r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash ab3625faa748b97df39d95f3265ccd14
3930df2e3cb45a1abe47de735002fba535de4f08
0b0a1eb64c4a23598884f08be0a9694c8fcaeffc4b0df790a678104f44fe1c14
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0B0A1EB64C4A23598884F08BE0A9694C8FCAEFFC4B0DF790A678104F44FE1C14"
Last-Modified: Fri, 30 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6518
Expires: Sun, 01 Jan 2023 03:29:31 GMT
Date: Sun, 01 Jan 2023 01:40:53 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 5c6a87f6d6b5c54dcb1b630ae6001c73
e0315c9936d6f2f58ff7d078e74a8ec7802265a8
d88ef07b9fcfb42d27a490cb57df4adaf3261efc7d0b38246db387da3ca32a8d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D88EF07B9FCFB42D27A490CB57DF4ADAF3261EFC7D0B38246DB387DA3CA32A8D"
Last-Modified: Fri, 30 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9465
Expires: Sun, 01 Jan 2023 04:18:38 GMT
Date: Sun, 01 Jan 2023 01:40:53 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 01 Jan 2023 00:47:14 GMT
content-type: application/json
age: 3219
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 6d6d99cd1201f65eeb7d437b62bad1f3
6d5e41d7a2786ccaad7c7276ecdd9411f8cbd6ba
db2b42007fc4ad126c8af8d7cce27af88947231d09ded56da33cfee3d2594e23
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DB2B42007FC4AD126C8AF8D7CCE27AF88947231D09DED56DA33CFEE3D2594E23"
Last-Modified: Fri, 30 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7017
Expires: Sun, 01 Jan 2023 03:37:50 GMT
Date: Sun, 01 Jan 2023 01:40:53 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash b1fcd419a4245617397846e8d17233f6
2a037ce244587640b27ead9a0ec2af4f862d91b2
e059b6d834c06e58494c43fb2ff42acbc27c1a1d8f7f30e2f32ca0e167599e2f
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: cxnb1Db4tS5Dk9fYF72VDMLEkWq1+YxrKFcX1lwq5/quFRdsrbm2DqJF+Y0r3DxKUiFilsewldk=
x-amz-request-id: 1HKGQE0DXSHGQV3X
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 01 Jan 2023 00:57:38 GMT
age: 2595
last-modified: Tue, 20 Dec 2022 14:47:58 GMT
etag: "b1fcd419a4245617397846e8d17233f6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 01 Jan 2023 01:40:53 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Last-Modified, Retry-After, Content-Type, Alert, Pragma, ETag, Cache-Control, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 01 Jan 2023 01:08:11 GMT
age: 1963
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash afc798d7819a9c19437d20a92eb6f6ec
badde0ed90ac423d5796dc35808a3cd6cec09820
f101fbf84795c278d89aafdadf23cca6c5010b372a48d39a5354555bfb961e61
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2838
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 01 Jan 2023 01:40:54 GMT
Last-Modified: Sun, 01 Jan 2023 00:53:36 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471
filemac.com/eo81tnhwbagu/Learn.Nahw2.By.ad-team.rar
192.157.56.139302 Found 11 B URL HTTP/1.1 filemac.com/eo81tnhwbagu/Learn.Nahw2.By.ad-team.rar
IP 192.157.56.139:0
File type ASCII text, with no line terminators
Hash 32682312d17c7cbf18e73594f5570319
60e22121bdd0bc71cdb2bae2a3aa577006b2eae9
e55fb1a1d731153e943b68844af12dcce8bfac917c98ffdea64c80da0607dd47
GET /eo81tnhwbagu/Learn.Nahw2.By.ad-team.rar HTTP/1.1
Host: filemac.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 11
date: Sun, 01 Jan 2023 01:40:53 GMT
location: http://ww1.filemac.com/?sub1=54379348-8975-11ed-a741-3934bb17cdc1
server: nginx
set-cookie: sid=54379348-8975-11ed-a741-3934bb17cdc1; path=/; domain=.filemac.com; expires=Fri, 19 Jan 2091 04:55:01 GMT; max-age=2147483647; HttpOnly
push.services.mozilla.com/
52.38.198.114101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.38.198.114:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: KLytBh06weoa/BHIrAHCKA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 5haGYKF/fXejRs+lQuYPf6L1vF0=
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 2156f5045eb474b5c02d0c6f64f02c4e
5cc884658ca6b9b357478137cb431f694e773bd8
3e7eb661f6a47c44f20915b8384799874b0f0a69fcedd1d90caaed93f8fce4bb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3E7EB661F6A47C44F20915B8384799874B0F0A69FCEDD1D90CAAED93F8FCE4BB"
Last-Modified: Fri, 30 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9872
Expires: Sun, 01 Jan 2023 04:25:28 GMT
Date: Sun, 01 Jan 2023 01:40:56 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 2156f5045eb474b5c02d0c6f64f02c4e
5cc884658ca6b9b357478137cb431f694e773bd8
3e7eb661f6a47c44f20915b8384799874b0f0a69fcedd1d90caaed93f8fce4bb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3E7EB661F6A47C44F20915B8384799874B0F0A69FCEDD1D90CAAED93F8FCE4BB"
Last-Modified: Fri, 30 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9872
Expires: Sun, 01 Jan 2023 04:25:28 GMT
Date: Sun, 01 Jan 2023 01:40:56 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 2156f5045eb474b5c02d0c6f64f02c4e
5cc884658ca6b9b357478137cb431f694e773bd8
3e7eb661f6a47c44f20915b8384799874b0f0a69fcedd1d90caaed93f8fce4bb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3E7EB661F6A47C44F20915B8384799874B0F0A69FCEDD1D90CAAED93F8FCE4BB"
Last-Modified: Fri, 30 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9872
Expires: Sun, 01 Jan 2023 04:25:28 GMT
Date: Sun, 01 Jan 2023 01:40:56 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 2156f5045eb474b5c02d0c6f64f02c4e
5cc884658ca6b9b357478137cb431f694e773bd8
3e7eb661f6a47c44f20915b8384799874b0f0a69fcedd1d90caaed93f8fce4bb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3E7EB661F6A47C44F20915B8384799874B0F0A69FCEDD1D90CAAED93F8FCE4BB"
Last-Modified: Fri, 30 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9872
Expires: Sun, 01 Jan 2023 04:25:28 GMT
Date: Sun, 01 Jan 2023 01:40:56 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 2156f5045eb474b5c02d0c6f64f02c4e
5cc884658ca6b9b357478137cb431f694e773bd8
3e7eb661f6a47c44f20915b8384799874b0f0a69fcedd1d90caaed93f8fce4bb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3E7EB661F6A47C44F20915B8384799874B0F0A69FCEDD1D90CAAED93F8FCE4BB"
Last-Modified: Fri, 30 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9872
Expires: Sun, 01 Jan 2023 04:25:28 GMT
Date: Sun, 01 Jan 2023 01:40:56 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbbff09b5-fd04-45ca-959e-83e4f40897df.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbbff09b5-fd04-45ca-959e-83e4f40897df.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 02a9375cec16bfe696766c8d373d9b54
2167c2f197dd44558ac2dea500d8b6b3cfa50e83
6f94fe0c817b031d913d53fee6b317148bdabea044102b8f0c9df8a3737d59f1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbbff09b5-fd04-45ca-959e-83e4f40897df.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10696
x-amzn-requestid: 2117681b-ee8b-4881-b860-087a8662a3c2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: d7xM1FK7oAMFd4w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ae2f1e-5a3648ba2ac7ba01177f361d;Sampled=0
x-amzn-remapped-date: Fri, 30 Dec 2022 00:21:50 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: q6iynVloHNnImjEwinGPE2aK--d_0Qz8LhHe3a6NqOJhTDhuYjCgrA==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 12a392bc3a7281f8d5d4591bfadc41fc.cloudfront.net (CloudFront), 1.1 google
date: Sat, 31 Dec 2022 03:51:00 GMT
age: 78596
etag: "2167c2f197dd44558ac2dea500d8b6b3cfa50e83"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd2322211-813b-4a3f-810f-c46c960b9fd3.jpeg
34.120.237.76200 OK 6.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd2322211-813b-4a3f-810f-c46c960b9fd3.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 957376ff2b45ea987aeedd7c66b688e2
14e97014da0c5bb7016261a7f3b2489559bc116c
311a4c894274b7eb317f30515f2f094221dc563e8b50f4ee1d0070e7c6136248
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd2322211-813b-4a3f-810f-c46c960b9fd3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6824
x-amzn-requestid: cfdcb148-1979-4cf3-abe5-fa461075512f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: d0wFOHzdoAMFjhA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ab6087-77d234247c63e18622e068d8;Sampled=0
x-amzn-remapped-date: Tue, 27 Dec 2022 21:15:51 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: wCFI5gdymeLzUl0EfB_KzVCBo3ujg1XdMcL2qgG6BuWMYFULCVbs0Q==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Sat, 31 Dec 2022 20:54:46 GMT
age: 17170
etag: "14e97014da0c5bb7016261a7f3b2489559bc116c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F56ecc912-7c04-44d7-a43d-91f5105e563b.jpeg
34.120.237.76200 OK 4.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F56ecc912-7c04-44d7-a43d-91f5105e563b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c9c106ab8d6891b9865ef89c4cd6c6cb
784caa00a9877cb4cc6ad9037a9676b6d3b37fd2
84440ac9326499d9ce81d6fe8b58fa4f7430f60d5624a2acf5d66f906fe6f898
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F56ecc912-7c04-44d7-a43d-91f5105e563b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4560
x-amzn-requestid: 26f5e408-f9d0-46b9-90a7-5cdf29d5a27c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eB__3ETBoAMFU3g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b0ad32-2b1520235d6b63862bebc2d5;Sampled=0
x-amzn-remapped-date: Sat, 31 Dec 2022 21:44:18 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: hs_04b29c6nhQo4WrQEpVJj8bkqTsfTAv54dajHxsMIjre-g2uesvw==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 31 Dec 2022 21:44:29 GMT
age: 14187
etag: "784caa00a9877cb4cc6ad9037a9676b6d3b37fd2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F57f8a525-23f7-4bb9-a254-5e123247f1cc.jpeg
34.120.237.76200 OK 8.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F57f8a525-23f7-4bb9-a254-5e123247f1cc.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9d5c6e086c24a24d9ae8179b10d12be0
f7a1cd9d20352e369f02aa3e60e4dbc522b43058
7136c5734cc97eb90c37ef7b295809a3886cc06a0a9a9842d128922733437df2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F57f8a525-23f7-4bb9-a254-5e123247f1cc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8343
x-amzn-requestid: 29cf02cf-45c4-47ec-9ae4-50974ddec378
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: d2GooHEyIAMFg4A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63abeb03-126ff69b798dad2e229fed1c;Sampled=0
x-amzn-remapped-date: Wed, 28 Dec 2022 07:06:43 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 3v14x84wqsu13XqJXNuP-G1Ba7zpfVAxAXlAidONryM6H_M35GnR5w==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Sat, 31 Dec 2022 14:09:57 GMT
age: 41459
etag: "f7a1cd9d20352e369f02aa3e60e4dbc522b43058"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb6443a10-1e35-4576-9471-56fc40767f0c.jpeg
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb6443a10-1e35-4576-9471-56fc40767f0c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 23035a1b5389046dbc9821cd92244215
2deec757f1833f6ae0956a5e0876bc31029e8722
564db87897cfa6df3920203687b33c0315a58e804b22fed2e1dbaddb3c3832b4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb6443a10-1e35-4576-9471-56fc40767f0c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13981
x-amzn-requestid: d73b4be8-3a1b-4ed8-9487-43d540ff93e0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: d4u5fEhiIAMFkgw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63acf83c-38067c0820fd6f7e4771345b;Sampled=0
x-amzn-remapped-date: Thu, 29 Dec 2022 02:15:24 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Ie_MDBnENQW3b3yeuQbJc8MDqHt5mYLo2Hv_h4bAYtsrlQ1CJOBzAA==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Sat, 31 Dec 2022 21:57:04 GMT
age: 13432
etag: "2deec757f1833f6ae0956a5e0876bc31029e8722"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8561e732-44f3-4c66-8b48-832a439b9ac3.jpeg
34.120.237.76200 OK 7.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8561e732-44f3-4c66-8b48-832a439b9ac3.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f2a2d6220c99ca386f0517d430a7a503
75172bf57617e9fd91296df9ef35f2da78b615a0
704c955a91c12506e2835aec357c6448c0bca103142dd0b44133dbbe59b7344a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8561e732-44f3-4c66-8b48-832a439b9ac3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7791
x-amzn-requestid: be887802-b5d5-49ad-a0e0-b78005a82e83
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dy0mgHFxIAMF_4Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63aa9af6-53ee68c2626e0ec236df004b;Sampled=0
x-amzn-remapped-date: Tue, 27 Dec 2022 07:12:54 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: _YPfeDd3uqCt42UEBwdWepajhbjkonS9A6ojXD2iwSIGmloQ0bBU_w==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 31 Dec 2022 09:23:27 GMT
age: 58649
etag: "75172bf57617e9fd91296df9ef35f2da78b615a0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ww1.filemac.com/?sub1=54379348-8975-11ed-a741-3934bb17cdc1
64.190.63.136200 OK 1.3 kB URL HTTP/1.1 ww1.filemac.com/?sub1=54379348-8975-11ed-a741-3934bb17cdc1
IP 64.190.63.136:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (758)
Hash 2be09486c311e8151dca0e4cf5afbbec
0329b976d0a37f7bf855036cd4ef158f2dbf9e5e
33ff37066c1da457cb03688b3b9071d39e5390a9e30731a050a5c8d38db351da
GET /?sub1=54379348-8975-11ed-a741-3934bb17cdc1 HTTP/1.1
Host: ww1.filemac.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: sid=54379348-8975-11ed-a741-3934bb17cdc1
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
date: Sun, 01 Jan 2023 01:40:56 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
vary: Accept-Encoding
x-powered-by: PHP/8.1.9
expires: Mon, 26 Jul 1997 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_o1YscoDa79EHD9zYuhJszH5s/22GGzFmTHsbxaguDnbbjrQB4O+bxaysZn+UNLxln2be/RrmFGhgJfIpa1MFuA==
last-modified: Sun, 01 Jan 2023 01:40:54 GMT
x-cache-miss-from: parking-59cb595bf9-r2gds
server: NginX
content-encoding: gzip
ww1.filemac.com/search/tsc.php?200=MzAxMTM4Mzkz&21=OTEuOTAuNDIuMTU0&681=MTY3MjUzNzI1NmU5ZjBhNDUzMDQ0Y2ZlYWNiZGU2NzhhMGIwZGI0OTVm&crc=e277b626516d9680e1e6dcff9841347b3ba492de&cv=1
64.190.63.136200 OK 0 B URL HTTP/1.1 ww1.filemac.com/search/tsc.php?200=MzAxMTM4Mzkz&21=OTEuOTAuNDIuMTU0&681=MTY3MjUzNzI1NmU5ZjBhNDUzMDQ0Y2ZlYWNiZGU2NzhhMGIwZGI0OTVm&crc=e277b626516d9680e1e6dcff9841347b3ba492de&cv=1
IP 64.190.63.136:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /search/tsc.php?200=MzAxMTM4Mzkz&21=OTEuOTAuNDIuMTU0&681=MTY3MjUzNzI1NmU5ZjBhNDUzMDQ0Y2ZlYWNiZGU2NzhhMGIwZGI0OTVm&crc=e277b626516d9680e1e6dcff9841347b3ba492de&cv=1 HTTP/1.1
Host: ww1.filemac.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww1.filemac.com/?sub1=54379348-8975-11ed-a741-3934bb17cdc1
Cookie: sid=54379348-8975-11ed-a741-3934bb17cdc1
HTTP/1.1 200 OK
date: Sun, 01 Jan 2023 01:40:56 GMT
content-type: text/html; charset=UTF-8
content-length: 0
x-powered-by: PHP/8.1.9
x-cache-miss-from: parking-59cb595bf9-r2gds
server: NginX
ww1.filemac.com/search/redirect.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DQRwqMTaSNxc_0&v=YjI0YjQ1ZTI4OTdmNjg1YzY3NWQ1MzhhY2UzNDMyYTkJMQl3dzEuZmlsZW1hYy5jb202M2IwZTRhNmJmNDIwMi40MTc0MDY2MAl3dzEuZmlsZW1hYy5jb202M2IwZTRhNmJmNDYwNi4yMDEzODU2OQkxNjcyNTM3MjU2CWFkXzYzXzA=&l=OAk3ZjkyM2YyMjhmYzc3ZmNlYzc4NzU0ZWE1MTZiNWFiNgkwCTM1CTAJZjMwYmE0YzAwYzJmYTJlOTk3ZjQyYzczMDg3YzA4NDQJMzAxMTM4MzkzCWZpbGVtYWMJMAk2Mwk2CTIJMTY3MjUzNzI1NgkwLjAwMDI5CU4JMAkwCTAJMTIwNQkxNDg3OTM4NzEJOTEuOTAuNDIuMTU0CTA%3D
64.190.63.136302 Found 0 B URL HTTP/1.1 ww1.filemac.com/search/redirect.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DQRwqMTaSNxc_0&v=YjI0YjQ1ZTI4OTdmNjg1YzY3NWQ1MzhhY2UzNDMyYTkJMQl3dzEuZmlsZW1hYy5jb202M2IwZTRhNmJmNDIwMi40MTc0MDY2MAl3dzEuZmlsZW1hYy5jb202M2IwZTRhNmJmNDYwNi4yMDEzODU2OQkxNjcyNTM3MjU2CWFkXzYzXzA=&l=OAk3ZjkyM2YyMjhmYzc3ZmNlYzc4NzU0ZWE1MTZiNWFiNgkwCTM1CTAJZjMwYmE0YzAwYzJmYTJlOTk3ZjQyYzczMDg3YzA4NDQJMzAxMTM4MzkzCWZpbGVtYWMJMAk2Mwk2CTIJMTY3MjUzNzI1NgkwLjAwMDI5CU4JMAkwCTAJMTIwNQkxNDg3OTM4NzEJOTEuOTAuNDIuMTU0CTA%3D
IP 64.190.63.136:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /search/redirect.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DQRwqMTaSNxc_0&v=YjI0YjQ1ZTI4OTdmNjg1YzY3NWQ1MzhhY2UzNDMyYTkJMQl3dzEuZmlsZW1hYy5jb202M2IwZTRhNmJmNDIwMi40MTc0MDY2MAl3dzEuZmlsZW1hYy5jb202M2IwZTRhNmJmNDYwNi4yMDEzODU2OQkxNjcyNTM3MjU2CWFkXzYzXzA=&l=OAk3ZjkyM2YyMjhmYzc3ZmNlYzc4NzU0ZWE1MTZiNWFiNgkwCTM1CTAJZjMwYmE0YzAwYzJmYTJlOTk3ZjQyYzczMDg3YzA4NDQJMzAxMTM4MzkzCWZpbGVtYWMJMAk2Mwk2CTIJMTY3MjUzNzI1NgkwLjAwMDI5CU4JMAkwCTAJMTIwNQkxNDg3OTM4NzEJOTEuOTAuNDIuMTU0CTA%3D HTTP/1.1
Host: ww1.filemac.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww1.filemac.com/?sub1=54379348-8975-11ed-a741-3934bb17cdc1
Cookie: sid=54379348-8975-11ed-a741-3934bb17cdc1
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
date: Sun, 01 Jan 2023 01:40:56 GMT
content-type: text/html; charset=UTF-8
content-length: 0
x-powered-by: PHP/8.1.9
expires: Mon, 26 Jul 1997 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
last-modified: Sun, 01 Jan 2023 01:40:56 GMT
location: /search/tcerider.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DQRwqMTaSNxc_0&v=YjI0YjQ1ZTI4OTdmNjg1YzY3NWQ1MzhhY2UzNDMyYTkJMQl3dzEuZmlsZW1hYy5jb202M2IwZTRhNmJmNDIwMi40MTc0MDY2MAl3dzEuZmlsZW1hYy5jb202M2IwZTRhNmJmNDYwNi4yMDEzODU2OQkxNjcyNTM3MjU2CWFkXzYzXzA=&l=OAk3ZjkyM2YyMjhmYzc3ZmNlYzc4NzU0ZWE1MTZiNWFiNgkwCTM1CTAJZjMwYmE0YzAwYzJmYTJlOTk3ZjQyYzczMDg3YzA4NDQJMzAxMTM4MzkzCWZpbGVtYWMJMAk2Mwk2CTIJMTY3MjUzNzI1NgkwLjAwMDI5CU4JMAkwCTAJMTIwNQkxNDg3OTM4NzEJOTEuOTAuNDIuMTU0CTA%3D
x-cache-miss-from: parking-59cb595bf9-jt746
server: NginX
ww1.filemac.com/search/tcerider.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DQRwqMTaSNxc_0&v=YjI0YjQ1ZTI4OTdmNjg1YzY3NWQ1MzhhY2UzNDMyYTkJMQl3dzEuZmlsZW1hYy5jb202M2IwZTRhNmJmNDIwMi40MTc0MDY2MAl3dzEuZmlsZW1hYy5jb202M2IwZTRhNmJmNDYwNi4yMDEzODU2OQkxNjcyNTM3MjU2CWFkXzYzXzA=&l=OAk3ZjkyM2YyMjhmYzc3ZmNlYzc4NzU0ZWE1MTZiNWFiNgkwCTM1CTAJZjMwYmE0YzAwYzJmYTJlOTk3ZjQyYzczMDg3YzA4NDQJMzAxMTM4MzkzCWZpbGVtYWMJMAk2Mwk2CTIJMTY3MjUzNzI1NgkwLjAwMDI5CU4JMAkwCTAJMTIwNQkxNDg3OTM4NzEJOTEuOTAuNDIuMTU0CTA%3D
64.190.63.136302 Found 311 B URL HTTP/1.1 ww1.filemac.com/search/tcerider.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DQRwqMTaSNxc_0&v=YjI0YjQ1ZTI4OTdmNjg1YzY3NWQ1MzhhY2UzNDMyYTkJMQl3dzEuZmlsZW1hYy5jb202M2IwZTRhNmJmNDIwMi40MTc0MDY2MAl3dzEuZmlsZW1hYy5jb202M2IwZTRhNmJmNDYwNi4yMDEzODU2OQkxNjcyNTM3MjU2CWFkXzYzXzA=&l=OAk3ZjkyM2YyMjhmYzc3ZmNlYzc4NzU0ZWE1MTZiNWFiNgkwCTM1CTAJZjMwYmE0YzAwYzJmYTJlOTk3ZjQyYzczMDg3YzA4NDQJMzAxMTM4MzkzCWZpbGVtYWMJMAk2Mwk2CTIJMTY3MjUzNzI1NgkwLjAwMDI5CU4JMAkwCTAJMTIwNQkxNDg3OTM4NzEJOTEuOTAuNDIuMTU0CTA%3D
IP 64.190.63.136:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash fe32b75cdfeb058c4e026281929a5191
46d66c1c8901450c50b37456e210cb73736b99b2
0c51357f2490c736fa3c606e11a1739c2a07655ea3d847e446b0f3409b2ba521
GET /search/tcerider.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DQRwqMTaSNxc_0&v=YjI0YjQ1ZTI4OTdmNjg1YzY3NWQ1MzhhY2UzNDMyYTkJMQl3dzEuZmlsZW1hYy5jb202M2IwZTRhNmJmNDIwMi40MTc0MDY2MAl3dzEuZmlsZW1hYy5jb202M2IwZTRhNmJmNDYwNi4yMDEzODU2OQkxNjcyNTM3MjU2CWFkXzYzXzA=&l=OAk3ZjkyM2YyMjhmYzc3ZmNlYzc4NzU0ZWE1MTZiNWFiNgkwCTM1CTAJZjMwYmE0YzAwYzJmYTJlOTk3ZjQyYzczMDg3YzA4NDQJMzAxMTM4MzkzCWZpbGVtYWMJMAk2Mwk2CTIJMTY3MjUzNzI1NgkwLjAwMDI5CU4JMAkwCTAJMTIwNQkxNDg3OTM4NzEJOTEuOTAuNDIuMTU0CTA%3D HTTP/1.1
Host: ww1.filemac.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww1.filemac.com/?sub1=54379348-8975-11ed-a741-3934bb17cdc1
Connection: keep-alive
Cookie: sid=54379348-8975-11ed-a741-3934bb17cdc1
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
date: Sun, 01 Jan 2023 01:40:57 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
x-powered-by: PHP/8.1.9
expires: Mon, 26 Jul 1997 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
last-modified: Sun, 01 Jan 2023 01:40:57 GMT
location: http://xml.sedodna.com/click?i=QRwqMTaSNxc_0
x-cache-miss-from: parking-59cb595bf9-4pz79
server: NginX
xml.sedodna.com/click?i=QRwqMTaSNxc_0
173.239.53.32302 Found 0 B URL HTTP/1.1 xml.sedodna.com/click?i=QRwqMTaSNxc_0
IP 173.239.53.32:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?i=QRwqMTaSNxc_0 HTTP/1.1
Host: xml.sedodna.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww1.filemac.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: https://mybettermb.com/aS/feedclick?s=HFz5zNIIs96fzq49jFkHXa3dDnCBF-q5pjcTajzqm_QH0A88-gtuCxG_6U4hqQTcO4eq_lgR48_oiQJuDuwoS9gcFc4_-stlmbd3B7sGcRAkoDlrhq7v09i6czQKU3WjqWfap4yUt_iPH1TzciB1Qg6AZUDRz9bjOEX4iGGchU3iaM8vcO7TGGn8XZNssXrAaLhjukRsSd9Bd7hybF2BLhJt3AmEd6QvYkhs06xDm089SRlj2_XM72kDnNdQS_GWd-yGZe1Z-RPLTOZFZuVAaTQ96yBBDAqiJeCuG5S5Gjf7JNrmF2QujwnltkC9mAxRku7pLdHqUgB3E2dQZ541FEH4N2f2QVHmKsA8me7y6ZNgs03OVSMo8-gQHfcjSFCGUShyFrRVDvTqd6-_N_AtP6dsnxpecHk45RFOwpnWAqNfK50P62MPRBRqqfQ4It8GgRxgEediQjIuZwuatevSmMUh9zGe5ghSrI3XiaHwAyvy4hNnlOy6UE2eQC2KcFQEDrrBKoyCYxMFfZXaKsIop4FtRI90Ja98mPPUT1SKQnbTdAcoRmN9RJYZAflWD70PMl-4ZbTNCVJco5vKrze2v5xP8rKT6JA7ImoDliqwjwoc6qztWhycFiXFCQH3elERanFkVCytfC5dSc2jup6wOhTnXwXDsCVOXzzR3V7FCyjJO1_6UKF_BrVEn_hoveLRyIkUKHX7h6khoc_gjZ742REvV8iYsCtekufETKpAY1OSokIDAdKUra3faLbqZ5LQK4ww1TeeiOfutktK1eqGmy6NaWEJtnVLVfNDzyhjcaCIQnKdFjVZ6sWC7Z84jP-C8wvnpsJezoIvmH3a9SThsvpU3d-Wk56qN8oUbFlmst44VG_JobPM6BI2pRzkQ-ki6fpdtPw4OJKZaOLpMyXQlkE9w77HJKU7oqMojEQ0AU6lY-gHyMDk17gspCc55H8o97SAFSa1FWlYGZB42twFUnndjqz06A2t052Dx8J3Xrs5SIcZnW7ZG4vebgspeCbSJ7S7_XMqnqIjn4cYlcYvjUeVkqnpXX3y-xUGSHAIlpZCMyLMYOyWgUrHGb2FLbQPVKyzOdod7vvyB8inzotyprcQkDJ4R9yra9PlWQqGQ8cSyBXp8ZaFaQeGRB9qjCGggXgc2WdQ6KYudZ7DJU2tFEIKTpKKf-bduuq6FUVEnF6Whp5ucQBT1Zff5jIFF3KwUYF1TJroxQ0Qi_dqIxJDyJlWlq_Zm_TFnswrJeCOrqjzZ-0N5nUzJG_PtnKFC0hBWtehRT6iuMP922ymfOdhBB1JVaIGY1l3UXUHqANoeANCbx-kQWDNcc1IYZFdC3eF4juWfSMnM9KATPLrnDsNo5WPtHZfzrhe-cgeG2XNde4WT939cT2VYvT_yGR6pMG-dHGcJAbZCBEOmMIMzYXfMLY3_7Mslk7N83w42cIF_0ED8tivj3Ah7D5014skBJ3qdBP_CMjqwxFU2yKzlWedOvuDn0ycf_GjTga-F3sBKkk-14Vb-RawUA-duqIQCisB85yjoIHZsI8hdkHy5-2U7SJaiLbT2qJ3-_TFz15I_MllebqiH9FNWQOwuORgQ56r_qk_TEkoMDD5tRrIq9lWvhtStslT25xKHWLFPl4X4curUkrVnknsZwQ1LAI0XqrAvE-hWTqdGTK4D6MXTUk_k7ogufmTblhrk_dPTSmdb-Cze5HGWXer5zuyLjUSTZQ2C3FjbHr6OtPUrvP8KQ19YpI4M4U60DI_Y6G4aZD2yJLWWkIcmc2fQ3Zro_0kL4lbQZLDzVStFzTU7zqTEjT8fq7YOWLroL5e5wAN9fa0E-VHemtA5-njSWW4UlwbLqqeEyiNqlRf7qZVuCIj41BGCxbsCywIM7c-R0CabMsVe5uDEV36nPbmS2uH0QRXJFgDopCageVuhQC_dI-DCN7QXmSEshjCans3NRrRij4YRzy5AitmSsHLhI8FkasNIUT7qnUg-8Fjs9OxKsEnOmBS-cgNLkPrjfqSCNFGyMH6BF07Fg9WS4rnGmK-jMC8gaD3DqX1qSHB7dCrYpT-60e5AnIF3eLCXKS6alnwfIKgrHdxG2KUbaaZP680lHtCxzAiHolIBbRzxMite1VWtwz0kZQplWXQKuBTPToaOZXvzjm0L7v3N49D90TTH8ne2dj9nv0MC5rP6Y9pNbBkcJhAURv2R3khMsaDFOUD5e5FLaFbzMHeQ2j6wpBTknPQDALJMasN-QmRN8jl3v7dLoyhlj9LOjAbBU0wo_n_VMWxhu9aiLuxdXTFxKghCYo1uGNjGL9rylr0jZaKASUhnlMj94zQIME5LpfEYvhL0s_6fcDGB-tLhVn5T8yjc1oJ9zm2o_n_VMWxhu_GA8Z94IjDnyS1uwyeiHCA_A7qoQI6MsHTRf_HjFKu8_B2iRJlamV4tnmVDXICYeRYv9MflDLabkL3_xvDizbGXRbGzttSwi8xdYGyfFhBqdgcJ8Pxj5Nb_aLImfIfb8Rhz5J42SIbfER4qP08LIHgX7HUH0Ch60M4YatpKb30s-7T0n-zomaakCTY78rWIwo8YUAmd4x39J4bOVZAsyl3GOU41y7S036P1zGOAMFUfCNsWPm3sR20D5HNVYJ_j1dsU7zkQCollizJH7Bg2nTu9fbD7bE2AAvcdoweFKpsgDkAw77HsW3bxPrq1nwd7SvjS2cDNCnFbwGbhZYH0Q2Ye5WAMUdevOakGko8eoV6LgaNETrQPWr4nXjwp_p1povxv4ziZOXAkKIaKa42CvfyD2DMJftWND111Dm3rCVy9yU7ugF2M-yuJNfJTixaQTvhfvB0a23Nd7CYaoyhlS1x21UZsZirvirYBmeqhMW7z3kNTaRkfiDg3QDOn6PxAaE
Pragma: no-cache
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash c7c36f2ce4a9b6bf4c03c617f4930803
1a8cf78051709d6fb432946450fb265deb5c0026
972417ddf2ca778c5f78cb2c2f5518fa89e585fc8bf59f4ba3beceb83e288ac3
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 01 Jan 2023 01:40:57 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 29 Dec 2022 07:25:43 GMT
Expires: Thu, 05 Jan 2023 07:25:42 GMT
Etag: "1a8cf78051709d6fb432946450fb265deb5c0026"
Cache-Control: max-age=365684,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 78278cc40a68b50f-OSL
mybettermb.com/aS/feedclick?s=HFz5zNIIs96fzq49jFkHXa3dDnCBF-q5pjcTajzqm_QH0A88-gtuCxG_6U4hqQTcO4eq_lgR48_oiQJuDuwoS9gcFc4_-stlmbd3B7sGcRAkoDlrhq7v09i6czQKU3WjqWfap4yUt_iPH1TzciB1Qg6AZUDRz9bjOEX4iGGchU3iaM8vcO7TGGn8XZNssXrAaLhjukRsSd9Bd7hybF2BLhJt3AmEd6QvYkhs06xDm089SRlj2_XM72kDnNdQS_GWd-yGZe1Z-RPLTOZFZuVAaTQ96yBBDAqiJeCuG5S5Gjf7JNrmF2QujwnltkC9mAxRku7pLdHqUgB3E2dQZ541FEH4N2f2QVHmKsA8me7y6ZNgs03OVSMo8-gQHfcjSFCGUShyFrRVDvTqd6-_N_AtP6dsnxpecHk45RFOwpnWAqNfK50P62MPRBRqqfQ4It8GgRxgEediQjIuZwuatevSmMUh9zGe5ghSrI3XiaHwAyvy4hNnlOy6UE2eQC2KcFQEDrrBKoyCYxMFfZXaKsIop4FtRI90Ja98mPPUT1SKQnbTdAcoRmN9RJYZAflWD70PMl-4ZbTNCVJco5vKrze2v5xP8rKT6JA7ImoDliqwjwoc6qztWhycFiXFCQH3elERanFkVCytfC5dSc2jup6wOhTnXwXDsCVOXzzR3V7FCyjJO1_6UKF_BrVEn_hoveLRyIkUKHX7h6khoc_gjZ742REvV8iYsCtekufETKpAY1OSokIDAdKUra3faLbqZ5LQK4ww1TeeiOfutktK1eqGmy6NaWEJtnVLVfNDzyhjcaCIQnKdFjVZ6sWC7Z84jP-C8wvnpsJezoIvmH3a9SThsvpU3d-Wk56qN8oUbFlmst44VG_JobPM6BI2pRzkQ-ki6fpdtPw4OJKZaOLpMyXQlkE9w77HJKU7oqMojEQ0AU6lY-gHyMDk17gspCc55H8o97SAFSa1FWlYGZB42twFUnndjqz06A2t052Dx8J3Xrs5SIcZnW7ZG4vebgspeCbSJ7S7_XMqnqIjn4cYlcYvjUeVkqnpXX3y-xUGSHAIlpZCMyLMYOyWgUrHGb2FLbQPVKyzOdod7vvyB8inzotyprcQkDJ4R9yra9PlWQqGQ8cSyBXp8ZaFaQeGRB9qjCGggXgc2WdQ6KYudZ7DJU2tFEIKTpKKf-bduuq6FUVEnF6Whp5ucQBT1Zff5jIFF3KwUYF1TJroxQ0Qi_dqIxJDyJlWlq_Zm_TFnswrJeCOrqjzZ-0N5nUzJG_PtnKFC0hBWtehRT6iuMP922ymfOdhBB1JVaIGY1l3UXUHqANoeANCbx-kQWDNcc1IYZFdC3eF4juWfSMnM9KATPLrnDsNo5WPtHZfzrhe-cgeG2XNde4WT939cT2VYvT_yGR6pMG-dHGcJAbZCBEOmMIMzYXfMLY3_7Mslk7N83w42cIF_0ED8tivj3Ah7D5014skBJ3qdBP_CMjqwxFU2yKzlWedOvuDn0ycf_GjTga-F3sBKkk-14Vb-RawUA-duqIQCisB85yjoIHZsI8hdkHy5-2U7SJaiLbT2qJ3-_TFz15I_MllebqiH9FNWQOwuORgQ56r_qk_TEkoMDD5tRrIq9lWvhtStslT25xKHWLFPl4X4curUkrVnknsZwQ1LAI0XqrAvE-hWTqdGTK4D6MXTUk_k7ogufmTblhrk_dPTSmdb-Cze5HGWXer5zuyLjUSTZQ2C3FjbHr6OtPUrvP8KQ19YpI4M4U60DI_Y6G4aZD2yJLWWkIcmc2fQ3Zro_0kL4lbQZLDzVStFzTU7zqTEjT8fq7YOWLroL5e5wAN9fa0E-VHemtA5-njSWW4UlwbLqqeEyiNqlRf7qZVuCIj41BGCxbsCywIM7c-R0CabMsVe5uDEV36nPbmS2uH0QRXJFgDopCageVuhQC_dI-DCN7QXmSEshjCans3NRrRij4YRzy5AitmSsHLhI8FkasNIUT7qnUg-8Fjs9OxKsEnOmBS-cgNLkPrjfqSCNFGyMH6BF07Fg9WS4rnGmK-jMC8gaD3DqX1qSHB7dCrYpT-60e5AnIF3eLCXKS6alnwfIKgrHdxG2KUbaaZP680lHtCxzAiHolIBbRzxMite1VWtwz0kZQplWXQKuBTPToaOZXvzjm0L7v3N49D90TTH8ne2dj9nv0MC5rP6Y9pNbBkcJhAURv2R3khMsaDFOUD5e5FLaFbzMHeQ2j6wpBTknPQDALJMasN-QmRN8jl3v7dLoyhlj9LOjAbBU0wo_n_VMWxhu9aiLuxdXTFxKghCYo1uGNjGL9rylr0jZaKASUhnlMj94zQIME5LpfEYvhL0s_6fcDGB-tLhVn5T8yjc1oJ9zm2o_n_VMWxhu_GA8Z94IjDnyS1uwyeiHCA_A7qoQI6MsHTRf_HjFKu8_B2iRJlamV4tnmVDXICYeRYv9MflDLabkL3_xvDizbGXRbGzttSwi8xdYGyfFhBqdgcJ8Pxj5Nb_aLImfIfb8Rhz5J42SIbfER4qP08LIHgX7HUH0Ch60M4YatpKb30s-7T0n-zomaakCTY78rWIwo8YUAmd4x39J4bOVZAsyl3GOU41y7S036P1zGOAMFUfCNsWPm3sR20D5HNVYJ_j1dsU7zkQCollizJH7Bg2nTu9fbD7bE2AAvcdoweFKpsgDkAw77HsW3bxPrq1nwd7SvjS2cDNCnFbwGbhZYH0Q2Ye5WAMUdevOakGko8eoV6LgaNETrQPWr4nXjwp_p1povxv4ziZOXAkKIaKa42CvfyD2DMJftWND111Dm3rCVy9yU7ugF2M-yuJNfJTixaQTvhfvB0a23Nd7CYaoyhlS1x21UZsZirvirYBmeqhMW7z3kNTaRkfiDg3QDOn6PxAaE
52.116.53.155302 Found 0 B URL HTTP/2 mybettermb.com/aS/feedclick?s=HFz5zNIIs96fzq49jFkHXa3dDnCBF-q5pjcTajzqm_QH0A88-gtuCxG_6U4hqQTcO4eq_lgR48_oiQJuDuwoS9gcFc4_-stlmbd3B7sGcRAkoDlrhq7v09i6czQKU3WjqWfap4yUt_iPH1TzciB1Qg6AZUDRz9bjOEX4iGGchU3iaM8vcO7TGGn8XZNssXrAaLhjukRsSd9Bd7hybF2BLhJt3AmEd6QvYkhs06xDm089SRlj2_XM72kDnNdQS_GWd-yGZe1Z-RPLTOZFZuVAaTQ96yBBDAqiJeCuG5S5Gjf7JNrmF2QujwnltkC9mAxRku7pLdHqUgB3E2dQZ541FEH4N2f2QVHmKsA8me7y6ZNgs03OVSMo8-gQHfcjSFCGUShyFrRVDvTqd6-_N_AtP6dsnxpecHk45RFOwpnWAqNfK50P62MPRBRqqfQ4It8GgRxgEediQjIuZwuatevSmMUh9zGe5ghSrI3XiaHwAyvy4hNnlOy6UE2eQC2KcFQEDrrBKoyCYxMFfZXaKsIop4FtRI90Ja98mPPUT1SKQnbTdAcoRmN9RJYZAflWD70PMl-4ZbTNCVJco5vKrze2v5xP8rKT6JA7ImoDliqwjwoc6qztWhycFiXFCQH3elERanFkVCytfC5dSc2jup6wOhTnXwXDsCVOXzzR3V7FCyjJO1_6UKF_BrVEn_hoveLRyIkUKHX7h6khoc_gjZ742REvV8iYsCtekufETKpAY1OSokIDAdKUra3faLbqZ5LQK4ww1TeeiOfutktK1eqGmy6NaWEJtnVLVfNDzyhjcaCIQnKdFjVZ6sWC7Z84jP-C8wvnpsJezoIvmH3a9SThsvpU3d-Wk56qN8oUbFlmst44VG_JobPM6BI2pRzkQ-ki6fpdtPw4OJKZaOLpMyXQlkE9w77HJKU7oqMojEQ0AU6lY-gHyMDk17gspCc55H8o97SAFSa1FWlYGZB42twFUnndjqz06A2t052Dx8J3Xrs5SIcZnW7ZG4vebgspeCbSJ7S7_XMqnqIjn4cYlcYvjUeVkqnpXX3y-xUGSHAIlpZCMyLMYOyWgUrHGb2FLbQPVKyzOdod7vvyB8inzotyprcQkDJ4R9yra9PlWQqGQ8cSyBXp8ZaFaQeGRB9qjCGggXgc2WdQ6KYudZ7DJU2tFEIKTpKKf-bduuq6FUVEnF6Whp5ucQBT1Zff5jIFF3KwUYF1TJroxQ0Qi_dqIxJDyJlWlq_Zm_TFnswrJeCOrqjzZ-0N5nUzJG_PtnKFC0hBWtehRT6iuMP922ymfOdhBB1JVaIGY1l3UXUHqANoeANCbx-kQWDNcc1IYZFdC3eF4juWfSMnM9KATPLrnDsNo5WPtHZfzrhe-cgeG2XNde4WT939cT2VYvT_yGR6pMG-dHGcJAbZCBEOmMIMzYXfMLY3_7Mslk7N83w42cIF_0ED8tivj3Ah7D5014skBJ3qdBP_CMjqwxFU2yKzlWedOvuDn0ycf_GjTga-F3sBKkk-14Vb-RawUA-duqIQCisB85yjoIHZsI8hdkHy5-2U7SJaiLbT2qJ3-_TFz15I_MllebqiH9FNWQOwuORgQ56r_qk_TEkoMDD5tRrIq9lWvhtStslT25xKHWLFPl4X4curUkrVnknsZwQ1LAI0XqrAvE-hWTqdGTK4D6MXTUk_k7ogufmTblhrk_dPTSmdb-Cze5HGWXer5zuyLjUSTZQ2C3FjbHr6OtPUrvP8KQ19YpI4M4U60DI_Y6G4aZD2yJLWWkIcmc2fQ3Zro_0kL4lbQZLDzVStFzTU7zqTEjT8fq7YOWLroL5e5wAN9fa0E-VHemtA5-njSWW4UlwbLqqeEyiNqlRf7qZVuCIj41BGCxbsCywIM7c-R0CabMsVe5uDEV36nPbmS2uH0QRXJFgDopCageVuhQC_dI-DCN7QXmSEshjCans3NRrRij4YRzy5AitmSsHLhI8FkasNIUT7qnUg-8Fjs9OxKsEnOmBS-cgNLkPrjfqSCNFGyMH6BF07Fg9WS4rnGmK-jMC8gaD3DqX1qSHB7dCrYpT-60e5AnIF3eLCXKS6alnwfIKgrHdxG2KUbaaZP680lHtCxzAiHolIBbRzxMite1VWtwz0kZQplWXQKuBTPToaOZXvzjm0L7v3N49D90TTH8ne2dj9nv0MC5rP6Y9pNbBkcJhAURv2R3khMsaDFOUD5e5FLaFbzMHeQ2j6wpBTknPQDALJMasN-QmRN8jl3v7dLoyhlj9LOjAbBU0wo_n_VMWxhu9aiLuxdXTFxKghCYo1uGNjGL9rylr0jZaKASUhnlMj94zQIME5LpfEYvhL0s_6fcDGB-tLhVn5T8yjc1oJ9zm2o_n_VMWxhu_GA8Z94IjDnyS1uwyeiHCA_A7qoQI6MsHTRf_HjFKu8_B2iRJlamV4tnmVDXICYeRYv9MflDLabkL3_xvDizbGXRbGzttSwi8xdYGyfFhBqdgcJ8Pxj5Nb_aLImfIfb8Rhz5J42SIbfER4qP08LIHgX7HUH0Ch60M4YatpKb30s-7T0n-zomaakCTY78rWIwo8YUAmd4x39J4bOVZAsyl3GOU41y7S036P1zGOAMFUfCNsWPm3sR20D5HNVYJ_j1dsU7zkQCollizJH7Bg2nTu9fbD7bE2AAvcdoweFKpsgDkAw77HsW3bxPrq1nwd7SvjS2cDNCnFbwGbhZYH0Q2Ye5WAMUdevOakGko8eoV6LgaNETrQPWr4nXjwp_p1povxv4ziZOXAkKIaKa42CvfyD2DMJftWND111Dm3rCVy9yU7ugF2M-yuJNfJTixaQTvhfvB0a23Nd7CYaoyhlS1x21UZsZirvirYBmeqhMW7z3kNTaRkfiDg3QDOn6PxAaE
IP 52.116.53.155:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET /aS/feedclick?s=HFz5zNIIs96fzq49jFkHXa3dDnCBF-q5pjcTajzqm_QH0A88-gtuCxG_6U4hqQTcO4eq_lgR48_oiQJuDuwoS9gcFc4_-stlmbd3B7sGcRAkoDlrhq7v09i6czQKU3WjqWfap4yUt_iPH1TzciB1Qg6AZUDRz9bjOEX4iGGchU3iaM8vcO7TGGn8XZNssXrAaLhjukRsSd9Bd7hybF2BLhJt3AmEd6QvYkhs06xDm089SRlj2_XM72kDnNdQS_GWd-yGZe1Z-RPLTOZFZuVAaTQ96yBBDAqiJeCuG5S5Gjf7JNrmF2QujwnltkC9mAxRku7pLdHqUgB3E2dQZ541FEH4N2f2QVHmKsA8me7y6ZNgs03OVSMo8-gQHfcjSFCGUShyFrRVDvTqd6-_N_AtP6dsnxpecHk45RFOwpnWAqNfK50P62MPRBRqqfQ4It8GgRxgEediQjIuZwuatevSmMUh9zGe5ghSrI3XiaHwAyvy4hNnlOy6UE2eQC2KcFQEDrrBKoyCYxMFfZXaKsIop4FtRI90Ja98mPPUT1SKQnbTdAcoRmN9RJYZAflWD70PMl-4ZbTNCVJco5vKrze2v5xP8rKT6JA7ImoDliqwjwoc6qztWhycFiXFCQH3elERanFkVCytfC5dSc2jup6wOhTnXwXDsCVOXzzR3V7FCyjJO1_6UKF_BrVEn_hoveLRyIkUKHX7h6khoc_gjZ742REvV8iYsCtekufETKpAY1OSokIDAdKUra3faLbqZ5LQK4ww1TeeiOfutktK1eqGmy6NaWEJtnVLVfNDzyhjcaCIQnKdFjVZ6sWC7Z84jP-C8wvnpsJezoIvmH3a9SThsvpU3d-Wk56qN8oUbFlmst44VG_JobPM6BI2pRzkQ-ki6fpdtPw4OJKZaOLpMyXQlkE9w77HJKU7oqMojEQ0AU6lY-gHyMDk17gspCc55H8o97SAFSa1FWlYGZB42twFUnndjqz06A2t052Dx8J3Xrs5SIcZnW7ZG4vebgspeCbSJ7S7_XMqnqIjn4cYlcYvjUeVkqnpXX3y-xUGSHAIlpZCMyLMYOyWgUrHGb2FLbQPVKyzOdod7vvyB8inzotyprcQkDJ4R9yra9PlWQqGQ8cSyBXp8ZaFaQeGRB9qjCGggXgc2WdQ6KYudZ7DJU2tFEIKTpKKf-bduuq6FUVEnF6Whp5ucQBT1Zff5jIFF3KwUYF1TJroxQ0Qi_dqIxJDyJlWlq_Zm_TFnswrJeCOrqjzZ-0N5nUzJG_PtnKFC0hBWtehRT6iuMP922ymfOdhBB1JVaIGY1l3UXUHqANoeANCbx-kQWDNcc1IYZFdC3eF4juWfSMnM9KATPLrnDsNo5WPtHZfzrhe-cgeG2XNde4WT939cT2VYvT_yGR6pMG-dHGcJAbZCBEOmMIMzYXfMLY3_7Mslk7N83w42cIF_0ED8tivj3Ah7D5014skBJ3qdBP_CMjqwxFU2yKzlWedOvuDn0ycf_GjTga-F3sBKkk-14Vb-RawUA-duqIQCisB85yjoIHZsI8hdkHy5-2U7SJaiLbT2qJ3-_TFz15I_MllebqiH9FNWQOwuORgQ56r_qk_TEkoMDD5tRrIq9lWvhtStslT25xKHWLFPl4X4curUkrVnknsZwQ1LAI0XqrAvE-hWTqdGTK4D6MXTUk_k7ogufmTblhrk_dPTSmdb-Cze5HGWXer5zuyLjUSTZQ2C3FjbHr6OtPUrvP8KQ19YpI4M4U60DI_Y6G4aZD2yJLWWkIcmc2fQ3Zro_0kL4lbQZLDzVStFzTU7zqTEjT8fq7YOWLroL5e5wAN9fa0E-VHemtA5-njSWW4UlwbLqqeEyiNqlRf7qZVuCIj41BGCxbsCywIM7c-R0CabMsVe5uDEV36nPbmS2uH0QRXJFgDopCageVuhQC_dI-DCN7QXmSEshjCans3NRrRij4YRzy5AitmSsHLhI8FkasNIUT7qnUg-8Fjs9OxKsEnOmBS-cgNLkPrjfqSCNFGyMH6BF07Fg9WS4rnGmK-jMC8gaD3DqX1qSHB7dCrYpT-60e5AnIF3eLCXKS6alnwfIKgrHdxG2KUbaaZP680lHtCxzAiHolIBbRzxMite1VWtwz0kZQplWXQKuBTPToaOZXvzjm0L7v3N49D90TTH8ne2dj9nv0MC5rP6Y9pNbBkcJhAURv2R3khMsaDFOUD5e5FLaFbzMHeQ2j6wpBTknPQDALJMasN-QmRN8jl3v7dLoyhlj9LOjAbBU0wo_n_VMWxhu9aiLuxdXTFxKghCYo1uGNjGL9rylr0jZaKASUhnlMj94zQIME5LpfEYvhL0s_6fcDGB-tLhVn5T8yjc1oJ9zm2o_n_VMWxhu_GA8Z94IjDnyS1uwyeiHCA_A7qoQI6MsHTRf_HjFKu8_B2iRJlamV4tnmVDXICYeRYv9MflDLabkL3_xvDizbGXRbGzttSwi8xdYGyfFhBqdgcJ8Pxj5Nb_aLImfIfb8Rhz5J42SIbfER4qP08LIHgX7HUH0Ch60M4YatpKb30s-7T0n-zomaakCTY78rWIwo8YUAmd4x39J4bOVZAsyl3GOU41y7S036P1zGOAMFUfCNsWPm3sR20D5HNVYJ_j1dsU7zkQCollizJH7Bg2nTu9fbD7bE2AAvcdoweFKpsgDkAw77HsW3bxPrq1nwd7SvjS2cDNCnFbwGbhZYH0Q2Ye5WAMUdevOakGko8eoV6LgaNETrQPWr4nXjwp_p1povxv4ziZOXAkKIaKa42CvfyD2DMJftWND111Dm3rCVy9yU7ugF2M-yuJNfJTixaQTvhfvB0a23Nd7CYaoyhlS1x21UZsZirvirYBmeqhMW7z3kNTaRkfiDg3QDOn6PxAaE HTTP/1.1
Host: mybettermb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ww1.filemac.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Sun, 01 Jan 2023 01:40:57 GMT
content-length: 0
set-cookie: rhid=82630735821; Max-Age=15552000; Expires=Fri, 30-Jun-2023 01:40:57 GMT; Domain=mybettermb.com; Path=/; SameSite=None; secure;
location: https://p201298.mybettermb.com/adServe/domainClick?ai=GNWsBy0vmeWNIRD1OGzon9nRMFlvx0N-R3cDAIi7adncqUCzUFu0uWMmwune042hqC4ztfwuiUg7MRCw2iDeXrhyrIOdYHqmwInvqkONu_UsxhPk5YawsCeLfnPPzz--GW2M-edZHsBPoJW2FKxlzpdN5fiZEVzaeejYsm8x8gwcOoV-oByj74HE4B2iAX4Ngec8Y6XEbvg9s8JEhLEQ3ROmlAjVoK3r3d8EglOmqEZPoJW2FKxlzqt8wJm6dXxj2G5SDN6AMICiJer9RqZIb67Dba81XgQkneZLXwnqMy6-RDXxcT0StkeNW4YMiXNFcGrPGoINHAS1bCswSuqEzo17rR5lAINimkTejWoAam2_wdRZg6zQcVUJJkvHUxuP-5jQu7AkznNUxUQIVaNIlfQo9svE9H_Vh1fWxmo3kPm8GcWaccsx8nJJmxWvb-tAhLTfjgVu3mNuDI2UxT51tArjM4qCBPRUmPrBokDpAkldtrUQ7L7ubYWA3mGi0BoVkWwYS65LvCeP-H8sONAp8Hiwp67kxc_VuyvyRhL20gccVxa8GfExOZaaWtQ79ZP0eGKtPdim53Q8oUU91bK23dUi6xSvMdRUnmWdMtd0KgltnqQ0hhKQdWGt6kL5zmyLTulTFsFFyqDmvk1577iK5B2GPgvKKtCpsmFX4-wgjiatqBMLCyUQpHkNTaRkfiDgU0EJoNA-6aOdSxlVmFZU8-Xr12paUHSeQ_iKEYlo5hfliXS4JLXW_ga8tw24WWMwBsX8RwmT45aTSKrlinLYMXWITnlV6Bc7yFaJ73pdgRu_tiLZw1cY5g_7Q090Q3heGOrfJrpTMwU84uvcyKHYY_r4nvPsKvQNOYwwqJPWDKzZ0TBZb8dDfk1yppG1V57SAhEC_kcOcdj44_kTfSyHv1dYaHsTvR0e3fjuZ-GA1vFm4Mr4OTbR5CVVEUSS1AFYFp_hfKZ9J0BA4ZJwa0lO9PCseOjB5bqQFNGElOvfVPqzPoTh8kp0S2soK2PQR3cP1HanXB3kwMrUDctBB5bK4AzpxF2ezqEJkRZoDkTN6TQuDi9ZpyJrxP09V6ZFcdrqJg1v6JbB0DQ&ui=HFz5zNIIs96fzq49jFkHXcQzYObQGwwU7xf6tdOZukOBwcbOHWcg3Gn2qPZgaWCjbEreA0494sXOplJmz3PiQ3AB3Jgci7ZpOg1aMveIAV99cFwzd1LpLA&si=1&oref=85fe3b5c9b846cb8675b8504a3191185&optunit=sJhqjKGVLXHomJ5wtw7vIA&rb=2Vb288azLYM&rr=1&abtg=0
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 81c87a3f088331ce54f7b42d3815e4d7
93f7ac5fa21edef94d130988ab2833a36a8db38d
e493ad44a81a5773112904c8141b028cac7298d3cf1b44368291d9a0a3b800d7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 01 Jan 2023 01:40:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 81c87a3f088331ce54f7b42d3815e4d7
93f7ac5fa21edef94d130988ab2833a36a8db38d
e493ad44a81a5773112904c8141b028cac7298d3cf1b44368291d9a0a3b800d7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 01 Jan 2023 01:40:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash b8166fe0679d6ccf83bc7f27cb76f6a5
7c76f9e3b7cd828fd0bd9ddb3603e0f1c8fc6f23
d0799689c53c389718f8818863c88447440e69b8837264dbe7a24e62a746e1e2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 01 Jan 2023 01:40:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/permanentmarker/v16/Fh4uPib9Iyv2ucM6pGQMWimMp004La2Cfw.woff2
142.250.74.35200 OK 30 kB URL HTTP/2 fonts.gstatic.com/s/permanentmarker/v16/Fh4uPib9Iyv2ucM6pGQMWimMp004La2Cfw.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 29564, version 1.0\012- data
Hash 1b66ccb164151a6cf698667c8b570cc6
f5617a0f087645703c874453960be6382c8a7427
4884fec2c73aa52a2461073c1b87d1ceb80f400520391b43f97ca7d3c39eeb24
GET /s/permanentmarker/v16/Fh4uPib9Iyv2ucM6pGQMWimMp004La2Cfw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://poroshop.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 29564
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 30 Dec 2022 13:34:59 GMT
expires: Sat, 30 Dec 2023 13:34:59 GMT
cache-control: public, max-age=31536000
age: 129960
last-modified: Tue, 19 Apr 2022 17:55:57 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash b8166fe0679d6ccf83bc7f27cb76f6a5
7c76f9e3b7cd828fd0bd9ddb3603e0f1c8fc6f23
d0799689c53c389718f8818863c88447440e69b8837264dbe7a24e62a746e1e2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 01 Jan 2023 01:40:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.godaddy.com/
192.124.249.22200 OK 1.8 kB IP 192.124.249.22:0
Hash 74f5ed213fda9388b315fb29ede0fb50
f17c72111d12e4e6a962de99f21ef8bfabaf8381
0038e0a951b48539a3871ee50a65fca08ef8db79d077a6fcce33a86810bb812a
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sun, 01 Jan 2023 01:40:59 GMT
Content-Type: application/ocsp-response
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19022
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sat, 31 Dec 2022 22:47:15 GMT
Expires: Sun, 01 Jan 2023 22:47:15 GMT
ETag: "f17c72111d12e4e6a962de99f21ef8bfabaf8381"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
p201298.mybettermb.com/adServe/domainClick?ai=GNWsBy0vmeWNIRD1OGzon9nRMFlvx0N-R3cDAIi7adncqUCzUFu0uWMmwune042hqC4ztfwuiUg7MRCw2iDeXrhyrIOdYHqmwInvqkONu_UsxhPk5YawsCeLfnPPzz--GW2M-edZHsBPoJW2FKxlzpdN5fiZEVzaeejYsm8x8gwcOoV-oByj74HE4B2iAX4Ngec8Y6XEbvg9s8JEhLEQ3ROmlAjVoK3r3d8EglOmqEZPoJW2FKxlzqt8wJm6dXxj2G5SDN6AMICiJer9RqZIb67Dba81XgQkneZLXwnqMy6-RDXxcT0StkeNW4YMiXNFcGrPGoINHAS1bCswSuqEzo17rR5lAINimkTejWoAam2_wdRZg6zQcVUJJkvHUxuP-5jQu7AkznNUxUQIVaNIlfQo9svE9H_Vh1fWxmo3kPm8GcWaccsx8nJJmxWvb-tAhLTfjgVu3mNuDI2UxT51tArjM4qCBPRUmPrBokDpAkldtrUQ7L7ubYWA3mGi0BoVkWwYS65LvCeP-H8sONAp8Hiwp67kxc_VuyvyRhL20gccVxa8GfExOZaaWtQ79ZP0eGKtPdim53Q8oUU91bK23dUi6xSvMdRUnmWdMtd0KgltnqQ0hhKQdWGt6kL5zmyLTulTFsFFyqDmvk1577iK5B2GPgvKKtCpsmFX4-wgjiatqBMLCyUQpHkNTaRkfiDgU0EJoNA-6aOdSxlVmFZU8-Xr12paUHSeQ_iKEYlo5hfliXS4JLXW_ga8tw24WWMwBsX8RwmT45aTSKrlinLYMXWITnlV6Bc7yFaJ73pdgRu_tiLZw1cY5g_7Q090Q3heGOrfJrpTMwU84uvcyKHYY_r4nvPsKvQNOYwwqJPWDKzZ0TBZb8dDfk1yppG1V57SAhEC_kcOcdj44_kTfSyHv1dYaHsTvR0e3fjuZ-GA1vFm4Mr4OTbR5CVVEUSS1AFYFp_hfKZ9J0BA4ZJwa0lO9PCseOjB5bqQFNGElOvfVPqzPoTh8kp0S2soK2PQR3cP1HanXB3kwMrUDctBB5bK4AzpxF2ezqEJkRZoDkTN6TQuDi9ZpyJrxP09V6ZFcdrqJg1v6JbB0DQ&ui=HFz5zNIIs96fzq49jFkHXcQzYObQGwwU7xf6tdOZukOBwcbOHWcg3Gn2qPZgaWCjbEreA0494sXOplJmz3PiQ3AB3Jgci7ZpOg1aMveIAV99cFwzd1LpLA&si=1&oref=85fe3b5c9b846cb8675b8504a3191185&optunit=sJhqjKGVLXHomJ5wtw7vIA&rb=2Vb288azLYM&rr=1&abtg=0
52.116.53.155200 OK 0 B URL HTTP/2 p201298.mybettermb.com/adServe/domainClick?ai=GNWsBy0vmeWNIRD1OGzon9nRMFlvx0N-R3cDAIi7adncqUCzUFu0uWMmwune042hqC4ztfwuiUg7MRCw2iDeXrhyrIOdYHqmwInvqkONu_UsxhPk5YawsCeLfnPPzz--GW2M-edZHsBPoJW2FKxlzpdN5fiZEVzaeejYsm8x8gwcOoV-oByj74HE4B2iAX4Ngec8Y6XEbvg9s8JEhLEQ3ROmlAjVoK3r3d8EglOmqEZPoJW2FKxlzqt8wJm6dXxj2G5SDN6AMICiJer9RqZIb67Dba81XgQkneZLXwnqMy6-RDXxcT0StkeNW4YMiXNFcGrPGoINHAS1bCswSuqEzo17rR5lAINimkTejWoAam2_wdRZg6zQcVUJJkvHUxuP-5jQu7AkznNUxUQIVaNIlfQo9svE9H_Vh1fWxmo3kPm8GcWaccsx8nJJmxWvb-tAhLTfjgVu3mNuDI2UxT51tArjM4qCBPRUmPrBokDpAkldtrUQ7L7ubYWA3mGi0BoVkWwYS65LvCeP-H8sONAp8Hiwp67kxc_VuyvyRhL20gccVxa8GfExOZaaWtQ79ZP0eGKtPdim53Q8oUU91bK23dUi6xSvMdRUnmWdMtd0KgltnqQ0hhKQdWGt6kL5zmyLTulTFsFFyqDmvk1577iK5B2GPgvKKtCpsmFX4-wgjiatqBMLCyUQpHkNTaRkfiDgU0EJoNA-6aOdSxlVmFZU8-Xr12paUHSeQ_iKEYlo5hfliXS4JLXW_ga8tw24WWMwBsX8RwmT45aTSKrlinLYMXWITnlV6Bc7yFaJ73pdgRu_tiLZw1cY5g_7Q090Q3heGOrfJrpTMwU84uvcyKHYY_r4nvPsKvQNOYwwqJPWDKzZ0TBZb8dDfk1yppG1V57SAhEC_kcOcdj44_kTfSyHv1dYaHsTvR0e3fjuZ-GA1vFm4Mr4OTbR5CVVEUSS1AFYFp_hfKZ9J0BA4ZJwa0lO9PCseOjB5bqQFNGElOvfVPqzPoTh8kp0S2soK2PQR3cP1HanXB3kwMrUDctBB5bK4AzpxF2ezqEJkRZoDkTN6TQuDi9ZpyJrxP09V6ZFcdrqJg1v6JbB0DQ&ui=HFz5zNIIs96fzq49jFkHXcQzYObQGwwU7xf6tdOZukOBwcbOHWcg3Gn2qPZgaWCjbEreA0494sXOplJmz3PiQ3AB3Jgci7ZpOg1aMveIAV99cFwzd1LpLA&si=1&oref=85fe3b5c9b846cb8675b8504a3191185&optunit=sJhqjKGVLXHomJ5wtw7vIA&rb=2Vb288azLYM&rr=1&abtg=0
IP 52.116.53.155:0
GET /adServe/domainClick?ai=GNWsBy0vmeWNIRD1OGzon9nRMFlvx0N-R3cDAIi7adncqUCzUFu0uWMmwune042hqC4ztfwuiUg7MRCw2iDeXrhyrIOdYHqmwInvqkONu_UsxhPk5YawsCeLfnPPzz--GW2M-edZHsBPoJW2FKxlzpdN5fiZEVzaeejYsm8x8gwcOoV-oByj74HE4B2iAX4Ngec8Y6XEbvg9s8JEhLEQ3ROmlAjVoK3r3d8EglOmqEZPoJW2FKxlzqt8wJm6dXxj2G5SDN6AMICiJer9RqZIb67Dba81XgQkneZLXwnqMy6-RDXxcT0StkeNW4YMiXNFcGrPGoINHAS1bCswSuqEzo17rR5lAINimkTejWoAam2_wdRZg6zQcVUJJkvHUxuP-5jQu7AkznNUxUQIVaNIlfQo9svE9H_Vh1fWxmo3kPm8GcWaccsx8nJJmxWvb-tAhLTfjgVu3mNuDI2UxT51tArjM4qCBPRUmPrBokDpAkldtrUQ7L7ubYWA3mGi0BoVkWwYS65LvCeP-H8sONAp8Hiwp67kxc_VuyvyRhL20gccVxa8GfExOZaaWtQ79ZP0eGKtPdim53Q8oUU91bK23dUi6xSvMdRUnmWdMtd0KgltnqQ0hhKQdWGt6kL5zmyLTulTFsFFyqDmvk1577iK5B2GPgvKKtCpsmFX4-wgjiatqBMLCyUQpHkNTaRkfiDgU0EJoNA-6aOdSxlVmFZU8-Xr12paUHSeQ_iKEYlo5hfliXS4JLXW_ga8tw24WWMwBsX8RwmT45aTSKrlinLYMXWITnlV6Bc7yFaJ73pdgRu_tiLZw1cY5g_7Q090Q3heGOrfJrpTMwU84uvcyKHYY_r4nvPsKvQNOYwwqJPWDKzZ0TBZb8dDfk1yppG1V57SAhEC_kcOcdj44_kTfSyHv1dYaHsTvR0e3fjuZ-GA1vFm4Mr4OTbR5CVVEUSS1AFYFp_hfKZ9J0BA4ZJwa0lO9PCseOjB5bqQFNGElOvfVPqzPoTh8kp0S2soK2PQR3cP1HanXB3kwMrUDctBB5bK4AzpxF2ezqEJkRZoDkTN6TQuDi9ZpyJrxP09V6ZFcdrqJg1v6JbB0DQ&ui=HFz5zNIIs96fzq49jFkHXcQzYObQGwwU7xf6tdOZukOBwcbOHWcg3Gn2qPZgaWCjbEreA0494sXOplJmz3PiQ3AB3Jgci7ZpOg1aMveIAV99cFwzd1LpLA&si=1&oref=85fe3b5c9b846cb8675b8504a3191185&optunit=sJhqjKGVLXHomJ5wtw7vIA&rb=2Vb288azLYM&rr=1&abtg=0 HTTP/1.1
Host: p201298.mybettermb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ww1.filemac.com/
Connection: keep-alive
Cookie: rhid=82630735821
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 01 Jan 2023 01:40:57 GMT
content-type: text/html;charset=ISO-8859-1
vary: Accept-Encoding
set-cookie: rhid=82630735821; Max-Age=15552000; Expires=Fri, 30-Jun-2023 01:40:57 GMT; Domain=mybettermb.com; Path=/; SameSite=None; secure;
loi=ad_1336737_off_779865_aff_89990_cid_201298-FILEMAC.COM_ts_1672537257; Max-Age=3600; Expires=Sun, 01-Jan-2023 02:40:57 GMT; Domain=mybettermb.com; Path=/; SameSite=None; secure;
content-encoding: gzip
X-Firefox-Spdy: h2
poroshop.com/redirect-simple?ci=254&c=no&m_c_r=-1&c_p=s&c_s=366534205&c_k=beauty&c_geo=NO&c_d=Desktop
185.209.223.208200 OK 0 B URL HTTP/2 poroshop.com/redirect-simple?ci=254&c=no&m_c_r=-1&c_p=s&c_s=366534205&c_k=beauty&c_geo=NO&c_d=Desktop
IP 185.209.223.208:0
GET /redirect-simple?ci=254&c=no&m_c_r=-1&c_p=s&c_s=366534205&c_k=beauty&c_geo=NO&c_d=Desktop HTTP/1.1
Host: poroshop.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Sun, 01 Jan 2023 01:40:59 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.4.29
x-frame-options: *
content-encoding: gzip
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Permanent+Marker&display=swap
142.250.74.74200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Permanent+Marker&display=swap
IP 142.250.74.74:0
GET /css?family=Permanent+Marker&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://poroshop.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 01 Jan 2023 01:40:59 GMT
date: Sun, 01 Jan 2023 01:40:59 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2