7074479023d37474ab62755b658d22d4ab1 Sha256: 8622edbe2503910e3cbeecef073a09e662fd2507436c3aabf885d155afd96565
GET /s/michroma/v16/PN_zRfy9qWD8fEagAPg9pTk.woff2 HTTP/1.1 Host: fonts.gstatic.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: identity Origin: https://www.google.com Connection: keep-alive Referer: https://fonts.googleapis.com/ Sec-Fetch-Dest: font Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: fonts.gstatic.com/s/michroma/v16/PN_zRfy9qWD8fEagAPg9pT (...) FQDN: fonts.gstatic.com IP: 216.58.211.3 HASH: da748253b458c5fc9c9a5e3c108b1cda280f52df4008702b9cea695ec23332aa 216.58.211.3 HTTP/2 200 OK content-type: font/woff2 accept-ranges: bytes access-control-allow-origin: * content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy: cross-origin cross-origin-opener-policy: same-origin; report-to="apps-themes" report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} timing-allow-origin: * content-length: 17156 x-content-type-options: nosniff server: sffe x-xss-protection: 0 date: Thu, 02 Feb 2023 18:06:38 GMT expires: Fri, 02 Feb 2024 18:06:38 GMT cache-control: public, max-age=31536000 age: 49942 last-modified: Tue, 26 Apr 2022 14:38:29 GMT alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2 --- Additional Info --- Magic: Web Open Font Format (Version 2), TrueType, length 17156, version 1.0\012- data Size: 17156 Md5: 402cbe860d64ae2e13145e34cbc7889c Sha1: 7af4691dc306b7583365b9ff2ead0c1f6db017c5 Sha256: da748253b458c5fc9c9a5e3c108b1cda280f52df4008702b9cea695ec23332aa
POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 84 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: ocsp.pki.goog/gts1c3 FQDN: ocsp.pki.goog IP: 142.250.74.163 HASH: 30cd3ac555fa6d8d5a5a1165b9ff3b78336c0c3c44e22f034879869a99f61043 142.250.74.163 HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Fri, 03 Feb 2023 07:59:00 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 472 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN --- Additional Info --- Magic: data Size: 472 Md5: 1c56c7c141fbb2647e4909546c5ee1ac Sha1: bf1479b20c78d135ce6397b0bff0e6573a3bcbef Sha256: 30cd3ac555fa6d8d5a5a1165b9ff3b78336c0c3c44e22f034879869a99f61043
POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: ocsp.pki.goog/gts1c3 FQDN: ocsp.pki.goog IP: 142.250.74.163 HASH: 093a4523b327faf080d2d200d6e8d9e615abe6e048a72d70c3bc8e9f89cc50bf 142.250.74.163 HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Fri, 03 Feb 2023 07:59:00 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 471 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN --- Additional Info --- Magic: data Size: 471 Md5: e3383a870b280d28b1d924543e6128af Sha1: 0e9ccaf308e10ae68774fe0d32e10d063f379e7d Sha256: 093a4523b327faf080d2d200d6e8d9e615abe6e048a72d70c3bc8e9f89cc50bf
POST /_tr HTTP/1.1 Host: ww1.12kbps.xyz User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: application/json Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://ww1.12kbps.xyz/ Content-Type: application/json Origin: http://ww1.12kbps.xyz Content-Length: 1625 Connection: keep-alive Cookie: sid=9cbf1f0e-a398-11ed-8be0-810d81628e35; parking_session=26450b52-a291-b1ab-2512-2801b2ad60b8; __gsas=ID=6739b9a040480650:T=1675411139:S=ALNI_MZZ2Ikz8OsRW6QTJwKUptaQSJYmFw	URL: ww1.12kbps.xyz/_tr FQDN: ww1.12kbps.xyz IP: 199.59.243.222 HASH: 47fd05ef74fef5da03fa22483e63fc977cad8e026ae41dadbbcc3745907f306b 199.59.243.222 HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: openresty Transfer-Encoding: chunked Connection: keep-alive Date: Fri, 03 Feb 2023 07:59:00 GMT X-Version: 2.102.1 Set-Cookie: parking_session=26450b52-a291-b1ab-2512-2801b2ad60b8; expires=Fri, 03-Feb-2023 08:14:00 GMT; Max-Age=900; path=/; httponly Expires: Thu, 01 Jan 1970 00:00:01 GMT Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Content-Encoding: gzip --- Additional Info --- Magic: ASCII text, with no line terminators Size: 22 Md5: 5cfde9b47de2d84bd26fc473632647c0 Sha1: fd53c70631b6068328be57daec71bd94bf004d41 Sha256: 47fd05ef74fef5da03fa22483e63fc977cad8e026ae41dadbbcc3745907f306b
GET /css?family=Michroma&display=swap HTTP/1.1 Host: fonts.googleapis.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://www.google.com/ Connection: keep-alive Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site	URL: fonts.googleapis.com/css?family=Michroma&display=swap FQDN: fonts.googleapis.com IP: 142.250.74.74 142.250.74.74 HTTP/2 200 OK content-type: text/css; charset=utf-8 access-control-allow-origin: * timing-allow-origin: * link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin strict-transport-security: max-age=31536000 expires: Fri, 03 Feb 2023 07:59:00 GMT date: Fri, 03 Feb 2023 07:59:00 GMT cache-control: private, max-age=86400 cross-origin-opener-policy: same-origin-allow-popups cross-origin-resource-policy: cross-origin content-encoding: gzip server: ESF x-xss-protection: 0 x-frame-options: SAMEORIGIN x-content-type-options: nosniff alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2 --- Additional Info ---
GET /adsense/domains/caf.js HTTP/1.1 Host: www.google.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: http://ww1.12kbps.xyz/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site	URL: www.google.com/adsense/domains/caf.js FQDN: www.google.com IP: 142.250.74.4 142.250.74.4 HTTP/2 200 OK content-type: text/javascript; charset=UTF-8 accept-ranges: bytes vary: Accept-Encoding content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui cross-origin-resource-policy: cross-origin cross-origin-opener-policy: same-origin; report-to="ads-afs-ui" report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]} date: Fri, 03 Feb 2023 07:58:59 GMT expires: Fri, 03 Feb 2023 07:58:59 GMT cache-control: private, max-age=3600 etag: "17404069423380680451" x-content-type-options: nosniff content-encoding: gzip server: sffe x-xss-protection: 0 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2 --- Additional Info ---

                                        
                                            POST / HTTP/1.1 

                                        
                                            
Host: r3.o.lencr.org

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Content-Type: application/ocsp-request 

                                        
                                            
Content-Length: 85 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Pragma: no-cache 

                                        
                                            
Cache-Control: no-cache

                                         23.36.77.32

                                        
                                            HTTP/1.1 200 OK 

                                        
                                            
Content-Type: application/ocsp-response

                                        

                                        
                                            
Server: nginx 

                                        
                                            
Content-Length: 503 

                                        
                                            
ETag: "EB0CE9AE50D156FE5924B2D77346735E4E93B5240CFF301C9AA835BB0B385815" 

                                        
                                            
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC 

                                        
                                            
Cache-Control: public, no-transform, must-revalidate, max-age=13836 

                                        
                                            
Expires: Fri, 03 Feb 2023 11:49:33 GMT 

                                        
                                            
Date: Fri, 03 Feb 2023 07:58:57 GMT 

                                        
                                            
Connection: keep-alive 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  data

                                                Size:   503

                                                Md5:    e935ea42be4feaed61a824b0b903913e

                                                Sha1:   f966cfa80d65a805cb9d7c6a53b3340865d7c51a

                                                Sha256: eb0ce9ae50d156fe5924b2d77346735e4e93b5240cff301c9aa835bb0b385815

                                        
                                            GET /v1/ HTTP/1.1 

                                        
                                            
Host: firefox.settings.services.mozilla.com

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Sec-Fetch-Dest: empty 

                                        
                                            
Sec-Fetch-Mode: cors 

                                        
                                            
Sec-Fetch-Site: cross-site

                                         35.241.9.150

                                        
                                            HTTP/2 200 OK 

                                        
                                            
content-type: application/json

                                        

                                        
                                            
access-control-allow-origin: * 

                                        
                                            
access-control-expose-headers: Backoff, Retry-After, Content-Length, Alert, Content-Type 

                                        
                                            
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; 

                                        
                                            
strict-transport-security: max-age=31536000 

                                        
                                            
x-content-type-options: nosniff 

                                        
                                            
content-length: 939 

                                        
                                            
via: 1.1 google 

                                        
                                            
date: Fri, 03 Feb 2023 07:36:10 GMT 

                                        
                                            
age: 1367 

                                        
                                            
cache-control: max-age=3600,public 

                                        
                                            
alt-svc: clear 

                                        
                                            
X-Firefox-Spdy: h2 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators

                                                Size:   939

                                                Md5:    30db107dcf4380cef05efea409c2e6a3

                                                Sha1:   96e6a306fbc07299aba64e5c14e2bfca35872fa9

                                                Sha256: b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e

                                        
                                            POST / HTTP/1.1 

                                        
                                            
Host: r3.o.lencr.org

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Content-Type: application/ocsp-request 

                                        
                                            
Content-Length: 85 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Pragma: no-cache 

                                        
                                            
Cache-Control: no-cache

                                         23.36.77.32

                                        
                                            HTTP/1.1 200 OK 

                                        
                                            
Content-Type: application/ocsp-response

                                        

                                        
                                            
Server: nginx 

                                        
                                            
Content-Length: 503 

                                        
                                            
ETag: "DE0E45969A2AD95E52F7E2FBD0D021D9075DD7B14666C929346EFE111F648F7C" 

                                        
                                            
Last-Modified: Thu, 02 Feb 2023 16:00:00 UTC 

                                        
                                            
Cache-Control: public, no-transform, must-revalidate, max-age=6312 

                                        
                                            
Expires: Fri, 03 Feb 2023 09:44:09 GMT 

                                        
                                            
Date: Fri, 03 Feb 2023 07:58:57 GMT 

                                        
                                            
Connection: keep-alive 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  data

                                                Size:   503

                                                Md5:    7d2222d41721947297aaeb5a6e3d0714

                                                Sha1:   04cc1ee417c8bf6338657fd4c2e4e1c1ddfd3065

                                                Sha256: de0e45969a2ad95e52f7e2fbd0d021d9075dd7b14666c929346efe111f648f7c

                                        
                                            GET /v1/tiles HTTP/1.1 

                                        
                                            
Host: contile.services.mozilla.com

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Sec-Fetch-Dest: empty 

                                        
                                            
Sec-Fetch-Mode: cors 

                                        
                                            
Sec-Fetch-Site: cross-site

                                         34.117.237.239

                                        
                                            HTTP/2 200 OK 

                                        
                                            
content-type: application/json

                                        

                                        
                                            
server: nginx 

                                        
                                            
date: Fri, 03 Feb 2023 07:58:57 GMT 

                                        
                                            
content-length: 12 

                                        
                                            
access-control-allow-credentials: true 

                                        
                                            
access-control-expose-headers: content-type 

                                        
                                            
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers 

                                        
                                            
strict-transport-security: max-age=31536000 

                                        
                                            
via: 1.1 google 

                                        
                                            
alt-svc: clear 

                                        
                                            
X-Firefox-Spdy: h2 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  JSON data\012- , ASCII text, with no line terminators

                                                Size:   12

                                                Md5:    23e88fb7b99543fb33315b29b1fad9d6

                                                Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce

                                                Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 

                                        
                                            
Host: firefox.settings.services.mozilla.com

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: application/json 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Content-Type: application/json 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Sec-Fetch-Dest: empty 

                                        
                                            
Sec-Fetch-Mode: cors 

                                        
                                            
Sec-Fetch-Site: cross-site

                                         35.241.9.150

                                        
                                            HTTP/2 200 OK 

                                        
                                            
content-type: application/json

                                        

                                        
                                            
access-control-allow-origin: * 

                                        
                                            
access-control-expose-headers: Pragma, Backoff, Retry-After, Content-Length, Last-Modified, Expires, Cache-Control, ETag, Alert, Content-Type 

                                        
                                            
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; 

                                        
                                            
strict-transport-security: max-age=31536000 

                                        
                                            
x-content-type-options: nosniff 

                                        
                                            
content-length: 329 

                                        
                                            
via: 1.1 google 

                                        
                                            
date: Fri, 03 Feb 2023 07:49:06 GMT 

                                        
                                            
age: 592 

                                        
                                            
last-modified: Fri, 25 Mar 2022 17:45:46 GMT 

                                        
                                            
etag: "1648230346554" 

                                        
                                            
cache-control: max-age=3600,public 

                                        
                                            
alt-svc: clear 

                                        
                                            
X-Firefox-Spdy: h2 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators

                                                Size:   329

                                                Md5:    0333b0655111aa68de771adfcc4db243

                                                Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb

                                                Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

                                        
                                            GET / HTTP/1.1 

                                        
                                            
Host: push.services.mozilla.com

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Sec-WebSocket-Version: 13 

                                        
                                            
Origin: wss://push.services.mozilla.com/ 

                                        
                                            
Sec-WebSocket-Protocol: push-notification 

                                        
                                            
Sec-WebSocket-Extensions: permessage-deflate 

                                        
                                            
Sec-WebSocket-Key: SE9zOpQXG753QV9GCQL0/A== 

                                        
                                            
Connection: keep-alive, Upgrade 

                                        
                                            
Sec-Fetch-Dest: websocket 

                                        
                                            
Sec-Fetch-Mode: websocket 

                                        
                                            
Sec-Fetch-Site: cross-site 

                                        
                                            
Pragma: no-cache 

                                        
                                            
Cache-Control: no-cache 

                                        
                                            
Upgrade: websocket

                                         34.223.234.225

                                        
                                            HTTP/1.1 101 Switching Protocols

                                        

                                        
                                            
Connection: Upgrade 

                                        
                                            
Upgrade: websocket 

                                        
                                            
Sec-WebSocket-Accept: pjDhTs3i3WNqSovfdzxruCOsmmA= 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  

                                                Size:   0

                                                Md5:    d41d8cd98f00b204e9800998ecf8427e

                                                Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                        
                                            GET / HTTP/1.1 

                                        
                                            
Host: ww1.12kbps.xyz

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Referer: http://12kbps.xyz/ 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Cookie: sid=9cbf1f0e-a398-11ed-8be0-810d81628e35 

                                        
                                            
Upgrade-Insecure-Requests: 1

                                         199.59.243.222

                                        
                                            HTTP/1.1 200 OK 

                                        
                                            
Content-Type: text/html; charset=UTF-8

                                        

                                        
                                            
Server: openresty 

                                        
                                            
Date: Fri, 03 Feb 2023 07:58:59 GMT 

                                        
                                            
Transfer-Encoding: chunked 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Set-Cookie: parking_session=26450b52-a291-b1ab-2512-2801b2ad60b8; expires=Fri, 03-Feb-2023 08:13:59 GMT; Max-Age=900; path=/; HttpOnly 

                                        
                                            
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_CU3U8s+aJWQokwTzuCTqIfK3S/ZirhSGCm/DN5AOAsZh2nXlS28YkoUZTT4LIWW7JXRKxLKJyv4SzRWDSniRag== 

                                        
                                            
Accept-CH: sec-ch-prefers-color-scheme 

                                        
                                            
Critical-CH: sec-ch-prefers-color-scheme 

                                        
                                            
Vary: sec-ch-prefers-color-scheme 

                                        
                                            
Expires: Thu, 01 Jan 1970 00:00:01 GMT 

                                        
                                            
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0 

                                        
                                            
Pragma: no-cache 

                                        
                                            
Content-Encoding: gzip 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (895), with no line terminators

                                                Size:   686

                                                Md5:    81233745b955ffae678fbcceb01034b3

                                                Sha1:   f7d0954b694d04ccd2b7b7029482f1b5d34407e0

                                                Sha256: f14146a0bf84a2e5c61fe1c6fba9f670f2092544c6a744a633447e8649fbe307

                                        
                                            POST /_fd HTTP/1.1 

                                        
                                            
Host: ww1.12kbps.xyz

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: application/json 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Referer: http://ww1.12kbps.xyz/ 

                                        
                                            
Content-Type: application/json 

                                        
                                            
Origin: http://ww1.12kbps.xyz 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Cookie: sid=9cbf1f0e-a398-11ed-8be0-810d81628e35; parking_session=26450b52-a291-b1ab-2512-2801b2ad60b8 

                                        
                                            
Content-Length: 0

                                         199.59.243.222

                                        
                                            HTTP/1.1 200 OK 

                                        
                                            
Content-Type: text/html; charset=UTF-8

                                        

                                        
                                            
Server: openresty 

                                        
                                            
Transfer-Encoding: chunked 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Date: Fri, 03 Feb 2023 07:58:59 GMT 

                                        
                                            
X-Version: 2.102.1 

                                        
                                            
Set-Cookie: parking_session=26450b52-a291-b1ab-2512-2801b2ad60b8; expires=Fri, 03-Feb-2023 08:13:59 GMT; Max-Age=900; path=/; httponly 

                                        
                                            
Expires: Thu, 01 Jan 1970 00:00:01 GMT 

                                        
                                            
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0 

                                        
                                            
Pragma: no-cache 

                                        
                                            
Content-Encoding: gzip 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  ASCII text, with very long lines (5153), with no line terminators

                                                Size:   2594

                                                Md5:    2e595acc294fc505ca84e41d08a1020d

                                                Sha1:   7da990dc43f13ee81f67e375b9a44717cb557093

                                                Sha256: f90aabe923252e63fedbace0cd4c905a5abe93cc3a190875714dcf316a01c788

                                        
                                            GET /px.gif?ch=2&rn=7.56807114323967 HTTP/1.1 

                                        
                                            
Host: ww1.12kbps.xyz

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: image/avif,image/webp,*/* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Referer: http://ww1.12kbps.xyz/ 

                                        
                                            
Cookie: sid=9cbf1f0e-a398-11ed-8be0-810d81628e35; parking_session=26450b52-a291-b1ab-2512-2801b2ad60b8

                                         199.59.243.222

                                        
                                            HTTP/1.1 200 OK 

                                        
                                            
Content-Type: image/gif

                                        

                                        
                                            
Server: openresty 

                                        
                                            
Date: Fri, 03 Feb 2023 07:58:59 GMT 

                                        
                                            
Content-Length: 42 

                                        
                                            
Last-Modified: Wed, 15 Sep 2021 19:38:30 GMT 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Expires: Thu, 01 Jan 1970 00:00:01 GMT 

                                        
                                            
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0 

                                        
                                            
Pragma: no-cache 

                                        
                                            
Accept-Ranges: bytes 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  GIF image data, version 89a, 1 x 1\012- data

                                                Size:   42

                                                Md5:    d89746888da2d9510b64a9f031eaecd5

                                                Sha1:   d5fceb6532643d0d84ffe09c40c481ecdf59e15a

                                                Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

                                        
                                            GET /favicon.ico HTTP/1.1 

                                        
                                            
Host: ww1.12kbps.xyz

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: image/avif,image/webp,*/* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Referer: http://ww1.12kbps.xyz/ 

                                        
                                            
Cookie: sid=9cbf1f0e-a398-11ed-8be0-810d81628e35; parking_session=26450b52-a291-b1ab-2512-2801b2ad60b8

                                         199.59.243.222

                                        
                                            HTTP/1.1 200 OK 

                                        
                                            
Content-Type: image/x-icon

                                        

                                        
                                            
Server: openresty 

                                        
                                            
Date: Fri, 03 Feb 2023 07:58:59 GMT 

                                        
                                            
Content-Length: 0 

                                        
                                            
Last-Modified: Wed, 15 Sep 2021 19:38:30 GMT 

                                        
                                            
Connection: keep-alive 

                                        
                                            
ETag: "61424bb6-0" 

                                        
                                            
x-backend-server: ip-10-201-16-141.ec2.internal 

                                        
                                            
Accept-Ranges: bytes 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  

                                                Size:   0

                                                Md5:    d41d8cd98f00b204e9800998ecf8427e

                                                Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                        
                                            POST /gts1c3 HTTP/1.1 

                                        
                                            
Host: ocsp.pki.goog

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Content-Type: application/ocsp-request 

                                        
                                            
Content-Length: 84 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Pragma: no-cache 

                                        
                                            
Cache-Control: no-cache

                                         142.250.74.163

                                        
                                            HTTP/1.1 200 OK 

                                        
                                            
Content-Type: application/ocsp-response

                                        

                                        
                                            
Date: Fri, 03 Feb 2023 07:58:59 GMT 

                                        
                                            
Cache-Control: public, max-age=14400 

                                        
                                            
Server: ocsp_responder 

                                        
                                            
Content-Length: 472 

                                        
                                            
X-XSS-Protection: 0 

                                        
                                            
X-Frame-Options: SAMEORIGIN 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  data

                                                Size:   472

                                                Md5:    ead5df3e30e38bb1a739ababb3292302

                                                Sha1:   b5986cff7222999bf19e360ced4a445a2202c82c

                                                Sha256: 768a8260af372a1ca06f826c3a3f84b6bc4523130134b32998baf75b64d7de4b

                                        
                                            POST /gts1c3 HTTP/1.1 

                                        
                                            
Host: ocsp.pki.goog

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Content-Type: application/ocsp-request 

                                        
                                            
Content-Length: 84 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Pragma: no-cache 

                                        
                                            
Cache-Control: no-cache

                                         142.250.74.163

                                        
                                            HTTP/1.1 200 OK 

                                        
                                            
Content-Type: application/ocsp-response

                                        

                                        
                                            
Date: Fri, 03 Feb 2023 07:58:59 GMT 

                                        
                                            
Cache-Control: public, max-age=14400 

                                        
                                            
Server: ocsp_responder 

                                        
                                            
Content-Length: 472 

                                        
                                            
X-XSS-Protection: 0 

                                        
                                            
X-Frame-Options: SAMEORIGIN 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  data

                                                Size:   472

                                                Md5:    ead5df3e30e38bb1a739ababb3292302

                                                Sha1:   b5986cff7222999bf19e360ced4a445a2202c82c

                                                Sha256: 768a8260af372a1ca06f826c3a3f84b6bc4523130134b32998baf75b64d7de4b

                                        
                                            POST / HTTP/1.1 

                                        
                                            
Host: r3.o.lencr.org

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Content-Type: application/ocsp-request 

                                        
                                            
Content-Length: 85 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Pragma: no-cache 

                                        
                                            
Cache-Control: no-cache

                                         23.36.77.32

                                        
                                            HTTP/1.1 200 OK 

                                        
                                            
Content-Type: application/ocsp-response

                                        

                                        
                                            
Server: nginx 

                                        
                                            
Content-Length: 503 

                                        
                                            
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA" 

                                        
                                            
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC 

                                        
                                            
Cache-Control: public, no-transform, must-revalidate, max-age=14120 

                                        
                                            
Expires: Fri, 03 Feb 2023 11:54:20 GMT 

                                        
                                            
Date: Fri, 03 Feb 2023 07:59:00 GMT 

                                        
                                            
Connection: keep-alive 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  data

                                                Size:   503

                                                Md5:    d719402de0cd695e55dab2767247da49

                                                Sha1:   f12f4795987a284820f6785ec16b5032b9861d79

                                                Sha256: 98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba

                                        
                                            POST / HTTP/1.1 

                                        
                                            
Host: r3.o.lencr.org

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Content-Type: application/ocsp-request 

                                        
                                            
Content-Length: 85 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Pragma: no-cache 

                                        
                                            
Cache-Control: no-cache

                                         23.36.77.32

                                        
                                            HTTP/1.1 200 OK 

                                        
                                            
Content-Type: application/ocsp-response

                                        

                                        
                                            
Server: nginx 

                                        
                                            
Content-Length: 503 

                                        
                                            
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA" 

                                        
                                            
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC 

                                        
                                            
Cache-Control: public, no-transform, must-revalidate, max-age=14120 

                                        
                                            
Expires: Fri, 03 Feb 2023 11:54:20 GMT 

                                        
                                            
Date: Fri, 03 Feb 2023 07:59:00 GMT 

                                        
                                            
Connection: keep-alive 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  data

                                                Size:   503

                                                Md5:    d719402de0cd695e55dab2767247da49

                                                Sha1:   f12f4795987a284820f6785ec16b5032b9861d79

                                                Sha256: 98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6fde7081-1c8d-41df-98c8-c063731c6202.jpeg HTTP/1.1 

                                        
                                            
Host: img-getpocket.cdn.mozilla.net

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: image/avif,image/webp,*/* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Origin: null 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Sec-Fetch-Dest: image 

                                        
                                            
Sec-Fetch-Mode: cors 

                                        
                                            
Sec-Fetch-Site: cross-site

                                         34.120.237.76

                                        
                                            HTTP/2 200 OK 

                                        
                                            
content-type: image/jpeg

                                        

                                        
                                            
server: nginx 

                                        
                                            
content-length: 3385 

                                        
                                            
x-amzn-requestid: 30717e1a-7a08-4b11-90e7-cd175aa667d9 

                                        
                                            
x-xss-protection: 1; mode=block 

                                        
                                            
access-control-allow-origin: * 

                                        
                                            
strict-transport-security: max-age=63072000; includeSubdomains; preload 

                                        
                                            
x-frame-options: DENY 

                                        
                                            
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' 

                                        
                                            
x-amz-apigw-id: fuvzrEo4oAMF1qg= 

                                        
                                            
x-content-type-options: nosniff 

                                        
                                            
x-amzn-trace-id: Root=1-63dc2ce4-3bc1302b4cf47fa2520e3033;Sampled=0 

                                        
                                            
x-amzn-remapped-date: Thu, 02 Feb 2023 21:36:36 GMT 

                                        
                                            
x-amz-cf-pop: HIO50-C1, SEA19-C2 

                                        
                                            
x-cache: Hit from cloudfront 

                                        
                                            
x-amz-cf-id: M1ueeOY5WmuJwPyf4dPvRrjQfTU5d2G-2T3_6fLfTI4UTjuxZ-U4ow== 

                                        
                                            
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google 

                                        
                                            
date: Thu, 02 Feb 2023 21:44:46 GMT 

                                        
                                            
age: 36854 

                                        
                                            
etag: "4bdaa7e9e8d6408b73ea457e7aabb26fa2a5c81c" 

                                        
                                            
cache-control: max-age=3600,public,public 

                                        
                                            
alt-svc: clear 

                                        
                                            
X-Firefox-Spdy: h2 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

                                                Size:   3385

                                                Md5:    703c7834618fd34f3d7ce5c82a51abc0

                                                Sha1:   4bdaa7e9e8d6408b73ea457e7aabb26fa2a5c81c

                                                Sha256: 1f467ce5825e3f8b8f841293d1ce945dc7a577abbe2cb8a2caa16ace165f4857

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F524a46fd-88eb-4539-9d8b-1ac679ae5990.jpeg HTTP/1.1 

                                        
                                            
Host: img-getpocket.cdn.mozilla.net

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: image/avif,image/webp,*/* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Origin: null 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Sec-Fetch-Dest: image 

                                        
                                            
Sec-Fetch-Mode: cors 

                                        
                                            
Sec-Fetch-Site: cross-site

                                         34.120.237.76

                                        
                                            HTTP/2 200 OK 

                                        
                                            
content-type: image/jpeg

                                        

                                        
                                            
server: nginx 

                                        
                                            
content-length: 8211 

                                        
                                            
x-amzn-requestid: 6a1fd567-b34d-4787-aa05-5b7db3fc51c3 

                                        
                                            
x-xss-protection: 1; mode=block 

                                        
                                            
access-control-allow-origin: * 

                                        
                                            
strict-transport-security: max-age=63072000; includeSubdomains; preload 

                                        
                                            
x-frame-options: DENY 

                                        
                                            
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' 

                                        
                                            
x-amz-apigw-id: fflRBHU4IAMFnsw= 

                                        
                                            
x-content-type-options: nosniff 

                                        
                                            
x-amzn-trace-id: Root=1-63d61c06-2d1ec3206d2ebeb4780a84b4;Sampled=0 

                                        
                                            
x-amzn-remapped-date: Sun, 29 Jan 2023 07:11:02 GMT 

                                        
                                            
x-amz-cf-pop: SEA19-C2 

                                        
                                            
x-cache: Miss from cloudfront 

                                        
                                            
x-amz-cf-id: lUloQ6xaRWpnvMRh7kFvFIWhFotmILLZHfD_YK01RmrQ2vmYKVh46w== 

                                        
                                            
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google 

                                        
                                            
date: Fri, 03 Feb 2023 03:08:32 GMT 

                                        
                                            
age: 17428 

                                        
                                            
etag: "541e878afee68c8802bb52b0cbbe5a5a0a185392" 

                                        
                                            
cache-control: max-age=3600,public,public 

                                        
                                            
alt-svc: clear 

                                        
                                            
X-Firefox-Spdy: h2 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

                                                Size:   8211

                                                Md5:    114e345e134986d7451148fcea31b29d

                                                Sha1:   541e878afee68c8802bb52b0cbbe5a5a0a185392

                                                Sha256: 5030244d4babd1023166f39c935029d789a91ba90aa3a44c6f4c88ddc947b678

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fedd456a0-d42f-4b40-ad63-ea1dcfaf69eb.jpeg HTTP/1.1 

                                        
                                            
Host: img-getpocket.cdn.mozilla.net

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: image/avif,image/webp,*/* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Origin: null 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Sec-Fetch-Dest: image 

                                        
                                            
Sec-Fetch-Mode: cors 

                                        
                                            
Sec-Fetch-Site: cross-site

                                         34.120.237.76

                                        
                                            HTTP/2 200 OK 

                                        
                                            
content-type: image/jpeg

                                        

                                        
                                            
server: nginx 

                                        
                                            
content-length: 10166 

                                        
                                            
x-amzn-requestid: 54fe0d12-360f-4d97-bcf3-b24747d956aa 

                                        
                                            
x-xss-protection: 1; mode=block 

                                        
                                            
access-control-allow-origin: * 

                                        
                                            
strict-transport-security: max-age=63072000; includeSubdomains; preload 

                                        
                                            
x-frame-options: DENY 

                                        
                                            
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' 

                                        
                                            
x-amz-apigw-id: fY_4zHEcoAMF1iA= 

                                        
                                            
x-content-type-options: nosniff 

                                        
                                            
x-amzn-trace-id: Root=1-63d379d1-4ba89e44005f616a0ed3ed24;Sampled=0 

                                        
                                            
x-amzn-remapped-date: Fri, 27 Jan 2023 07:14:25 GMT 

                                        
                                            
x-amz-cf-pop: SEA19-C2 

                                        
                                            
x-cache: Hit from cloudfront 

                                        
                                            
x-amz-cf-id: hSyEfSDToqgfnFIW68Krz-ANYUNQoUPWhyb-8xDUarI6mnVLXriHDQ== 

                                        
                                            
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google 

                                        
                                            
date: Thu, 02 Feb 2023 21:59:54 GMT 

                                        
                                            
age: 35946 

                                        
                                            
etag: "f52ccbe6cbced1994acb13a00b05436553b6813e" 

                                        
                                            
cache-control: max-age=3600,public,public 

                                        
                                            
alt-svc: clear 

                                        
                                            
X-Firefox-Spdy: h2 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

                                                Size:   10166

                                                Md5:    2a6aaf87a867f93dc9268a8b27973b97

                                                Sha1:   f52ccbe6cbced1994acb13a00b05436553b6813e

                                                Sha256: 3fbd7441712035f4d53c17eec93bc278e6c072043f3b5a721cac349fc0dabe77

                                        
                                            POST /gts1c3 HTTP/1.1 

                                        
                                            
Host: ocsp.pki.goog

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Content-Type: application/ocsp-request 

                                        
                                            
Content-Length: 84 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Pragma: no-cache 

                                        
                                            
Cache-Control: no-cache

                                         142.250.74.163

                                        
                                            HTTP/1.1 200 OK 

                                        
                                            
Content-Type: application/ocsp-response

                                        

                                        
                                            
Date: Fri, 03 Feb 2023 07:59:00 GMT 

                                        
                                            
Cache-Control: public, max-age=14400 

                                        
                                            
Server: ocsp_responder 

                                        
                                            
Content-Length: 472 

                                        
                                            
X-XSS-Protection: 0 

                                        
                                            
X-Frame-Options: SAMEORIGIN 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  data

                                                Size:   472

                                                Md5:    1c56c7c141fbb2647e4909546c5ee1ac

                                                Sha1:   bf1479b20c78d135ce6397b0bff0e6573a3bcbef

                                                Sha256: 30cd3ac555fa6d8d5a5a1165b9ff3b78336c0c3c44e22f034879869a99f61043

                                        
                                            GET /ad_icons/standard/publisher_icon_image/call_to_action_arrow.svg?c=%23ffffff HTTP/1.1 

                                        
                                            
Host: afs.googleusercontent.com

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: image/avif,image/webp,*/* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Referer: https://www.google.com/ 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Sec-Fetch-Dest: image 

                                        
                                            
Sec-Fetch-Mode: no-cors 

                                        
                                            
Sec-Fetch-Site: cross-site

                                         142.250.74.97

                                        
                                            HTTP/2 200 OK 

                                        
                                            
content-type: image/svg+xml

                                        

                                        
                                            
accept-ranges: bytes 

                                        
                                            
vary: Accept-Encoding 

                                        
                                            
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers 

                                        
                                            
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers" 

                                        
                                            
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]} 

                                        
                                            
content-length: 278 

                                        
                                            
x-content-type-options: nosniff 

                                        
                                            
content-encoding: gzip 

                                        
                                            
server: sffe 

                                        
                                            
x-xss-protection: 0 

                                        
                                            
date: Fri, 03 Feb 2023 03:24:30 GMT 

                                        
                                            
expires: Sat, 04 Feb 2023 02:24:30 GMT 

                                        
                                            
cache-control: public, max-age=82800 

                                        
                                            
age: 16470 

                                        
                                            
last-modified: Tue, 09 Feb 2021 14:15:00 GMT 

                                        
                                            
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 

                                        
                                            
X-Firefox-Spdy: h2 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (306)

                                                Size:   278

                                                Md5:    bb7fc36f627255dd4783f849dca0932e

                                                Sha1:   80e89ef8f3c2c8ee982523757fce214ea7323a69

                                                Sha256: 735f48c2876099e6a731c65fc46ec1ec133c316e0997d04eb0ee246741bee647

                                        
                                            GET /ad_icons/standard/publisher_icon_image/search.svg?c=%2302198b HTTP/1.1 

                                        
                                            
Host: afs.googleusercontent.com

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: image/avif,image/webp,*/* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Referer: https://www.google.com/ 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Sec-Fetch-Dest: image 

                                        
                                            
Sec-Fetch-Mode: no-cors 

                                        
                                            
Sec-Fetch-Site: cross-site

                                         142.250.74.97

                                        
                                            HTTP/2 200 OK 

                                        
                                            
content-type: image/svg+xml

                                        

                                        
                                            
accept-ranges: bytes 

                                        
                                            
vary: Accept-Encoding 

                                        
                                            
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers 

                                        
                                            
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers" 

                                        
                                            
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]} 

                                        
                                            
content-length: 272 

                                        
                                            
x-content-type-options: nosniff 

                                        
                                            
content-encoding: gzip 

                                        
                                            
server: sffe 

                                        
                                            
x-xss-protection: 0 

                                        
                                            
date: Fri, 03 Feb 2023 02:00:10 GMT 

                                        
                                            
expires: Sat, 04 Feb 2023 01:00:10 GMT 

                                        
                                            
cache-control: public, max-age=82800 

                                        
                                            
age: 21530 

                                        
                                            
last-modified: Thu, 19 Dec 2019 14:15:00 GMT 

                                        
                                            
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 

                                        
                                            
X-Firefox-Spdy: h2 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (390)

                                                Size:   272

                                                Md5:    ab1acb76dd408583614a7a6cedf41866

                                                Sha1:   e2d2d7074479023d37474ab62755b658d22d4ab1

                                                Sha256: 8622edbe2503910e3cbeecef073a09e662fd2507436c3aabf885d155afd96565

                                        
                                            POST /gts1c3 HTTP/1.1 

                                        
                                            
Host: ocsp.pki.goog

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Content-Type: application/ocsp-request 

                                        
                                            
Content-Length: 84 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Pragma: no-cache 

                                        
                                            
Cache-Control: no-cache

                                         142.250.74.163

                                        
                                            HTTP/1.1 200 OK 

                                        
                                            
Content-Type: application/ocsp-response

                                        

                                        
                                            
Date: Fri, 03 Feb 2023 07:59:00 GMT 

                                        
                                            
Cache-Control: public, max-age=14400 

                                        
                                            
Server: ocsp_responder 

                                        
                                            
Content-Length: 472 

                                        
                                            
X-XSS-Protection: 0 

                                        
                                            
X-Frame-Options: SAMEORIGIN 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  data

                                                Size:   472

                                                Md5:    1c56c7c141fbb2647e4909546c5ee1ac

                                                Sha1:   bf1479b20c78d135ce6397b0bff0e6573a3bcbef

                                                Sha256: 30cd3ac555fa6d8d5a5a1165b9ff3b78336c0c3c44e22f034879869a99f61043

                                        
                                            POST /_tr HTTP/1.1 

                                        
                                            
Host: ww1.12kbps.xyz

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: application/json 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Referer: http://ww1.12kbps.xyz/ 

                                        
                                            
Content-Type: application/json 

                                        
                                            
Origin: http://ww1.12kbps.xyz 

                                        
                                            
Content-Length: 1625 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Cookie: sid=9cbf1f0e-a398-11ed-8be0-810d81628e35; parking_session=26450b52-a291-b1ab-2512-2801b2ad60b8; __gsas=ID=6739b9a040480650:T=1675411139:S=ALNI_MZZ2Ikz8OsRW6QTJwKUptaQSJYmFw

                                         199.59.243.222

                                        
                                            HTTP/1.1 200 OK 

                                        
                                            
Content-Type: text/html; charset=UTF-8

                                        

                                        
                                            
Server: openresty 

                                        
                                            
Transfer-Encoding: chunked 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Date: Fri, 03 Feb 2023 07:59:00 GMT 

                                        
                                            
X-Version: 2.102.1 

                                        
                                            
Set-Cookie: parking_session=26450b52-a291-b1ab-2512-2801b2ad60b8; expires=Fri, 03-Feb-2023 08:14:00 GMT; Max-Age=900; path=/; httponly 

                                        
                                            
Expires: Thu, 01 Jan 1970 00:00:01 GMT 

                                        
                                            
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0 

                                        
                                            
Pragma: no-cache 

                                        
                                            
Content-Encoding: gzip 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  ASCII text, with no line terminators

                                                Size:   22

                                                Md5:    5cfde9b47de2d84bd26fc473632647c0

                                                Sha1:   fd53c70631b6068328be57daec71bd94bf004d41

                                                Sha256: 47fd05ef74fef5da03fa22483e63fc977cad8e026ae41dadbbcc3745907f306b

                                        
                                            GET /adsense/domains/caf.js HTTP/1.1 

                                        
                                            
Host: www.google.com

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Referer: http://ww1.12kbps.xyz/ 

                                        
                                            
Sec-Fetch-Dest: script 

                                        
                                            
Sec-Fetch-Mode: no-cors 

                                        
                                            
Sec-Fetch-Site: cross-site

                                         142.250.74.4

                                        
                                            HTTP/2 200 OK 

                                        
                                            
content-type: text/javascript; charset=UTF-8

                                        

                                        
                                            
accept-ranges: bytes 

                                        
                                            
vary: Accept-Encoding 

                                        
                                            
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui 

                                        
                                            
cross-origin-resource-policy: cross-origin 

                                        
                                            
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui" 

                                        
                                            
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]} 

                                        
                                            
date: Fri, 03 Feb 2023 07:58:59 GMT 

                                        
                                            
expires: Fri, 03 Feb 2023 07:58:59 GMT 

                                        
                                            
cache-control: private, max-age=3600 

                                        
                                            
etag: "17404069423380680451" 

                                        
                                            
x-content-type-options: nosniff 

                                        
                                            
content-encoding: gzip 

                                        
                                            
server: sffe 

                                        
                                            
x-xss-protection: 0 

                                        
                                            
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 

                                        
                                            
X-Firefox-Spdy: h2 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

URL	12kbps.xyz/repo/vir/others/windowspolicepro.exe
IP	82.192.82.228 (Netherlands)
ASN	#60781 LeaseWeb Netherlands B.V.
UserAgent	Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed	2023-02-03 07:59:08 UTC
Status	Loading report..
IDS alerts	1
Blocklist alert	0
urlquery alerts	No alerts detected
Tags	None

Overview

Domain Summary (14)

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Blocklists

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 82.192.82.228

Last 5 reports on ASN: LeaseWeb Netherlands B.V.

Last 5 reports on domain: 12kbps.xyz

Last 5 reports with similar screenshot

JavaScript

Executed Scripts (6)

Executed Evals (1)

#1 JavaScript::Eval (size: 793) - SHA256: 5aff05f856534d1387fcda6210fe7ef655b932e2d9cfcf180158e8fa03f4279f

Executed Writes (0)

HTTP Transactions (45)

Overview

Domain Summary (14)

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro

Blocklists

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 82.192.82.228

Last 5 reports on ASN: LeaseWeb Netherlands B.V.

Last 5 reports on domain: 12kbps.xyz

Last 5 reports with similar screenshot

JavaScript

Executed Scripts (6)

Executed Evals (1)

#1 JavaScript::Eval (size: 793) - SHA256: 5aff05f856534d1387fcda6210fe7ef655b932e2d9cfcf180158e8fa03f4279f

Executed Writes (0)

HTTP Transactions (45)

Network Intrusion Detection Systems