go.bvmcdn.org/request/69629e3a-a67b-4c24-b391-87063939b213/
104.21.49.22301 Moved Permanently 0 B URL HTTP/1.1 go.bvmcdn.org/request/69629e3a-a67b-4c24-b391-87063939b213/
IP 104.21.49.22:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /request/69629e3a-a67b-4c24-b391-87063939b213/ HTTP/1.1
Host: go.bvmcdn.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sat, 01 Oct 2022 05:17:22 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 01 Oct 2022 06:17:22 GMT
Location: https://go.bvmcdn.org/request/69629e3a-a67b-4c24-b391-87063939b213/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w9ROOEpGMu5sum5nrtSrCxqCI7YQkr5WS6qrh1v47c9HyiI3wxL6lKbZDclGfBEUBvl3YVXTRahKnan0fgndUvpzZyWqC8gZ0dnjE6rV7ExbcnTOWY2vTkW7QUXrSkZK"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7532bb470e9a0b55-OSL
alt-svc: h2=":443"; ma=60
firefox.settings.services.mozilla.com/v1/
18.164.68.8200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 18.164.68.8:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 1b3053fa528e28810f8a2cc9284cc921
cca9eb471d941881a6b9a1793aecb6c281908f6a
a2427848ba35575dda8a82cf88f104978234c05389deebc3fc8279d9075eff45
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Backoff, Content-Length, Retry-After
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sat, 01 Oct 2022 05:02:26 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 8671c9c28d4abb06df55e1091d0f124a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P4
X-Amz-Cf-Id: xs1T1TdvqgrnxXDcUuIs8YOpzaaQmffQ20ebW5mbrYp5IjbD7zeeiQ==
Age: 896
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6dd4587c98aef98ad0939030a6976a7f
92dc5966ac2deb0c3ac7fdd02bf8d28f9239801e
a382476d14b6ae14003333e7acdfbbd9ae8775d4c1a7d5c31116f33987043cff
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A382476D14B6AE14003333E7ACDFBBD9AE8775D4C1A7D5C31116F33987043CFF"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11031
Expires: Sat, 01 Oct 2022 08:21:13 GMT
Date: Sat, 01 Oct 2022 05:17:22 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
18.164.68.14200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 18.164.68.14:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sat, 01 Oct 2022 03:33:18 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 f138cee49761f5f7e3b88ec7b66614ee.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P4
x-amz-cf-id: lcOeXfUAFn8dlfUx4o26PqL2GlkLnGzFGz8xZVRECoHS01xGUPZmtg==
age: 6246
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 05:17:22 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 462e78a8b75d9f9c6957e58601eb73d0
d4cab6536e1ea640595b873b43f1b5025fa54573
7723e766d486d1f32e0da821799cb7f39cf4af58d3590403b6031ad9130f6765
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "7723E766D486D1F32E0DA821799CB7F39CF4AF58D3590403B6031AD9130F6765"
Last-Modified: Fri, 30 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21496
Expires: Sat, 01 Oct 2022 11:15:38 GMT
Date: Sat, 01 Oct 2022 05:17:22 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
18.164.68.8200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 18.164.68.8:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Expires, Backoff, ETag, Last-Modified, Pragma, Cache-Control, Content-Length, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
X-Content-Type-Options: nosniff
Date: Sat, 01 Oct 2022 04:33:04 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Sat, 01 Oct 2022 05:08:40 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 c091804e03ab5aaaa5fa50ae3fb748d2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P4
X-Amz-Cf-Id: 47sxO1fwVP5gFiuFzy-g8_5bKsgibmzjXacyTdlZDe6DkHCQx1Xu5g==
Age: 2670
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 462e78a8b75d9f9c6957e58601eb73d0
d4cab6536e1ea640595b873b43f1b5025fa54573
7723e766d486d1f32e0da821799cb7f39cf4af58d3590403b6031ad9130f6765
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "7723E766D486D1F32E0DA821799CB7F39CF4AF58D3590403B6031AD9130F6765"
Last-Modified: Fri, 30 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21495
Expires: Sat, 01 Oct 2022 11:15:38 GMT
Date: Sat, 01 Oct 2022 05:17:23 GMT
Connection: keep-alive
go.bvmcdn.org/request/69629e3a-a67b-4c24-b391-87063939b213/
104.21.49.22301 Moved Permanently 582 B URL HTTP/2 go.bvmcdn.org/request/69629e3a-a67b-4c24-b391-87063939b213/
IP 104.21.49.22:0
Hash effd7a20cb9ba53c0f97b12b333a0c22
a35abbc8ab2c1f781e1eec8e50409346352df82d
903f22af52445426db84e174a192b1ceac0932ee721a16ea269fafe8680efa60
GET /request/69629e3a-a67b-4c24-b391-87063939b213/ HTTP/1.1
Host: go.bvmcdn.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 301 Moved Permanently
date: Sat, 01 Oct 2022 05:17:23 GMT
content-type: text/html; charset=utf-8
location: /request/69629e3a-a67b-4c24-b391-87063939b213
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uJHi30DqrLG5B8u29owP%2FZlDzCNmigiRb5J1oeS4i82TeqdVxTSfhYMIrzCmYHKY6XIEsMZXFxfYmZ%2BrDZxWjCLu4uJkqtyJ8UXXYSnuKV%2FZ2nVmSHKtqfrhs39oUB3w"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7532bb4a1962b4e8-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash d1be374a29f94481ff2c021e35f4eaa0
e05e92d94b5e434e9935e560fd8dc33bdc393aea
37a5132d2183f5c3bfaac5c89df691fea72cac4423110df88bdeb231f430deee
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3509
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 01 Oct 2022 05:17:23 GMT
Last-Modified: Sat, 01 Oct 2022 04:18:54 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 471
gtoonfd.com/favicon.ico
139.45.197.239204 No Content 0 B IP 139.45.197.239:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: gtoonfd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: OAID=055f7092d48d481f904916f31708cdc3; oaidts=1664601443; allcnt=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Sat, 01 Oct 2022 05:17:23 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
pragma: public
cache-control: max-age=315360000, public, must-revalidate, proxy-revalidate
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 562ef5ac3bb1e7966c4226df646a3878
3013ccb7492ae5b5310d927bc912be76db748830
5de9a6521125546494ec65e2a88ec8dd69a13b5b26494c6aa18157b010840f16
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5DE9A6521125546494EC65E2A88EC8DD69A13B5B26494C6AA18157B010840F16"
Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18749
Expires: Sat, 01 Oct 2022 10:29:52 GMT
Date: Sat, 01 Oct 2022 05:17:23 GMT
Connection: keep-alive
push.services.mozilla.com/
44.236.232.139101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 44.236.232.139:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Y7iFAdcg1Ajr+8IFtZSk/Q==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: LpPCXDDp/1UCHn+WEtRxiaLZx7E=
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 3f221772ec0c9958b2c88cae5babcd0b
dc78dc227b42d1d4967d64c81374693440bf3f4f
037c8d5c260b070d810b31fd5d9db67c9aa44f3e103ec170cbd7234210555ba1
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 01 Oct 2022 05:17:23 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 29 Sep 2022 18:25:21 GMT
Expires: Thu, 06 Oct 2022 18:25:20 GMT
Etag: "dc78dc227b42d1d4967d64c81374693440bf3f4f"
Cache-Control: max-age=478676,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7532bb4e9ac4b518-OSL
my.rtmark.net/img.gif?f=merge&userId=055f7092d48d481f904916f31708cdc3
139.45.195.8200 OK 43 B URL HTTP/2 my.rtmark.net/img.gif?f=merge&userId=055f7092d48d481f904916f31708cdc3
IP 139.45.195.8:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
POST /img.gif?f=merge&userId=055f7092d48d481f904916f31708cdc3 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 05:17:23 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: null
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=055f7092d48d481f904916f31708cdc3; expires=Sun, 01 Oct 2023 05:17:23 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 94f9b42cc2b8053a78ece596fb76cd74
266ab6674dc4958b814c312b3ef154a904c37ec7
a02d6fef62ba6464204a25042119224783f8c6eb056be210f432f974cfe95917
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A02D6FEF62BA6464204A25042119224783F8C6EB056BE210F432F974CFE95917"
Last-Modified: Fri, 30 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2245
Expires: Sat, 01 Oct 2022 05:54:48 GMT
Date: Sat, 01 Oct 2022 05:17:23 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9fc2a73915f9d87a457ad2a3edfd19e8
32b4de8a831a6e4ea368c6f631157b96e416f4af
8f7a52dd12ebb2292454ce2655846af9b71e717bd294a95295df8d030cdcb9f7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8F7A52DD12EBB2292454CE2655846AF9B71E717BD294A95295DF8D030CDCB9F7"
Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18726
Expires: Sat, 01 Oct 2022 10:29:29 GMT
Date: Sat, 01 Oct 2022 05:17:23 GMT
Connection: keep-alive
unphionetor.com/fv.js?t=56193&cb=235472559
139.45.197.236200 OK 2.2 kB URL HTTP/2 unphionetor.com/fv.js?t=56193&cb=235472559
IP 139.45.197.236:0
Hash 963fb73c55d9eb1032ece03868a129c2
1e3165405a35783b3a0b12a236bb74d25ad1ce19
5a910a124da8d383464955d8cb2e1d479fd2ae30d598df78149045076c97593d
Analyzer Verdict Alert quad9 Sinkholed
GET /fv.js?t=56193&cb=235472559 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://toapodazoay.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 05:17:23 GMT
content-type: text/javascript; charset=utf8
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: ca7f1a0dd3029758243d166dc34b1c5c
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
toapodazoay.com/favicon.ico
139.45.197.155204 No Content 0 B URL HTTP/2 toapodazoay.com/favicon.ico
IP 139.45.197.155:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: toapodazoay.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://toapodazoay.com/?rzi=4574936&rsz=4574936&rid=
Cookie: reverse=rt-pxuowh92QNKmjrHgUwLNiWqfCTw_cAE9y0x_5Iw8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Sat, 01 Oct 2022 05:17:24 GMT
strict-transport-security: max-age=60
x-content-type-options: nosniff
X-Firefox-Spdy: h2
ptauxofi.net/pfe/current/micro.tag.min.js?sw=/sw-check-permissions/3683319&var=qCqekRDLtEBTXwP&z=3683319
139.45.197.250200 OK 40 kB URL HTTP/2 ptauxofi.net/pfe/current/micro.tag.min.js?sw=/sw-check-permissions/3683319&var=qCqekRDLtEBTXwP&z=3683319
IP 139.45.197.250:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash f180b770897d6441bb79cb05ef5655b6
0a1ecab3bd50af2c0930f1ebadeb5ae449b52489
35ca5d4fa63b7895631bbe796dc91e83e0a76ba1a6d6b04c4c2962b7c1fb5a4e
Analyzer Verdict Alert quad9 Sinkholed
GET /pfe/current/micro.tag.min.js?sw=/sw-check-permissions/3683319&var=qCqekRDLtEBTXwP&z=3683319 HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://toapodazoay.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 05:17:24 GMT
content-type: application/javascript
last-modified: Tue, 27 Sep 2022 13:19:37 GMT
etag: W/"6332f869-1a5ed"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 47f245f9a098439e59436f81d4c03415
950b3eadfd6fc7f859130fa2c63934c6ccd49889
25f075effbd8acded8f38d69ea17f673de3e197b635274d4c52411ef577fe8e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "25F075EFFBD8ACDED8F38D69EA17F673DE3E197B635274D4C52411EF577FE8E7"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13265
Expires: Sat, 01 Oct 2022 08:58:29 GMT
Date: Sat, 01 Oct 2022 05:17:24 GMT
Connection: keep-alive
toapodazoay.com/?tt
139.45.197.155200 OK 581 B IP 139.45.197.155:0
Hash 87be8e9eb78f5d4cf71254a4411e4977
dccd34e094845254290e72e4dba41c67afdfa172
6104f14017fa7f4eaf5b49e7f5b3aa500a90d2961cdd7cd281db94ccbdcab04b
POST /?tt HTTP/1.1
Host: toapodazoay.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/json
Content-Length: 27
Origin: https://toapodazoay.com
Connection: keep-alive
Referer: https://toapodazoay.com/?rzi=4574936&rsz=4574936&rid=
Cookie: reverse=rt-pxuowh92QNKmjrHgUwLNiWqfCTw_cAE9y0x_5Iw8
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 05:17:24 GMT
content-type: application/json
vary: Accept-Encoding
x-powered-by: PHP/7.4.24
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 47f245f9a098439e59436f81d4c03415
950b3eadfd6fc7f859130fa2c63934c6ccd49889
25f075effbd8acded8f38d69ea17f673de3e197b635274d4c52411ef577fe8e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "25F075EFFBD8ACDED8F38D69EA17F673DE3E197B635274D4C52411EF577FE8E7"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13265
Expires: Sat, 01 Oct 2022 08:58:29 GMT
Date: Sat, 01 Oct 2022 05:17:24 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 47f245f9a098439e59436f81d4c03415
950b3eadfd6fc7f859130fa2c63934c6ccd49889
25f075effbd8acded8f38d69ea17f673de3e197b635274d4c52411ef577fe8e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "25F075EFFBD8ACDED8F38D69EA17F673DE3E197B635274D4C52411EF577FE8E7"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13265
Expires: Sat, 01 Oct 2022 08:58:29 GMT
Date: Sat, 01 Oct 2022 05:17:24 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 47f245f9a098439e59436f81d4c03415
950b3eadfd6fc7f859130fa2c63934c6ccd49889
25f075effbd8acded8f38d69ea17f673de3e197b635274d4c52411ef577fe8e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "25F075EFFBD8ACDED8F38D69EA17F673DE3E197B635274D4C52411EF577FE8E7"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13265
Expires: Sat, 01 Oct 2022 08:58:29 GMT
Date: Sat, 01 Oct 2022 05:17:24 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F180dee10-1cde-4fbe-8a74-62b7b3bdb1e2.jpeg
34.120.237.76200 OK 6.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F180dee10-1cde-4fbe-8a74-62b7b3bdb1e2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 206fb65e75dbadf119512f71e0b78402
58ff0bf8ce7528b303d28bab01a80ad721705569
56c8d5f3b3060ee54bf81995269b86c070855d8c33bf437161339a45b309703f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F180dee10-1cde-4fbe-8a74-62b7b3bdb1e2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6315
x-amzn-requestid: f0791b53-3c5f-4d94-954d-992a529ebb60
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZPnunF35oAMFYbg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63361ff6-2adb303349153ced73ccecf6;Sampled=0
x-amzn-remapped-date: Thu, 29 Sep 2022 22:45:10 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: RGS_T9Cwl5Vjs_bxngHRomiYppE5fLe0SnH19VEfc5-PCT5tb5ku1A==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Oct 2022 04:40:52 GMT
age: 2192
etag: "58ff0bf8ce7528b303d28bab01a80ad721705569"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7fc3f7b5-4c80-4662-ba8b-7997bdbdb6a3.jpeg
34.120.237.76200 OK 8.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7fc3f7b5-4c80-4662-ba8b-7997bdbdb6a3.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0d31a422078d02bda318c693c05a58dc
2df7db53629c7adda2c0a4dfe9c17791b73a75e1
a07fe4e135b52da6dfa9d8a55684f0a3bf5f5ce52c4064c8ab37836a939902a9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7fc3f7b5-4c80-4662-ba8b-7997bdbdb6a3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8299
x-amzn-requestid: 91eed6b6-632f-472b-93d7-4192425fcdfd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZSxLDF0SoAMFWgw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63376246-17bb04894cc786555d693ec3;Sampled=0
x-amzn-remapped-date: Fri, 30 Sep 2022 21:40:22 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 8JvNUZRyYeZjd4ZxOrGMCbJxVf46NRhiHXsFvCAZn2QeUkdCzKoYbw==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 001e7070d795018d01b93988b9723742.cloudfront.net (CloudFront), 1.1 google
date: Fri, 30 Sep 2022 22:15:58 GMT
age: 25286
etag: "2df7db53629c7adda2c0a4dfe9c17791b73a75e1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7a3fdfee-41fa-48e2-a92a-744050d16fbe.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7a3fdfee-41fa-48e2-a92a-744050d16fbe.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1d55a4b7e79062b396f5fd06b44cd637
8b72969c2c5cff7c8200e8c8a4b3d504565a97fd
338682591e594c0cf51fd671a43ff1b0d265b2713dc8504f05b00f93ddf5c57e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7a3fdfee-41fa-48e2-a92a-744050d16fbe.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13384
x-amzn-requestid: c643d8db-041f-4e98-888d-63375dde9721
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZM65TEujIAMFpmw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63350b6e-232161f74a65138a122f7cf7;Sampled=0
x-amzn-remapped-date: Thu, 29 Sep 2022 03:05:18 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 0qGoRJUOZ5pSfaO1f7DWFB-oRI7zkyIFFfAcbOWNhy3p2EKCD1VdwA==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Oct 2022 03:52:25 GMT
age: 5099
etag: "8b72969c2c5cff7c8200e8c8a4b3d504565a97fd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F979b163e-e6cb-49a1-a2a2-de55e3c86685.jpeg
34.120.237.76200 OK 6.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F979b163e-e6cb-49a1-a2a2-de55e3c86685.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 72a92d7de4dd5ccce4cdf54dd132b948
bb9a3611d2eb51e0eef79106f1497e3f460a03cb
7654b1824c07d1c121e288c19ea587eff25579333a783978bc73dc37cc9b35a4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F979b163e-e6cb-49a1-a2a2-de55e3c86685.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6655
x-amzn-requestid: ade9e38b-a622-4ec5-b8be-29d4ba80d883
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZP6jHGNioAMFVbA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63363e13-02fb28271686b4c97d95bde3;Sampled=0
x-amzn-remapped-date: Fri, 30 Sep 2022 00:53:39 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: wwTf6va45g9yXUUnmddByF22fmAQCX6ZVK6PwpElVK41tesFsq0mlA==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 30 Sep 2022 13:43:10 GMT
age: 56054
etag: "bb9a3611d2eb51e0eef79106f1497e3f460a03cb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc7a423b5-e320-4013-8cd9-2455b244e410.jpeg
34.120.237.76200 OK 3.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc7a423b5-e320-4013-8cd9-2455b244e410.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e22123802c6c1a89ff2b12b8ebb4478a
069a451b50182aed754301cbc2eb776abe469a52
4edccb57b366cf6460219d86ea13dd54cb0bcf3581604a5139859bf809df2b13
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc7a423b5-e320-4013-8cd9-2455b244e410.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3069
x-amzn-requestid: 957bbcc7-0ce0-42b6-bec6-588f9e1c6369
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZSxLCH6DoAMFaHA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63376246-5a514967208e92343e0f3778;Sampled=0
x-amzn-remapped-date: Fri, 30 Sep 2022 21:40:22 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: tnGcmRZcp0_ckYfYvD37C_1Vswk5FoLIhno4dWw39OJ3fqmhIMss2Q==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 01147dcc35d57fc0238a3c1700c13f16.cloudfront.net (CloudFront), 1.1 google
date: Fri, 30 Sep 2022 22:15:59 GMT
age: 25285
etag: "069a451b50182aed754301cbc2eb776abe469a52"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff75296c6-86fa-46e7-b1f9-5afb645a7a08.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff75296c6-86fa-46e7-b1f9-5afb645a7a08.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6d5dcd5bfb41659d9b347d19af17853b
feafba2465f9b352eef2a2dc57e7c52446ff2cc0
10904009b4b7b80c6931ea54981bc5ee51b5b71b5407da20e2d22962d9fab32e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff75296c6-86fa-46e7-b1f9-5afb645a7a08.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11252
x-amzn-requestid: 53406cae-6d5f-4700-ac5a-c26bb7762252
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZPtTgEsHoAMF53w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633628e3-5a23515e02caea594e05e6a9;Sampled=0
x-amzn-remapped-date: Thu, 29 Sep 2022 23:23:15 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: sZ9hZoWRNQHI7VbLr5ygsJeXKr0OsnbSSas1v0O_vXKSEUK6canMKA==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 30 Sep 2022 16:23:58 GMT
age: 46406
etag: "feafba2465f9b352eef2a2dc57e7c52446ff2cc0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
go.ad2upapp.com/afu.php?id=792658&rt=1
139.45.197.237302 Moved Temporarily 138 B URL HTTP/1.1 go.ad2upapp.com/afu.php?id=792658&rt=1
IP 139.45.197.237:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash aff950cab4c0265e21d401db15f1026d
f03e18461817f7a6546c8bf8fa8d686d7e30aca0
753e0dd54f28c4f7009b9c0b18a68aed175416bd8b7d134858264586eaac56f0
GET /afu.php?id=792658&rt=1 HTTP/1.1
Host: go.ad2upapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Sat, 01 Oct 2022 05:17:25 GMT
Content-Type: text/html
Content-Length: 138
Connection: keep-alive
Location: http://go.deliverymodo.com/afu.php?id=792658&rt=1
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *
go.deliverymodo.com/afu.php?id=792658&rt=1
139.45.197.236200 OK 628 B URL HTTP/1.1 go.deliverymodo.com/afu.php?id=792658&rt=1
IP 139.45.197.236:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 66b632885904079cb1f5cefdbc63fc33
55f99905ecfee8c81de4205e5b2c3aeacde14e0f
70c69be60f5904b23957a03b44654d58de654730bbce0a8753b9d33e37da1263
GET /afu.php?id=792658&rt=1 HTTP/1.1
Host: go.deliverymodo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 01 Oct 2022 05:17:25 GMT
Content-Type: text/html; charset=utf8
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace-Id: abbb14b83fca4cce6caca7e8a7974f1e
Link: <https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch", <https://www.bitcoin-kopen.com>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding
Access-Control-Max-Age: 86400
Pragma: no-cache
Cache-Control: no-transform, no-store, no-cache, must-revalidate, max-age=0
Expires: Tue, 11 Jan 1994 10:00:00 GMT
Set-Cookie: OAID=fe2ea11b52334020a21782619c51f36b; expires=Sun, 01 Oct 2023 05:17:25 GMT; path=/
oaidts=1664601445; expires=Sun, 01 Oct 2023 05:17:25 GMT; path=/
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *, *
Content-Encoding: gzip
unphionetor.com/vb?t=56193&bid=79056&aid=599944536537698708&tp=2032
139.45.197.236204 No Content 0 B URL HTTP/2 unphionetor.com/vb?t=56193&bid=79056&aid=599944536537698708&tp=2032
IP 139.45.197.236:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
POST /vb?t=56193&bid=79056&aid=599944536537698708&tp=2032 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://toapodazoay.com
Connection: keep-alive
Referer: https://toapodazoay.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Sat, 01 Oct 2022 05:17:25 GMT
access-control-allow-origin: https://toapodazoay.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: fe9106885114ff8d7895d41a8aefd90a
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c15c74319e5b3b03ae766139316ad452
d0eb776b06727cdce750f8c1d0b364c2157f08e8
4539572fd2fcabcb628ed9ad63c9ed3445565cadcb13f5d460df1a66702671f6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4539572FD2FCABCB628ED9AD63C9ED3445565CADCB13F5D460DF1A66702671F6"
Last-Modified: Fri, 30 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13498
Expires: Sat, 01 Oct 2022 09:02:23 GMT
Date: Sat, 01 Oct 2022 05:17:25 GMT
Connection: keep-alive
go.deliverymodo.com/favicon.ico
139.45.197.236204 No Content 0 B URL HTTP/1.1 go.deliverymodo.com/favicon.ico
IP 139.45.197.236:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: go.deliverymodo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: OAID=fe2ea11b52334020a21782619c51f36b; oaidts=1664601445
HTTP/1.1 204 No Content
Server: nginx
Date: Sat, 01 Oct 2022 05:17:25 GMT
Connection: keep-alive
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Pragma: public
Cache-Control: max-age=315360000, public, must-revalidate, proxy-revalidate
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 3f221772ec0c9958b2c88cae5babcd0b
dc78dc227b42d1d4967d64c81374693440bf3f4f
037c8d5c260b070d810b31fd5d9db67c9aa44f3e103ec170cbd7234210555ba1
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 01 Oct 2022 05:17:25 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 29 Sep 2022 18:25:21 GMT
Expires: Thu, 06 Oct 2022 18:25:20 GMT
Etag: "dc78dc227b42d1d4967d64c81374693440bf3f4f"
Cache-Control: max-age=478674,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7532bb5b1a8cb518-OSL
my.rtmark.net/img.gif?f=merge&userId=fe2ea11b52334020a21782619c51f36b
139.45.195.8200 OK 43 B URL HTTP/2 my.rtmark.net/img.gif?f=merge&userId=fe2ea11b52334020a21782619c51f36b
IP 139.45.195.8:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
POST /img.gif?f=merge&userId=fe2ea11b52334020a21782619c51f36b HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 05:17:25 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: null
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=fe2ea11b52334020a21782619c51f36b; expires=Sun, 01 Oct 2023 05:17:25 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash ef57d3747eeb3319369eb5c11141bc76
785adcab6fbac6813ef5233798e60ad12508ab12
10ef2e6ab889f07bb50ba058b8b3ac0be9ed1118af422d4ebe47927b6af3793c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3623
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 01 Oct 2022 05:17:25 GMT
Last-Modified: Sat, 01 Oct 2022 04:17:02 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 471
www.plus500.com/no/?id=112372&pl=2
152.195.53.227200 OK 143 kB URL HTTP/2 www.plus500.com/no/?id=112372&pl=2
IP 152.195.53.227:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (18130), with CRLF, LF line terminators
Size 143 kB (142790 bytes)
Hash ced730c273826b5e036834d62a2edf6d
f19ef3e0aaf5c09898bac615f2ad49cefdd0670b
a5743bb159f35a76510e4a39dc67245e3296ebb9e18cde4709ae86e45e898eb8
GET /no/?id=112372&pl=2 HTTP/1.1
Host: www.plus500.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.bitcoin-kopen.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
alt-svc: clear
cache-control: private
content-type: text/html; charset=utf-8
date: Sat, 01 Oct 2022 05:17:25 GMT
server: Microsoft-IIS/10.0
set-cookie: referralUrl=https%3a%2f%2fwww.bitcoin-kopen.com%2f; expires=Mon, 31-Oct-2022 05:17:25 GMT; path=/; SameSite=None; secure; HttpOnly
referralId=112372; expires=Mon, 31-Oct-2022 05:17:25 GMT; path=/; SameSite=None; secure; HttpOnly
referralPlan=2; expires=Mon, 31-Oct-2022 05:17:25 GMT; path=/; SameSite=None; secure; HttpOnly
innerTags=; expires=Mon, 31-Oct-2022 05:17:25 GMT; path=/; SameSite=None; secure; HttpOnly
webvisitid=a178c70f-b2ed-42db-9cbe-dad15217a398; expires=Mon, 31-Oct-2022 05:17:25 GMT; path=/; SameSite=None; secure; HttpOnly
referralTimeStamp=2022-10-01T05:17:25.9426582+00:00; expires=Mon, 31-Oct-2022 05:17:25 GMT; path=/; SameSite=None; secure; HttpOnly
VisitLogged=True; path=/; SameSite=None; secure; HttpOnly
ASP.NET_SessionId=4oylqifg1ka34gwx3w1man5i; path=/; secure; HttpOnly; SameSite=None
InAppView=False; path=/; SameSite=None; secure; HttpOnly
theme_type=Light; path=/; SameSite=None; secure; HttpOnly
Exps=Q29va2llc1BvcHVwRXhwZXJpbWVudCwy; path=/; secure; HttpOnly
IP=!EtqPvABbgZ0heHNay247HpdMxMsAH1Y8zAnagfcTWSFlNvGzz6o9a3v4ccReSkTXc8SBoQj0KC4+xu8XfOxlxc/N6W3Kasxb9CNeNQrrmx3nnurgQBcWHu7Bk06KdUINA8szBt7FEtWe5nbTi3YCg+hz4sdRvfg=; path=/; Httponly; Secure; SameSite=none
strict-transport-security: max-age=31536000
x-aspnetmvc-version: 5.2
x-frame-options: Deny
content-length: 142790
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 2095ec4a1c9f72c01d50428e2da70ad1
3f6bf8167e009cf1fee6c7bb2f0044a15e5f8a1f
397b1e0e64f809821a73bdd1269482b03a1f16fc9444f128656420ba600bb10a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1719
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 01 Oct 2022 05:17:26 GMT
Last-Modified: Sat, 01 Oct 2022 04:48:48 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 278
cdn-main.plus500.com/1.0.0.105560/Resources/Scripts/layout.bundle.min.js
192.229.220.58200 OK 32 kB URL HTTP/2 cdn-main.plus500.com/1.0.0.105560/Resources/Scripts/layout.bundle.min.js
IP 192.229.220.58:0
File type Unicode text, UTF-8 text, with very long lines (65534), with no line terminators
Hash 579b64ce74ad3c0409a0bb6a6624a608
ce6ce94b5ad1b8e0c066957d92a41c14b974f021
0a59bdb70fc09933b7e3bdab3a3d1e1161cea5f82802daf376af8a7761f2662d
GET /1.0.0.105560/Resources/Scripts/layout.bundle.min.js HTTP/1.1
Host: cdn-main.plus500.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.plus500.com/no/?id=112372&pl=2
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
content-encoding: gzip
access-control-allow-origin: *
age: 373210
alt-svc: clear
cache-control: public,max-age=2419200
content-type: application/javascript
date: Sat, 01 Oct 2022 05:17:26 GMT
etag: "3547bf7bc0a4d81:0+gzip"
last-modified: Sun, 31 Jul 2022 09:32:42 GMT
server: ECAcc (ska/F72C)
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-cache: HIT
x-xss-protection: 1; mode=block
content-length: 31983
X-Firefox-Spdy: h2
cdn-main.plus500.com/1.0.0.105560/Resources/Images/newhome/svg/marketing-plus500-invest.svg
192.229.220.58200 OK 2.5 kB URL HTTP/2 cdn-main.plus500.com/1.0.0.105560/Resources/Images/newhome/svg/marketing-plus500-invest.svg
IP 192.229.220.58:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (6957), with no line terminators
Hash 72ecc0d5267c801fff507fe2f2b5ca60
98d6256130659d1a3bc8a82592c11950e3475162
e7f24adf6aee2d10e006ed5a017b32b05c3f54418a4c08e0d09a0163d2728c73
GET /1.0.0.105560/Resources/Images/newhome/svg/marketing-plus500-invest.svg HTTP/1.1
Host: cdn-main.plus500.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.plus500.com/no/?id=112372&pl=2
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
content-encoding: gzip
access-control-allow-origin: *
age: 373210
alt-svc: clear
cache-control: public,max-age=2419200
content-type: image/svg+xml
date: Sat, 01 Oct 2022 05:17:26 GMT
etag: "30802d7bc0a4d81:0+gzip"
last-modified: Sun, 31 Jul 2022 09:32:41 GMT
server: ECAcc (ska/F6DD)
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-cache: HIT
x-xss-protection: 1; mode=block
content-length: 2534
X-Firefox-Spdy: h2
cdn-main.plus500.com/1.0.0.105560/Resources/Images/newhome/svg/plus500-invest.svg
192.229.220.58200 OK 2.4 kB URL HTTP/2 cdn-main.plus500.com/1.0.0.105560/Resources/Images/newhome/svg/plus500-invest.svg
IP 192.229.220.58:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (6464), with no line terminators
Hash f020056bf2b14af54232c36f42060b28
b6c7c4d613fb0fa175e7b04d3fc1d302bbc72ac0
40faa14df892598736cdb2f202a86ffe31eba80c698350a2ce3170413c4d6b09
GET /1.0.0.105560/Resources/Images/newhome/svg/plus500-invest.svg HTTP/1.1
Host: cdn-main.plus500.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.plus500.com/no/?id=112372&pl=2
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
content-encoding: gzip
access-control-allow-origin: *
age: 373210
alt-svc: clear
cache-control: public,max-age=2419200
content-type: image/svg+xml
date: Sat, 01 Oct 2022 05:17:26 GMT
etag: "62e22f7bc0a4d81:0+gzip"
last-modified: Sun, 31 Jul 2022 09:32:41 GMT
server: ECAcc (ska/F6BC)
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-cache: HIT
x-xss-protection: 1; mode=block
content-length: 2386
X-Firefox-Spdy: h2
cdn-main.plus500.com/1.0.0.105560/Resources/Images/newhome/svg/plus500-cfd.svg
192.229.220.58200 OK 2.3 kB URL HTTP/2 cdn-main.plus500.com/1.0.0.105560/Resources/Images/newhome/svg/plus500-cfd.svg
IP 192.229.220.58:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (6171), with no line terminators
Hash fd6dd7c0c5f25889a0d093d3ae29cc72
24649b7162ed8e6d98d903f88f3ae08f48a85bce
a8b4cfc6ff2f0c5ded25a8ee5bb9b6c5d05d454e514b4e1cdf0cbb3df75caea1
GET /1.0.0.105560/Resources/Images/newhome/svg/plus500-cfd.svg HTTP/1.1
Host: cdn-main.plus500.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.plus500.com/no/?id=112372&pl=2
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
content-encoding: gzip
access-control-allow-origin: *
age: 373210
alt-svc: clear
cache-control: public,max-age=2419200
content-type: image/svg+xml
date: Sat, 01 Oct 2022 05:17:26 GMT
etag: "30802d7bc0a4d81:0+gzip"
last-modified: Sun, 31 Jul 2022 09:32:41 GMT
server: ECAcc (ska/F7B7)
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-cache: HIT
x-xss-protection: 1; mode=block
content-length: 2289
X-Firefox-Spdy: h2
cdn-main.plus500.com/1.0.0.105560/Resources/Images/newhome/svg/plus500-futures.svg
192.229.220.58200 OK 2.6 kB URL HTTP/2 cdn-main.plus500.com/1.0.0.105560/Resources/Images/newhome/svg/plus500-futures.svg
IP 192.229.220.58:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (6922), with no line terminators
Hash 5ceb194254aa2a61f44279c3c458bda6
0cc00cd3f67fbdd92ccd30aef4c3dd59ce6391a8
0cc87419bb3c8f4e85512947ddef6509c3cd5b9699130022b334d7b169c1a112
GET /1.0.0.105560/Resources/Images/newhome/svg/plus500-futures.svg HTTP/1.1
Host: cdn-main.plus500.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.plus500.com/no/?id=112372&pl=2
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
content-encoding: gzip
access-control-allow-origin: *
age: 373298
alt-svc: clear
cache-control: public,max-age=2419200
content-type: image/svg+xml
date: Sat, 01 Oct 2022 05:17:26 GMT
etag: "62e22f7bc0a4d81:0+gzip"
last-modified: Sun, 31 Jul 2022 09:32:41 GMT
server: ECAcc (ska/F777)
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-cache: HIT
x-xss-protection: 1; mode=block
content-length: 2561
X-Firefox-Spdy: h2
cdn-main.plus500.com/1.0.0.105560/Resources/CSS/style-homepage.css
192.229.220.58200 OK 26 kB URL HTTP/2 cdn-main.plus500.com/1.0.0.105560/Resources/CSS/style-homepage.css
IP 192.229.220.58:0
File type Unicode text, UTF-8 text, with very long lines (65526), with no line terminators
Hash 67fdb411a42abdceb27cb696f07a6fc3
9fcc8f4291d9e6e65040efc7e188181372c08997
f2c428716fedfa461c07a6c53b633905c5f9adb989b7d19c48c7de7c63e5fd69
GET /1.0.0.105560/Resources/CSS/style-homepage.css HTTP/1.1
Host: cdn-main.plus500.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.plus500.com/no/?id=112372&pl=2
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
content-encoding: gzip
access-control-allow-origin: *
age: 373166
alt-svc: clear
cache-control: public,max-age=2419200
content-type: text/css
date: Sat, 01 Oct 2022 05:17:26 GMT
etag: "6051c236ced0d81:0+gzip"
last-modified: Sun, 25 Sep 2022 11:01:50 GMT
server: ECAcc (ska/F687)
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-cache: HIT
x-xss-protection: 1; mode=block
content-length: 25880
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 2601db85aa6894ea41f37fc0c1f2594a
afc9de950cf648d720a78467582b26346b8d53bc
3211c5c61098100152ea682c86ec84f3a80229b8d709e5cbe0022caba7dc9e24
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 01 Oct 2022 05:17:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn-main.plus500.com/1.0.0.105560/Resources/Images/newhome/svg/sponsorship-logo-young-boys-back.svg
192.229.220.58200 OK 3.0 kB URL HTTP/2 cdn-main.plus500.com/1.0.0.105560/Resources/Images/newhome/svg/sponsorship-logo-young-boys-back.svg
IP 192.229.220.58:0
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with CRLF line terminators
Hash 7fb63f8c3953709ad5e3f5b6ad43496f
59266c1b54876a07781af63200c70ba3568ff950
56c9a7419c39926548d3c0a1e8e34733b4216077d6c1143e7586eaa70a365662
GET /1.0.0.105560/Resources/Images/newhome/svg/sponsorship-logo-young-boys-back.svg HTTP/1.1
Host: cdn-main.plus500.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.plus500.com/no/?id=112372&pl=2
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
content-encoding: gzip
access-control-allow-origin: *
age: 373210
alt-svc: clear
cache-control: public,max-age=2419200
content-type: image/svg+xml
date: Sat, 01 Oct 2022 05:17:26 GMT
etag: "fbab536ced0d81:0+gzip"
last-modified: Sun, 25 Sep 2022 11:01:50 GMT
server: ECAcc (ska/F791)
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-cache: HIT
x-xss-protection: 1; mode=block
content-length: 3039
X-Firefox-Spdy: h2
cdn-main.plus500.com/1.0.0.105560/Resources/Images/newhome/svg/sponsorship-logo-atalanta-back.svg
192.229.220.58200 OK 2.2 kB URL HTTP/2 cdn-main.plus500.com/1.0.0.105560/Resources/Images/newhome/svg/sponsorship-logo-atalanta-back.svg
IP 192.229.220.58:0
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with CRLF line terminators
Hash 452d3354ca658e49e185b489d4a1149c
ecaada72423054962ef4676c5d025354c973c6c3
d1781719dd7802b8c85512687eb7b4b96f8a9a42461cbf048eccce59be64d95d
GET /1.0.0.105560/Resources/Images/newhome/svg/sponsorship-logo-atalanta-back.svg HTTP/1.1
Host: cdn-main.plus500.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.plus500.com/no/?id=112372&pl=2
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
content-encoding: gzip
access-control-allow-origin: *
age: 373210
alt-svc: clear
cache-control: public,max-age=2419200
content-type: image/svg+xml
date: Sat, 01 Oct 2022 05:17:26 GMT
etag: "82f9b336ced0d81:0+gzip"
last-modified: Sun, 25 Sep 2022 11:01:50 GMT
server: ECAcc (ska/F7BE)
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-cache: HIT
x-xss-protection: 1; mode=block
content-length: 2157
X-Firefox-Spdy: h2
cdn-main.plus500.com/1.0.0.105560/Resources/Images/newhome/svg/sponsorship-logo-legia-back.svg
192.229.220.58200 OK 895 B URL HTTP/2 cdn-main.plus500.com/1.0.0.105560/Resources/Images/newhome/svg/sponsorship-logo-legia-back.svg
IP 192.229.220.58:0
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with CRLF line terminators
Hash db1a984a2f5017026be754dbf29807e6
0cd9cc7ee3c2e1323fe043848cc8b1e421eec6e2
19d9e706e251184a8fe9d4d4f075e944b53bbf0241c5532a60ec3fe468db9c34
GET /1.0.0.105560/Resources/Images/newhome/svg/sponsorship-logo-legia-back.svg HTTP/1.1
Host: cdn-main.plus500.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.plus500.com/no/?id=112372&pl=2
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
content-encoding: gzip
access-control-allow-origin: *
age: 373210
alt-svc: clear
cache-control: public,max-age=2419200
content-type: image/svg+xml
date: Sat, 01 Oct 2022 05:17:26 GMT
etag: "a6bcb436ced0d81:0+gzip"
last-modified: Sun, 25 Sep 2022 11:01:50 GMT
server: ECAcc (ska/F765)
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-cache: HIT
x-xss-protection: 1; mode=block
content-length: 895
X-Firefox-Spdy: h2
cdn-main.plus500.com/1.0.0.105560/Resources/Scripts/general.min.js
192.229.220.58200 OK 1.7 kB URL HTTP/2 cdn-main.plus500.com/1.0.0.105560/Resources/Scripts/general.min.js
IP 192.229.220.58:0
File type HTML document, ASCII text, with very long lines (4131), with no line terminators
Hash d80682bcb80b19f28bcf12f2caf145d7
5a1057c219dfbf61c672ac0f5af3e721ef404459
0acea896fe98010282919a4650622e4844fe4e97e32cdfcc7ebda3f4ce1b464d
GET /1.0.0.105560/Resources/Scripts/general.min.js HTTP/1.1
Host: cdn-main.plus500.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.plus500.com/no/?id=112372&pl=2
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
content-encoding: gzip
access-control-allow-origin: *
age: 373210
alt-svc: clear
cache-control: public,max-age=2419200
content-type: application/javascript
date: Sat, 01 Oct 2022 05:17:26 GMT
etag: "f81fb87bc0a4d81:0+gzip"
last-modified: Sun, 31 Jul 2022 09:32:42 GMT
server: ECAcc (ska/F751)
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-cache: HIT
x-xss-protection: 1; mode=block
content-length: 1672
X-Firefox-Spdy: h2
cdn-main.plus500.com/1.0.0.105560/Resources/Scripts/gsap/gsap.min.js
192.229.220.58200 OK 26 kB URL HTTP/2 cdn-main.plus500.com/1.0.0.105560/Resources/Scripts/gsap/gsap.min.js
IP 192.229.220.58:0
File type ASCII text, with very long lines (64964), with CRLF line terminators
Hash 30d921ca34ea19dcb3a51328b8211c2b
e10800d779757814c6f947529b920f6fd6856931
72f1f179ef1f689a54a2716bb834857447645e88e29e8fbaef4cb350a4c6c8aa
GET /1.0.0.105560/Resources/Scripts/gsap/gsap.min.js HTTP/1.1
Host: cdn-main.plus500.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.plus500.com/no/?id=112372&pl=2
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
content-encoding: gzip
access-control-allow-origin: *
age: 373252
alt-svc: clear
cache-control: public,max-age=2419200
content-type: application/javascript
date: Sat, 01 Oct 2022 05:17:26 GMT
etag: "4882ba7bc0a4d81:0+gzip"
last-modified: Sun, 31 Jul 2022 09:32:42 GMT
server: ECAcc (ska/F6CB)
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-cache: HIT
x-xss-protection: 1; mode=block
content-length: 25700
X-Firefox-Spdy: h2
cdn-main.plus500.com/1.0.0.105560/Resources/Scripts/gsap/SplitText.min.js
192.229.220.58200 OK 5.3 kB URL HTTP/2 cdn-main.plus500.com/1.0.0.105560/Resources/Scripts/gsap/SplitText.min.js
IP 192.229.220.58:0
File type ASCII text, with very long lines (15208), with CRLF line terminators
Hash 4795c6a8caba8e08d1a806321aee45b4
32e407d3135a16c9ed96deb53ccd8d75fd2aafea
27b1e63e38e493f614a393fdf22d0adc851de528ee5d37e9620118098268e3b9
GET /1.0.0.105560/Resources/Scripts/gsap/SplitText.min.js HTTP/1.1
Host: cdn-main.plus500.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.plus500.com/no/?id=112372&pl=2
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
content-encoding: gzip
access-control-allow-origin: *
age: 373210
alt-svc: clear
cache-control: public,max-age=2419200
content-type: application/javascript
date: Sat, 01 Oct 2022 05:17:26 GMT
etag: "4882ba7bc0a4d81:0+gzip"
last-modified: Sun, 31 Jul 2022 09:32:42 GMT
server: ECAcc (ska/F6C6)
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-cache: HIT
x-xss-protection: 1; mode=block
content-length: 5301
X-Firefox-Spdy: h2
cdn-main.plus500.com/1.0.0.105560/Resources/Scripts/gsap/ScrollTrigger.min.js
192.229.220.58200 OK 16 kB URL HTTP/2 cdn-main.plus500.com/1.0.0.105560/Resources/Scripts/gsap/ScrollTrigger.min.js
IP 192.229.220.58:0
File type ASCII text, with very long lines (37769), with CRLF line terminators
Hash 95183eb03c12fb3bd822a89d9bb3e701
10d2f80952d2e73fdc759da2462cc3269a09c504
4db1fc48bc4e4b15b8ed576be7d54d0329fdd02f63626c0f4eb4bf62de2921f9
GET /1.0.0.105560/Resources/Scripts/gsap/ScrollTrigger.min.js HTTP/1.1
Host: cdn-main.plus500.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.plus500.com/no/?id=112372&pl=2
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
content-encoding: gzip
access-control-allow-origin: *
age: 373210
alt-svc: clear
cache-control: public,max-age=2419200
content-type: application/javascript
date: Sat, 01 Oct 2022 05:17:26 GMT
etag: "f81fb87bc0a4d81:0+gzip"
last-modified: Sun, 31 Jul 2022 09:32:42 GMT
server: ECAcc (ska/F6B0)
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-cache: HIT
x-xss-protection: 1; mode=block
content-length: 15867
X-Firefox-Spdy: h2
www.googleoptimize.com/optimize.js?id=OPT-NXX9W9Z
142.250.74.46200 OK 43 kB URL HTTP/2 www.googleoptimize.com/optimize.js?id=OPT-NXX9W9Z
IP 142.250.74.46:0
File type ASCII text, with very long lines (4316)
Hash 5d62a3a3ccc6f4722a8f6e53fe99a9ed
e63c7fada36a8fc410b22c2009394e75799e35a3
e5f1aa891c3359b089a0f6cfbae7133fffb29d3dbb7c14b2de917457aaa38030
GET /optimize.js?id=OPT-NXX9W9Z HTTP/1.1
Host: www.googleoptimize.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.plus500.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 01 Oct 2022 05:17:26 GMT
expires: Sat, 01 Oct 2022 05:17:26 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43428
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 2601db85aa6894ea41f37fc0c1f2594a
afc9de950cf648d720a78467582b26346b8d53bc
3211c5c61098100152ea682c86ec84f3a80229b8d709e5cbe0022caba7dc9e24
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 01 Oct 2022 05:17:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn-main.plus500.com/1.0.0.105560/Resources/Images/newhome/img/hero-banner.webp
192.229.220.58200 OK 59 kB URL HTTP/2 cdn-main.plus500.com/1.0.0.105560/Resources/Images/newhome/img/hero-banner.webp
IP 192.229.220.58:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 29bc7c57e85d4b12c6e0aaf115c46ccb
7dd77a2ed69557b8aa11b39b29653130e838491a
c11c79003e2d10d24762a4c1cd8027a308d30a2c6a997eef7de2d56d25707c6f
GET /1.0.0.105560/Resources/Images/newhome/img/hero-banner.webp HTTP/1.1
Host: cdn-main.plus500.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn-main.plus500.com/1.0.0.105560/Resources/CSS/style-homepage.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
age: 373164
alt-svc: clear
cache-control: public,max-age=2419200
content-type: image/webp
date: Sat, 01 Oct 2022 05:17:26 GMT
etag: "1dd01c7bc0a4d81:0"
last-modified: Sun, 31 Jul 2022 09:32:41 GMT
server: ECAcc (ska/F7A8)
strict-transport-security: max-age=31536000
x-cache: HIT
x-xss-protection: 1; mode=block
content-length: 58612
X-Firefox-Spdy: h2
cdn-main.plus500.com/1.0.0.105560/Resources/Images/newhome/svg/plus-blue.svg
192.229.220.58200 OK 251 B URL HTTP/2 cdn-main.plus500.com/1.0.0.105560/Resources/Images/newhome/svg/plus-blue.svg
IP 192.229.220.58:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (323), with CRLF line terminators
Hash cdc5b4b97c8ba035107a114beb21b4ae
9c00eaeeb192332a3f67b6de504044df09ced7dc
23dbb4ce0b4344f1034e2dc25d95bf375216c6fe7ac018d1f1a77660577e341f
GET /1.0.0.105560/Resources/Images/newhome/svg/plus-blue.svg HTTP/1.1
Host: cdn-main.plus500.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn-main.plus500.com/1.0.0.105560/Resources/CSS/style-homepage.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-encoding: gzip
access-control-allow-origin: *
age: 373165
alt-svc: clear
cache-control: public,max-age=2419200
content-type: image/svg+xml
date: Sat, 01 Oct 2022 05:17:26 GMT
etag: "30802d7bc0a4d81:0+gzip"
last-modified: Sun, 31 Jul 2022 09:32:41 GMT
server: ECAcc (ska/F6EF)
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-cache: HIT
x-xss-protection: 1; mode=block
content-length: 251
X-Firefox-Spdy: h2
rum-static.pingdom.net/pa-587c9d1971a183207f0f58cd.js
104.22.55.104200 OK 3.1 kB URL HTTP/2 rum-static.pingdom.net/pa-587c9d1971a183207f0f58cd.js
IP 104.22.55.104:0
File type ASCII text, with very long lines (6238)
Hash 808d4c090db336148952fcc415da88d8
9204c4be1ca6760ce1c11aabfc9fd7b05afb12a4
ff1ae8ef8229b7fb45466b3774e2fbf0fd879b3e12df445dd72be3b31b8046bb
GET /pa-587c9d1971a183207f0f58cd.js HTTP/1.1
Host: rum-static.pingdom.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.plus500.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 01 Oct 2022 05:17:26 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 11 May 2021 14:01:36 GMT
vary: Accept-Encoding
etag: W/"609a8e40-1852"
expires: Sat, 01 Oct 2022 05:19:49 GMT
cache-control: max-age=86400
access-control-allow-origin: *
content-encoding: gzip
cf-cache-status: HIT
age: 157
server: cloudflare
cf-ray: 7532bb5e6ff3b511-OSL
X-Firefox-Spdy: h2
www.googletagmanager.com/gtm.js?id=GTM-RQS5
142.250.74.72200 OK 65 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-RQS5
IP 142.250.74.72:0
File type ASCII text, with very long lines (13218)
Hash 3c9dc5565975086910dac30d97302276
0d91625299333ee1c4d384771ef88ca3bd8f785d
633e759837109596bad47f7c29831b60f994cfa25f82a4a13c105e63c0dcb0d4
GET /gtm.js?id=GTM-RQS5 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.plus500.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 01 Oct 2022 05:17:26 GMT
expires: Sat, 01 Oct 2022 05:17:26 GMT
cache-control: private, max-age=900
last-modified: Sat, 01 Oct 2022 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 65265
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.bitcoin-kopen.com/bitcoin/
37.97.223.62200 OK 484 B URL HTTP/2 www.bitcoin-kopen.com/bitcoin/
IP 37.97.223.62:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash e401723a1cc26277c28a86c0f3a5c5ee
94385ea769fcba22a148cc1c7a0a708e2f52ace2
c2d7b44f5e0b0f28d506e671c08de46f7e165f9c300eef00d67efd486c3d7bea
POST /bitcoin/ HTTP/1.1
Host: www.bitcoin-kopen.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 99
Origin: https://www.bitcoin-kopen.com
Connection: keep-alive
Referer: https://www.bitcoin-kopen.com/meet-uit.php?wlink=13&wzo=WEkHGw5xSay4vTEC&rdk=rk1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 05:17:25 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.3.33, PleskLin
content-encoding: br
X-Firefox-Spdy: h2
cdn-main.plus500.com/1.0.0.105560/Resources/Images/newhome/svg/plus-blue-gr.svg
192.229.220.58200 OK 394 B URL HTTP/2 cdn-main.plus500.com/1.0.0.105560/Resources/Images/newhome/svg/plus-blue-gr.svg
IP 192.229.220.58:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (345), with CRLF line terminators
Hash cada647f9031a7fefa7c944c88bd0c76
57d41f59eb7f07170edc964ae296a83d83d7d26b
18512939e1b2a1eddcf6e29529b06b682504a6bf927f13f8237f9d0c6864e9bf
GET /1.0.0.105560/Resources/Images/newhome/svg/plus-blue-gr.svg HTTP/1.1
Host: cdn-main.plus500.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn-main.plus500.com/1.0.0.105560/Resources/CSS/style-homepage.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-encoding: gzip
access-control-allow-origin: *
age: 373165
alt-svc: clear
cache-control: public,max-age=2419200
content-type: image/svg+xml
date: Sat, 01 Oct 2022 05:17:26 GMT
etag: "30802d7bc0a4d81:0+gzip"
last-modified: Sun, 31 Jul 2022 09:32:41 GMT
server: ECAcc (ska/F793)
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-cache: HIT
x-xss-protection: 1; mode=block
content-length: 394
X-Firefox-Spdy: h2
cdn-main.plus500.com/1.0.0.105560/Resources/Images/newhome/img/iPhone-transperent.webp
192.229.220.58200 OK 53 kB URL HTTP/2 cdn-main.plus500.com/1.0.0.105560/Resources/Images/newhome/img/iPhone-transperent.webp
IP 192.229.220.58:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash abdbdbe3c958cc5e212c457d18bcf367
c4add487f9079e1dd09b438786114b5c5025ff1c
c1882e49187afa5ea41323cd4925d2b3362d819c893abaa4ea86aed50a2a29cc
GET /1.0.0.105560/Resources/Images/newhome/img/iPhone-transperent.webp HTTP/1.1
Host: cdn-main.plus500.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn-main.plus500.com/1.0.0.105560/Resources/CSS/style-homepage.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
age: 373165
alt-svc: clear
cache-control: public,max-age=2419200
content-type: image/webp
date: Sat, 01 Oct 2022 05:17:26 GMT
etag: "1dd01c7bc0a4d81:0"
last-modified: Sun, 31 Jul 2022 09:32:41 GMT
server: ECAcc (ska/F76F)
strict-transport-security: max-age=31536000
x-cache: HIT
x-xss-protection: 1; mode=block
content-length: 53092
X-Firefox-Spdy: h2
cdn-main.plus500.com/1.0.0.105560/Resources/Images/newhome/svg/plus-blue-turquoise-gr.svg
192.229.220.58200 OK 390 B URL HTTP/2 cdn-main.plus500.com/1.0.0.105560/Resources/Images/newhome/svg/plus-blue-turquoise-gr.svg
IP 192.229.220.58:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (345), with CRLF line terminators
Hash f9c08a3be048fb30d2058aed804e6f00
bc9a48c8836469166335e32223a789c4be9fcdc7
bfda32b4b2ede10052fad25acbf0764fca634a2faa3469799d896ad2f8ef9b0d
GET /1.0.0.105560/Resources/Images/newhome/svg/plus-blue-turquoise-gr.svg HTTP/1.1
Host: cdn-main.plus500.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn-main.plus500.com/1.0.0.105560/Resources/CSS/style-homepage.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-encoding: gzip
access-control-allow-origin: *
age: 373165
alt-svc: clear
cache-control: public,max-age=2419200
content-type: image/svg+xml
date: Sat, 01 Oct 2022 05:17:26 GMT
etag: "30802d7bc0a4d81:0+gzip"
last-modified: Sun, 31 Jul 2022 09:32:41 GMT
server: ECAcc (ska/F68A)
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-cache: HIT
x-xss-protection: 1; mode=block
content-length: 390
X-Firefox-Spdy: h2
cdn-main.plus500.com/1.0.0.105560/Resources/Images/newhome/svg/border-gradient-top-right.svg
192.229.220.58200 OK 302 B URL HTTP/2 cdn-main.plus500.com/1.0.0.105560/Resources/Images/newhome/svg/border-gradient-top-right.svg
IP 192.229.220.58:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with CRLF line terminators
Hash 94b88d95286d229f846322eb8bab302f
2f767eb5f53abb44c83aa148af09b023f04da4f2
9170dd1c49c0c23669535a925b1a3dde241e6198450eef6c60f21af9f0fc911a
GET /1.0.0.105560/Resources/Images/newhome/svg/border-gradient-top-right.svg HTTP/1.1
Host: cdn-main.plus500.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn-main.plus500.com/1.0.0.105560/Resources/CSS/style-homepage.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-encoding: gzip
access-control-allow-origin: *
age: 373164
alt-svc: clear
cache-control: public,max-age=2419200
content-type: image/svg+xml
date: Sat, 01 Oct 2022 05:17:26 GMT
etag: "c4f6237bc0a4d81:0+gzip"
last-modified: Sun, 31 Jul 2022 09:32:41 GMT
server: ECAcc (ska/F797)
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-cache: HIT
x-xss-protection: 1; mode=block
content-length: 302
X-Firefox-Spdy: h2
cdn-main.plus500.com/1.0.0.105560/Resources/Images/newhome/svg/plus-white.svg
192.229.220.58200 OK 225 B URL HTTP/2 cdn-main.plus500.com/1.0.0.105560/Resources/Images/newhome/svg/plus-white.svg
IP 192.229.220.58:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with CRLF line terminators
Hash 38d7982a3216048799a8236d895422f9
2e9fdf4ef10f2ff41c956fc27c6752778b273251
389e0a02bef763311044872d7efd2c33ebec86f0b447dda3a6b3d818380403ef
GET /1.0.0.105560/Resources/Images/newhome/svg/plus-white.svg HTTP/1.1
Host: cdn-main.plus500.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn-main.plus500.com/1.0.0.105560/Resources/CSS/style-homepage.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-encoding: gzip
access-control-allow-origin: *
age: 373165
alt-svc: clear
cache-control: public,max-age=2419200
content-type: image/svg+xml
date: Sat, 01 Oct 2022 05:17:26 GMT
etag: "30802d7bc0a4d81:0+gzip"
last-modified: Sun, 31 Jul 2022 09:32:41 GMT
server: ECAcc (ska/F7B6)
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-cache: HIT
x-xss-protection: 1; mode=block
content-length: 225
X-Firefox-Spdy: h2
cdn-main.plus500.com/1.0.0.105560/Resources/Images/newhome/svg/plus-turquoise-white-gr.svg
192.229.220.58200 OK 390 B URL HTTP/2 cdn-main.plus500.com/1.0.0.105560/Resources/Images/newhome/svg/plus-turquoise-white-gr.svg
IP 192.229.220.58:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (345), with CRLF line terminators
Hash f3d6b6e6601ad9f222e5e03ab602961c
37cee6b48f3144202a8678990f12eb960bd294be
a0b4c1c6a58dae23774d2e2d688b564d70350460c85bf6e636ca6c0e79a19673
GET /1.0.0.105560/Resources/Images/newhome/svg/plus-turquoise-white-gr.svg HTTP/1.1
Host: cdn-main.plus500.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn-main.plus500.com/1.0.0.105560/Resources/CSS/style-homepage.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-encoding: gzip
access-control-allow-origin: *
age: 373164
alt-svc: clear
cache-control: public,max-age=2419200
content-type: image/svg+xml
date: Sat, 01 Oct 2022 05:17:26 GMT
etag: "30802d7bc0a4d81:0+gzip"
last-modified: Sun, 31 Jul 2022 09:32:41 GMT
server: ECAcc (ska/F79E)
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-cache: HIT
x-xss-protection: 1; mode=block
content-length: 390
X-Firefox-Spdy: h2
cdn-main.plus500.com/1.0.0.105560/Resources/Scripts/user-cookies-manager.js
192.229.220.58200 OK 782 B URL HTTP/2 cdn-main.plus500.com/1.0.0.105560/Resources/Scripts/user-cookies-manager.js
IP 192.229.220.58:0
File type Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 1aee9e674122758c6f3f6190f82eeb22
b4b11dbd6b91f217b3179d8fb8d1f50c66898930
5b1ade0e2994e55e31347cf9ed228fcc61ceee82228892f0fd980025f2633655
GET /1.0.0.105560/Resources/Scripts/user-cookies-manager.js HTTP/1.1
Host: cdn-main.plus500.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.plus500.com/no/?id=112372&pl=2
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
content-encoding: gzip
access-control-allow-origin: *
age: 373181
alt-svc: clear
cache-control: public,max-age=2419200
content-type: application/javascript
date: Sat, 01 Oct 2022 05:17:26 GMT
etag: "c7d7e0f21fccd81:0+gzip"
last-modified: Mon, 19 Sep 2022 12:04:19 GMT
server: ECAcc (ska/F6E3)
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-cache: HIT
x-xss-protection: 1; mode=block
content-length: 782
X-Firefox-Spdy: h2
cdn-main.plus500.com/1.0.0.105560/Resources/Scripts/lazysizes.min.js
192.229.220.58200 OK 4.3 kB URL HTTP/2 cdn-main.plus500.com/1.0.0.105560/Resources/Scripts/lazysizes.min.js
IP 192.229.220.58:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (9619), with CRLF line terminators
Hash a33fedd34b77542b5dbc1e9091d46b92
26547af3576eea1380f6bd3e3f15d1a1ae3fd203
cbb6dfdc8cf95c66a139cdaa0d17f5a688e1fc6f14bad76ee6c311b1a9c0f268
GET /1.0.0.105560/Resources/Scripts/lazysizes.min.js HTTP/1.1
Host: cdn-main.plus500.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.plus500.com/no/?id=112372&pl=2
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
content-encoding: gzip
access-control-allow-origin: *
age: 373181
alt-svc: clear
cache-control: public,max-age=2419200
content-type: application/javascript
date: Sat, 01 Oct 2022 05:17:26 GMT
etag: "3547bf7bc0a4d81:0+gzip"
last-modified: Sun, 31 Jul 2022 09:32:42 GMT
server: ECAcc (ska/F6A0)
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-cache: HIT
x-xss-protection: 1; mode=block
content-length: 4321
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
108.138.212.162200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 108.138.212.162:0
Hash 4551209687c5138ec3c9ebb5af7f0bc2
5034bbe9c4d53f8e7d2d8380b8c31aae0eb13fd6
e661612215f2b9ddb6c1f98dfe110c8683068ea835c534c82709ac8e380feb48
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sat, 01 Oct 2022 05:17:26 GMT
Last-Modified: Sat, 01 Oct 2022 03:47:51 GMT
Server: ECS (nyb/1D19)
X-Cache: Miss from cloudfront
Via: 1.1 942cb3fbe68b5c10602773b4d1b1c0e8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR61-P3
X-Amz-Cf-Id: voF7VuhkLDlyyjpLNLURWugBsP9V6WhrbkIKyowtYaDtq5CkauWoYA==
Age: 5375
www.plus500.com/no/favicon.ico
152.195.53.227200 OK 6.9 kB URL HTTP/2 www.plus500.com/no/favicon.ico
IP 152.195.53.227:0
File type MS Windows icon resource - 3 icons, 16x16, 24 bits/pixel, 32x32, 8 bits/pixel\012- data
Hash 1eddb0a861659881b9bbc6b71154c7ef
1d7bce75f924f9b8fbe0965a3c7dc44e68b11da1
bed3916563b7d44004d1675965575c3c9fb71193c2b7fb025ef4299e7bced535
GET /no/favicon.ico HTTP/1.1
Host: www.plus500.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.plus500.com/no/?id=112372&pl=2
Connection: keep-alive
Cookie: referralUrl=https%3a%2f%2fwww.bitcoin-kopen.com%2f; referralId=112372; referralPlan=2; innerTags=; webvisitid=a178c70f-b2ed-42db-9cbe-dad15217a398; referralTimeStamp=2022-10-01T05:17:25.9426582+00:00; VisitLogged=True; ASP.NET_SessionId=4oylqifg1ka34gwx3w1man5i; InAppView=False; theme_type=Light; Exps=Q29va2llc1BvcHVwRXhwZXJpbWVudCwy; IP=!EtqPvABbgZ0heHNay247HpdMxMsAH1Y8zAnagfcTWSFlNvGzz6o9a3v4ccReSkTXc8SBoQj0KC4+xu8XfOxlxc/N6W3Kasxb9CNeNQrrmx3nnurgQBcWHu7Bk06KdUINA8szBt7FEtWe5nbTi3YCg+hz4sdRvfg=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
alt-svc: clear
cache-control: max-age=2592000
content-type: image/x-icon
date: Sat, 01 Oct 2022 05:17:26 GMT
etag: "3f6d97cc0a4d81:0"
last-modified: Sun, 31 Jul 2022 09:32:44 GMT
server: Microsoft-IIS/10.0
strict-transport-security: max-age=31536000
content-length: 6894
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash cae538dcce82598fbe43c0bf443e62dd
cc68ac6be9c5e0087a0000e5735b83270ace30f5
954b9e9d9744e1319c51760780a35de2dec353afffac705c2cca6d836a5e056d
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.plus500.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 19826
date: Sat, 01 Oct 2022 04:41:09 GMT
expires: Sat, 01 Oct 2022 06:41:09 GMT
cache-control: public, max-age=7200
age: 2177
last-modified: Sun, 11 Sep 2022 13:50:09 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 1384e669a9e259cccf32489be673e7c4
7f982ae66621ff7e5855f2b025e3ae034706ec33
eb462a28dbd7e93cd13a170acfcbf35babb3b7ef7e7d1ddeb30d377630ea30f8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 01 Oct 2022 05:17:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 9258de3968ca063250558ee06c75757b
56415f416ce29130b0a0b6fc919e2cdc0fd4d693
2474d99b3d10370e1efad3804a6f32452287e6b8e24d8254c69e8619a62624d0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 01 Oct 2022 05:17:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
play.google.com/intl/en_us/badges/images/generic/no_badge_web_generic.png
216.58.207.206302 Found 284 B URL HTTP/2 play.google.com/intl/en_us/badges/images/generic/no_badge_web_generic.png
IP 216.58.207.206:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash ccfe8887ceed5f907bbf1391cd9781d3
fbed21ce7be7db2eb70ce0c244cf6921b62245de
18a0059bc7a6ae0f215282511c98277c588c4f7039fd38ddd5c2372c6244985b
GET /intl/en_us/badges/images/generic/no_badge_web_generic.png HTTP/1.1
Host: play.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.plus500.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
location: https://play.google.com/intl/en_us/badges/static/images/badges/no_badge_web_generic.png
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 01 Oct 2022 05:17:26 GMT
server: sffe
content-length: 284
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 1384e669a9e259cccf32489be673e7c4
7f982ae66621ff7e5855f2b025e3ae034706ec33
eb462a28dbd7e93cd13a170acfcbf35babb3b7ef7e7d1ddeb30d377630ea30f8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 01 Oct 2022 05:17:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 9258de3968ca063250558ee06c75757b
56415f416ce29130b0a0b6fc919e2cdc0fd4d693
2474d99b3d10370e1efad3804a6f32452287e6b8e24d8254c69e8619a62624d0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 01 Oct 2022 05:17:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 51e8be01fe1e4cf7fbec97f2268fe684
25edd63df37f972dbdd8d149b26c4be60179d32b
d364b01cf59a8eafc6ed2e79eab3c22b7daa341240a5dcbd272b8b48d530aeee
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 01 Oct 2022 05:17:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 51e8be01fe1e4cf7fbec97f2268fe684
25edd63df37f972dbdd8d149b26c4be60179d32b
d364b01cf59a8eafc6ed2e79eab3c22b7daa341240a5dcbd272b8b48d530aeee
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 01 Oct 2022 05:17:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
142.250.74.163200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.plus500.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 28 Sep 2022 19:34:08 GMT
expires: Thu, 28 Sep 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 207799
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 51e8be01fe1e4cf7fbec97f2268fe684
25edd63df37f972dbdd8d149b26c4be60179d32b
d364b01cf59a8eafc6ed2e79eab3c22b7daa341240a5dcbd272b8b48d530aeee
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 01 Oct 2022 05:17:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 51e8be01fe1e4cf7fbec97f2268fe684
25edd63df37f972dbdd8d149b26c4be60179d32b
d364b01cf59a8eafc6ed2e79eab3c22b7daa341240a5dcbd272b8b48d530aeee
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 01 Oct 2022 05:17:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
142.250.74.163200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 15740, version 1.0\012- data
Hash b9c29351c46f3e8c8631c4002457f48a
e57e59c5780995ff2937ab2b511a769212974a87
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
GET /s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.plus500.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15740
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 28 Sep 2022 19:34:21 GMT
expires: Thu, 28 Sep 2023 19:34:21 GMT
cache-control: public, max-age=31536000
age: 207786
last-modified: Wed, 11 May 2022 19:24:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
142.250.74.163200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.plus500.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 28 Sep 2022 19:34:08 GMT
expires: Thu, 28 Sep 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 207799
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
142.250.74.163200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Hash 3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.plus500.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 01 Oct 2022 04:15:02 GMT
expires: Sun, 01 Oct 2023 04:15:02 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
age: 3745
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 51e8be01fe1e4cf7fbec97f2268fe684
25edd63df37f972dbdd8d149b26c4be60179d32b
d364b01cf59a8eafc6ed2e79eab3c22b7daa341240a5dcbd272b8b48d530aeee
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 01 Oct 2022 05:17:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
s.yimg.com/wi/config/10042775.json
188.125.94.204200 OK 2 B URL HTTP/2 s.yimg.com/wi/config/10042775.json
IP 188.125.94.204:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
GET /wi/config/10042775.json HTTP/1.1
Host: s.yimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.plus500.com
Connection: keep-alive
Referer: https://www.plus500.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-allow-methods: GET
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: H2R5J9KYX7XV6TDE
x-amz-id-2: 9ItXj+3hJb5OpJb/lGn/OaTq7HOh1JrB5uh5p/72pKUZf9KysnYnQVOvSSNWZLoDjN7sytdEOd0=
content-type: application/json
date: Sat, 01 Oct 2022 04:47:33 GMT
server: ATS
referrer-policy: no-referrer-when-downgrade
cache-control: public,max-age=3600
content-length: 2
age: 1795
strict-transport-security: max-age=15552000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
108.138.212.162200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 108.138.212.162:0
Hash d69bcbbfd0d99ada42f4bd2899d1e388
b27f58d764abc3b45e1b85dc1470e357bc6c95bb
9d10935d7a08ce1ad7b0ad0c0b0be11aa53756e68b55a68423b023f205c953cc
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sat, 01 Oct 2022 05:17:27 GMT
Last-Modified: Sat, 01 Oct 2022 04:00:03 GMT
Server: ECS (nyb/1D18)
X-Cache: Miss from cloudfront
Via: 1.1 942cb3fbe68b5c10602773b4d1b1c0e8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR61-P3
X-Amz-Cf-Id: lmsCrg-DOUMweCccs6ZMuOyrbkE4Fx0W3Ywi1a_Fy19BcIDINRzQJg==
Age: 4644
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 7e9ce4f67540be7dc1efdf5cec1ea9d7
a34d70d3a259c0042b32053db9b84340fda551f3
30986769ce7f866e0f8e9c4733512ad9b83acb983663b0d9ef49bd0871e9cfb3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 01 Oct 2022 05:17:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j97&tid=UA-7008980-19&cid=1496090552.1664601443&jid=1658876818&gjid=1997398137&_gid=170601186.1664601443&_u=YGBACEAABAAAAC~&z=1788254320
64.233.165.157200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j97&tid=UA-7008980-19&cid=1496090552.1664601443&jid=1658876818&gjid=1997398137&_gid=170601186.1664601443&_u=YGBACEAABAAAAC~&z=1788254320
IP 64.233.165.157:0
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j97&tid=UA-7008980-19&cid=1496090552.1664601443&jid=1658876818&gjid=1997398137&_gid=170601186.1664601443&_u=YGBACEAABAAAAC~&z=1788254320 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://www.plus500.com
Connection: keep-alive
Referer: https://www.plus500.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://www.plus500.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sat, 01 Oct 2022 05:17:27 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 7e9ce4f67540be7dc1efdf5cec1ea9d7
a34d70d3a259c0042b32053db9b84340fda551f3
30986769ce7f866e0f8e9c4733512ad9b83acb983663b0d9ef49bd0871e9cfb3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 01 Oct 2022 05:17:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.googleapis.com/css2?family=Roboto:ital,wght@0,300;0,400;0,500;0,700;1,300;1,400;1,500&display=swap
142.250.74.10200 OK 12 kB URL HTTP/2 fonts.googleapis.com/css2?family=Roboto:ital,wght@0,300;0,400;0,500;0,700;1,300;1,400;1,500&display=swap
IP 142.250.74.10:0
Hash 17d99ee8e83a0fc24539031c9fb0f228
31eedbaf1759ba714c78cbf120027d63ae76e131
74ea1a11a0056d81a14f1b45fc5dfbb4cc0a12bedcae1da5a2fa047f979663fd
GET /css2?family=Roboto:ital,wght@0,300;0,400;0,500;0,700;1,300;1,400;1,500&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.plus500.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 01 Oct 2022 05:17:26 GMT
date: Sat, 01 Oct 2022 05:17:26 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 13447c24eb9845d6e3463ef34828eb7c
658985ed382874269a9011a9216371e3b0b31448
3c31e91637b1337b450f85d0bb296d0554498b00df38a983151ae8d63c03b66b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 01 Oct 2022 05:17:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 102339c27bf38fcad96c5e3770390f7e
5659e8cdb740d70125a002f4808b26742133df7b
50702b9a98cf450498c52ad4887ed4e3f8a994f6bd25b6ff17c27d5af63b5e65
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 01 Oct 2022 05:17:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-7008980-19&cid=1496090552.1664601443&jid=1658876818&_u=YGBACEAABAAAAC~&z=789767636
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-7008980-19&cid=1496090552.1664601443&jid=1658876818&_u=YGBACEAABAAAAC~&z=789767636
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-7008980-19&cid=1496090552.1664601443&jid=1658876818&_u=YGBACEAABAAAAC~&z=789767636 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.plus500.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 01 Oct 2022 05:17:27 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-7008980-19&cid=1496090552.1664601443&jid=1658876818&_u=YGBACEAABAAAAC~&z=789767636
142.250.74.164200 OK 42 B URL HTTP/2 www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-7008980-19&cid=1496090552.1664601443&jid=1658876818&_u=YGBACEAABAAAAC~&z=789767636
IP 142.250.74.164:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-7008980-19&cid=1496090552.1664601443&jid=1658876818&_u=YGBACEAABAAAAC~&z=789767636 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.plus500.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 01 Oct 2022 05:17:27 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 13447c24eb9845d6e3463ef34828eb7c
658985ed382874269a9011a9216371e3b0b31448
3c31e91637b1337b450f85d0bb296d0554498b00df38a983151ae8d63c03b66b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 01 Oct 2022 05:17:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
sp.analytics.yahoo.com/sp.pl?a=10000&d=Sat%2C%2001%20Oct%202022%2005%3A17%3A23%20GMT&n=0&b=Online%20CFD-handel%20%7C%20Handle%20markedene%20%7C%20Plus500&.yp=10042775&f=https%3A%2F%2Fwww.plus500.com%2Fno%2F%3Fid%3D112372%26pl%3D2&e=https%3A%2F%2Fwww.bitcoin-kopen.com%2F&enc=UTF-8&yv=1.13.0&tagmgr=gtm
212.82.100.181200 OK 43 B URL HTTP/2 sp.analytics.yahoo.com/sp.pl?a=10000&d=Sat%2C%2001%20Oct%202022%2005%3A17%3A23%20GMT&n=0&b=Online%20CFD-handel%20%7C%20Handle%20markedene%20%7C%20Plus500&.yp=10042775&f=https%3A%2F%2Fwww.plus500.com%2Fno%2F%3Fid%3D112372%26pl%3D2&e=https%3A%2F%2Fwww.bitcoin-kopen.com%2F&enc=UTF-8&yv=1.13.0&tagmgr=gtm
IP 212.82.100.181:0
ASN #34010 Yahoo! UK Services Limited
File type GIF image data, version 89a, 1 x 1\012- data
Hash bff56ce49dd485d195fdfa0a02342568
74fb4071deab7d3ab083562067b735df32c43397
0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39
GET /sp.pl?a=10000&d=Sat%2C%2001%20Oct%202022%2005%3A17%3A23%20GMT&n=0&b=Online%20CFD-handel%20%7C%20Handle%20markedene%20%7C%20Plus500&.yp=10042775&f=https%3A%2F%2Fwww.plus500.com%2Fno%2F%3Fid%3D112372%26pl%3D2&e=https%3A%2F%2Fwww.bitcoin-kopen.com%2F&enc=UTF-8&yv=1.13.0&tagmgr=gtm HTTP/1.1
Host: sp.analytics.yahoo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.plus500.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 01 Oct 2022 05:17:27 GMT
expires: Sat, 01 Oct 2022 05:17:27 GMT
pragma: no-cache
cache-control: no-cache, private, must-revalidate
content-type: image/gif
accept-ranges: bytes
content-length: 43
server: ATS
age: 0
strict-transport-security: max-age=31536000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
set-cookie: A3=d=AQABBGfNN2MCEKK6zZbRYxsIod4sojMsjvAFEgEBAQEeOWNBYwAAAAAA_eMAAA&S=AQAAAlADAFOtjVKrkTP7VjHMAeU; Expires=Sun, 1 Oct 2023 11:17:27 GMT; Max-Age=31557600; Domain=.yahoo.com; Path=/; SameSite=None; Secure; HttpOnly
X-Firefox-Spdy: h2
cdn-main.plus500.com/1.0.0.105560/Resources/Scripts/foundation.min.js
192.229.220.58200 OK 39 kB URL HTTP/2 cdn-main.plus500.com/1.0.0.105560/Resources/Scripts/foundation.min.js
IP 192.229.220.58:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash dd7051f6e5b2d4c490a37314124e5914
08efeda174c5b76625a79f42719bb23d6c381bca
0f6f54f25d75f78b619c1b306fde88f494d9a40c46c0055f913e72d5044edc47
GET /1.0.0.105560/Resources/Scripts/foundation.min.js HTTP/1.1
Host: cdn-main.plus500.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.plus500.com/no/?id=112372&pl=2
Connection: keep-alive
Cookie: _ga=GA1.2.1496090552.1664601443; _gid=GA1.2.170601186.1664601443; _gat_UA-7008980-19=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
content-encoding: gzip
access-control-allow-origin: *
age: 373181
alt-svc: clear
cache-control: public,max-age=2419200
content-type: application/javascript
date: Sat, 01 Oct 2022 05:17:27 GMT
etag: "b8bdb57bc0a4d81:0+gzip"
last-modified: Sun, 31 Jul 2022 09:32:42 GMT
server: ECAcc (ska/F794)
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-cache: HIT
x-xss-protection: 1; mode=block
content-length: 38642
X-Firefox-Spdy: h2
cdn-main.plus500.com/1.0.0.105560/Resources/Scripts/slick.min.js
192.229.220.58200 OK 10 kB URL HTTP/2 cdn-main.plus500.com/1.0.0.105560/Resources/Scripts/slick.min.js
IP 192.229.220.58:0
File type ASCII text, with very long lines (42862), with CRLF line terminators
Hash b694659d83b3c389a344834d8a4f29f9
bbb698f189ffed76fb004153797fa6fdff75cd65
c476653cbcb206ed704d2d68134f0d78288495d1c1a966cb0f47ed44cd80e32b
GET /1.0.0.105560/Resources/Scripts/slick.min.js HTTP/1.1
Host: cdn-main.plus500.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.plus500.com/no/?id=112372&pl=2
Connection: keep-alive
Cookie: _ga=GA1.2.1496090552.1664601443; _gid=GA1.2.170601186.1664601443; _gat_UA-7008980-19=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
content-encoding: gzip
access-control-allow-origin: *
age: 373172
alt-svc: clear
cache-control: public,max-age=2419200
content-type: application/javascript
date: Sat, 01 Oct 2022 05:17:27 GMT
etag: "ac6ec67bc0a4d81:0+gzip"
last-modified: Sun, 31 Jul 2022 09:32:42 GMT
server: ECAcc (ska/F6B8)
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-cache: HIT
x-xss-protection: 1; mode=block
content-length: 10438
X-Firefox-Spdy: h2
cdn-main.plus500.com/1.0.0.105560/Resources/Images/newhome/svg/modal-bg-frame-left.svg
192.229.220.58200 OK 502 B URL HTTP/2 cdn-main.plus500.com/1.0.0.105560/Resources/Images/newhome/svg/modal-bg-frame-left.svg
IP 192.229.220.58:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with CRLF line terminators
Hash 96983f0f8d26c0e074f16b99327e9010
c3c28ed6f01b6f368bef8d27997270c8471ff15f
83f83e430a8dd265725d352147b7043f795f867ee88c5ecc729a25e60ca332a1
GET /1.0.0.105560/Resources/Images/newhome/svg/modal-bg-frame-left.svg HTTP/1.1
Host: cdn-main.plus500.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn-main.plus500.com/1.0.0.105560/Resources/CSS/style-homepage.css
Cookie: _ga=GA1.2.1496090552.1664601443; _gid=GA1.2.170601186.1664601443; _gat_UA-7008980-19=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-encoding: gzip
access-control-allow-origin: *
age: 373072
alt-svc: clear
cache-control: public,max-age=2419200
content-type: image/svg+xml
date: Sat, 01 Oct 2022 05:17:27 GMT
etag: "ed8aac8b25c8d81:0+gzip"
last-modified: Wed, 14 Sep 2022 10:34:19 GMT
server: ECAcc (ska/F75A)
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-cache: HIT
x-xss-protection: 1; mode=block
content-length: 502
X-Firefox-Spdy: h2
cdn-main.plus500.com/1.0.0.105560/Resources/Images/newhome/svg/icon-close.svg
192.229.220.58200 OK 200 B URL HTTP/2 cdn-main.plus500.com/1.0.0.105560/Resources/Images/newhome/svg/icon-close.svg
IP 192.229.220.58:0
File type Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 1288ceed08d083b4be3b35bf150697a9
20e0006b99f83bd70ae23d555f25d72e6d3a01a5
77477ac164a4594ce628da5f5d6cda30c346421345862b7fc34637bc9bef482e
GET /1.0.0.105560/Resources/Images/newhome/svg/icon-close.svg HTTP/1.1
Host: cdn-main.plus500.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn-main.plus500.com/1.0.0.105560/Resources/CSS/style-homepage.css
Cookie: _ga=GA1.2.1496090552.1664601443; _gid=GA1.2.170601186.1664601443; _gat_UA-7008980-19=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-encoding: gzip
access-control-allow-origin: *
age: 373072
alt-svc: clear
cache-control: public,max-age=2419200
content-type: image/svg+xml
date: Sat, 01 Oct 2022 05:17:27 GMT
etag: "9f63ac8b25c8d81:0+gzip"
last-modified: Wed, 14 Sep 2022 10:34:19 GMT
server: ECAcc (ska/F6E5)
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-cache: HIT
x-xss-protection: 1; mode=block
content-length: 200
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
108.138.212.162200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 108.138.212.162:0
Hash 259ba71866e2a3905b5f446ec112cb55
bd67e2a5f54c028285e55f15af2b76474cea10f1
fe4ef22c771c9c5a40dd3c775e1dc2bd7292657fc29fff5adf1b691e42763ef6
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sat, 01 Oct 2022 05:17:27 GMT
Last-Modified: Sat, 01 Oct 2022 03:44:23 GMT
Server: ECS (nyb/1D10)
X-Cache: Miss from cloudfront
Via: 1.1 942cb3fbe68b5c10602773b4d1b1c0e8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR61-P3
X-Amz-Cf-Id: jl89c3kLsfwGR2Okd1OBjZ1z7xmq0SgB66XWRLzMnH5tbvkjuxgyoA==
Age: 5584
rum-collector-2.pingdom.net/img/beacon.gif?id=587c9d1971a183207f0f58cd&sAW=1280&sAH=1002&bIW=1280&bIH=939&pD=24&dPR=1&or=landscape-primary&nT=0&rC=0&nS=0&cS=89&cE=133&dLE=89&dLS=44&fS=43&hS=102&rE=-1&rS=-1&reS=133&resS=223&resE=250&uEE=-1&uES=-1&dL=232&dI=733&dCLES=759&dCLEE=763&dC=1765&lES=1765&lEE=1851&s=nt&title=Online%20CFD-handel%20%7C%20Handle%20markedene%20%7C%20Plus500&path=https%3A%2F%2Fwww.plus500.com%2Fno%2F&ref=https%3A%2F%2Fwww.bitcoin-kopen.com%2F&sId=3wnzmvp6&sST=1664601444&sIS=1&rV=0&v=1.4.1
52.212.114.37200 OK 0 B URL HTTP/1.1 rum-collector-2.pingdom.net/img/beacon.gif?id=587c9d1971a183207f0f58cd&sAW=1280&sAH=1002&bIW=1280&bIH=939&pD=24&dPR=1&or=landscape-primary&nT=0&rC=0&nS=0&cS=89&cE=133&dLE=89&dLS=44&fS=43&hS=102&rE=-1&rS=-1&reS=133&resS=223&resE=250&uEE=-1&uES=-1&dL=232&dI=733&dCLES=759&dCLEE=763&dC=1765&lES=1765&lEE=1851&s=nt&title=Online%20CFD-handel%20%7C%20Handle%20markedene%20%7C%20Plus500&path=https%3A%2F%2Fwww.plus500.com%2Fno%2F&ref=https%3A%2F%2Fwww.bitcoin-kopen.com%2F&sId=3wnzmvp6&sST=1664601444&sIS=1&rV=0&v=1.4.1
IP 52.212.114.37:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /img/beacon.gif?id=587c9d1971a183207f0f58cd&sAW=1280&sAH=1002&bIW=1280&bIH=939&pD=24&dPR=1&or=landscape-primary&nT=0&rC=0&nS=0&cS=89&cE=133&dLE=89&dLS=44&fS=43&hS=102&rE=-1&rS=-1&reS=133&resS=223&resE=250&uEE=-1&uES=-1&dL=232&dI=733&dCLES=759&dCLEE=763&dC=1765&lES=1765&lEE=1851&s=nt&title=Online%20CFD-handel%20%7C%20Handle%20markedene%20%7C%20Plus500&path=https%3A%2F%2Fwww.plus500.com%2Fno%2F&ref=https%3A%2F%2Fwww.bitcoin-kopen.com%2F&sId=3wnzmvp6&sST=1664601444&sIS=1&rV=0&v=1.4.1 HTTP/1.1
Host: rum-collector-2.pingdom.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.plus500.com
Connection: keep-alive
Referer: https://www.plus500.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
Date: Sat, 01 Oct 2022 05:17:27 GMT
Expires: 0
Pragma: no-cache
Content-Length: 0
Connection: keep-alive
www.bitcoin-kopen.com/meet-uit.php?wlink=13&wzo=WEkHGw5xSay4vTEC&rdk=rk1
37.97.223.62200 OK 0 B URL HTTP/2 www.bitcoin-kopen.com/meet-uit.php?wlink=13&wzo=WEkHGw5xSay4vTEC&rdk=rk1
IP 37.97.223.62:0
GET /meet-uit.php?wlink=13&wzo=WEkHGw5xSay4vTEC&rdk=rk1 HTTP/1.1
Host: www.bitcoin-kopen.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 05:17:25 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.3.33, PleskLin
content-encoding: br
X-Firefox-Spdy: h2
s.yimg.com/wi/ytc.js
188.125.94.204200 OK 0 B IP 188.125.94.204:0
GET /wi/ytc.js HTTP/1.1
Host: s.yimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.plus500.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: pMmpomZQ+D//F9UI8vhQFnMHtjApAIrU0v6Yj0phrezkd9esLKnzrdUQgo5bCv9fNQrZE/RVf4E=
x-amz-request-id: PHN8YQ3J3FHE4GKP
date: Sat, 01 Oct 2022 05:08:36 GMT
last-modified: Tue, 14 Jun 2022 12:21:31 GMT
x-amz-expiration: expiry-date="Thu, 20 Jul 2023 00:00:00 GMT", rule-id="oath-standard-lifecycle"
etag: "6a624022b5d271dcefb070b0b6670abc-df"
x-amz-server-side-encryption: AES256
cache-control: public,max-age=3600
x-amz-version-id: .QD3nDfK79S8_ikLSJXTL23Tdis9tg0C
accept-ranges: bytes
content-type: application/javascript
server: ATS
referrer-policy: no-referrer-when-downgrade
vary: Origin, Accept-Encoding
age: 531
content-encoding: gzip
strict-transport-security: max-age=15552000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
tools.applemediaservices.com/api/badges/download-on-the-app-store/black/no-no
52.70.106.131301 Moved Permanently 0 B URL HTTP/2 tools.applemediaservices.com/api/badges/download-on-the-app-store/black/no-no
IP 52.70.106.131:0
GET /api/badges/download-on-the-app-store/black/no-no HTTP/1.1
Host: tools.applemediaservices.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.plus500.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Sat, 01 Oct 2022 05:17:26 GMT
content-type: text/html; charset=utf-8
location: https://apple-resources.s3.amazonaws.com/media-badges/download-on-the-app-store/black/no-no.svg
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
cache-control: no-cache
x-request-id: d4e48113-0d5a-4708-af56-7a882bf35c1f
x-runtime: 0.002606
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
go.bvmcdn.org/request/69629e3a-a67b-4c24-b391-87063939b213
104.21.49.22302 Found 0 B URL HTTP/2 go.bvmcdn.org/request/69629e3a-a67b-4c24-b391-87063939b213
IP 104.21.49.22:0
GET /request/69629e3a-a67b-4c24-b391-87063939b213 HTTP/1.1
Host: go.bvmcdn.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers
HTTP/2 302 Found
date: Sat, 01 Oct 2022 05:17:23 GMT
content-type: text/html; charset=utf-8
location: https://gtoonfd.com/link?z=4574935&var=b2ab689a-b0a0-4fbd-9ad4-e600fcb634cb&ymid=ccrsqotip8jpgpblaht0
set-cookie: vrt-69629e3a-a67b-4c24-b391-87063939b213=1; Path=/; Max-Age=86400; HttpOnly
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TvVIE6Qx%2FZN5aVcbL1uNPhiz7%2F3tYcO%2BHVq%2BiuH0c29ktU7KGZeg04vruSSMHZBoqEYtIivHwDoZ%2FkVrEdXIQI3g1xCubLMO1k6QE9z7DU%2F0waVHzgI97YyVx2YRIHxp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7532bb4bdaa8b4e8-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
toapodazoay.com/?l=qCqekRDLtEBTXwP&s=599944536537698708&z=4574936&g=NO&svar=1664601443&ba=0&dm=0&ep=0&vi=0&vo=0&i18db=0&tr=default&svar=1664601443&ssk=a0e39b5feafbdc086c0b2f79864d7dd3&svarok=1&b=79056&oaid=055f7092d48d481f904916f31708cdc3&rdk=rk1&mprtr=1
139.45.197.155200 OK 0 B URL HTTP/2 toapodazoay.com/?l=qCqekRDLtEBTXwP&s=599944536537698708&z=4574936&g=NO&svar=1664601443&ba=0&dm=0&ep=0&vi=0&vo=0&i18db=0&tr=default&svar=1664601443&ssk=a0e39b5feafbdc086c0b2f79864d7dd3&svarok=1&b=79056&oaid=055f7092d48d481f904916f31708cdc3&rdk=rk1&mprtr=1
IP 139.45.197.155:0
POST /?l=qCqekRDLtEBTXwP&s=599944536537698708&z=4574936&g=NO&svar=1664601443&ba=0&dm=0&ep=0&vi=0&vo=0&i18db=0&tr=default&svar=1664601443&ssk=a0e39b5feafbdc086c0b2f79864d7dd3&svarok=1&b=79056&oaid=055f7092d48d481f904916f31708cdc3&rdk=rk1&mprtr=1 HTTP/1.1
Host: toapodazoay.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://toapodazoay.com
Connection: keep-alive
Referer: https://toapodazoay.com/?rzi=4574936&rsz=4574936&rid=
Cookie: reverse=rt-pxuowh92QNKmjrHgUwLNiWqfCTw_cAE9y0x_5Iw8
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Content-Length: 0
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 05:17:23 GMT
content-type: application/json
vary: Accept-Encoding
x-powered-by: PHP/7.4.27
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-encoding: gzip
X-Firefox-Spdy: h2
gtoonfd.com/link?z=4574935&var=b2ab689a-b0a0-4fbd-9ad4-e600fcb634cb&ymid=ccrsqotip8jpgpblaht0
139.45.197.239200 OK 0 B URL HTTP/2 gtoonfd.com/link?z=4574935&var=b2ab689a-b0a0-4fbd-9ad4-e600fcb634cb&ymid=ccrsqotip8jpgpblaht0
IP 139.45.197.239:0
Analyzer Verdict Alert quad9 Sinkholed
GET /link?z=4574935&var=b2ab689a-b0a0-4fbd-9ad4-e600fcb634cb&ymid=ccrsqotip8jpgpblaht0 HTTP/1.1
Host: gtoonfd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 05:17:23 GMT
content-type: text/html; charset=utf8
x-trace-id: d2be7f208815067a18bf1ae20e3ecd32
link: <https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch", <https://toapodazoay.com>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=055f7092d48d481f904916f31708cdc3; expires=Sun, 01 Oct 2023 05:17:23 GMT; path=/; secure; SameSite=None
oaidts=1664601443; expires=Sun, 01 Oct 2023 05:17:23 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
allcnt=1; expires=Sun, 01 Oct 2023 05:17:23 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2