r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6ed951622549ed76959631f8a1bf497b
682b2dd2a72190510e3fa7bdb0c0c6f25a322dfb
86f5e5ae2da408a899d16c83b7ca441033ac0c30062cd29f2db1b1b5be666746
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "86F5E5AE2DA408A899D16C83B7CA441033AC0C30062CD29F2DB1B1B5BE666746"
Last-Modified: Sat, 19 Nov 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11924
Expires: Mon, 21 Nov 2022 07:28:59 GMT
Date: Mon, 21 Nov 2022 04:10:15 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a49c7b2c3938baf05d805e8f88c19d81
483de4a2ecdad95bbd3268777bff8e5d17dc1b25
2fb23c7d1d5ca910db5ca7698d0cefe692de6967cf08e727c342faf0575b7a0a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2FB23C7D1D5CA910DB5CA7698D0CEFE692DE6967CF08E727C342FAF0575B7A0A"
Last-Modified: Sat, 19 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5150
Expires: Mon, 21 Nov 2022 05:36:05 GMT
Date: Mon, 21 Nov 2022 04:10:15 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1cee7787feebac18f9eca273e56e3741
3a7dac544172921e24c2a1701beef5079b21d01b
79ff4a450c749d64e116c00ca3b00d40e968906c5c3881d6eeb2dc6374a4c858
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "79FF4A450C749D64E116C00CA3B00D40E968906C5C3881D6EEB2DC6374A4C858"
Last-Modified: Sat, 19 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12412
Expires: Mon, 21 Nov 2022 07:37:07 GMT
Date: Mon, 21 Nov 2022 04:10:15 GMT
Connection: keep-alive
getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US®ion=NO&count=30
34.120.5.221200 OK 47 kB URL HTTP/2 getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US®ion=NO&count=30
IP 34.120.5.221:0
File type JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Hash 131086d568df8d5de66161d7e91f3584
2648c85e3c369c18ceaec99bc2d7331a10e5873d
50e18c1a9e15324d8397af50e90af0bd0b9cb8eba9ddb430afbd5c38bd82c884
GET /v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US®ion=NO&count=30 HTTP/1.1
Host: getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
vary: Accept-Encoding
content-location: global-recs.php
tcn: choice
x-frame-options: SAMEORIGIN
status: 200 OK
x-source: Pocket
pragma: cache
p3p: policyref="/w3c/p3p.xml", CP="ALL CURa ADMa DEVa OUR IND UNI COM NAV INT STA PRE"
x-cache: Miss from cloudfront
x-amz-cf-pop: SEA73-P2
x-amz-cf-id: Ou1P9ooR9wViBOxAK_lo4rWE16X79WOj8PRn-6rcUBNGu8on0RkGxA==
content-encoding: gzip
via: 1.1 d8d9c12d1a621129f4bc739038e7c72e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 21 Nov 2022 04:00:58 GMT
content-type: application/json
content-length: 46696
age: 557
cache-control: s-maxage=900,public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: /PARQdXH2QIf6SaznU00qNd653Uh+rP3OtgpxJ7f6Sam2iBDMMOUdKY6RRzT/va8D9bkiY9uQL4=
x-amz-request-id: MVR0QSK54FVCCZ1Z
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 21 Nov 2022 03:38:59 GMT
age: 1876
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 21 Nov 2022 04:10:15 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 2061bb5a62c7dbe5a39e49a98bf7d214
812ff4923fc0fa69fa7db7c362d5af728e297099
6f0c1ecd37ba47802a386c487e3c2eb1794a06e8b9f56e016326686e3d80ef92
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5243
Cache-Control: max-age=114512
Content-Type: application/ocsp-response
Date: Mon, 21 Nov 2022 04:10:15 GMT
Etag: "637a01fc-1d7"
Expires: Tue, 22 Nov 2022 11:58:47 GMT
Last-Modified: Sun, 20 Nov 2022 10:31:24 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash d130218d0e2841f39c99610fe1a2ab90
29fbe1e177ee55c7a61ae0a206afff271cf5f945
6b6d74dccf10c2bc98a91c3388280d7ba1d9596bf8cadd7db0e2f63720b3d152
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Alert, Content-Type, Retry-After, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 21 Nov 2022 03:45:06 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 1509
alt-svc: clear
X-Firefox-Spdy: h2
www1.mercyhospitals.us/?kw1=ehr%20electronic%20health%20records%20system&kw2=hospital%20billing%20services&kw3=test%20appointment%20booking%20system&kw4=doctor%20appointment%20booking%20system&kw5=telemedicine%20appointment%20booking%20system&kw6=procedure%20appointment%20booking%20system&kw7=cancer%20treatment%20center&kw8=hospital%20job%20posting%20board&backfill=0&domainname=0&kw=hospital%20medical%20facility&searchbox=0&subid4=1665997066.0198270000&tm=1
103.224.182.240302 Found 0 B URL HTTP/1.1 www1.mercyhospitals.us/?kw1=ehr%20electronic%20health%20records%20system&kw2=hospital%20billing%20services&kw3=test%20appointment%20booking%20system&kw4=doctor%20appointment%20booking%20system&kw5=telemedicine%20appointment%20booking%20system&kw6=procedure%20appointment%20booking%20system&kw7=cancer%20treatment%20center&kw8=hospital%20job%20posting%20board&backfill=0&domainname=0&kw=hospital%20medical%20facility&searchbox=0&subid4=1665997066.0198270000&tm=1
IP 103.224.182.240:0
ASN #133618 Trellian Pty. Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?kw1=ehr%20electronic%20health%20records%20system&kw2=hospital%20billing%20services&kw3=test%20appointment%20booking%20system&kw4=doctor%20appointment%20booking%20system&kw5=telemedicine%20appointment%20booking%20system&kw6=procedure%20appointment%20booking%20system&kw7=cancer%20treatment%20center&kw8=hospital%20job%20posting%20board&backfill=0&domainname=0&kw=hospital%20medical%20facility&searchbox=0&subid4=1665997066.0198270000&tm=1 HTTP/1.1
Host: www1.mercyhospitals.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Date: Mon, 21 Nov 2022 04:10:15 GMT
Server: Apache/2.4.38 (Debian)
Set-Cookie: __tad=1669003815.6351789; expires=Thu, 18-Nov-2032 04:10:15 GMT; Max-Age=315360000
Location: http://ww38.mercyhospitals.us/?kw1=ehr%20electronic%20health%20records%20system&kw2=hospital%20billing%20services&kw3=test%20appointment%20booking%20system&kw4=doctor%20appointment%20booking%20system&kw5=telemedicine%20appointment%20booking%20system&kw6=procedure%20appointment%20booking%20system&kw7=cancer%20treatment%20center&kw8=hospital%20job%20posting%20board&backfill=0&domainname=0&kw=hospital%20medical%20facility&searchbox=0&subid4=1665997066.0198270000&tm=1
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Alert, Content-Type, ETag, Retry-After, Last-Modified, Content-Length, Cache-Control, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 21 Nov 2022 03:44:50 GMT
cache-control: public,max-age=3600
age: 1526
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 27138f8625c320bd1434ccd92263b641
6a8f18728c9f324c1c631ffc85901d84ec4d0e0c
02338368cfa2325e8463bd169cb0ad4df2967ca4260b75bc665cd0836e90e9f4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5816
Cache-Control: max-age=110013
Content-Type: application/ocsp-response
Date: Mon, 21 Nov 2022 04:10:16 GMT
Etag: "6379ee2d-1d7"
Expires: Tue, 22 Nov 2022 10:43:49 GMT
Last-Modified: Sun, 20 Nov 2022 09:06:53 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 471
ww38.mercyhospitals.us/?kw1=ehr%20electronic%20health%20records%20system&kw2=hospital%20billing%20services&kw3=test%20appointment%20booking%20system&kw4=doctor%20appointment%20booking%20system&kw5=telemedicine%20appointment%20booking%20system&kw6=procedure%20appointment%20booking%20system&kw7=cancer%20treatment%20center&kw8=hospital%20job%20posting%20board&backfill=0&domainname=0&kw=hospital%20medical%20facility&searchbox=0&subid4=1665997066.0198270000&tm=1
76.223.26.96200 OK 2.5 kB URL HTTP/1.1 ww38.mercyhospitals.us/?kw1=ehr%20electronic%20health%20records%20system&kw2=hospital%20billing%20services&kw3=test%20appointment%20booking%20system&kw4=doctor%20appointment%20booking%20system&kw5=telemedicine%20appointment%20booking%20system&kw6=procedure%20appointment%20booking%20system&kw7=cancer%20treatment%20center&kw8=hospital%20job%20posting%20board&backfill=0&domainname=0&kw=hospital%20medical%20facility&searchbox=0&subid4=1665997066.0198270000&tm=1
IP 76.223.26.96:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2222)
Hash 8a4b6dda5a65e229f1f1133d9a2e6fc3
178ba7448cdedc457861ca7d5d930c81c792e821
f2d97f6ceeaa1b503254d9fd05a334a2e78c72b3904267752e8269be660f6581
GET /?kw1=ehr%20electronic%20health%20records%20system&kw2=hospital%20billing%20services&kw3=test%20appointment%20booking%20system&kw4=doctor%20appointment%20booking%20system&kw5=telemedicine%20appointment%20booking%20system&kw6=procedure%20appointment%20booking%20system&kw7=cancer%20treatment%20center&kw8=hospital%20job%20posting%20board&backfill=0&domainname=0&kw=hospital%20medical%20facility&searchbox=0&subid4=1665997066.0198270000&tm=1 HTTP/1.1
Host: ww38.mercyhospitals.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Mon, 21 Nov 2022 04:10:16 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Redirect: zeropark_zeroclick
X-Template: tpl_CleanPeppermintBlack_twoclick
X-Language: norwegian
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Content-Encoding: gzip
d38psrni17bvxu.cloudfront.net/scripts/js3.js
54.230.245.138200 OK 1.1 kB URL HTTP/1.1 d38psrni17bvxu.cloudfront.net/scripts/js3.js
IP 54.230.245.138:0
File type ASCII text, with very long lines (506)
Hash 64b79b43df8fbf2c5d082964b9116a68
dc3c763519baf0f4c32bb60bfc429651a491ea01
c57e9feec209e3ea5eb1d75a1ba6fa277242a3df250055be8446052b51e58637
GET /scripts/js3.js HTTP/1.1
Host: d38psrni17bvxu.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww38.mercyhospitals.us/
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 1134
Connection: keep-alive
Server: nginx
Date: Sun, 20 Nov 2022 04:54:34 GMT
Last-Modified: Tue, 17 Aug 2021 09:17:22 GMT
Accept-Ranges: bytes
ETag: "611b7ea2-46e"
X-Cache: Hit from cloudfront
Via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 2HVLWIlZ-4fE4i_CPfcSV5m5E6aA_VxaYyETkiEzudTUTmVn8--K-g==
Age: 83742
push.services.mozilla.com/
52.39.96.8101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.39.96.8:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: +0wn3FPQ6wWciku2mBW8hw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: OspT08quCGOquEzXWxY58kYg1Mo=
ww38.mercyhospitals.us/track.php?domain=mercyhospitals.us&toggle=browserjs&uid=MTY2OTAwMzgxNi4xNDEzOjhiOTRjNWI3MjZhMjNkYjRmZjA0OTEyOWFkYTRkM2U3Zjc4Njc3NDdmYzZjYmQ5MzE2YWI1MWE4MDA2Mjg0YmE6NjM3YWZhMjgyMjdjYg%3D%3D
76.223.26.96200 OK 20 B URL HTTP/1.1 ww38.mercyhospitals.us/track.php?domain=mercyhospitals.us&toggle=browserjs&uid=MTY2OTAwMzgxNi4xNDEzOjhiOTRjNWI3MjZhMjNkYjRmZjA0OTEyOWFkYTRkM2U3Zjc4Njc3NDdmYzZjYmQ5MzE2YWI1MWE4MDA2Mjg0YmE6NjM3YWZhMjgyMjdjYg%3D%3D
IP 76.223.26.96:0
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /track.php?domain=mercyhospitals.us&toggle=browserjs&uid=MTY2OTAwMzgxNi4xNDEzOjhiOTRjNWI3MjZhMjNkYjRmZjA0OTEyOWFkYTRkM2U3Zjc4Njc3NDdmYzZjYmQ5MzE2YWI1MWE4MDA2Mjg0YmE6NjM3YWZhMjgyMjdjYg%3D%3D HTTP/1.1
Host: ww38.mercyhospitals.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww38.mercyhospitals.us/?kw1=ehr%20electronic%20health%20records%20system&kw2=hospital%20billing%20services&kw3=test%20appointment%20booking%20system&kw4=doctor%20appointment%20booking%20system&kw5=telemedicine%20appointment%20booking%20system&kw6=procedure%20appointment%20booking%20system&kw7=cancer%20treatment%20center&kw8=hospital%20job%20posting%20board&backfill=0&domainname=0&kw=hospital%20medical%20facility&searchbox=0&subid4=1665997066.0198270000&tm=1
HTTP/1.1 200 OK
Date: Mon, 21 Nov 2022 04:10:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Custom-Track: browserjs
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Access-Control-Allow-Origin: *
Content-Encoding: gzip
ww38.mercyhospitals.us/ls.php
76.223.26.96201 Created 0 B URL HTTP/1.1 ww38.mercyhospitals.us/ls.php
IP 76.223.26.96:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /ls.php HTTP/1.1
Host: ww38.mercyhospitals.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 2174
Origin: http://ww38.mercyhospitals.us
Connection: keep-alive
Referer: http://ww38.mercyhospitals.us/?kw1=ehr%20electronic%20health%20records%20system&kw2=hospital%20billing%20services&kw3=test%20appointment%20booking%20system&kw4=doctor%20appointment%20booking%20system&kw5=telemedicine%20appointment%20booking%20system&kw6=procedure%20appointment%20booking%20system&kw7=cancer%20treatment%20center&kw8=hospital%20job%20posting%20board&backfill=0&domainname=0&kw=hospital%20medical%20facility&searchbox=0&subid4=1665997066.0198270000&tm=1
HTTP/1.1 201 Created
Date: Mon, 21 Nov 2022 04:10:17 GMT
Content-Type: text/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
X-Log-Success: 637afa29248e347b7963bc03
Charset: utf-8
Access-Control-Allow-Origin: http://ww38.mercyhospitals.us
Access-Control-Allow-Methods: POST, OPTIONS
Access-Control-Max-Age: 86400
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_c3gU7nsKpIgw/IHWRyv8xFKZ+8fUlr53ZiVW1dgJOaQQZ/Xg+sJzDbP/rOIYzkDbfIvrQ8lf0826JKSBEBQ7Og==
ww38.mercyhospitals.us/favicon.ico
76.223.26.96200 OK 0 B URL HTTP/1.1 ww38.mercyhospitals.us/favicon.ico
IP 76.223.26.96:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: ww38.mercyhospitals.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww38.mercyhospitals.us/?kw1=ehr%20electronic%20health%20records%20system&kw2=hospital%20billing%20services&kw3=test%20appointment%20booking%20system&kw4=doctor%20appointment%20booking%20system&kw5=telemedicine%20appointment%20booking%20system&kw6=procedure%20appointment%20booking%20system&kw7=cancer%20treatment%20center&kw8=hospital%20job%20posting%20board&backfill=0&domainname=0&kw=hospital%20medical%20facility&searchbox=0&subid4=1665997066.0198270000&tm=1
HTTP/1.1 200 OK
Date: Mon, 21 Nov 2022 04:10:17 GMT
Content-Type: image/x-icon
Content-Length: 0
Connection: keep-alive
Server: nginx
Last-Modified: Tue, 12 May 2020 14:25:52 GMT
ETag: "5ebab1f0-0"
Accept-Ranges: bytes
ww38.mercyhospitals.us/track.php?click=8bc5311fea51f5d88ad90580a49f43a22d8f5165&domain=mercyhospitals.us&uid=MTY2OTAwMzgxNi4xNDEzOjhiOTRjNWI3MjZhMjNkYjRmZjA0OTEyOWFkYTRkM2U3Zjc4Njc3NDdmYzZjYmQ5MzE2YWI1MWE4MDA2Mjg0YmE6NjM3YWZhMjgyMjdjYg%3D%3D&ts=fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMTF8fHx8fHw2MzdhZmEyODIyN2I3fHx8MTY2OTAwMzgxNi40Mjg3fDZkMDgwMjgwZmM2MmRkY2U4MjhlOGY2MjRmMDg1MTlkYmUwMWQ2MzR8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fHx8MHwwfHwwfHx8MHwwfFcxMD18fDB8VzEwPXwzNWI3YzhkOTFjNjg2YWQ3ZTcyNTk1MDE3NTQxMjNjODIxNGUxYTE5fDB8ZHAtdGVhbWludGVybmV0MTJfM3BofDB8MA%3D%3D&kw=&search=&pcat=&rxid=&bucket=&clientID=&adtest=off
76.223.26.96200 OK 20 B URL HTTP/1.1 ww38.mercyhospitals.us/track.php?click=8bc5311fea51f5d88ad90580a49f43a22d8f5165&domain=mercyhospitals.us&uid=MTY2OTAwMzgxNi4xNDEzOjhiOTRjNWI3MjZhMjNkYjRmZjA0OTEyOWFkYTRkM2U3Zjc4Njc3NDdmYzZjYmQ5MzE2YWI1MWE4MDA2Mjg0YmE6NjM3YWZhMjgyMjdjYg%3D%3D&ts=fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMTF8fHx8fHw2MzdhZmEyODIyN2I3fHx8MTY2OTAwMzgxNi40Mjg3fDZkMDgwMjgwZmM2MmRkY2U4MjhlOGY2MjRmMDg1MTlkYmUwMWQ2MzR8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fHx8MHwwfHwwfHx8MHwwfFcxMD18fDB8VzEwPXwzNWI3YzhkOTFjNjg2YWQ3ZTcyNTk1MDE3NTQxMjNjODIxNGUxYTE5fDB8ZHAtdGVhbWludGVybmV0MTJfM3BofDB8MA%3D%3D&kw=&search=&pcat=&rxid=&bucket=&clientID=&adtest=off
IP 76.223.26.96:0
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /track.php?click=8bc5311fea51f5d88ad90580a49f43a22d8f5165&domain=mercyhospitals.us&uid=MTY2OTAwMzgxNi4xNDEzOjhiOTRjNWI3MjZhMjNkYjRmZjA0OTEyOWFkYTRkM2U3Zjc4Njc3NDdmYzZjYmQ5MzE2YWI1MWE4MDA2Mjg0YmE6NjM3YWZhMjgyMjdjYg%3D%3D&ts=fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMTF8fHx8fHw2MzdhZmEyODIyN2I3fHx8MTY2OTAwMzgxNi40Mjg3fDZkMDgwMjgwZmM2MmRkY2U4MjhlOGY2MjRmMDg1MTlkYmUwMWQ2MzR8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fHx8MHwwfHwwfHx8MHwwfFcxMD18fDB8VzEwPXwzNWI3YzhkOTFjNjg2YWQ3ZTcyNTk1MDE3NTQxMjNjODIxNGUxYTE5fDB8ZHAtdGVhbWludGVybmV0MTJfM3BofDB8MA%3D%3D&kw=&search=&pcat=&rxid=&bucket=&clientID=&adtest=off HTTP/1.1
Host: ww38.mercyhospitals.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww38.mercyhospitals.us/?kw1=ehr%20electronic%20health%20records%20system&kw2=hospital%20billing%20services&kw3=test%20appointment%20booking%20system&kw4=doctor%20appointment%20booking%20system&kw5=telemedicine%20appointment%20booking%20system&kw6=procedure%20appointment%20booking%20system&kw7=cancer%20treatment%20center&kw8=hospital%20job%20posting%20board&backfill=0&domainname=0&kw=hospital%20medical%20facility&searchbox=0&subid4=1665997066.0198270000&tm=1
HTTP/1.1 200 OK
Date: Mon, 21 Nov 2022 04:10:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-View-Match: true
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Access-Control-Allow-Origin: *
Content-Encoding: gzip
dipaka-ead.com/zcvisitor/677f8ac4-6952-11ed-92b2-0adc72d77c97/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=678be6d2-6952-11ed-92b2-0adc72d77c97
3.212.50.125200 1.1 kB URL HTTP/1.1 dipaka-ead.com/zcvisitor/677f8ac4-6952-11ed-92b2-0adc72d77c97/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=678be6d2-6952-11ed-92b2-0adc72d77c97
IP 3.212.50.125:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 4fe329700fe9b38b9d2b60afed389b02
1003eea58b8432dda015c24ebcf1b74ffd31a8e6
ad403db83eccf1673a6e3891079006b83301bd9d7fe6fa8e278270772f52c70e
GET /zcvisitor/677f8ac4-6952-11ed-92b2-0adc72d77c97/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=678be6d2-6952-11ed-92b2-0adc72d77c97 HTTP/1.1
Host: dipaka-ead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww38.mercyhospitals.us/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200
Date: Mon, 21 Nov 2022 04:10:17 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Server: lrzMfniN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 798ef0955be535268547903e74dacfcd
782823486f9ded693609cade264d1950e816f7d0
75df3810e787be95774282d4851ce350bba5c326843f1bd02348746355866e95
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "75DF3810E787BE95774282D4851CE350BBA5C326843F1BD02348746355866E95"
Last-Modified: Sat, 19 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14351
Expires: Mon, 21 Nov 2022 08:09:28 GMT
Date: Mon, 21 Nov 2022 04:10:17 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 798ef0955be535268547903e74dacfcd
782823486f9ded693609cade264d1950e816f7d0
75df3810e787be95774282d4851ce350bba5c326843f1bd02348746355866e95
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "75DF3810E787BE95774282D4851CE350BBA5C326843F1BD02348746355866E95"
Last-Modified: Sat, 19 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14351
Expires: Mon, 21 Nov 2022 08:09:28 GMT
Date: Mon, 21 Nov 2022 04:10:17 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1c8194cc-e735-44f6-9818-550307d37d01.jpeg
34.120.237.76200 OK 8.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1c8194cc-e735-44f6-9818-550307d37d01.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 69864d1e5de844477f530d0fbc485d94
543d9d6bda0d02a68b641c3b4cddef546d7625a3
38e4a8a93a2437b78b3a4429c7aa7eb8945d223b4e114c3814c9b2c313a235e2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1c8194cc-e735-44f6-9818-550307d37d01.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8756
x-amzn-requestid: d4f57800-bb48-427b-9885-6f5f8f568ad3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b01qRF_8IAMFVGw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63783641-3eba3327462c8a3b183163d3;Sampled=0
x-amzn-remapped-date: Sat, 19 Nov 2022 01:49:53 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: BqyVtqmcMq-aLfQwbTOdhQz5MtCwh_kaGaS_eir_FMGezz9Np6T9VA==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 68fadeb91f97256bb67b03bfca74d830.cloudfront.net (CloudFront), 1.1 google
date: Sun, 20 Nov 2022 11:57:24 GMT
age: 58373
etag: "543d9d6bda0d02a68b641c3b4cddef546d7625a3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F308504cf-ed6b-4fb8-bc67-4165549bba4e.jpeg
34.120.237.76200 OK 8.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F308504cf-ed6b-4fb8-bc67-4165549bba4e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 131cae0245e456c2497833b48cc1be0e
01b7bf2cfcdac73911dbd0a570d262978a43daf1
539cc2fdefb049df026b18d450c56d85b7821b8723ea0070efa460096669576e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F308504cf-ed6b-4fb8-bc67-4165549bba4e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 7996
x-amzn-requestid: af3a6545-f0ad-40de-b1f6-56b9607242f4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b1BvREKZoAMFzDA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63784994-2659c8ec5fc04c510ea0e643;Sampled=0
x-amzn-remapped-date: Sat, 19 Nov 2022 03:12:20 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: UU9m-kzHM4oKCHNiK2q4NWftsCueXeiBpJkk0cDv3et4v3MpF6eCtQ==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 f268a165a18929fd0a24a3189fbd16b2.cloudfront.net (CloudFront), 1.1 google
date: Sun, 20 Nov 2022 13:08:40 GMT
age: 54097
etag: "01b7bf2cfcdac73911dbd0a570d262978a43daf1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F44bd30d2-07ef-4439-996f-41621755b762.jpeg
34.120.237.76200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F44bd30d2-07ef-4439-996f-41621755b762.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7a04911e0d33b6c52d900802eb6078de
e745459267943c0f67ffa126496d361db3e26ef0
3524c0b7989a478cc2183b3636c1ce8662e5d77a2739d643d9ee5641648ad63b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F44bd30d2-07ef-4439-996f-41621755b762.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8920
x-amzn-requestid: dbf58019-4c04-4146-945e-cb4a6f24600b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b62QbH1YoAMFsDg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637a9d9c-076114215ad14ee26403a19b;Sampled=0
x-amzn-remapped-date: Sun, 20 Nov 2022 21:35:24 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: Czhx2k-uHqvcCagn5wvWpraK4qIIJh54VXibUSoynLqxjEJPt_ihCg==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 2750b94b402c92287d764b5fa115a042.cloudfront.net (CloudFront), 1.1 google
date: Sun, 20 Nov 2022 21:55:05 GMT
age: 22512
etag: "e745459267943c0f67ffa126496d361db3e26ef0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F094c0060-bf98-4333-9e68-8d59aeaad47d.jpeg
34.120.237.76200 OK 8.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F094c0060-bf98-4333-9e68-8d59aeaad47d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8ae8d4ec7c5c9342187a53f31ff047f0
edc867e01f7ab5f74e354cecbef80f33c351ee50
2e8e395279eaf6484a64377950ef8a78ce91c386e5041781e4e1cf90aa1d9a29
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F094c0060-bf98-4333-9e68-8d59aeaad47d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8845
x-amzn-requestid: 00b60fd9-9a63-43f5-b609-bbfffba697ed
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b63BeGujIAMFiDQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637a9ed6-097273382ac910de3f5866fc;Sampled=0
x-amzn-remapped-date: Sun, 20 Nov 2022 21:40:38 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: QexqsQytBUFtg99sZUHFQQu3r4d1HPDM8IseDPtbe4Jupg0u6_yr_g==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 3bb2b699cd244bf37141ea08a6a61732.cloudfront.net (CloudFront), 1.1 google
date: Sun, 20 Nov 2022 21:45:41 GMT
age: 23076
etag: "edc867e01f7ab5f74e354cecbef80f33c351ee50"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc808a76a-e93b-4c6e-9163-b69ab5e7076e.jpeg
34.120.237.76200 OK 7.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc808a76a-e93b-4c6e-9163-b69ab5e7076e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 994eefbfbd0e842814d889c8d279d375
34bc1857b5e78b3a059f9a1b3eed33bd8d3fe920
c5c510dcf074dbb2d180f3d3e5013aef84016a095c154ee091b88d68cf528e42
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc808a76a-e93b-4c6e-9163-b69ab5e7076e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7013
x-amzn-requestid: 2ca74e56-be57-4f3d-85d0-f937bc3ace9e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: buJZcHKnIAMF6Yw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63758909-6d753cac1d6d55255aecb08a;Sampled=0
x-amzn-remapped-date: Thu, 17 Nov 2022 01:06:17 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: u6cuVA2ZBv1RuSv2A2x5jM9mrsKoJ9o4M8tCuhi_yp4rR09AAV0jsA==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 618052a0d9c86c1a3bf663f82d041d1c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 20 Nov 2022 21:55:55 GMT
age: 22462
etag: "34bc1857b5e78b3a059f9a1b3eed33bd8d3fe920"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg
34.120.237.76200 OK 4.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 841a4b110022a99ddea6f7bf66df0fa1
126771b86638108050cf57c0d12faa27f80f0edb
240fbffc1f9104433297d3ff7afba2d0b58d7f1b13d9a9260a1bad25216665db
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4309
x-amzn-requestid: 47c2739d-73c5-4d91-914c-fe635cb09772
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b1U8xGxgIAMF-qQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63786851-6fbe19dc5c4c20dd657604e3;Sampled=0
x-amzn-remapped-date: Sat, 19 Nov 2022 05:23:29 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: nirP6BxhN9QUwG2Z_RdA5pCRm36dQKCJMPZMIBRCjt39dQueZh094g==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 5c7981a979abd51ba7e5ca7d464fd048.cloudfront.net (CloudFront), 1.1 google
date: Sun, 20 Nov 2022 09:31:47 GMT
age: 67110
etag: "126771b86638108050cf57c0d12faa27f80f0edb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
dipaka-ead.com/zcredirect?visitid=677f8ac4-6952-11ed-92b2-0adc72d77c97&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false
3.212.50.125200 308 B URL HTTP/1.1 dipaka-ead.com/zcredirect?visitid=677f8ac4-6952-11ed-92b2-0adc72d77c97&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false
IP 3.212.50.125:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash bdc18ff2a3d103c484c52fa49194d85c
0d41f9acc772606557c761431d63042ad1ebf3cc
c812f7dcc46af72e047ac8dd9a9ff52d9154875ee81cd73681c5968400707d05
GET /zcredirect?visitid=677f8ac4-6952-11ed-92b2-0adc72d77c97&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false HTTP/1.1
Host: dipaka-ead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://dipaka-ead.com/zcvisitor/677f8ac4-6952-11ed-92b2-0adc72d77c97/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=678be6d2-6952-11ed-92b2-0adc72d77c97
Upgrade-Insecure-Requests: 1
HTTP/1.1 200
Date: Mon, 21 Nov 2022 04:10:17 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
redirected: JS
Server: oUiUKMaw
dipaka-ead.com/favicon.ico
3.212.50.125404 653 B URL HTTP/1.1 dipaka-ead.com/favicon.ico
IP 3.212.50.125:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (649), with no line terminators
Hash ba2732b1b2fa2626ffaa15f62f9e7d66
203d4e7fbb1d80449d6e4e1f3ae7a9bf8625debe
879861cb72fe9fbb476dab246021c4c83b4066327de2529e05ec54d3afb0a1c8
GET /favicon.ico HTTP/1.1
Host: dipaka-ead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://dipaka-ead.com/zcredirect?visitid=677f8ac4-6952-11ed-92b2-0adc72d77c97&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false
HTTP/1.1 404
Date: Mon, 21 Nov 2022 04:10:18 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 653
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Content-Language: en
Server: lrzMfniN
xml-v4.craftviking.co/click?seat=2114927&i=puFeWh8HiFo_0
173.239.53.32302 Found 0 B URL HTTP/1.1 xml-v4.craftviking.co/click?seat=2114927&i=puFeWh8HiFo_0
IP 173.239.53.32:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?seat=2114927&i=puFeWh8HiFo_0 HTTP/1.1
Host: xml-v4.craftviking.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://dipaka-ead.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Set-Cookie: x3325799=1629165570; Domain=.craftviking.co
Location: http://tq.craftviking.co/filter?q=ehr+electronic+health+records+system%2Chospital+billing+services%2Ctest+appointment+booking+system%2Cdocto&i=puFeWh8HiFo_0&ci=-2024024809249954226&t=1313637310&h=14
Pragma: no-cache
tq.craftviking.co/filter?q=ehr+electronic+health+records+system%2Chospital+billing+services%2Ctest+appointment+booking+system%2Cdocto&i=puFeWh8HiFo_0&ci=-2024024809249954226&t=1313637310&h=14
173.239.53.32200 OK 8.9 kB URL HTTP/1.1 tq.craftviking.co/filter?q=ehr+electronic+health+records+system%2Chospital+billing+services%2Ctest+appointment+booking+system%2Cdocto&i=puFeWh8HiFo_0&ci=-2024024809249954226&t=1313637310&h=14
IP 173.239.53.32:0
ASN #27257 WEBAIR-INTERNET
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (549)
Hash 5c6c7ddc318b303e63314e5d2e5151b6
7611d305203c06d58a88319b3ab5d9f4176c2407
ad209e30cbed395aad2548a7d80361d737df313164e7e08e13cd00b4ad425a03
GET /filter?q=ehr+electronic+health+records+system%2Chospital+billing+services%2Ctest+appointment+booking+system%2Cdocto&i=puFeWh8HiFo_0&ci=-2024024809249954226&t=1313637310&h=14 HTTP/1.1
Host: tq.craftviking.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://dipaka-ead.com/
Connection: keep-alive
Cookie: x3325799=1629165570
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Cache-Control: no-store
Content-Type: text/html; charset=utf-8
Age: 0
Content-Length: 8874
Connection: keep-alive
Set-Cookie: c-1977059967=-1629165570
x3325799=1629165570; Domain=.craftviking.co
Pragma: no-cache
ocsp.godaddy.com/
192.124.249.36200 OK 1.8 kB IP 192.124.249.36:0
Hash 63b75ed865229ab5a2a3c6a4cf30e129
c7f6181f2f7221d277cb46f507c6d6e8d1bffe71
e5165601c3434ec2238c3225d42a0925762a0a6da8f64865e63d6e99c3e3977a
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Mon, 21 Nov 2022 04:10:18 GMT
Content-Type: application/ocsp-response
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19036
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sun, 20 Nov 2022 20:13:57 GMT
Expires: Mon, 21 Nov 2022 20:13:57 GMT
ETag: "c7f6181f2f7221d277cb46f507c6d6e8d1bffe71"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
cdn.perfdrive.com/aperture/aperture.js
130.211.29.114200 OK 14 kB URL HTTP/2 cdn.perfdrive.com/aperture/aperture.js
IP 130.211.29.114:0
File type ASCII text, with very long lines (566)
Hash 9b690590c9a694107d7c7cfa0b731b68
c95e502d5d2d5437e168ae55af0439beef69d370
1b07b11a98a6e988acd3bc823b64b353702411709d8ef871e393dee1866d7cda
GET /aperture/aperture.js HTTP/1.1
Host: cdn.perfdrive.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tq.craftviking.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.22.1
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 google
content-length: 13453
date: Mon, 21 Nov 2022 03:12:45 GMT
cache-control: max-age=3600,public
age: 3453
last-modified: Thu, 06 Oct 2022 10:44:59 GMT
etag: W/"633eb1ab-ae3a"
content-type: application/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.godaddy.com/
192.124.249.36200 OK 1.8 kB IP 192.124.249.36:0
Hash 63b75ed865229ab5a2a3c6a4cf30e129
c7f6181f2f7221d277cb46f507c6d6e8d1bffe71
e5165601c3434ec2238c3225d42a0925762a0a6da8f64865e63d6e99c3e3977a
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Mon, 21 Nov 2022 04:10:18 GMT
Content-Type: application/ocsp-response
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19036
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sun, 20 Nov 2022 20:13:57 GMT
Expires: Mon, 21 Nov 2022 20:13:57 GMT
ETag: "c7f6181f2f7221d277cb46f507c6d6e8d1bffe71"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
xml-v4.craftviking.co/click2?i=puFeWh8HiFo_0&ci=-2024024809249954226&j=rv%3Db%26ss%3D1280x1024%26ws%3D1280x939%26wp%3D0x0%26ce%3D1%26ck%3Djc%26cv%3D2449%26cs%3D1%26fr%3D0%26hc%3D0%26fl%3Dnull%26jv%3Dnull%26sc%3D24%26hr%3D2%26rf%3Ddipaka-ead.com%26lo%3Dtq.craftviking.co%26mb%3D0%26hb%3D0%26pl%3DLinux%2Bx86_64%26ua%3DMozilla%252F5.0%2B%28Windows%2BNT%2B10.0%253B%2BWin64%253B%2Bx64%253B%2Brv%253A105.0%29%2BGecko%252F20100101%2BFirefox%252F105.0%26tp%3D1%26nd%3D0%26to%3Dnull%26wbd%3D1%26wbde%3D0%26sqm%3D0%26phj%3D0%26nmj%3D0%26sln%3D0%26er%3D%26shs%3D
173.239.53.32302 Found 0 B URL HTTP/1.1 xml-v4.craftviking.co/click2?i=puFeWh8HiFo_0&ci=-2024024809249954226&j=rv%3Db%26ss%3D1280x1024%26ws%3D1280x939%26wp%3D0x0%26ce%3D1%26ck%3Djc%26cv%3D2449%26cs%3D1%26fr%3D0%26hc%3D0%26fl%3Dnull%26jv%3Dnull%26sc%3D24%26hr%3D2%26rf%3Ddipaka-ead.com%26lo%3Dtq.craftviking.co%26mb%3D0%26hb%3D0%26pl%3DLinux%2Bx86_64%26ua%3DMozilla%252F5.0%2B%28Windows%2BNT%2B10.0%253B%2BWin64%253B%2Bx64%253B%2Brv%253A105.0%29%2BGecko%252F20100101%2BFirefox%252F105.0%26tp%3D1%26nd%3D0%26to%3Dnull%26wbd%3D1%26wbde%3D0%26sqm%3D0%26phj%3D0%26nmj%3D0%26sln%3D0%26er%3D%26shs%3D
IP 173.239.53.32:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click2?i=puFeWh8HiFo_0&ci=-2024024809249954226&j=rv%3Db%26ss%3D1280x1024%26ws%3D1280x939%26wp%3D0x0%26ce%3D1%26ck%3Djc%26cv%3D2449%26cs%3D1%26fr%3D0%26hc%3D0%26fl%3Dnull%26jv%3Dnull%26sc%3D24%26hr%3D2%26rf%3Ddipaka-ead.com%26lo%3Dtq.craftviking.co%26mb%3D0%26hb%3D0%26pl%3DLinux%2Bx86_64%26ua%3DMozilla%252F5.0%2B%28Windows%2BNT%2B10.0%253B%2BWin64%253B%2Bx64%253B%2Brv%253A105.0%29%2BGecko%252F20100101%2BFirefox%252F105.0%26tp%3D1%26nd%3D0%26to%3Dnull%26wbd%3D1%26wbde%3D0%26sqm%3D0%26phj%3D0%26nmj%3D0%26sln%3D0%26er%3D%26shs%3D HTTP/1.1
Host: xml-v4.craftviking.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tq.craftviking.co/
Cookie: x3325799=1629165570; __ssds=2; __ssuzjsr2=a9be0cd8e
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: https://go.proffering.xyz/15Gu5p?zoneid=12294168140&pubfeed=397303/397303.12294168140&campaign=671642&cost=0.00055
Pragma: no-cache
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d3f3b4562b559e240336e24da9f896bc
2071299d5be28264c876dca5f39b49575789a21f
1e8582a2a5ae3d75b48022f023de6b9f37a4818a9a9457bcd6273c505c8c1c96
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1E8582A2A5AE3D75B48022F023DE6B9F37A4818A9A9457BCD6273C505C8C1C96"
Last-Modified: Fri, 18 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12523
Expires: Mon, 21 Nov 2022 07:39:02 GMT
Date: Mon, 21 Nov 2022 04:10:19 GMT
Connection: keep-alive
go.proffering.xyz/15Gu5p?zoneid=12294168140&pubfeed=397303/397303.12294168140&campaign=671642&cost=0.00055
20.113.187.208302 Found 246 B URL HTTP/1.1 go.proffering.xyz/15Gu5p?zoneid=12294168140&pubfeed=397303/397303.12294168140&campaign=671642&cost=0.00055
IP 20.113.187.208:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document, ASCII text, with no line terminators
Hash 459478b9db57e548df4a580f0dd8db77
bb17845df2621eb0acffb1814efd9074b8a1af14
aa07b33fbd91f126dc3aaca4ea1e19e0ae7adb0b8861c7d84d7bb98d1f53d700
GET /15Gu5p?zoneid=12294168140&pubfeed=397303/397303.12294168140&campaign=671642&cost=0.00055 HTTP/1.1
Host: go.proffering.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://tq.craftviking.co/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx/1.23.0
Date: Mon, 21 Nov 2022 04:10:21 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 246
Connection: keep-alive
X-Powered-By: Express
Set-Cookie: 15Gu5po=20221121071669004516315; domain=.go.proffering.xyz; path=/;expires=Tue, 22 Nov 2022 04:10:20 GMT; httpOnly=true;SameSite=None; Secure;
_pc_lc_id=15Gu5p; domain=.go.proffering.xyz; path=/;expires=Tue, 22 Nov 2022 04:10:20 GMT; httpOnly=true;SameSite=None; Secure;
peerclickcid=294670648cdde52e636bc883050926e4-11246-1121; domain=.go.proffering.xyz; path=/;expires=Tue, 22 Nov 2022 04:10:21 GMT; httpOnly=true;SameSite=None; Secure;
_norg=1; domain=.go.proffering.xyz; path=/;expires=Tue, 22 Nov 2022 04:10:21 GMT; httpOnly=true;SameSite=None; Secure;
Location: https://girlsdivine.life/?u=7pfk605&o=e9ym176&cid=294670648cdde52e636bc883050926e4-11246-1121
Vary: Accept
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7c8820ef408e74f8d96298a0a3be0515
24722e0d448f669deefc3ecbc938a7c9690ba5db
69f33055b03879f72ce014704b0aaba6bdaf9d1d897a49740c609b81c2686d56
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "69F33055B03879F72CE014704B0AABA6BDAF9D1D897A49740C609B81C2686D56"
Last-Modified: Sun, 20 Nov 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2582
Expires: Mon, 21 Nov 2022 04:53:23 GMT
Date: Mon, 21 Nov 2022 04:10:21 GMT
Connection: keep-alive
girlsdivine.life/?u=7pfk605&o=e9ym176&cid=294670648cdde52e636bc883050926e4-11246-1121
88.99.80.95200 OK 7.2 kB URL HTTP/1.1 girlsdivine.life/?u=7pfk605&o=e9ym176&cid=294670648cdde52e636bc883050926e4-11246-1121
IP 88.99.80.95:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (531), with CRLF line terminators
Hash b0efe59b1d8f26d4eb87e25e251114ef
db58e97c3df6774e14eea5199721264772029168
cb6010724ef49716722427633dd1e82b97c7f20dfab0e90dba438aa4a5cdf960
Analyzer Verdict Alert quad9 Sinkholed
GET /?u=7pfk605&o=e9ym176&cid=294670648cdde52e636bc883050926e4-11246-1121 HTTP/1.1
Host: girlsdivine.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://tq.craftviking.co/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 21 Nov 2022 04:10:21 GMT
Content-Type: text/html
Content-Length: 7215
Connection: keep-alive
set-cookie: sid=t2~0zazqql5e1q3txndsxcrnslg; path=/
cache-control: private, no-transform
girlsdivine.life/media/dating/toon2/css/animate.min.css
88.99.80.95200 OK 53 kB URL HTTP/1.1 girlsdivine.life/media/dating/toon2/css/animate.min.css
IP 88.99.80.95:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (52592)
Hash 178b651958ceff556cbc5f355e08bbf1
97afa151569f046b2e01f27c1871646e9cd87caf
8fe3fa119255adb5e0c12479331f9e092e85bcff56ab6ecc0510bfa2056b898d
Analyzer Verdict Alert quad9 Sinkholed
GET /media/dating/toon2/css/animate.min.css HTTP/1.1
Host: girlsdivine.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlsdivine.life/?u=7pfk605&o=e9ym176&cid=294670648cdde52e636bc883050926e4-11246-1121
Cookie: sid=t2~0zazqql5e1q3txndsxcrnslg
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 21 Nov 2022 04:10:21 GMT
Content-Type: text/css
Content-Length: 52789
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "178b651958ceff556cbc5f355e08bbf1"
Last-Modified: Wed, 31 Aug 2022 09:34:40 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17297CC9CC2218F2
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 21 Nov 2023 04:10:21 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
girlsdivine.life/media/exit-new/exit1.js
88.99.80.95200 OK 3.5 kB URL HTTP/1.1 girlsdivine.life/media/exit-new/exit1.js
IP 88.99.80.95:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (641), with CRLF line terminators
Hash 625e5e2950612f771e246beb33c9ea61
e4fc251c6c000496c285f8dc3fa097040b031681
618f345a156a0eda55177a1bf0e8a414104f9b6c6ff5cdbe71966f081ccb8a46
Analyzer Verdict Alert quad9 Sinkholed
GET /media/exit-new/exit1.js HTTP/1.1
Host: girlsdivine.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlsdivine.life/?u=7pfk605&o=e9ym176&cid=294670648cdde52e636bc883050926e4-11246-1121
Cookie: sid=t2~0zazqql5e1q3txndsxcrnslg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 21 Nov 2022 04:10:21 GMT
Content-Type: application/javascript
Content-Length: 3473
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "625e5e2950612f771e246beb33c9ea61"
Last-Modified: Wed, 31 Aug 2022 09:34:51 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17297E1B28B034E9
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 21 Nov 2023 04:10:21 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
girlsdivine.life/media/dating/toon2/css/style.css
88.99.80.95200 OK 8.6 kB URL HTTP/1.1 girlsdivine.life/media/dating/toon2/css/style.css
IP 88.99.80.95:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with CRLF line terminators
Hash 549edaff59c582a6a3ca91f95c60ea71
a9edcba7d667efcfd812bcd413ccbdcb2b67cc88
b28722475035fc8fdc751034c2df8f49d66eb25cf28cf031c4e7357414a131da
Analyzer Verdict Alert quad9 Sinkholed
GET /media/dating/toon2/css/style.css HTTP/1.1
Host: girlsdivine.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlsdivine.life/?u=7pfk605&o=e9ym176&cid=294670648cdde52e636bc883050926e4-11246-1121
Cookie: sid=t2~0zazqql5e1q3txndsxcrnslg
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 21 Nov 2022 04:10:21 GMT
Content-Type: text/css
Content-Length: 8608
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "549edaff59c582a6a3ca91f95c60ea71"
Last-Modified: Wed, 31 Aug 2022 09:34:40 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17297CC9F38626AC
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 21 Nov 2023 04:10:21 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
girlsdivine.life/cookie/js.cookie.js
88.99.80.95200 OK 4.3 kB URL HTTP/1.1 girlsdivine.life/cookie/js.cookie.js
IP 88.99.80.95:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (1709), with CRLF line terminators
Hash a7e9883924072f15259de6888d5ef515
7f4f6e5938e68f55aef81e0cd0145f008cd28382
985659942ab60a92b3c0a7f876d9ef60e8f048ff655a622a172fa4b44f901b6c
Analyzer Verdict Alert quad9 Sinkholed
GET /cookie/js.cookie.js HTTP/1.1
Host: girlsdivine.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlsdivine.life/?u=7pfk605&o=e9ym176&cid=294670648cdde52e636bc883050926e4-11246-1121
Cookie: sid=t2~0zazqql5e1q3txndsxcrnslg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 21 Nov 2022 04:10:21 GMT
Content-Type: application/javascript
Content-Length: 4264
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "a7e9883924072f15259de6888d5ef515"
Last-Modified: Wed, 31 Aug 2022 09:31:17 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17297E1ACA097406
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 21 Nov 2023 04:10:21 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
girlsdivine.life/util/utils.js
88.99.80.95200 OK 7.5 kB URL HTTP/1.1 girlsdivine.life/util/utils.js
IP 88.99.80.95:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (641), with CRLF line terminators
Hash 01816d15ca03032751161a746e2fb7c3
dcc72ea5fa1356490ba473288159df9786b4a3c3
8b3c83a330bf1120a13eff6ef60c1e268b827b7bc49b42a7a1f5d8ad6941f2ea
Analyzer Verdict Alert quad9 Sinkholed
GET /util/utils.js HTTP/1.1
Host: girlsdivine.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlsdivine.life/?u=7pfk605&o=e9ym176&cid=294670648cdde52e636bc883050926e4-11246-1121
Cookie: sid=t2~0zazqql5e1q3txndsxcrnslg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 21 Nov 2022 04:10:21 GMT
Content-Type: application/javascript
Content-Length: 7512
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "01816d15ca03032751161a746e2fb7c3"
Last-Modified: Wed, 31 Aug 2022 09:38:20 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17297E19B7820AB7
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 21 Nov 2023 04:10:21 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
girlsdivine.life/media/bb.js
88.99.80.95200 OK 639 B URL HTTP/1.1 girlsdivine.life/media/bb.js
IP 88.99.80.95:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (639), with no line terminators
Hash 0d553e4bac91c74bfee2dbabba61e99e
5af71e2377c9c012a7826a695f2724901941b19b
1be1304c675449b1bad38ea8c3da6c1da0763ed2fad339ee1aa461c7bf4e2a68
Analyzer Verdict Alert quad9 Sinkholed
GET /media/bb.js HTTP/1.1
Host: girlsdivine.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlsdivine.life/?u=7pfk605&o=e9ym176&cid=294670648cdde52e636bc883050926e4-11246-1121
Cookie: sid=t2~0zazqql5e1q3txndsxcrnslg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 21 Nov 2022 04:10:21 GMT
Content-Type: application/javascript
Content-Length: 639
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "0d553e4bac91c74bfee2dbabba61e99e"
Last-Modified: Wed, 31 Aug 2022 09:32:33 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17297E1B1F9AE566
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 21 Nov 2023 04:10:21 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash c28dcab32cb68e75be2f9d541e417a3c
7e94e4d48e4004090b100451a37752a7ae691550
fe2434a22cb390d054adcb47b67cbc3d1141a753f87839723554dd1bced75e45
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 21 Nov 2022 04:10:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
girlsdivine.life/media/dating/toon2/images/123.jpg
88.99.80.95200 OK 179 kB URL HTTP/1.1 girlsdivine.life/media/dating/toon2/images/123.jpg
IP 88.99.80.95:0
ASN #24940 Hetzner Online GmbH
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=1069, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=620], progressive, precision 8, 620x1032, components 3\012- data
Size 179 kB (179176 bytes)
Hash a2d245e1c43c61ca34bea001510dd6d9
7a7e0dbf8bb132958fecd093e6741ffe49d060b5
f6113b1f6bdd279404fd53c920f6ba411b66a897db4c67e16d2129af22370a57
Analyzer Verdict Alert quad9 Sinkholed
GET /media/dating/toon2/images/123.jpg HTTP/1.1
Host: girlsdivine.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlsdivine.life/?u=7pfk605&o=e9ym176&cid=294670648cdde52e636bc883050926e4-11246-1121
Cookie: sid=t2~0zazqql5e1q3txndsxcrnslg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 21 Nov 2022 04:10:21 GMT
Content-Type: image/jpeg
Content-Length: 179176
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "a2d245e1c43c61ca34bea001510dd6d9"
Last-Modified: Wed, 31 Aug 2022 09:34:40 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17297D588B44FCFC
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 21 Nov 2023 04:10:21 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
girlsdivine.life/media/dating/toon2/js/jquery-2.2.4.min.js
88.99.80.95200 OK 86 kB URL HTTP/1.1 girlsdivine.life/media/dating/toon2/js/jquery-2.2.4.min.js
IP 88.99.80.95:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (32065)
Hash 2f6b11a7e914718e0290410e85366fe9
69bb69e25ca7d5ef0935317584e6153f3fd9a88c
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
Analyzer Verdict Alert quad9 Sinkholed
GET /media/dating/toon2/js/jquery-2.2.4.min.js HTTP/1.1
Host: girlsdivine.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlsdivine.life/?u=7pfk605&o=e9ym176&cid=294670648cdde52e636bc883050926e4-11246-1121
Cookie: sid=t2~0zazqql5e1q3txndsxcrnslg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 21 Nov 2022 04:10:21 GMT
Content-Type: application/javascript
Content-Length: 85578
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "2f6b11a7e914718e0290410e85366fe9"
Last-Modified: Wed, 31 Aug 2022 09:34:40 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17297CA8816D5E77
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 21 Nov 2023 04:10:21 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 8796b1bba5e0df458c07179adea64173
b3c3f64718de099805a200e156774ea356a08132
ae32033094ed99df37e4537b91ec3d52a8fd2f0d2f538e3c81901e1f9c29a0a2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 21 Nov 2022 04:10:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
girlsdivine.life/media/dating/toon2/images/bg.jpg
88.99.80.95200 OK 120 kB URL HTTP/1.1 girlsdivine.life/media/dating/toon2/images/bg.jpg
IP 88.99.80.95:0
ASN #24940 Hetzner Online GmbH
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=660, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=1279], progressive, precision 8, 1279x660, components 3\012- data
Size 120 kB (119754 bytes)
Hash 842a5629f17ec8342230aa12ea32291a
0f2390a3eda1a71d676f1cd1866956fef8e77090
1c7361fcec43aecb4c517914dde9ecbf1fe1aaa0969411a7a383391236f335f4
Analyzer Verdict Alert quad9 Sinkholed
GET /media/dating/toon2/images/bg.jpg HTTP/1.1
Host: girlsdivine.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlsdivine.life/media/dating/toon2/css/style.css
Cookie: sid=t2~0zazqql5e1q3txndsxcrnslg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 21 Nov 2022 04:10:21 GMT
Content-Type: image/jpeg
Content-Length: 119754
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "842a5629f17ec8342230aa12ea32291a"
Last-Modified: Wed, 31 Aug 2022 09:34:40 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17297D58B259B239
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 21 Nov 2023 04:10:21 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash d561fb4c2606ae6f3e27b550aac78eb1
08fab66de067ec1b26229eb8ca8025228b1e77df
696702c1838990050310f6b21658aa22f4e5d69921a3043ad0f07923db441688
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 21 Nov 2022 04:10:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.googleapis.com/css?family=Lato:100,100i,300,300i,400,400i,700,700i,900,900i|Roboto:100,100i,300,300i,400,400i,500,500i,700,700i,900,900i&subset=cyrillic,cyrillic-ext,latin-ext
142.250.74.10200 OK 24 kB URL HTTP/2 fonts.googleapis.com/css?family=Lato:100,100i,300,300i,400,400i,700,700i,900,900i|Roboto:100,100i,300,300i,400,400i,500,500i,700,700i,900,900i&subset=cyrillic,cyrillic-ext,latin-ext
IP 142.250.74.10:0
Hash aab7015aff882787323be7700b497d3f
3ba0c56ad624f1530bb01a5a12493234cb12a741
536e7d38aafc92b68e9b23d9173a960cb5d80e40f9bacdf23c6fb860e9f4e6a7
GET /css?family=Lato:100,100i,300,300i,400,400i,700,700i,900,900i|Roboto:100,100i,300,300i,400,400i,500,500i,700,700i,900,900i&subset=cyrillic,cyrillic-ext,latin-ext HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlsdivine.life/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 21 Nov 2022 04:10:21 GMT
date: Mon, 21 Nov 2022 04:10:21 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash d561fb4c2606ae6f3e27b550aac78eb1
08fab66de067ec1b26229eb8ca8025228b1e77df
696702c1838990050310f6b21658aa22f4e5d69921a3043ad0f07923db441688
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 21 Nov 2022 04:10:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2
216.58.207.195200 OK 24 kB URL HTTP/2 fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 23580, version 1.0\012- data
Hash e1b3b5908c9cf23dfb2b9c52b9a023ab
fcd4136085f2a03481d9958cc6793a5ed98e714c
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
GET /s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://girlsdivine.life
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23580
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 15 Nov 2022 17:10:21 GMT
expires: Wed, 15 Nov 2023 17:10:21 GMT
cache-control: public, max-age=31536000
age: 471601
last-modified: Tue, 26 Apr 2022 15:48:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash d9afe0ae0199aff69fefbe5a55490d31
126f648ad266469bf531b5c08f7f71a973d0eeb0
105d272d89fa39de018c77cb85f97c12af739243c6bf8172e2914217bd2efec5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 21 Nov 2022 04:10:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
girlsdivine.life/favicon.ico
88.99.80.95204 No Content 0 B URL HTTP/1.1 girlsdivine.life/favicon.ico
IP 88.99.80.95:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: girlsdivine.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlsdivine.life/?u=7pfk605&o=e9ym176&cid=294670648cdde52e636bc883050926e4-11246-1121
Cookie: sid=t2~0zazqql5e1q3txndsxcrnslg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 204 No Content
Server: nginx
Date: Mon, 21 Nov 2022 04:10:22 GMT
Connection: keep-alive
Cache-Control: no-transform