qwqwq.7dbfa.he.wy5532.com/
81.171.22.5200 OK 486 B URL HTTP/1.1 qwqwq.7dbfa.he.wy5532.com/
IP 81.171.22.5:0
ASN #60781 LeaseWeb Netherlands B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (486), with no line terminators
Hash 08766bb593f0cdd6aec97efcfcf2f4a8
9885788ac297952257bf10e6c5138581f30f636e
31a5549f24aacb1f97cfb7fb2fa38f7b7c560662b888bbba3472fb9fdc49ef86
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: qwqwq.7dbfa.he.wy5532.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 486
content-type: text/html; charset=utf-8
date: Tue, 31 Jan 2023 19:09:41 GMT
server: nginx
set-cookie: sid=d12a72de-a19a-11ed-95d0-71ac99e39eda; path=/; domain=.wy5532.com; expires=Sun, 18 Feb 2091 22:23:49 GMT; max-age=2147483647; HttpOnly
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d2e72d45afe3d391c204b5391599607c
149d68b9d00a720b6f380fa2324779dca9dbe26d
f6f1c295c68dfebadacb1fc812b44e01c7ede0e203615ef3e2cced2ce2251e7e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F6F1C295C68DFEBADACB1FC812B44E01C7EDE0E203615EF3E2CCED2CE2251E7E"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4892
Expires: Tue, 31 Jan 2023 20:31:14 GMT
Date: Tue, 31 Jan 2023 19:09:42 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 0c35c3ec659d3a26ea97e68d787bb043
d97e3672244efec5b7814f2d8a734cd1a9387854
4c946a026114ff05316d92277750facf3d5f5d162839149da0b7fb1a4cff6b5e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4C946A026114FF05316D92277750FACF3D5F5D162839149DA0B7FB1A4CFF6B5E"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7376
Expires: Tue, 31 Jan 2023 21:12:38 GMT
Date: Tue, 31 Jan 2023 19:09:42 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Backoff, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 31 Jan 2023 18:43:18 GMT
content-type: application/json
age: 1584
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 09ee4b0fe6cf4ca5ed31b24452338d00
7e62b6e20f0d4737f4a8d94f9818a0883027839e
56da08e18a408d7313de4e598984a251a0ecf85bbba98b421be9aebeb98835af
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "56DA08E18A408D7313DE4E598984A251A0ECF85BBBA98B421BE9AEBEB98835AF"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10670
Expires: Tue, 31 Jan 2023 22:07:32 GMT
Date: Tue, 31 Jan 2023 19:09:42 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: a3qK4rFugMS8K4h5KebIhB26up/owjMxBySdoAxM4jqXVUnyC0YbA5DtuMvfIjHwNkRqDeBYmVPUMiQK5UcZkw==
x-amz-request-id: J85EMPRYJKXZPJYV
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 31 Jan 2023 18:51:16 GMT
age: 1106
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 31 Jan 2023 19:09:42 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
qwqwq.7dbfa.he.wy5532.com/favicon.ico
81.171.22.5404 Not Found 9 B URL HTTP/1.1 qwqwq.7dbfa.he.wy5532.com/favicon.ico
IP 81.171.22.5:0
ASN #60781 LeaseWeb Netherlands B.V.
File type ASCII text, with no line terminators
Hash d8f4a1993546cc4b850cde3599e27aec
094b763b4cfcc0b05e5d040581cd513c3ca08067
907ba78b4545338d3539683e63ecb51cf51c10adc9dabd86e92bd52339f298b9
GET /favicon.ico HTTP/1.1
Host: qwqwq.7dbfa.he.wy5532.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://qwqwq.7dbfa.he.wy5532.com/
Cookie: sid=d12a72de-a19a-11ed-95d0-71ac99e39eda
HTTP/1.1 404 Not Found
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 9
date: Tue, 31 Jan 2023 19:09:42 GMT
server: nginx
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Content-Type, ETag, Last-Modified, Alert, Retry-After, Content-Length, Cache-Control, Pragma, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 31 Jan 2023 18:49:04 GMT
age: 1239
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
qwqwq.7dbfa.he.wy5532.com/?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY3NTE5OTM4MiwiaWF0IjoxNjc1MTkyMTgyLCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIyc3Zua3FnbWpjYW41M204NWswZjVrMGUiLCJuYmYiOjE2NzUxOTIxODIsInRzIjoxNjc1MTkyMTgyNDY5NDA4fQ.6mJxlRTF8jEvyGr5AzRILIi6hS8YjQ7qWRtHMrExYAA&sid=d12a72de-a19a-11ed-95d0-71ac99e39eda
81.171.22.5302 Found 11 B URL HTTP/1.1 qwqwq.7dbfa.he.wy5532.com/?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY3NTE5OTM4MiwiaWF0IjoxNjc1MTkyMTgyLCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIyc3Zua3FnbWpjYW41M204NWswZjVrMGUiLCJuYmYiOjE2NzUxOTIxODIsInRzIjoxNjc1MTkyMTgyNDY5NDA4fQ.6mJxlRTF8jEvyGr5AzRILIi6hS8YjQ7qWRtHMrExYAA&sid=d12a72de-a19a-11ed-95d0-71ac99e39eda
IP 81.171.22.5:0
ASN #60781 LeaseWeb Netherlands B.V.
File type ASCII text, with no line terminators
Hash 32682312d17c7cbf18e73594f5570319
60e22121bdd0bc71cdb2bae2a3aa577006b2eae9
e55fb1a1d731153e943b68844af12dcce8bfac917c98ffdea64c80da0607dd47
GET /?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY3NTE5OTM4MiwiaWF0IjoxNjc1MTkyMTgyLCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIyc3Zua3FnbWpjYW41M204NWswZjVrMGUiLCJuYmYiOjE2NzUxOTIxODIsInRzIjoxNjc1MTkyMTgyNDY5NDA4fQ.6mJxlRTF8jEvyGr5AzRILIi6hS8YjQ7qWRtHMrExYAA&sid=d12a72de-a19a-11ed-95d0-71ac99e39eda HTTP/1.1
Host: qwqwq.7dbfa.he.wy5532.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://qwqwq.7dbfa.he.wy5532.com/
Cookie: sid=d12a72de-a19a-11ed-95d0-71ac99e39eda
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 11
date: Tue, 31 Jan 2023 19:09:42 GMT
location: http://btpnative.com/click?data=aEpwVG5CbjhQbm9BQVlDZTJlNWJ0dFhyelU4Yjl4aUI0NXVYZ0lzX3FabTg3U1ZwdEM1WjdGX3RfVFdYTTRGZ2FsMlFxUGk3aWpGbElZLUxJWThpS1BTcFJhMG0zZk44LURReUF1blhWdkZjdWpxQjFIS182dFdkeFI3SlZ5ZWo4U2pkaWJ0ckV3N0RqWXJ0NkZRWUZRMg2&id=c84d4dcd-bc6e-487c-975c-cab590117c0e
server: nginx
set-cookie: sid=d12a72de-a19a-11ed-95d0-71ac99e39eda; path=/; domain=.wy5532.com; expires=Sun, 18 Feb 2091 22:23:50 GMT; max-age=2147483647; HttpOnly
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 22b9916fc1fafc9bdc9bb37f9eac8a9a
86f640e134a741a0f906a8e3a0f5c6659dd0e394
a29ee843c8a39551a1507cc6ad949ad509e33aaae8b72c58ac4884bad8b0b38e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A29EE843C8A39551A1507CC6AD949AD509E33AAAE8B72C58AC4884BAD8B0B38E"
Last-Modified: Sun, 29 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2356
Expires: Tue, 31 Jan 2023 19:48:59 GMT
Date: Tue, 31 Jan 2023 19:09:43 GMT
Connection: keep-alive
btpnative.com/click?data=aEpwVG5CbjhQbm9BQVlDZTJlNWJ0dFhyelU4Yjl4aUI0NXVYZ0lzX3FabTg3U1ZwdEM1WjdGX3RfVFdYTTRGZ2FsMlFxUGk3aWpGbElZLUxJWThpS1BTcFJhMG0zZk44LURReUF1blhWdkZjdWpxQjFIS182dFdkeFI3SlZ5ZWo4U2pkaWJ0ckV3N0RqWXJ0NkZRWUZRMg2&id=c84d4dcd-bc6e-487c-975c-cab590117c0e
192.99.158.241200 OK 5.4 kB URL HTTP/1.1 btpnative.com/click?data=aEpwVG5CbjhQbm9BQVlDZTJlNWJ0dFhyelU4Yjl4aUI0NXVYZ0lzX3FabTg3U1ZwdEM1WjdGX3RfVFdYTTRGZ2FsMlFxUGk3aWpGbElZLUxJWThpS1BTcFJhMG0zZk44LURReUF1blhWdkZjdWpxQjFIS182dFdkeFI3SlZ5ZWo4U2pkaWJ0ckV3N0RqWXJ0NkZRWUZRMg2&id=c84d4dcd-bc6e-487c-975c-cab590117c0e
IP 192.99.158.241:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (320), with CRLF line terminators
Hash 432970d54a478774f347ac0b6141fc83
e74a954a5dd7e5c2512e6953d942d4186986a4b7
31b997bd9383214957a45db5cdd8c1d63987658e738b25e310b8a0339bf9d512
GET /click?data=aEpwVG5CbjhQbm9BQVlDZTJlNWJ0dFhyelU4Yjl4aUI0NXVYZ0lzX3FabTg3U1ZwdEM1WjdGX3RfVFdYTTRGZ2FsMlFxUGk3aWpGbElZLUxJWThpS1BTcFJhMG0zZk44LURReUF1blhWdkZjdWpxQjFIS182dFdkeFI3SlZ5ZWo4U2pkaWJ0ckV3N0RqWXJ0NkZRWUZRMg2&id=c84d4dcd-bc6e-487c-975c-cab590117c0e HTTP/1.1
Host: btpnative.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://qwqwq.7dbfa.he.wy5532.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/10.0
X-AspNetMvc-Version: 5.2
X-AspNet-Version: 4.0.30319
Set-Cookie: NXowqlWzRDpIoPB=NXowqlWzRDpIoPB; path=/
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type
Date: Tue, 31 Jan 2023 19:09:43 GMT
Content-Length: 5412
btpnative.com/Redirect/
192.99.158.241302 Found 1.5 kB IP 192.99.158.241:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (1427), with CRLF line terminators
Hash 90cf817126bd4c0c6a423c17ca918e19
fe9ee970065a69119f3d81cacc267f1cd14feb31
2812ab72f9746a521513db586f24d4b1f85b653f9c280071bd62b4d51ef8f5b0
POST /Redirect/ HTTP/1.1
Host: btpnative.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 329
Origin: http://btpnative.com
Connection: keep-alive
Referer: http://btpnative.com/click?data=aEpwVG5CbjhQbm9BQVlDZTJlNWJ0dFhyelU4Yjl4aUI0NXVYZ0lzX3FabTg3U1ZwdEM1WjdGX3RfVFdYTTRGZ2FsMlFxUGk3aWpGbElZLUxJWThpS1BTcFJhMG0zZk44LURReUF1blhWdkZjdWpxQjFIS182dFdkeFI3SlZ5ZWo4U2pkaWJ0ckV3N0RqWXJ0NkZRWUZRMg2&id=c84d4dcd-bc6e-487c-975c-cab590117c0e
Cookie: NXowqlWzRDpIoPB=NXowqlWzRDpIoPB
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: https://mybettermb.com/aS/feedclick?s=HFz5zNIIs95ROWPasgEEz6WqQjWtdjqafSMU3tyux_zz84p6QNRjgBwSB56cKSkXT2CTCm3P5TxbC7U30TJp2YOe9KpoUqG_KP9rM2-MnaYmDyfaZRNJu7CyP0WpYsxEJnFYxcsUig_ZjafmTRh4cHzsOTmPHHzVVhTaMWwinq7RGLacBI37lcvFlWEJ6AJqNXCmYCGlL8ySeEceI--DMnQf4m3kj471CL_p296zBYDqjKFd1t7GGjoWauJ0KmZKjqyI4xEVr87DR7FmpYlfDeLpFS7FxIncYfWc_LWSPY7F1fsWYFPafshoKGRslf0NddKsi7pJcNige8ZUo82FnH3oRPL0t3ZZh3LdaFNXKEb6XgTzXwJbO0SZ_K0jAJwPHlqJL7OlybGUtt83Iq61VSMc3By7sz9GScpP_fWLq7tGA2d8qnxNI5Oa7pUv-AWx7VRKX0M3Hqer27dyXDtNof4CEF3uzhnnpTDpfLXGhmZsPFiJ2XLUVWjoIhkxbMSDiVbOD23FtJmwjj9FrX4Bhjalx0WKThmwDt9LtBYgYit7uTkUxKxJRAlBjFaT70Z9Dzh3B9xj68zLbXC3P6OBOgRKX0bENZS8v-RsVLl9A-WcSVNrDmNQSfnrTsqbH_JrpfHBXx0zIn8K6lcmW2RBZxPWcqD1gA4If-PtquKvwQupBSK6G9damHHOGnuwRsF8OucNJsT-FQu5o6Z0JEfM65kSHR8wMseU5ImlzngRh5JhWFujM_vfbEH6Pp28hcq-zWhc4V0kMGECj1aY7VQVcEflAYgV0m617ZrfsKvzYyVwoVG6CYPhyPR7sNDOmsrFHnSIsYKIPbEDE9MnvY0e4jSXnWsezO5IW6SZabLMZaWM3cWutesQMNl6zmwxYmZRLjddtNgvdsvFKwAFgloip-ZQ5AdIgfoOE8JF80g8EcMMLluUHoZDmMjPOHSGnqiAg7yEzV9XtwOsi8FtPcgVd_fuLao04_hmufsZRntBDqVPNC_OJaKrruNNVC9UvhJwljCoRyouWo1FrxW_XL0h9YLdDyfApm4RBe5b4Dq96gT8S1bSh8E9vV8hvest8NZzf9v8amTUOOpzC4hrkrlaoTzudx6XBA39XVcMmR7o9X5PUTAv2x7AUWGKtkyD3Tx41W4yiEKU9Ei8FiDHvVbky1DRRZ4D0Ge1osxbopBq3dYhMKRq31KoHRvaeo6TLuvJEW5h629mKLAH9eYcMCMDhuXgjDNh4mKPbPlBHgksUaaDbUm_dXlPaZgcAQ22i0kehKq2wcHrhZCDbUm_dXlPadPExdJ3McGJ3iJIluMv8CPv651Q7QxrEyYNb-iWwdA0
Server: Microsoft-IIS/10.0
X-AspNetMvc-Version: 5.2
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type
Date: Tue, 31 Jan 2023 19:09:43 GMT
Content-Length: 1499
push.services.mozilla.com/
44.225.178.43101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 44.225.178.43:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: i0uFaJAUNzVFW4jUXwhLwA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: gbF2+m/Eyz3ysTr2wrgzOox/L/g=
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash bc288310c7a5f80bbc8e5dbeace292af
d68ca97515594770b04f3c3ae943d186e75ad2c5
6def27992aed1f32911f4820b432dca388db29e13b623596229f8e2ccfb9435f
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 19:09:44 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sun, 29 Jan 2023 19:25:42 GMT
Expires: Sun, 05 Feb 2023 19:25:41 GMT
Etag: "d68ca97515594770b04f3c3ae943d186e75ad2c5"
Cache-Control: max-age=432356,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7924be4ebc07b527-OSL
mybettermb.com/aS/feedclick?s=HFz5zNIIs95ROWPasgEEz6WqQjWtdjqafSMU3tyux_zz84p6QNRjgBwSB56cKSkXT2CTCm3P5TxbC7U30TJp2YOe9KpoUqG_KP9rM2-MnaYmDyfaZRNJu7CyP0WpYsxEJnFYxcsUig_ZjafmTRh4cHzsOTmPHHzVVhTaMWwinq7RGLacBI37lcvFlWEJ6AJqNXCmYCGlL8ySeEceI--DMnQf4m3kj471CL_p296zBYDqjKFd1t7GGjoWauJ0KmZKjqyI4xEVr87DR7FmpYlfDeLpFS7FxIncYfWc_LWSPY7F1fsWYFPafshoKGRslf0NddKsi7pJcNige8ZUo82FnH3oRPL0t3ZZh3LdaFNXKEb6XgTzXwJbO0SZ_K0jAJwPHlqJL7OlybGUtt83Iq61VSMc3By7sz9GScpP_fWLq7tGA2d8qnxNI5Oa7pUv-AWx7VRKX0M3Hqer27dyXDtNof4CEF3uzhnnpTDpfLXGhmZsPFiJ2XLUVWjoIhkxbMSDiVbOD23FtJmwjj9FrX4Bhjalx0WKThmwDt9LtBYgYit7uTkUxKxJRAlBjFaT70Z9Dzh3B9xj68zLbXC3P6OBOgRKX0bENZS8v-RsVLl9A-WcSVNrDmNQSfnrTsqbH_JrpfHBXx0zIn8K6lcmW2RBZxPWcqD1gA4If-PtquKvwQupBSK6G9damHHOGnuwRsF8OucNJsT-FQu5o6Z0JEfM65kSHR8wMseU5ImlzngRh5JhWFujM_vfbEH6Pp28hcq-zWhc4V0kMGECj1aY7VQVcEflAYgV0m617ZrfsKvzYyVwoVG6CYPhyPR7sNDOmsrFHnSIsYKIPbEDE9MnvY0e4jSXnWsezO5IW6SZabLMZaWM3cWutesQMNl6zmwxYmZRLjddtNgvdsvFKwAFgloip-ZQ5AdIgfoOE8JF80g8EcMMLluUHoZDmMjPOHSGnqiAg7yEzV9XtwOsi8FtPcgVd_fuLao04_hmufsZRntBDqVPNC_OJaKrruNNVC9UvhJwljCoRyouWo1FrxW_XL0h9YLdDyfApm4RBe5b4Dq96gT8S1bSh8E9vV8hvest8NZzf9v8amTUOOpzC4hrkrlaoTzudx6XBA39XVcMmR7o9X5PUTAv2x7AUWGKtkyD3Tx41W4yiEKU9Ei8FiDHvVbky1DRRZ4D0Ge1osxbopBq3dYhMKRq31KoHRvaeo6TLuvJEW5h629mKLAH9eYcMCMDhuXgjDNh4mKPbPlBHgksUaaDbUm_dXlPaZgcAQ22i0kehKq2wcHrhZCDbUm_dXlPadPExdJ3McGJ3iJIluMv8CPv651Q7QxrEyYNb-iWwdA0
52.116.53.155302 Found 0 B URL HTTP/2 mybettermb.com/aS/feedclick?s=HFz5zNIIs95ROWPasgEEz6WqQjWtdjqafSMU3tyux_zz84p6QNRjgBwSB56cKSkXT2CTCm3P5TxbC7U30TJp2YOe9KpoUqG_KP9rM2-MnaYmDyfaZRNJu7CyP0WpYsxEJnFYxcsUig_ZjafmTRh4cHzsOTmPHHzVVhTaMWwinq7RGLacBI37lcvFlWEJ6AJqNXCmYCGlL8ySeEceI--DMnQf4m3kj471CL_p296zBYDqjKFd1t7GGjoWauJ0KmZKjqyI4xEVr87DR7FmpYlfDeLpFS7FxIncYfWc_LWSPY7F1fsWYFPafshoKGRslf0NddKsi7pJcNige8ZUo82FnH3oRPL0t3ZZh3LdaFNXKEb6XgTzXwJbO0SZ_K0jAJwPHlqJL7OlybGUtt83Iq61VSMc3By7sz9GScpP_fWLq7tGA2d8qnxNI5Oa7pUv-AWx7VRKX0M3Hqer27dyXDtNof4CEF3uzhnnpTDpfLXGhmZsPFiJ2XLUVWjoIhkxbMSDiVbOD23FtJmwjj9FrX4Bhjalx0WKThmwDt9LtBYgYit7uTkUxKxJRAlBjFaT70Z9Dzh3B9xj68zLbXC3P6OBOgRKX0bENZS8v-RsVLl9A-WcSVNrDmNQSfnrTsqbH_JrpfHBXx0zIn8K6lcmW2RBZxPWcqD1gA4If-PtquKvwQupBSK6G9damHHOGnuwRsF8OucNJsT-FQu5o6Z0JEfM65kSHR8wMseU5ImlzngRh5JhWFujM_vfbEH6Pp28hcq-zWhc4V0kMGECj1aY7VQVcEflAYgV0m617ZrfsKvzYyVwoVG6CYPhyPR7sNDOmsrFHnSIsYKIPbEDE9MnvY0e4jSXnWsezO5IW6SZabLMZaWM3cWutesQMNl6zmwxYmZRLjddtNgvdsvFKwAFgloip-ZQ5AdIgfoOE8JF80g8EcMMLluUHoZDmMjPOHSGnqiAg7yEzV9XtwOsi8FtPcgVd_fuLao04_hmufsZRntBDqVPNC_OJaKrruNNVC9UvhJwljCoRyouWo1FrxW_XL0h9YLdDyfApm4RBe5b4Dq96gT8S1bSh8E9vV8hvest8NZzf9v8amTUOOpzC4hrkrlaoTzudx6XBA39XVcMmR7o9X5PUTAv2x7AUWGKtkyD3Tx41W4yiEKU9Ei8FiDHvVbky1DRRZ4D0Ge1osxbopBq3dYhMKRq31KoHRvaeo6TLuvJEW5h629mKLAH9eYcMCMDhuXgjDNh4mKPbPlBHgksUaaDbUm_dXlPaZgcAQ22i0kehKq2wcHrhZCDbUm_dXlPadPExdJ3McGJ3iJIluMv8CPv651Q7QxrEyYNb-iWwdA0
IP 52.116.53.155:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET /aS/feedclick?s=HFz5zNIIs95ROWPasgEEz6WqQjWtdjqafSMU3tyux_zz84p6QNRjgBwSB56cKSkXT2CTCm3P5TxbC7U30TJp2YOe9KpoUqG_KP9rM2-MnaYmDyfaZRNJu7CyP0WpYsxEJnFYxcsUig_ZjafmTRh4cHzsOTmPHHzVVhTaMWwinq7RGLacBI37lcvFlWEJ6AJqNXCmYCGlL8ySeEceI--DMnQf4m3kj471CL_p296zBYDqjKFd1t7GGjoWauJ0KmZKjqyI4xEVr87DR7FmpYlfDeLpFS7FxIncYfWc_LWSPY7F1fsWYFPafshoKGRslf0NddKsi7pJcNige8ZUo82FnH3oRPL0t3ZZh3LdaFNXKEb6XgTzXwJbO0SZ_K0jAJwPHlqJL7OlybGUtt83Iq61VSMc3By7sz9GScpP_fWLq7tGA2d8qnxNI5Oa7pUv-AWx7VRKX0M3Hqer27dyXDtNof4CEF3uzhnnpTDpfLXGhmZsPFiJ2XLUVWjoIhkxbMSDiVbOD23FtJmwjj9FrX4Bhjalx0WKThmwDt9LtBYgYit7uTkUxKxJRAlBjFaT70Z9Dzh3B9xj68zLbXC3P6OBOgRKX0bENZS8v-RsVLl9A-WcSVNrDmNQSfnrTsqbH_JrpfHBXx0zIn8K6lcmW2RBZxPWcqD1gA4If-PtquKvwQupBSK6G9damHHOGnuwRsF8OucNJsT-FQu5o6Z0JEfM65kSHR8wMseU5ImlzngRh5JhWFujM_vfbEH6Pp28hcq-zWhc4V0kMGECj1aY7VQVcEflAYgV0m617ZrfsKvzYyVwoVG6CYPhyPR7sNDOmsrFHnSIsYKIPbEDE9MnvY0e4jSXnWsezO5IW6SZabLMZaWM3cWutesQMNl6zmwxYmZRLjddtNgvdsvFKwAFgloip-ZQ5AdIgfoOE8JF80g8EcMMLluUHoZDmMjPOHSGnqiAg7yEzV9XtwOsi8FtPcgVd_fuLao04_hmufsZRntBDqVPNC_OJaKrruNNVC9UvhJwljCoRyouWo1FrxW_XL0h9YLdDyfApm4RBe5b4Dq96gT8S1bSh8E9vV8hvest8NZzf9v8amTUOOpzC4hrkrlaoTzudx6XBA39XVcMmR7o9X5PUTAv2x7AUWGKtkyD3Tx41W4yiEKU9Ei8FiDHvVbky1DRRZ4D0Ge1osxbopBq3dYhMKRq31KoHRvaeo6TLuvJEW5h629mKLAH9eYcMCMDhuXgjDNh4mKPbPlBHgksUaaDbUm_dXlPaZgcAQ22i0kehKq2wcHrhZCDbUm_dXlPadPExdJ3McGJ3iJIluMv8CPv651Q7QxrEyYNb-iWwdA0 HTTP/1.1
Host: mybettermb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://btpnative.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Tue, 31 Jan 2023 19:09:44 GMT
content-length: 0
set-cookie: rhid=82804779692; Max-Age=15552000; Expires=Sun, 30-Jul-2023 19:09:44 GMT; Domain=mybettermb.com; Path=/; SameSite=None; secure;
location: https://p274639.mybettermb.com/adServe/domainClick?ai=gNSPw4YcvsCApKkKBx7IDF_cvGsTSfm9uqHPErRaTXoDgwDsRKusVuSzVpy1vp3RTpegkJelYHUE538Al-L_QYf18T9CpHqCT2L9NFyVXF55Q47z-CV1ol2k4XVJzHJX8mFgHSWE3TZFy0dflvxRpINtSb91eU9pMndT0rcbhtKjIQ6n-5BK5qIjUZf-ReyHtSLHLDCCFTDT-SeEqkQWhsbteTpcMyyALDOwXw1-5wDd5eeMzdnRCY4XRKiQejY9l5g72F1sPYafqhWZ-YKZz6rRPbGyYnCcF9nxG1Y8QfZKdkAM850vP-n44YFBbd7ECEomdw_Jheywpth3iNEvd_P4BsKUl697UgDHGPx9sdNAtw4JdPSDlgvGd3WbeZnnbWnaHeEFBuddA-e5aUFqZolKw8Cn_Dl8&ui=HFz5zNIIs96w8gbO8AoGVPmI0xR1wwxSH3LRhS7yFr56QnUSPoIQbSqEFOGE_PH-DQ9tEVULDqL7y6uQguyAaEIrsqzmIRtjv0DB2ATNT__mfps4whEjnA&si=1&oref=8e1dd1be172304d34167fb9a89f6676a&optunit=Lm2uYWJ6y1bbEItyw-irrg&rb=kkFnQ3TtWkI&rr=0&abtg=0
X-Firefox-Spdy: h2
p274639.mybettermb.com/adServe/domainClick?ai=gNSPw4YcvsCApKkKBx7IDF_cvGsTSfm9uqHPErRaTXoDgwDsRKusVuSzVpy1vp3RTpegkJelYHUE538Al-L_QYf18T9CpHqCT2L9NFyVXF55Q47z-CV1ol2k4XVJzHJX8mFgHSWE3TZFy0dflvxRpINtSb91eU9pMndT0rcbhtKjIQ6n-5BK5qIjUZf-ReyHtSLHLDCCFTDT-SeEqkQWhsbteTpcMyyALDOwXw1-5wDd5eeMzdnRCY4XRKiQejY9l5g72F1sPYafqhWZ-YKZz6rRPbGyYnCcF9nxG1Y8QfZKdkAM850vP-n44YFBbd7ECEomdw_Jheywpth3iNEvd_P4BsKUl697UgDHGPx9sdNAtw4JdPSDlgvGd3WbeZnnbWnaHeEFBuddA-e5aUFqZolKw8Cn_Dl8&ui=HFz5zNIIs96w8gbO8AoGVPmI0xR1wwxSH3LRhS7yFr56QnUSPoIQbSqEFOGE_PH-DQ9tEVULDqL7y6uQguyAaEIrsqzmIRtjv0DB2ATNT__mfps4whEjnA&si=1&oref=8e1dd1be172304d34167fb9a89f6676a&optunit=Lm2uYWJ6y1bbEItyw-irrg&rb=kkFnQ3TtWkI&rr=0&abtg=0
52.116.53.155302 Found 0 B URL HTTP/2 p274639.mybettermb.com/adServe/domainClick?ai=gNSPw4YcvsCApKkKBx7IDF_cvGsTSfm9uqHPErRaTXoDgwDsRKusVuSzVpy1vp3RTpegkJelYHUE538Al-L_QYf18T9CpHqCT2L9NFyVXF55Q47z-CV1ol2k4XVJzHJX8mFgHSWE3TZFy0dflvxRpINtSb91eU9pMndT0rcbhtKjIQ6n-5BK5qIjUZf-ReyHtSLHLDCCFTDT-SeEqkQWhsbteTpcMyyALDOwXw1-5wDd5eeMzdnRCY4XRKiQejY9l5g72F1sPYafqhWZ-YKZz6rRPbGyYnCcF9nxG1Y8QfZKdkAM850vP-n44YFBbd7ECEomdw_Jheywpth3iNEvd_P4BsKUl697UgDHGPx9sdNAtw4JdPSDlgvGd3WbeZnnbWnaHeEFBuddA-e5aUFqZolKw8Cn_Dl8&ui=HFz5zNIIs96w8gbO8AoGVPmI0xR1wwxSH3LRhS7yFr56QnUSPoIQbSqEFOGE_PH-DQ9tEVULDqL7y6uQguyAaEIrsqzmIRtjv0DB2ATNT__mfps4whEjnA&si=1&oref=8e1dd1be172304d34167fb9a89f6676a&optunit=Lm2uYWJ6y1bbEItyw-irrg&rb=kkFnQ3TtWkI&rr=0&abtg=0
IP 52.116.53.155:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /adServe/domainClick?ai=gNSPw4YcvsCApKkKBx7IDF_cvGsTSfm9uqHPErRaTXoDgwDsRKusVuSzVpy1vp3RTpegkJelYHUE538Al-L_QYf18T9CpHqCT2L9NFyVXF55Q47z-CV1ol2k4XVJzHJX8mFgHSWE3TZFy0dflvxRpINtSb91eU9pMndT0rcbhtKjIQ6n-5BK5qIjUZf-ReyHtSLHLDCCFTDT-SeEqkQWhsbteTpcMyyALDOwXw1-5wDd5eeMzdnRCY4XRKiQejY9l5g72F1sPYafqhWZ-YKZz6rRPbGyYnCcF9nxG1Y8QfZKdkAM850vP-n44YFBbd7ECEomdw_Jheywpth3iNEvd_P4BsKUl697UgDHGPx9sdNAtw4JdPSDlgvGd3WbeZnnbWnaHeEFBuddA-e5aUFqZolKw8Cn_Dl8&ui=HFz5zNIIs96w8gbO8AoGVPmI0xR1wwxSH3LRhS7yFr56QnUSPoIQbSqEFOGE_PH-DQ9tEVULDqL7y6uQguyAaEIrsqzmIRtjv0DB2ATNT__mfps4whEjnA&si=1&oref=8e1dd1be172304d34167fb9a89f6676a&optunit=Lm2uYWJ6y1bbEItyw-irrg&rb=kkFnQ3TtWkI&rr=0&abtg=0 HTTP/1.1
Host: p274639.mybettermb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://btpnative.com/
Connection: keep-alive
Cookie: rhid=82804779692
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx
date: Tue, 31 Jan 2023 19:09:44 GMT
content-length: 0
set-cookie: rhid=82804779692; Max-Age=15552000; Expires=Sun, 30-Jul-2023 19:09:44 GMT; Domain=mybettermb.com; Path=/; SameSite=None; secure;
loi=ad_490233_off_142374_aff_3322_cid_274639-581116130-WY5532.COM_ts_1675192184; Max-Age=3600; Expires=Tue, 31-Jan-2023 20:09:44 GMT; Domain=mybettermb.com; Path=/; SameSite=None; secure;
location: https://myfood.ltd/?v=20171031&s1=0
X-Firefox-Spdy: h2
myfood.ltd/?v=20171031&s1=0
151.139.128.10200 OK 2.9 kB URL HTTP/2 myfood.ltd/?v=20171031&s1=0
IP 151.139.128.10:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (6859), with no line terminators
Hash 029ccb01ef612a9e6748494c60d24b69
d385f7671725be11701998c27571e94b1950f991
7ac429dc45b509b1bed9bdcdc5610868d510d979ce3cc06d48870511bf0425f5
GET /?v=20171031&s1=0 HTTP/1.1
Host: myfood.ltd
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://btpnative.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 31 Jan 2023 19:09:44 GMT
cache-control: max-age=30
content-encoding: gzip
content-length: 2896
content-type: text/html
last-modified: Mon, 01 Mar 2021 09:43:13 GMT
accept-ranges: bytes
server: nginx
etag: W/"603cb731-1ad4"
x-hw: 1675192184.cds239.sk1.hn,1675192184.cds236.sk1.c
X-Firefox-Spdy: h2
myfood.ltd/main/css/style.css
151.139.128.10200 OK 19 kB URL HTTP/2 myfood.ltd/main/css/style.css
IP 151.139.128.10:0
File type Unicode text, UTF-8 text, with very long lines (65134), with no line terminators
Hash a95a0c8bd1273406b8c8053fb3527d56
2a461dcfa2c4bf1d22727bfd7c3c2abc85d44343
55b46146d32f4ee365d4ca91d8b3b1c504a062b15bbc1ed60a22ac2d05be1db5
GET /main/css/style.css HTTP/1.1
Host: myfood.ltd
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://myfood.ltd/?v=20171031&s1=0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 31 Jan 2023 19:09:44 GMT
cache-control: max-age=30
content-encoding: gzip
content-length: 18933
content-type: text/css
last-modified: Mon, 01 Mar 2021 09:43:15 GMT
accept-ranges: bytes
server: nginx
etag: W/"603cb733-1b1ac"
x-hw: 1675192184.cds239.sk1.hn,1675192184.cds261.sk1.c
X-Firefox-Spdy: h2
myfood.ltd/images/Superfood_1.jpg
151.139.128.10200 OK 74 kB URL HTTP/2 myfood.ltd/images/Superfood_1.jpg
IP 151.139.128.10:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, copyright=Bigstock], progressive, precision 8, 800x420, components 3\012- data
Hash c2c3ec0e55e648c2a85d4499714a9c11
073f2990a52da59a7d3b73583b30be3c2cf45523
b66cf7365382753dc6340bfa2fba89c368ca3b930a0833d8f64c4c34525fc2ec
GET /images/Superfood_1.jpg HTTP/1.1
Host: myfood.ltd
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://myfood.ltd/?v=20171031&s1=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 31 Jan 2023 19:09:44 GMT
cache-control: max-age=30
content-length: 74204
content-type: image/jpeg
last-modified: Mon, 01 Mar 2021 09:43:12 GMT
accept-ranges: bytes
server: nginx
etag: "603cb730-121dc"
x-hw: 1675192184.cds239.sk1.hn,1675192184.cds247.sk1.c
X-Firefox-Spdy: h2
myfood.ltd/images/avatar-1.jpg
151.139.128.10200 OK 11 kB URL HTTP/2 myfood.ltd/images/avatar-1.jpg
IP 151.139.128.10:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=12, height=128, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=128], progressive, precision 8, 128x128, components 3\012- data
Hash 62d0b6a649ac10e72bcb6ea3bbf57564
3e333889b0b66bfc6a32499f4c55878e2102b463
58dddc0a77632d920d096da6c6e2587c5859a4b4dd7af6dcd6eb8009ebc23ba6
GET /images/avatar-1.jpg HTTP/1.1
Host: myfood.ltd
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://myfood.ltd/?v=20171031&s1=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 31 Jan 2023 19:09:44 GMT
cache-control: max-age=30
content-length: 11304
content-type: image/jpeg
last-modified: Mon, 01 Mar 2021 09:43:12 GMT
accept-ranges: bytes
server: nginx
etag: "603cb730-2c28"
x-hw: 1675192184.cds239.sk1.hn,1675192184.cds211.sk1.c
X-Firefox-Spdy: h2
myfood.ltd/images/Superfood_2.jpg
151.139.128.10200 OK 52 kB URL HTTP/2 myfood.ltd/images/Superfood_2.jpg
IP 151.139.128.10:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, copyright=Bigstock], progressive, precision 8, 800x341, components 3\012- data
Hash b87af7248a82f58fe2ea5d0c7b030886
1d5a5b9752d7978c68b0d4a1689b3d8e6d322f0a
14da8c39c357dad0441b26d575c0000a9529c76d785680306a3cf51abe4cae81
GET /images/Superfood_2.jpg HTTP/1.1
Host: myfood.ltd
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://myfood.ltd/?v=20171031&s1=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 31 Jan 2023 19:09:44 GMT
cache-control: max-age=30
content-length: 51830
content-type: image/jpeg
last-modified: Mon, 01 Mar 2021 09:43:13 GMT
accept-ranges: bytes
server: nginx
etag: "603cb731-ca76"
x-hw: 1675192184.cds239.sk1.hn,1675192184.cds220.sk1.c
X-Firefox-Spdy: h2
myfood.ltd/images/avatar-2.jpg
151.139.128.10200 OK 11 kB URL HTTP/2 myfood.ltd/images/avatar-2.jpg
IP 151.139.128.10:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=12, height=128, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=128], progressive, precision 8, 128x128, components 3\012- data
Hash dd3881ed1b5b03b1d571edf89e12c466
61ca68c1c2d2ae7d286dfc0540f4ca8b357fdf3d
97b65e41dd547b310e1e860d2ae4717dba1d97bd36c0cd06c35749caa515e207
GET /images/avatar-2.jpg HTTP/1.1
Host: myfood.ltd
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://myfood.ltd/?v=20171031&s1=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 31 Jan 2023 19:09:44 GMT
cache-control: max-age=30
content-length: 10665
content-type: image/jpeg
last-modified: Mon, 01 Mar 2021 09:43:12 GMT
accept-ranges: bytes
server: nginx
etag: "603cb730-29a9"
x-hw: 1675192184.cds239.sk1.hn,1675192184.cds202.sk1.c
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash f075625a67cefc01c034a3c732ec8023
c3ef563fbf1cf30f75fc931f82426a0f859ccb6d
75ce941806680157fcca91d6074496cbbc7cdcf6da28fa35384273bf9a76d588
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 19:09:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash f075625a67cefc01c034a3c732ec8023
c3ef563fbf1cf30f75fc931f82426a0f859ccb6d
75ce941806680157fcca91d6074496cbbc7cdcf6da28fa35384273bf9a76d588
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 19:09:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/opensans/v15/DXI1ORHCpsQm3Vp6mXoaTegdm0LZdjqr5-oayXSOefg.woff2
216.58.207.227200 OK 15 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v15/DXI1ORHCpsQm3Vp6mXoaTegdm0LZdjqr5-oayXSOefg.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 14564, version 1.0\012- data
Hash 60c866748ff15f5b347fdba64596b1b1
34f486906decb7c8cf7a02d4758add9a2408c7a5
5278c0f6063ca9ad85653b18a2ddf1aa57e3ab40b7973a69b09acf859db8264d
GET /s/opensans/v15/DXI1ORHCpsQm3Vp6mXoaTegdm0LZdjqr5-oayXSOefg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://myfood.ltd
Connection: keep-alive
Referer: https://myfood.ltd/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 14564
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 27 Jan 2023 10:16:43 GMT
expires: Sat, 27 Jan 2024 10:16:43 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 Oct 2017 21:49:34 GMT
content-type: font/woff2
age: 377581
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v15/MTP_ySUJH_bn48VBG8sNSugdm0LZdjqr5-oayXSOefg.woff2
216.58.207.227200 OK 14 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v15/MTP_ySUJH_bn48VBG8sNSugdm0LZdjqr5-oayXSOefg.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 14544, version 1.0\012- data
Hash 223a277bd88d8a90c8cdf24cda0ad5f5
24234c1c81b3948758c1a0be8e5a65386ca94c52
d61b45b8b3cded238a65ee0aac4043b989f11cee56acfe5c889777f961f241a2
GET /s/opensans/v15/MTP_ySUJH_bn48VBG8sNSugdm0LZdjqr5-oayXSOefg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://myfood.ltd
Connection: keep-alive
Referer: https://myfood.ltd/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 14544
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 28 Jan 2023 21:51:44 GMT
expires: Sun, 28 Jan 2024 21:51:44 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 Oct 2017 21:49:52 GMT
content-type: font/woff2
age: 249480
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash f075625a67cefc01c034a3c732ec8023
c3ef563fbf1cf30f75fc931f82426a0f859ccb6d
75ce941806680157fcca91d6074496cbbc7cdcf6da28fa35384273bf9a76d588
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 19:09:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 43bc5afe1d7330aa521e0efc78185a92
f53e9daa0a32e0acf7a10d9494fb383c1d039305
429d5a3a918137cae61e9dee0f05b0d5b4c799517aa6ae30e041a2a3e7f05cac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "429D5A3A918137CAE61E9DEE0F05B0D5B4C799517AA6AE30E041A2A3E7F05CAC"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2161
Expires: Tue, 31 Jan 2023 19:45:45 GMT
Date: Tue, 31 Jan 2023 19:09:44 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 43bc5afe1d7330aa521e0efc78185a92
f53e9daa0a32e0acf7a10d9494fb383c1d039305
429d5a3a918137cae61e9dee0f05b0d5b4c799517aa6ae30e041a2a3e7f05cac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "429D5A3A918137CAE61E9DEE0F05B0D5B4C799517AA6AE30E041A2A3E7F05CAC"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2161
Expires: Tue, 31 Jan 2023 19:45:45 GMT
Date: Tue, 31 Jan 2023 19:09:44 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 43bc5afe1d7330aa521e0efc78185a92
f53e9daa0a32e0acf7a10d9494fb383c1d039305
429d5a3a918137cae61e9dee0f05b0d5b4c799517aa6ae30e041a2a3e7f05cac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "429D5A3A918137CAE61E9DEE0F05B0D5B4C799517AA6AE30E041A2A3E7F05CAC"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2161
Expires: Tue, 31 Jan 2023 19:45:45 GMT
Date: Tue, 31 Jan 2023 19:09:44 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67cbd807-4e92-4ddb-a8c5-864884d25e99.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67cbd807-4e92-4ddb-a8c5-864884d25e99.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2797bfd35b7ec24888de84be14f7f2ec
8e315ac5856967286eaa8769e081d827fb4ca39e
b99f3bd73eb4395194bc7bb6a1b801750182239e5b70f3207f99e494b60b72ab
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67cbd807-4e92-4ddb-a8c5-864884d25e99.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11129
x-amzn-requestid: 74f2a4dd-7d5d-4839-90a8-d2e74f6d785d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ffDBZGRPoAMFedg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d5e53b-3de444596550bb41188ada5b;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 03:17:15 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 9Fga247EZZqiGmdMJ72resdBZR2KLgflGDBPESmuw9cFVs4hSzMzTw==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 03:40:17 GMT
age: 55767
etag: "8e315ac5856967286eaa8769e081d827fb4ca39e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F43ae4cd9-2533-48ae-8086-f8fea8a4e269.jpeg
34.120.237.76200 OK 6.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F43ae4cd9-2533-48ae-8086-f8fea8a4e269.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 976dda397f9292a498ca9db5599c0378
dad9e9c3462907a2475046aee36d57f8309cd44e
7ed9ccf2ff75ca53f5ba56a1d2127e0f09b0ae941cad8b042e8df01ad01e614b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F43ae4cd9-2533-48ae-8086-f8fea8a4e269.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6844
x-amzn-requestid: 0542cf46-5045-459f-a35f-f6c0d3f5f7b7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: flZsxH0YIAMF9ew=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d86feb-692d50f710a131df2ee49aa8;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 01:33:31 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 6bbFjAsd03GN8zzBnAFBm7xA8igZ_xHJsOHzw7nwNgRxiWUDLPGjpQ==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 01:53:29 GMT
age: 62175
etag: "dad9e9c3462907a2475046aee36d57f8309cd44e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F37e3fb86-3315-41fd-97cb-ac82604d8869.jpeg
34.120.237.76200 OK 8.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F37e3fb86-3315-41fd-97cb-ac82604d8869.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e6f9ffb8f9e99229b45ca5fdb84ce7d5
04577ad69ee9749b14382254eb5bbf0e1edcd7fa
6111acf3f363123b39d13cd3d23ab39b8c8d00379874f19231d1cd3da17c52c2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F37e3fb86-3315-41fd-97cb-ac82604d8869.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8558
x-amzn-requestid: 2841cd36-22e6-4ecb-b56a-bfadce3197c7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ffB_BFA8IAMFyvA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d5e393-3fd03bd14de762b0738a3b0a;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 03:10:11 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ZP2Mar8l3QoPH733_vv3hUuQjWvaN4_TgfYwme2-6WIxGi55BoSchg==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 04:26:31 GMT
age: 52993
etag: "04577ad69ee9749b14382254eb5bbf0e1edcd7fa"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1295ec36-f5b2-4db1-83c7-667fa373f592.jpeg
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1295ec36-f5b2-4db1-83c7-667fa373f592.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d957012d3e2b8c3bc0eefe11d66e8554
1959fdd94846fa3791c4890578dd15336b909dcc
a97e81ec5eb2eda6a603bf4bfd4fa4ef4fab762747479489e99e6c713258a736
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1295ec36-f5b2-4db1-83c7-667fa373f592.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13853
x-amzn-requestid: ca6ea6e7-3e13-4194-87f5-20a07b813e21
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fk3zzF4hIAMFwWg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d839b1-772487cb1b7495c52c552d36;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 21:42:09 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: T5CaUojMEG8x8vki59UdIhI8IbbBRY_7w3xgiW3RCZlHTyeHPLIy2Q==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 30 Jan 2023 21:47:13 GMT
age: 76951
etag: "1959fdd94846fa3791c4890578dd15336b909dcc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4b003bbe-42d9-4014-8fbe-ddff072cc8b4.jpeg
34.120.237.76200 OK 5.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4b003bbe-42d9-4014-8fbe-ddff072cc8b4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 42a648f9d34d8fb703f0b80a52e0deec
7ccefd66211d249ae5266c3b6ae3375a19e5cb6d
a57f8792e8caa2a31045a141d019f53f51b633d5d04baebdae97387740c6639d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4b003bbe-42d9-4014-8fbe-ddff072cc8b4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5903
x-amzn-requestid: f6fca787-17c1-4edd-9ab0-a00e2fccc7a8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fboufGeSoAMF-1g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d487f6-58be6bdc5e3e767e1ea47b86;Sampled=0
x-amzn-remapped-date: Sat, 28 Jan 2023 02:27:02 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ZKuBcZgC6yolu1QcaXZKAIIDynG3Zywq1d7sWI8Jlq3ULwlr6XlhWQ==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 13:05:29 GMT
age: 21855
etag: "7ccefd66211d249ae5266c3b6ae3375a19e5cb6d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F003f28f8-6845-4b0d-8d8d-11c9deea4eaf.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F003f28f8-6845-4b0d-8d8d-11c9deea4eaf.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2c4934be94898028e2ab696561b51462
6cf734e2d29938688913daacfb75506d8e004a94
239adcbb538b7a6d1483c65c7694d4a9f9fa9cadf456ab5681c4b764185e3596
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F003f28f8-6845-4b0d-8d8d-11c9deea4eaf.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9987
x-amzn-requestid: 67109f87-6073-4991-b540-cdeedc2d7b3c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: flYlPF9uIAMFXMg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d86e21-60ac2c7b37c72e6e54a5c69d;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 01:25:53 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hDjKAMYoVwHdCqS8t08PrWyfQQLiWaosXbi3FOJY8BeV0yAFCGziGw==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 01:58:16 GMT
age: 61888
etag: "6cf734e2d29938688913daacfb75506d8e004a94"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
myfood.ltd/main/js/main.js
151.139.128.10200 OK 39 kB URL HTTP/2 myfood.ltd/main/js/main.js
IP 151.139.128.10:0
File type Unicode text, UTF-8 text, with very long lines (60220)
Hash 181e3fa3b1de97ff4efd259bc2a2c8c7
52edf1dc36109cb57bea12689a48442e27f06ad1
ffa8984bea3bf0c0a0cb282e9a5a98b3435e63fb6a26dfe0351979fa9f827c40
GET /main/js/main.js HTTP/1.1
Host: myfood.ltd
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://myfood.ltd/?v=20171031&s1=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 31 Jan 2023 19:09:45 GMT
cache-control: max-age=30
content-encoding: gzip
content-length: 38656
content-type: application/javascript
last-modified: Mon, 01 Mar 2021 09:43:14 GMT
accept-ranges: bytes
server: nginx
etag: "603cb732-1d57b"
x-hw: 1675192184.cds239.sk1.hn,1675192184.cds228.sk1.sc,1675192185.cds228.sk1.pr
X-Firefox-Spdy: h2
myfood.ltd/favicon.ico
151.139.128.10200 OK 1.2 kB IP 151.139.128.10:0
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash b671b0407b8abf4ffb9946ee1596d992
79a116ffd13f1888451abd3cb8751cb2140f2fa4
1515616a51664df153b03397585ee45469cb936100992f870419514b17820649
GET /favicon.ico HTTP/1.1
Host: myfood.ltd
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://myfood.ltd/?v=20171031&s1=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 31 Jan 2023 19:09:45 GMT
cache-control: max-age=30
content-length: 1150
content-type: image/x-icon
last-modified: Wed, 28 Mar 2018 14:00:16 GMT
accept-ranges: bytes
server: nginx
etag: "5abb9ff0-47e"
x-hw: 1675192185.cds239.sk1.hn,1675192185.cds240.sk1.c
X-Firefox-Spdy: h2