mobilcebim.com/
173.239.8.164200 OK 247 B IP 173.239.8.164:0
ASN #27257 WEBAIR-INTERNET
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 6b94c9d24afec4a834c67c1930d4c10c
acc1a15e80344dac7455c8f8d96f4aa575b9a8b7
08f08def1742b1ab331c4a695d4b4d14ae1579961969fc712f5073feb2f620d2
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: mobilcebim.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sun, 11 Sep 2022 21:59:27 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
firefox.settings.services.mozilla.com/v1/
143.204.55.27200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 99b7d23c1748d0526782b9ff9ea45f09
eadd801a3ba2aa00632c6fb52e1f9125bd6d5b4f
48f81668f76955320480b484138aebdad5d03c471036b4449c737aca1ecab08e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Content-Length, Backoff, Retry-After, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sun, 11 Sep 2022 21:07:52 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: hUZR4rszleIwIcjlNB-Tq8UhaZQKuWsSgoyTXhyM6Bu3xNresWJYkQ==
Age: 3096
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 76d5eb597558e3dee0d99719d17e71e0
f3a0f3932fa8059f27dc9422d523b938fa9a7d09
d16de6cc9eb0e1297f53dc1137bb764bf5c21a7727be32ad05afebd1fe9501ed
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D16DE6CC9EB0E1297F53DC1137BB764BF5C21A7727BE32AD05AFEBD1FE9501ED"
Last-Modified: Sat, 10 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5787
Expires: Sun, 11 Sep 2022 23:35:55 GMT
Date: Sun, 11 Sep 2022 21:59:28 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
143.204.55.49200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP 143.204.55.49:0
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sun, 11 Sep 2022 07:17:13 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 a7d2a4ec2f50830f128dc406960aef9a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: -P2IEO6bByXTYECcW1RP5apVIzBVk8Z4DyiS_Rs1RbZC8ysfhYAuBA==
age: 52936
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 11 Sep 2022 21:59:28 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
mobilcebim.com/favicon.ico
173.239.8.164404 Not Found 114 B URL HTTP/1.1 mobilcebim.com/favicon.ico
IP 173.239.8.164:0
ASN #27257 WEBAIR-INTERNET
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4dda89292ffda632595d8e4040ef07c8
55c26cf87340555b3c09ba932bbabfc066a8d0ea
2615795f2aaccceaee3a5a92bcb488c122aed8a152f042633e41657fff9f7278
GET /favicon.ico HTTP/1.1
Host: mobilcebim.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mobilcebim.com/
HTTP/1.1 404 Not Found
Server: nginx/1.20.1
Date: Sun, 11 Sep 2022 21:59:28 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
mobilcebim.com/
173.239.8.164200 OK 154 B IP 173.239.8.164:0
ASN #27257 WEBAIR-INTERNET
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 3b14463aff0308cbb1c9c9bf2c9ffe5a
4ee2cf9daa42324ad0edff842066dd68b7b83286
8bc2bdc6830125a08d8572d1c24c8b00acc12cfe949cbc45646d68f9f2631d25
Analyzer Verdict Alert fortinet Malware
POST / HTTP/1.1
Host: mobilcebim.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 12
Origin: http://mobilcebim.com
Connection: keep-alive
Referer: http://mobilcebim.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sun, 11 Sep 2022 21:59:28 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.27200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Sun, 11 Sep 2022 21:56:07 GMT
Cache-Control: max-age=3600
Expires: Sun, 11 Sep 2022 22:22:01 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 83a23d85c009b0c0e3626072e9f997fe.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: dYkvv6AvXHtfYPzkokL1CYV7-VZjEjIGuYvkKP8P1PO996Ay7Jy9GQ==
Age: 201
ww9.mobilcebim.com/
76.223.26.96200 OK 5.4 kB IP 76.223.26.96:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2685)
Hash 2dfcbb726bc3e9b7c657fe058761a977
5a517b2108e98f07a56e75889502b81ba04f286c
b4252c804c39a37ef35063d41c9c60558224efb6895c9b1cb83eb656a7f6e72c
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: ww9.mobilcebim.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mobilcebim.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 21:59:28 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Buckets: bucket078
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_E1e3ko3NrrPrHaS4fZOxpGxxA5lHOc2yXZX9wIAadRUTVSz1xvYHxomRqYuUy3I73t6jIP+NSFl55uBf1931cQ==
X-Template: tpl_Regnitz_twoclick
X-Language: norwegian
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Content-Encoding: gzip
d1lxhc4jvstzrp.cloudfront.net/themes/assets/style.css
143.204.42.70200 OK 343 B URL HTTP/1.1 d1lxhc4jvstzrp.cloudfront.net/themes/assets/style.css
IP 143.204.42.70:0
Hash 03a4a8c322fc0c99b0ee7cbbcc9eabcd
6fc193276de2a3458cd853c474cb9269b900e00d
a535d2296792cb37a2bbad1d9d0546e3383a8a5bfac0d9edda15795c226bddf7
GET /themes/assets/style.css HTTP/1.1
Host: d1lxhc4jvstzrp.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww9.mobilcebim.com/
HTTP/1.1 200 OK
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Date: Sun, 11 Sep 2022 01:32:23 GMT
Last-Modified: Tue, 12 May 2020 14:25:52 GMT
Content-Encoding: gzip
ETag: W/"5ebab1f0-33d"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 6cb1d4b545e7beb4ead790454f4807c6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Kl293nV47tbJbx6hEJNXZJIrAQ_hxNTW6gZ1RtKIh9Rcx7apNvZ_Ug==
Age: 73626
d1lxhc4jvstzrp.cloudfront.net/themes/regnitz_0f823431/style.css
143.204.42.70200 OK 539 B URL HTTP/1.1 d1lxhc4jvstzrp.cloudfront.net/themes/regnitz_0f823431/style.css
IP 143.204.42.70:0
Hash 3138e35c7232f3c11463560722a0ac79
b3e50fa997933e788c1a8800b347ba592b2ff913
b53565fe44fb5034ed78e704aee57c620c37819a13286af740aab63b41550d46
GET /themes/regnitz_0f823431/style.css HTTP/1.1
Host: d1lxhc4jvstzrp.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww9.mobilcebim.com/
HTTP/1.1 200 OK
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Date: Sun, 11 Sep 2022 02:17:28 GMT
Last-Modified: Fri, 25 Feb 2022 11:24:01 GMT
Content-Encoding: gzip
ETag: W/"6218bc51-4ec"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 6cb1d4b545e7beb4ead790454f4807c6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: xt2DT0a3PXsVidWlROSFN4n9s-cQp2r2M2zLNai4RKzRzC-Wm-XaNg==
Age: 70921
d1lxhc4jvstzrp.cloudfront.net/scripts/js3caf.js
143.204.42.70200 OK 7.0 kB URL HTTP/1.1 d1lxhc4jvstzrp.cloudfront.net/scripts/js3caf.js
IP 143.204.42.70:0
File type ASCII text, with very long lines (316)
Hash cce7f943ec8e7b4ba13be4aba6b463d9
220f3e8ca723daa91fd040cf518991a65f2bf110
ba5b7354353b0eec1637564dae072fee662a5b9862f6bf7ed5e60a5a76f2ef44
GET /scripts/js3caf.js HTTP/1.1
Host: d1lxhc4jvstzrp.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww9.mobilcebim.com/
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 7000
Connection: keep-alive
Server: nginx
Date: Sun, 11 Sep 2022 06:26:33 GMT
Last-Modified: Thu, 14 Jan 2021 10:54:01 GMT
Accept-Ranges: bytes
ETag: "600022c9-1b58"
X-Cache: Hit from cloudfront
Via: 1.1 6cb1d4b545e7beb4ead790454f4807c6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 70825eNtmuwpESwG9LjUBYuMpPFCAjKpFvVcTmoglDV9qbrZCsCOLQ==
Age: 55976
fonts.googleapis.com/css?family=Port+Lligat+Slab
142.250.74.10200 OK 290 B URL HTTP/1.1 fonts.googleapis.com/css?family=Port+Lligat+Slab
IP 142.250.74.10:0
Hash 088d95793a3b22f58d6ba11131755acc
d44c366b0fd57969cc93744fa301136b76ed046c
e89359910fb17222949b8ae4cd40c20b26cfc3878221d580cb2e415d1a460116
GET /css?family=Port+Lligat+Slab HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww9.mobilcebim.com/
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Sun, 11 Sep 2022 21:59:29 GMT
Date: Sun, 11 Sep 2022 21:59:29 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
www.google.com/adsense/domains/caf.js
142.250.74.164200 OK 54 kB URL HTTP/1.1 www.google.com/adsense/domains/caf.js
IP 142.250.74.164:0
File type ASCII text, with very long lines (1885)
Hash ca23bcfab325d175a10cf0e1e92b88e2
d127dc69cedb27a4a902564ac215b582a682b50d
3627cd02e23f51ea2c2941c84c7f3c2fa151513fa029d196855eb3b758e73aab
GET /adsense/domains/caf.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww9.mobilcebim.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Type: text/javascript; charset=UTF-8
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="ads-afs-ui"
Report-To: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
Date: Sun, 11 Sep 2022 21:59:29 GMT
Expires: Sun, 11 Sep 2022 21:59:29 GMT
Cache-Control: private, max-age=3600
ETag: "1199887332638673377"
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: sffe
X-XSS-Protection: 0
c.parkingcrew.net/scripts/sale_form.js
185.53.178.30200 OK 761 B URL HTTP/1.1 c.parkingcrew.net/scripts/sale_form.js
IP 185.53.178.30:0
Hash 64f809e06446647e192fce8d1ec34e09
5b7ced07da42e205067afa88615317a277a4a82c
f52cbd664986ad7ed6e71c448e2d31d1a16463e4d9b7bca0c6be278649ccc4f3
GET /scripts/sale_form.js HTTP/1.1
Host: c.parkingcrew.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww9.mobilcebim.com/
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 11 Sep 2022 21:59:29 GMT
Content-Type: application/javascript
Content-Length: 761
Connection: keep-alive
Last-Modified: Tue, 12 May 2020 14:25:52 GMT
ETag: "5ebab1f0-2f9"
Accept-Ranges: bytes
fonts.gstatic.com/s/portlligatslab/v21/LDIpaoiQNgArA8kR7ulhZ8P_NYOsg70R9g.woff2
142.250.74.163200 OK 12 kB URL HTTP/1.1 fonts.gstatic.com/s/portlligatslab/v21/LDIpaoiQNgArA8kR7ulhZ8P_NYOsg70R9g.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 11476, version 1.0\012- data
Hash 99f10b7c2173e99a630fa2248997106d
2ccc42406a7cefef4fd03a03b5949598d7c6efca
0399db86a4efaac36817553cb0ec6272041be953f4f9548f977e3a099643b47e
GET /s/portlligatslab/v21/LDIpaoiQNgArA8kR7ulhZ8P_NYOsg70R9g.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://ww9.mobilcebim.com
Connection: keep-alive
Referer: http://fonts.googleapis.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 11476
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Mon, 05 Sep 2022 20:52:08 GMT
Expires: Tue, 05 Sep 2023 20:52:08 GMT
Cache-Control: public, max-age=31536000
Age: 522441
Last-Modified: Wed, 27 Apr 2022 15:40:38 GMT
Content-Type: font/woff2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 26e829ba5f754918e20cbd316dc4348e
ba198501da0812dd11ca3b38a51325b5de6cfa60
4352c25d4af7637a8435b0df6d042fc606d37a348e966b99fecce8a853b8ebc0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3566
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 21:59:29 GMT
Last-Modified: Sun, 11 Sep 2022 21:00:03 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
34.212.13.96101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.212.13.96:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: GG+ZZjLMyaUui9yJmLNzWQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: QKFQeaRx2woMSvjZ06R8EoUqCpQ=
d1lxhc4jvstzrp.cloudfront.net/themes/regnitz_0f823431/img/arrows.png
143.204.42.70200 OK 11 kB URL HTTP/1.1 d1lxhc4jvstzrp.cloudfront.net/themes/regnitz_0f823431/img/arrows.png
IP 143.204.42.70:0
File type PNG image data, 1500 x 600, 8-bit colormap, non-interlaced\012- data
Hash 0cb2e5165dc9324eb462199f04e1ffa9
9e0f89847ec8a98d98a6020bc5c4ed32b7a48bf8
67dff0aad873050f12609885f2264417ccdd0d438311000a704c89f0865f7865
GET /themes/regnitz_0f823431/img/arrows.png HTTP/1.1
Host: d1lxhc4jvstzrp.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://d1lxhc4jvstzrp.cloudfront.net/themes/regnitz_0f823431/style.css
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 11375
Connection: keep-alive
Server: nginx
Date: Sun, 11 Sep 2022 01:55:40 GMT
Last-Modified: Fri, 25 Feb 2022 11:24:01 GMT
Accept-Ranges: bytes
ETag: "6218bc51-2c6f"
X-Cache: Hit from cloudfront
Via: 1.1 6cb1d4b545e7beb4ead790454f4807c6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: N0W6_V2nGtzULejez7vaaIZZzg5Pc1cZRV8b-iOGtzUXAmD0Ln1I1A==
Age: 72229
ww9.mobilcebim.com/favicon.ico
76.223.26.96200 OK 0 B URL HTTP/1.1 ww9.mobilcebim.com/favicon.ico
IP 76.223.26.96:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: ww9.mobilcebim.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww9.mobilcebim.com/
HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 21:59:29 GMT
Content-Type: image/x-icon
Content-Length: 0
Connection: keep-alive
Server: nginx
Last-Modified: Tue, 12 May 2020 14:25:52 GMT
ETag: "5ebab1f0-0"
Accept-Ranges: bytes
ww9.mobilcebim.com/track.php?domain=mobilcebim.com&toggle=browserjs&uid=MTY2MjkzMzU2OC44Njg2OmI0NzA2Nzk5YzI5ZjVmOTMzYWVhM2UxMGUxOTMxYzQ4MzE1ZWQ2ZTUyNmNhOWE0NDI0OTgzZmViOTE0ZTAyZjQ6NjMxZTVhNDBkNDBlYg%3D%3D
76.223.26.96200 OK 20 B URL HTTP/1.1 ww9.mobilcebim.com/track.php?domain=mobilcebim.com&toggle=browserjs&uid=MTY2MjkzMzU2OC44Njg2OmI0NzA2Nzk5YzI5ZjVmOTMzYWVhM2UxMGUxOTMxYzQ4MzE1ZWQ2ZTUyNmNhOWE0NDI0OTgzZmViOTE0ZTAyZjQ6NjMxZTVhNDBkNDBlYg%3D%3D
IP 76.223.26.96:0
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /track.php?domain=mobilcebim.com&toggle=browserjs&uid=MTY2MjkzMzU2OC44Njg2OmI0NzA2Nzk5YzI5ZjVmOTMzYWVhM2UxMGUxOTMxYzQ4MzE1ZWQ2ZTUyNmNhOWE0NDI0OTgzZmViOTE0ZTAyZjQ6NjMxZTVhNDBkNDBlYg%3D%3D HTTP/1.1
Host: ww9.mobilcebim.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww9.mobilcebim.com/
HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 21:59:30 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Custom-Track: browserjs
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Access-Control-Allow-Origin: *
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 45b55c678e2944a30a6d8160bb6e4a94
a1ac0c9681902e7d64e49bd9e146820ce2c60f4f
5a89db56a9b47aa3e426799671db9b25a42d7dd7d6881c66eca7ed37facf6bd9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 21:59:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ww9.mobilcebim.com/ls.php
76.223.26.96201 Created 0 B URL HTTP/1.1 ww9.mobilcebim.com/ls.php
IP 76.223.26.96:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
POST /ls.php HTTP/1.1
Host: ww9.mobilcebim.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 2162
Origin: http://ww9.mobilcebim.com
Connection: keep-alive
Referer: http://ww9.mobilcebim.com/
HTTP/1.1 201 Created
Date: Sun, 11 Sep 2022 21:59:30 GMT
Content-Type: text/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
X-Log-Success: 631e5a42b01f6f497d27613e
Charset: utf-8
Access-Control-Allow-Origin: http://ww9.mobilcebim.com
Access-Control-Allow-Methods: POST, OPTIONS
Access-Control-Max-Age: 86400
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_hpBzxONuuNwg0eTvPpWg996/9aJIkmGMy5Qdu6t4bm6LncW/E5SlN6kPeyE+rtTvGakB18o2UgPWtXNRdqmfjA==
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 52538aa2b7a37b16824f656228e83ce5
a7ba272eef977c3a2d7315b6ee092ad04566e5fa
8f5ea00528714ab8652d84df2682c33de9e62e541c4bbbc78d6ed82e14445451
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 21:59:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/afs/ads?adtest=off&psid=1420240428&pcsa=false&channel=000001%2Cbucket078&client=dp-teaminternet04_3ph&r=m&hl=no&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2541811284092968&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17300953%2C17300956%2C17301094%2C17301097&format=r3%7Cs&nocache=121662933558802&num=0&output=afd_ads&domain_name=ww9.mobilcebim.com&v=3&bsl=8&pac=2&u_his=2&u_tz=0&dt=1662933558804&u_w=1280&u_h=1024&biw=1280&bih=939&psw=1280&psh=760&frm=0&uio=--&cont=tc&jsid=caf&jsv=472435327&rurl=http%3A%2F%2Fww9.mobilcebim.com%2F&referer=http%3A%2F%2Fmobilcebim.com%2F&adbw=master-1%3A530
142.250.74.164200 OK 2.0 kB URL HTTP/2 www.google.com/afs/ads?adtest=off&psid=1420240428&pcsa=false&channel=000001%2Cbucket078&client=dp-teaminternet04_3ph&r=m&hl=no&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2541811284092968&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17300953%2C17300956%2C17301094%2C17301097&format=r3%7Cs&nocache=121662933558802&num=0&output=afd_ads&domain_name=ww9.mobilcebim.com&v=3&bsl=8&pac=2&u_his=2&u_tz=0&dt=1662933558804&u_w=1280&u_h=1024&biw=1280&bih=939&psw=1280&psh=760&frm=0&uio=--&cont=tc&jsid=caf&jsv=472435327&rurl=http%3A%2F%2Fww9.mobilcebim.com%2F&referer=http%3A%2F%2Fmobilcebim.com%2F&adbw=master-1%3A530
IP 142.250.74.164:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (5330)
Hash a952cdda621dd1399e2a28c1656c1b6c
e3f6a9c0223ea14304aed3b0b0929e3995c5c33c
0e2aedf43ab349c50c8bfa9438f96d37a32a3e66dac511de4fa28cb4a89295bb
GET /afs/ads?adtest=off&psid=1420240428&pcsa=false&channel=000001%2Cbucket078&client=dp-teaminternet04_3ph&r=m&hl=no&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2541811284092968&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17300953%2C17300956%2C17301094%2C17301097&format=r3%7Cs&nocache=121662933558802&num=0&output=afd_ads&domain_name=ww9.mobilcebim.com&v=3&bsl=8&pac=2&u_his=2&u_tz=0&dt=1662933558804&u_w=1280&u_h=1024&biw=1280&bih=939&psw=1280&psh=760&frm=0&uio=--&cont=tc&jsid=caf&jsv=472435327&rurl=http%3A%2F%2Fww9.mobilcebim.com%2F&referer=http%3A%2F%2Fmobilcebim.com%2F&adbw=master-1%3A530 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ww9.mobilcebim.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
content-disposition: inline
date: Sun, 11 Sep 2022 21:59:30 GMT
expires: Sun, 11 Sep 2022 21:59:30 GMT
cache-control: private, max-age=3600
content-encoding: br
server: gws
content-length: 2027
x-xss-protection: 0
set-cookie: CONSENT=PENDING+144; expires=Tue, 10-Sep-2024 21:59:30 GMT; path=/; domain=.google.com; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
partner.googleadservices.com/gampad/cookie.js?domain=ww9.mobilcebim.com&client=dp-teaminternet04_3ph&product=SAS&callback=__sasCookie
142.250.74.98200 OK 183 B URL HTTP/2 partner.googleadservices.com/gampad/cookie.js?domain=ww9.mobilcebim.com&client=dp-teaminternet04_3ph&product=SAS&callback=__sasCookie
IP 142.250.74.98:0
File type ASCII text, with no line terminators
Hash 33593cc2b91c48be4970175456bd31d0
6de3cef955e27b344853fe612e278c6472322567
509cf70efba30ed9c918d42290d636a97cedd19712bcd548e5d98ddb5ae7c7fe
GET /gampad/cookie.js?domain=ww9.mobilcebim.com&client=dp-teaminternet04_3ph&product=SAS&callback=__sasCookie HTTP/1.1
Host: partner.googleadservices.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ww9.mobilcebim.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sun, 11 Sep 2022 21:59:30 GMT
server: cafe
cache-control: private
content-length: 183
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 437c7ccd2c357dd83d6b9a5118d4b402
e0002389b286a960b454a92aeb3d1a1e08317ff2
9a5b3bdb7765ea21d7147a0c8022198a1be6c8256fa594b53732cf59e86532b9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 21:59:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 52538aa2b7a37b16824f656228e83ce5
a7ba272eef977c3a2d7315b6ee092ad04566e5fa
8f5ea00528714ab8652d84df2682c33de9e62e541c4bbbc78d6ed82e14445451
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 21:59:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 0c475956c17fecf985e692f4728f8b75
ceb52b6095d6429bc16e94d07dfb3da2f8500d07
bbeb19fdf0df52440f1e03e9f964f14e492fad8dbf6d4ec43c31047f976296ea
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 21:59:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 0c475956c17fecf985e692f4728f8b75
ceb52b6095d6429bc16e94d07dfb3da2f8500d07
bbeb19fdf0df52440f1e03e9f964f14e492fad8dbf6d4ec43c31047f976296ea
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 21:59:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/search.svg?c=%231967d2
142.250.74.1200 OK 272 B URL HTTP/2 afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/search.svg?c=%231967d2
IP 142.250.74.1:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (390)
Hash bbbac37f0b6e29a6099e4aa7cb19d6ca
0acafe95e2141f0af6109203efeb2d98e6b926c6
a3d7b37475de5a3a350d4dc4790f14a6a5f4045726d2eae4cbe9bd59aeba2fe2
GET /ad_icons/standard/publisher_icon_image/search.svg?c=%231967d2 HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 272
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Sun, 11 Sep 2022 04:38:10 GMT
expires: Mon, 12 Sep 2022 03:38:10 GMT
cache-control: public, max-age=82800
age: 62480
last-modified: Thu, 19 Dec 2019 14:15:00 GMT
content-type: image/svg+xml
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff
142.250.74.1200 OK 174 B URL HTTP/2 afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff
IP 142.250.74.1:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with no line terminators
Hash 4de8b85c8915995b571bde50e231be7c
29c226ca7b9cbe1d44e5480ce95bbb42727b2d99
2ec9168c4507546748c5f400f5030031f0eb06f2aed8deaa11362c395bff4f7a
GET /ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 174
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Sun, 11 Sep 2022 17:02:38 GMT
expires: Mon, 12 Sep 2022 16:02:38 GMT
cache-control: public, max-age=82800
age: 17812
last-modified: Thu, 22 Oct 2020 21:45:00 GMT
content-type: image/svg+xml
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 0c475956c17fecf985e692f4728f8b75
ceb52b6095d6429bc16e94d07dfb3da2f8500d07
bbeb19fdf0df52440f1e03e9f964f14e492fad8dbf6d4ec43c31047f976296ea
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 21:59:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ww9.mobilcebim.com/track.php?domain=mobilcebim.com&caf=1&toggle=answercheck&answer=yes&uid=MTY2MjkzMzU2OC44Njg2OmI0NzA2Nzk5YzI5ZjVmOTMzYWVhM2UxMGUxOTMxYzQ4MzE1ZWQ2ZTUyNmNhOWE0NDI0OTgzZmViOTE0ZTAyZjQ6NjMxZTVhNDBkNDBlYg%3D%3D
76.223.26.96200 OK 20 B URL HTTP/1.1 ww9.mobilcebim.com/track.php?domain=mobilcebim.com&caf=1&toggle=answercheck&answer=yes&uid=MTY2MjkzMzU2OC44Njg2OmI0NzA2Nzk5YzI5ZjVmOTMzYWVhM2UxMGUxOTMxYzQ4MzE1ZWQ2ZTUyNmNhOWE0NDI0OTgzZmViOTE0ZTAyZjQ6NjMxZTVhNDBkNDBlYg%3D%3D
IP 76.223.26.96:0
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /track.php?domain=mobilcebim.com&caf=1&toggle=answercheck&answer=yes&uid=MTY2MjkzMzU2OC44Njg2OmI0NzA2Nzk5YzI5ZjVmOTMzYWVhM2UxMGUxOTMxYzQ4MzE1ZWQ2ZTUyNmNhOWE0NDI0OTgzZmViOTE0ZTAyZjQ6NjMxZTVhNDBkNDBlYg%3D%3D HTTP/1.1
Host: ww9.mobilcebim.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww9.mobilcebim.com/
Cookie: __gsas=ID=894474c0837c486c:T=1662933570:S=ALNI_MawQRNNdomRxhvChNR3aOnJQuMWsA
HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 21:59:30 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Custom-Track: answercheck
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Access-Control-Allow-Origin: *
Content-Encoding: gzip
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5602
Expires: Sun, 11 Sep 2022 23:32:52 GMT
Date: Sun, 11 Sep 2022 21:59:30 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5602
Expires: Sun, 11 Sep 2022 23:32:52 GMT
Date: Sun, 11 Sep 2022 21:59:30 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5602
Expires: Sun, 11 Sep 2022 23:32:52 GMT
Date: Sun, 11 Sep 2022 21:59:30 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F79f019c6-c6f0-4468-b319-ffe5379d4a42.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F79f019c6-c6f0-4468-b319-ffe5379d4a42.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b290c3f75a769f5cb0f36b5c84436c9b
22e386713ccb95ca1cf9aa367a5ad02bd1664954
e311757ae3bc5b821a9c1d4d654250b1ac936228eb4a600aa1e5b391d25adaaf
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F79f019c6-c6f0-4468-b319-ffe5379d4a42.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10611
x-amzn-requestid: 1492333f-e0ed-4061-8c16-a62e0687b95e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YLgc-EBkIAMF27A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631ae11f-555b67794d0bdfd3384ebde8;Sampled=0
x-amzn-remapped-date: Fri, 09 Sep 2022 06:45:51 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: gz4lq1qR5Erx6Gfh8Qh4C2RGT4-GLRLZZcMZLAvVztYBgYenM9LIhA==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 0800f067ff646622f3e8e507cb9b52e8.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Sep 2022 21:40:24 GMT
age: 1146
etag: "22e386713ccb95ca1cf9aa367a5ad02bd1664954"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F481e7fcb-66df-4e59-8130-9579a79eca9c.jpeg
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F481e7fcb-66df-4e59-8130-9579a79eca9c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4ec2646c56c4c522f0744768ad20342b
ad1d9eee90556a359547dc7cbb6758aee2c804cd
0bf9eaa4420bf6290535fd23895c6c723c7de6b849995ba83774532862cfe8b4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F481e7fcb-66df-4e59-8130-9579a79eca9c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7635
x-amzn-requestid: dbd07cc7-d0f6-4500-83c6-b19fa9fa2e3d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Xt5xDEfUIAMFYXQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630f09a0-3771b23118f3711e5caca699;Sampled=0
x-amzn-remapped-date: Wed, 31 Aug 2022 07:11:28 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: ZEaYyoBx6HFba1DbPcHcC3TSKyFipPvz_0JXdLqb_BmZkUM10kdBwQ==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 cd858042f70b416ca05e042acf3908a4.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Sep 2022 21:40:35 GMT
age: 1135
etag: "ad1d9eee90556a359547dc7cbb6758aee2c804cd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fefa6ec5a-4e0b-4c94-b9da-4836fbaa107b.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fefa6ec5a-4e0b-4c94-b9da-4836fbaa107b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e407da4d97d497925b1ab523fd416787
166741631fb93d109b18dde6d316b3fa3276aa8f
707460c02438da6114e35e0b6569d42c0f3fb747f8cb51002f4d52bedbcffa61
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fefa6ec5a-4e0b-4c94-b9da-4836fbaa107b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8485
x-amzn-requestid: a56c9282-2786-4ae7-9fc2-0468bcc820a8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YQ1k_FM1oAMFZ2Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631d02ec-753cc4f121c9b77d22bb82b5;Sampled=0
x-amzn-remapped-date: Sat, 10 Sep 2022 21:34:36 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Mfmj40aUc8l5RPk56M-pbqTwhde_HzYcmN5MDrfv-WFPhbpoShWYNw==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 ebe4011a81a36e2bf678f69ce1711330.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Sep 2022 22:14:30 GMT
age: 85500
etag: "166741631fb93d109b18dde6d316b3fa3276aa8f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe6c05fb6-7f49-4d2f-96eb-0b6c468353f5.jpeg
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe6c05fb6-7f49-4d2f-96eb-0b6c468353f5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8625e0707046e7a3715a8dbb40b1cae2
0f44ee871ad9d0a0ddd07d0c87d54f7e72b56f78
abc4c12561be08897341d9c8104c30a289357c0907e55c46895f7fb6afb2f75d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe6c05fb6-7f49-4d2f-96eb-0b6c468353f5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13568
x-amzn-requestid: ad06f499-3e04-414a-8a3f-6daa9e0124ba
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X3yN1F2BIAMFoqg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6312fd8b-3a17f11440d2f37b23ac7f6a;Sampled=0
x-amzn-remapped-date: Sat, 03 Sep 2022 07:08:59 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: iNRnq8nMhoTo9oY379Ynb6uPW0vNyf3dNufU_HpXNfzxvhrAEKEzJQ==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Sep 2022 21:40:11 GMT
age: 1159
etag: "0f44ee871ad9d0a0ddd07d0c87d54f7e72b56f78"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d72ce1b-951e-4f1f-97b1-db99c399d5f9.jpeg
34.120.237.76200 OK 8.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d72ce1b-951e-4f1f-97b1-db99c399d5f9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash eee5b4d617dab6f10d7053f5c4f4e98e
6c728c56797ba921e8001919df4d36e56dd37e54
76a53e2c81ec8da2bc469760b2c57098d587c6a36fa70e5b7c743a224a47d362
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d72ce1b-951e-4f1f-97b1-db99c399d5f9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8171
x-amzn-requestid: a3eb931f-cd71-4738-acb1-4398fc09f453
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YOa7QGqoIAMFwlw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631c0b7b-2a6ed8ca00a0a0640110cf5d;Sampled=0
x-amzn-remapped-date: Sat, 10 Sep 2022 03:58:51 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: QuUPVSWCQk9z9xI03trHifaWzOi5TqBZHLena93lrxhjlAG1PICKKA==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Sep 2022 12:19:15 GMT
age: 34815
etag: "6c728c56797ba921e8001919df4d36e56dd37e54"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F66c0f84d-aba2-4ce6-9e03-ee51e1c347be.jpeg
34.120.237.76200 OK 6.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F66c0f84d-aba2-4ce6-9e03-ee51e1c347be.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 57d797a1c3f6589746a1135bdb19f54f
7aa14fcd982a5cee38d58fc3c89edc4a8daf4c97
ff8855ca951f53ed5f3886cc81a7f28384d41288edeca4fdc621250e4d01c6fe
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F66c0f84d-aba2-4ce6-9e03-ee51e1c347be.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6889
x-amzn-requestid: c82ac543-90cd-4aeb-a65b-7e1bbbacc407
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YQ2UEE-3IAMFYBw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631d0419-427a29067c9c92ec0db6567f;Sampled=0
x-amzn-remapped-date: Sat, 10 Sep 2022 21:39:37 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: BPWrjstB3xKeYzHK9eQoJL8ORgRFsqjmNxu0j10epBANBtZCRU-m2g==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 5954c6394458ffb44c970b3819d7ff2a.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Sep 2022 21:47:01 GMT
age: 749
etag: "7aa14fcd982a5cee38d58fc3c89edc4a8daf4c97"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.google.com/adsense/domains/caf.js
142.250.74.164200 OK 0 B URL HTTP/2 www.google.com/adsense/domains/caf.js
IP 142.250.74.164:0
GET /adsense/domains/caf.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Sun, 11 Sep 2022 21:59:30 GMT
expires: Sun, 11 Sep 2022 21:59:30 GMT
cache-control: private, max-age=3600
etag: "3731421276230372991"
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2