urlquery - report: bbcc-glo.webgodigital.com/t/clk

Fully Qualifying Domain Name	Rank	First Seen	Last Seen	IP	Comment
cdn.addlnk.com (1)	246074	2020-10-20 09:38:38 UTC	2022-09-26 13:40:15 UTC	104.21.20.70
ocsp.sca1b.amazontrust.com (1)	1015	2017-03-03 15:20:51 UTC	2019-03-27 04:05:54 UTC	143.204.42.88
ocsp.godaddy.com (1)	698	2012-05-20 19:28:57 UTC	2022-09-26 04:29:02 UTC	192.124.249.36
admoustache.go2affise.com (1)	84756	2017-05-04 20:13:42 UTC	2022-09-26 12:53:39 UTC	34.91.27.112
myofferplus.com (1)	0	2016-05-08 22:20:02 UTC	2022-09-26 16:52:28 UTC	172.67.217.200	Unknown ranking
img-getpocket.cdn.mozilla.net (6)	1631	2017-09-01 03:40:57 UTC	2022-09-27 04:53:17 UTC	34.120.237.76
ocsp.sectigo.com (1)	487	2018-12-17 11:31:55 UTC	2022-09-27 05:02:33 UTC	104.18.32.68
ad.marootrack.co (1)	0	2022-03-13 12:22:16 UTC	2022-09-27 05:29:06 UTC	65.60.58.179	Unknown ranking
bbcc-glo.webgodigital.com (1)	0	2022-06-03 07:04:24 UTC	2022-09-26 07:04:04 UTC	3.71.126.115	Unknown ranking
r3.o.lencr.org (4)	344	2020-12-02 08:52:13 UTC	2022-09-27 04:12:16 UTC	23.36.76.226
so-glo.yoptv33.com (1)	0	2022-06-02 19:12:53 UTC	2022-09-27 01:06:06 UTC	3.71.126.115	Unknown ranking
ocsp.digicert.com (1)	86	2012-05-21 07:02:23 UTC	2022-09-27 04:15:00 UTC	93.184.220.29
firefox.settings.services.mozilla.com (2)	867	2020-05-28 17:26:30 UTC	2022-09-27 05:44:40 UTC	143.204.55.27
content-signature-2.cdn.mozilla.net (1)	1152	2020-11-03 12:26:46 UTC	2022-09-27 04:13:22 UTC	143.204.55.35
go.monetizer.mobi (6)	0	2016-04-21 22:02:55 UTC	2022-09-27 05:00:08 UTC	198.143.165.221	Unknown ranking
contile.services.mozilla.com (1)	1114	2021-05-27 18:32:35 UTC	2022-09-26 04:28:07 UTC	34.117.237.239
push.services.mozilla.com (1)	2140	2015-09-03 10:29:36 UTC	2022-09-27 05:14:54 UTC	54.148.190.4
www.wewillserv.com (3)	277919	2022-01-13 13:49:54 UTC	2022-09-27 04:52:31 UTC	51.68.81.31

Scan Date	Severity	Indicator	Comment
2022-09-27	2	bbcc-glo.webgodigital.com/t/clk	Malware
2022-09-27	2	ad.marootrack.co/sw.js?v=1654466343142	Malware

Date	UQ / IDS / BL	URL	IP
2022-10-08 15:29:14 +0000	0 - 0 - 3	rmut-glo.passionsearchnews.com/t/clk?id=qk49u (...)	52.58.131.39
2022-10-08 04:55:17 +0000	0 - 0 - 4	rmut-glo.passionsearchnews.com/t/clk	52.58.131.39
2022-10-08 02:30:39 +0000	0 - 0 - 2	rmut-glo.passionsearchnews.com/t/clk?id=qk49u (...)	52.58.131.39
2022-10-07 05:04:20 +0000	0 - 0 - 1	lltl-glo.usethisprice.com/t/clk	52.58.131.39
2022-10-06 12:58:27 +0000	0 - 0 - 1	rmut-glo.azurservers.com/t/clk	52.58.131.39

Date	UQ / IDS / BL	URL	IP
2023-01-31 11:00:46 +0000	0 - 2 - 0	d23iz4esrwkib6.cloudfront.net/logitech/contro (...)	54.230.245.161
2023-01-31 10:57:28 +0000	0 - 1 - 5	track.writive-resica.com/118533fe-4514-4e37-a (...)	18.195.128.171
2023-01-31 10:56:19 +0000	0 - 0 - 0	verifyvasp.com/	54.230.111.35
2023-01-31 10:56:00 +0000	0 - 2 - 0	qrco.de/bdXJEg	54.230.111.110
2023-01-31 10:54:38 +0000	0 - 0 - 6	furned-mashorses.com/065ff2f0-9aa4-4665-9f72- (...)	18.193.235.10

Date	UQ / IDS / BL	URL	IP
2022-09-27 07:04:19 +0000	0 - 0 - 2	bbcc-glo.webgodigital.com/t/clk	52.58.131.39

Date	UQ / IDS / BL	URL	IP
2023-01-31 08:16:29 +0000	0 - 0 - 0	ligationspoke.com/0/0/0/a5d75ae361926caadd638 (...)	193.68.89.60
2023-01-31 01:43:33 +0000	0 - 0 - 1	inoinxlahbf.patricksaulo.com/t/frqhexaxn/r915 (...)	95.182.122.125
2023-01-25 01:33:53 +0000	0 - 0 - 1	fastrak.evansville.net/email_blindpuma.php?PC (...)	72.18.130.162
2023-01-24 07:40:55 +0000	0 - 0 - 2	u14751366.ct.sendgrid.net/ls/click?upn=ei6Kkw (...)	167.89.118.28
2023-01-24 07:39:51 +0000	0 - 0 - 2	u14751366.ct.sendgrid.net/ls/click?upn=ei6Kkw (...)	167.89.115.121

Request	Response
GET /t/clk HTTP/1.1 Host: bbcc-glo.webgodigital.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Upgrade-Insecure-Requests: 1	URL: bbcc-glo.webgodigital.com/t/clk FQDN: bbcc-glo.webgodigital.com IP: 3.71.126.115 HASH: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 3.71.126.115 HTTP/1.1 302 Found Content-Type: text/html; charset=utf-8 Date: Tue, 27 Sep 2022 07:04:08 GMT Content-Length: 0 Connection: keep-alive Server: nginx/1.12.2 Location: https://so-glo.yoptv33.com/t/clk?id=DQqT5fxjrUGKRmCl&rl=Dkxpn&rcode=R09&rseq=R09,R99,R98 Vary: Cookie, Origin --- Additional Info --- Magic: Size: 0 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Alerts: Blocklists: - fortinet: Malware
GET /v1/ HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: firefox.settings.services.mozilla.com/v1/ FQDN: firefox.settings.services.mozilla.com IP: 143.204.55.27 HASH: 73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551 143.204.55.27 HTTP/1.1 200 OK Content-Type: application/json Content-Length: 939 Connection: keep-alive Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Type, Alert, Backoff, Retry-After, Content-Length Cache-Control: max-age=3600 Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; Date: Tue, 27 Sep 2022 06:15:30 GMT X-Content-Type-Options: nosniff X-Cache: Hit from cloudfront Via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront) X-Amz-Cf-Pop: OSL50-C1 X-Amz-Cf-Id: 9hGQHf17i6AqjWq3oHs-Ne99zvySZ0uqdMMbEgK-QycFkrlBlu_iMg== Age: 2918 --- Additional Info --- Magic: JSON data\012- , ASCII text, with very long lines (939), with no line terminators Size: 939 Md5: 2d12f67fe57a87e7366b662d153a5582 Sha1: d7b02d81cc74f24a251d9363e0f4b0a149264ec1 Sha256: 73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.76.226 HASH: 4397e6b45b5822fbab9b83abe0b96ee70efba7cd2160b51936159865ede5fdb1 23.36.76.226 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "4397E6B45B5822FBAB9B83ABE0B96EE70EFBA7CD2160B51936159865EDE5FDB1" Last-Modified: Sun, 25 Sep 2022 18:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=8946 Expires: Tue, 27 Sep 2022 09:33:14 GMT Date: Tue, 27 Sep 2022 07:04:08 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: d2560f62890e75b8de444fed96c22f52 Sha1: 334ce0c48e606ee029f31eeb1463af87b1024bb9 Sha256: 4397e6b45b5822fbab9b83abe0b96ee70efba7cd2160b51936159865ede5fdb1
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1 Host: content-signature-2.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site	URL: content-signature-2.cdn.mozilla.net/chains/remote-setti (...) FQDN: content-signature-2.cdn.mozilla.net IP: 143.204.55.35 HASH: b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770 143.204.55.35 HTTP/2 200 OK content-type: binary/octet-stream content-length: 5348 date: Mon, 26 Sep 2022 09:17:07 GMT last-modified: Sat, 10 Sep 2022 18:47:45 GMT etag: "6113f8408c59aebe188d6af273b90743" content-disposition: attachment accept-ranges: bytes server: AmazonS3 x-cache: Hit from cloudfront via: 1.1 814e8c24454087e83cd261a6cf477166.cloudfront.net (CloudFront) x-amz-cf-pop: OSL50-C1 x-amz-cf-id: IZ9QK4Df055whNFvoy3XZcI0jJ9teDldfv2QOclm_uvCYW6B_wWleA== age: 78422 X-Firefox-Spdy: h2 --- Additional Info --- Magic: PEM certificate\012- , ASCII text Size: 5348 Md5: 6113f8408c59aebe188d6af273b90743 Sha1: 7398873bf00f99944eaa77ad3ebc0d43c23dba6b Sha256: b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /v1/tiles HTTP/1.1 Host: contile.services.mozilla.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: contile.services.mozilla.com/v1/tiles FQDN: contile.services.mozilla.com IP: 34.117.237.239 HASH: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3 34.117.237.239 HTTP/2 200 OK content-type: application/json server: nginx date: Tue, 27 Sep 2022 07:04:08 GMT content-length: 12 strict-transport-security: max-age=31536000 via: 1.1 google alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JSON data\012- , ASCII text, with no line terminators Size: 12 Md5: 23e88fb7b99543fb33315b29b1fad9d6 Sha1: a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
POST / HTTP/1.1 Host: ocsp.sca1b.amazontrust.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: ocsp.sca1b.amazontrust.com/ FQDN: ocsp.sca1b.amazontrust.com IP: 143.204.42.88 HASH: 4465f1d030be739d1f111b6c3811c2925997dd20e330c7e41abe3d69f1c4226a 143.204.42.88 HTTP/1.1 200 OK Content-Type: application/ocsp-response Content-Length: 471 Connection: keep-alive Cache-Control: 'max-age=158059' Date: Tue, 27 Sep 2022 07:04:08 GMT Server: ECS (dcb/7EC9) X-Cache: Miss from cloudfront Via: 1.1 a9120cc3ff449047c990e82a4d5566ba.cloudfront.net (CloudFront) X-Amz-Cf-Pop: OSL50-C1 X-Amz-Cf-Id: vhg17G6uPYZyHwh2bU6NgcT9W4Q_gcMQt5oVrN5hbTOwyAyvsMhFYA== --- Additional Info --- Magic: data Size: 471 Md5: 53a9e2273b299b9f4b72749b85699599 Sha1: 5e55ec2164eb8fea16d96731c6a4cc93e8094ad2 Sha256: 4465f1d030be739d1f111b6c3811c2925997dd20e330c7e41abe3d69f1c4226a
GET /t/clk?id=DQqT5fxjrUGKRmCl&rl=Dkxpn&rcode=R09&rseq=R09,R99,R98 HTTP/1.1 Host: so-glo.yoptv33.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: none Sec-Fetch-User: ?1	URL: so-glo.yoptv33.com/t/clk?id=DQqT5fxjrUGKRmCl&rl=Dkxpn&r (...) FQDN: so-glo.yoptv33.com IP: 3.71.126.115 HASH: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 3.71.126.115 HTTP/2 302 Found content-type: text/html; charset=utf-8 date: Tue, 27 Sep 2022 07:04:08 GMT content-length: 0 location: https://go.monetizer.mobi/?utm_medium=ec4eee60be986151ad56a07d62a9c3fe7802b9db&utm_campaign=mainstream2021&1=1&cid=b7dcc5d5-1d54-423a-a235-ac6d4b42343e server: nginx/1.12.2 cache-control: no-transform x-frame-options: SAMEORIGIN vary: Cookie, Origin set-cookie: uip="[\"BRn0DX\"\054 {\"aQZJ9\": \"Boarqv9\"}]:1od4dU:VMb0xLsfCRhvNL0RzBT-BigW8dI"; expires=Thu, 27 Oct 2022 07:04:08 GMT; Max-Age=2592000; Path=/ ydt_69a756d9a2a44370a5365f82fbdfa6e5="[\"b7dcc5d5-1d54-423a-a235-ac6d4b42343e\"]:1od4dU:CsgPpH0HDobYshjPsGY6XenxNFY"; expires=Thu, 27 Oct 2022 09:04:08 GMT; Max-Age=2599200; Path=/; SameSite=None; Secure X-Firefox-Spdy: h2 --- Additional Info --- Magic: Size: 0 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: application/json Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: application/json Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: firefox.settings.services.mozilla.com/v1/buckets/main/c (...) FQDN: firefox.settings.services.mozilla.com IP: 143.204.55.27 HASH: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300 143.204.55.27 HTTP/1.1 200 OK Content-Type: application/json Content-Length: 329 Connection: keep-alive Access-Control-Allow-Origin: * Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT Strict-Transport-Security: max-age=31536000 X-Content-Type-Options: nosniff Date: Tue, 27 Sep 2022 06:10:46 GMT Cache-Control: max-age=3600, max-age=3600 Expires: Tue, 27 Sep 2022 06:52:02 GMT ETag: "1648230346554" X-Cache: Hit from cloudfront Via: 1.1 a7d2a4ec2f50830f128dc406960aef9a.cloudfront.net (CloudFront) X-Amz-Cf-Pop: OSL50-C1 X-Amz-Cf-Id: pF3fPJ9MC7FT98RNwq_buVkIVxfpKjjA16e4RYuFh72FWwVBzgTOew== Age: 3202 --- Additional Info --- Magic: JSON data\012- , ASCII text, with very long lines (329), with no line terminators Size: 329 Md5: 0333b0655111aa68de771adfcc4db243 Sha1: 63f295a144ac87a7c8e23417626724eeca68a7eb Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
POST / HTTP/1.1 Host: ocsp.digicert.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: ocsp.digicert.com/ FQDN: ocsp.digicert.com IP: 93.184.220.29 HASH: 5c95ba48bc342887b4f7ef697bd4def50f6f2f472f654169179e5ac44df883d9 93.184.220.29 HTTP/1.1 200 OK Content-Type: application/ocsp-response Accept-Ranges: bytes Age: 925 Cache-Control: 'max-age=158059' Date: Tue, 27 Sep 2022 07:04:09 GMT Last-Modified: Tue, 27 Sep 2022 06:48:44 GMT Server: ECS (ska/F713) X-Cache: HIT Content-Length: 471 --- Additional Info --- Magic: data Size: 471 Md5: 5adb7eb1d103eadeeafac36e663ffdd3 Sha1: 23b784388dd634fa736cd60aed71570661e73d02 Sha256: 5c95ba48bc342887b4f7ef697bd4def50f6f2f472f654169179e5ac44df883d9
GET / HTTP/1.1 Host: push.services.mozilla.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Sec-WebSocket-Version: 13 Origin: wss://push.services.mozilla.com/ Sec-WebSocket-Protocol: push-notification Sec-WebSocket-Extensions: permessage-deflate Sec-WebSocket-Key: yPUYYyU3XLgFHlEFzhfeyw== Connection: keep-alive, Upgrade Sec-Fetch-Dest: websocket Sec-Fetch-Mode: websocket Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache Upgrade: websocket	URL: push.services.mozilla.com/ FQDN: push.services.mozilla.com IP: 54.148.190.4 HASH: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 54.148.190.4 HTTP/1.1 101 Switching Protocols Connection: Upgrade Upgrade: websocket Sec-WebSocket-Accept: WgdqFIlhjf5PrTjfV53qgrWLij0= --- Additional Info --- Magic: Size: 0 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1 Host: go.monetizer.mobi User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://go.monetizer.mobi/?utm_term=7147951931439185935&ver=4viyaptcjo&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b84 Cookie: u=8070bd4ccce567b97cf7a2b71016df14 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin TE: trailers	URL: go.monetizer.mobi/favicon.ico FQDN: go.monetizer.mobi IP: 198.143.165.221 HASH: b1d7aef06456fe7431124129a28f0138bb5fccfa4f4161e3087de23c005e5edc 198.143.165.221 HTTP/2 200 OK content-type: image/x-icon server: nginx date: Tue, 27 Sep 2022 07:04:09 GMT content-length: 1150 last-modified: Wed, 31 Jul 2019 07:48:51 GMT etag: "5d4147e3-47e" expires: Wed, 28 Sep 2022 07:04:09 GMT cache-control: max-age=86400 strict-transport-security: max-age=31536000; includeSubdomains; accept-ranges: bytes X-Firefox-Spdy: h2 --- Additional Info --- Magic: MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data Size: 1150 Md5: 91abe01116ab422c598e9c8af72cf4da Sha1: 0f2815fe8e067d48537ad168225ab4674271fa27 Sha256: b1d7aef06456fe7431124129a28f0138bb5fccfa4f4161e3087de23c005e5edc
GET /sw.js?v=1664262247501 HTTP/1.1 Host: go.monetizer.mobi User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Service-Worker: script Connection: keep-alive Cookie: u=8070bd4ccce567b97cf7a2b71016df14 Sec-Fetch-Dest: serviceworker Sec-Fetch-Mode: same-origin Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers	URL: go.monetizer.mobi/sw.js?v=1664262247501 FQDN: go.monetizer.mobi IP: 198.143.165.221 HASH: 70d55f6e4bab19ae4b3cc61642e88a78a599b060c72d10c15c5f937e34305ee9 198.143.165.221 HTTP/2 200 OK content-type: application/javascript server: nginx date: Tue, 27 Sep 2022 07:04:09 GMT content-length: 775 last-modified: Fri, 23 Sep 2022 11:12:42 GMT vary: Accept-Encoding etag: "632d94aa-307" content-encoding: gzip content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src ; style-src 'unsafe-inline'; X-Firefox-Spdy: h2 --- Additional Info --- Magic: ASCII text Size: 775 Md5: de06f24ba6d6b0c514015a9847dace54 Sha1: c9662e4339d4f72af3526b21d4d6d68df21b0ba9 Sha256: 70d55f6e4bab19ae4b3cc61642e88a78a599b060c72d10c15c5f937e34305ee9
GET /proc.php?2206f55a2b1973cb6a8daef58d7279ff27546951 HTTP/1.1 Host: go.monetizer.mobi User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://go.monetizer.mobi/?utm_term=7147951931439185935&ver=4viyaptcjo&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b84 Cookie: u=8070bd4ccce567b97cf7a2b71016df14 Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: same-origin TE: trailers	URL: go.monetizer.mobi/proc.php?2206f55a2b1973cb6a8daef58d72 (...) FQDN: go.monetizer.mobi IP: 198.143.165.221 HASH: 6fd68df587f9a3c1fa8bdfd015782dc69cfba538a29a67590f165628d6679b12 198.143.165.221 HTTP/2 200 OK content-type: text/html; charset=UTF-8 server: nginx date: Tue, 27 Sep 2022 07:04:09 GMT location: https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7147951931439185935&website=797-403c551a&placement=797 vary: Accept-Encoding x-powered-by: PHP/8.1.9 cache-control: no-store, no-cache, must-revalidate, max-age=0 pragma: no-cache expires: Thu, 01 Jan 1970 00:00:00 GMT strict-transport-security: max-age=31536000; includeSubdomains; content-encoding: gzip X-Firefox-Spdy: h2 --- Additional Info --- Magic: data Size: 6698 Md5: 4e016827162f553f8dd6a44870672129 Sha1: c6405afdd056159468c65459e5c33c40a16109df Sha256: 6fd68df587f9a3c1fa8bdfd015782dc69cfba538a29a67590f165628d6679b12
GET /?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7147951931439185935&website=797-403c551a&placement=797&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b84&eyeg=3700967004895f62ced4680ddb2a6be4&eyer=0.07677551232628599&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef=go.monetizer.mobi HTTP/1.1 Host: www.wewillserv.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: same-origin	URL: www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2 (...) FQDN: www.wewillserv.com IP: 51.68.81.31 HASH: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 51.68.81.31 HTTP/1.1 302 Found Date: Tue, 27 Sep 2022 07:04:10 GMT Content-Length: 0 Connection: keep-alive Cache-Control: no-transform Location: https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7147951931439185935&website=797-403c551a&placement=797&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b84&eyeg=3&eyer=0.07677551232628599&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef=go.monetizer.mobi --- Additional Info --- Magic: Size: 0 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7147951931439185935&website=797-403c551a&placement=797&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b84&eyeg=3&eyer=0.07677551232628599&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef=go.monetizer.mobi HTTP/1.1 Host: www.wewillserv.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: same-origin	URL: www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2 (...) FQDN: www.wewillserv.com IP: 51.68.81.31 HASH: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 51.68.81.31 HTTP/1.1 302 Found Date: Tue, 27 Sep 2022 07:04:10 GMT Content-Length: 0 Connection: keep-alive Cache-Control: no-transform Location: https://admoustache.go2affise.com/sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=3300033ccb36b68e458f3672a6bf68747d65f0927-202209-flb5467509-4538fM7147951931439185935sl_5467509-4538f8273a6dd011dfcfb5c6d522796c8cc4416eb1a89797-403c551a797 --- Additional Info --- Magic: Size: 0 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.76.226 HASH: 0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41 23.36.76.226 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41" Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=4144 Expires: Tue, 27 Sep 2022 08:13:14 GMT Date: Tue, 27 Sep 2022 07:04:10 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 639785692dc29802e484e1e1d0ec86c4 Sha1: cf81784351ce6302f540f491f893b44496809677 Sha256: 0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.76.226 HASH: 0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41 23.36.76.226 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41" Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=4144 Expires: Tue, 27 Sep 2022 08:13:14 GMT Date: Tue, 27 Sep 2022 07:04:10 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 639785692dc29802e484e1e1d0ec86c4 Sha1: cf81784351ce6302f540f491f893b44496809677 Sha256: 0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.76.226 HASH: 0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41 23.36.76.226 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41" Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=4144 Expires: Tue, 27 Sep 2022 08:13:14 GMT Date: Tue, 27 Sep 2022 07:04:10 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 639785692dc29802e484e1e1d0ec86c4 Sha1: cf81784351ce6302f540f491f893b44496809677 Sha256: 0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1bfe3adc-1955-4f21-9e44-c0bc53a4edc5.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: ed14fa766f0708b4166e83b61f160db5671af430917b7c67184bf18d9208742b 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 9163 x-amzn-requestid: 8ccd9b1f-bef9-4591-be32-e6dd98f4ee78 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: ZFlKpEZrIAMFS1Q= x-content-type-options: nosniff x-amzn-trace-id: Root=1-63321bdd-4a40b9c8281b64c725fec0f1;Sampled=0 x-amzn-remapped-date: Mon, 26 Sep 2022 21:38:37 GMT x-amz-cf-pop: HIO50-C1, SEA73-P1 x-cache: Hit from cloudfront x-amz-cf-id: Lf6qqokEw32egp3ofmJGtUTAt3RD2f9rVq5gskbhrk_VFGweeo0oCQ== via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google date: Mon, 26 Sep 2022 21:49:18 GMT age: 33292 etag: "84f5a4c8b38acde814bc790e5b514347718d5bb9" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 9163 Md5: deb8d1e3b6d7fbc8c8ba478269621676 Sha1: 84f5a4c8b38acde814bc790e5b514347718d5bb9 Sha256: ed14fa766f0708b4166e83b61f160db5671af430917b7c67184bf18d9208742b
GET /favicon.ico HTTP/1.1 Host: www.wewillserv.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin	URL: www.wewillserv.com/favicon.ico FQDN: www.wewillserv.com IP: 51.68.81.31 HASH: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 51.68.81.31 HTTP/1.1 204 No Content Server: openresty Date: Tue, 27 Sep 2022 07:04:10 GMT Connection: keep-alive --- Additional Info --- Magic: Size: 0 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F35b718e0-3d37-4447-a38f-12fa37aeae57.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: ce55a1ff5c71ec43884b74a08cd32ef75cb0632a91f3fe8b150f5ead499375a4 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 6487 x-amzn-requestid: cd11b94b-24be-4e6d-bce3-a480b2c1cc23 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: ZDWDQEYAIAMFetw= x-content-type-options: nosniff x-amzn-trace-id: Root=1-633136e1-5fcb76b5408fdfa20ec55dd8;Sampled=0 x-amzn-remapped-date: Mon, 26 Sep 2022 05:21:37 GMT x-amz-cf-pop: SEA19-C2 x-cache: Miss from cloudfront x-amz-cf-id: GcEH02ZlJM-8wUvNf7K7rK7f1cs6_m4i9UYUNxXUGzcDTEz74JH3cA== via: 1.1 79880188a81becf1687ba18c0e064230.cloudfront.net (CloudFront), 1.1 ddaf46a95abcfc80e8eae76235e2127c.cloudfront.net (CloudFront), 1.1 google date: Mon, 26 Sep 2022 21:59:28 GMT age: 32682 etag: "edff303440c5972381295b4b2602bd3f77f6702a" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 6487 Md5: e88b78ede0e4583585d6bb805fb39470 Sha1: edff303440c5972381295b4b2602bd3f77f6702a Sha256: ce55a1ff5c71ec43884b74a08cd32ef75cb0632a91f3fe8b150f5ead499375a4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F334b6513-7266-4f03-aae2-328c1b58a30e.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: 668dba22a0c81c4580637806c293521b176512b18ebcc2fe951be2f27f43134d 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 10864 x-amzn-requestid: a6be937a-3e8f-4dad-bbca-f28554f5ff21 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: YioQqFHsoAMFxXQ= x-content-type-options: nosniff x-amzn-trace-id: Root=1-632420d0-78fecb9e2f76416044839a35;Sampled=0 x-amzn-remapped-date: Fri, 16 Sep 2022 07:08:00 GMT x-amz-cf-pop: SEA73-P1 x-cache: Hit from cloudfront x-amz-cf-id: l-svEjPVAfeYvCQAHsARjTk9PNdkVGUJA_2415312kWF2x6MDI7o7A== via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 0d4ebcaa87ba94709def0eaac9371e5a.cloudfront.net (CloudFront), 1.1 google date: Mon, 26 Sep 2022 13:17:07 GMT age: 64023 etag: "2a2fabd9f9792daf9c058fc754d5616267b703f1" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 10864 Md5: 56c3768b851e6a5206cbfbe3f5a97cae Sha1: 2a2fabd9f9792daf9c058fc754d5616267b703f1 Sha256: 668dba22a0c81c4580637806c293521b176512b18ebcc2fe951be2f27f43134d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F79631135-a10c-43bf-85d2-fa2236b96883.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: 058d798963f83f5fb88ab728185f755c5353fa981d93e1b6ff869089f501586b 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 13213 x-amzn-requestid: 09f8fee2-6830-4bec-af40-f2fb6547bc63 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: ZFkreH5poAMFdxg= x-content-type-options: nosniff x-amzn-trace-id: Root=1-63321b16-0afbf5e01a013e6f0db53da1;Sampled=0 x-amzn-remapped-date: Mon, 26 Sep 2022 21:35:18 GMT x-amz-cf-pop: HIO50-C1, SEA73-P1 x-cache: Miss from cloudfront x-amz-cf-id: CwkfEPDseHez7mArqwz8tmC3WHFwXAZF1OSColucaQ5vG2hvBIDWOg== via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google date: Mon, 26 Sep 2022 21:42:47 GMT age: 33683 etag: "3d4fa8701f17e8818c25584ef5f04bfbee8440cd" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 13213 Md5: 62e68c3cd08dd94d910507512a67e85f Sha1: 3d4fa8701f17e8818c25584ef5f04bfbee8440cd Sha256: 058d798963f83f5fb88ab728185f755c5353fa981d93e1b6ff869089f501586b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe94c315c-bcc5-4538-9c7b-7c0a9f2dccbc.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: 4e37955fb99beb25ceb9deb7c4398914af4192c2e3614e5d68cdafa8c85b256e 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 7146 x-amzn-requestid: 100deff4-ea7e-47d4-a46d-6d9d0d1d6aad x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: ZASE1HiPIAMFZqQ= x-content-type-options: nosniff x-amzn-trace-id: Root=1-632ffd51-0b5dec0d7bb5fdf754e9c816;Sampled=0 x-amzn-remapped-date: Sun, 25 Sep 2022 07:03:45 GMT x-amz-cf-pop: SFO5-P2, SEA19-C2 x-cache: Miss from cloudfront x-amz-cf-id: IZeWsnZ6p1erJ-H07l2EzQ97Duu0qYrb5USVnoyj348rIEMJA9MnBg== via: 1.1 7256fedee68a59a508800e0dda035348.cloudfront.net (CloudFront), 1.1 36810aa1793ee589dc8c194860296078.cloudfront.net (CloudFront), 1.1 google date: Mon, 26 Sep 2022 07:11:44 GMT age: 85946 etag: "49546314082f2e4f4c4c2686cc0ca281ae6bae47" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 7146 Md5: 2267eb0a20554688393db616344441ee Sha1: 49546314082f2e4f4c4c2686cc0ca281ae6bae47 Sha256: 4e37955fb99beb25ceb9deb7c4398914af4192c2e3614e5d68cdafa8c85b256e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F658e1cdd-3e54-47dd-9724-ec65659721ea.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: 905b1c30a2273aef69904f2eb1451c756fc1fdba02e86ea5c957629dd056aeda 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 6390 x-amzn-requestid: b2681ff8-ab83-41e6-adef-3e6772c93c3f x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: ZGFJ6Gc_oAMF44g= x-content-type-options: nosniff x-amzn-trace-id: Root=1-63324f0c-3dbf9f4e2047567b5abdbe74;Sampled=0 x-amzn-remapped-date: Tue, 27 Sep 2022 01:17:00 GMT x-amz-cf-pop: HIO50-C1, SEA73-P1 x-cache: Hit from cloudfront x-amz-cf-id: 8JXEBo_L_xKuKdeoOXEJ6FO7ZVsZVQzUmQFe7fYcxaHRQNEq1HWp6w== via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google date: Tue, 27 Sep 2022 01:25:52 GMT age: 20298 etag: "61676358cdbb2373bc644e66f8a84fbc8cc5daf6" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 6390 Md5: 14218a43c5e5bbce546735a780c8ccce Sha1: 61676358cdbb2373bc644e66f8a84fbc8cc5daf6 Sha256: 905b1c30a2273aef69904f2eb1451c756fc1fdba02e86ea5c957629dd056aeda
POST / HTTP/1.1 Host: ocsp.godaddy.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 75 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: ocsp.godaddy.com/ FQDN: ocsp.godaddy.com IP: 192.124.249.36 HASH: 0d8438abd1a634d426bf658f2a5f383cfdbab8b6b12a37885895166d8328c7da 192.124.249.36 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: Sucuri/Cloudproxy Date: Tue, 27 Sep 2022 07:04:10 GMT Content-Length: 1777 Connection: keep-alive X-Sucuri-ID: 19036 Content-Transfer-Encoding: Binary Cache-Control: public, no-transform, must-revalidate Last-Modified: Mon, 26 Sep 2022 23:43:15 GMT Expires: Tue, 27 Sep 2022 23:43:15 GMT ETag: "49b873c2bff6f2eba87397c2ba244b04b3c317eb" P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA" --- Additional Info --- Magic: data Size: 1777 Md5: 98917b3482df1fb9b63778a65d8de247 Sha1: 49b873c2bff6f2eba87397c2ba244b04b3c317eb Sha256: 0d8438abd1a634d426bf658f2a5f383cfdbab8b6b12a37885895166d8328c7da
GET /sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=3300033ccb36b68e458f3672a6bf68747d65f0927-202209-flb5467509-4538fM7147951931439185935sl_5467509-4538f8273a6dd011dfcfb5c6d522796c8cc4416eb1a89797-403c551a797 HTTP/1.1 Host: admoustache.go2affise.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Cookie: afclick=63328f1f45d2470001266ed6 Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site	URL: admoustache.go2affise.com/sl?id=5f0efd61dabed1d602e0fe6 (...) FQDN: admoustache.go2affise.com IP: 34.91.27.112 HASH: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 34.91.27.112 HTTP/2 302 Found server: nginx date: Tue, 27 Sep 2022 07:04:10 GMT content-length: 0 location: https://myofferplus.com/rc/a91581ead4?affclick=6332a06a8c96390001e8d588&pubid=503 set-cookie: afclick=6332a06a8c96390001e8d588; expires=Wed, 27 Sep 2023 07:04:10 GMT; secure; SameSite=None access-control-allow-origin: * X-Firefox-Spdy: h2 --- Additional Info --- Magic: Size: 0 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sw.js?v=1664262247501 HTTP/1.1 Host: go.monetizer.mobi User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Service-Worker: script Connection: keep-alive Cookie: u=8070bd4ccce567b97cf7a2b71016df14 Sec-Fetch-Dest: serviceworker Sec-Fetch-Mode: same-origin Sec-Fetch-Site: same-origin If-Modified-Since: Fri, 23 Sep 2022 11:12:42 GMT If-None-Match: "632d94aa-307" Cache-Control: max-age=0 TE: trailers	URL: go.monetizer.mobi/sw.js?v=1664262247501 FQDN: go.monetizer.mobi IP: 198.143.165.221 HASH: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 198.143.165.221 HTTP/2 304 Not Modified server: nginx date: Tue, 27 Sep 2022 07:04:10 GMT last-modified: Fri, 23 Sep 2022 11:12:42 GMT vary: Accept-Encoding etag: "632d94aa-307" content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src ; style-src 'unsafe-inline'; X-Firefox-Spdy: h2 --- Additional Info --- Magic: Size: 0 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1 Host: ocsp.sectigo.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: ocsp.sectigo.com/ FQDN: ocsp.sectigo.com IP: 104.18.32.68 HASH: 2482c0c2c56d26d8c0d1fe12306fe844aecf06f8f0764cad3830dce9ab9bb9b9 104.18.32.68 HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Tue, 27 Sep 2022 07:04:11 GMT Content-Length: 471 Connection: keep-alive Last-Modified: Sat, 24 Sep 2022 15:34:05 GMT Expires: Sat, 01 Oct 2022 15:34:04 GMT Etag: "1b57ca2f86f1dc79909eb7f5815b99bf6b70b8eb" Cache-Control: max-age=375592,s-maxage=1800,public,no-transform,must-revalidate X-CCACDN-Proxy-ID: mcdpinlb6 X-Frame-Options: SAMEORIGIN CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7512623d5f1fb503-OSL --- Additional Info --- Magic: data Size: 471 Md5: b9602d1366474983dad2660731a5703f Sha1: 1b57ca2f86f1dc79909eb7f5815b99bf6b70b8eb Sha256: 2482c0c2c56d26d8c0d1fe12306fe844aecf06f8f0764cad3830dce9ab9bb9b9
GET /rc/a91581ead4?affclick=6332a06a8c96390001e8d588&pubid=503 HTTP/1.1 Host: myofferplus.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site	URL: myofferplus.com/rc/a91581ead4?affclick=6332a06a8c963900 (...) FQDN: myofferplus.com IP: 172.67.217.200 HASH: 8d467bf6d07dfffe890133ef0dda141cbd9826bb915a217f65bc3fbe6a2fd4f7 172.67.217.200 HTTP/2 200 OK content-type: text/html; charset=utf-8 date: Tue, 27 Sep 2022 07:04:10 GMT set-cookie: AWSALB=A7zqehKGKZvIQB0GZptwAzMGTKwgpUYJBVHSoLuYzQgoGHgSjmLkHS2nlTUn+s3jnmboo9ZNz1fNTeyoIvsf34g2FxjBD7T4F3qpN1/FfDPSDKvfMwKlvCSf/Tmo; Expires=Tue, 04 Oct 2022 07:04:10 GMT; Path=/ AWSALBCORS=A7zqehKGKZvIQB0GZptwAzMGTKwgpUYJBVHSoLuYzQgoGHgSjmLkHS2nlTUn+s3jnmboo9ZNz1fNTeyoIvsf34g2FxjBD7T4F3qpN1/FfDPSDKvfMwKlvCSf/Tmo; Expires=Tue, 04 Oct 2022 07:04:10 GMT; Path=/; SameSite=None vary: Accept-Encoding, Accept-Language, Cookie content-language: en cf-cache-status: DYNAMIC report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZcY2qPadjQ0Ww7ROghVsu%2BhwziYX%2Fz63TqiU%2Fwx%2Fdduq%2FQD5BcZEfv6r4K%2BBfTSzLfZwTdpXwyA%2FpRTjIS2OAv8K%2BObZMjhooe%2F0SZ4bbyBTHbWuAOHaS9F3ViO9GGexbuA%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server: cloudflare cf-ray: 75126239bd3db50c-OSL content-encoding: br alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 X-Firefox-Spdy: h2 --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text Size: 541 Md5: a0c8e4e1176475db271a0641b4cbaaa0 Sha1: 888c36fc9b3884784ed12a89750654277d7ee6b5 Sha256: 8d467bf6d07dfffe890133ef0dda141cbd9826bb915a217f65bc3fbe6a2fd4f7
GET /sw.js?v=1654466343142 HTTP/1.1 Host: ad.marootrack.co User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Service-Worker: script Connection: keep-alive Sec-Fetch-Dest: serviceworker Sec-Fetch-Mode: same-origin Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers	URL: ad.marootrack.co/sw.js?v=1654466343142 FQDN: ad.marootrack.co IP: 65.60.58.179 HASH: 70d55f6e4bab19ae4b3cc61642e88a78a599b060c72d10c15c5f937e34305ee9 65.60.58.179 HTTP/2 200 OK content-type: application/javascript server: nginx date: Tue, 27 Sep 2022 07:04:12 GMT content-length: 775 last-modified: Fri, 23 Sep 2022 11:12:42 GMT vary: Accept-Encoding etag: "632d94aa-307" content-encoding: gzip content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src ; style-src 'unsafe-inline'; X-Firefox-Spdy: h2 --- Additional Info --- Magic: ASCII text Size: 775 Md5: de06f24ba6d6b0c514015a9847dace54 Sha1: c9662e4339d4f72af3526b21d4d6d68df21b0ba9 Sha256: 70d55f6e4bab19ae4b3cc61642e88a78a599b060c72d10c15c5f937e34305ee9 Alerts: Blocklists: - fortinet: Malware
GET /?utm_medium=ec4eee60be986151ad56a07d62a9c3fe7802b9db&utm_campaign=mainstream2021&1=1&cid=b7dcc5d5-1d54-423a-a235-ac6d4b42343e HTTP/1.1 Host: go.monetizer.mobi User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: none Sec-Fetch-User: ?1	URL: go.monetizer.mobi/?utm_medium=ec4eee60be986151ad56a07d6 (...) FQDN: go.monetizer.mobi IP: 198.143.165.221 198.143.165.221 HTTP/2 200 OK content-type: text/html; charset=UTF-8 server: nginx date: Tue, 27 Sep 2022 07:04:09 GMT location: https://go.monetizer.mobi/?utm_term=7147951931439185935&ver=4viyaptcjo vary: Accept-Encoding x-powered-by: PHP/8.1.9 cache-control: no-store, no-cache, must-revalidate, max-age=0 pragma: no-cache expires: Thu, 01 Jan 1970 00:00:00 GMT set-cookie: u=8070bd4ccce567b97cf7a2b71016df14; expires=Wed, 27-Sep-2023 07:04:09 GMT; Max-Age=31536000; path=/ strict-transport-security: max-age=31536000; includeSubdomains; content-encoding: gzip X-Firefox-Spdy: h2 --- Additional Info ---
GET /?utm_term=7147951931439185935&ver=4viyaptcjo&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b84 HTTP/1.1 Host: go.monetizer.mobi User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://go.monetizer.mobi/?utm_medium=ec4eee60be986151ad56a07d62a9c3fe7802b9db&utm_campaign=mainstream2021&1=1&cid=b7dcc5d5-1d54-423a-a235-ac6d4b42343e Cookie: u=8070bd4ccce567b97cf7a2b71016df14 Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: same-origin TE: trailers	URL: go.monetizer.mobi/?utm_term=7147951931439185935&ver=4vi (...) FQDN: go.monetizer.mobi IP: 198.143.165.221 198.143.165.221 HTTP/2 200 OK content-type: text/html; charset=utf-8 server: nginx date: Tue, 27 Sep 2022 07:04:09 GMT vary: Accept-Encoding x-powered-by: PHP/8.1.9 cache-control: no-store, no-cache, must-revalidate, max-age=0 pragma: no-cache expires: Thu, 01 Jan 1970 00:00:00 GMT strict-transport-security: max-age=31536000; includeSubdomains; content-encoding: gzip X-Firefox-Spdy: h2 --- Additional Info ---
GET /redirect.css HTTP/1.1 Host: cdn.addlnk.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://myofferplus.com/ Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site	URL: cdn.addlnk.com/redirect.css FQDN: cdn.addlnk.com IP: 104.21.20.70 104.21.20.70 HTTP/2 200 OK content-type: text/css date: Tue, 27 Sep 2022 07:04:10 GMT cf-bgj: minify cf-polished: origSize=1680 etag: W/"3ae56d32551602b41f9046c14d1cfde2" last-modified: Wed, 13 Mar 2019 00:03:12 GMT x-amz-id-2: BUW6rlWHZvzQnvJHp4gBkVRIGc8DfdhWdOpgruWqMqu7ownlHIapox/IYSueiBqz+QseNtzP+2A= x-amz-request-id: KYXF7EGSHW20KRRM cf-cache-status: HIT age: 1158 report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qCezGsdr6oAgx8M7JmYcFFp674crq2UzQVd9Iywz2ztOD6qsdLaFAwsSMqFObNOB%2BHk8cHZg41jd%2FQLq5zNr%2F5o7n361%2BXECghMeB2zA1OjQ%2FrVo31BeVStfHf%2BG04%2BW2Q%3D%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 7512623af83bb4f4-OSL content-encoding: br alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 X-Firefox-Spdy: h2 --- Additional Info ---

                                        
                                            GET /v1/ HTTP/1.1 

                                        
                                            
Host: firefox.settings.services.mozilla.com

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Sec-Fetch-Dest: empty 

                                        
                                            
Sec-Fetch-Mode: cors 

                                        
                                            
Sec-Fetch-Site: cross-site

                                         143.204.55.27

                                        
                                            HTTP/1.1 200 OK 

                                        
                                            
Content-Type: application/json

                                        

                                        
                                            
Content-Length: 939 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Access-Control-Allow-Origin: * 

                                        
                                            
Access-Control-Expose-Headers: Content-Type, Alert, Backoff, Retry-After, Content-Length 

                                        
                                            
Cache-Control: max-age=3600 

                                        
                                            
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; 

                                        
                                            
Date: Tue, 27 Sep 2022 06:15:30 GMT 

                                        
                                            
X-Content-Type-Options: nosniff 

                                        
                                            
X-Cache: Hit from cloudfront 

                                        
                                            
Via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront) 

                                        
                                            
X-Amz-Cf-Pop: OSL50-C1 

                                        
                                            
X-Amz-Cf-Id: 9hGQHf17i6AqjWq3oHs-Ne99zvySZ0uqdMMbEgK-QycFkrlBlu_iMg== 

                                        
                                            
Age: 2918 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators

                                                Size:   939

                                                Md5:    2d12f67fe57a87e7366b662d153a5582

                                                Sha1:   d7b02d81cc74f24a251d9363e0f4b0a149264ec1

                                                Sha256: 73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1 

                                        
                                            
Host: content-signature-2.cdn.mozilla.net

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Sec-Fetch-Dest: empty 

                                        
                                            
Sec-Fetch-Mode: no-cors 

                                        
                                            
Sec-Fetch-Site: cross-site

                                         143.204.55.35

                                        
                                            HTTP/2 200 OK 

                                        
                                            
content-type: binary/octet-stream

                                        

                                        
                                            
content-length: 5348 

                                        
                                            
date: Mon, 26 Sep 2022 09:17:07 GMT 

                                        
                                            
last-modified: Sat, 10 Sep 2022 18:47:45 GMT 

                                        
                                            
etag: "6113f8408c59aebe188d6af273b90743" 

                                        
                                            
content-disposition: attachment 

                                        
                                            
accept-ranges: bytes 

                                        
                                            
server: AmazonS3 

                                        
                                            
x-cache: Hit from cloudfront 

                                        
                                            
via: 1.1 814e8c24454087e83cd261a6cf477166.cloudfront.net (CloudFront) 

                                        
                                            
x-amz-cf-pop: OSL50-C1 

                                        
                                            
x-amz-cf-id: IZ9QK4Df055whNFvoy3XZcI0jJ9teDldfv2QOclm_uvCYW6B_wWleA== 

                                        
                                            
age: 78422 

                                        
                                            
X-Firefox-Spdy: h2 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  PEM certificate\012- , ASCII text

                                                Size:   5348

                                                Md5:    6113f8408c59aebe188d6af273b90743

                                                Sha1:   7398873bf00f99944eaa77ad3ebc0d43c23dba6b

                                                Sha256: b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770

                                        
                                            POST / HTTP/1.1 

                                        
                                            
Host: ocsp.sca1b.amazontrust.com

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Content-Type: application/ocsp-request 

                                        
                                            
Content-Length: 83 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Pragma: no-cache 

                                        
                                            
Cache-Control: no-cache

                                         143.204.42.88

                                        
                                            HTTP/1.1 200 OK 

                                        
                                            
Content-Type: application/ocsp-response

                                        

                                        
                                            
Content-Length: 471 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Cache-Control: 'max-age=158059' 

                                        
                                            
Date: Tue, 27 Sep 2022 07:04:08 GMT 

                                        
                                            
Server: ECS (dcb/7EC9) 

                                        
                                            
X-Cache: Miss from cloudfront 

                                        
                                            
Via: 1.1 a9120cc3ff449047c990e82a4d5566ba.cloudfront.net (CloudFront) 

                                        
                                            
X-Amz-Cf-Pop: OSL50-C1 

                                        
                                            
X-Amz-Cf-Id: vhg17G6uPYZyHwh2bU6NgcT9W4Q_gcMQt5oVrN5hbTOwyAyvsMhFYA== 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  data

                                                Size:   471

                                                Md5:    53a9e2273b299b9f4b72749b85699599

                                                Sha1:   5e55ec2164eb8fea16d96731c6a4cc93e8094ad2

                                                Sha256: 4465f1d030be739d1f111b6c3811c2925997dd20e330c7e41abe3d69f1c4226a

                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 

                                        
                                            
Host: firefox.settings.services.mozilla.com

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 

                                        
                                            
Accept: application/json 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Content-Type: application/json 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Sec-Fetch-Dest: empty 

                                        
                                            
Sec-Fetch-Mode: cors 

                                        
                                            
Sec-Fetch-Site: cross-site

                                         143.204.55.27

                                        
                                            HTTP/1.1 200 OK 

                                        
                                            
Content-Type: application/json

                                        

                                        
                                            
Content-Length: 329 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Access-Control-Allow-Origin: * 

                                        
                                            
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After 

                                        
                                            
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; 

                                        
                                            
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT 

                                        
                                            
Strict-Transport-Security: max-age=31536000 

                                        
                                            
X-Content-Type-Options: nosniff 

                                        
                                            
Date: Tue, 27 Sep 2022 06:10:46 GMT 

                                        
                                            
Cache-Control: max-age=3600, max-age=3600 

                                        
                                            
Expires: Tue, 27 Sep 2022 06:52:02 GMT 

                                        
                                            
ETag: "1648230346554" 

                                        
                                            
X-Cache: Hit from cloudfront 

                                        
                                            
Via: 1.1 a7d2a4ec2f50830f128dc406960aef9a.cloudfront.net (CloudFront) 

                                        
                                            
X-Amz-Cf-Pop: OSL50-C1 

                                        
                                            
X-Amz-Cf-Id: pF3fPJ9MC7FT98RNwq_buVkIVxfpKjjA16e4RYuFh72FWwVBzgTOew== 

                                        
                                            
Age: 3202 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators

                                                Size:   329

                                                Md5:    0333b0655111aa68de771adfcc4db243

                                                Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb

                                                Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

                                        
                                            GET / HTTP/1.1 

                                        
                                            
Host: push.services.mozilla.com

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Sec-WebSocket-Version: 13 

                                        
                                            
Origin: wss://push.services.mozilla.com/ 

                                        
                                            
Sec-WebSocket-Protocol: push-notification 

                                        
                                            
Sec-WebSocket-Extensions: permessage-deflate 

                                        
                                            
Sec-WebSocket-Key: yPUYYyU3XLgFHlEFzhfeyw== 

                                        
                                            
Connection: keep-alive, Upgrade 

                                        
                                            
Sec-Fetch-Dest: websocket 

                                        
                                            
Sec-Fetch-Mode: websocket 

                                        
                                            
Sec-Fetch-Site: cross-site 

                                        
                                            
Pragma: no-cache 

                                        
                                            
Cache-Control: no-cache 

                                        
                                            
Upgrade: websocket

                                         54.148.190.4

                                        
                                            HTTP/1.1 101 Switching Protocols

                                        

                                        
                                            
Connection: Upgrade 

                                        
                                            
Upgrade: websocket 

                                        
                                            
Sec-WebSocket-Accept: WgdqFIlhjf5PrTjfV53qgrWLij0= 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  

                                                Size:   0

                                                Md5:    d41d8cd98f00b204e9800998ecf8427e

                                                Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                        
                                            GET /sw.js?v=1664262247501 HTTP/1.1 

                                        
                                            
Host: go.monetizer.mobi

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Service-Worker: script 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Cookie: u=8070bd4ccce567b97cf7a2b71016df14 

                                        
                                            
Sec-Fetch-Dest: serviceworker 

                                        
                                            
Sec-Fetch-Mode: same-origin 

                                        
                                            
Sec-Fetch-Site: same-origin 

                                        
                                            
Pragma: no-cache 

                                        
                                            
Cache-Control: no-cache 

                                        
                                            
TE: trailers

                                         198.143.165.221

                                        
                                            HTTP/2 200 OK 

                                        
                                            
content-type: application/javascript

                                        

                                        
                                            
server: nginx 

                                        
                                            
date: Tue, 27 Sep 2022 07:04:09 GMT 

                                        
                                            
content-length: 775 

                                        
                                            
last-modified: Fri, 23 Sep 2022 11:12:42 GMT 

                                        
                                            
vary: Accept-Encoding 

                                        
                                            
etag: "632d94aa-307" 

                                        
                                            
content-encoding: gzip 

                                        
                                            
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; 

                                        
                                            
X-Firefox-Spdy: h2 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  ASCII text

                                                Size:   775

                                                Md5:    de06f24ba6d6b0c514015a9847dace54

                                                Sha1:   c9662e4339d4f72af3526b21d4d6d68df21b0ba9

                                                Sha256: 70d55f6e4bab19ae4b3cc61642e88a78a599b060c72d10c15c5f937e34305ee9

                                        
                                            GET /?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7147951931439185935&website=797-403c551a&placement=797&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b84&eyeg=3700967004895f62ced4680ddb2a6be4&eyer=0.07677551232628599&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef=go.monetizer.mobi HTTP/1.1 

                                        
                                            
Host: www.wewillserv.com

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 

                                        
                                            
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Upgrade-Insecure-Requests: 1 

                                        
                                            
Sec-Fetch-Dest: document 

                                        
                                            
Sec-Fetch-Mode: navigate 

                                        
                                            
Sec-Fetch-Site: same-origin

                                         51.68.81.31

                                        
                                            HTTP/1.1 302 Found

                                        

                                        
                                            
Date: Tue, 27 Sep 2022 07:04:10 GMT 

                                        
                                            
Content-Length: 0 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Cache-Control: no-transform 

                                        
                                            
Location: https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7147951931439185935&website=797-403c551a&placement=797&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b84&eyeg=3&eyer=0.07677551232628599&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef=go.monetizer.mobi 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  

                                                Size:   0

                                                Md5:    d41d8cd98f00b204e9800998ecf8427e

                                                Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                        
                                            POST / HTTP/1.1 

                                        
                                            
Host: r3.o.lencr.org

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Content-Type: application/ocsp-request 

                                        
                                            
Content-Length: 85 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Pragma: no-cache 

                                        
                                            
Cache-Control: no-cache

                                         23.36.76.226

                                        
                                            HTTP/1.1 200 OK 

                                        
                                            
Content-Type: application/ocsp-response

                                        

                                        
                                            
Server: nginx 

                                        
                                            
Content-Length: 503 

                                        
                                            
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41" 

                                        
                                            
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC 

                                        
                                            
Cache-Control: public, no-transform, must-revalidate, max-age=4144 

                                        
                                            
Expires: Tue, 27 Sep 2022 08:13:14 GMT 

                                        
                                            
Date: Tue, 27 Sep 2022 07:04:10 GMT 

                                        
                                            
Connection: keep-alive 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  data

                                                Size:   503

                                                Md5:    639785692dc29802e484e1e1d0ec86c4

                                                Sha1:   cf81784351ce6302f540f491f893b44496809677

                                                Sha256: 0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41

                                        
                                            POST / HTTP/1.1 

                                        
                                            
Host: r3.o.lencr.org

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Content-Type: application/ocsp-request 

                                        
                                            
Content-Length: 85 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Pragma: no-cache 

                                        
                                            
Cache-Control: no-cache

                                         23.36.76.226

                                        
                                            HTTP/1.1 200 OK 

                                        
                                            
Content-Type: application/ocsp-response

                                        

                                        
                                            
Server: nginx 

                                        
                                            
Content-Length: 503 

                                        
                                            
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41" 

                                        
                                            
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC 

                                        
                                            
Cache-Control: public, no-transform, must-revalidate, max-age=4144 

                                        
                                            
Expires: Tue, 27 Sep 2022 08:13:14 GMT 

                                        
                                            
Date: Tue, 27 Sep 2022 07:04:10 GMT 

                                        
                                            
Connection: keep-alive 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  data

                                                Size:   503

                                                Md5:    639785692dc29802e484e1e1d0ec86c4

                                                Sha1:   cf81784351ce6302f540f491f893b44496809677

                                                Sha256: 0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41

                                        
                                            GET /favicon.ico HTTP/1.1 

                                        
                                            
Host: www.wewillserv.com

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 

                                        
                                            
Accept: image/avif,image/webp,*/* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Sec-Fetch-Dest: image 

                                        
                                            
Sec-Fetch-Mode: no-cors 

                                        
                                            
Sec-Fetch-Site: same-origin

                                         51.68.81.31

                                        
                                            HTTP/1.1 204 No Content

                                        

                                        
                                            
Server: openresty 

                                        
                                            
Date: Tue, 27 Sep 2022 07:04:10 GMT 

                                        
                                            
Connection: keep-alive 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  

                                                Size:   0

                                                Md5:    d41d8cd98f00b204e9800998ecf8427e

                                                Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F334b6513-7266-4f03-aae2-328c1b58a30e.jpeg HTTP/1.1 

                                        
                                            
Host: img-getpocket.cdn.mozilla.net

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 

                                        
                                            
Accept: image/avif,image/webp,*/* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Origin: null 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Sec-Fetch-Dest: image 

                                        
                                            
Sec-Fetch-Mode: cors 

                                        
                                            
Sec-Fetch-Site: cross-site

                                         34.120.237.76

                                        
                                            HTTP/2 200 OK 

                                        
                                            
content-type: image/jpeg

                                        

                                        
                                            
server: nginx 

                                        
                                            
content-length: 10864 

                                        
                                            
x-amzn-requestid: a6be937a-3e8f-4dad-bbca-f28554f5ff21 

                                        
                                            
x-xss-protection: 1; mode=block 

                                        
                                            
access-control-allow-origin: * 

                                        
                                            
strict-transport-security: max-age=63072000; includeSubdomains; preload 

                                        
                                            
x-frame-options: DENY 

                                        
                                            
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' 

                                        
                                            
x-amz-apigw-id: YioQqFHsoAMFxXQ= 

                                        
                                            
x-content-type-options: nosniff 

                                        
                                            
x-amzn-trace-id: Root=1-632420d0-78fecb9e2f76416044839a35;Sampled=0 

                                        
                                            
x-amzn-remapped-date: Fri, 16 Sep 2022 07:08:00 GMT 

                                        
                                            
x-amz-cf-pop: SEA73-P1 

                                        
                                            
x-cache: Hit from cloudfront 

                                        
                                            
x-amz-cf-id: l-svEjPVAfeYvCQAHsARjTk9PNdkVGUJA_2415312kWF2x6MDI7o7A== 

                                        
                                            
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 0d4ebcaa87ba94709def0eaac9371e5a.cloudfront.net (CloudFront), 1.1 google 

                                        
                                            
date: Mon, 26 Sep 2022 13:17:07 GMT 

                                        
                                            
age: 64023 

                                        
                                            
etag: "2a2fabd9f9792daf9c058fc754d5616267b703f1" 

                                        
                                            
cache-control: max-age=3600,public,public 

                                        
                                            
alt-svc: clear 

                                        
                                            
X-Firefox-Spdy: h2 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

                                                Size:   10864

                                                Md5:    56c3768b851e6a5206cbfbe3f5a97cae

                                                Sha1:   2a2fabd9f9792daf9c058fc754d5616267b703f1

                                                Sha256: 668dba22a0c81c4580637806c293521b176512b18ebcc2fe951be2f27f43134d

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe94c315c-bcc5-4538-9c7b-7c0a9f2dccbc.jpeg HTTP/1.1 

                                        
                                            
Host: img-getpocket.cdn.mozilla.net

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 

                                        
                                            
Accept: image/avif,image/webp,*/* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Origin: null 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Sec-Fetch-Dest: image 

                                        
                                            
Sec-Fetch-Mode: cors 

                                        
                                            
Sec-Fetch-Site: cross-site

                                         34.120.237.76

                                        
                                            HTTP/2 200 OK 

                                        
                                            
content-type: image/jpeg

                                        

                                        
                                            
server: nginx 

                                        
                                            
content-length: 7146 

                                        
                                            
x-amzn-requestid: 100deff4-ea7e-47d4-a46d-6d9d0d1d6aad 

                                        
                                            
x-xss-protection: 1; mode=block 

                                        
                                            
access-control-allow-origin: * 

                                        
                                            
strict-transport-security: max-age=63072000; includeSubdomains; preload 

                                        
                                            
x-frame-options: DENY 

                                        
                                            
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' 

                                        
                                            
x-amz-apigw-id: ZASE1HiPIAMFZqQ= 

                                        
                                            
x-content-type-options: nosniff 

                                        
                                            
x-amzn-trace-id: Root=1-632ffd51-0b5dec0d7bb5fdf754e9c816;Sampled=0 

                                        
                                            
x-amzn-remapped-date: Sun, 25 Sep 2022 07:03:45 GMT 

                                        
                                            
x-amz-cf-pop: SFO5-P2, SEA19-C2 

                                        
                                            
x-cache: Miss from cloudfront 

                                        
                                            
x-amz-cf-id: IZeWsnZ6p1erJ-H07l2EzQ97Duu0qYrb5USVnoyj348rIEMJA9MnBg== 

                                        
                                            
via: 1.1 7256fedee68a59a508800e0dda035348.cloudfront.net (CloudFront), 1.1 36810aa1793ee589dc8c194860296078.cloudfront.net (CloudFront), 1.1 google 

                                        
                                            
date: Mon, 26 Sep 2022 07:11:44 GMT 

                                        
                                            
age: 85946 

                                        
                                            
etag: "49546314082f2e4f4c4c2686cc0ca281ae6bae47" 

                                        
                                            
cache-control: max-age=3600,public,public 

                                        
                                            
alt-svc: clear 

                                        
                                            
X-Firefox-Spdy: h2 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

                                                Size:   7146

                                                Md5:    2267eb0a20554688393db616344441ee

                                                Sha1:   49546314082f2e4f4c4c2686cc0ca281ae6bae47

                                                Sha256: 4e37955fb99beb25ceb9deb7c4398914af4192c2e3614e5d68cdafa8c85b256e

                                        
                                            POST / HTTP/1.1 

                                        
                                            
Host: ocsp.godaddy.com

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Content-Type: application/ocsp-request 

                                        
                                            
Content-Length: 75 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Pragma: no-cache 

                                        
                                            
Cache-Control: no-cache

                                         192.124.249.36

                                        
                                            HTTP/1.1 200 OK 

                                        
                                            
Content-Type: application/ocsp-response

                                        

                                        
                                            
Server: Sucuri/Cloudproxy 

                                        
                                            
Date: Tue, 27 Sep 2022 07:04:10 GMT 

                                        
                                            
Content-Length: 1777 

                                        
                                            
Connection: keep-alive 

                                        
                                            
X-Sucuri-ID: 19036 

                                        
                                            
Content-Transfer-Encoding: Binary 

                                        
                                            
Cache-Control: public, no-transform, must-revalidate 

                                        
                                            
Last-Modified: Mon, 26 Sep 2022 23:43:15 GMT 

                                        
                                            
Expires: Tue, 27 Sep 2022 23:43:15 GMT 

                                        
                                            
ETag: "49b873c2bff6f2eba87397c2ba244b04b3c317eb" 

                                        
                                            
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA" 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  data

                                                Size:   1777

                                                Md5:    98917b3482df1fb9b63778a65d8de247

                                                Sha1:   49b873c2bff6f2eba87397c2ba244b04b3c317eb

                                                Sha256: 0d8438abd1a634d426bf658f2a5f383cfdbab8b6b12a37885895166d8328c7da

                                        
                                            GET /sw.js?v=1664262247501 HTTP/1.1 

                                        
                                            
Host: go.monetizer.mobi

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Service-Worker: script 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Cookie: u=8070bd4ccce567b97cf7a2b71016df14 

                                        
                                            
Sec-Fetch-Dest: serviceworker 

                                        
                                            
Sec-Fetch-Mode: same-origin 

                                        
                                            
Sec-Fetch-Site: same-origin 

                                        
                                            
If-Modified-Since: Fri, 23 Sep 2022 11:12:42 GMT 

                                        
                                            
If-None-Match: "632d94aa-307" 

                                        
                                            
Cache-Control: max-age=0 

                                        
                                            
TE: trailers

                                         198.143.165.221

                                        
                                            HTTP/2 304 Not Modified

                                        

                                        
                                            
server: nginx 

                                        
                                            
date: Tue, 27 Sep 2022 07:04:10 GMT 

                                        
                                            
last-modified: Fri, 23 Sep 2022 11:12:42 GMT 

                                        
                                            
vary: Accept-Encoding 

                                        
                                            
etag: "632d94aa-307" 

                                        
                                            
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; 

                                        
                                            
X-Firefox-Spdy: h2 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  

                                                Size:   0

                                                Md5:    d41d8cd98f00b204e9800998ecf8427e

                                                Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                        
                                            GET /rc/a91581ead4?affclick=6332a06a8c96390001e8d588&pubid=503 HTTP/1.1 

                                        
                                            
Host: myofferplus.com

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 

                                        
                                            
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Upgrade-Insecure-Requests: 1 

                                        
                                            
Sec-Fetch-Dest: document 

                                        
                                            
Sec-Fetch-Mode: navigate 

                                        
                                            
Sec-Fetch-Site: cross-site

                                         172.67.217.200

                                        
                                            HTTP/2 200 OK 

                                        
                                            
content-type: text/html; charset=utf-8

                                        

                                        
                                            
date: Tue, 27 Sep 2022 07:04:10 GMT 

                                        
                                            
set-cookie: AWSALB=A7zqehKGKZvIQB0GZptwAzMGTKwgpUYJBVHSoLuYzQgoGHgSjmLkHS2nlTUn+s3jnmboo9ZNz1fNTeyoIvsf34g2FxjBD7T4F3qpN1/FfDPSDKvfMwKlvCSf/Tmo; Expires=Tue, 04 Oct 2022 07:04:10 GMT; Path=/
AWSALBCORS=A7zqehKGKZvIQB0GZptwAzMGTKwgpUYJBVHSoLuYzQgoGHgSjmLkHS2nlTUn+s3jnmboo9ZNz1fNTeyoIvsf34g2FxjBD7T4F3qpN1/FfDPSDKvfMwKlvCSf/Tmo; Expires=Tue, 04 Oct 2022 07:04:10 GMT; Path=/; SameSite=None 

                                        
                                            
vary: Accept-Encoding, Accept-Language, Cookie 

                                        
                                            
content-language: en 

                                        
                                            
cf-cache-status: DYNAMIC 

                                        
                                            
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZcY2qPadjQ0Ww7ROghVsu%2BhwziYX%2Fz63TqiU%2Fwx%2Fdduq%2FQD5BcZEfv6r4K%2BBfTSzLfZwTdpXwyA%2FpRTjIS2OAv8K%2BObZMjhooe%2F0SZ4bbyBTHbWuAOHaS9F3ViO9GGexbuA%3D"}],"group":"cf-nel","max_age":604800} 

                                        
                                            
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} 

                                        
                                            
server: cloudflare 

                                        
                                            
cf-ray: 75126239bd3db50c-OSL 

                                        
                                            
content-encoding: br 

                                        
                                            
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 

                                        
                                            
X-Firefox-Spdy: h2 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text

                                                Size:   541

                                                Md5:    a0c8e4e1176475db271a0641b4cbaaa0

                                                Sha1:   888c36fc9b3884784ed12a89750654277d7ee6b5

                                                Sha256: 8d467bf6d07dfffe890133ef0dda141cbd9826bb915a217f65bc3fbe6a2fd4f7

                                        
                                            GET /?utm_medium=ec4eee60be986151ad56a07d62a9c3fe7802b9db&utm_campaign=mainstream2021&1=1&cid=b7dcc5d5-1d54-423a-a235-ac6d4b42343e HTTP/1.1 

                                        
                                            
Host: go.monetizer.mobi

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 

                                        
                                            
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Upgrade-Insecure-Requests: 1 

                                        
                                            
Sec-Fetch-Dest: document 

                                        
                                            
Sec-Fetch-Mode: navigate 

                                        
                                            
Sec-Fetch-Site: none 

                                        
                                            
Sec-Fetch-User: ?1

                                         198.143.165.221

                                        
                                            HTTP/2 200 OK 

                                        
                                            
content-type: text/html; charset=UTF-8

                                        

                                        
                                            
server: nginx 

                                        
                                            
date: Tue, 27 Sep 2022 07:04:09 GMT 

                                        
                                            
location: https://go.monetizer.mobi/?utm_term=7147951931439185935&ver=4viyaptcjo 

                                        
                                            
vary: Accept-Encoding 

                                        
                                            
x-powered-by: PHP/8.1.9 

                                        
                                            
cache-control: no-store, no-cache, must-revalidate, max-age=0 

                                        
                                            
pragma: no-cache 

                                        
                                            
expires: Thu, 01 Jan 1970 00:00:00 GMT 

                                        
                                            
set-cookie: u=8070bd4ccce567b97cf7a2b71016df14; expires=Wed, 27-Sep-2023 07:04:09 GMT; Max-Age=31536000; path=/ 

                                        
                                            
strict-transport-security: max-age=31536000; includeSubdomains; 

                                        
                                            
content-encoding: gzip 

                                        
                                            
X-Firefox-Spdy: h2 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                        
                                            GET /redirect.css HTTP/1.1 

                                        
                                            
Host: cdn.addlnk.com

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 

                                        
                                            
Accept: text/css,*/*;q=0.1 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Referer: https://myofferplus.com/ 

                                        
                                            
Sec-Fetch-Dest: style 

                                        
                                            
Sec-Fetch-Mode: no-cors 

                                        
                                            
Sec-Fetch-Site: cross-site

                                         104.21.20.70

                                        
                                            HTTP/2 200 OK 

                                        
                                            
content-type: text/css

                                        

                                        
                                            
date: Tue, 27 Sep 2022 07:04:10 GMT 

                                        
                                            
cf-bgj: minify 

                                        
                                            
cf-polished: origSize=1680 

                                        
                                            
etag: W/"3ae56d32551602b41f9046c14d1cfde2" 

                                        
                                            
last-modified: Wed, 13 Mar 2019 00:03:12 GMT 

                                        
                                            
x-amz-id-2: BUW6rlWHZvzQnvJHp4gBkVRIGc8DfdhWdOpgruWqMqu7ownlHIapox/IYSueiBqz+QseNtzP+2A= 

                                        
                                            
x-amz-request-id: KYXF7EGSHW20KRRM 

                                        
                                            
cf-cache-status: HIT 

                                        
                                            
age: 1158 

                                        
                                            
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qCezGsdr6oAgx8M7JmYcFFp674crq2UzQVd9Iywz2ztOD6qsdLaFAwsSMqFObNOB%2BHk8cHZg41jd%2FQLq5zNr%2F5o7n361%2BXECghMeB2zA1OjQ%2FrVo31BeVStfHf%2BG04%2BW2Q%3D%3D"}],"group":"cf-nel","max_age":604800} 

                                        
                                            
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} 

                                        
                                            
vary: Accept-Encoding 

                                        
                                            
server: cloudflare 

                                        
                                            
cf-ray: 7512623af83bb4f4-OSL 

                                        
                                            
content-encoding: br 

                                        
                                            
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 

                                        
                                            
X-Firefox-Spdy: h2 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

URL	bbcc-glo.webgodigital.com/t/clk
IP	52.58.131.39 (Germany)
ASN	#16509 AMAZON-02
UserAgent	Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed	2022-09-27 07:04:19 UTC
Status	Loading report..
IDS alerts	0
Blocklist alert	2
urlquery alerts	No alerts detected
Tags	None

Request	Response
GET /t/clk HTTP/1.1 Host: bbcc-glo.webgodigital.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Upgrade-Insecure-Requests: 1	URL: bbcc-glo.webgodigital.com/t/clk FQDN: bbcc-glo.webgodigital.com IP: 3.71.126.115 HASH: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 3.71.126.115 HTTP/1.1 302 Found Content-Type: text/html; charset=utf-8 Date: Tue, 27 Sep 2022 07:04:08 GMT Content-Length: 0 Connection: keep-alive Server: nginx/1.12.2 Location: https://so-glo.yoptv33.com/t/clk?id=DQqT5fxjrUGKRmCl&rl=Dkxpn&rcode=R09&rseq=R09,R99,R98 Vary: Cookie, Origin --- Additional Info --- Magic: Size: 0 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Alerts: Blocklists: - fortinet: Malware
GET /v1/ HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: firefox.settings.services.mozilla.com/v1/ FQDN: firefox.settings.services.mozilla.com IP: 143.204.55.27 HASH: 73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551 143.204.55.27 HTTP/1.1 200 OK Content-Type: application/json Content-Length: 939 Connection: keep-alive Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Type, Alert, Backoff, Retry-After, Content-Length Cache-Control: max-age=3600 Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; Date: Tue, 27 Sep 2022 06:15:30 GMT X-Content-Type-Options: nosniff X-Cache: Hit from cloudfront Via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront) X-Amz-Cf-Pop: OSL50-C1 X-Amz-Cf-Id: 9hGQHf17i6AqjWq3oHs-Ne99zvySZ0uqdMMbEgK-QycFkrlBlu_iMg== Age: 2918 --- Additional Info --- Magic: JSON data\012- , ASCII text, with very long lines (939), with no line terminators Size: 939 Md5: 2d12f67fe57a87e7366b662d153a5582 Sha1: d7b02d81cc74f24a251d9363e0f4b0a149264ec1 Sha256: 73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.76.226 HASH: 4397e6b45b5822fbab9b83abe0b96ee70efba7cd2160b51936159865ede5fdb1 23.36.76.226 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "4397E6B45B5822FBAB9B83ABE0B96EE70EFBA7CD2160B51936159865EDE5FDB1" Last-Modified: Sun, 25 Sep 2022 18:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=8946 Expires: Tue, 27 Sep 2022 09:33:14 GMT Date: Tue, 27 Sep 2022 07:04:08 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: d2560f62890e75b8de444fed96c22f52 Sha1: 334ce0c48e606ee029f31eeb1463af87b1024bb9 Sha256: 4397e6b45b5822fbab9b83abe0b96ee70efba7cd2160b51936159865ede5fdb1
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1 Host: content-signature-2.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site	URL: content-signature-2.cdn.mozilla.net/chains/remote-setti (...) FQDN: content-signature-2.cdn.mozilla.net IP: 143.204.55.35 HASH: b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770 143.204.55.35 HTTP/2 200 OK content-type: binary/octet-stream content-length: 5348 date: Mon, 26 Sep 2022 09:17:07 GMT last-modified: Sat, 10 Sep 2022 18:47:45 GMT etag: "6113f8408c59aebe188d6af273b90743" content-disposition: attachment accept-ranges: bytes server: AmazonS3 x-cache: Hit from cloudfront via: 1.1 814e8c24454087e83cd261a6cf477166.cloudfront.net (CloudFront) x-amz-cf-pop: OSL50-C1 x-amz-cf-id: IZ9QK4Df055whNFvoy3XZcI0jJ9teDldfv2QOclm_uvCYW6B_wWleA== age: 78422 X-Firefox-Spdy: h2 --- Additional Info --- Magic: PEM certificate\012- , ASCII text Size: 5348 Md5: 6113f8408c59aebe188d6af273b90743 Sha1: 7398873bf00f99944eaa77ad3ebc0d43c23dba6b Sha256: b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /v1/tiles HTTP/1.1 Host: contile.services.mozilla.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: contile.services.mozilla.com/v1/tiles FQDN: contile.services.mozilla.com IP: 34.117.237.239 HASH: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3 34.117.237.239 HTTP/2 200 OK content-type: application/json server: nginx date: Tue, 27 Sep 2022 07:04:08 GMT content-length: 12 strict-transport-security: max-age=31536000 via: 1.1 google alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JSON data\012- , ASCII text, with no line terminators Size: 12 Md5: 23e88fb7b99543fb33315b29b1fad9d6 Sha1: a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
POST / HTTP/1.1 Host: ocsp.sca1b.amazontrust.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: ocsp.sca1b.amazontrust.com/ FQDN: ocsp.sca1b.amazontrust.com IP: 143.204.42.88 HASH: 4465f1d030be739d1f111b6c3811c2925997dd20e330c7e41abe3d69f1c4226a 143.204.42.88 HTTP/1.1 200 OK Content-Type: application/ocsp-response Content-Length: 471 Connection: keep-alive Cache-Control: 'max-age=158059' Date: Tue, 27 Sep 2022 07:04:08 GMT Server: ECS (dcb/7EC9) X-Cache: Miss from cloudfront Via: 1.1 a9120cc3ff449047c990e82a4d5566ba.cloudfront.net (CloudFront) X-Amz-Cf-Pop: OSL50-C1 X-Amz-Cf-Id: vhg17G6uPYZyHwh2bU6NgcT9W4Q_gcMQt5oVrN5hbTOwyAyvsMhFYA== --- Additional Info --- Magic: data Size: 471 Md5: 53a9e2273b299b9f4b72749b85699599 Sha1: 5e55ec2164eb8fea16d96731c6a4cc93e8094ad2 Sha256: 4465f1d030be739d1f111b6c3811c2925997dd20e330c7e41abe3d69f1c4226a
GET /t/clk?id=DQqT5fxjrUGKRmCl&rl=Dkxpn&rcode=R09&rseq=R09,R99,R98 HTTP/1.1 Host: so-glo.yoptv33.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: none Sec-Fetch-User: ?1	URL: so-glo.yoptv33.com/t/clk?id=DQqT5fxjrUGKRmCl&rl=Dkxpn&r (...) FQDN: so-glo.yoptv33.com IP: 3.71.126.115 HASH: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 3.71.126.115 HTTP/2 302 Found content-type: text/html; charset=utf-8 date: Tue, 27 Sep 2022 07:04:08 GMT content-length: 0 location: https://go.monetizer.mobi/?utm_medium=ec4eee60be986151ad56a07d62a9c3fe7802b9db&utm_campaign=mainstream2021&1=1&cid=b7dcc5d5-1d54-423a-a235-ac6d4b42343e server: nginx/1.12.2 cache-control: no-transform x-frame-options: SAMEORIGIN vary: Cookie, Origin set-cookie: uip="[\"BRn0DX\"\054 {\"aQZJ9\": \"Boarqv9\"}]:1od4dU:VMb0xLsfCRhvNL0RzBT-BigW8dI"; expires=Thu, 27 Oct 2022 07:04:08 GMT; Max-Age=2592000; Path=/ ydt_69a756d9a2a44370a5365f82fbdfa6e5="[\"b7dcc5d5-1d54-423a-a235-ac6d4b42343e\"]:1od4dU:CsgPpH0HDobYshjPsGY6XenxNFY"; expires=Thu, 27 Oct 2022 09:04:08 GMT; Max-Age=2599200; Path=/; SameSite=None; Secure X-Firefox-Spdy: h2 --- Additional Info --- Magic: Size: 0 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: application/json Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: application/json Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: firefox.settings.services.mozilla.com/v1/buckets/main/c (...) FQDN: firefox.settings.services.mozilla.com IP: 143.204.55.27 HASH: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300 143.204.55.27 HTTP/1.1 200 OK Content-Type: application/json Content-Length: 329 Connection: keep-alive Access-Control-Allow-Origin: * Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT Strict-Transport-Security: max-age=31536000 X-Content-Type-Options: nosniff Date: Tue, 27 Sep 2022 06:10:46 GMT Cache-Control: max-age=3600, max-age=3600 Expires: Tue, 27 Sep 2022 06:52:02 GMT ETag: "1648230346554" X-Cache: Hit from cloudfront Via: 1.1 a7d2a4ec2f50830f128dc406960aef9a.cloudfront.net (CloudFront) X-Amz-Cf-Pop: OSL50-C1 X-Amz-Cf-Id: pF3fPJ9MC7FT98RNwq_buVkIVxfpKjjA16e4RYuFh72FWwVBzgTOew== Age: 3202 --- Additional Info --- Magic: JSON data\012- , ASCII text, with very long lines (329), with no line terminators Size: 329 Md5: 0333b0655111aa68de771adfcc4db243 Sha1: 63f295a144ac87a7c8e23417626724eeca68a7eb Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
POST / HTTP/1.1 Host: ocsp.digicert.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: ocsp.digicert.com/ FQDN: ocsp.digicert.com IP: 93.184.220.29 HASH: 5c95ba48bc342887b4f7ef697bd4def50f6f2f472f654169179e5ac44df883d9 93.184.220.29 HTTP/1.1 200 OK Content-Type: application/ocsp-response Accept-Ranges: bytes Age: 925 Cache-Control: 'max-age=158059' Date: Tue, 27 Sep 2022 07:04:09 GMT Last-Modified: Tue, 27 Sep 2022 06:48:44 GMT Server: ECS (ska/F713) X-Cache: HIT Content-Length: 471 --- Additional Info --- Magic: data Size: 471 Md5: 5adb7eb1d103eadeeafac36e663ffdd3 Sha1: 23b784388dd634fa736cd60aed71570661e73d02 Sha256: 5c95ba48bc342887b4f7ef697bd4def50f6f2f472f654169179e5ac44df883d9
GET / HTTP/1.1 Host: push.services.mozilla.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Sec-WebSocket-Version: 13 Origin: wss://push.services.mozilla.com/ Sec-WebSocket-Protocol: push-notification Sec-WebSocket-Extensions: permessage-deflate Sec-WebSocket-Key: yPUYYyU3XLgFHlEFzhfeyw== Connection: keep-alive, Upgrade Sec-Fetch-Dest: websocket Sec-Fetch-Mode: websocket Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache Upgrade: websocket	URL: push.services.mozilla.com/ FQDN: push.services.mozilla.com IP: 54.148.190.4 HASH: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 54.148.190.4 HTTP/1.1 101 Switching Protocols Connection: Upgrade Upgrade: websocket Sec-WebSocket-Accept: WgdqFIlhjf5PrTjfV53qgrWLij0= --- Additional Info --- Magic: Size: 0 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1 Host: go.monetizer.mobi User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://go.monetizer.mobi/?utm_term=7147951931439185935&ver=4viyaptcjo&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b84 Cookie: u=8070bd4ccce567b97cf7a2b71016df14 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin TE: trailers	URL: go.monetizer.mobi/favicon.ico FQDN: go.monetizer.mobi IP: 198.143.165.221 HASH: b1d7aef06456fe7431124129a28f0138bb5fccfa4f4161e3087de23c005e5edc 198.143.165.221 HTTP/2 200 OK content-type: image/x-icon server: nginx date: Tue, 27 Sep 2022 07:04:09 GMT content-length: 1150 last-modified: Wed, 31 Jul 2019 07:48:51 GMT etag: "5d4147e3-47e" expires: Wed, 28 Sep 2022 07:04:09 GMT cache-control: max-age=86400 strict-transport-security: max-age=31536000; includeSubdomains; accept-ranges: bytes X-Firefox-Spdy: h2 --- Additional Info --- Magic: MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data Size: 1150 Md5: 91abe01116ab422c598e9c8af72cf4da Sha1: 0f2815fe8e067d48537ad168225ab4674271fa27 Sha256: b1d7aef06456fe7431124129a28f0138bb5fccfa4f4161e3087de23c005e5edc
GET /sw.js?v=1664262247501 HTTP/1.1 Host: go.monetizer.mobi User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Service-Worker: script Connection: keep-alive Cookie: u=8070bd4ccce567b97cf7a2b71016df14 Sec-Fetch-Dest: serviceworker Sec-Fetch-Mode: same-origin Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers	URL: go.monetizer.mobi/sw.js?v=1664262247501 FQDN: go.monetizer.mobi IP: 198.143.165.221 HASH: 70d55f6e4bab19ae4b3cc61642e88a78a599b060c72d10c15c5f937e34305ee9 198.143.165.221 HTTP/2 200 OK content-type: application/javascript server: nginx date: Tue, 27 Sep 2022 07:04:09 GMT content-length: 775 last-modified: Fri, 23 Sep 2022 11:12:42 GMT vary: Accept-Encoding etag: "632d94aa-307" content-encoding: gzip content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src ; style-src 'unsafe-inline'; X-Firefox-Spdy: h2 --- Additional Info --- Magic: ASCII text Size: 775 Md5: de06f24ba6d6b0c514015a9847dace54 Sha1: c9662e4339d4f72af3526b21d4d6d68df21b0ba9 Sha256: 70d55f6e4bab19ae4b3cc61642e88a78a599b060c72d10c15c5f937e34305ee9
GET /proc.php?2206f55a2b1973cb6a8daef58d7279ff27546951 HTTP/1.1 Host: go.monetizer.mobi User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://go.monetizer.mobi/?utm_term=7147951931439185935&ver=4viyaptcjo&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b84 Cookie: u=8070bd4ccce567b97cf7a2b71016df14 Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: same-origin TE: trailers	URL: go.monetizer.mobi/proc.php?2206f55a2b1973cb6a8daef58d72 (...) FQDN: go.monetizer.mobi IP: 198.143.165.221 HASH: 6fd68df587f9a3c1fa8bdfd015782dc69cfba538a29a67590f165628d6679b12 198.143.165.221 HTTP/2 200 OK content-type: text/html; charset=UTF-8 server: nginx date: Tue, 27 Sep 2022 07:04:09 GMT location: https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7147951931439185935&website=797-403c551a&placement=797 vary: Accept-Encoding x-powered-by: PHP/8.1.9 cache-control: no-store, no-cache, must-revalidate, max-age=0 pragma: no-cache expires: Thu, 01 Jan 1970 00:00:00 GMT strict-transport-security: max-age=31536000; includeSubdomains; content-encoding: gzip X-Firefox-Spdy: h2 --- Additional Info --- Magic: data Size: 6698 Md5: 4e016827162f553f8dd6a44870672129 Sha1: c6405afdd056159468c65459e5c33c40a16109df Sha256: 6fd68df587f9a3c1fa8bdfd015782dc69cfba538a29a67590f165628d6679b12
GET /?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7147951931439185935&website=797-403c551a&placement=797&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b84&eyeg=3700967004895f62ced4680ddb2a6be4&eyer=0.07677551232628599&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef=go.monetizer.mobi HTTP/1.1 Host: www.wewillserv.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: same-origin	URL: www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2 (...) FQDN: www.wewillserv.com IP: 51.68.81.31 HASH: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 51.68.81.31 HTTP/1.1 302 Found Date: Tue, 27 Sep 2022 07:04:10 GMT Content-Length: 0 Connection: keep-alive Cache-Control: no-transform Location: https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7147951931439185935&website=797-403c551a&placement=797&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b84&eyeg=3&eyer=0.07677551232628599&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef=go.monetizer.mobi --- Additional Info --- Magic: Size: 0 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7147951931439185935&website=797-403c551a&placement=797&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b84&eyeg=3&eyer=0.07677551232628599&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef=go.monetizer.mobi HTTP/1.1 Host: www.wewillserv.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: same-origin	URL: www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2 (...) FQDN: www.wewillserv.com IP: 51.68.81.31 HASH: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 51.68.81.31 HTTP/1.1 302 Found Date: Tue, 27 Sep 2022 07:04:10 GMT Content-Length: 0 Connection: keep-alive Cache-Control: no-transform Location: https://admoustache.go2affise.com/sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=3300033ccb36b68e458f3672a6bf68747d65f0927-202209-flb5467509-4538fM7147951931439185935sl_5467509-4538f8273a6dd011dfcfb5c6d522796c8cc4416eb1a89797-403c551a797 --- Additional Info --- Magic: Size: 0 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.76.226 HASH: 0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41 23.36.76.226 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41" Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=4144 Expires: Tue, 27 Sep 2022 08:13:14 GMT Date: Tue, 27 Sep 2022 07:04:10 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 639785692dc29802e484e1e1d0ec86c4 Sha1: cf81784351ce6302f540f491f893b44496809677 Sha256: 0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.76.226 HASH: 0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41 23.36.76.226 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41" Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=4144 Expires: Tue, 27 Sep 2022 08:13:14 GMT Date: Tue, 27 Sep 2022 07:04:10 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 639785692dc29802e484e1e1d0ec86c4 Sha1: cf81784351ce6302f540f491f893b44496809677 Sha256: 0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.76.226 HASH: 0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41 23.36.76.226 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41" Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=4144 Expires: Tue, 27 Sep 2022 08:13:14 GMT Date: Tue, 27 Sep 2022 07:04:10 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 639785692dc29802e484e1e1d0ec86c4 Sha1: cf81784351ce6302f540f491f893b44496809677 Sha256: 0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1bfe3adc-1955-4f21-9e44-c0bc53a4edc5.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: ed14fa766f0708b4166e83b61f160db5671af430917b7c67184bf18d9208742b 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 9163 x-amzn-requestid: 8ccd9b1f-bef9-4591-be32-e6dd98f4ee78 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: ZFlKpEZrIAMFS1Q= x-content-type-options: nosniff x-amzn-trace-id: Root=1-63321bdd-4a40b9c8281b64c725fec0f1;Sampled=0 x-amzn-remapped-date: Mon, 26 Sep 2022 21:38:37 GMT x-amz-cf-pop: HIO50-C1, SEA73-P1 x-cache: Hit from cloudfront x-amz-cf-id: Lf6qqokEw32egp3ofmJGtUTAt3RD2f9rVq5gskbhrk_VFGweeo0oCQ== via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google date: Mon, 26 Sep 2022 21:49:18 GMT age: 33292 etag: "84f5a4c8b38acde814bc790e5b514347718d5bb9" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 9163 Md5: deb8d1e3b6d7fbc8c8ba478269621676 Sha1: 84f5a4c8b38acde814bc790e5b514347718d5bb9 Sha256: ed14fa766f0708b4166e83b61f160db5671af430917b7c67184bf18d9208742b
GET /favicon.ico HTTP/1.1 Host: www.wewillserv.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin	URL: www.wewillserv.com/favicon.ico FQDN: www.wewillserv.com IP: 51.68.81.31 HASH: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 51.68.81.31 HTTP/1.1 204 No Content Server: openresty Date: Tue, 27 Sep 2022 07:04:10 GMT Connection: keep-alive --- Additional Info --- Magic: Size: 0 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F35b718e0-3d37-4447-a38f-12fa37aeae57.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: ce55a1ff5c71ec43884b74a08cd32ef75cb0632a91f3fe8b150f5ead499375a4 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 6487 x-amzn-requestid: cd11b94b-24be-4e6d-bce3-a480b2c1cc23 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: ZDWDQEYAIAMFetw= x-content-type-options: nosniff x-amzn-trace-id: Root=1-633136e1-5fcb76b5408fdfa20ec55dd8;Sampled=0 x-amzn-remapped-date: Mon, 26 Sep 2022 05:21:37 GMT x-amz-cf-pop: SEA19-C2 x-cache: Miss from cloudfront x-amz-cf-id: GcEH02ZlJM-8wUvNf7K7rK7f1cs6_m4i9UYUNxXUGzcDTEz74JH3cA== via: 1.1 79880188a81becf1687ba18c0e064230.cloudfront.net (CloudFront), 1.1 ddaf46a95abcfc80e8eae76235e2127c.cloudfront.net (CloudFront), 1.1 google date: Mon, 26 Sep 2022 21:59:28 GMT age: 32682 etag: "edff303440c5972381295b4b2602bd3f77f6702a" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 6487 Md5: e88b78ede0e4583585d6bb805fb39470 Sha1: edff303440c5972381295b4b2602bd3f77f6702a Sha256: ce55a1ff5c71ec43884b74a08cd32ef75cb0632a91f3fe8b150f5ead499375a4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F334b6513-7266-4f03-aae2-328c1b58a30e.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: 668dba22a0c81c4580637806c293521b176512b18ebcc2fe951be2f27f43134d 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 10864 x-amzn-requestid: a6be937a-3e8f-4dad-bbca-f28554f5ff21 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: YioQqFHsoAMFxXQ= x-content-type-options: nosniff x-amzn-trace-id: Root=1-632420d0-78fecb9e2f76416044839a35;Sampled=0 x-amzn-remapped-date: Fri, 16 Sep 2022 07:08:00 GMT x-amz-cf-pop: SEA73-P1 x-cache: Hit from cloudfront x-amz-cf-id: l-svEjPVAfeYvCQAHsARjTk9PNdkVGUJA_2415312kWF2x6MDI7o7A== via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 0d4ebcaa87ba94709def0eaac9371e5a.cloudfront.net (CloudFront), 1.1 google date: Mon, 26 Sep 2022 13:17:07 GMT age: 64023 etag: "2a2fabd9f9792daf9c058fc754d5616267b703f1" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 10864 Md5: 56c3768b851e6a5206cbfbe3f5a97cae Sha1: 2a2fabd9f9792daf9c058fc754d5616267b703f1 Sha256: 668dba22a0c81c4580637806c293521b176512b18ebcc2fe951be2f27f43134d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F79631135-a10c-43bf-85d2-fa2236b96883.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: 058d798963f83f5fb88ab728185f755c5353fa981d93e1b6ff869089f501586b 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 13213 x-amzn-requestid: 09f8fee2-6830-4bec-af40-f2fb6547bc63 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: ZFkreH5poAMFdxg= x-content-type-options: nosniff x-amzn-trace-id: Root=1-63321b16-0afbf5e01a013e6f0db53da1;Sampled=0 x-amzn-remapped-date: Mon, 26 Sep 2022 21:35:18 GMT x-amz-cf-pop: HIO50-C1, SEA73-P1 x-cache: Miss from cloudfront x-amz-cf-id: CwkfEPDseHez7mArqwz8tmC3WHFwXAZF1OSColucaQ5vG2hvBIDWOg== via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google date: Mon, 26 Sep 2022 21:42:47 GMT age: 33683 etag: "3d4fa8701f17e8818c25584ef5f04bfbee8440cd" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 13213 Md5: 62e68c3cd08dd94d910507512a67e85f Sha1: 3d4fa8701f17e8818c25584ef5f04bfbee8440cd Sha256: 058d798963f83f5fb88ab728185f755c5353fa981d93e1b6ff869089f501586b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe94c315c-bcc5-4538-9c7b-7c0a9f2dccbc.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: 4e37955fb99beb25ceb9deb7c4398914af4192c2e3614e5d68cdafa8c85b256e 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 7146 x-amzn-requestid: 100deff4-ea7e-47d4-a46d-6d9d0d1d6aad x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: ZASE1HiPIAMFZqQ= x-content-type-options: nosniff x-amzn-trace-id: Root=1-632ffd51-0b5dec0d7bb5fdf754e9c816;Sampled=0 x-amzn-remapped-date: Sun, 25 Sep 2022 07:03:45 GMT x-amz-cf-pop: SFO5-P2, SEA19-C2 x-cache: Miss from cloudfront x-amz-cf-id: IZeWsnZ6p1erJ-H07l2EzQ97Duu0qYrb5USVnoyj348rIEMJA9MnBg== via: 1.1 7256fedee68a59a508800e0dda035348.cloudfront.net (CloudFront), 1.1 36810aa1793ee589dc8c194860296078.cloudfront.net (CloudFront), 1.1 google date: Mon, 26 Sep 2022 07:11:44 GMT age: 85946 etag: "49546314082f2e4f4c4c2686cc0ca281ae6bae47" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 7146 Md5: 2267eb0a20554688393db616344441ee Sha1: 49546314082f2e4f4c4c2686cc0ca281ae6bae47 Sha256: 4e37955fb99beb25ceb9deb7c4398914af4192c2e3614e5d68cdafa8c85b256e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F658e1cdd-3e54-47dd-9724-ec65659721ea.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: 905b1c30a2273aef69904f2eb1451c756fc1fdba02e86ea5c957629dd056aeda 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 6390 x-amzn-requestid: b2681ff8-ab83-41e6-adef-3e6772c93c3f x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: ZGFJ6Gc_oAMF44g= x-content-type-options: nosniff x-amzn-trace-id: Root=1-63324f0c-3dbf9f4e2047567b5abdbe74;Sampled=0 x-amzn-remapped-date: Tue, 27 Sep 2022 01:17:00 GMT x-amz-cf-pop: HIO50-C1, SEA73-P1 x-cache: Hit from cloudfront x-amz-cf-id: 8JXEBo_L_xKuKdeoOXEJ6FO7ZVsZVQzUmQFe7fYcxaHRQNEq1HWp6w== via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google date: Tue, 27 Sep 2022 01:25:52 GMT age: 20298 etag: "61676358cdbb2373bc644e66f8a84fbc8cc5daf6" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 6390 Md5: 14218a43c5e5bbce546735a780c8ccce Sha1: 61676358cdbb2373bc644e66f8a84fbc8cc5daf6 Sha256: 905b1c30a2273aef69904f2eb1451c756fc1fdba02e86ea5c957629dd056aeda
POST / HTTP/1.1 Host: ocsp.godaddy.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 75 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: ocsp.godaddy.com/ FQDN: ocsp.godaddy.com IP: 192.124.249.36 HASH: 0d8438abd1a634d426bf658f2a5f383cfdbab8b6b12a37885895166d8328c7da 192.124.249.36 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: Sucuri/Cloudproxy Date: Tue, 27 Sep 2022 07:04:10 GMT Content-Length: 1777 Connection: keep-alive X-Sucuri-ID: 19036 Content-Transfer-Encoding: Binary Cache-Control: public, no-transform, must-revalidate Last-Modified: Mon, 26 Sep 2022 23:43:15 GMT Expires: Tue, 27 Sep 2022 23:43:15 GMT ETag: "49b873c2bff6f2eba87397c2ba244b04b3c317eb" P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA" --- Additional Info --- Magic: data Size: 1777 Md5: 98917b3482df1fb9b63778a65d8de247 Sha1: 49b873c2bff6f2eba87397c2ba244b04b3c317eb Sha256: 0d8438abd1a634d426bf658f2a5f383cfdbab8b6b12a37885895166d8328c7da
GET /sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=3300033ccb36b68e458f3672a6bf68747d65f0927-202209-flb5467509-4538fM7147951931439185935sl_5467509-4538f8273a6dd011dfcfb5c6d522796c8cc4416eb1a89797-403c551a797 HTTP/1.1 Host: admoustache.go2affise.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Cookie: afclick=63328f1f45d2470001266ed6 Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site	URL: admoustache.go2affise.com/sl?id=5f0efd61dabed1d602e0fe6 (...) FQDN: admoustache.go2affise.com IP: 34.91.27.112 HASH: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 34.91.27.112 HTTP/2 302 Found server: nginx date: Tue, 27 Sep 2022 07:04:10 GMT content-length: 0 location: https://myofferplus.com/rc/a91581ead4?affclick=6332a06a8c96390001e8d588&pubid=503 set-cookie: afclick=6332a06a8c96390001e8d588; expires=Wed, 27 Sep 2023 07:04:10 GMT; secure; SameSite=None access-control-allow-origin: * X-Firefox-Spdy: h2 --- Additional Info --- Magic: Size: 0 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sw.js?v=1664262247501 HTTP/1.1 Host: go.monetizer.mobi User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Service-Worker: script Connection: keep-alive Cookie: u=8070bd4ccce567b97cf7a2b71016df14 Sec-Fetch-Dest: serviceworker Sec-Fetch-Mode: same-origin Sec-Fetch-Site: same-origin If-Modified-Since: Fri, 23 Sep 2022 11:12:42 GMT If-None-Match: "632d94aa-307" Cache-Control: max-age=0 TE: trailers	URL: go.monetizer.mobi/sw.js?v=1664262247501 FQDN: go.monetizer.mobi IP: 198.143.165.221 HASH: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 198.143.165.221 HTTP/2 304 Not Modified server: nginx date: Tue, 27 Sep 2022 07:04:10 GMT last-modified: Fri, 23 Sep 2022 11:12:42 GMT vary: Accept-Encoding etag: "632d94aa-307" content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src ; style-src 'unsafe-inline'; X-Firefox-Spdy: h2 --- Additional Info --- Magic: Size: 0 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1 Host: ocsp.sectigo.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: ocsp.sectigo.com/ FQDN: ocsp.sectigo.com IP: 104.18.32.68 HASH: 2482c0c2c56d26d8c0d1fe12306fe844aecf06f8f0764cad3830dce9ab9bb9b9 104.18.32.68 HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Tue, 27 Sep 2022 07:04:11 GMT Content-Length: 471 Connection: keep-alive Last-Modified: Sat, 24 Sep 2022 15:34:05 GMT Expires: Sat, 01 Oct 2022 15:34:04 GMT Etag: "1b57ca2f86f1dc79909eb7f5815b99bf6b70b8eb" Cache-Control: max-age=375592,s-maxage=1800,public,no-transform,must-revalidate X-CCACDN-Proxy-ID: mcdpinlb6 X-Frame-Options: SAMEORIGIN CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7512623d5f1fb503-OSL --- Additional Info --- Magic: data Size: 471 Md5: b9602d1366474983dad2660731a5703f Sha1: 1b57ca2f86f1dc79909eb7f5815b99bf6b70b8eb Sha256: 2482c0c2c56d26d8c0d1fe12306fe844aecf06f8f0764cad3830dce9ab9bb9b9
GET /rc/a91581ead4?affclick=6332a06a8c96390001e8d588&pubid=503 HTTP/1.1 Host: myofferplus.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site	URL: myofferplus.com/rc/a91581ead4?affclick=6332a06a8c963900 (...) FQDN: myofferplus.com IP: 172.67.217.200 HASH: 8d467bf6d07dfffe890133ef0dda141cbd9826bb915a217f65bc3fbe6a2fd4f7 172.67.217.200 HTTP/2 200 OK content-type: text/html; charset=utf-8 date: Tue, 27 Sep 2022 07:04:10 GMT set-cookie: AWSALB=A7zqehKGKZvIQB0GZptwAzMGTKwgpUYJBVHSoLuYzQgoGHgSjmLkHS2nlTUn+s3jnmboo9ZNz1fNTeyoIvsf34g2FxjBD7T4F3qpN1/FfDPSDKvfMwKlvCSf/Tmo; Expires=Tue, 04 Oct 2022 07:04:10 GMT; Path=/ AWSALBCORS=A7zqehKGKZvIQB0GZptwAzMGTKwgpUYJBVHSoLuYzQgoGHgSjmLkHS2nlTUn+s3jnmboo9ZNz1fNTeyoIvsf34g2FxjBD7T4F3qpN1/FfDPSDKvfMwKlvCSf/Tmo; Expires=Tue, 04 Oct 2022 07:04:10 GMT; Path=/; SameSite=None vary: Accept-Encoding, Accept-Language, Cookie content-language: en cf-cache-status: DYNAMIC report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZcY2qPadjQ0Ww7ROghVsu%2BhwziYX%2Fz63TqiU%2Fwx%2Fdduq%2FQD5BcZEfv6r4K%2BBfTSzLfZwTdpXwyA%2FpRTjIS2OAv8K%2BObZMjhooe%2F0SZ4bbyBTHbWuAOHaS9F3ViO9GGexbuA%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server: cloudflare cf-ray: 75126239bd3db50c-OSL content-encoding: br alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 X-Firefox-Spdy: h2 --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text Size: 541 Md5: a0c8e4e1176475db271a0641b4cbaaa0 Sha1: 888c36fc9b3884784ed12a89750654277d7ee6b5 Sha256: 8d467bf6d07dfffe890133ef0dda141cbd9826bb915a217f65bc3fbe6a2fd4f7
GET /sw.js?v=1654466343142 HTTP/1.1 Host: ad.marootrack.co User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Service-Worker: script Connection: keep-alive Sec-Fetch-Dest: serviceworker Sec-Fetch-Mode: same-origin Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers	URL: ad.marootrack.co/sw.js?v=1654466343142 FQDN: ad.marootrack.co IP: 65.60.58.179 HASH: 70d55f6e4bab19ae4b3cc61642e88a78a599b060c72d10c15c5f937e34305ee9 65.60.58.179 HTTP/2 200 OK content-type: application/javascript server: nginx date: Tue, 27 Sep 2022 07:04:12 GMT content-length: 775 last-modified: Fri, 23 Sep 2022 11:12:42 GMT vary: Accept-Encoding etag: "632d94aa-307" content-encoding: gzip content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src ; style-src 'unsafe-inline'; X-Firefox-Spdy: h2 --- Additional Info --- Magic: ASCII text Size: 775 Md5: de06f24ba6d6b0c514015a9847dace54 Sha1: c9662e4339d4f72af3526b21d4d6d68df21b0ba9 Sha256: 70d55f6e4bab19ae4b3cc61642e88a78a599b060c72d10c15c5f937e34305ee9 Alerts: Blocklists: - fortinet: Malware
GET /?utm_medium=ec4eee60be986151ad56a07d62a9c3fe7802b9db&utm_campaign=mainstream2021&1=1&cid=b7dcc5d5-1d54-423a-a235-ac6d4b42343e HTTP/1.1 Host: go.monetizer.mobi User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: none Sec-Fetch-User: ?1	URL: go.monetizer.mobi/?utm_medium=ec4eee60be986151ad56a07d6 (...) FQDN: go.monetizer.mobi IP: 198.143.165.221 198.143.165.221 HTTP/2 200 OK content-type: text/html; charset=UTF-8 server: nginx date: Tue, 27 Sep 2022 07:04:09 GMT location: https://go.monetizer.mobi/?utm_term=7147951931439185935&ver=4viyaptcjo vary: Accept-Encoding x-powered-by: PHP/8.1.9 cache-control: no-store, no-cache, must-revalidate, max-age=0 pragma: no-cache expires: Thu, 01 Jan 1970 00:00:00 GMT set-cookie: u=8070bd4ccce567b97cf7a2b71016df14; expires=Wed, 27-Sep-2023 07:04:09 GMT; Max-Age=31536000; path=/ strict-transport-security: max-age=31536000; includeSubdomains; content-encoding: gzip X-Firefox-Spdy: h2 --- Additional Info ---
GET /?utm_term=7147951931439185935&ver=4viyaptcjo&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b84 HTTP/1.1 Host: go.monetizer.mobi User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://go.monetizer.mobi/?utm_medium=ec4eee60be986151ad56a07d62a9c3fe7802b9db&utm_campaign=mainstream2021&1=1&cid=b7dcc5d5-1d54-423a-a235-ac6d4b42343e Cookie: u=8070bd4ccce567b97cf7a2b71016df14 Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: same-origin TE: trailers	URL: go.monetizer.mobi/?utm_term=7147951931439185935&ver=4vi (...) FQDN: go.monetizer.mobi IP: 198.143.165.221 198.143.165.221 HTTP/2 200 OK content-type: text/html; charset=utf-8 server: nginx date: Tue, 27 Sep 2022 07:04:09 GMT vary: Accept-Encoding x-powered-by: PHP/8.1.9 cache-control: no-store, no-cache, must-revalidate, max-age=0 pragma: no-cache expires: Thu, 01 Jan 1970 00:00:00 GMT strict-transport-security: max-age=31536000; includeSubdomains; content-encoding: gzip X-Firefox-Spdy: h2 --- Additional Info ---
GET /redirect.css HTTP/1.1 Host: cdn.addlnk.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://myofferplus.com/ Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site	URL: cdn.addlnk.com/redirect.css FQDN: cdn.addlnk.com IP: 104.21.20.70 104.21.20.70 HTTP/2 200 OK content-type: text/css date: Tue, 27 Sep 2022 07:04:10 GMT cf-bgj: minify cf-polished: origSize=1680 etag: W/"3ae56d32551602b41f9046c14d1cfde2" last-modified: Wed, 13 Mar 2019 00:03:12 GMT x-amz-id-2: BUW6rlWHZvzQnvJHp4gBkVRIGc8DfdhWdOpgruWqMqu7ownlHIapox/IYSueiBqz+QseNtzP+2A= x-amz-request-id: KYXF7EGSHW20KRRM cf-cache-status: HIT age: 1158 report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qCezGsdr6oAgx8M7JmYcFFp674crq2UzQVd9Iywz2ztOD6qsdLaFAwsSMqFObNOB%2BHk8cHZg41jd%2FQLq5zNr%2F5o7n361%2BXECghMeB2zA1OjQ%2FrVo31BeVStfHf%2BG04%2BW2Q%3D%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 7512623af83bb4f4-OSL content-encoding: br alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 X-Firefox-Spdy: h2 --- Additional Info ---

Overview

Domain Summary (18)

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Blocklists

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 52.58.131.39

Last 5 reports on ASN: AMAZON-02

Last 1 reports on domain: webgodigital.com

Last 5 reports with similar screenshot

JavaScript

Executed Scripts (8)

Executed Evals (0)

Executed Writes (0)

HTTP Transactions (34)

Overview

Domain Summary (18)

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro

Blocklists

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 52.58.131.39

Last 5 reports on ASN: AMAZON-02

Last 1 reports on domain: webgodigital.com

Last 5 reports with similar screenshot

JavaScript

Executed Scripts (8)

Executed Evals (0)

Executed Writes (0)

HTTP Transactions (34)

Network Intrusion Detection Systems