hiqmhut.zeheyang7.com/
37.48.65.148200 OK 477 B IP 37.48.65.148:0
ASN #60781 LeaseWeb Netherlands B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (477), with no line terminators
Hash 5b85c645ba1f4f32863d2b13af8132e5
b4b03d02d900b7fa36c0539865e512c612ba037a
d3d1a85487a093a1b5b2f3a345b400af4adfb8d453814053ce0e088f1ecf0da0
Analyzer Verdict Alert fortinet Phishing
GET / HTTP/1.1
Host: hiqmhut.zeheyang7.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 477
content-type: text/html; charset=utf-8
date: Fri, 02 Sep 2022 20:46:56 GMT
server: nginx
set-cookie: sid=62396652-2b00-11ed-bcc6-ff9a8e39c4a0; path=/; domain=.zeheyang7.com; expires=Thu, 21 Sep 2090 00:01:03 GMT; max-age=2147483647; HttpOnly
firefox.settings.services.mozilla.com/v1/
143.204.55.36200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.36:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash b593eb39329cfe060d55be5e4a5405e2
78e46c1028e9f94f8569303ad2d90d7df13a059a
08a810103557efe55ca4425ff0cf82593f1f54633df899127eaec9bee05d4d04
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Alert, Content-Length, Content-Type, Backoff
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Fri, 02 Sep 2022 20:36:19 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 f00e3524edcdf61801454f2bb21e71ce.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: mXsopSVB0ilq8JJ7Qex0wF9pNcbfiAxtujOinoN_qQRXfm2ASsqQnw==
Age: 637
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash bcdebf7a2bad5db595e8a0c1abb2ddcb
249dda2fa5e37b8a8f3a8c797193bf0874b6eedc
9b43ec48b16f96449208a0094c4d660806a2a2d344b5862dbff4c393bf3f9f9f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9B43EC48B16F96449208A0094C4D660806A2A2D344B5862DBFF4C393BF3F9F9F"
Last-Modified: Thu, 01 Sep 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17049
Expires: Sat, 03 Sep 2022 01:31:05 GMT
Date: Fri, 02 Sep 2022 20:46:56 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
143.204.55.110200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP 143.204.55.110:0
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Fri, 02 Sep 2022 01:15:17 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 6cb1d4b545e7beb4ead790454f4807c6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 9yc0TDuUyN2ahE5yhiRH7ktn5IDzOjsOz8bBvE920Q_0A8GTIzJD4w==
age: 70299
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 02 Sep 2022 20:46:56 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
hiqmhut.zeheyang7.com/favicon.ico
37.48.65.148404 Not Found 9 B URL HTTP/1.1 hiqmhut.zeheyang7.com/favicon.ico
IP 37.48.65.148:0
ASN #60781 LeaseWeb Netherlands B.V.
File type ASCII text, with no line terminators
Hash d8f4a1993546cc4b850cde3599e27aec
094b763b4cfcc0b05e5d040581cd513c3ca08067
907ba78b4545338d3539683e63ecb51cf51c10adc9dabd86e92bd52339f298b9
GET /favicon.ico HTTP/1.1
Host: hiqmhut.zeheyang7.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hiqmhut.zeheyang7.com/
Cookie: sid=62396652-2b00-11ed-bcc6-ff9a8e39c4a0
HTTP/1.1 404 Not Found
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 9
date: Fri, 02 Sep 2022 20:46:56 GMT
server: nginx
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.36200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.36:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, ETag, Backoff, Last-Modified, Pragma, Cache-Control, Expires, Content-Type, Content-Length, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Fri, 02 Sep 2022 20:38:16 GMT
Cache-Control: max-age=3600
Expires: Fri, 02 Sep 2022 21:30:02 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 2ORJK1hh8fz6cMuvpeZgwrV-yN1Z4VY8Jv2A_N4sVm3SkCtddiekNg==
Age: 521
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 21daf45cdda2eb462873226bb5c1f0fb
4d4621bbf1461f35f7e536c1dbd9de71978ffa23
8164c742d013bdc2836cac1167acfe482547347ab6a1daefa15475f694dae057
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2486
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 02 Sep 2022 20:46:57 GMT
Last-Modified: Fri, 02 Sep 2022 20:05:31 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
44.237.163.41101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 44.237.163.41:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Vb5/n/re1wqmFiQc8lePpg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: V5FoRYw56d1QKmTi62O3hk1vSzQ=
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 12f00eac4bda78b5d4c4bc00e96be439
5d6d88dbf72f208bc33c9af693440aec02e5f11c
4a85dc99793413780fdfde032e83995c0a15775eb09123f53a1ba9b789f91a55
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4A85DC99793413780FDFDE032E83995C0A15775EB09123F53A1BA9B789F91A55"
Last-Modified: Wed, 31 Aug 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11765
Expires: Sat, 03 Sep 2022 00:03:04 GMT
Date: Fri, 02 Sep 2022 20:46:59 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 12f00eac4bda78b5d4c4bc00e96be439
5d6d88dbf72f208bc33c9af693440aec02e5f11c
4a85dc99793413780fdfde032e83995c0a15775eb09123f53a1ba9b789f91a55
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4A85DC99793413780FDFDE032E83995C0A15775EB09123F53A1BA9B789F91A55"
Last-Modified: Wed, 31 Aug 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11765
Expires: Sat, 03 Sep 2022 00:03:04 GMT
Date: Fri, 02 Sep 2022 20:46:59 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 12f00eac4bda78b5d4c4bc00e96be439
5d6d88dbf72f208bc33c9af693440aec02e5f11c
4a85dc99793413780fdfde032e83995c0a15775eb09123f53a1ba9b789f91a55
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4A85DC99793413780FDFDE032E83995C0A15775EB09123F53A1BA9B789F91A55"
Last-Modified: Wed, 31 Aug 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11765
Expires: Sat, 03 Sep 2022 00:03:04 GMT
Date: Fri, 02 Sep 2022 20:46:59 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 12f00eac4bda78b5d4c4bc00e96be439
5d6d88dbf72f208bc33c9af693440aec02e5f11c
4a85dc99793413780fdfde032e83995c0a15775eb09123f53a1ba9b789f91a55
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4A85DC99793413780FDFDE032E83995C0A15775EB09123F53A1BA9B789F91A55"
Last-Modified: Wed, 31 Aug 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11765
Expires: Sat, 03 Sep 2022 00:03:04 GMT
Date: Fri, 02 Sep 2022 20:46:59 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 12f00eac4bda78b5d4c4bc00e96be439
5d6d88dbf72f208bc33c9af693440aec02e5f11c
4a85dc99793413780fdfde032e83995c0a15775eb09123f53a1ba9b789f91a55
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4A85DC99793413780FDFDE032E83995C0A15775EB09123F53A1BA9B789F91A55"
Last-Modified: Wed, 31 Aug 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11765
Expires: Sat, 03 Sep 2022 00:03:04 GMT
Date: Fri, 02 Sep 2022 20:46:59 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9564bd06-b264-460b-96bb-6b37cf25a72b.jpeg
34.120.237.76200 OK 17 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9564bd06-b264-460b-96bb-6b37cf25a72b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 12756903aaa74164feb5f8525398ca36
9fef9b071daea6793cbbdfe391254ac4326b1aa2
6d474a6d96aebfed43a4f6812f18a1be8d100c590f75eb0fbf4ec7277dd0c442
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9564bd06-b264-460b-96bb-6b37cf25a72b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 16818
x-amzn-requestid: 6950a3c5-2cdc-4a21-854c-10d925e32ecd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XiYLvHRSIAMFotQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630a6d7e-6e98b9a77e592bd01afb1d97;Sampled=0
x-amzn-remapped-date: Sat, 27 Aug 2022 19:16:14 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 3eBLhLH4APXLyj9kLHXNCFT9ccS_bnBp5INvMI93IFvOuBMERe_GgQ==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Sep 2022 13:36:12 GMT
age: 25847
etag: "9fef9b071daea6793cbbdfe391254ac4326b1aa2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F141f656b-9191-4cf5-a05b-891ed5c9656f.jpeg
34.120.237.76200 OK 5.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F141f656b-9191-4cf5-a05b-891ed5c9656f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5c3b7580a37e6eb7e5bd18491f1d4dd6
288b82ad8f924eb9570ae1c55da84d041f862366
046d1ef76448c53446068ef5f8315b7299484996cdebfd9d1e749b4ded9c7d3c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F141f656b-9191-4cf5-a05b-891ed5c9656f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5079
x-amzn-requestid: 3b19c77a-2e9b-499f-890b-36fc4ee72ba7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XslOVEtZIAMFv1w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630e825b-01b7b71617b59f7414a0e5e5;Sampled=0
x-amzn-remapped-date: Tue, 30 Aug 2022 21:34:19 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: zYT0vF7Bxa5m84D12jI2w_A-MzR3wIMBOb0ubTEdNMlpYUes5aYdlQ==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Sep 2022 21:44:27 GMT
age: 82952
etag: "288b82ad8f924eb9570ae1c55da84d041f862366"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F06f2c9c2-de63-41e1-8359-5a5923a2b1e8.webp
34.120.237.76200 OK 9.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F06f2c9c2-de63-41e1-8359-5a5923a2b1e8.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5ba50b2fd1814c5ffc95aef40c69ce8c
cbb4546228115cccc122b16209e70171bef5c1f2
de822c8549508b28a07d29b203ae3ef356470df906cba727fc765f1bd14bb866
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F06f2c9c2-de63-41e1-8359-5a5923a2b1e8.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9252
x-amzn-requestid: 7feebba8-f6b9-4b79-9726-5a7534da277e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XzLyVG5DoAMF_Ug=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63112675-3123158f3dcfbd476537ca3c;Sampled=0
x-amzn-remapped-date: Thu, 01 Sep 2022 21:39:01 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: BOa5zGQyJS9q9bHmtKzlNtyS9ToGPZJkDFo2uY2lzz8Lnd3cZLQEaA==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 ebe4011a81a36e2bf678f69ce1711330.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Sep 2022 22:48:18 GMT
age: 79121
etag: "cbb4546228115cccc122b16209e70171bef5c1f2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c0ef483-e545-4a1f-b9b9-88778330d881.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c0ef483-e545-4a1f-b9b9-88778330d881.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 955f2a35bd6b3802670e7fa8a7cda833
4c70d27f7c51b7fcae1d8a883bfc2e67a551ae6c
2fb517039f0704d2f6fe2fa78eae47c71c645add1c2276f8726248184ae45760
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c0ef483-e545-4a1f-b9b9-88778330d881.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10435
x-amzn-requestid: 813ec4ca-243d-46cb-a6a6-8ec58e5dd9f8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XzLjdHwnIAMFhzA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63112615-4733cfb83cf0e8734abc5716;Sampled=0
x-amzn-remapped-date: Thu, 01 Sep 2022 21:37:25 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: n6DJbsUGTdXT42cNLTDq6Uz28H2SDhwq6drdKP4axAHsBz471X7r_g==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 89791e6b21b9a30cc51cac1bc51cf098.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Sep 2022 21:37:26 GMT
etag: "4c70d27f7c51b7fcae1d8a883bfc2e67a551ae6c"
content-type: image/jpeg
age: 83373
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd1bf889-bcbe-4ad4-950a-a32b2f875537.jpeg
34.120.237.76200 OK 5.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd1bf889-bcbe-4ad4-950a-a32b2f875537.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 24d848f7606889b048b6334e70d8a5e0
85239ef4f2fee8d3345e599bc942cab63ff3aaf6
da6cf33b440b51f72a70f309d62fd581aed246b6a78b8f329fa3899db15ff86d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd1bf889-bcbe-4ad4-950a-a32b2f875537.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5889
x-amzn-requestid: 42237574-f86e-4ece-b986-6d0c5910fcc5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XzMVgHajoAMFmXg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63112756-48ff9d98464cf3c9680d97b4;Sampled=0
x-amzn-remapped-date: Thu, 01 Sep 2022 21:42:46 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: _7BBSlQQucoO5poncTYuX4fcmS4WFg3UcVFXalckGCCNFKJ0h5UpsQ==
via: 1.1 95b0ac620fa3a80ee590ecf1cda1c698.cloudfront.net (CloudFront), 1.1 e95ec8f1dc02e32f0cb9e113963ceb4e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Sep 2022 22:31:42 GMT
etag: "85239ef4f2fee8d3345e599bc942cab63ff3aaf6"
content-type: image/jpeg
age: 80117
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff6b23082-fe08-4f5d-b709-47175510cf45.jpeg
34.120.237.76200 OK 6.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff6b23082-fe08-4f5d-b709-47175510cf45.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5e05660322f0368dd2bf8067d7e4554d
ec65cb47d86488f734c945a210d5f636a40fea2c
98875230ec45766102191bdc4180742fa3b8f3ad5ad1a128d12437105f86247e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff6b23082-fe08-4f5d-b709-47175510cf45.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6196
x-amzn-requestid: a7d6ce70-06d7-498c-8024-80185a3fc3e4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XzLyLFmVIAMFkcQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63112674-3fad622927177e9236d7c50a;Sampled=0
x-amzn-remapped-date: Thu, 01 Sep 2022 21:39:00 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: qAMCgNpYR80vXSDyHFOFcbT8VukBemR2AGoGNaCfYaszKshu-gv6zg==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 d01e7742f82df0bbc1fb681d709ed69c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Sep 2022 21:54:15 GMT
age: 82364
etag: "ec65cb47d86488f734c945a210d5f636a40fea2c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
hiqmhut.zeheyang7.com/?js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY2MjE1ODgxNiwiaWF0IjoxNjYyMTUxNjE2LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIyczhpYzVtMGVpdjdnaHEwZDQxZjZlNGwiLCJuYmYiOjE2NjIxNTE2MTYsInRzIjoxNjYyMTUxNjE2NjM2MjM3fQ.XfKHUpsHdF5xHv0gpaHkAanEVRi_jesSM3G2FwR9SiU&sid=62396652-2b00-11ed-bcc6-ff9a8e39c4a0
37.48.65.148302 Found 11 B URL HTTP/1.1 hiqmhut.zeheyang7.com/?js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY2MjE1ODgxNiwiaWF0IjoxNjYyMTUxNjE2LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIyczhpYzVtMGVpdjdnaHEwZDQxZjZlNGwiLCJuYmYiOjE2NjIxNTE2MTYsInRzIjoxNjYyMTUxNjE2NjM2MjM3fQ.XfKHUpsHdF5xHv0gpaHkAanEVRi_jesSM3G2FwR9SiU&sid=62396652-2b00-11ed-bcc6-ff9a8e39c4a0
IP 37.48.65.148:0
ASN #60781 LeaseWeb Netherlands B.V.
File type ASCII text, with no line terminators
Hash 32682312d17c7cbf18e73594f5570319
60e22121bdd0bc71cdb2bae2a3aa577006b2eae9
e55fb1a1d731153e943b68844af12dcce8bfac917c98ffdea64c80da0607dd47
GET /?js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY2MjE1ODgxNiwiaWF0IjoxNjYyMTUxNjE2LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIyczhpYzVtMGVpdjdnaHEwZDQxZjZlNGwiLCJuYmYiOjE2NjIxNTE2MTYsInRzIjoxNjYyMTUxNjE2NjM2MjM3fQ.XfKHUpsHdF5xHv0gpaHkAanEVRi_jesSM3G2FwR9SiU&sid=62396652-2b00-11ed-bcc6-ff9a8e39c4a0 HTTP/1.1
Host: hiqmhut.zeheyang7.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hiqmhut.zeheyang7.com/
Cookie: sid=62396652-2b00-11ed-bcc6-ff9a8e39c4a0
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 11
date: Fri, 02 Sep 2022 20:46:59 GMT
location: http://btpnav.com/click?data=NmNuUVg3Z2FWblQ2LWxBWUdhZy1JSDJEZ3I3Z2R5cXZFaUtjOS1GTFp3UEJJZFFyZWdVT1lqWTdQVEFsYVIxZW9jczZfR2c2aWNoS25jRkZfd2NfckNSNngyMTI2Z0FtMnpHb1A5M3ZCcUdRT1hVdm90MWVLUjlJbm9Od0J1Ums2Y1pOc0ZtX1pfNEJ1c0hlRHdvalBnMg2&id=40e5dacc-092e-4fdc-bea5-c0485abbff9f
server: nginx
set-cookie: sid=62396652-2b00-11ed-bcc6-ff9a8e39c4a0; path=/; domain=.zeheyang7.com; expires=Thu, 21 Sep 2090 00:01:06 GMT; max-age=2147483647; HttpOnly
btpnav.com/click?data=NmNuUVg3Z2FWblQ2LWxBWUdhZy1JSDJEZ3I3Z2R5cXZFaUtjOS1GTFp3UEJJZFFyZWdVT1lqWTdQVEFsYVIxZW9jczZfR2c2aWNoS25jRkZfd2NfckNSNngyMTI2Z0FtMnpHb1A5M3ZCcUdRT1hVdm90MWVLUjlJbm9Od0J1Ums2Y1pOc0ZtX1pfNEJ1c0hlRHdvalBnMg2&id=40e5dacc-092e-4fdc-bea5-c0485abbff9f
209.15.13.136200 OK 2.2 kB URL HTTP/1.1 btpnav.com/click?data=NmNuUVg3Z2FWblQ2LWxBWUdhZy1JSDJEZ3I3Z2R5cXZFaUtjOS1GTFp3UEJJZFFyZWdVT1lqWTdQVEFsYVIxZW9jczZfR2c2aWNoS25jRkZfd2NfckNSNngyMTI2Z0FtMnpHb1A5M3ZCcUdRT1hVdm90MWVLUjlJbm9Od0J1Ums2Y1pOc0ZtX1pfNEJ1c0hlRHdvalBnMg2&id=40e5dacc-092e-4fdc-bea5-c0485abbff9f
IP 209.15.13.136:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (349), with CRLF line terminators
Hash c736f00997041c4d9b4894e8d5f27387
6000ddd2973b08f693f1d05783f69fc1bd979195
9d75c66c134ba1c80abde08aca6f72dedab3d04ee210ab4863bc2c66e3d3c6be
GET /click?data=NmNuUVg3Z2FWblQ2LWxBWUdhZy1JSDJEZ3I3Z2R5cXZFaUtjOS1GTFp3UEJJZFFyZWdVT1lqWTdQVEFsYVIxZW9jczZfR2c2aWNoS25jRkZfd2NfckNSNngyMTI2Z0FtMnpHb1A5M3ZCcUdRT1hVdm90MWVLUjlJbm9Od0J1Ums2Y1pOc0ZtX1pfNEJ1c0hlRHdvalBnMg2&id=40e5dacc-092e-4fdc-bea5-c0485abbff9f HTTP/1.1
Host: btpnav.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://hiqmhut.zeheyang7.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-AspNetMvc-Version: 5.2
X-AspNet-Version: 4.0.30319
Set-Cookie: MHRbOCANqNaxaLZ=MHRbOCANqNaxaLZ; path=/
X-Server: web01
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type
Date: Fri, 02 Sep 2022 20:46:59 GMT
Content-Length: 2188
btpnav.com/Redirect/
209.15.13.136302 Found 269 B IP 209.15.13.136:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash f44d3eca303365c2225c86b447ef3625
5c7968cd84715d562faec34d8186ae5f1935eac5
cffcfc5562ae540a7cae400b034b0ef6d422785be04eba5e1c9c1fec39ec51a3
POST /Redirect/ HTTP/1.1
Host: btpnav.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 358
Origin: http://btpnav.com
Connection: keep-alive
Referer: http://btpnav.com/click?data=NmNuUVg3Z2FWblQ2LWxBWUdhZy1JSDJEZ3I3Z2R5cXZFaUtjOS1GTFp3UEJJZFFyZWdVT1lqWTdQVEFsYVIxZW9jczZfR2c2aWNoS25jRkZfd2NfckNSNngyMTI2Z0FtMnpHb1A5M3ZCcUdRT1hVdm90MWVLUjlJbm9Od0J1Ums2Y1pOc0ZtX1pfNEJ1c0hlRHdvalBnMg2&id=40e5dacc-092e-4fdc-bea5-c0485abbff9f
Cookie: MHRbOCANqNaxaLZ=MHRbOCANqNaxaLZ
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: http://artax-evn.com/zcvisitor/628a7975-2b00-11ed-a49a-0add1a52047f/fa8076ca-64e7-4648-95fb-59f8b6b1f6e1?campaignid=b49fbdf0-1ca6-11ed-a07d-12beee04f19b
Server: Microsoft-IIS/8.5
X-AspNetMvc-Version: 5.2
X-AspNet-Version: 4.0.30319
X-Server: web01
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type
Date: Fri, 02 Sep 2022 20:46:59 GMT
Content-Length: 269
artax-evn.com/zcvisitor/628a7975-2b00-11ed-a49a-0add1a52047f/fa8076ca-64e7-4648-95fb-59f8b6b1f6e1?campaignid=b49fbdf0-1ca6-11ed-a07d-12beee04f19b
107.23.10.197200 996 B URL HTTP/1.1 artax-evn.com/zcvisitor/628a7975-2b00-11ed-a49a-0add1a52047f/fa8076ca-64e7-4648-95fb-59f8b6b1f6e1?campaignid=b49fbdf0-1ca6-11ed-a07d-12beee04f19b
IP 107.23.10.197:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 36dd467214421cf10f2629400cbc328d
850ee57a84fcbe666c4d8430e1c319c489dd0863
24cac7faf25adb9a3afa69f041e5d7e362019780ad3b18dfe4a32749c75205f4
Analyzer Verdict Alert fortinet Phishing
GET /zcvisitor/628a7975-2b00-11ed-a49a-0add1a52047f/fa8076ca-64e7-4648-95fb-59f8b6b1f6e1?campaignid=b49fbdf0-1ca6-11ed-a07d-12beee04f19b HTTP/1.1
Host: artax-evn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://btpnav.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200
Date: Fri, 02 Sep 2022 20:47:00 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Server: DJNNjuGB
artax-evn.com/zcredirect?visitid=628a7975-2b00-11ed-a49a-0add1a52047f&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false
107.23.10.197200 748 B URL HTTP/1.1 artax-evn.com/zcredirect?visitid=628a7975-2b00-11ed-a49a-0add1a52047f&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false
IP 107.23.10.197:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (331)
Hash 7e6243bfba12017dc73785eaa54aa4d3
83c18e97e8cfa4c0e8bd3c6437bc9005e6ca7534
9134a32f027c4855d5ce0ef1af39864466b0765b215cb8cbd8e7302b98748f17
GET /zcredirect?visitid=628a7975-2b00-11ed-a49a-0add1a52047f&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false HTTP/1.1
Host: artax-evn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://artax-evn.com/zcvisitor/628a7975-2b00-11ed-a49a-0add1a52047f/fa8076ca-64e7-4648-95fb-59f8b6b1f6e1?campaignid=b49fbdf0-1ca6-11ed-a07d-12beee04f19b
Upgrade-Insecure-Requests: 1
HTTP/1.1 200
Date: Fri, 02 Sep 2022 20:47:00 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
redirected: JS
Server: RuZPXfIv
cartining-specute.com/zp-redirect?target=https%3A%2F%2Ftrk.ezymny.com%2F71625b6a-307e-445c-be32-59d93b21d919%3Fo%3D2736%26clicktag%3Dwj26fkl9ojskesoi23ph2a98&caid=7574b765-b8bf-4cc1-ab38-bc7a452e1d42&zpid=628a7975-2b00-11ed-a49a-0add1a52047f&cid=wj26fkl9ojskesoi23ph2a98&rt=R
18.197.36.77302 Found 0 B URL HTTP/2 cartining-specute.com/zp-redirect?target=https%3A%2F%2Ftrk.ezymny.com%2F71625b6a-307e-445c-be32-59d93b21d919%3Fo%3D2736%26clicktag%3Dwj26fkl9ojskesoi23ph2a98&caid=7574b765-b8bf-4cc1-ab38-bc7a452e1d42&zpid=628a7975-2b00-11ed-a49a-0add1a52047f&cid=wj26fkl9ojskesoi23ph2a98&rt=R
IP 18.197.36.77:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /zp-redirect?target=https%3A%2F%2Ftrk.ezymny.com%2F71625b6a-307e-445c-be32-59d93b21d919%3Fo%3D2736%26clicktag%3Dwj26fkl9ojskesoi23ph2a98&caid=7574b765-b8bf-4cc1-ab38-bc7a452e1d42&zpid=628a7975-2b00-11ed-a49a-0add1a52047f&cid=wj26fkl9ojskesoi23ph2a98&rt=R HTTP/1.1
Host: cartining-specute.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://artax-evn.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Fri, 02 Sep 2022 20:47:00 GMT
content-length: 0
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://trk.ezymny.com/71625b6a-307e-445c-be32-59d93b21d919?o=2736&clicktag=wj26fkl9ojskesoi23ph2a98
pragma: no-cache
set-cookie: cc-v4=nb1UEKjTnfKAh8mJdqp3Lb6gQ8aeelMdxjAnlR%2BjV7Fv2GICpio4341q0XWmZ1hg5Cmp82kXCrfwe1iFgyN%2BcJEEEjczBi6%2BxT9m61LNnj14CpSB18eP40qURoB7DHvyJAZc6%2FqFji3M%2B0xZpnnQJQ%3D%3D; Max-Age=31536000; Expires=Sat, 02-Sep-2023 20:47:00 GMT; Domain=cartining-specute.com; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2
artax-evn.com/favicon.ico
107.23.10.197404 653 B URL HTTP/1.1 artax-evn.com/favicon.ico
IP 107.23.10.197:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (649), with no line terminators
Hash ba2732b1b2fa2626ffaa15f62f9e7d66
203d4e7fbb1d80449d6e4e1f3ae7a9bf8625debe
879861cb72fe9fbb476dab246021c4c83b4066327de2529e05ec54d3afb0a1c8
GET /favicon.ico HTTP/1.1
Host: artax-evn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://artax-evn.com/zcredirect?visitid=628a7975-2b00-11ed-a49a-0add1a52047f&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false
HTTP/1.1 404
Date: Fri, 02 Sep 2022 20:47:00 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 653
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Content-Language: en
Server: DJNNjuGB
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 98508c87dc22b82c8d079fe22f6904b6
2f7ec8583bb5ebd1cd03f436fc38f052eb2425fe
330859c870070efc88de4edb73b36c4d68edef053c0fd43df0511d432d3ebb49
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "330859C870070EFC88DE4EDB73B36C4D68EDEF053C0FD43DF0511D432D3EBB49"
Last-Modified: Fri, 02 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9148
Expires: Fri, 02 Sep 2022 23:19:28 GMT
Date: Fri, 02 Sep 2022 20:47:00 GMT
Connection: keep-alive
trk.ezymny.com/71625b6a-307e-445c-be32-59d93b21d919?o=2736&clicktag=wj26fkl9ojskesoi23ph2a98
104.18.25.94302 Found 0 B URL HTTP/2 trk.ezymny.com/71625b6a-307e-445c-be32-59d93b21d919?o=2736&clicktag=wj26fkl9ojskesoi23ph2a98
IP 104.18.25.94:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /71625b6a-307e-445c-be32-59d93b21d919?o=2736&clicktag=wj26fkl9ojskesoi23ph2a98 HTTP/1.1
Host: trk.ezymny.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://artax-evn.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Fri, 02 Sep 2022 20:47:01 GMT
content-length: 0
location: https://ww2.casualdating.com/landing/cl6001?clickId=dbfc669f-cd88-44b7-b172-8baff1e212cb&tracker=SGM_Pro&publisher=31015&subPublisher=&zz=true&hit_id=dbfc669f-cd88-44b7-b172-8baff1e212cb&tp_redirect_id=dbfc669f-cd88-44b7-b172-8baff1e212cb
strict-transport-security: max-age=15724800; includeSubDomains
cf-cache-status: DYNAMIC
set-cookie: attrk=yes;Version=1;Max-Age=86400
vcid=%7B%22id%22%3A%22467f2939-6e4b-4351-b129-336fe3cef418%22%2C%22firstTime%22%3A%22Sep+2%2C+2022+8%3A47%3A01+PM%22%2C%22visitCount%22%3A1%2C%22firstTimeDay%22%3A%22Sep+2%2C+2022+8%3A47%3A01+PM%22%2C%22visitDays%22%3A1%2C%22origin%22%3A%22routing%22%2C%22lastLocation%22%3A%22routing%22%2C%22ageInSecs%22%3A0%7D;Version=1;Domain=ezymny.com;Path=/;Max-Age=2147483647;Expires=Thu, 21 Sep 2090 00:01:08 GMT
__cf_bm=CFpOAJLE5rl5T30JUUapesoWjkax4L8Avt9GPDC3ZIU-1662151621-0-AYlIThBL0A5ijzK+1WoBCkeZ16qEdNpCpqLx7Y+ytwCMG1n8mCLSN4dTq/BwTJz+tjPm7juRyz3Ab3mxjDLr/5U=; path=/; expires=Fri, 02-Sep-22 21:17:01 GMT; domain=.ezymny.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 7449192ede83b4eb-OSL
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d048ee5d2b958a17afc27a90cfda6710
1f829b1a72fbbff74278cdc42e904562cce00378
ba5376cfae8d9f744edfa6ee0f28b9d6ea132c0dc58c87bb06d1c193d880c395
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "BA5376CFAE8D9F744EDFA6EE0F28B9D6EA132C0DC58C87BB06D1C193D880C395"
Last-Modified: Fri, 02 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9483
Expires: Fri, 02 Sep 2022 23:25:04 GMT
Date: Fri, 02 Sep 2022 20:47:01 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d048ee5d2b958a17afc27a90cfda6710
1f829b1a72fbbff74278cdc42e904562cce00378
ba5376cfae8d9f744edfa6ee0f28b9d6ea132c0dc58c87bb06d1c193d880c395
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "BA5376CFAE8D9F744EDFA6EE0F28B9D6EA132C0DC58C87BB06D1C193D880C395"
Last-Modified: Fri, 02 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9483
Expires: Fri, 02 Sep 2022 23:25:04 GMT
Date: Fri, 02 Sep 2022 20:47:01 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash d0a87718642da2592f1334ff6bf04389
3fd0bba0f062549a3b234be8648b9e8bd9d7b720
7ec767531c77b55502fd7d4c4c1826349e40c92c0ff5b87b15aba7ca724cade9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5251
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 02 Sep 2022 20:47:01 GMT
Last-Modified: Fri, 02 Sep 2022 19:19:31 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 279
lpmedia.servefilesonly.com/img/_pictures/fsk16/m/cl01.jpg?915365
104.18.11.149200 OK 38 kB URL HTTP/2 lpmedia.servefilesonly.com/img/_pictures/fsk16/m/cl01.jpg?915365
IP 104.18.11.149:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 300x300, components 3\012- data
Hash d25d652ec0ee3b6b6c1bf13f9de976ad
bd515f9150867082632ca607ff2ff766c2d1d50b
0a0276ca0d774c64a01d4448f5cf99c16f50eee260fc43713a9fcf215ecb5c6c
GET /img/_pictures/fsk16/m/cl01.jpg?915365 HTTP/1.1
Host: lpmedia.servefilesonly.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ww2.casualdating.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Sep 2022 20:47:01 GMT
content-type: image/jpeg
content-length: 38095
cf-bgj: h2pri
access-control-allow-origin: *
cache-control: public, max-age=43200
etag: "630edcea-94cf"
last-modified: Wed, 31 Aug 2022 04:00:42 GMT
cf-cache-status: HIT
age: 16635
expires: Sat, 03 Sep 2022 08:47:01 GMT
accept-ranges: bytes
set-cookie: __cf_bm=JpCjMPrhGpyIky.XZ7.Rskd3boUgu2LD.FV72l52Gg8-1662151621-0-AbLykGH6rXSvQod+LWnRd4FbdYiJIouHQvNsl4Gm1y1Yrq+3UaUFAA2rw3IdKT8pRFvOfK8VqV8yttnl8FQPi/8=; path=/; expires=Fri, 02-Sep-22 21:17:01 GMT; domain=.servefilesonly.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 74491932aafbb4ff-OSL
X-Firefox-Spdy: h2
lpmedia.servefilesonly.com/img/_pictures/fsk16/m/cl04.jpg?915365
104.18.11.149200 OK 47 kB URL HTTP/2 lpmedia.servefilesonly.com/img/_pictures/fsk16/m/cl04.jpg?915365
IP 104.18.11.149:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 300x300, components 3\012- data
Hash 086f13eb37a4a8533cbe13827322b1ea
fcf5253bb77cf9b645ccffd748e88e17478b79c3
d5e6b384e169032b80bcebe6014b5d90dff2113a63e5fc6a9df5cd090ce2d105
GET /img/_pictures/fsk16/m/cl04.jpg?915365 HTTP/1.1
Host: lpmedia.servefilesonly.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ww2.casualdating.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Sep 2022 20:47:01 GMT
content-type: image/jpeg
content-length: 46683
cf-bgj: h2pri
access-control-allow-origin: *
cache-control: public, max-age=43200
etag: "630edcea-b65b"
last-modified: Wed, 31 Aug 2022 04:00:42 GMT
cf-cache-status: HIT
age: 16635
expires: Sat, 03 Sep 2022 08:47:01 GMT
accept-ranges: bytes
set-cookie: __cf_bm=4CNCBbW8FYkPkCllKbHv22ruljhKIcxnjojqqR_7nC4-1662151621-0-AXmrDFwCK+TlDJP38MXohGG8w3aCGJ/Oz42EnPea8Roe/vuej1OhvO8ApUNLkliBRQpfh8iaP3D9tW1w+IIJrs0=; path=/; expires=Fri, 02-Sep-22 21:17:01 GMT; domain=.servefilesonly.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 74491932aafeb4ff-OSL
X-Firefox-Spdy: h2
lpmedia.servefilesonly.com/img/_pictures/fsk16/m/cl05.jpg?915365
104.18.11.149200 OK 48 kB URL HTTP/2 lpmedia.servefilesonly.com/img/_pictures/fsk16/m/cl05.jpg?915365
IP 104.18.11.149:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 300x300, components 3\012- data
Hash 27164017f1aa62515fe1e0f98490e42d
f1fb37569d871c7511e2ce0ef603c9f10ed3a51e
d9ced411b18b0ff18b7ffa9b501ae88f755917ca353c4edc782c9a495c0ccb18
GET /img/_pictures/fsk16/m/cl05.jpg?915365 HTTP/1.1
Host: lpmedia.servefilesonly.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ww2.casualdating.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Sep 2022 20:47:01 GMT
content-type: image/jpeg
content-length: 47899
cf-bgj: h2pri
access-control-allow-origin: *
cache-control: public, max-age=43200
etag: "630edcea-bb1b"
last-modified: Wed, 31 Aug 2022 04:00:42 GMT
cf-cache-status: HIT
age: 16635
expires: Sat, 03 Sep 2022 08:47:01 GMT
accept-ranges: bytes
set-cookie: __cf_bm=0lCfgw57jAM0xDjz5vuQ5AP8SypLTu16HJ6xUOs8RtY-1662151621-0-ASuYY/bdKj85M8/Zbc4Yr0uZlabeFlkBSicCoN/31EbV6BuK0BnjuSWBKCIdSCdvt5b87hUmFT5qeQpHgJRALg0=; path=/; expires=Fri, 02-Sep-22 21:17:01 GMT; domain=.servefilesonly.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 74491932aaffb4ff-OSL
X-Firefox-Spdy: h2
lpmedia.servefilesonly.com/img/_pictures/fsk16/m/cl06.jpg?915365
104.18.11.149200 OK 48 kB URL HTTP/2 lpmedia.servefilesonly.com/img/_pictures/fsk16/m/cl06.jpg?915365
IP 104.18.11.149:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 300x300, components 3\012- data
Hash 2c5b2970c3fc892e69bea9b2ad0a0a32
c5f618104295e6061d68b32b7efda94b6a646c13
4ba2db8b2b9bc4561fd04b9603a27cf165341f15b9832c55cb8e54cc96da31a0
GET /img/_pictures/fsk16/m/cl06.jpg?915365 HTTP/1.1
Host: lpmedia.servefilesonly.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ww2.casualdating.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Sep 2022 20:47:01 GMT
content-type: image/jpeg
content-length: 47727
cf-bgj: h2pri
access-control-allow-origin: *
cache-control: public, max-age=43200
etag: "630edcea-ba6f"
last-modified: Wed, 31 Aug 2022 04:00:42 GMT
cf-cache-status: HIT
age: 16635
expires: Sat, 03 Sep 2022 08:47:01 GMT
accept-ranges: bytes
set-cookie: __cf_bm=daVx9P17elxJ7M3spWG4YtVGh2xYSlU_d7Nig4QdYl4-1662151621-0-ARv7GfRz27NR+PVAy4hES0GBRfmxagdeILoEXQN+KE6UBI+YNYLWRN1gdJmnLOn6m8N99n4rVOMyyhqlPHFCvC8=; path=/; expires=Fri, 02-Sep-22 21:17:01 GMT; domain=.servefilesonly.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 74491932ab00b4ff-OSL
X-Firefox-Spdy: h2
lpmedia.servefilesonly.com/img/_pictures/fsk16/m/cl07.jpg?915365
104.18.11.149200 OK 44 kB URL HTTP/2 lpmedia.servefilesonly.com/img/_pictures/fsk16/m/cl07.jpg?915365
IP 104.18.11.149:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 300x300, components 3\012- data
Hash 4e5b2f60bc11300f87b75e4a83c8721e
93f163fe190da3847f1804c59026506a08280bee
17be05214e5f5ef51cc2df6c903fd9b8fd29edb00ea33169d22788ee0b816994
GET /img/_pictures/fsk16/m/cl07.jpg?915365 HTTP/1.1
Host: lpmedia.servefilesonly.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ww2.casualdating.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Sep 2022 20:47:01 GMT
content-type: image/jpeg
content-length: 44220
cf-bgj: h2pri
access-control-allow-origin: *
cache-control: public, max-age=43200
etag: "630edcea-acbc"
last-modified: Wed, 31 Aug 2022 04:00:42 GMT
cf-cache-status: HIT
age: 16635
expires: Sat, 03 Sep 2022 08:47:01 GMT
accept-ranges: bytes
set-cookie: __cf_bm=4s1B7heDjTRPucuPaedt6qiQWLZ9PzTrstdCF1Fb5Wk-1662151621-0-AcQTf7BuVOCRhkqrxzNL0bEqHWvUNbeNyJLP9cBrkAZmpaHuJA4/3fdyT+iDVXrPpLL7oJPKvX+u/yAfu6jfDRI=; path=/; expires=Fri, 02-Sep-22 21:17:01 GMT; domain=.servefilesonly.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 74491932ab01b4ff-OSL
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d048ee5d2b958a17afc27a90cfda6710
1f829b1a72fbbff74278cdc42e904562cce00378
ba5376cfae8d9f744edfa6ee0f28b9d6ea132c0dc58c87bb06d1c193d880c395
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "BA5376CFAE8D9F744EDFA6EE0F28B9D6EA132C0DC58C87BB06D1C193D880C395"
Last-Modified: Fri, 02 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9483
Expires: Fri, 02 Sep 2022 23:25:04 GMT
Date: Fri, 02 Sep 2022 20:47:01 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d048ee5d2b958a17afc27a90cfda6710
1f829b1a72fbbff74278cdc42e904562cce00378
ba5376cfae8d9f744edfa6ee0f28b9d6ea132c0dc58c87bb06d1c193d880c395
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "BA5376CFAE8D9F744EDFA6EE0F28B9D6EA132C0DC58C87BB06D1C193D880C395"
Last-Modified: Fri, 02 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9483
Expires: Fri, 02 Sep 2022 23:25:04 GMT
Date: Fri, 02 Sep 2022 20:47:01 GMT
Connection: keep-alive
lpmedia.servefilesonly.com/img/_pictures/fsk16/m/cl08.jpg?915365
104.18.11.149200 OK 42 kB URL HTTP/2 lpmedia.servefilesonly.com/img/_pictures/fsk16/m/cl08.jpg?915365
IP 104.18.11.149:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 300x300, components 3\012- data
Hash bcd601ca4cd1611a6e99cc61a4fa6bd8
26528fc431b3f2e9da2473a1f0847fbbbb34bde9
80db6e373df2c1843225066bf688ff2af8fb4b6864fffb39f5799a20935b5d98
GET /img/_pictures/fsk16/m/cl08.jpg?915365 HTTP/1.1
Host: lpmedia.servefilesonly.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ww2.casualdating.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Sep 2022 20:47:01 GMT
content-type: image/jpeg
content-length: 42343
cf-bgj: h2pri
access-control-allow-origin: *
cache-control: public, max-age=43200
etag: "630edcea-a567"
last-modified: Wed, 31 Aug 2022 04:00:42 GMT
cf-cache-status: HIT
age: 16635
expires: Sat, 03 Sep 2022 08:47:01 GMT
accept-ranges: bytes
set-cookie: __cf_bm=niMyQMYIedtYikDvfy7UqyCcy7roQ_ZcT9MrV1V4su4-1662151621-0-AYIz9kTZl8U6IBLvuGLSk1xRzWE6/P8Uj8vRoUj5Pur3SU38zJaCAmNnwPVDh3lildc9gEarB6DRzeQwMoEpuZY=; path=/; expires=Fri, 02-Sep-22 21:17:01 GMT; domain=.servefilesonly.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 74491932ab02b4ff-OSL
X-Firefox-Spdy: h2
lpmedia.servefilesonly.com/js/plugins/jQueryUI/jquery-ui-1-12.min.js?915365
104.18.11.149200 OK 68 kB URL HTTP/2 lpmedia.servefilesonly.com/js/plugins/jQueryUI/jquery-ui-1-12.min.js?915365
IP 104.18.11.149:0
Hash 838244d6169128c5d671786c4d243773
aee7177a7cc8f723009a0a0d35e30445f6c01084
025bc70f46db5fc918da78859062add9263873828f5980f9050f960bbaa6a26b
GET /js/plugins/jQueryUI/jquery-ui-1-12.min.js?915365 HTTP/1.1
Host: lpmedia.servefilesonly.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ww2.casualdating.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Sep 2022 20:47:01 GMT
content-type: application/javascript
last-modified: Wed, 31 Aug 2022 04:01:25 GMT
vary: Accept-Encoding
etag: W/"630edd15-3dee5"
access-control-allow-origin: *
cache-control: public, max-age=43200
content-encoding: gzip
cf-cache-status: HIT
age: 16635
expires: Sat, 03 Sep 2022 08:47:01 GMT
set-cookie: __cf_bm=Y04tLuV4.hFEkXizJeQhnhsjDGjg3j_nmBBeLFPzwcw-1662151621-0-ARRX9L8ELyCIiOfqKfdeWLGnmhZFVEP6G4LLQrqeFLNiOOfnam8iFyGHnfGoMWtbRmA6gSl9Py1CevdemX41gho=; path=/; expires=Fri, 02-Sep-22 21:17:01 GMT; domain=.servefilesonly.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 74491932aaf7b4ff-OSL
X-Firefox-Spdy: h2
lpmedia.servefilesonly.com/widgets/corner/corner.css?915365
104.18.11.149200 OK 432 B URL HTTP/2 lpmedia.servefilesonly.com/widgets/corner/corner.css?915365
IP 104.18.11.149:0
Hash 7ce87487972c748b2608ab8213c6c61e
d79040bd6c082daa0bb650589ed550e23515a9c0
cde0be518db1ef08ae238141cfac42f3682acc57a39b1f47b2d6ea4eee1ce30a
GET /widgets/corner/corner.css?915365 HTTP/1.1
Host: lpmedia.servefilesonly.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ww2.casualdating.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Sep 2022 20:47:01 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=246
access-control-allow-origin: *
cache-control: public, max-age=43200
etag: W/"630edd18-f6"
last-modified: Wed, 31 Aug 2022 04:01:28 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 31725
expires: Sat, 03 Sep 2022 08:47:01 GMT
set-cookie: __cf_bm=rNRTdrG2Q2ItZKLszd4tbPrmEt3Nu0J9Rgi1VOuuOZ8-1662151621-0-ASreBsn+pgIlcEDBLDadlJVVMwrwqnUYr5uoXWsOU9HC0pboNNIuGTSRFAbhiwQPuaqa/crHWhXvvu1SZ94Fw0A=; path=/; expires=Fri, 02-Sep-22 21:17:01 GMT; domain=.servefilesonly.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 74491932fb6cb4ff-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js
216.58.207.234200 OK 30 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js
IP 216.58.207.234:0
File type ASCII text, with very long lines (32058)
Hash fc3fc31e5e7c0933dc18e562c1c071bf
a44c31323f6bd29e583cc585036e6eb39f7014a6
ddad766fb94b23efeb5574cdedc5e8446d496fb91bd0b08cd80be212e001055d
GET /ajax/libs/jquery/3.2.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ww2.casualdating.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30306
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 28 Aug 2022 22:01:23 GMT
expires: Mon, 28 Aug 2023 22:01:23 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
age: 427538
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 20cc30f2a41f9c5e824ea46460548950
c153b447d44cbbe8f30d7f490605d1a430af20a1
0f8bb96e7dfd8a6bb3d7eae1a958195cb8ca9f20e0ad8cd952c34267ff0625f3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Sep 2022 20:47:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
lpmedia.servefilesonly.com/img/_patterns/cl1-bg.jpg
104.18.11.149200 OK 329 kB URL HTTP/2 lpmedia.servefilesonly.com/img/_patterns/cl1-bg.jpg
IP 104.18.11.149:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 2263x1367, components 3\012- data
Size 329 kB (329094 bytes)
Hash af5c6708b88bcc5c9d407667b1ff778f
7b053efcbbd45b4af2f689271b46ae315f014817
fad1f28c28a08c3aa6f6d754395c48ade6ff08f24163a9359ee06efe4e5e7ec0
GET /img/_patterns/cl1-bg.jpg HTTP/1.1
Host: lpmedia.servefilesonly.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lpmedia.servefilesonly.com/style/templates/CircleLoader/orange.css?915365
Cookie: __cf_bm=YTATgLcO3tosSxJZ_DVZ6XIU1DGx3kCvd08H2gYj7Bk-1662151621-0-AXDcWctb58Bv3CRutdIRTysfQ330lpVvY1xQPrOIcSOcBfmDS5SQH90hnkN2wrWcK7e/Kz7lSSiWZOIU3mx+dug=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Sep 2022 20:47:01 GMT
content-type: image/jpeg
content-length: 329094
cf-bgj: h2pri
access-control-allow-origin: *
cache-control: public, max-age=43200
etag: "630edcdf-50586"
last-modified: Wed, 31 Aug 2022 04:00:31 GMT
cf-cache-status: HIT
age: 6190
expires: Sat, 03 Sep 2022 08:47:01 GMT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 744919337c31b4ff-OSL
X-Firefox-Spdy: h2
ww2.casualdating.com/sbbi/?sbbpg=utMedia&vii=5hb415b5ce82307c7cec4ef9091ed3d57d434ad4b810d517e2ce4f332ad24846n8i3o2j0
151.139.128.11200 OK 514 B URL HTTP/2 ww2.casualdating.com/sbbi/?sbbpg=utMedia&vii=5hb415b5ce82307c7cec4ef9091ed3d57d434ad4b810d517e2ce4f332ad24846n8i3o2j0
IP 151.139.128.11:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d640549dc6d513bbc61fc2921c3655ad
01b0bfd2286b7963ac959df2bbab5dbbb74959e2
6f743436638678ed1c9e15ed18ce16e4ccd64ce5406de71524d451190da8a706
GET /sbbi/?sbbpg=utMedia&vii=5hb415b5ce82307c7cec4ef9091ed3d57d434ad4b810d517e2ce4f332ad24846n8i3o2j0 HTTP/1.1
Host: ww2.casualdating.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ww2.casualdating.com/landing/cl6001?clickId=dbfc669f-cd88-44b7-b172-8baff1e212cb&tracker=SGM_Pro&publisher=31015&subPublisher=&zz=true&hit_id=dbfc669f-cd88-44b7-b172-8baff1e212cb&tp_redirect_id=dbfc669f-cd88-44b7-b172-8baff1e212cb
Cookie: UTGv2=h455e20ccce99e35d3a480572ef3a2868320; SPSI=5b1bc8377e4f01dd744db1d1ec432d44; SPSE=SqnVL+MT2hJ4F1eT4cyQTSXpwm4TBcaKqNkH8iNNwhIeauK1pGfATubjT92xIOwW6XPsrlz7/tm7JW22dTgBDQ==; spcsrf=4d16caeadead54362168f8e09c527bb2; PHPSESSID=111l3qnppt7b2j4ed491rvolu2; sp_lit=1v3MqC03FhaXLNS+/TKeFA==; PRLST=Pi
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Sep 2022 20:47:01 GMT
cache-control: no-store, no-cache, max-age=0, must-revalidate, private, max-stale=0, post-check=0, pre-check=0
content-type: image/gif
server: fbs
x-accel-expires: 0
x-hw: 1662151621.cds014.sk1.hn,1662151621.cds253.sk1.sc,1662151621.cdn2-wafbe02-arn1.stackpath.systems.-.i,1662151621.cds253.sk1.p
access-control-allow-origin: *
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 7ce90d6fafa13d92fcf445b688f0389f
480461a46fc291cbcdf6218c7743779d7e862788
dd33483769f6c715aeb257c2955147c1a5a47b0af1684190247701465af8af6c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Sep 2022 20:47:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
104.18.11.207200 OK 32 kB URL HTTP/2 maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
IP 104.18.11.207:0
File type ASCII text, with very long lines (30837)
Hash aded3c7b794ca6561960be8552f6a53a
d8a80e37f0c30233ba05370dcaf7c2ede43f139a
ae1d71d28eb6c4da832e393393f0f91de957b7f6fdd8f1d07f90d741a7171dbd
GET /font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ww2.casualdating.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Sep 2022 20:47:01 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: SE
cdn-edgestorageid: 722, 617
last-modified: Mon, 25 Jan 2021 22:04:55 GMT
cdn-cachedat: 2021-03-10 20:26:20
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-content-type-options: nosniff
cdn-requestid: 121d365db7a9aba3915641185d93b963
cdn-cache: HIT
cf-cache-status: HIT
age: 11462428
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 74491932ae301bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
lpmedia.servefilesonly.com/js/plugins/jQueryUI/jquery-ui-1-12.min.css?915365
104.18.11.149200 OK 11 kB URL HTTP/2 lpmedia.servefilesonly.com/js/plugins/jQueryUI/jquery-ui-1-12.min.css?915365
IP 104.18.11.149:0
Hash 2159574f773b2a448924fe11e43e00b2
a8120ee34f73da95651e4a31cd33e97d395e5fd5
1f26546f33d87ed016026b2a3c78da11829ca9e70b8bf268d05daa08a1efe680
GET /js/plugins/jQueryUI/jquery-ui-1-12.min.css?915365 HTTP/1.1
Host: lpmedia.servefilesonly.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ww2.casualdating.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Sep 2022 20:47:01 GMT
content-type: text/css
last-modified: Wed, 31 Aug 2022 04:01:25 GMT
vary: Accept-Encoding
etag: W/"630edd15-7d4c"
access-control-allow-origin: *
cache-control: public, max-age=43200
content-encoding: gzip
cf-cache-status: HIT
age: 16635
expires: Sat, 03 Sep 2022 08:47:01 GMT
set-cookie: __cf_bm=mQnvKaRTzPyYwRYceFt7SsJtdal.hxmzlxZKAWiwMJ4-1662151621-0-AelV58XPp4ApyhHSFpkxYQIuWGVPajOLBRID0cA2HKOUHy5DbgsmoKH5eYLm2J4vBizCwyiiVq9BGcNmTvXCmRM=; path=/; expires=Fri, 02-Sep-22 21:17:01 GMT; domain=.servefilesonly.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 74491932ab03b4ff-OSL
X-Firefox-Spdy: h2
lpmedia.servefilesonly.com/img/_patterns/apple-touch-icon.png?915365
104.18.11.149200 OK 67 B URL HTTP/2 lpmedia.servefilesonly.com/img/_patterns/apple-touch-icon.png?915365
IP 104.18.11.149:0
File type PNG image data, 1 x 1, 1-bit grayscale, non-interlaced\012- data
Hash 87e729aeec558580ccce1056cba7379b
1b739b74ebf7b2baaf4981301f48a15858cb5431
15d0d8531d9628928db8adcd1c3d3406d6ce67fa01926a3b73b054b4f34b93a4
GET /img/_patterns/apple-touch-icon.png?915365 HTTP/1.1
Host: lpmedia.servefilesonly.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ww2.casualdating.com/
Cookie: __cf_bm=YTATgLcO3tosSxJZ_DVZ6XIU1DGx3kCvd08H2gYj7Bk-1662151621-0-AXDcWctb58Bv3CRutdIRTysfQ330lpVvY1xQPrOIcSOcBfmDS5SQH90hnkN2wrWcK7e/Kz7lSSiWZOIU3mx+dug=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Sep 2022 20:47:01 GMT
content-type: image/png
content-length: 67
last-modified: Wed, 31 Aug 2022 04:00:31 GMT
etag: "630edcdf-43"
access-control-allow-origin: *
cache-control: public, max-age=43200
cf-cache-status: HIT
age: 31670
expires: Sat, 03 Sep 2022 08:47:01 GMT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 744919345d2eb4ff-OSL
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 7ce90d6fafa13d92fcf445b688f0389f
480461a46fc291cbcdf6218c7743779d7e862788
dd33483769f6c715aeb257c2955147c1a5a47b0af1684190247701465af8af6c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Sep 2022 20:47:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ww2.casualdating.com/sbbi/?sbbpg=sbbShell&gprid=Pi
151.139.128.11200 OK 18 kB URL HTTP/2 ww2.casualdating.com/sbbi/?sbbpg=sbbShell&gprid=Pi
IP 151.139.128.11:0
Hash ce425ea4ce92bfe0e9c45347b6bdc674
040dba2f6ad7ac2031261907949272ae04a8464b
55d2eee0395d65d4624c35c334a23606445cf00a3924a13fdb8d0f2800ed695c
GET /sbbi/?sbbpg=sbbShell&gprid=Pi HTTP/1.1
Host: ww2.casualdating.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ww2.casualdating.com/sbbi/?sbbpg=sbbShell&gprid=Pi&sbbgs=h455e20ccce99e35d3a480572ef3a2868320&ddl=-1
Cookie: UTGv2=h455e20ccce99e35d3a480572ef3a2868320; SPSI=5b1bc8377e4f01dd744db1d1ec432d44; SPSE=SqnVL+MT2hJ4F1eT4cyQTSXpwm4TBcaKqNkH8iNNwhIeauK1pGfATubjT92xIOwW6XPsrlz7/tm7JW22dTgBDQ==; spcsrf=4d16caeadead54362168f8e09c527bb2; PHPSESSID=111l3qnppt7b2j4ed491rvolu2; sp_lit=1v3MqC03FhaXLNS+/TKeFA==; PRLST=Pi; adOtr=cbb8571734e
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Sep 2022 20:47:02 GMT
cache-control: no-store, no-cache, max-age=0, must-revalidate, private, max-stale=0, post-check=0, pre-check=0
content-encoding: gzip
content-type: text/html; charset=UTF-8
server: fbs
x-accel-expires: 0
x-hw: 1662151622.cds014.sk1.hn,1662151622.cds264.sk1.sc,1662151622.cdn2-wafbe04-arn1.stackpath.systems.-.i,1662151622.cds264.sk1.p
access-control-allow-origin: *
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22bc4d5a-9f0a-4b9f-a3a8-5d297d24ea9a.jpeg
34.120.237.76200 OK 7.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22bc4d5a-9f0a-4b9f-a3a8-5d297d24ea9a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b01e38b12bffb2f525351913eaa246cb
b7f8c0db9e2ddc795726b77b8f8f21037611fca8
e06e127b8ab197f09cc1b4a18d643908aef03898e86a80ca5f901865bfdbd5fd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22bc4d5a-9f0a-4b9f-a3a8-5d297d24ea9a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 7174
x-amzn-requestid: 6b46447e-a28e-4ae8-978e-6729da4aff62
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XzL6_FraoAMFQIA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631126ac-67d9e46104e9215a6f13c224;Sampled=0
x-amzn-remapped-date: Thu, 01 Sep 2022 21:39:56 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 2i14aRjpjm1-vRDgZ_8YpQl8Qhur_k3O69OG7XlQhwumXksEGXiKZQ==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 31119c39c5a6dc62dfa1fe940afd7be2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Sep 2022 22:32:42 GMT
etag: "b7f8c0db9e2ddc795726b77b8f8f21037611fca8"
content-type: image/jpeg
age: 80063
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
lpmedia.servefilesonly.com/js/plugins/owlCarousel/script.js?915365
104.18.11.149200 OK 0 B URL HTTP/2 lpmedia.servefilesonly.com/js/plugins/owlCarousel/script.js?915365
IP 104.18.11.149:0
GET /js/plugins/owlCarousel/script.js?915365 HTTP/1.1
Host: lpmedia.servefilesonly.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ww2.casualdating.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Sep 2022 20:47:01 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=89994
access-control-allow-origin: *
cache-control: public, max-age=43200
etag: W/"630edd15-15f8a"
last-modified: Wed, 31 Aug 2022 04:01:25 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 16635
expires: Sat, 03 Sep 2022 08:47:01 GMT
set-cookie: __cf_bm=7dmGo7pi9aTlskZwd1_sBWY3NdkMXB1SDwCMtYGEByI-1662151621-0-ARxmofWM0LRmGhxGfhMPXumLZfw+EKFpjdIgdgEPEZlMBkLgI2X1T4XfJKRe9rDjG1SdSrhLj+ESYlvw6q41Sqc=; path=/; expires=Fri, 02-Sep-22 21:17:01 GMT; domain=.servefilesonly.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 74491932aaf5b4ff-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
lpmedia.servefilesonly.com/js/registration.js?915365
104.18.11.149200 OK 0 B URL HTTP/2 lpmedia.servefilesonly.com/js/registration.js?915365
IP 104.18.11.149:0
GET /js/registration.js?915365 HTTP/1.1
Host: lpmedia.servefilesonly.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ww2.casualdating.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Sep 2022 20:47:01 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=18832
access-control-allow-origin: *
cache-control: public, max-age=43200
etag: W/"630edd15-4990"
last-modified: Wed, 31 Aug 2022 04:01:25 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 29156
expires: Sat, 03 Sep 2022 08:47:01 GMT
set-cookie: __cf_bm=A6BubbwtSrTJiQK8uh3i7lrIwHFAWIpNlHvIw27dDUE-1662151621-0-AeD3myEQ0b6VjbKXS45Rk/DnqTFPg6xbSqm/wmo1OQe6CMeVilIBPjk/uJiT/79vRqRt85wsUKPelA8hltbQJlU=; path=/; expires=Fri, 02-Sep-22 21:17:01 GMT; domain=.servefilesonly.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 74491932aaf8b4ff-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
lpmedia.servefilesonly.com/style/plugins/owlCarousel/owl.carousel.min.css?915365
104.18.11.149200 OK 0 B URL HTTP/2 lpmedia.servefilesonly.com/style/plugins/owlCarousel/owl.carousel.min.css?915365
IP 104.18.11.149:0
GET /style/plugins/owlCarousel/owl.carousel.min.css?915365 HTTP/1.1
Host: lpmedia.servefilesonly.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ww2.casualdating.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Sep 2022 20:47:01 GMT
content-type: text/css
last-modified: Wed, 31 Aug 2022 04:01:28 GMT
vary: Accept-Encoding
etag: W/"630edd18-b66"
access-control-allow-origin: *
cache-control: public, max-age=43200
content-encoding: gzip
cf-cache-status: HIT
age: 16635
expires: Sat, 03 Sep 2022 08:47:01 GMT
set-cookie: __cf_bm=YTATgLcO3tosSxJZ_DVZ6XIU1DGx3kCvd08H2gYj7Bk-1662151621-0-AXDcWctb58Bv3CRutdIRTysfQ330lpVvY1xQPrOIcSOcBfmDS5SQH90hnkN2wrWcK7e/Kz7lSSiWZOIU3mx+dug=; path=/; expires=Fri, 02-Sep-22 21:17:01 GMT; domain=.servefilesonly.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 74491932fb71b4ff-OSL
X-Firefox-Spdy: h2
lpmedia.servefilesonly.com/js/helpers/validation.js?915365
104.18.11.149200 OK 0 B URL HTTP/2 lpmedia.servefilesonly.com/js/helpers/validation.js?915365
IP 104.18.11.149:0
GET /js/helpers/validation.js?915365 HTTP/1.1
Host: lpmedia.servefilesonly.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ww2.casualdating.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Sep 2022 20:47:01 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=11177
access-control-allow-origin: *
cache-control: public, max-age=43200
etag: W/"630edd15-2ba9"
last-modified: Wed, 31 Aug 2022 04:01:25 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 31597
expires: Sat, 03 Sep 2022 08:47:01 GMT
set-cookie: __cf_bm=uumiFcVpU0S9ABiHmFxFDdH8OddsXfe2SnsmSVMgmNw-1662151621-0-AZHpyiulW2QPq5s6ipBCQzVNsrN9YLlDvhOgtvXXZEs65cJFyVJFJr/MuGi1r861G8+1KqMgdvz8/BMO95lz37M=; path=/; expires=Fri, 02-Sep-22 21:17:01 GMT; domain=.servefilesonly.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 74491932aaf6b4ff-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
lpmedia.servefilesonly.com/style/templates/CircleLoader/orange.css?915365
104.18.11.149200 OK 0 B URL HTTP/2 lpmedia.servefilesonly.com/style/templates/CircleLoader/orange.css?915365
IP 104.18.11.149:0
GET /style/templates/CircleLoader/orange.css?915365 HTTP/1.1
Host: lpmedia.servefilesonly.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ww2.casualdating.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Sep 2022 20:47:01 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=19013
access-control-allow-origin: *
cache-control: public, max-age=43200
etag: W/"630edd18-4a45"
last-modified: Wed, 31 Aug 2022 04:01:28 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 16635
expires: Sat, 03 Sep 2022 08:47:01 GMT
set-cookie: __cf_bm=Ef.M1ueBRiFI6kx6UAUdnsEyvnep7fbAWBIQF07wgAA-1662151621-0-AduE3C/JI9XpKTZWPo6+0L+DXXK3ACBnX8TorC5sypeavbePpWifEdYutLjS8CIFo0qTtC2EvDoLC81DDzsmLoI=; path=/; expires=Fri, 02-Sep-22 21:17:01 GMT; domain=.servefilesonly.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 74491932eb49b4ff-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
lpmedia.servefilesonly.com/img/_pictures/fsk16/m/cl03.jpg?915365
104.18.11.149200 OK 0 B URL HTTP/2 lpmedia.servefilesonly.com/img/_pictures/fsk16/m/cl03.jpg?915365
IP 104.18.11.149:0
GET /img/_pictures/fsk16/m/cl03.jpg?915365 HTTP/1.1
Host: lpmedia.servefilesonly.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ww2.casualdating.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Sep 2022 20:47:01 GMT
content-type: image/jpeg
content-length: 47201
cf-bgj: h2pri
access-control-allow-origin: *
cache-control: public, max-age=43200
etag: "630edcea-b861"
last-modified: Wed, 31 Aug 2022 04:00:42 GMT
cf-cache-status: HIT
age: 16635
expires: Sat, 03 Sep 2022 08:47:01 GMT
accept-ranges: bytes
set-cookie: __cf_bm=UuRDLJjVmB70o5_rz59jYr5hC3oJWb9HS6DG62brqe4-1662151621-0-AZKRY/kssYYOEv9SLfYiPnY4LjG4lEF+oDFL36W4+fxsP6wUB73WhTIyyov4+KqAiC+IAOiZ12ipm0iy987Hl0A=; path=/; expires=Fri, 02-Sep-22 21:17:01 GMT; domain=.servefilesonly.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 74491932aafdb4ff-OSL
X-Firefox-Spdy: h2
lpmedia.servefilesonly.com/js/plugins/circle-progress.js?915365
104.18.11.149200 OK 0 B URL HTTP/2 lpmedia.servefilesonly.com/js/plugins/circle-progress.js?915365
IP 104.18.11.149:0
GET /js/plugins/circle-progress.js?915365 HTTP/1.1
Host: lpmedia.servefilesonly.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ww2.casualdating.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Sep 2022 20:47:01 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=12455
access-control-allow-origin: *
cache-control: public, max-age=43200
etag: W/"630edd15-30a7"
last-modified: Wed, 31 Aug 2022 04:01:25 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 16635
expires: Sat, 03 Sep 2022 08:47:01 GMT
set-cookie: __cf_bm=kHqLoQIypX2VWSjN_HUhO.d_Jp2wjmXJbW3pCs51OCE-1662151621-0-AQjNAAe+n3+RhW166HiOggA5DRi8OuGclCrO+QFrOFyeozsjkyJ+9vCGMljvqGfaFo5LHW0YSrZdVVg7AsbWOQo=; path=/; expires=Fri, 02-Sep-22 21:17:01 GMT; domain=.servefilesonly.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 74491932eb55b4ff-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.onesignal.com/sdks/OneSignalSDK.js
104.18.225.52200 OK 0 B URL HTTP/2 cdn.onesignal.com/sdks/OneSignalSDK.js
IP 104.18.225.52:0
GET /sdks/OneSignalSDK.js HTTP/1.1
Host: cdn.onesignal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ww2.casualdating.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Sep 2022 20:47:01 GMT
content-type: application/javascript
etag: W/"ae63ef8ff03da61fffaa7f165729897a"
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: HIT
age: 123
expires: Mon, 05 Sep 2022 20:47:01 GMT
cache-control: public, max-age=259200
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
server: cloudflare
cf-ray: 74491932edcab524-OSL
content-encoding: br
X-Firefox-Spdy: h2
ww2.casualdating.com/sbbi/?sbbpg=sbbShell&gprid=Pi&sbbgs=h455e20ccce99e35d3a480572ef3a2868320&ddl=-1
151.139.128.11200 OK 0 B URL HTTP/2 ww2.casualdating.com/sbbi/?sbbpg=sbbShell&gprid=Pi&sbbgs=h455e20ccce99e35d3a480572ef3a2868320&ddl=-1
IP 151.139.128.11:0
POST /sbbi/?sbbpg=sbbShell&gprid=Pi&sbbgs=h455e20ccce99e35d3a480572ef3a2868320&ddl=-1 HTTP/1.1
Host: ww2.casualdating.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 502
Origin: https://ww2.casualdating.com
Connection: keep-alive
Referer: https://ww2.casualdating.com/sbbi/?sbbpg=sbbShell&gprid=Pi&sbbgs=h455e20ccce99e35d3a480572ef3a2868320&ddl=-1
Cookie: UTGv2=h455e20ccce99e35d3a480572ef3a2868320; SPSI=5b1bc8377e4f01dd744db1d1ec432d44; SPSE=SqnVL+MT2hJ4F1eT4cyQTSXpwm4TBcaKqNkH8iNNwhIeauK1pGfATubjT92xIOwW6XPsrlz7/tm7JW22dTgBDQ==; spcsrf=4d16caeadead54362168f8e09c527bb2; PHPSESSID=111l3qnppt7b2j4ed491rvolu2; sp_lit=1v3MqC03FhaXLNS+/TKeFA==; PRLST=Pi; adOtr=cbb8571734e
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Sep 2022 20:47:02 GMT
cache-control: no-store, no-cache, max-age=0, must-revalidate, private, max-stale=0, post-check=0, pre-check=0
content-encoding: gzip
content-type: text/html; charset=UTF-8
server: fbs
x-accel-expires: 0
x-hw: 1662151622.cds014.sk1.hn,1662151622.cds015.sk1.sc,1662151622.cdn2-redis02-arn1.stackpath.systems.-.i,1662151622.cds015.sk1.p
access-control-allow-origin: *
X-Firefox-Spdy: h2
lpmedia.servefilesonly.com/js/popwin.js?915365
104.18.11.149200 OK 0 B URL HTTP/2 lpmedia.servefilesonly.com/js/popwin.js?915365
IP 104.18.11.149:0
GET /js/popwin.js?915365 HTTP/1.1
Host: lpmedia.servefilesonly.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ww2.casualdating.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Sep 2022 20:47:01 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=1177
access-control-allow-origin: *
cache-control: public, max-age=43200
etag: W/"630edd15-499"
last-modified: Wed, 31 Aug 2022 04:01:25 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 31725
expires: Sat, 03 Sep 2022 08:47:01 GMT
set-cookie: __cf_bm=_P5OhrRXjGd_FE3M1iGWYbCzVi3ZrWdO1BjW26Vyblw-1662151621-0-AciYxEC0+S5/lEOxSzVAH/9Zm89zqQ5NKVFzG9Gk30V+8OuY54XZnWJPqd0QPj56RTL5vlHVUfQuwI72uzhjvvM=; path=/; expires=Fri, 02-Sep-22 21:17:01 GMT; domain=.servefilesonly.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 74491932aafab4ff-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
ww2.casualdating.com/sbbi/?sbbpg=sbbShell&gprid=Pi
151.139.128.11200 OK 0 B URL HTTP/2 ww2.casualdating.com/sbbi/?sbbpg=sbbShell&gprid=Pi
IP 151.139.128.11:0
POST /sbbi/?sbbpg=sbbShell&gprid=Pi HTTP/1.1
Host: ww2.casualdating.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 490
Origin: https://ww2.casualdating.com
Connection: keep-alive
Referer: https://ww2.casualdating.com/sbbi/?sbbpg=sbbShell&gprid=Pi
Cookie: UTGv2=h455e20ccce99e35d3a480572ef3a2868320; SPSI=5b1bc8377e4f01dd744db1d1ec432d44; SPSE=SqnVL+MT2hJ4F1eT4cyQTSXpwm4TBcaKqNkH8iNNwhIeauK1pGfATubjT92xIOwW6XPsrlz7/tm7JW22dTgBDQ==; spcsrf=4d16caeadead54362168f8e09c527bb2; PHPSESSID=111l3qnppt7b2j4ed491rvolu2; sp_lit=1v3MqC03FhaXLNS+/TKeFA==; PRLST=Pi; adOtr=cbb8571734e
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Sep 2022 20:47:02 GMT
cache-control: no-store, no-cache, max-age=0, must-revalidate, private, max-stale=0, post-check=0, pre-check=0
content-encoding: gzip
content-type: text/html; charset=UTF-8
server: fbs
x-accel-expires: 0
x-hw: 1662151622.cds014.sk1.hn,1662151622.cds243.sk1.sc,1662151622.cdn2-wafbe03-arn1.stackpath.systems.-.i,1662151622.cds243.sk1.p
access-control-allow-origin: *
X-Firefox-Spdy: h2
ww2.casualdating.com/landing/cl6001?clickId=dbfc669f-cd88-44b7-b172-8baff1e212cb&tracker=SGM_Pro&publisher=31015&subPublisher=&zz=true&hit_id=dbfc669f-cd88-44b7-b172-8baff1e212cb&tp_redirect_id=dbfc669f-cd88-44b7-b172-8baff1e212cb
151.139.128.11200 OK 0 B URL HTTP/2 ww2.casualdating.com/landing/cl6001?clickId=dbfc669f-cd88-44b7-b172-8baff1e212cb&tracker=SGM_Pro&publisher=31015&subPublisher=&zz=true&hit_id=dbfc669f-cd88-44b7-b172-8baff1e212cb&tp_redirect_id=dbfc669f-cd88-44b7-b172-8baff1e212cb
IP 151.139.128.11:0
GET /landing/cl6001?clickId=dbfc669f-cd88-44b7-b172-8baff1e212cb&tracker=SGM_Pro&publisher=31015&subPublisher=&zz=true&hit_id=dbfc669f-cd88-44b7-b172-8baff1e212cb&tp_redirect_id=dbfc669f-cd88-44b7-b172-8baff1e212cb HTTP/1.1
Host: ww2.casualdating.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://artax-evn.com/
Connection: keep-alive
Cookie: UTGv2=h419e13d6f61e42f5520d2cdada50edd3d56
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Sep 2022 20:47:01 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-encoding: gzip
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With, Content-Type, Accept, Origin, Authorization,
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD
pragma: no-cache
server: fbs
set-cookie: SPSI=5b1bc8377e4f01dd744db1d1ec432d44; path=/; HttpOnly; SameSite=Lax;
SPSE=SqnVL+MT2hJ4F1eT4cyQTSXpwm4TBcaKqNkH8iNNwhIeauK1pGfATubjT92xIOwW6XPsrlz7/tm7JW22dTgBDQ==; path=/; HttpOnly; SameSite=Lax;
spcsrf=4d16caeadead54362168f8e09c527bb2; path=/; SameSite=Strict; HttpOnly; expires=Fri, 02-Sep-22 22:47:01 GMT
adOtr=obsvl; path=/; SameSite=Lax; expires=Thu, 2 Aug 2001 20:47:11 UTC
UTGv2=D-h455e20ccce99e35d3a480572ef3a2868320; path=/; SameSite=Lax; expires=Wed, 01-Mar-23 20:47:01 GMT
PHPSESSID=111l3qnppt7b2j4ed491rvolu2; path=/
sp_lit=1v3MqC03FhaXLNS+/TKeFA==; path=/; SameSite=Strict; HttpOnly; expires=Fri, 02-Sep-22 20:52:01 GMT
x-hw: 1662151621.cds014.sk1.hn,1662151621.cds003.sk1.sc,1662151621.cdn2-wafbe02-arn1.stackpath.systems.-.wx,1662151621.cds003.sk1.p
X-Firefox-Spdy: h2
lpmedia.servefilesonly.com/style/layout/animation.css?915365
104.18.11.149200 OK 0 B URL HTTP/2 lpmedia.servefilesonly.com/style/layout/animation.css?915365
IP 104.18.11.149:0
GET /style/layout/animation.css?915365 HTTP/1.1
Host: lpmedia.servefilesonly.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ww2.casualdating.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Sep 2022 20:47:01 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=2320
access-control-allow-origin: *
cache-control: public, max-age=43200
etag: W/"630edd18-910"
last-modified: Wed, 31 Aug 2022 04:01:28 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 31701
expires: Sat, 03 Sep 2022 08:47:01 GMT
set-cookie: __cf_bm=3HBLpiYVG9GMkNgrxhsL_y0Vkvs0mdYPL2YU4n3MBv0-1662151621-0-AVavmYitd/+TCs8OJRXObSKRQb1UsepLrL+RTE2zDzZ5tZM5yjW4C77ReWV/UmOnBdD1sbYY/54cTC8TPmm12fU=; path=/; expires=Fri, 02-Sep-22 21:17:01 GMT; domain=.servefilesonly.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 74491932aaf4b4ff-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
ww2.casualdating.com/sbbi/?sbbpg=sbbShell&gprid=Pi&sbbgs=h455e20ccce99e35d3a480572ef3a2868320&ddl=-1
151.139.128.11200 OK 0 B URL HTTP/2 ww2.casualdating.com/sbbi/?sbbpg=sbbShell&gprid=Pi&sbbgs=h455e20ccce99e35d3a480572ef3a2868320&ddl=-1
IP 151.139.128.11:0
GET /sbbi/?sbbpg=sbbShell&gprid=Pi&sbbgs=h455e20ccce99e35d3a480572ef3a2868320&ddl=-1 HTTP/1.1
Host: ww2.casualdating.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ww2.casualdating.com/landing/cl6001?clickId=dbfc669f-cd88-44b7-b172-8baff1e212cb&tracker=SGM_Pro&publisher=31015&subPublisher=&zz=true&hit_id=dbfc669f-cd88-44b7-b172-8baff1e212cb&tp_redirect_id=dbfc669f-cd88-44b7-b172-8baff1e212cb
Cookie: UTGv2=h455e20ccce99e35d3a480572ef3a2868320; SPSI=5b1bc8377e4f01dd744db1d1ec432d44; SPSE=SqnVL+MT2hJ4F1eT4cyQTSXpwm4TBcaKqNkH8iNNwhIeauK1pGfATubjT92xIOwW6XPsrlz7/tm7JW22dTgBDQ==; spcsrf=4d16caeadead54362168f8e09c527bb2; PHPSESSID=111l3qnppt7b2j4ed491rvolu2; sp_lit=1v3MqC03FhaXLNS+/TKeFA==; PRLST=Pi
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Sep 2022 20:47:01 GMT
cache-control: no-store, no-cache, max-age=0, must-revalidate, private, max-stale=0, post-check=0, pre-check=0
content-encoding: gzip
content-type: text/html; charset=UTF-8
server: fbs
x-accel-expires: 0
x-hw: 1662151621.cds014.sk1.hn,1662151621.cds229.sk1.sc,1662151621.cdn2-wafbe02-arn1.stackpath.systems.-.i,1662151621.cds229.sk1.p
access-control-allow-origin: *
X-Firefox-Spdy: h2