tr1.tr1net.com/c.php?k=63r1l5p2seqav3mqsdvc&clickid=63d26428855b9f00011e29af&affpid=19502&action_id=USdesktop&referrer=o.tr1net.com&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=
301 Moved Permanently 0 B URL HTTP/1.1 tr1.tr1net.com/c.php?k=63r1l5p2seqav3mqsdvc&clickid=63d26428855b9f00011e29af&affpid=19502&action_id=USdesktop&referrer=o.tr1net.com&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /c.php?k=63r1l5p2seqav3mqsdvc&clickid=63d26428855b9f00011e29af&affpid=19502&action_id=USdesktop&referrer=o.tr1net.com&sub1=&sub2=&sub3=&sub4=&sub5=&sub6= HTTP/1.1
Host: tr1.tr1net.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Thu, 26 Jan 2023 11:30:05 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Thu, 26 Jan 2023 12:30:05 GMT
Location: https://tr1.tr1net.com/c.php?k=63r1l5p2seqav3mqsdvc&clickid=63d26428855b9f00011e29af&affpid=19502&action_id=USdesktop&referrer=o.tr1net.com&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7f35ylWyuHY%2FC5K3H9Ienj1XdTDNo22blvQgiL9dTCwBGcZShLxsuyQ5sftlDfho2vtK4g1RJxBwc0UQ6Tz8H1fyuHAot%2FkB3uHMbyY1H3c88FBh09dD7NvIK5DNWqFZtQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78f8ea1dccb50b69-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash f5e46725831d8d722872bf68d752f4c5
cf37793a1b73e3f84fe6c37fb27382c83b49dbc0
0582b6180687dd95c7fd728f1b9db4495b807151e309b608ad203d69708f9da6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0582B6180687DD95C7FD728F1B9DB4495B807151E309B608AD203D69708F9DA6"
Last-Modified: Tue, 24 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8709
Expires: Thu, 26 Jan 2023 13:55:14 GMT
Date: Thu, 26 Jan 2023 11:30:05 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 2405562765b49b2782ebd2e2994851d5
be7ac8e558f7875bb1fb86ab5ec674424a5ff269
422cfa907461cb7b93b9089d600052f9e94951e5e0c93d97651905002e48ad3e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "422CFA907461CB7B93B9089D600052F9E94951E5E0C93D97651905002E48AD3E"
Last-Modified: Thu, 26 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4834
Expires: Thu, 26 Jan 2023 12:50:39 GMT
Date: Thu, 26 Jan 2023 11:30:05 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Retry-After, Content-Type, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 26 Jan 2023 10:35:16 GMT
content-type: application/json
age: 3289
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 69f73ac59327cd9ad7d99816ccfcc03e
c54844f82dbee0d5ee4c8ce344eb0139373e6c6b
e81c685b2d8f0e31b89e5cfc911a2c5a99a556646830ac5a8468d991b5e871a3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E81C685B2D8F0E31B89E5CFC911A2C5A99A556646830AC5A8468D991B5E871A3"
Last-Modified: Thu, 26 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6270
Expires: Thu, 26 Jan 2023 13:14:35 GMT
Date: Thu, 26 Jan 2023 11:30:05 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: L5MxEh1oqcAwTgZDYFoSxw4NwAvytdvbX+7qpt8yoi9uxYhZpD4hRknao0X+7KDlRc/X1rDjWSOGNCtV7oVVIw==
x-amz-request-id: AYNJT2JZ4S6CHD59
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 26 Jan 2023 10:48:56 GMT
age: 2469
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 11:30:05 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Last-Modified, ETag, Expires, Backoff, Content-Length, Cache-Control, Alert, Retry-After, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 26 Jan 2023 10:49:01 GMT
age: 2464
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sectigo.com/
200 OK 471 B IP
Hash 30ea512248c0e5dadb732e8edbf84917
77ab6f70d10aa33bc76f891f6edccb49d6c420cd
e0c26a8cfc123ab5ab17355df4d0237e8b76a0f67b5cc33de86128dbc4ef2a35
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 11:30:05 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 25 Jan 2023 01:32:30 GMT
Expires: Wed, 01 Feb 2023 01:32:29 GMT
Etag: "77ab6f70d10aa33bc76f891f6edccb49d6c420cd"
Cache-Control: max-age=481943,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 78f8ea228f750b4d-OSL
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 1e2970e1480a4759282d63bb213051e4
ed5194d4d25dfc199821129be5d74be0ce49197d
18e19ea4c9c262cb9a94f89172eef2604222e779346589d470bf2e95ea295563
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "18E19EA4C9C262CB9A94F89172EEF2604222E779346589D470BF2E95EA295563"
Last-Modified: Tue, 24 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18015
Expires: Thu, 26 Jan 2023 16:30:21 GMT
Date: Thu, 26 Jan 2023 11:30:06 GMT
Connection: keep-alive
r.go2offer-1.com/click?pid=7603&offer_id=2294&l=1597225253&sub1=6de7bqdxrj2a2bl56d&sub2=19502
302 Found 0 B URL HTTP/2 r.go2offer-1.com/click?pid=7603&offer_id=2294&l=1597225253&sub1=6de7bqdxrj2a2bl56d&sub2=19502
IP
ASN #396982 GOOGLE-CLOUD-PLATFORM
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?pid=7603&offer_id=2294&l=1597225253&sub1=6de7bqdxrj2a2bl56d&sub2=19502 HTTP/1.1
Host: r.go2offer-1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
server: nginx
date: Thu, 26 Jan 2023 11:30:06 GMT
content-length: 0
location: https://r.go2offer-1.com/click?pid=7603&offer_id=3678&sub1=6de7bqdxrj2a2bl56d&sub2=19502&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=
x-adjust-use-original-forwarded-for: 1
access-control-allow-origin: *
X-Firefox-Spdy: h2
r.go2offer-1.com/click?pid=7603&offer_id=3678&sub1=6de7bqdxrj2a2bl56d&sub2=19502&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=
302 Found 0 B URL HTTP/2 r.go2offer-1.com/click?pid=7603&offer_id=3678&sub1=6de7bqdxrj2a2bl56d&sub2=19502&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=
IP
ASN #396982 GOOGLE-CLOUD-PLATFORM
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?pid=7603&offer_id=3678&sub1=6de7bqdxrj2a2bl56d&sub2=19502&sub3=&sub4=&sub5=&sub6=&sub7=&sub8= HTTP/1.1
Host: r.go2offer-1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers
HTTP/2 302 Found
server: nginx
date: Thu, 26 Jan 2023 11:30:06 GMT
content-length: 0
location: https://omgtds.com/c1/b30bdb65-5c08-49a9-8082-5c8ea9af818f?aff=7603&source=19502&externalId=63d2643e3df99100016a084d&sub2=19502&sub3=7603&pp=1
x-adjust-use-original-forwarded-for: 1
set-cookie: afclick=63d2643e3df99100016a084d; expires=Fri, 26 Jan 2024 11:30:06 GMT; secure; SameSite=None
afoffers={"3678":1674732606}; expires=Fri, 26 Jan 2024 11:30:06 GMT; secure; SameSite=None
access-control-allow-origin: *
X-Firefox-Spdy: h2
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Vv/U/j+PWJ6J7znuSrpQyw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: YxrukNFGPp25CnrVkQULGy5sSrA=
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 971bd07100c2c2e79ee9239571ff2a4a
e3a8406e1ace6d6ff64407cf16f720f77e39b975
80c745787841b935b5e63a9adc7424d7b4ccf285693c91fb151f8b54e55cc8dd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "80C745787841B935B5E63A9ADC7424D7B4CCF285693C91FB151F8B54E55CC8DD"
Last-Modified: Wed, 25 Jan 2023 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4896
Expires: Thu, 26 Jan 2023 12:51:42 GMT
Date: Thu, 26 Jan 2023 11:30:06 GMT
Connection: keep-alive
omgtds.com/c1/b30bdb65-5c08-49a9-8082-5c8ea9af818f?aff=7603&source=19502&externalId=63d2643e3df99100016a084d&sub2=19502&sub3=7603&pp=1
302 Found 191 B URL HTTP/1.1 omgtds.com/c1/b30bdb65-5c08-49a9-8082-5c8ea9af818f?aff=7603&source=19502&externalId=63d2643e3df99100016a084d&sub2=19502&sub3=7603&pp=1
IP
ASN #39572 DataWeb Global Group B.V.
File type HTML document, ASCII text
Hash 5c78541039e4214183a2b0fcf3ea6be2
632de6bbb64f149779cf50950bb4ec61d134fd56
b51e0695a4386557af770e503a1bc08dc2c72369e2fa65d82c5ebcd792754eb8
GET /c1/b30bdb65-5c08-49a9-8082-5c8ea9af818f?aff=7603&source=19502&externalId=63d2643e3df99100016a084d&sub2=19502&sub3=7603&pp=1 HTTP/1.1
Host: omgtds.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 302 Found
Server: nginx/1.22.1
Date: Thu, 26 Jan 2023 11:30:06 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 191
Connection: keep-alive
Location: https://r.goaffmy.com/click?pid=14148&offer_id=3261&sub1=cf968fl1su2vfgpjrk1g&sub2=19502&sub3=7603&sub5=63d2643e3df99100016a084d&sub7=&sub8=
Set-Cookie: uid=OH3evGOaM; Path=/; Domain=omgtds.com; Max-Age=86400; HttpOnly
X-Clickid: cf968fl1su2vfgpjrk1g
ocsp.sectigo.com/
200 OK 471 B IP
Hash cd97dede8b8a83fdcaf50e035f08cfa4
c4ed75ff804648180bff52c15df1ca500f92eed0
7124044632fc74a642599b9e0836fda0fb77358357ec8922e6b9cd0c76499830
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 11:30:07 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 23 Jan 2023 13:23:10 GMT
Expires: Mon, 30 Jan 2023 13:23:09 GMT
Etag: "c4ed75ff804648180bff52c15df1ca500f92eed0"
Cache-Control: max-age=351782,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 78f8ea286c920b4d-OSL
r.goaffmy.com/click?pid=14148&offer_id=3261&sub1=cf968fl1su2vfgpjrk1g&sub2=19502&sub3=7603&sub5=63d2643e3df99100016a084d&sub7=&sub8=
302 Found 0 B URL HTTP/2 r.goaffmy.com/click?pid=14148&offer_id=3261&sub1=cf968fl1su2vfgpjrk1g&sub2=19502&sub3=7603&sub5=63d2643e3df99100016a084d&sub7=&sub8=
IP
ASN #396982 GOOGLE-CLOUD-PLATFORM
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?pid=14148&offer_id=3261&sub1=cf968fl1su2vfgpjrk1g&sub2=19502&sub3=7603&sub5=63d2643e3df99100016a084d&sub7=&sub8= HTTP/1.1
Host: r.goaffmy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
server: nginx
date: Thu, 26 Jan 2023 11:30:07 GMT
content-length: 0
location: https://brides-story.com/tds/rsl?tdsId=s6593mak_r&tds_campaign=s6593mak&utm_source=arba&utm_term=mob_sml_ww_adv_aff&s1=arb&p1=7603_19502&data2=63d2643f48e70a00010d36c6&utm_campaign=38db92b9
x-adjust-use-original-forwarded-for: 1
referer:
referrer-policy: no-referrer
set-cookie: afclick=63d2643f48e70a00010d36c6; expires=Fri, 26 Jan 2024 11:30:07 GMT; secure; SameSite=None
afoffers={"3261":1674732607}; expires=Fri, 26 Jan 2024 11:30:07 GMT; secure; SameSite=None
access-control-allow-origin: *
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash 980d1485a2a1c0018f3365fda66f4bae
5e00e704f32244a771738665043a17c509ca3c48
f15ed39c6f0a9fe217d11a6746a08448fd5d95acb05ed9ea131b9ff653d3e4ce
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=94757
Date: Thu, 26 Jan 2023 11:30:07 GMT
Etag: "63d13364-1d7"
Expires: Fri, 27 Jan 2023 13:49:24 GMT
Last-Modified: Wed, 25 Jan 2023 13:49:24 GMT
Server: nginx
X-Cache: Miss from cloudfront
Via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: bWpDMEjDXPrGxztVOZWLGjS1NtxfL4cBfNP7epsqJsvEjtLuSNMFug==
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash bd56ce22720c6e6072efdabae64669fd
29194390d12177fe0d88e1bd2fb4436509366a1c
c41996d83d942ca58a13e2d1adfd171cf26a84bc9b7fdbd1ca941eb0269b5404
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C41996D83D942CA58A13E2D1ADFD171CF26A84BC9B7FDBD1CA941EB0269B5404"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7469
Expires: Thu, 26 Jan 2023 13:34:36 GMT
Date: Thu, 26 Jan 2023 11:30:07 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash bd56ce22720c6e6072efdabae64669fd
29194390d12177fe0d88e1bd2fb4436509366a1c
c41996d83d942ca58a13e2d1adfd171cf26a84bc9b7fdbd1ca941eb0269b5404
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C41996D83D942CA58A13E2D1ADFD171CF26A84BC9B7FDBD1CA941EB0269B5404"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7469
Expires: Thu, 26 Jan 2023 13:34:36 GMT
Date: Thu, 26 Jan 2023 11:30:07 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash bd56ce22720c6e6072efdabae64669fd
29194390d12177fe0d88e1bd2fb4436509366a1c
c41996d83d942ca58a13e2d1adfd171cf26a84bc9b7fdbd1ca941eb0269b5404
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C41996D83D942CA58A13E2D1ADFD171CF26A84BC9B7FDBD1CA941EB0269B5404"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7469
Expires: Thu, 26 Jan 2023 13:34:36 GMT
Date: Thu, 26 Jan 2023 11:30:07 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash bd56ce22720c6e6072efdabae64669fd
29194390d12177fe0d88e1bd2fb4436509366a1c
c41996d83d942ca58a13e2d1adfd171cf26a84bc9b7fdbd1ca941eb0269b5404
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C41996D83D942CA58A13E2D1ADFD171CF26A84BC9B7FDBD1CA941EB0269B5404"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7469
Expires: Thu, 26 Jan 2023 13:34:36 GMT
Date: Thu, 26 Jan 2023 11:30:07 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash bd56ce22720c6e6072efdabae64669fd
29194390d12177fe0d88e1bd2fb4436509366a1c
c41996d83d942ca58a13e2d1adfd171cf26a84bc9b7fdbd1ca941eb0269b5404
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C41996D83D942CA58A13E2D1ADFD171CF26A84BC9B7FDBD1CA941EB0269B5404"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7469
Expires: Thu, 26 Jan 2023 13:34:36 GMT
Date: Thu, 26 Jan 2023 11:30:07 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F602ef184-7161-4092-91b7-61e14eef28a5.jpeg
200 OK 3.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F602ef184-7161-4092-91b7-61e14eef28a5.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 805711aaab303931f8966bbf73aeda52
2bd02a45c8b407e36a41a482b121ea3e14f7c722
66268668c1a970268d75beb1b57f66a759bedac76958a3359cb23104de40fbeb
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F602ef184-7161-4092-91b7-61e14eef28a5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3411
x-amzn-requestid: 62afd364-e94f-45ff-ba6c-9b589fc53e5f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e-EyCEzrIAMFb8A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c8b4d9-203f51040f82f12d535446c4;Sampled=0
x-amzn-remapped-date: Thu, 19 Jan 2023 03:11:21 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 3Ke5d5WguVrF_Phnhu9ojzN5Md0VkYnFfxKNoh5HHrmHwPI90IAIdA==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 10:38:20 GMT
age: 3107
etag: "2bd02a45c8b407e36a41a482b121ea3e14f7c722"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6418a71b-f89d-45d1-bc77-36d6312f560b.jpeg
200 OK 5.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6418a71b-f89d-45d1-bc77-36d6312f560b.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ba0a42dadf6a976df148f652e9cc1844
4d825b74865effa4a858ddcad1d0969671facc07
7276a38c9ba6b13a06f24ab8b802f210f98c5541df53fbcd8e879a14d2957d95
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6418a71b-f89d-45d1-bc77-36d6312f560b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5943
x-amzn-requestid: 6774f4a4-ed83-49df-868f-4517c2af914b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fUXxNF2UIAMFlYw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d1a007-75b1e8975c3f4b503e0a1c5b;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 21:32:55 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: KY05WKpINERD5g9o2QLYdsNMSuuy_YKn2Tl7Qkn7YaAOaPTDfLteeA==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 25 Jan 2023 21:49:40 GMT
etag: "4d825b74865effa4a858ddcad1d0969671facc07"
content-type: image/jpeg
age: 49227
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46a5d7d6-d259-4246-b28c-8e4355fbc747.jpeg
200 OK 6.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46a5d7d6-d259-4246-b28c-8e4355fbc747.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b242645f0cc22e3b12c132e6d03722ac
dec70f83182de58e03bfcb95fc240b7c33f20674
59a2d8c972d27598dfe38637197f90053186c4f68b80a5a90283cb11ddaf8a31
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46a5d7d6-d259-4246-b28c-8e4355fbc747.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6609
x-amzn-requestid: 129067f4-c79b-493d-8863-2eb6c1565ee6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fSZABF4IIAMFsig=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d0d533-4908ab6e5c751213084de3c6;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 07:07:31 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: CaxCPk4-9yhypamZa96f4IyujB3AMeGmpcYP1UmJtjp275dwFjVOcw==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 07:21:33 GMT
age: 14914
etag: "dec70f83182de58e03bfcb95fc240b7c33f20674"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8017df09-37d9-4c4b-9051-0442b3eb8fbf.jpeg
200 OK 9.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8017df09-37d9-4c4b-9051-0442b3eb8fbf.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 17e1b6f3caa98b0e0972802408dd3f93
07e48bf3565e00d093d72dd4ada606f5d39a4838
7094ef64e04573bea7a81bbcc8ab59d721c5ef433e3fa9203e5861040ced549c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8017df09-37d9-4c4b-9051-0442b3eb8fbf.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9285
x-amzn-requestid: 526bd945-31d8-490e-af9d-5e6fc6ea3561
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fUYT2HzvoAMFYYA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d1a0e5-6812fe4354bbdac4472e7e81;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 21:36:37 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: QEH9CmjfV8QZFNxFz_tEk06i_ELUSNC2QjdTF4K3xc3vS651BZ3NlQ==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 25 Jan 2023 21:52:28 GMT
age: 49059
etag: "07e48bf3565e00d093d72dd4ada606f5d39a4838"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ffb1709-216c-4bf0-9b98-e3a355f000bb.jpeg
200 OK 8.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ffb1709-216c-4bf0-9b98-e3a355f000bb.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 13cd008fb3e2739ec7caadadbd427655
c4802b06b87ab97f3ccd80d1c9bbdb4fab9886c1
a300a4fde1863c8b806d0557d9f0adaed19e1c612989d7e3f79a7bb45e6e74dd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ffb1709-216c-4bf0-9b98-e3a355f000bb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8822
x-amzn-requestid: e16ae781-25f3-4b7d-b62b-85b35d6571c6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fUYRwF2KIAMFjDA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d1a0d7-377f24bd18dea32564b148bd;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 21:36:23 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 3Q-kz6GkBHp82E__crWSeqbfxme8c9y1BAAq3TW8NlwJy4eSy7gy7Q==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Wed, 25 Jan 2023 21:49:07 GMT
age: 49260
etag: "c4802b06b87ab97f3ccd80d1c9bbdb4fab9886c1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb3177e0c-fa06-470b-bb9e-800d246a5096.jpeg
200 OK 8.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb3177e0c-fa06-470b-bb9e-800d246a5096.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4e013ee2e3a5287de55de4c2437a279d
f2b0a5738ec9e3b178b2bf5513de3e604b86eadf
f174d5678154412cdbf71f93c345d28cfb8bad7c190fa31dd78e9314c510f7ca
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb3177e0c-fa06-470b-bb9e-800d246a5096.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8648
x-amzn-requestid: 19beb9c1-4e85-47ba-9275-7fb5d25f055f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fUYMlENLoAMFhIg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d1a0b6-016533de5b42b3a573a66c78;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 21:35:50 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: jkExt4JNW6KtzDm8mDdb-AvXWXeyZr14XifDN_XVzKiwFAru_1HcSA==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 3cd7af07832481c336aa1c93c9b4a6fe.cloudfront.net (CloudFront), 1.1 google
date: Wed, 25 Jan 2023 21:49:13 GMT
age: 49254
etag: "f2b0a5738ec9e3b178b2bf5513de3e604b86eadf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
track.smart-tds.com/7c559eb3-ab02-45e4-84ee-696f874d43fb?tds_cid=1d51013c4a549658e1baab10c3ba3fd30c6319c9&tag=1d51013c4a549658e1baab10c3ba3fd30c6319c9&t1=b7208mak_38db92b9
302 Found 0 B URL HTTP/2 track.smart-tds.com/7c559eb3-ab02-45e4-84ee-696f874d43fb?tds_cid=1d51013c4a549658e1baab10c3ba3fd30c6319c9&tag=1d51013c4a549658e1baab10c3ba3fd30c6319c9&t1=b7208mak_38db92b9
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /7c559eb3-ab02-45e4-84ee-696f874d43fb?tds_cid=1d51013c4a549658e1baab10c3ba3fd30c6319c9&tag=1d51013c4a549658e1baab10c3ba3fd30c6319c9&t1=b7208mak_38db92b9 HTTP/1.1
Host: track.smart-tds.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://brides-story.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Thu, 26 Jan 2023 11:30:08 GMT
content-length: 0
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://normallink.com/c4b5ad04-8822-42c1-9db5-e9a49f15358b?s1=b7208mak_38db92b9&s2=&s3=&s4=&s5=&s6=&s7=&s8=&s9=&ks=3036&cost=&tag=w0dlgsgbrsh5636mifpict7u
pragma: no-cache
set-cookie: 7c559eb3-ab02-45e4-84ee-696f874d43fb-v4=pThufWT4V4tOqDGDy0QVxR9h9ya0CA7_1rqEIng0DPs; Max-Age=86400; Expires=Fri, 27-Jan-2023 11:30:08 GMT; Domain=track.smart-tds.com; Path=/; Secure; HttpOnly;SameSite=None
cc-v4=8JmSaPpuIeJmjuR9NqUbI1pz1mB4VonrU1W9dEpxWWSdXbxriM9OKqJeLik8GsFMt420kEi1Lx4N75p17dYPee1iwPGZJm55Kd%2BFDDi%2BQvuVhRqS38A2X8UNIrDqtiXswheBsnB75Pjt385AP8D0CA%3D%3D; Max-Age=31536000; Expires=Fri, 26-Jan-2024 11:30:08 GMT; Domain=track.smart-tds.com; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2
normallink.com/c4b5ad04-8822-42c1-9db5-e9a49f15358b?s1=b7208mak_38db92b9&s2=&s3=&s4=&s5=&s6=&s7=&s8=&s9=&ks=3036&cost=&tag=w0dlgsgbrsh5636mifpict7u
302 Found 0 B URL HTTP/2 normallink.com/c4b5ad04-8822-42c1-9db5-e9a49f15358b?s1=b7208mak_38db92b9&s2=&s3=&s4=&s5=&s6=&s7=&s8=&s9=&ks=3036&cost=&tag=w0dlgsgbrsh5636mifpict7u
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /c4b5ad04-8822-42c1-9db5-e9a49f15358b?s1=b7208mak_38db92b9&s2=&s3=&s4=&s5=&s6=&s7=&s8=&s9=&ks=3036&cost=&tag=w0dlgsgbrsh5636mifpict7u HTTP/1.1
Host: normallink.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://brides-story.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Thu, 26 Jan 2023 11:30:08 GMT
content-length: 0
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://casual-flirt-hub.com/99/no/NO_black-blonde-milf_13042022/?campaign=Norway&cep=MyYPgjSxi-Xjsp2B45TexQzdwEiVVr8nmDXldlgNIr8yWCflYQCwYWvRrUf0qSSr9rp0TWiThdbeXDYthTofQiGaebxbnG7SdlhBMq0Rknei_0cwj2LMo8sQW3NkMR2K91hQKkqKboxdE5ibb7yn44l6CHFzlpc3641UrFyMWnvyzjrKeSgY8lYi8drFVkHK44zZVw5hNOP2227KBb5YAqHTZPMb2ezcd61WzfaZECvVc_lu2l3vMUjX_roH1x3qQcJn3tzqdMis6c4LGnED6oM0RAsmV8oUHlyzbIzkJ1aJeSQAUbzdwNvCcxNzjvelws0rCRN3ZLZVt-Tcbovoh5kebjdcQ0LxyOXdJpxeiSG5znQSuw_q_PKvUcLjTQC4McQ9x2DmaYIl67oFSPDv2P5r7Vcp2EF25xoLjPmMBhjAC7aldZFsKUXWjySZJnC-kxPh38uS_B9Tk4BH8tAn7iSYJ8rBTJdFaZbvVWeoqpH50tSs7AWS2npHZ35LofmuxpLZXgk506_oi4OqREBmdnwBrAJhU8QvvxGWvbEt5nTeD8AE2FWS1x2KFdiRQWIx&lptoken=169e746873a144de0876&s1=b7208mak_38db92b9&s2=&s3=&s4=&s5=&s6=&s7=&s8=&s9=&ks=3036&cost=&tag=w0dlgsgbrsh5636mifpict7u
pragma: no-cache
set-cookie: c4b5ad04-8822-42c1-9db5-e9a49f15358b-v4=5RXShqrE1UZTKSkkxbY-pUQzdVLfR9ajbUEt1iH3yWc; Max-Age=86400; Expires=Fri, 27-Jan-2023 11:30:08 GMT; Domain=normallink.com; Path=/; Secure; HttpOnly;SameSite=None
cep-v4=-rUciLXe6x3CSgfi2vNlJcLg5z18Ot-oB_ScpMz4OFmuuIvtIIDhS5YhNmnCO5X7HsmGM5skXCecO6qXRXYLxsTUU8n7isPn2GdIYxKxAj9yg0os8bu013wTdF25O7rZLxA28B3gDDz9gIrDi1-0RUAvTf_1DaCCx-nxTfumK9NiaHVCUp0xzXvqRZPCQxNwtioD-uPzwQ7x9hJUr9tUa0XFQIN-JrM3c3bm1EJwN-0b8HRFaLqwmmfWQhcm207rsllVCPsd_LFEpj3NPS0YF2xylAy8X-zms4YdLL9mTeTGQGiowyDTzT_B6eLImukP41E_cNw7fHxo6T9ydk_uEzzznqjPspxCDAei0YBar4C4rc8nWNQVyyJSq_DxuPI15IPvRng0bR6spH8WJFR84NDhVwD0VhLaKfP4eTkCO89xg1E2p41_uvPR5CueZOXW7PFet6yH_-tlMraMLpAQnpODbWn_RzCC33wKiE7tkCgQ87Sb4UhnUnjV23zk_8PesnSBXrcQ2VaqSvkxd2_uqsQvQhlDCojaJEkLNEwl3xQL3Sv4JlqK-a3bKvwnasg5; Max-Age=86400; Expires=Fri, 27-Jan-2023 11:30:08 GMT; Domain=normallink.com; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/tV-gbU0e9Hc
200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/tV-gbU0e9Hc
IP
Hash 236f00ad7afe142d8658b6dbab12b540
9909ad309f3b324040ecfb4121f936a42b0ea230
ae105dfc0a1152f996fddc8c5d6811f01ca4c82a19d7b57ca18a98c9ffd0dfb8
POST /s/gts1p5/tV-gbU0e9Hc HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 11:30:08 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1p5/tV-gbU0e9Hc
200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/tV-gbU0e9Hc
IP
Hash 236f00ad7afe142d8658b6dbab12b540
9909ad309f3b324040ecfb4121f936a42b0ea230
ae105dfc0a1152f996fddc8c5d6811f01ca4c82a19d7b57ca18a98c9ffd0dfb8
POST /s/gts1p5/tV-gbU0e9Hc HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 11:30:08 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
casual-flirt-hub.com/99/no/NO_black-blonde-milf_13042022/images/pic01.png
200 OK 326 kB URL HTTP/2 casual-flirt-hub.com/99/no/NO_black-blonde-milf_13042022/images/pic01.png
IP
File type PNG image data, 400 x 600, 8-bit/color RGB, non-interlaced\012- data
Size 326 kB (325860 bytes)
Hash d5c14c121930b64d765271f3f51d0e92
295a6d991189a76f663bd0ca393f1e2ec55d80a0
8309e2466fd7b27947f57336e27819dd0ba6e95d4bfc3eb5e2d0bee925b690e3
GET /99/no/NO_black-blonde-milf_13042022/images/pic01.png HTTP/1.1
Host: casual-flirt-hub.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://casual-flirt-hub.com/99/no/NO_black-blonde-milf_13042022/?campaign=Norway&cep=MyYPgjSxi-Xjsp2B45TexQzdwEiVVr8nmDXldlgNIr8yWCflYQCwYWvRrUf0qSSr9rp0TWiThdbeXDYthTofQiGaebxbnG7SdlhBMq0Rknei_0cwj2LMo8sQW3NkMR2K91hQKkqKboxdE5ibb7yn44l6CHFzlpc3641UrFyMWnvyzjrKeSgY8lYi8drFVkHK44zZVw5hNOP2227KBb5YAqHTZPMb2ezcd61WzfaZECvVc_lu2l3vMUjX_roH1x3qQcJn3tzqdMis6c4LGnED6oM0RAsmV8oUHlyzbIzkJ1aJeSQAUbzdwNvCcxNzjvelws0rCRN3ZLZVt-Tcbovoh5kebjdcQ0LxyOXdJpxeiSG5znQSuw_q_PKvUcLjTQC4McQ9x2DmaYIl67oFSPDv2P5r7Vcp2EF25xoLjPmMBhjAC7aldZFsKUXWjySZJnC-kxPh38uS_B9Tk4BH8tAn7iSYJ8rBTJdFaZbvVWeoqpH50tSs7AWS2npHZ35LofmuxpLZXgk506_oi4OqREBmdnwBrAJhU8QvvxGWvbEt5nTeD8AE2FWS1x2KFdiRQWIx&lptoken=169e746873a144de0876&s1=b7208mak_38db92b9&s2=&s3=&s4=&s5=&s6=&s7=&s8=&s9=&ks=3036&cost=&tag=w0dlgsgbrsh5636mifpict7u
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 26 Jan 2023 11:30:08 GMT
content-type: image/png
content-length: 325860
last-modified: Thu, 19 Jan 2023 17:45:27 GMT
etag: "4f8e4-5f2a17f94bd8b"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2469
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GognThEKttwJhIoBU1xUMRED06xsTfaG0gRFroDFIWiYGoUitHKfjUbRvzx%2FB7CBiKcWGzAGLEcJ%2FNcqgu%2BT7V2xZ8BKIuIvKkEeH6DlhzuE0iJRn9ZhphdwUHf485znlKw%2FOEXmSg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78f8ea332f15b4ee-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
casual-flirt-hub.com/99/no/NO_black-blonde-milf_13042022/?campaign=Norway&cep=MyYPgjSxi-Xjsp2B45TexQzdwEiVVr8nmDXldlgNIr8yWCflYQCwYWvRrUf0qSSr9rp0TWiThdbeXDYthTofQiGaebxbnG7SdlhBMq0Rknei_0cwj2LMo8sQW3NkMR2K91hQKkqKboxdE5ibb7yn44l6CHFzlpc3641UrFyMWnvyzjrKeSgY8lYi8drFVkHK44zZVw5hNOP2227KBb5YAqHTZPMb2ezcd61WzfaZECvVc_lu2l3vMUjX_roH1x3qQcJn3tzqdMis6c4LGnED6oM0RAsmV8oUHlyzbIzkJ1aJeSQAUbzdwNvCcxNzjvelws0rCRN3ZLZVt-Tcbovoh5kebjdcQ0LxyOXdJpxeiSG5znQSuw_q_PKvUcLjTQC4McQ9x2DmaYIl67oFSPDv2P5r7Vcp2EF25xoLjPmMBhjAC7aldZFsKUXWjySZJnC-kxPh38uS_B9Tk4BH8tAn7iSYJ8rBTJdFaZbvVWeoqpH50tSs7AWS2npHZ35LofmuxpLZXgk506_oi4OqREBmdnwBrAJhU8QvvxGWvbEt5nTeD8AE2FWS1x2KFdiRQWIx&lptoken=169e746873a144de0876&s1=b7208mak_38db92b9&s2=&s3=&s4=&s5=&s6=&s7=&s8=&s9=&ks=3036&cost=&tag=w0dlgsgbrsh5636mifpict7u
200 OK 2.0 kB URL HTTP/2 casual-flirt-hub.com/99/no/NO_black-blonde-milf_13042022/?campaign=Norway&cep=MyYPgjSxi-Xjsp2B45TexQzdwEiVVr8nmDXldlgNIr8yWCflYQCwYWvRrUf0qSSr9rp0TWiThdbeXDYthTofQiGaebxbnG7SdlhBMq0Rknei_0cwj2LMo8sQW3NkMR2K91hQKkqKboxdE5ibb7yn44l6CHFzlpc3641UrFyMWnvyzjrKeSgY8lYi8drFVkHK44zZVw5hNOP2227KBb5YAqHTZPMb2ezcd61WzfaZECvVc_lu2l3vMUjX_roH1x3qQcJn3tzqdMis6c4LGnED6oM0RAsmV8oUHlyzbIzkJ1aJeSQAUbzdwNvCcxNzjvelws0rCRN3ZLZVt-Tcbovoh5kebjdcQ0LxyOXdJpxeiSG5znQSuw_q_PKvUcLjTQC4McQ9x2DmaYIl67oFSPDv2P5r7Vcp2EF25xoLjPmMBhjAC7aldZFsKUXWjySZJnC-kxPh38uS_B9Tk4BH8tAn7iSYJ8rBTJdFaZbvVWeoqpH50tSs7AWS2npHZ35LofmuxpLZXgk506_oi4OqREBmdnwBrAJhU8QvvxGWvbEt5nTeD8AE2FWS1x2KFdiRQWIx&lptoken=169e746873a144de0876&s1=b7208mak_38db92b9&s2=&s3=&s4=&s5=&s6=&s7=&s8=&s9=&ks=3036&cost=&tag=w0dlgsgbrsh5636mifpict7u
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text
Hash 178ae875eea270804a310594030978e4
16c3b49f6f5892ca6e63c5830827e3d044add572
5dc735ec53c9b23d1ac8ef18535e9075a2e32603edfc4f23dca4686680dd0c6c
GET /99/no/NO_black-blonde-milf_13042022/?campaign=Norway&cep=MyYPgjSxi-Xjsp2B45TexQzdwEiVVr8nmDXldlgNIr8yWCflYQCwYWvRrUf0qSSr9rp0TWiThdbeXDYthTofQiGaebxbnG7SdlhBMq0Rknei_0cwj2LMo8sQW3NkMR2K91hQKkqKboxdE5ibb7yn44l6CHFzlpc3641UrFyMWnvyzjrKeSgY8lYi8drFVkHK44zZVw5hNOP2227KBb5YAqHTZPMb2ezcd61WzfaZECvVc_lu2l3vMUjX_roH1x3qQcJn3tzqdMis6c4LGnED6oM0RAsmV8oUHlyzbIzkJ1aJeSQAUbzdwNvCcxNzjvelws0rCRN3ZLZVt-Tcbovoh5kebjdcQ0LxyOXdJpxeiSG5znQSuw_q_PKvUcLjTQC4McQ9x2DmaYIl67oFSPDv2P5r7Vcp2EF25xoLjPmMBhjAC7aldZFsKUXWjySZJnC-kxPh38uS_B9Tk4BH8tAn7iSYJ8rBTJdFaZbvVWeoqpH50tSs7AWS2npHZ35LofmuxpLZXgk506_oi4OqREBmdnwBrAJhU8QvvxGWvbEt5nTeD8AE2FWS1x2KFdiRQWIx&lptoken=169e746873a144de0876&s1=b7208mak_38db92b9&s2=&s3=&s4=&s5=&s6=&s7=&s8=&s9=&ks=3036&cost=&tag=w0dlgsgbrsh5636mifpict7u HTTP/1.1
Host: casual-flirt-hub.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://brides-story.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 26 Jan 2023 11:30:08 GMT
content-type: text/html
vary: Accept-Encoding
last-modified: Thu, 19 Jan 2023 17:34:22 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7%2FSgbUbZReT9lxpM7oWfZiGu9UbOYIcimz%2Bk2F9atzzKDS3iIc9mizjRi0%2BwyPCq7v2fkpu4Svab5nJ6rtpujdTyjv00gDAtlvWNO0mcTQa5fvXtW3p5cGhfO0Uyx4IcuzFbJzVJIw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78f8ea329e5ab4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.googletagmanager.com/gtm.js?id=GTM-W62P37M
200 OK 56 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-W62P37M
IP
File type ASCII text, with very long lines (15845)
Hash d8c3577bbbbc5af3183d01729c101eb9
593842a3048468d8156b3234912872d61c578ca8
3bb5569f3276bf00aaab19e9500733dd7d0a7e806eaa992dfa130a8a84accf8a
GET /gtm.js?id=GTM-W62P37M HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://casual-flirt-hub.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 26 Jan 2023 11:30:08 GMT
expires: Thu, 26 Jan 2023 11:30:08 GMT
cache-control: private, max-age=900
last-modified: Thu, 26 Jan 2023 09:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 55975
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 0bf8fccb276521254634abcdcb4b3f0d
a5b7ffa58daf7d1ea3e312b68533d4d0271348f4
991b03387ddbe0b07a9aee23ea7a98863fa85035cb26e631e0d22a1b999ee487
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 11:30:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/analytics.js
200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP
File type ASCII text, with very long lines (1490)
Hash ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://casual-flirt-hub.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Thu, 26 Jan 2023 09:45:20 GMT
expires: Thu, 26 Jan 2023 11:45:20 GMT
cache-control: public, max-age=7200
age: 6288
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdn.onesignal.com/sdks/OneSignalSDK.js
200 OK 3.4 kB URL HTTP/2 cdn.onesignal.com/sdks/OneSignalSDK.js
IP
File type ASCII text, with very long lines (9097)
Hash f9cb9f7bbfdb9a761efaf6333770e9de
6ed17744a321c0c8a3d472b4c59a3246d87503b1
179aabe3266a652adba4ce397e6709319398513b92ff021aa81bfc7a66daa457
GET /sdks/OneSignalSDK.js HTTP/1.1
Host: cdn.onesignal.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://casual-flirt-hub.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 26 Jan 2023 11:30:08 GMT
content-type: application/javascript
etag: W/"ae63ef8ff03da61fffaa7f165729897a"
access-control-allow-headers: OneSignal-Subscription-Id
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: HIT
age: 319
expires: Sun, 29 Jan 2023 11:30:08 GMT
cache-control: public, max-age=259200
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
server: cloudflare
cf-ray: 78f8ea34ae2bb511-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 810bf2bf9f302d0a65b1e0b447b549ef
d6ddcc1e64a1392f5942c0fc45864a282a93854e
f61096b63e6f62872d6d30aac7671c72403bba82f4f5c555add8e0997675f712
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 11:30:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-127241846-1&cid=2005494876.1674732607&jid=1997725200&gjid=1410693338&_gid=587082822.1674732607&_u=YEBAAEAAAAAAACAAI~&z=1442833371
200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-127241846-1&cid=2005494876.1674732607&jid=1997725200&gjid=1410693338&_gid=587082822.1674732607&_u=YEBAAEAAAAAAACAAI~&z=1442833371
IP
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-127241846-1&cid=2005494876.1674732607&jid=1997725200&gjid=1410693338&_gid=587082822.1674732607&_u=YEBAAEAAAAAAACAAI~&z=1442833371 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://casual-flirt-hub.com
Connection: keep-alive
Referer: https://casual-flirt-hub.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://casual-flirt-hub.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Thu, 26 Jan 2023 11:30:08 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash cc2b9a26cf016c0cf9e73531f6004051
408990c14ea8af4c979a277da755c89771672356
36e955bd017c3febc7623ad388bb260757294ca612b94ae5417de6cc04073a82
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 11:30:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 190a3bc280ae77bcdd9d5404a4827845
7a87ca451b0fa21d44faace1c2ddbb4dede06133
95988c13b98d7164f7bf530e59b411a3ba26eab34bfb0898191e96ee29704ab0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 11:30:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash fdded3d5e68d5358634880be3d3f2d04
6a02176ed7735b46393d51bd142e0deace6a5007
7077e5a7a6aeee95ad600ca2a943f7062f593e12fa61e74bbb860f6019bf67b7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 11:30:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-127241846-1&cid=2005494876.1674732607&jid=1997725200&_u=YEBAAEAAAAAAACAAI~&z=1584453676
200 OK 42 B URL HTTP/2 www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-127241846-1&cid=2005494876.1674732607&jid=1997725200&_u=YEBAAEAAAAAAACAAI~&z=1584453676
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-127241846-1&cid=2005494876.1674732607&jid=1997725200&_u=YEBAAEAAAAAAACAAI~&z=1584453676 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://casual-flirt-hub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 26 Jan 2023 11:30:09 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-127241846-1&cid=2005494876.1674732607&jid=1997725200&_u=YEBAAEAAAAAAACAAI~&z=1584453676
200 OK 290 B URL HTTP/2 www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-127241846-1&cid=2005494876.1674732607&jid=1997725200&_u=YEBAAEAAAAAAACAAI~&z=1584453676
IP
Hash 2915271d84ffdc39e9144af90771b27e
eeced7abf9c36d83b0fa612bdb0c93ac8318f652
8a85bea2367c4f40096bdedd29364f090a1eb2b2e3fbbd36bfa69dba94416bf1
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-127241846-1&cid=2005494876.1674732607&jid=1997725200&_u=YEBAAEAAAAAAACAAI~&z=1584453676 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://casual-flirt-hub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 26 Jan 2023 11:30:09 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 04cb7fc8b1e2a65a0b198cc53eb5e5cd
6d04611612d81108e856467f0e4b0479cbb37d33
1c745d8ace7ea6f8e5d7da5e9c067b7b3427ce9c5a5e2c5c35d1c345266de518
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 11:30:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash fdded3d5e68d5358634880be3d3f2d04
6a02176ed7735b46393d51bd142e0deace6a5007
7077e5a7a6aeee95ad600ca2a943f7062f593e12fa61e74bbb860f6019bf67b7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 11:30:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
200 OK 314 B IP
Hash d05ed0031bf3498b48efb2c7a7639aca
38d87e75108bd7610f456fea5bbddc159aaa8a48
1f3f7a3e87d07d2858d52e9066e40da95182f0b255d380426450b5d1f5087ca0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2810
Cache-Control: max-age=100075
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 11:30:13 GMT
Etag: "63d13d36-13a"
Expires: Fri, 27 Jan 2023 15:18:08 GMT
Last-Modified: Wed, 25 Jan 2023 14:31:18 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 314
ctrack.trafficjunky.net/ctrack?action=list&type=add&id=0&context=instaflirt&cookiename=visit&maxcookiecount=10>mcb=1983638190
200 OK 35 B URL HTTP/1.1 ctrack.trafficjunky.net/ctrack?action=list&type=add&id=0&context=instaflirt&cookiename=visit&maxcookiecount=10>mcb=1983638190
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
GET /ctrack?action=list&type=add&id=0&context=instaflirt&cookiename=visit&maxcookiecount=10>mcb=1983638190 HTTP/1.1
Host: ctrack.trafficjunky.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://casual-flirt-hub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
server: openresty
date: Thu, 26 Jan 2023 11:30:13 GMT
content-type: image/gif
content-length: 35
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Sun, 22 Jan 1984 03:00:00 GMT
p3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
pragma: no-cache
set-cookie: tj_UUID=631cd2ee2b4f4cf89a98c513c08d9583; Path=/; Domain=trafficjunky.net; Expires=Sat, 25 Feb 2023 11:30:13 GMT; Secure; SameSite=None
tj_UUID_v2=631cd2ee-2b4f-4cf8-9a98-c513c08d9583; Path=/; Domain=trafficjunky.net; Expires=Sat, 25 Feb 2023 11:30:13 GMT; Secure; SameSite=None
dcccad4e8cd529e2dd8695d508de7edc=0; Path=/; Domain=trafficjunky.net; Expires=Sat, 04 Dec 2032 11:30:13 GMT; Secure; SameSite=None
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET,POST
access-control-allow-headers: Content-Type
access-control-max-age: 86400
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
x-request-id: 63D26445-42FE725901BB2274-2F685AC
casual-flirt-hub.com/99/no/NO_black-blonde-milf_13042022/css/style.css
200 OK 0 B URL HTTP/2 casual-flirt-hub.com/99/no/NO_black-blonde-milf_13042022/css/style.css
IP
GET /99/no/NO_black-blonde-milf_13042022/css/style.css HTTP/1.1
Host: casual-flirt-hub.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://casual-flirt-hub.com/99/no/NO_black-blonde-milf_13042022/?campaign=Norway&cep=MyYPgjSxi-Xjsp2B45TexQzdwEiVVr8nmDXldlgNIr8yWCflYQCwYWvRrUf0qSSr9rp0TWiThdbeXDYthTofQiGaebxbnG7SdlhBMq0Rknei_0cwj2LMo8sQW3NkMR2K91hQKkqKboxdE5ibb7yn44l6CHFzlpc3641UrFyMWnvyzjrKeSgY8lYi8drFVkHK44zZVw5hNOP2227KBb5YAqHTZPMb2ezcd61WzfaZECvVc_lu2l3vMUjX_roH1x3qQcJn3tzqdMis6c4LGnED6oM0RAsmV8oUHlyzbIzkJ1aJeSQAUbzdwNvCcxNzjvelws0rCRN3ZLZVt-Tcbovoh5kebjdcQ0LxyOXdJpxeiSG5znQSuw_q_PKvUcLjTQC4McQ9x2DmaYIl67oFSPDv2P5r7Vcp2EF25xoLjPmMBhjAC7aldZFsKUXWjySZJnC-kxPh38uS_B9Tk4BH8tAn7iSYJ8rBTJdFaZbvVWeoqpH50tSs7AWS2npHZ35LofmuxpLZXgk506_oi4OqREBmdnwBrAJhU8QvvxGWvbEt5nTeD8AE2FWS1x2KFdiRQWIx&lptoken=169e746873a144de0876&s1=b7208mak_38db92b9&s2=&s3=&s4=&s5=&s6=&s7=&s8=&s9=&ks=3036&cost=&tag=w0dlgsgbrsh5636mifpict7u
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 26 Jan 2023 11:30:08 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=2848
etag: W/"b20-5f2a17f8d4b42"
last-modified: Thu, 19 Jan 2023 17:45:27 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 2469
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BqARtCkY8rVcNYx67rzuPcDqpWVhtHurumUg1u1nKznlKNTU2TlFLcqK8j4FKYlPQIcnNVzyUW2hwh5WD4OVf7yNq2ILW6iupo3QQY2Eprr1%2FSnBHvQHKapwo8yVqT60xgd7BJ7hnQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78f8ea332f14b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
tr1.tr1net.com/c.php?k=63r1l5p2seqav3mqsdvc&clickid=63d26428855b9f00011e29af&affpid=19502&action_id=USdesktop&referrer=o.tr1net.com&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=
302 Found 0 B URL HTTP/2 tr1.tr1net.com/c.php?k=63r1l5p2seqav3mqsdvc&clickid=63d26428855b9f00011e29af&affpid=19502&action_id=USdesktop&referrer=o.tr1net.com&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=
IP
GET /c.php?k=63r1l5p2seqav3mqsdvc&clickid=63d26428855b9f00011e29af&affpid=19502&action_id=USdesktop&referrer=o.tr1net.com&sub1=&sub2=&sub3=&sub4=&sub5=&sub6= HTTP/1.1
Host: tr1.tr1net.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
date: Thu, 26 Jan 2023 11:30:05 GMT
content-type: text/html; charset=UTF-8
location: https://r.go2offer-1.com/click?pid=7603&offer_id=2294&l=1597225253&sub1=6de7bqdxrj2a2bl56d&sub2=19502
set-cookie: uclick=qdxrj2a2wj; expires=Fri, 27-Jan-2023 11:30:05 GMT; Max-Age=86400; path=/; secure; SameSite=none
uclickhash=qdxrj2a2wj-qdxrj2a2wj-1z-tw7s-9ra5-wfgmwj-wfgmvr-30ca74; expires=Fri, 27-Jan-2023 11:30:05 GMT; Max-Age=86400; path=/; secure; SameSite=none
uclick=qdxrj2a2wj; expires=Fri, 27-Jan-2023 11:30:05 GMT; Max-Age=86400; path=/; secure; SameSite=none
uclickhash=qdxrj2a2wj-qdxrj2a2bl-j68n-twqd-hog5-twe80-twg63y-494302; expires=Fri, 27-Jan-2023 11:30:05 GMT; Max-Age=86400; path=/; secure; SameSite=none
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WFTOAB4JYD2kVoBwd24DewEQn7DsJ9esJUbM7EKoDPG9xKLM81TZLx8ihAR%2Bog1klUOAvy3pyUA6RtPryjFpISo3JV%2FP%2FTZ33xKP3C7%2Fs2RjPAzBjP3DdV6hPGJXZ8VuUA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78f8ea1f7a22b511-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
brides-story.com/tds/rsl?tdsId=s6593mak_r&tds_campaign=s6593mak&utm_source=arba&utm_term=mob_sml_ww_adv_aff&s1=arb&p1=7603_19502&data2=63d2643f48e70a00010d36c6&utm_campaign=38db92b9
302 Found 0 B URL HTTP/2 brides-story.com/tds/rsl?tdsId=s6593mak_r&tds_campaign=s6593mak&utm_source=arba&utm_term=mob_sml_ww_adv_aff&s1=arb&p1=7603_19502&data2=63d2643f48e70a00010d36c6&utm_campaign=38db92b9
IP
GET /tds/rsl?tdsId=s6593mak_r&tds_campaign=s6593mak&utm_source=arba&utm_term=mob_sml_ww_adv_aff&s1=arb&p1=7603_19502&data2=63d2643f48e70a00010d36c6&utm_campaign=38db92b9 HTTP/1.1
Host: brides-story.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
date: Thu, 26 Jan 2023 11:30:07 GMT
location: https://brides-story.com/tds/interlayer/eb/s/ccadcaa2fd8512012453b90a4e486c7d?__t=1674732607714&__l=3600
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
accept-ch: UA, Platform, Model, Mobile, Arch
set-cookie: dci=6e76d7f2247ac47886a633709b6f08d9156c3701; Max-Age=31536000; Domain=.brides-story.com; Path=/; Expires=Fri, 26 Jan 2024 11:30:07 GMT; Secure; SameSite=None
dm=fe450dd0d1dadc615429144d33241f42; Max-Age=432000; Path=/; Expires=Tue, 31 Jan 2023 11:30:07 GMT
X-Firefox-Spdy: h2
brides-story.com/tds/interlayer/eb/s/ccadcaa2fd8512012453b90a4e486c7d?__t=1674732607714&__l=3600
200 OK 0 B URL HTTP/2 brides-story.com/tds/interlayer/eb/s/ccadcaa2fd8512012453b90a4e486c7d?__t=1674732607714&__l=3600
IP
GET /tds/interlayer/eb/s/ccadcaa2fd8512012453b90a4e486c7d?__t=1674732607714&__l=3600 HTTP/1.1
Host: brides-story.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: dci=6e76d7f2247ac47886a633709b6f08d9156c3701; dm=fe450dd0d1dadc615429144d33241f42
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers
HTTP/2 200 OK
date: Thu, 26 Jan 2023 11:30:07 GMT
content-type: text/html
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
accept-ch: UA, Platform, Model, Mobile, Arch
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
brides-story.com/ao.js
200 OK 0 B IP
Analyzer Verdict Alert fortinet Phishing
GET /ao.js HTTP/1.1
Host: brides-story.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://brides-story.com/tds/interlayer/eb/s/ccadcaa2fd8512012453b90a4e486c7d?__t=1674732607714&__l=3600
Cookie: dci=6e76d7f2247ac47886a633709b6f08d9156c3701; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 26 Jan 2023 11:30:07 GMT
content-type: application/javascript; charset=UTF-8
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
x-robots-tag: noindex
accept-ranges: bytes
cache-control: public, max-age=3600
last-modified: Tue, 24 Jan 2023 15:37:58 GMT
etag: W/"1509-185e46dc7f0"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
brides-story.com/tds/interlayer?handler=ExternalBackofferEvent&urlIn=https%3A%2F%2Fbrides-story.com%2Ftds%2Finterlayer%2Feb%2Fs%2Fccadcaa2fd8512012453b90a4e486c7d%3F__t%3D1674732607714%26__l%3D3600&urlOut=https%3A%2F%2Ftrack.smart-tds.com%2F7c559eb3-ab02-45e4-84ee-696f874d43fb%3Ftds_cid%3D1d51013c4a549658e1baab10c3ba3fd30c6319c9%26tag%3D1d51013c4a549658e1baab10c3ba3fd30c6319c9%26t1%3Db7208mak_38db92b9&altQs=utm_campaign%3D38db92b9%26utm_source%3Darba%26utm_term%3Dmob_sml_ww_adv_aff%26data2%3D63d2643f48e70a00010d36c6%26p1%3D7603_19502%26s1%3Darb%26s2%3D%257Bs2%257D%26tds_campaign%3Db7208mak%26tds_id%3Db7208mak_lp_a_1639037433617_smartlink%26tds_oid%3Dcd2d3032%26tds_cid%3D1d51013c4a549658e1baab10c3ba3fd30c6319c9%26tds_ac_id%3Ds6593mak%26tds_host%3Dbrides-story.com%26tds_path%3D%252Ftds%252Frsl%26dci%3D6e76d7f2247ac47886a633709b6f08d9156c3701%26tds_ps%3Da&tdsCid=1d51013c4a549658e1baab10c3ba3fd30c6319c9&reason=beacon&visitsCount=1&ts=1674732605825
200 OK 0 B URL HTTP/2 brides-story.com/tds/interlayer?handler=ExternalBackofferEvent&urlIn=https%3A%2F%2Fbrides-story.com%2Ftds%2Finterlayer%2Feb%2Fs%2Fccadcaa2fd8512012453b90a4e486c7d%3F__t%3D1674732607714%26__l%3D3600&urlOut=https%3A%2F%2Ftrack.smart-tds.com%2F7c559eb3-ab02-45e4-84ee-696f874d43fb%3Ftds_cid%3D1d51013c4a549658e1baab10c3ba3fd30c6319c9%26tag%3D1d51013c4a549658e1baab10c3ba3fd30c6319c9%26t1%3Db7208mak_38db92b9&altQs=utm_campaign%3D38db92b9%26utm_source%3Darba%26utm_term%3Dmob_sml_ww_adv_aff%26data2%3D63d2643f48e70a00010d36c6%26p1%3D7603_19502%26s1%3Darb%26s2%3D%257Bs2%257D%26tds_campaign%3Db7208mak%26tds_id%3Db7208mak_lp_a_1639037433617_smartlink%26tds_oid%3Dcd2d3032%26tds_cid%3D1d51013c4a549658e1baab10c3ba3fd30c6319c9%26tds_ac_id%3Ds6593mak%26tds_host%3Dbrides-story.com%26tds_path%3D%252Ftds%252Frsl%26dci%3D6e76d7f2247ac47886a633709b6f08d9156c3701%26tds_ps%3Da&tdsCid=1d51013c4a549658e1baab10c3ba3fd30c6319c9&reason=beacon&visitsCount=1&ts=1674732605825
IP
POST /tds/interlayer?handler=ExternalBackofferEvent&urlIn=https%3A%2F%2Fbrides-story.com%2Ftds%2Finterlayer%2Feb%2Fs%2Fccadcaa2fd8512012453b90a4e486c7d%3F__t%3D1674732607714%26__l%3D3600&urlOut=https%3A%2F%2Ftrack.smart-tds.com%2F7c559eb3-ab02-45e4-84ee-696f874d43fb%3Ftds_cid%3D1d51013c4a549658e1baab10c3ba3fd30c6319c9%26tag%3D1d51013c4a549658e1baab10c3ba3fd30c6319c9%26t1%3Db7208mak_38db92b9&altQs=utm_campaign%3D38db92b9%26utm_source%3Darba%26utm_term%3Dmob_sml_ww_adv_aff%26data2%3D63d2643f48e70a00010d36c6%26p1%3D7603_19502%26s1%3Darb%26s2%3D%257Bs2%257D%26tds_campaign%3Db7208mak%26tds_id%3Db7208mak_lp_a_1639037433617_smartlink%26tds_oid%3Dcd2d3032%26tds_cid%3D1d51013c4a549658e1baab10c3ba3fd30c6319c9%26tds_ac_id%3Ds6593mak%26tds_host%3Dbrides-story.com%26tds_path%3D%252Ftds%252Frsl%26dci%3D6e76d7f2247ac47886a633709b6f08d9156c3701%26tds_ps%3Da&tdsCid=1d51013c4a549658e1baab10c3ba3fd30c6319c9&reason=beacon&visitsCount=1&ts=1674732605825 HTTP/1.1
Host: brides-story.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://brides-story.com
Connection: keep-alive
Referer: https://brides-story.com/tds/interlayer/eb/s/ccadcaa2fd8512012453b90a4e486c7d?__t=1674732607714&__l=3600
Cookie: dci=6e76d7f2247ac47886a633709b6f08d9156c3701; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Content-Length: 0
TE: trailers
HTTP/2 200 OK
date: Thu, 26 Jan 2023 11:30:07 GMT
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
accept-ch: UA, Platform, Model, Mobile, Arch
X-Firefox-Spdy: h2
104.21.79.176
66.254.114.89
34.141.137.168
23.36.76.226
188.114.97.1
93.184.220.29
18.193.235.10