trk.emailforyou.co.uk/f/a/YTIA1f9NGPNlMlj25GWHmA~~/AAAq-gA~/RgRk-w9dP0RlaHR0cHM6Ly9jbGljay5lbWFpbGZvcnlvdS5jby51ay9nYS91bnN1YnNjcmliZS8yLTEyNjQ1NjIzMy01Ny05NjA5MS0xODc4MDItNWE2YjYyOTgxNTliMTkzLXI4YjUwMzBhMDNXBXNwY2V1QgpjGN3bGWOiSOmxUiBzdGVwaGFuaWUuZG9ja2Vyc3lAbWVtcGhpc3RuLmdvdlgEAAAACA~~
54.246.227.162302 Found 246 B URL HTTP/1.1 trk.emailforyou.co.uk/f/a/YTIA1f9NGPNlMlj25GWHmA~~/AAAq-gA~/RgRk-w9dP0RlaHR0cHM6Ly9jbGljay5lbWFpbGZvcnlvdS5jby51ay9nYS91bnN1YnNjcmliZS8yLTEyNjQ1NjIzMy01Ny05NjA5MS0xODc4MDItNWE2YjYyOTgxNTliMTkzLXI4YjUwMzBhMDNXBXNwY2V1QgpjGN3bGWOiSOmxUiBzdGVwaGFuaWUuZG9ja2Vyc3lAbWVtcGhpc3RuLmdvdlgEAAAACA~~
IP 54.246.227.162:0
File type HTML document, ASCII text, with no line terminators
Hash 2ebc4199efa5ff5ecc318be9c1efafe7
beeed7655365f4ca3d249a510e2ac35b5211fc2b
0099264f957bc0da6bc409917d78f9dbf6d9a0b283d1144f9a854c56a8e6f3d4
GET /f/a/YTIA1f9NGPNlMlj25GWHmA~~/AAAq-gA~/RgRk-w9dP0RlaHR0cHM6Ly9jbGljay5lbWFpbGZvcnlvdS5jby51ay9nYS91bnN1YnNjcmliZS8yLTEyNjQ1NjIzMy01Ny05NjA5MS0xODc4MDItNWE2YjYyOTgxNTliMTkzLXI4YjUwMzBhMDNXBXNwY2V1QgpjGN3bGWOiSOmxUiBzdGVwaGFuaWUuZG9ja2Vyc3lAbWVtcGhpc3RuLmdvdlgEAAAACA~~ HTTP/1.1
Host: trk.emailforyou.co.uk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Date: Wed, 30 Nov 2022 05:02:53 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 246
Connection: keep-alive
X-Robots-Tag: noindex
Location: https://click.emailforyou.co.uk/ga/unsubscribe/2-126456233-57-96091-187802-5a6b6298159b193-r8b5030a03
Vary: Accept
Server: msys-http
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash a5daf4dc99951793ae2315d4795e8146
4427507ca4d3a5632cc8f598afbc85e2195d00bd
94fb64c1c826ed7099283c0bedb3cea7ac7e1d9526794cb9fad6e761f5989d32
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94FB64C1C826ED7099283C0BEDB3CEA7AC7E1D9526794CB9FAD6E761F5989D32"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7271
Expires: Wed, 30 Nov 2022 07:04:05 GMT
Date: Wed, 30 Nov 2022 05:02:54 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 4ed065cb23b5fca1a179dd73b3c5b7b2
4422eb24688f5e056fc1b18b127c7f63b1dbf5e0
b723d770d0dec7441d8505dc5a4e7d34f55c9f564ec52f20d9b70c7c3a0d9d35
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2472
Cache-Control: max-age=108569
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 05:02:54 GMT
Etag: "6385df6f-1d7"
Expires: Thu, 01 Dec 2022 11:12:23 GMT
Last-Modified: Tue, 29 Nov 2022 10:31:11 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 6d9d34c96b9a826ae5676640c966469c
8052a16d41a637e420478b7de1ff5a2dc951fccd
f18ac558cb786126bb7efb159e03353d268d5f5796bcfd2691a349dfc68d863c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F18AC558CB786126BB7EFB159E03353D268D5F5796BCFD2691A349DFC68D863C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16313
Expires: Wed, 30 Nov 2022 09:34:47 GMT
Date: Wed, 30 Nov 2022 05:02:54 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 30 Nov 2022 04:17:59 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2695
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: jQC598hArX5UHgL9gdqfX2sPUmPBSrLuoWIPq94K5tqUz6EJZUTSPMiLOK8hdEE+AUzRZqVELlE=
x-amz-request-id: JB7K4C2HE9MN7VPE
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 30 Nov 2022 04:45:44 GMT
age: 1030
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 05:02:54 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash c6f73cf079a44371bd4dc051811a2701
d688fa7b2cebb08c183536ea3dd45285d3c2588b
9a4b6b569c2285a8d43d710eeb5252f76276e8e7b31859348715ae54ed61821b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9A4B6B569C2285A8D43D710EEB5252F76276E8E7B31859348715AE54ED61821B"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Wed, 30 Nov 2022 11:02:54 GMT
Date: Wed, 30 Nov 2022 05:02:54 GMT
Connection: keep-alive
click.emailforyou.co.uk/ga/unsubscribe/2-126456233-57-96091-187802-5a6b6298159b193-r8b5030a03
45.81.231.2200 OK 15 kB URL HTTP/1.1 click.emailforyou.co.uk/ga/unsubscribe/2-126456233-57-96091-187802-5a6b6298159b193-r8b5030a03
IP 45.81.231.2:0
ASN #212745 mailcommerce GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (377)
Hash 33cdb20175bb5eda856615ecf4649f25
e4c7b6fd60a440b3d9191fdd3ee5704c140ac35e
e80cfa214e9191f59cf191a7d69ade7b88a7ab8a88409b410d7b1a7a8f329806
GET /ga/unsubscribe/2-126456233-57-96091-187802-5a6b6298159b193-r8b5030a03 HTTP/1.1
Host: click.emailforyou.co.uk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
Date: Wed, 30 Nov 2022 05:02:54 GMT
Server: Apache/2.4.52 (Unix) OpenSSL/1.1.1f PHP/7.3.33
Status: 200 OK
X-Rack-Cache: miss
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-Request-Id: 6aec363624264ccab3eed752dca83408
X-UA-Compatible: IE=Edge,chrome=1
X-Runtime: 0.022338
Expires: Mon, 01 Jan 1990 00:00:00 GMT
X-Powered-By: Phusion Passenger(R) 6.0.12
Set-Cookie: _session_id=49d22d83e5c7bfa9e88a4a8dd8d08fec; path=/; HttpOnly
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 146dac10a93604a686550631e14eefb9
b4af601ce6d515d9ec124938ce626060e0d43099
bac5bc94c1a95af45522dadbf1639aff31e691fa2314314c6cce1ab1e70bba87
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 05:02:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Pragma, Last-Modified, ETag, Alert, Expires, Retry-After, Cache-Control, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 30 Nov 2022 04:11:13 GMT
cache-control: public,max-age=3600
age: 3101
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
click.emailforyou.co.uk/ga/assets/form-lightgrey.jpg
45.81.231.2200 OK 60 kB URL HTTP/1.1 click.emailforyou.co.uk/ga/assets/form-lightgrey.jpg
IP 45.81.231.2:0
ASN #212745 mailcommerce GmbH
File type JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS4 Windows, datetime=2013:10:07 22:31:39], baseline, precision 8, 500x500, components 3\012- data
Hash bf363e9cefb2ba549e6c3c79ad8c1994
10cbf326e76dd86c084b21fedc1000feb2feb639
e2cfef7b5f2107e0d32529210ef8e65769e18d857522ee081ce08595df179c32
GET /ga/assets/form-lightgrey.jpg HTTP/1.1
Host: click.emailforyou.co.uk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://click.emailforyou.co.uk/ga/unsubscribe/2-126456233-57-96091-187802-5a6b6298159b193-r8b5030a03
Cookie: _session_id=49d22d83e5c7bfa9e88a4a8dd8d08fec
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Wed, 30 Nov 2022 05:02:54 GMT
Server: Apache/2.4.52 (Unix) OpenSSL/1.1.1f PHP/7.3.33
Last-Modified: Wed, 12 Oct 2022 18:33:36 GMT
ETag: "ea89-5eadaa1732000"
Accept-Ranges: bytes
Content-Length: 60041
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/jpeg
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 146dac10a93604a686550631e14eefb9
b4af601ce6d515d9ec124938ce626060e0d43099
bac5bc94c1a95af45522dadbf1639aff31e691fa2314314c6cce1ab1e70bba87
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 05:02:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 608e4d04a251ebcd51660e801f388303
fcb9aa48fd6ed504a1a9fed7990c5ccde63e6a1d
cc1a34cd0a99e301df97cf184ab0ded2e229659f86f43e4eff479dee221695dc
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 05:02:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
click.emailforyou.co.uk/ga/unsubscribe/2-126456233-57-96091-187802-5a6b6298159b193-r8b5030a03?authenticity_token=kYXqzSVtkH7KiLX3jfz5PwDD3Vg192HTc57Aw4sXmZQ%3D&confirmed=1
45.81.231.2302 Found 89 B URL HTTP/1.1 click.emailforyou.co.uk/ga/unsubscribe/2-126456233-57-96091-187802-5a6b6298159b193-r8b5030a03?authenticity_token=kYXqzSVtkH7KiLX3jfz5PwDD3Vg192HTc57Aw4sXmZQ%3D&confirmed=1
IP 45.81.231.2:0
ASN #212745 mailcommerce GmbH
File type HTML document text\012- HTML document, ASCII text, with no line terminators
Hash 6c6ec33f8e214c230d3c5c4867c8978b
a756bfc0649efc03610c758e248515fc01a08540
ad84ab5280194313cd2bce234c2aeee60b33bca5d20c12a14b2027aa77b3ce3a
GET /ga/unsubscribe/2-126456233-57-96091-187802-5a6b6298159b193-r8b5030a03?authenticity_token=kYXqzSVtkH7KiLX3jfz5PwDD3Vg192HTc57Aw4sXmZQ%3D&confirmed=1 HTTP/1.1
Host: click.emailforyou.co.uk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://click.emailforyou.co.uk/ga/unsubscribe/2-126456233-57-96091-187802-5a6b6298159b193-r8b5030a03
Cookie: _session_id=49d22d83e5c7bfa9e88a4a8dd8d08fec
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Found
Date: Wed, 30 Nov 2022 05:02:54 GMT
Server: Apache/2.4.52 (Unix) OpenSSL/1.1.1f PHP/7.3.33
Status: 302 Found
X-Rack-Cache: miss
Cache-Control: must-revalidate, no-cache, no-store, private, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-Request-Id: 5833460fe2a5c578f4873df2e1c15388
Location: https://a4.unsub.click/
X-UA-Compatible: IE=Edge,chrome=1
X-Runtime: 0.038108
Expires: Mon, 01 Jan 1990 00:00:00 GMT
X-Powered-By: Phusion Passenger(R) 6.0.12
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Transfer-Encoding: chunked
fonts.gstatic.com/s/oswald/v49/TK3iWkUHHAIjg752GT8G.woff2
142.250.74.35200 OK 25 kB URL HTTP/2 fonts.gstatic.com/s/oswald/v49/TK3iWkUHHAIjg752GT8G.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 25372, version 1.0\012- data
Hash fe424f96cb627d8b835cb001af17f56e
c5b4368fed99812a99036fba86d01367b5549505
35c92598a5f32c018dc630f57b183b0284c211ce9c222e5b36840a62115262f1
GET /s/oswald/v49/TK3iWkUHHAIjg752GT8G.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://click.emailforyou.co.uk
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 25372
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 28 Nov 2022 21:17:08 GMT
expires: Tue, 28 Nov 2023 21:17:08 GMT
cache-control: public, max-age=31536000
age: 114346
last-modified: Mon, 18 Jul 2022 19:24:05 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 3c8c689bd654417640d85f3da51af313
85123b6d46230a23d03768bf304b386e5d301305
516138ca79703b45e904d32d7dde1c1e9fd35995b9f1bb1331c547542745676d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2451
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 05:02:54 GMT
Etag: "6385cba8-1d7"
Last-Modified: Wed, 30 Nov 2022 04:22:03 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 608e4d04a251ebcd51660e801f388303
fcb9aa48fd6ed504a1a9fed7990c5ccde63e6a1d
cc1a34cd0a99e301df97cf184ab0ded2e229659f86f43e4eff479dee221695dc
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 05:02:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
push.services.mozilla.com/
52.39.57.61101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.39.57.61:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: MHIBJLeAa2nxy2XL3G54ew==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: ZYUfrWZ0Edyx9jDSSrA4+vkzMxw=
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash c6b5043e39997746f06444384220388d
b4d1f0c863064c73991bdb5b2666da57902840b4
bce982c2ddc63611f0310fb60970178161eed3f574f10381e027797d735287e1
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 30 Nov 2022 05:02:56 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 29 Nov 2022 22:54:38 GMT
Expires: Tue, 06 Dec 2022 22:54:37 GMT
Etag: "b4d1f0c863064c73991bdb5b2666da57902840b4"
Cache-Control: max-age=582100,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 772108a208ccb503-OSL
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8056
Expires: Wed, 30 Nov 2022 07:17:12 GMT
Date: Wed, 30 Nov 2022 05:02:56 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8056
Expires: Wed, 30 Nov 2022 07:17:12 GMT
Date: Wed, 30 Nov 2022 05:02:56 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8056
Expires: Wed, 30 Nov 2022 07:17:12 GMT
Date: Wed, 30 Nov 2022 05:02:56 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8056
Expires: Wed, 30 Nov 2022 07:17:12 GMT
Date: Wed, 30 Nov 2022 05:02:56 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8056
Expires: Wed, 30 Nov 2022 07:17:12 GMT
Date: Wed, 30 Nov 2022 05:02:56 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F966ff24e-ea85-4a2e-aead-22f1a723c59f.jpeg
34.120.237.76200 OK 9.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F966ff24e-ea85-4a2e-aead-22f1a723c59f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5508d05a290b663fd89ead9b58f2efd8
53650399f9a986ba54addd668b4557109d12003b
65704a961410fdd318c491fedf002c8e9b184cd34b76fe1b67026d42ce21be3f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F966ff24e-ea85-4a2e-aead-22f1a723c59f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9674
x-amzn-requestid: 7e7d0183-9667-462a-8d44-d125998c1ae3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYgEoHVAoAMFvAQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867a1d-280ba97e3fe1bf7244cbde35;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:31:09 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: qftF-GQkcjKTs30KMGCTDymw2SVSXeAYKGNWUnaMfvIb8HjtfHUx8A==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 21:44:46 GMT
etag: "53650399f9a986ba54addd668b4557109d12003b"
content-type: image/jpeg
age: 26290
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe74cbd5b-36b7-497f-97d1-4e7073a47375.jpeg
34.120.237.76200 OK 4.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe74cbd5b-36b7-497f-97d1-4e7073a47375.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9b96b63164d7dc37268951510afb359f
5991d60e238558f9fe4e1759fe18dde628cb7be4
cd7a88b3173bae9ad466d41b9ae9a2ed9e18157660697f1f1b070043194c3db4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe74cbd5b-36b7-497f-97d1-4e7073a47375.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4706
x-amzn-requestid: ce0b287a-7242-402b-8261-c519a1310309
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYhHxETjoAMFcTw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867bcb-7a69d6d14ad0fd707ede2882;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:38:19 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: YOLFLV-a93jrA__gtWEzu2Vz8fpQJgvYGDk5fVsjhKVULRHdnKmfHw==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 21:44:35 GMT
age: 26301
etag: "5991d60e238558f9fe4e1759fe18dde628cb7be4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F265a94d3-cdf4-4682-bcea-7cb1b79bc860.png
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F265a94d3-cdf4-4682-bcea-7cb1b79bc860.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9fb14804c284e300f976848e30396e9c
6004b4b7afd22dded903f026d245bc90a6706767
1cf96b0b6c83f182d018fa4ffb9924038bf282755091e7bacff2a624220260d5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F265a94d3-cdf4-4682-bcea-7cb1b79bc860.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13195
x-amzn-requestid: 1303b72c-fe18-46a3-b3c1-06f3b8550d90
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYhGvHW6oAMFxgw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867bc4-1b3dbbb005a238117076d1f3;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:38:12 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: pw2Wm8mI8MxRAOVsdvvWLEuxPN5ffcgWBZ_KecuuS5stoTHF4hxECg==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 21:44:49 GMT
age: 26287
etag: "6004b4b7afd22dded903f026d245bc90a6706767"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa44c8657-c62c-4dd0-8688-d6b89a767fb4.png
34.120.237.76200 OK 8.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa44c8657-c62c-4dd0-8688-d6b89a767fb4.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2cb669522a324cd5d9ba1b1743138d38
71e4307194ea9fb15d29c8a5e35f9bfd3cb0c6e0
a997731964710b80affb001f7f2e2f05a93550b06c1626279516d78b11332803
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa44c8657-c62c-4dd0-8688-d6b89a767fb4.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8337
x-amzn-requestid: 88e6ec5a-6b04-4787-91e4-02f316d0d6e2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYhgYHViIAMFZrA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867c68-10f0d81a09c0ae930f6be726;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:40:56 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 8XATm-S2y3wzXWzJxgof2GIbXx_7WzuEMKrhI5By_tGaB8EiYeGkLg==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 21:59:07 GMT
age: 25429
etag: "71e4307194ea9fb15d29c8a5e35f9bfd3cb0c6e0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff7f230eb-6b67-4a80-b973-d8ea78fe73ae.png
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff7f230eb-6b67-4a80-b973-d8ea78fe73ae.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e08af5b1d18986e112913c6e69cc8ce6
151b60134a66305bd72dbb3810f67a57720b2af1
555a62d98f4002ad187a6b480d534a1dbe3c64d1f4d17cffad2ab985c10ca462
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff7f230eb-6b67-4a80-b973-d8ea78fe73ae.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12853
x-amzn-requestid: 25e4402d-98d0-4c38-a927-397c37724bea
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYhdpHAuIAMFweQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867c57-506672a36959d9ea09ef5155;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:40:39 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: gHL2sFE-o1u5kEIUiabbP6u5CXr3ihI4mKiAVkfReyuJuTF5k5ktSg==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 21:44:48 GMT
age: 26288
etag: "151b60134a66305bd72dbb3810f67a57720b2af1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd170538c-f8cf-4acb-ba33-2ead00b9db73.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd170538c-f8cf-4acb-ba33-2ead00b9db73.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 777ce44582c70bf01a31da4cab366f36
57e1d34f146d5ccd9943aa97bcc3158f7103bb07
fbdc8f65ae74dc13b7aafec464f08fdc9902af519946200ec52432ac3ca55982
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd170538c-f8cf-4acb-ba33-2ead00b9db73.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10958
x-amzn-requestid: abfea5b0-58f5-49e1-b78e-7cf456d03cb3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYgFHF9oIAMF5lg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867a20-5ab719292d440d083b07a478;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:31:12 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: e4GuUolL0WIMXvnF7BZ80j-dMMSILN2gd-1mqFwNns-zCUBsJa8iHQ==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 21:43:04 GMT
age: 26392
etag: "57e1d34f146d5ccd9943aa97bcc3158f7103bb07"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
a4.unsub.click/
52.76.7.111200 OK 4.0 kB IP 52.76.7.111:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (306), with CRLF line terminators
Hash b5ca403fed39eca5776990c0da9b198f
37e18cb5f5abf490927f677808ad9e6003b34fed
31186233c9772f8733919f7856aa0c53f1d0619dbfb05b7946862282afecd568
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: a4.unsub.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://click.emailforyou.co.uk/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.10.3 (Ubuntu)
Date: Wed, 30 Nov 2022 05:02:56 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: Express
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Mon, 27 Jun 2022 10:31:55 GMT
ETag: W/"3d3c-181a4b7c3d6"
Vary: Accept-Encoding
Content-Encoding: gzip
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 0f6a5643bab31f69c3efcc184522fb28
ab25a7973bc389db5f7f3118fd991625af4fc51a
eaa7763ccbacfb0d63bb812497643fa785fe47172bfe8db9d3af115d915815f0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2503
Cache-Control: max-age=124429
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 05:02:57 GMT
Etag: "63861d48-117"
Expires: Thu, 01 Dec 2022 15:36:46 GMT
Last-Modified: Tue, 29 Nov 2022 14:55:04 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 279
code.jquery.com/jquery-3.5.1.min.js
69.16.175.10200 OK 31 kB URL HTTP/2 code.jquery.com/jquery-3.5.1.min.js
IP 69.16.175.10:0
File type ASCII text, with very long lines (65451)
Hash 3700d0b271343804b9b9aa1c13efa521
3d6b03dbd74872ca3dfbb0529f6c80943788f918
fda7541f8e4cf921d20bcd0dc1d0efe69644c79bd18a0be4ce2f34246c83603e
GET /jquery-3.5.1.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a4.unsub.click/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 30 Nov 2022 05:02:57 GMT
content-encoding: gzip
content-length: 30879
content-type: application/javascript; charset=utf-8
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
accept-ranges: bytes
server: nginx
etag: W/"611feac9-15d84"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1669784577.dop214.sk1.t,1669784577.cds257.sk1.hn,1669784577.cds208.sk1.c
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/axios/dist/axios.min.js
151.101.193.229200 OK 11 kB URL HTTP/2 cdn.jsdelivr.net/npm/axios/dist/axios.min.js
IP 151.101.193.229:0
File type ASCII text, with very long lines (29551)
Hash f0a9161568d0bab7ab3f7f649b84be56
62158ee474dd9b883a279b16e6e8a2485453c53c
c1db28227f92c6cbd89f90bead5b8638835d536679ab2cdf062a50eface64b8f
GET /npm/axios/dist/axios.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a4.unsub.click/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 1.2.0
x-jsd-version-type: version
etag: W/"7396-Wc6sdIzlj1RsovoMRKQah8UZFhA"
content-encoding: gzip
accept-ranges: bytes
date: Wed, 30 Nov 2022 05:02:57 GMT
age: 9748
x-served-by: cache-fra-eddf8230066-FRA, cache-bma1645-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 10832
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 61948e61ea66751d096a36eb8a7a39b4
6580ea6a773f802967e5d68423bdd9fd9c9fd11e
bb419f54a616d5d5b1f977c2aa126f06ee162727d705abdb12c7a7ace3574d6f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2195
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 05:02:57 GMT
Etag: "63869bef-118"
Last-Modified: Wed, 30 Nov 2022 04:26:22 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 280
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
151.101.2.133200 OK 1.5 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
IP 151.101.2.133:0
Hash 0c8655098d0a399f122d55e70287a7ad
b45b1030a742a1ad6d8a39d4668f31dd4853d462
f8970db76cb1709d513a8016fd22d6a920958fab731e50035ffc25a8b91abe94
POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 1462
Content-Type: application/ocsp-response
Etag: "AE29FE625A8DBEAE554F87470F35717E5B42F889"
Expires: Wed, 30 Nov 2022 16:00:00 UTC
Last-Modified: Wed, 30 Nov 2022 04:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
Accept-Ranges: bytes
Date: Wed, 30 Nov 2022 05:02:57 GMT
Via: 1.1 varnish
Age: 2761
X-Served-By: cache-bma1634-BMA
X-Cache: HIT
X-Cache-Hits: 7
X-Timer: S1669784577.106679,VS0,VE0
raw.githubusercontent.com/JulianLaval/canvas-particle-network/master/img/demo-bg.jpg
185.199.109.133200 OK 602 kB URL HTTP/2 raw.githubusercontent.com/JulianLaval/canvas-particle-network/master/img/demo-bg.jpg
IP 185.199.109.133:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=10, manufacturer=NIKON CORPORATION, model=NIKON D300, orientation=upper-left, xresolution=164, yresolution=172, resolutionunit=2, software=GIMP 2.8.6, datetime=2015:10:04 17:29:29], progressive, precision 8, 1920x800, components 3\012- data
Size 602 kB (602293 bytes)
Hash f7b07de7f668fef6027a3c095a47e176
9688287db46646396e5ebe00a925340d1fbca939
56531fd7df750f3e1d52f3aba06c01d9199c7a316188eba97d599611d1991838
GET /JulianLaval/canvas-particle-network/master/img/demo-bg.jpg HTTP/1.1
Host: raw.githubusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a4.unsub.click/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: max-age=300
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
content-type: image/jpeg
etag: W/"3c709cb6d2a1042f364744951944bf5739ac73318a5a3d1aa2e9302b7648f72a"
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
x-github-request-id: 9678:9F84:1104F5:1A8F04:6386B96C
accept-ranges: bytes
date: Wed, 30 Nov 2022 05:02:57 GMT
via: 1.1 varnish
x-served-by: cache-bma1672-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1669784577.080069,VS0,VE105
vary: Authorization,Accept-Encoding,Origin
access-control-allow-origin: *
x-fastly-request-id: 992985081a6344f8feb1c3ae4dd100a09ad84f53
expires: Wed, 30 Nov 2022 05:07:57 GMT
source-age: 0
content-length: 602293
X-Firefox-Spdy: h2
a4.unsub.click/js/main.js
52.76.7.111200 OK 1.3 kB URL HTTP/1.1 a4.unsub.click/js/main.js
IP 52.76.7.111:0
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash 62f3cb62558d7ab7ab8141d2157cbd5f
de604eff07ebe04586760b01d430add2dc96b33a
b50718a5a7c65134f985fcae97134d1d676425496b7fc1b69a30d803843165df
Analyzer Verdict Alert fortinet Malware
GET /js/main.js HTTP/1.1
Host: a4.unsub.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a4.unsub.click/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.10.3 (Ubuntu)
Date: Wed, 30 Nov 2022 05:02:57 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: Express
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Fri, 26 Feb 2021 06:30:23 GMT
ETag: W/"d4f-177dd07f89b"
Vary: Accept-Encoding
Content-Encoding: gzip
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash b887c73aed6c3e40ff6c16c11c2e2922
50ef7184ea758cecbdb5c34450925611b6c95329
0027a2437a75c0ab78e2cd555d6c887ff972cfcd9f1406bcdecb4f5fd97e2dac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0027A2437A75C0AB78E2CD555D6C887FF972CFCD9F1406BCDECB4F5FD97E2DAC"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9270
Expires: Wed, 30 Nov 2022 07:37:27 GMT
Date: Wed, 30 Nov 2022 05:02:57 GMT
Connection: keep-alive
c.mradmind.com/adscript.php?async=p64624x2&wpcn=asm21417102x1669784576132&ref=https%3A%2F%2Fa4.unsub.click%2F&swf=-1&scx=1280&scy=1024&wcx=1280&wcy=939&dcx=280&vis=4&tz=1669784576141&pid=7&gdpr_consent=[consentstring]
85.215.2.54200 OK 2.1 kB URL HTTP/2 c.mradmind.com/adscript.php?async=p64624x2&wpcn=asm21417102x1669784576132&ref=https%3A%2F%2Fa4.unsub.click%2F&swf=-1&scx=1280&scy=1024&wcx=1280&wcy=939&dcx=280&vis=4&tz=1669784576141&pid=7&gdpr_consent=[consentstring]
IP 85.215.2.54:0
File type ASCII text, with very long lines (1223), with CRLF line terminators
Hash 30847f864cc482bb05479a72a6964db6
65789b58649b64b2d31815744d67a844e1e48e0e
4d32945e2f1bdf6ec4d029c147756e535010fad921bdbdba7d32f69df95aede1
GET /adscript.php?async=p64624x2&wpcn=asm21417102x1669784576132&ref=https%3A%2F%2Fa4.unsub.click%2F&swf=-1&scx=1280&scy=1024&wcx=1280&wcy=939&dcx=280&vis=4&tz=1669784576141&pid=7&gdpr_consent=[consentstring] HTTP/1.1
Host: c.mradmind.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a4.unsub.click/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 30 Nov 2022 05:02:57 GMT
server: Apache
last-modified: Wed, 30 Nov 2022 05:02:57 GMT
p3p: policyref="https://help.adspirit.de/w3c/adspirit.p3p", CP="NOI DSP COR NID PSAo PSDo IVAo IVDo OUR STP UNI COM NAV DEM"
cache-control: no-store, no-cache, must-revalidate
expires: 0
pragma: no-cache
access-control-allow-origin: *
x-xss-protection: 0
content-length: 2131
content-type: text/javascript; charset=utf-8
X-Firefox-Spdy: h2
c.mradmind.com/adscript.php?async=p95554x1&wpcn=asm21417102x1669784576132&ref=https%3A%2F%2Fa4.unsub.click%2F&swf=-1&scx=1280&scy=1024&wcx=1280&wcy=939&dcx=280&vis=4&tz=1669784576137&pid=6&gdpr_consent=[consentstring]
85.215.2.54200 OK 316 B URL HTTP/2 c.mradmind.com/adscript.php?async=p95554x1&wpcn=asm21417102x1669784576132&ref=https%3A%2F%2Fa4.unsub.click%2F&swf=-1&scx=1280&scy=1024&wcx=1280&wcy=939&dcx=280&vis=4&tz=1669784576137&pid=6&gdpr_consent=[consentstring]
IP 85.215.2.54:0
File type ASCII text, with very long lines (316), with no line terminators
Hash 030a133549514a2107cca6d3539d7565
c884f3c435ce1d298d7a34fb2e48fec8bf8c143b
3f3d314b898aad8c3c043a82d2cecf51b92e78dfd01ad2db43e5692149c0876c
GET /adscript.php?async=p95554x1&wpcn=asm21417102x1669784576132&ref=https%3A%2F%2Fa4.unsub.click%2F&swf=-1&scx=1280&scy=1024&wcx=1280&wcy=939&dcx=280&vis=4&tz=1669784576137&pid=6&gdpr_consent=[consentstring] HTTP/1.1
Host: c.mradmind.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a4.unsub.click/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 30 Nov 2022 05:02:57 GMT
server: Apache
last-modified: Wed, 30 Nov 2022 05:02:57 GMT
p3p: policyref="https://help.adspirit.de/w3c/adspirit.p3p", CP="NOI DSP COR NID PSAo PSDo IVAo IVDo OUR STP UNI COM NAV DEM"
cache-control: no-store, no-cache, must-revalidate
expires: 0
pragma: no-cache
access-control-allow-origin: *
x-xss-protection: 0
content-length: 316
content-type: text/javascript; charset=utf-8
X-Firefox-Spdy: h2
c.mradmind.com/adscript.php?async=p39039x0&wpcn=asm21417102x1669784576132&ref=https%3A%2F%2Fa4.unsub.click%2F&swf=-1&scx=1280&scy=1024&wcx=1280&wcy=939&dcx=280&vis=4&tz=1669784576135&pid=5&gdpr_consent=[consentstring]
85.215.2.54200 OK 2.2 kB URL HTTP/2 c.mradmind.com/adscript.php?async=p39039x0&wpcn=asm21417102x1669784576132&ref=https%3A%2F%2Fa4.unsub.click%2F&swf=-1&scx=1280&scy=1024&wcx=1280&wcy=939&dcx=280&vis=4&tz=1669784576135&pid=5&gdpr_consent=[consentstring]
IP 85.215.2.54:0
File type ASCII text, with very long lines (1293), with CRLF line terminators
Hash 8d2452ae254d567dd28c5667c667f96f
84c857c3e15987d5f7a7b35521cb49ec97e69690
0c7647205ffb1cb90612defcc0ca68c8129bebf2adb26d79fbd0d4c6fef8ab75
GET /adscript.php?async=p39039x0&wpcn=asm21417102x1669784576132&ref=https%3A%2F%2Fa4.unsub.click%2F&swf=-1&scx=1280&scy=1024&wcx=1280&wcy=939&dcx=280&vis=4&tz=1669784576135&pid=5&gdpr_consent=[consentstring] HTTP/1.1
Host: c.mradmind.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a4.unsub.click/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 30 Nov 2022 05:02:57 GMT
server: Apache
last-modified: Wed, 30 Nov 2022 05:02:57 GMT
p3p: policyref="https://help.adspirit.de/w3c/adspirit.p3p", CP="NOI DSP COR NID PSAo PSDo IVAo IVDo OUR STP UNI COM NAV DEM"
cache-control: no-store, no-cache, must-revalidate
expires: 0
pragma: no-cache
access-control-allow-origin: *
x-xss-protection: 0
content-length: 2203
content-type: text/javascript; charset=utf-8
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash dfd37ae2da5cc16d38d1d0ce5a3af6da
224117ab84ae9dbf57b1be06a30d21cc83dc9de8
2f5c21e10be7edc1f944bec4d1b1036b975bcfd1cc17606fe95c2b00c9fb15e2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2362
Cache-Control: max-age=100521
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 05:02:57 GMT
Etag: "6385c070-117"
Expires: Thu, 01 Dec 2022 08:58:18 GMT
Last-Modified: Tue, 29 Nov 2022 08:18:56 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash dfd37ae2da5cc16d38d1d0ce5a3af6da
224117ab84ae9dbf57b1be06a30d21cc83dc9de8
2f5c21e10be7edc1f944bec4d1b1036b975bcfd1cc17606fe95c2b00c9fb15e2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2362
Cache-Control: max-age=100521
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 05:02:57 GMT
Etag: "6385c070-117"
Expires: Thu, 01 Dec 2022 08:58:18 GMT
Last-Modified: Tue, 29 Nov 2022 08:18:56 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 279
c.mradmind.com/adview.php?tz=166978457790890697tzmacro&&pid=7&kid=1&wmid=1&gdpr_consent=&sid=2&nvc=1&target=-
85.215.2.54200 OK 43 B URL HTTP/2 c.mradmind.com/adview.php?tz=166978457790890697tzmacro&&pid=7&kid=1&wmid=1&gdpr_consent=&sid=2&nvc=1&target=-
IP 85.215.2.54:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 6f81c41597d3f5a336f458822cc0c32a
8cd77a54b38f1fb376b45af2eaab8f5982523b8d
5704a2e9f2f7ce43a79f9b407f1aedcfd50223cbe8bd2f71ff8c5c819e469cbc
GET /adview.php?tz=166978457790890697tzmacro&&pid=7&kid=1&wmid=1&gdpr_consent=&sid=2&nvc=1&target=- HTTP/1.1
Host: c.mradmind.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a4.unsub.click/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 30 Nov 2022 05:02:57 GMT
server: Apache
last-modified: Wed, 30 Nov 2022 05:02:57 GMT
p3p: policyref="https://help.adspirit.de/w3c/adspirit.p3p", CP="NOI DSP COR NID PSAo PSDo IVAo IVDo OUR STP UNI COM NAV DEM"
cache-control: no-store, no-cache, must-revalidate
expires: 0
pragma: no-cache
access-control-allow-origin: *
x-xss-protection: 0
content-length: 43
content-type: image/gif
X-Firefox-Spdy: h2
cdn.mradmind.com/banner/mradmind/10/2022-09-16/0_DUZ_Serio__seUmfragen_280x345.jpg
156.146.33.18200 OK 42 kB URL HTTP/2 cdn.mradmind.com/banner/mradmind/10/2022-09-16/0_DUZ_Serio__seUmfragen_280x345.jpg
IP 156.146.33.18:0
ASN #60068 Datacamp Limited
File type JPEG image data, progressive, precision 8, 280x345, components 3\012- data
Hash ec300518095eb25d248daa736aa73d01
a3dc817ffd27487a5fc62ef30f957e6e5d69118a
70c788ddcc857e7d6de4895dbf76beb3c53195c4c354c3f64f383a4fd5c5eb86
GET /banner/mradmind/10/2022-09-16/0_DUZ_Serio__seUmfragen_280x345.jpg HTTP/1.1
Host: cdn.mradmind.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a4.unsub.click/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 30 Nov 2022 05:02:57 GMT
content-type: image/jpeg
content-length: 42388
last-modified: Fri, 16 Sep 2022 12:43:13 GMT
etag: "d750f9e-a594-5e8cab48e5e1d"
x-accel-expires: @1670732397
server: CDN77-Turbo
x-77-nzt: AZySIRCsPj//lFsBAA
x-77-nzt-ray: f6587a1d63c3132e01e48663cc80c523
x-cache: HIT
x-age: 88980
x-77-pop: frankfurtDE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
c.mradmind.com/adview.php?tz=166978457720813045tzmacro&&pid=5&kid=10&wmid=46&gdpr_consent=&sid=3&target=-
85.215.2.54200 OK 43 B URL HTTP/2 c.mradmind.com/adview.php?tz=166978457720813045tzmacro&&pid=5&kid=10&wmid=46&gdpr_consent=&sid=3&target=-
IP 85.215.2.54:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 6f81c41597d3f5a336f458822cc0c32a
8cd77a54b38f1fb376b45af2eaab8f5982523b8d
5704a2e9f2f7ce43a79f9b407f1aedcfd50223cbe8bd2f71ff8c5c819e469cbc
GET /adview.php?tz=166978457720813045tzmacro&&pid=5&kid=10&wmid=46&gdpr_consent=&sid=3&target=- HTTP/1.1
Host: c.mradmind.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a4.unsub.click/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 30 Nov 2022 05:02:57 GMT
server: Apache
last-modified: Wed, 30 Nov 2022 05:02:57 GMT
p3p: policyref="https://help.adspirit.de/w3c/adspirit.p3p", CP="NOI DSP COR NID PSAo PSDo IVAo IVDo OUR STP UNI COM NAV DEM"
cache-control: no-store, no-cache, must-revalidate
expires: 0
pragma: no-cache
access-control-allow-origin: *
x-xss-protection: 0
content-length: 43
content-type: image/gif
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 8744b420a10a2cf35bc5877b2dff9302
bf5ad501ac3e36bbed35695b59eced04d380b596
455bda3629e55c1730a67d5d82c68e4001f78f8019a755178225624e16076e80
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "455BDA3629E55C1730A67D5D82C68E4001F78F8019A755178225624E16076E80"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6480
Expires: Wed, 30 Nov 2022 06:50:57 GMT
Date: Wed, 30 Nov 2022 05:02:57 GMT
Connection: keep-alive
cdn.mradmind.com/banner/asm_pageview.min.js
156.146.33.18200 OK 744 B URL HTTP/2 cdn.mradmind.com/banner/asm_pageview.min.js
IP 156.146.33.18:0
ASN #60068 Datacamp Limited
File type ASCII text, with very long lines (1958), with no line terminators
Hash 6391bb7ce1a553d1416ce69f1e98d0fa
8f53bf2b08034bcc15fc141206fae2baeb549f1d
be18aa9478631caced44be933a9859a9b79458a5a653ed8e189bde8700ec0f94
GET /banner/asm_pageview.min.js HTTP/1.1
Host: cdn.mradmind.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a4.unsub.click/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 30 Nov 2022 05:02:57 GMT
content-type: text/javascript
last-modified: Tue, 11 Jun 2019 08:31:43 GMT
etag: W/"d6e34d9-7a6-58b08206459c0"
x-accel-expires: @1670495641
server: CDN77-Turbo
x-77-nzt: AZySIRB9epv/aPgEAA
x-77-nzt-ray: f6587a1d63c3132e01e486634f67ed22
x-cache: HIT
x-age: 325736
x-77-pop: frankfurtDE
x-77-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
c.mradmind.com/adpageview.php?&wsid=3&sid=2&sid2=0&sid3=0&gdpr_consent=&tz=1669784576639
85.215.2.54200 OK 43 B URL HTTP/2 c.mradmind.com/adpageview.php?&wsid=3&sid=2&sid2=0&sid3=0&gdpr_consent=&tz=1669784576639
IP 85.215.2.54:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 6f81c41597d3f5a336f458822cc0c32a
8cd77a54b38f1fb376b45af2eaab8f5982523b8d
5704a2e9f2f7ce43a79f9b407f1aedcfd50223cbe8bd2f71ff8c5c819e469cbc
GET /adpageview.php?&wsid=3&sid=2&sid2=0&sid3=0&gdpr_consent=&tz=1669784576639 HTTP/1.1
Host: c.mradmind.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a4.unsub.click/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 30 Nov 2022 05:02:57 GMT
server: Apache
last-modified: Wed, 30 Nov 2022 05:02:57 GMT
p3p: policyref="https://help.adspirit.de/w3c/adspirit.p3p", CP="NOI DSP COR NID PSAo PSDo IVAo IVDo OUR STP UNI COM NAV DEM"
cache-control: no-store, no-cache, must-revalidate
expires: 0
pragma: no-cache
access-control-allow-origin: *
x-xss-protection: 0
content-length: 43
content-type: image/gif
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 72e278c32e6d5f06a97a7c36dfe35514
f5d9c5bb4a10ea9bfb7f829dcff2a3fc7298397e
fe9de8dbde2a414f1a4ff1b02b923be949c46ddfabc7e4324955e3de70c4916b
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 30 Nov 2022 05:02:57 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Mon, 28 Nov 2022 00:52:21 GMT
Expires: Mon, 05 Dec 2022 00:52:20 GMT
Etag: "f5d9c5bb4a10ea9bfb7f829dcff2a3fc7298397e"
Cache-Control: max-age=416362,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 772108aaecf1b503-OSL
fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
139.45.195.254200 OK 12 B URL HTTP/1.1 fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
IP 139.45.195.254:0
File type JSON data\012- , ASCII text, with no line terminators
Hash adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed
Analyzer Verdict Alert quad9 Sinkholed
POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f HTTP/1.1
Host: fleraprt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1225
Origin: https://a4.unsub.click
Connection: keep-alive
Referer: https://a4.unsub.click/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Wed, 30 Nov 2022 05:03:00 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://a4.unsub.click
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
ocsp.sca1b.amazontrust.com/
143.204.42.88200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.88:0
Hash b4c1ad4df98f00c4e2638ff87baf309f
9480420fcdfffb8bdf514c2341b02bf08e928882
e1b03d0faa408bbdc1c70124b00d57fc83b95c3a26c53b6f8233dc533c08efee
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 30 Nov 2022 05:02:57 GMT
Last-Modified: Wed, 30 Nov 2022 04:21:09 GMT
Server: ECS (bsa/EB16)
X-Cache: Miss from cloudfront
Via: 1.1 71c98156ae29b36a903974f9dd2568f8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: iMQky0_OEpTOdQNcgWdxt_Cx6jwxwWddHbancCNkhSkzW1YaKRVntw==
Age: 2508
d.adup-tech.com/newsletter/ad.jpg?p_id=4977&s_id=2842&key=%token%&rank=1
3.122.200.172200 OK 43 B URL HTTP/2 d.adup-tech.com/newsletter/ad.jpg?p_id=4977&s_id=2842&key=%token%&rank=1
IP 3.122.200.172:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /newsletter/ad.jpg?p_id=4977&s_id=2842&key=%token%&rank=1 HTTP/1.1
Host: d.adup-tech.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a4.unsub.click/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 30 Nov 2022 05:02:57 GMT
content-type: image/gif
content-length: 43
server: nginx
pragma: no-cache
cache-control: must-revalidate, no-cache, no-store
expires: Thu, 01 Jan 1970 00:00:00 GMT
X-Firefox-Spdy: h2
agaenteitor.com/500/4697450?excludes=&oaid=86689a6382ff49679445980adc9e8133&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fa4.unsub.click%2F&drf=https%3A%2F%2Fclick.emailforyou.co.uk%2F&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.239200 OK 0 B URL HTTP/2 agaenteitor.com/500/4697450?excludes=&oaid=86689a6382ff49679445980adc9e8133&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fa4.unsub.click%2F&drf=https%3A%2F%2Fclick.emailforyou.co.uk%2F&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.239:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /500/4697450?excludes=&oaid=86689a6382ff49679445980adc9e8133&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fa4.unsub.click%2F&drf=https%3A%2F%2Fclick.emailforyou.co.uk%2F&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: agaenteitor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://a4.unsub.click/
Origin: https://a4.unsub.click
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 05:02:57 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://a4.unsub.click
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 3d3db1701969a90e0df7e3fed5bd9d15
3b21dad117223210baa37dcddb7e24a70693a980
db3baa5c8749ec64e209dafb551526f098b2063b5247d2e9d6ac81057281afbf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DB3BAA5C8749EC64E209DAFB551526F098B2063B5247D2E9D6AC81057281AFBF"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12688
Expires: Wed, 30 Nov 2022 08:34:26 GMT
Date: Wed, 30 Nov 2022 05:02:58 GMT
Connection: keep-alive
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 654474a27205008223bd605d2e14fd45
67cba23be2af64131c6d7490b030931262c37a59
b5408b8ea1134f534b43625de84ff46cbb6e4c493a87dd28da9f3c43b7e0fbb3
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 30 Nov 2022 05:02:58 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 29 Nov 2022 17:21:36 GMT
Expires: Tue, 06 Dec 2022 17:21:35 GMT
Etag: "67cba23be2af64131c6d7490b030931262c37a59"
Cache-Control: max-age=562116,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 772108acba7ab506-OSL
agaenteitor.com/500/4697450?excludes=&oaid=86689a6382ff49679445980adc9e8133&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fa4.unsub.click%2F&drf=https%3A%2F%2Fclick.emailforyou.co.uk%2F&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.239200 OK 44 kB URL HTTP/2 agaenteitor.com/500/4697450?excludes=&oaid=86689a6382ff49679445980adc9e8133&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fa4.unsub.click%2F&drf=https%3A%2F%2Fclick.emailforyou.co.uk%2F&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.239:0
Hash 15fe57b5ab734bbe14a689221fe59660
39c608056de7fdda1a4dd654a9b717fcf2fab29d
8883d1b3acaccafeaf4463f167bafa926dfc3eaea0442b5ae879ae06b152bc93
GET /500/4697450?excludes=&oaid=86689a6382ff49679445980adc9e8133&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fa4.unsub.click%2F&drf=https%3A%2F%2Fclick.emailforyou.co.uk%2F&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: agaenteitor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://a4.unsub.click
Connection: keep-alive
Referer: https://a4.unsub.click/
Cookie: OAID=fde2ee99377c4836883bbf8e15413ef0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 05:02:58 GMT
content-type: application/javascript
x-trace-id: 7a4ae6a2d88843e2386e68b943ebc2b9
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://a4.unsub.click
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=86689a6382ff49679445980adc9e8133; expires=Thu, 30 Nov 2023 05:02:57 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 654474a27205008223bd605d2e14fd45
67cba23be2af64131c6d7490b030931262c37a59
b5408b8ea1134f534b43625de84ff46cbb6e4c493a87dd28da9f3c43b7e0fbb3
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 30 Nov 2022 05:02:58 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 29 Nov 2022 17:21:36 GMT
Expires: Tue, 06 Dec 2022 17:21:35 GMT
Etag: "67cba23be2af64131c6d7490b030931262c37a59"
Cache-Control: max-age=562116,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 772108acadd3b503-OSL
onmarshtompor.com/?rb=qWj3rUU7fkJZxQEPX9hQf9886e90pRg3Jpxg6NHcaEw8xckWkrBPTnd3deiE18WedrIjN2Gg934Ml-br9TapBliYCjAmdKxNyi2fimYBIBrAeFCN34lFzBKpemF-07ffqfIOlXWK9aYy_MwAhbfhxC5esVJSibpi7-tAhahzq2LcXd1CzrEPrRI0eGA0dsvESks1nTC_aW72eZrN7cvt0nxgXA94jZD8MkmtwTZoeB8G5FRl&request_ab2=96002&zoneid=4697451&js_build=iclick-v1.454.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wih=939&wiw=1280&wfc=1&pl=https%3A%2F%2Fa4.unsub.click%2F&drf=https%3A%2F%2Fclick.emailforyou.co.uk%2F&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.454.0&bs=ca299768-3d82-4ceb-921c-f36262a6847f&userId=86689a6382ff49679445980adc9e8133&m=link
139.45.197.243200 OK 1.9 kB URL HTTP/2 onmarshtompor.com/?rb=qWj3rUU7fkJZxQEPX9hQf9886e90pRg3Jpxg6NHcaEw8xckWkrBPTnd3deiE18WedrIjN2Gg934Ml-br9TapBliYCjAmdKxNyi2fimYBIBrAeFCN34lFzBKpemF-07ffqfIOlXWK9aYy_MwAhbfhxC5esVJSibpi7-tAhahzq2LcXd1CzrEPrRI0eGA0dsvESks1nTC_aW72eZrN7cvt0nxgXA94jZD8MkmtwTZoeB8G5FRl&request_ab2=96002&zoneid=4697451&js_build=iclick-v1.454.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wih=939&wiw=1280&wfc=1&pl=https%3A%2F%2Fa4.unsub.click%2F&drf=https%3A%2F%2Fclick.emailforyou.co.uk%2F&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.454.0&bs=ca299768-3d82-4ceb-921c-f36262a6847f&userId=86689a6382ff49679445980adc9e8133&m=link
IP 139.45.197.243:0
File type JSON data\012- , ASCII text, with very long lines (2406), with no line terminators
Hash e3a42a195aaf63cd79b6cd0600bdaf4c
6b430de019abdab972568ee4cba01694186bf447
b93a85d53b87f4074d4a45fe6640957a572112a0745f707f809521bbcca3092a
GET /?rb=qWj3rUU7fkJZxQEPX9hQf9886e90pRg3Jpxg6NHcaEw8xckWkrBPTnd3deiE18WedrIjN2Gg934Ml-br9TapBliYCjAmdKxNyi2fimYBIBrAeFCN34lFzBKpemF-07ffqfIOlXWK9aYy_MwAhbfhxC5esVJSibpi7-tAhahzq2LcXd1CzrEPrRI0eGA0dsvESks1nTC_aW72eZrN7cvt0nxgXA94jZD8MkmtwTZoeB8G5FRl&request_ab2=96002&zoneid=4697451&js_build=iclick-v1.454.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wih=939&wiw=1280&wfc=1&pl=https%3A%2F%2Fa4.unsub.click%2F&drf=https%3A%2F%2Fclick.emailforyou.co.uk%2F&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.454.0&bs=ca299768-3d82-4ceb-921c-f36262a6847f&userId=86689a6382ff49679445980adc9e8133&m=link HTTP/1.1
Host: onmarshtompor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://a4.unsub.click/
Origin: https://a4.unsub.click
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 05:02:58 GMT
content-type: application/json
x-trace-id: b6c7f1101a7abaced30ce37e327f952c
access-control-allow-origin: https://a4.unsub.click
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=86689a6382ff49679445980adc9e8133; expires=Thu, 30 Nov 2023 05:02:58 GMT; path=/; secure; SameSite=None
oaidts=1669784578; expires=Thu, 30 Nov 2023 05:02:58 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Wed, 07 Dec 2022 05:02:58 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
unpkg.com/axios/dist/axios.min.js
104.16.125.175302 Found 52 B URL HTTP/2 unpkg.com/axios/dist/axios.min.js
IP 104.16.125.175:0
File type ASCII text, with no line terminators
Hash a33813541f88173f42b9aaa5e421d523
fb31daaba841a43693d755587704a9948f23e4eb
eee418cfaf538c83ec5a78ee0e4b2fac096067b8a0ca01265efe69dbc859eab3
GET /axios/dist/axios.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a4.unsub.click/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Wed, 30 Nov 2022 05:02:57 GMT
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: public, s-maxage=600, max-age=60
location: /axios@1.2.0/dist/axios.min.js
vary: Accept, Accept-Encoding
via: 1.1 fly.io
fly-request-id: 01GK3EHWK4SKC76H1X033VNF54-ams
cf-cache-status: HIT
age: 111
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 772108a6995cb500-OSL
X-Firefox-Spdy: h2
litrif.com/cnty/whereami
18.140.98.203200 OK 197 B IP 18.140.98.203:0
File type JSON data\012- , Unicode text, UTF-8 text, with no line terminators
Hash 153be322880531891f73fd6176124444
0a6a3ce391e1c481dbcd4ea24c025fa696600e85
c9a4b406116bac1c1f2698c6db5f2323e41b5ba190ea101c51d32d27030be3a6
GET /cnty/whereami HTTP/1.1
Host: litrif.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
authorization: Basic c21zbHV4LmRlOjEyMzQ1
Origin: https://a4.unsub.click
Connection: keep-alive
Referer: https://a4.unsub.click/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 30 Nov 2022 05:02:58 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 197
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: *
ETag: W/"c5-Cmo845HhxIHbzU6iTAJfppZgDoU"
iclickcdn.com/tag.min.js
172.67.75.9200 OK 0 B IP 172.67.75.9:0
GET /tag.min.js HTTP/1.1
Host: iclickcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a4.unsub.click/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 30 Nov 2022 05:02:57 GMT
content-type: text/javascript; charset=utf-8
x-trace-id: 4d629bd356cb936add81128e02f7ab9c
cache-control: max-age=86400
last-modified: Wed, 23 Nov 2022 10:04:39 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
expires: Wed, 30 Nov 2022 06:02:30 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 82827
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GM7yTxFuyw52UOUZzstnEq1CVki8%2BbseYFw6MzfiyOoJQosq%2BbnEa2PODcd0db03%2BwVmACsOJLZd6C6nOojPP6zORy6cqX0AGBcK8anNmJGUaxu7mWBzJlDs0Lymc%2F4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 772108a6c8600b31-OSL
content-encoding: br
X-Firefox-Spdy: h2
agaenteitor.com/400/4697450
139.45.197.239200 OK 0 B URL HTTP/2 agaenteitor.com/400/4697450
IP 139.45.197.239:0
GET /400/4697450 HTTP/1.1
Host: agaenteitor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a4.unsub.click/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 05:02:57 GMT
content-type: application/javascript
x-trace-id: 3544d9dbb0999f887172eb1810945de6
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=fde2ee99377c4836883bbf8e15413ef0; expires=Thu, 30 Nov 2023 05:02:57 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.mradmind.com/adasync.min.js
156.146.33.18200 OK 0 B URL HTTP/2 cdn.mradmind.com/adasync.min.js
IP 156.146.33.18:0
ASN #60068 Datacamp Limited
GET /adasync.min.js HTTP/1.1
Host: cdn.mradmind.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a4.unsub.click/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 30 Nov 2022 05:02:57 GMT
content-type: text/javascript
last-modified: Fri, 21 May 2021 20:05:52 GMT
etag: W/"d6a062a-825c-5c2dc9631e800"
x-accel-expires: @1670710359
server: CDN77-Turbo
x-77-nzt: AZySIRB5X6r/qrEBAA
x-77-nzt-ray: f6587a1d63c3132e01e486632bd9760a
x-cache: HIT
x-age: 111018
x-77-pop: frankfurtDE
x-77-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
tzegilo.com/stattag.js
104.21.84.149200 OK 0 B IP 104.21.84.149:0
GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a4.unsub.click/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 30 Nov 2022 05:02:57 GMT
content-type: application/javascript
last-modified: Wed, 23 Nov 2022 15:07:42 GMT
etag: W/"637e373e-32a6"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 2776
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YSXAOiYjQKQIveO%2FnQuz6rRdjcu%2BFgXycA3N1vHIVky6jzW5bv32SA3I1xpX3awCnKcHUj0kks%2FqrsC5QPNs8E%2Bo91y%2BAlHZzTNFH850TDzwfdwe22ksY%2BnQInlQww%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 772108a9fa6f0b69-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Oswald:400,300,700
142.250.74.106200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Oswald:400,300,700
IP 142.250.74.106:0
GET /css?family=Oswald:400,300,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://click.emailforyou.co.uk/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 30 Nov 2022 05:02:54 GMT
date: Wed, 30 Nov 2022 05:02:54 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
unpkg.com/axios@1.2.0/dist/axios.min.js
104.16.125.175200 OK 0 B URL HTTP/2 unpkg.com/axios@1.2.0/dist/axios.min.js
IP 104.16.125.175:0
GET /axios@1.2.0/dist/axios.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://a4.unsub.click/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 30 Nov 2022 05:02:57 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: W/"7396-Wc6sdIzlj1RsovoMRKQah8UZFhA"
via: 1.1 fly.io
fly-request-id: 01GJGC0D1SRCGJTEVMAF435H8Z-ams
cf-cache-status: HIT
age: 640315
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 772108a6d984b500-OSL
content-encoding: br
X-Firefox-Spdy: h2