Overview

URLloveken.gq/?mn=tbu&s=687474703a2f2f646174696e6773722e636f6d2f6e65772f3f733d393126263634373330383031363534353133392664693d37672d313836362665643d676d6126693d61646d696e39312c363338342c616479616963616d40676d61696c2e636f6d2c496c68616d2674733d3136363936393837393126373932373837353334313130323438&?/Jess/photo192/
IP 104.21.33.55 ()
ASN#13335 CLOUDFLARENET
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-11-29 10:34:08 UTC
StatusLoading report..
IDS alerts0
Blocklist alert2
urlquery alerts No alerts detected
Tags None

Domain Summary (32)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
fonts.gstatic.com (1) 0 2014-09-09 00:40:21 UTC 2022-11-29 07:36:52 UTC 216.58.207.195 Domain (gstatic.com) ranked at: 540
v2.trckguardlnk.com (2) 0 No data No data 18.194.62.185 Unknown ranking
cdn.smrt-assets.com (8) 0 No data No data 23.36.76.163 Unknown ranking
tsyndicate.com (1) 13042 2017-03-16 09:04:54 UTC 2022-11-29 06:24:56 UTC 136.243.130.121
statisticresearch.com (1) 584767 2019-05-28 07:17:54 UTC 2022-11-29 07:45:32 UTC 52.204.249.38
loveken.gq (2) 0 2022-01-02 02:01:12 UTC 2022-07-08 19:39:54 UTC 104.21.33.55 Unknown ranking
www.gstatic.com (2) 0 2016-07-26 09:37:06 UTC 2022-11-29 09:50:47 UTC 142.250.74.163 Domain (gstatic.com) ranked at: 540
contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-11-29 05:51:44 UTC 34.117.237.239
zzotrack.com (1) 470411 No data No data 18.184.38.55
a.vfgtg.com (1) 279695 No data No data 18.192.108.151
a.vfgtf.com (1) 0 No data No data 18.192.108.151 Unknown ranking
e1.o.lencr.org (2) 6159 No data No data 23.36.76.226
tracking.t0r4.com (1) 0 2022-05-18 20:26:48 UTC 2022-11-29 09:48:02 UTC 172.67.190.127 Unknown ranking
fonts.googleapis.com (1) 8877 2013-06-10 20:14:26 UTC 2022-11-29 09:35:58 UTC 142.250.74.10
static.trafficjunky.com (1) 13961 2015-03-25 11:36:27 UTC 2020-05-04 07:52:25 UTC 205.185.208.79
ocsp.digicert.com (2) 86 2012-05-21 07:02:23 UTC 2020-05-02 20:58:10 UTC 93.184.220.29
firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-11-29 05:48:55 UTC 34.102.187.140
stats.g.doubleclick.net (1) 96 2013-06-10 20:21:11 UTC 2022-11-29 09:50:49 UTC 142.251.1.154
ocsp.pki.goog (9) 175 2018-07-01 06:43:07 UTC 2020-05-02 20:58:16 UTC 142.250.74.3
www.google-analytics.com (2) 40 2012-10-03 01:04:21 UTC 2022-11-29 08:33:49 UTC 142.250.74.174
smartsecuredt.com (1) 0 2022-06-03 01:48:10 UTC 2022-11-29 06:54:53 UTC 45.141.159.22 Unknown ranking
region1.google-analytics.com (1) 0 2022-03-17 11:26:33 UTC 2022-11-29 06:11:22 UTC 216.239.34.36 Domain (google-analytics.com) ranked at: 8401
a.vfgtc.com (2) 0 2019-09-27 12:31:23 UTC 2019-09-27 12:31:23 UTC 18.192.108.151 Unknown ranking
img-getpocket.cdn.mozilla.net (7) 1631 2018-06-21 23:36:00 UTC 2020-02-19 04:43:25 UTC 34.120.237.76
ocsp.sca1b.amazontrust.com (3) 1015 2017-03-03 15:20:51 UTC 2019-03-27 04:05:54 UTC 143.204.42.156
t.asl-1.com (1) 0 2022-03-23 07:52:33 UTC 2022-11-27 23:52:50 UTC 3.218.135.42 Unknown ranking
push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2020-05-03 10:09:39 UTC 52.89.114.252
t.anmdr.link (1) 0 2022-07-07 15:35:25 UTC 2022-11-29 07:08:07 UTC 54.230.111.123 Unknown ranking
s.anadm.link (1) 0 2022-04-08 20:37:13 UTC 2022-11-29 09:48:02 UTC 54.230.111.117 Unknown ranking
ocsp.r2m01.amazontrust.com (1) 0 2022-10-12 20:43:53 UTC 2022-11-29 06:55:35 UTC 54.230.80.227 Domain (amazontrust.com) ranked at: 581
r3.o.lencr.org (8) 344 No data No data 23.36.76.226
content-signature-2.cdn.mozilla.net (1) 1152 No data No data 34.160.144.191

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
 No alerts detected

PhishTank
 No alerts detected

Fortinet's Web Filter
 No alerts detected

mnemonic secure dns
 No alerts detected

Quad9 DNS
Scan Date Severity Indicator Comment
2022-11-28 2 trckguardlnk.com Sinkholed
2022-11-28 2 trckguardlnk.com Sinkholed


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 1 reports on IP: 104.21.33.55
Date UQ / IDS / BL URL IP
2022-11-29 10:34:08 +0000 0 - 0 - 2 loveken.gq/?mn=tbu&s=687474703a2f2f646174696e (...) 104.21.33.55


Last 5 reports on ASN: CLOUDFLARENET
Date UQ / IDS / BL URL IP
2023-01-29 21:55:15 +0000 0 - 2 - 1 nimenspa.ml/ 104.21.68.48
2023-01-29 21:55:04 +0000 0 - 0 - 2 26-abrilnetempresas.com/ 172.67.175.246
2023-01-29 21:54:58 +0000 0 - 0 - 1 manhuascan.io/manga/love-tractor/chapter-12 188.114.96.1
2023-01-29 21:54:53 +0000 0 - 2 - 0 insidersport.com/2022/10/17/nba-reveals-first (...) 172.67.69.134
2023-01-29 21:54:47 +0000 0 - 1 - 0 milfdates.club/lp23321/?cep=Wgw9ebA4iXTlK-vsm (...) 172.67.149.35


Last 1 reports on domain: loveken.gq
Date UQ / IDS / BL URL IP
2022-11-29 10:34:08 +0000 0 - 0 - 2 loveken.gq/?mn=tbu&s=687474703a2f2f646174696e (...) 104.21.33.55


Last 5 reports with similar screenshot
Date UQ / IDS / BL URL IP
2023-01-20 02:19:08 +0000 0 - 0 - 2 97.hp1001.com/html/3_5025.html 72.52.179.174
2023-01-14 05:32:16 +0000 0 - 1 - 1 os.downloadster2cdn.com/Downloadster/?v=5.0&c (...) 77.247.182.247
2023-01-11 10:18:11 +0000 0 - 0 - 2 url-x.it/j9j2DpZ 217.160.0.221
2023-01-09 22:41:19 +0000 0 - 2 - 1 qaskniebgghveqh.usa.cc/woc/00/commweather/471 (...) ::1
2023-01-09 09:52:49 +0000 0 - 1 - 2 amtm.today/ 172.67.176.188

JavaScript

Executed Scripts (18)

Executed Evals (1)
#1 JavaScript::Eval (size: 2) - SHA256: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
ok

Executed Writes (0)


HTTP Transactions (70)


Request Response
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "8EED57C91B42EF7B2D5EFF1309E306E23E13C3DE21219AF24A693CBF3E8977FC"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17327
Expires: Tue, 29 Nov 2022 15:22:44 GMT
Date: Tue, 29 Nov 2022 10:33:57 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F18AC558CB786126BB7EFB159E03353D268D5F5796BCFD2691A349DFC68D863C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3680
Expires: Tue, 29 Nov 2022 11:35:17 GMT
Date: Tue, 29 Nov 2022 10:33:57 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 6477
Cache-Control: max-age=92721
Date: Tue, 29 Nov 2022 10:33:57 GMT
Etag: "63848df9-1d7"
Expires: Wed, 30 Nov 2022 12:19:18 GMT
Last-Modified: Mon, 28 Nov 2022 10:31:21 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: FHUsY+7u2fzsMcuOtU2zGHK+fLObHuWMR/S6TXFvaNgV+yAcGncAdapAyxeTO5aOZdIid6GLL3I=
x-amz-request-id: C16WHMRRD5CWX6YJ
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 29 Nov 2022 09:45:24 GMT
age: 2913
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    9ebddc2b260d081ebbefee47c037cb28
Sha1:   492bad62a7ca6a74738921ef5ae6f0be5edebf39
Sha256: 74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 29 Nov 2022 10:17:53 GMT
cache-control: public,max-age=3600
age: 964
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    30db107dcf4380cef05efea409c2e6a3
Sha1:   96e6a306fbc07299aba64e5c14e2bfca35872fa9
Sha256: b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
                                        
                                            GET /?mn=tbu&s=687474703a2f2f646174696e6773722e636f6d2f6e65772f3f733d393126263634373330383031363534353133392664693d37672d313836362665643d676d6126693d61646d696e39312c363338342c616479616963616d40676d61696c2e636f6d2c496c68616d2674733d3136363936393837393126373932373837353334313130323438&?/Jess/photo192/ HTTP/1.1 
Host: loveken.gq
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         104.21.33.55
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Date: Tue, 29 Nov 2022 10:33:57 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
Location: http://loveken.gq/new/?s=91&&647308016545139&di=7g-1866&ed=gma&i=admin91,6384,adyaicam@gmail.com,Ilham&ts=1669698791&792787534110248
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PiKdCV3XEZ2HN5Jl4zV8OahRU%2FYIXOVwm62V0D36C6qPoJoKHtDa9B%2F3vfpe6H6JrL8p7aukLJ3fTl75Qt19w%2B6rdcHXhTbHVB%2BlyN%2ByWthboUktfiYLOFR34r2M"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 771ab023da94b515-OSL
alt-svc: h2=":443"; ma=60

                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Tue, 29 Nov 2022 10:33:57 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /new/?s=91&&647308016545139&di=7g-1866&ed=gma&i=admin91,6384,adyaicam@gmail.com,Ilham&ts=1669698791&792787534110248 HTTP/1.1 
Host: loveken.gq
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         104.21.33.55
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Date: Tue, 29 Nov 2022 10:33:57 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
Set-Cookie: visited=1; expires=Thu, 29-Dec-2022 10:20:11 GMT
Location: https://t.asl-1.com/pm51j4wny8/55609/5782/0/?bo=2753,2754,2755,2756&aff_sub1=va99&aff_sub2=test_bl570
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mVJBUuf5DKr%2Fr8xppktBxgq1yFN7HuQ2l7dObA2oT%2FYV1NBqvCbg1dWwkG8IO2T63H9VWD%2F21sD%2FUiM9BoyHq%2B9C1wfWOxORlsXNZcrkhv0t%2BdZD582qiF6j5vQR"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 771ab025acb7b515-OSL
alt-svc: h2=":443"; ma=60

                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Pragma, Last-Modified, ETag, Alert, Expires, Retry-After, Cache-Control, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 29 Nov 2022 10:11:13 GMT
cache-control: public,max-age=3600
age: 1364
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F475E1B501A902634F4EA7D9E4044A9B65862CF1D6D90CB77A9CE7345D368D85"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10651
Expires: Tue, 29 Nov 2022 13:31:28 GMT
Date: Tue, 29 Nov 2022 10:33:57 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 6396
Cache-Control: max-age=87574
Date: Tue, 29 Nov 2022 10:33:57 GMT
Etag: "63847a2f-1d7"
Expires: Wed, 30 Nov 2022 10:53:31 GMT
Last-Modified: Mon, 28 Nov 2022 09:06:55 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /pm51j4wny8/55609/5782/0/?bo=2753,2754,2755,2756&aff_sub1=va99&aff_sub2=test_bl570 HTTP/1.1 
Host: t.asl-1.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

search
                                         3.218.135.42
HTTP/2 303 See Other
content-type: text/html; charset=utf-8
                                        
server: nginx/1.19.0
date: Tue, 29 Nov 2022 10:33:57 GMT
content-length: 508
location: https://a.vfgtg.com/bb7e836a-79d2-4d6a-adaf-2b9ae2547988?subID1=test_bl570&affiliateID=75077&source=102a5d6e12d1508e06111d6c95585f&subID2=55609&Target=Email&affsource=test_bl570&bo=2753%2C2754%2C2755%2C2756
set-cookie: enc_aff_session_5782=ENC03c2677c386523f98e868b3a39e5094d8a53cf47d9e321323424277b70b719555abc9f53ab1ab3c9b80a286de3b7026d45ffed5c6415c07981446bc2ac1ac3bfb8097632f0a8204514ae467faca603256b0f18f4541c7dd27134332c08fa513d698e217ac73ec8214c6a2287ee1b7149551f278633759d41c6f0481f414f74d1151ea37a4c; Path=/; Expires=Thu, 28 Nov 2024 10:33:57 GMT; Secure ho_mob=eyJtb2JpbGVfZGV2aWNlX29zIjoiRGVza3RvcCIsIm1vYmlsZV9kZXZpY2VfbW9kZWwiOiJGaXJlZm94IiwibW9iaWxlX2RldmljZV9icmFuZCI6Ik1vemlsbGEiLCJtb2JpbGVfYnJvd3NlciI6IkZpcmVmb3ggRGVza3RvcCIsIm1vYmlsZV9icm93c2VyX3ZlcnNpb24iOiIxMDUuMCIsIm1vYmlsZV9jYXJyaWVyIjoiPyIsInVzZXJfYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgWDY0OyBSdjoxMDUuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC8xMDUuMCIsImNvbm5lY3Rpb25fc3BlZWQiOiJicm9hZGJhbmQifQ%3D%3D; Path=/; Expires=Thu, 23 Oct 2025 21:13:57 GMT; Secure
tracking_id: 102a5d6e12d1508e06111d6c95585f
vary: Accept
strict-transport-security: max-age=15724800; includeSubDomains
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document, ASCII text, with very long lines (508), with no line terminators
Size:   508
Md5:    5f9046d5d12d0afd5e5bf9893f1a1b20
Sha1:   19c08afd93c91475c3d77f97483dc34a019474ad
Sha256: c73827dbd591c3884e865182a0ad33fa9c41db3ed773a7d6a667048b3699b4d1
                                        
                                            GET /bb7e836a-79d2-4d6a-adaf-2b9ae2547988?subID1=test_bl570&affiliateID=75077&source=102a5d6e12d1508e06111d6c95585f&subID2=55609&Target=Email&affsource=test_bl570&bo=2753%2C2754%2C2755%2C2756 HTTP/1.1 
Host: a.vfgtg.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

search
                                         18.192.108.151
HTTP/2 302 Found
                                        
server: nginx
date: Tue, 29 Nov 2022 10:33:58 GMT
content-length: 0
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://a.vfgtc.com/cb5cb9a8-26a4-42ae-946b-aae4b3e52909?subID1=test_bl570&affiliateID=75077&source=102a5d6e12d1508e06111d6c95585f&subID2=55609&target=&Site=&Bnr=ALGO&cid=wdvemdj2f8aqmiqkip18ft0s&affsource=test_bl570
pragma: no-cache
set-cookie: bb7e836a-79d2-4d6a-adaf-2b9ae2547988-v4=mDVTII2IQxAhxg7KrBmycSgo5-7OimDecadMedDzd40; Max-Age=86400; Expires=Wed, 30-Nov-2022 10:33:58 GMT; Domain=a.vfgtg.com; Path=/; Secure; HttpOnly;SameSite=None cc-v4=SMjHexEiyMpbOLT3hAiBr5Yf4Q4hdZZ9716o00NBQ8usAOQKclc8m3ar3IBloQgyhVdOdsnX%2BsBjMdRQtwgVRT6Xl2K%2FYEvj5bsEUoaO0b4EXQNCipzlCJhR51pfWAGw%2BPx0TADbIRTICyn7aXusSA%3D%3D; Max-Age=31536000; Expires=Wed, 29-Nov-2023 10:33:58 GMT; Domain=a.vfgtg.com; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2

                                        
                                            GET /cb5cb9a8-26a4-42ae-946b-aae4b3e52909?subID1=test_bl570&affiliateID=75077&source=102a5d6e12d1508e06111d6c95585f&subID2=55609&target=&Site=&Bnr=ALGO&cid=wdvemdj2f8aqmiqkip18ft0s&affsource=test_bl570 HTTP/1.1 
Host: a.vfgtc.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

search
                                         18.192.108.151
HTTP/2 302 Found
                                        
server: nginx
date: Tue, 29 Nov 2022 10:33:58 GMT
content-length: 0
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://t.anmdr.link/75077/3785/26412/?aff_sub4=_bucket&aff_sub=test_bl570&aff_sub2=55609&aff_sub3=wq06cubtkkesbiqki7dusl7e&source=102a5d6e12d1508e06111d6c95585f&bnr=ALGO&target=emails&pyt=multi&bo=2753,2754,2755,2756
pragma: no-cache
set-cookie: cb5cb9a8-26a4-42ae-946b-aae4b3e52909-v4=frhCHNQzMoHNlu_Fdj-WLdPXS1skNXw0gnFtXJst6HY; Max-Age=86400; Expires=Wed, 30-Nov-2022 10:33:58 GMT; Domain=a.vfgtc.com; Path=/; Secure; HttpOnly;SameSite=None cc-v4=VhEiLo0BmWAs9Gj60tSfQaZKxlefutvNpCr6gYx5BIPSa5hhj41SVjxESriXCtdmjqK2732mM1K3jE5eBK%2FDhxE35mJXg%2FbDpJ8R1NlOWiNzkOeqpU7SRUEEq6qScjI6HhMbPYLkU73xivps4bjcFg%3D%3D; Max-Age=31536000; Expires=Wed, 29-Nov-2023 10:33:58 GMT; Domain=a.vfgtc.com; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: +4NJIJ58pSgjpmGF7HYa0g==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         52.89.114.252
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: w0cZsFp3tpCP9xRkxUzUV5lTuhU=

                                        
                                            GET /75077/3785/26412/?aff_sub4=_bucket&aff_sub=test_bl570&aff_sub2=55609&aff_sub3=wq06cubtkkesbiqki7dusl7e&source=102a5d6e12d1508e06111d6c95585f&bnr=ALGO&target=emails&pyt=multi&bo=2753,2754,2755,2756 HTTP/1.1 
Host: t.anmdr.link
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

search
                                         54.230.111.123
HTTP/2 303 See Other
content-type: text/html; charset=utf-8
                                        
content-length: 1084
location: https://a.vfgtf.com/ab267e05-23a0-430a-bac4-772f7f629740?subID1=test_bl570%3B102a5d6e12d1508e06111d6c95585f&affiliateID=44542&source=1029028a759e3098ade6364b5cfa44&subID2=75077&s2=1029028a759e3098ade6364b5cfa44&s3=test_bl570%3B102a5d6e12d1508e06111d6c95585f&s4=75077&Bnr=ALGO&url=1&target=emails&pyt=multi&affsub=test_bl570&affsource=test_bl570&aff_click_id=1029028a759e3098ade6364b5cfa44&affsource=102a5d6e12d1508e06111d6c95585f&bo=2753%2C2754%2C2755%2C2756
server: nginx/1.19.0
date: Tue, 29 Nov 2022 10:33:58 GMT
set-cookie: aff_ran_url_3785=26412; Path=/; Expires=Wed, 30 Nov 2022 10:33:58 GMT; Secure enc_aff_session_3785=ENC03f9a6480bb110a4da51295dacd2951b4af66d12bde3ab9e03ed95b9255b2b8c0e6eb43e65919a745862ce520c4f2e7ea6250b487e81a5a5ae2a044a7f2ca2ce35340ee35ab4ef47fe08c82e2be185fda81ab1808ea8db21cf2e32ace6a25978b463bd538580e4f5c5b7e762449dea5358f6e31b45b2075dd476fdb122a4c5e0591777e6cdf5692f4a837b647b430e7fe8a7bb9052ee245cf2f53ccbd7201d575ccaa7410c2e960ca355d88631f5037e5287bf128dac5841875b8c1abf4da763622b04c428; Path=/; Expires=Thu, 28 Nov 2024 10:33:58 GMT; Secure ho_mob=eyJtb2JpbGVfZGV2aWNlX29zIjoiRGVza3RvcCIsIm1vYmlsZV9kZXZpY2VfbW9kZWwiOiJGaXJlZm94IiwibW9iaWxlX2RldmljZV9icmFuZCI6Ik1vemlsbGEiLCJtb2JpbGVfYnJvd3NlciI6IkZpcmVmb3ggRGVza3RvcCIsIm1vYmlsZV9icm93c2VyX3ZlcnNpb24iOiIxMDUuMCIsIm1vYmlsZV9jYXJyaWVyIjoiPyIsInVzZXJfYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgWDY0OyBSdjoxMDUuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC8xMDUuMCIsImNvbm5lY3Rpb25fc3BlZWQiOiJicm9hZGJhbmQifQ%3D%3D; Path=/; Expires=Thu, 23 Oct 2025 21:13:58 GMT; Secure
tracking_id: 1029028a759e3098ade6364b5cfa44
vary: Accept
strict-transport-security: max-age=15724800; includeSubDomains
x-cache: Miss from cloudfront
via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: kkKQ46C4VPGv5RWdfxNpMy0XLo3Bex6NISvcbadKZNcUawrkFTiMOg==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document, ASCII text, with very long lines (1084), with no line terminators
Size:   1084
Md5:    3f0b70d35016c9152ae5f599cf7340d6
Sha1:   bea21673a3027793cfdc3dd0801c7d0844f16289
Sha256: a5095ab4adaaae6818d601d844331fca096475a49320f184bd52d89a58817263
                                        
                                            GET /ab267e05-23a0-430a-bac4-772f7f629740?subID1=test_bl570%3B102a5d6e12d1508e06111d6c95585f&affiliateID=44542&source=1029028a759e3098ade6364b5cfa44&subID2=75077&s2=1029028a759e3098ade6364b5cfa44&s3=test_bl570%3B102a5d6e12d1508e06111d6c95585f&s4=75077&Bnr=ALGO&url=1&target=emails&pyt=multi&affsub=test_bl570&affsource=test_bl570&aff_click_id=1029028a759e3098ade6364b5cfa44&affsource=102a5d6e12d1508e06111d6c95585f&bo=2753%2C2754%2C2755%2C2756 HTTP/1.1 
Host: a.vfgtf.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

search
                                         18.192.108.151
HTTP/2 302 Found
                                        
server: nginx
date: Tue, 29 Nov 2022 10:33:58 GMT
content-length: 0
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://a.vfgtc.com/2d2fb929-79a5-4a1c-840d-3f370da182b6?aff_sub4=_bucket&subID1=test_bl570%3B102a5d6e12d1508e06111d6c95585f&affiliateID=170910&source=1029028a759e3098ade6364b5cfa44&subID2=75077&target=emails&Site=&Bnr=ALGO&cid=wa9slurfimqbtiqk29069d34&affsource=test_bl570
pragma: no-cache
set-cookie: ab267e05-23a0-430a-bac4-772f7f629740-v4=NPuEYBz5V2vv4PyhlJMvcPwlBfP11YrY3xsmputh-IQ; Max-Age=86400; Expires=Wed, 30-Nov-2022 10:33:58 GMT; Domain=a.vfgtf.com; Path=/; Secure; HttpOnly;SameSite=None cc-v4=7lj85VcVFNebqdCLReX9qq%2B2xPpkJjD9Y6edUKRmWW9IjH5DRL%2BLTLwzNLed7tXdxXwQHJPsmrCuEBFROOdwn15aWfVQ09hR4txHMPtHVJyzHYEwsdwUxBnL1S7g3Fp7F%2FyqcT8andtrtv3uBaMiIQ%3D%3D; Max-Age=31536000; Expires=Wed, 29-Nov-2023 10:33:58 GMT; Domain=a.vfgtf.com; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2

                                        
                                            GET /2d2fb929-79a5-4a1c-840d-3f370da182b6?aff_sub4=_bucket&subID1=test_bl570%3B102a5d6e12d1508e06111d6c95585f&affiliateID=170910&source=1029028a759e3098ade6364b5cfa44&subID2=75077&target=emails&Site=&Bnr=ALGO&cid=wa9slurfimqbtiqk29069d34&affsource=test_bl570 HTTP/1.1 
Host: a.vfgtc.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: cb5cb9a8-26a4-42ae-946b-aae4b3e52909-v4=frhCHNQzMoHNlu_Fdj-WLdPXS1skNXw0gnFtXJst6HY; cc-v4=VhEiLo0BmWAs9Gj60tSfQaZKxlefutvNpCr6gYx5BIPSa5hhj41SVjxESriXCtdmjqK2732mM1K3jE5eBK%2FDhxE35mJXg%2FbDpJ8R1NlOWiNzkOeqpU7SRUEEq6qScjI6HhMbPYLkU73xivps4bjcFg%3D%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers

search
                                         18.192.108.151
HTTP/2 302 Found
                                        
server: nginx
date: Tue, 29 Nov 2022 10:33:58 GMT
content-length: 0
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://s.anadm.link/170910/8373/0/?aff_sub=test_bl570%3B102a5d6e12d1508e06111d6c95585f&aff_sub2=75077&aff_sub3=wq06cubtkkesbiqki9qrbqb8&source=1029028a759e3098ade6364b5cfa44&nopop=1&bo=2753,2754,2755,2756&aff_sub5=_test_bl570
pragma: no-cache
set-cookie: 2d2fb929-79a5-4a1c-840d-3f370da182b6-v4=zJnOLp_CYgywZMC9D2B3BTGGtd4QaqY502uK0IklnAE; Max-Age=86400; Expires=Wed, 30-Nov-2022 10:33:58 GMT; Domain=a.vfgtc.com; Path=/; Secure; HttpOnly;SameSite=None cc-v4=lEvZFOiHxwf7zaaakNDYQVz9xBAkCGzBzwd4zsrIUcnl0h7luOejuilqr%2FiSlN6RXPcZYIWs95c1NynZxGrIdD3aObfm5VVZOE7qqIdJz%2FGHvvp85riEgYUtKweu3kRj0hHwfGEoITNUtTm%2BTPNN9Q%3D%3D; Max-Age=31536000; Expires=Wed, 29-Nov-2023 10:33:58 GMT; Domain=a.vfgtc.com; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         143.204.42.156
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=122137
Date: Tue, 29 Nov 2022 10:33:58 GMT
Etag: "6385081a-1d7"
Expires: Wed, 30 Nov 2022 20:29:35 GMT
Last-Modified: Mon, 28 Nov 2022 19:12:26 GMT
Server: ECS (bsa/EB11)
X-Cache: Miss from cloudfront
Via: 1.1 a2b4f68a89fc87406bff22c95fc07fba.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: ZhOqWpdZVggrggXgj0nLmz-oWV6DA86QIRjgLzz0qZ37cjHbCCf6zQ==
Age: 4629

                                        
                                            GET /170910/8373/0/?aff_sub=test_bl570%3B102a5d6e12d1508e06111d6c95585f&aff_sub2=75077&aff_sub3=wq06cubtkkesbiqki9qrbqb8&source=1029028a759e3098ade6364b5cfa44&nopop=1&bo=2753,2754,2755,2756&aff_sub5=_test_bl570 HTTP/1.1 
Host: s.anadm.link
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

search
                                         54.230.111.117
HTTP/2 303 See Other
content-type: text/html; charset=utf-8
                                        
content-length: 420
location: https://tracking.t0r4.com/click?pid=781&offer_id=1085&sub1=170910&sub2=1029028a759e3098ade6364b5cfa44&sub3=102d3379394fa8b0cbe5e652412b75&bo=2753%2C2754%2C2755%2C2756
server: nginx/1.19.0
date: Tue, 29 Nov 2022 10:33:59 GMT
set-cookie: enc_aff_session_8373=ENC032640f19f8cc8837e18cd97728795ff866c9bba14dbcd5822c9efd2817946ab545129b7ba06ad3d6f8f21ed9496ba3f265b07dc88870c2f27972fbd2ce089f264190576e1f3a01c4bf52e1d60b90d83efc54fb338803c740d90560a9fc6c11bb4958e8ae850975184fd0c3ff8103a9591679fc2da53b92a1121b87d13676ffdf33ea2c4e578da47512f8823b3f1e430293b5f37679e3ccd06df10513a4af878392b9eb93acc59cf961805371f5a4066374f275bf6472faf2c1163e0b9f18ae8fe6a3153558f5b2db1752c6ea57b613f8965e800641b111fe2ec2fefa95595e5bc344787a0; Path=/; Expires=Thu, 28 Nov 2024 10:33:59 GMT; Secure ho_mob=eyJtb2JpbGVfZGV2aWNlX29zIjoiRGVza3RvcCIsIm1vYmlsZV9kZXZpY2VfbW9kZWwiOiJGaXJlZm94IiwibW9iaWxlX2RldmljZV9icmFuZCI6Ik1vemlsbGEiLCJtb2JpbGVfYnJvd3NlciI6IkZpcmVmb3ggRGVza3RvcCIsIm1vYmlsZV9icm93c2VyX3ZlcnNpb24iOiIxMDUuMCIsIm1vYmlsZV9jYXJyaWVyIjoiPyIsInVzZXJfYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgWDY0OyBSdjoxMDUuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC8xMDUuMCIsImNvbm5lY3Rpb25fc3BlZWQiOiJicm9hZGJhbmQifQ%3D%3D; Path=/; Expires=Thu, 23 Oct 2025 21:13:59 GMT; Secure
tracking_id: 102d3379394fa8b0cbe5e652412b75
vary: Accept
strict-transport-security: max-age=15724800; includeSubDomains
x-cache: Miss from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 2QGI8ZtZfxASWL285ieiqgJ3MP2CECZTQ6r8nTDMoTorTXZFG0MTVA==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document, ASCII text, with very long lines (420), with no line terminators
Size:   420
Md5:    bde601495da9ed06661e1d735806e632
Sha1:   9716c779fa2485e1ea4d281d14f709544fa9b9b6
Sha256: 49b13c93ddf90ebfe1a1387fb43443452f5fba6a8bebd8adfa4113b81ce45163
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "39BB874A415DB37A81432942EB84151B0134D1AACAA31D364B6DADAE4388C6A1"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4769
Expires: Tue, 29 Nov 2022 11:53:28 GMT
Date: Tue, 29 Nov 2022 10:33:59 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "39BB874A415DB37A81432942EB84151B0134D1AACAA31D364B6DADAE4388C6A1"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4769
Expires: Tue, 29 Nov 2022 11:53:28 GMT
Date: Tue, 29 Nov 2022 10:33:59 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "39BB874A415DB37A81432942EB84151B0134D1AACAA31D364B6DADAE4388C6A1"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4769
Expires: Tue, 29 Nov 2022 11:53:28 GMT
Date: Tue, 29 Nov 2022 10:33:59 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffdef9eb6-c1f1-4337-aff8-0986561782c7.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9203
x-amzn-requestid: 8cba52d6-3c1c-495c-bb9d-3ba6f0adc7e1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cHcHmGmQoAMF6dQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637fa6fd-73abfa592ff223061401af9a;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 17:16:45 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: UmhWm03jrsV8dFagrzIA0E-8eL8dykoO5kw3cYOBd172dCGqNdAX-Q==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 36810aa1793ee589dc8c194860296078.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 04:05:38 GMT
age: 23301
etag: "433061bbb226048765a711deca3026ee3e52372f"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9203
Md5:    5d574c4db20a68295dbd06cb08f5990b
Sha1:   433061bbb226048765a711deca3026ee3e52372f
Sha256: 8cc1a4d18e242f8bfc8ab94637f635b73554b903462c29b06d0ec67872542afb
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1f728a04-45b0-4726-b646-628601e2ebbc.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8578
x-amzn-requestid: 4f948bb9-74db-4a5d-927d-a6b893735531
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cFxnWHq-IAMF4LQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637efc95-2f9e98ca2dad65a80e2195c2;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 05:09:41 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: X2x9_hXC0JvEktFODEMuasu3QDg4ChtTLKJOmDVasT7IIsKlxkwXCQ==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 04:24:31 GMT
age: 22168
etag: "5b1700fa9cd4f1aaafda28ac28a0e2086fa8499c"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8578
Md5:    4b7d3821d0bd11c196724846a7b9fe22
Sha1:   5b1700fa9cd4f1aaafda28ac28a0e2086fa8499c
Sha256: b4f820555c4daf6e112c1a395bc57e22f0ef8e2e4299a0ffbb54e0bf18c87f47
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffe5e6403-f1a3-4b44-a62d-0e47d56bb08e.webp HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4916
x-amzn-requestid: b8c80a6c-e3f1-4f20-beb8-27b0af760692
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cPYcrELFoAMFaeQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6382d450-155cfb365525173c0ede8adb;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 03:06:56 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Twtw6dO3pjTB9OLi0HliKKCDgCuHRqgtx4PFTczrZQ9f8JztgXZoSg==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 03:01:17 GMT
age: 27162
etag: "2e3f7326aeea6be8a34bf2c39b34862c07bfdc41"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4916
Md5:    83c1fedec73299637cc7dc47c48af758
Sha1:   2e3f7326aeea6be8a34bf2c39b34862c07bfdc41
Sha256: 1fea143e23bb0156062f4c06569824900a67ed83cb99fd635d4c4ab968dc65e9
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe059c7ce-454d-453b-aead-18fae338f84c.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4871
x-amzn-requestid: e2dfa7b8-ded7-4104-a913-1b84746a3c6f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLDUUEy_oAMFgSQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638118e8-0b229e0f60ff019d26800dd9;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 19:35:04 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 9BUuT9WFwAQMnl8JiTDKo-zHgDL0AdjAAAIh0Mx405zbGwhvRouebQ==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 12:30:42 GMT
age: 79397
etag: "d0dff35eb78f129b5da407043037bcf9c27e55c0"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4871
Md5:    a4058fd62595d15c58b3d3266de9865a
Sha1:   d0dff35eb78f129b5da407043037bcf9c27e55c0
Sha256: ab996c23d58871a2ad53f0c34688c87f0d7c0eac5d0c1d8265b86951248449fe
                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 346
ETag: "6E29DB4179D5615837F6D044F266B4D2E542A82D1718E50CCC328DFE13D941E5"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13747
Expires: Tue, 29 Nov 2022 14:23:06 GMT
Date: Tue, 29 Nov 2022 10:33:59 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1c32283b-8309-408e-85df-cad97da6bc80.png HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10176
x-amzn-requestid: 768fc69c-e91b-4dd9-8add-63634762b2d0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cMpbgEFOIAMF71A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6381bc49-21756db31c4714af0553f21b;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 07:12:09 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: jS-AS3x8V3XacXRNkU63UJjBxA6unvBer5WcxUYseR5p4eZPK64o2g==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 04:52:21 GMT
age: 20498
etag: "772d86ad983042a728ee3490630a9cf1134ad0dd"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10176
Md5:    03014221d7f49b50ffc2d1b0a0e75457
Sha1:   772d86ad983042a728ee3490630a9cf1134ad0dd
Sha256: 81fb954fa569955907952987e9d8efd1dac80e0e4a682826abf3c5d90eb31771
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd18bfa3f-3214-4f84-8a7e-d219428f5242.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10813
x-amzn-requestid: 5a3c9584-1389-45ac-968d-0a2301f82eda
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cR6_KG00oAMFpig=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6383d860-6ffc3ff67f7f7e75399834e8;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 21:36:32 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Ir-Zzqt3ErueryuLgIxlgEtX-TQwpCC1brzCCzfURhjLnuUT8m03wQ==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 08:43:30 GMT
age: 6629
etag: "238a7439d887fb3aa7f1302eeb43fce62f08441a"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10813
Md5:    005e5ba3c9588cf389a58195001b64e3
Sha1:   238a7439d887fb3aa7f1302eeb43fce62f08441a
Sha256: d75dd5b6f57d9c9290725c5be76cc7d7a39682ca569bea18eceb9bdc13d444f9
                                        
                                            GET /click?pid=781&offer_id=1085&sub1=170910&sub2=1029028a759e3098ade6364b5cfa44&sub3=102d3379394fa8b0cbe5e652412b75&bo=2753%2C2754%2C2755%2C2756 HTTP/1.1 
Host: tracking.t0r4.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

search
                                         172.67.190.127
HTTP/2 302 Found
                                        
date: Tue, 29 Nov 2022 10:33:59 GMT
content-length: 0
location: https://zzotrack.com/381f1b1b-7ced-4eef-857b-418b4c176094?pid=781&geo=NO&reff=&sub1=170910&sub2=1029028a759e3098ade6364b5cfa44&campaign=&sum=&clickid=6385e017b75fb20001648fba
x-adjust-use-original-forwarded-for: 1
set-cookie: afclick=6385e017b75fb20001648fba; expires=Wed, 29 Nov 2023 10:33:59 GMT; secure; SameSite=None afoffers={"1085":1669718039}; expires=Wed, 29 Nov 2023 10:33:59 GMT; secure; SameSite=None
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xLkoTVz3%2FZCx56RJ7BaoFq61Z4K1ye5vemvGmiCd%2BEleuDlTt%2BcNm0NCOAS6LPKYcKAf8zOdqveG82d3DxqTWMIWtmdUzluhtIyu4dOEhzF55cv05bw%2BjpuCBHmrF%2FuazrGzWg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 771ab032fd5ab506-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 346
ETag: "6E29DB4179D5615837F6D044F266B4D2E542A82D1718E50CCC328DFE13D941E5"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13747
Expires: Tue, 29 Nov 2022 14:23:06 GMT
Date: Tue, 29 Nov 2022 10:33:59 GMT
Connection: keep-alive

                                        
                                            GET /381f1b1b-7ced-4eef-857b-418b4c176094?pid=781&geo=NO&reff=&sub1=170910&sub2=1029028a759e3098ade6364b5cfa44&campaign=&sum=&clickid=6385e017b75fb20001648fba HTTP/1.1 
Host: zzotrack.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

search
                                         18.184.38.55
HTTP/2 302 Found
                                        
server: nginx
date: Tue, 29 Nov 2022 10:33:59 GMT
content-length: 0
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://v2.trckguardlnk.com/click?a=558&o=2892&sub_id1=wr41kd8qsfe7tiqkicl7nnb0&sub_id3=381f1b1b-7ced-4eef-857b-418b4c176094_781
pragma: no-cache
set-cookie: 381f1b1b-7ced-4eef-857b-418b4c176094-v4=pGrJkIAsTbG6B2-umbwnCLTwGI0njxL3lXA0CbBCw24; Max-Age=86400; Expires=Wed, 30-Nov-2022 10:33:59 GMT; Domain=zzotrack.com; Path=/; Secure; HttpOnly;SameSite=None cc-v4=j%2FjtYMN3YdPBmt4cyHQTP%2BOmmdBN8OPVlr7YnvWWHF0Oxdboq4QwA7Tg05pKXKxuhvWBNIGDnevemA0gn0CGn57lxzlhKcJpAzyeQcn9utS3%2BF%2BK6LbwI4Rko8Tc2N2AqUw7d5rapalrBp3VTbFBJQ%3D%3D; Max-Age=31536000; Expires=Wed, 29-Nov-2023 10:33:59 GMT; Domain=zzotrack.com; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: ocsp.r2m01.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         54.230.80.227
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=89955
Date: Tue, 29 Nov 2022 10:33:59 GMT
Etag: "638486d3-1d7"
Expires: Wed, 30 Nov 2022 11:33:14 GMT
Last-Modified: Mon, 28 Nov 2022 10:00:51 GMT
Server: ECS (nyb/1D13)
X-Cache: Miss from cloudfront
Via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: W5eyZT5GiWKpFAtgM5xwOOiL2_02v1TK8tnlhzV1vGCkbPHpNtM2UQ==
Age: 5543

                                        
                                            GET /favicon.ico HTTP/1.1 
Host: v2.trckguardlnk.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: U-6fe131632103526e3a6e8114c78eb1e1=unique; U-13111c20aee51aeb480ecbd988cd8cc9=unique; o_13111c20aee51aeb480ecbd988cd8cc9=c2ed9993-7611-40d9-8afa-8d0d02121600
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         18.194.62.185
HTTP/2 200 OK
content-type: image/x-icon
                                        
date: Tue, 29 Nov 2022 10:34:00 GMT
content-length: 318
server: nginx/1.20.0
last-modified: Tue, 04 May 2021 06:35:26 GMT
etag: "6090eb2e-13e"
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  MS Windows icon resource - 1 icon, 16x16, 16 colors, 4 bits/pixel\012- data
Size:   318
Md5:    a976d227e5d1dcf62f5f7e623211dd1b
Sha1:   a2a9dc1abdd3d888484678663928cb024c359ee6
Sha256: 66332859bd8e3441a019e073a318b62a47014ba244121301034b510dc7532271

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /smartlink/?a=89072&sm=9474&mt=2&s1=381f1b1b-7ced-4eef-857b-418b4c176094_781&s2=7abacc83077afbd442f241098bb5828f&s3=558 HTTP/1.1 
Host: smartsecuredt.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         45.141.159.22
HTTP/1.1 200 OK
Content-Type: text/html;charset=utf-8
                                        
Server: nginx
Date: Tue, 29 Nov 2022 10:34:00 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding, Accept-Encoding
Set-Cookie: gdm_suid_v1_1_001=HPfHs3OFxkaNOwO68jCjbQ==; Domain=.smartsecuredt.com; Expires=Mon, 27-Feb-2023 10:34:00 GMT; Path=/ gdm_suid_v2_1_001=HPfHs3OFxkaNOwO68jCjbQ==; Domain=.smartsecuredt.com; Expires=Mon, 27-Feb-2023 10:34:00 GMT; Path=/; Secure; SameSite=None gdm_visit_freq_v2_1_001=gJLhXJbXqrGXm/hn4dYEDV+qNYK03T0VZ0nfCnRazJSthttyUuhh0xNGOAPn5BdX; Domain=.smartsecuredt.com; Expires=Mon, 27-Feb-2023 10:34:00 GMT; Path=/; Secure; SameSite=None gdm_uid_v2_1_001=j36lT52R+eaXvT0jASPvlVz7ZUeRgCR9E3weM3rWcXE78EPRAF37KV4Fmtp4WUea; Domain=.smartsecuredt.com; Expires=Mon, 27-Feb-2023 10:34:00 GMT; Path=/; Secure; SameSite=None gdm_visit_freq_v1_1_001=gJLhXJbXqrGXm/hn4dYEDV+qNYK03T0VZ0nfCnRazJSthttyUuhh0xNGOAPn5BdX; Domain=.smartsecuredt.com; Expires=Mon, 27-Feb-2023 10:34:00 GMT; Path=/ v_seg_freq_v1_1_001=yVtRd63XvId1wk9xIzRh5Z5avtcz/W9vAHrT4p/P8qw=; Domain=.smartsecuredt.com; Expires=Mon, 27-Feb-2023 10:34:00 GMT; Path=/ v_seg_freq_v2_1_001=yVtRd63XvId1wk9xIzRh5Z5avtcz/W9vAHrT4p/P8qw=; Domain=.smartsecuredt.com; Expires=Mon, 27-Feb-2023 10:34:00 GMT; Path=/; Secure; SameSite=None gdm_uid_v1_1_001=j36lT52R+eaXvT0jASPvlVz7ZUeRgCR9E3weM3rWcXE78EPRAF37KV4Fmtp4WUea; Domain=.smartsecuredt.com; Expires=Mon, 27-Feb-2023 10:34:00 GMT; Path=/
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Expires: Sat, 1 May 2020 12:00:00 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Allow-Headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,X-Auth,Pasha-Jlob
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (596), with CRLF line terminators
Size:   2178
Md5:    6681967e2ffecb55f8532e64a4305ca3
Sha1:   49588ed8f494cc98feacc07f81bb37a4a596c348
Sha256: 1c53c4a5019414bc7dba6296dd3f0483f783b5fe6349a7cf1cd868ee39ea7eca
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C266575B4A9441198599F3056CE792E3EEA9CC40925E092B790C408C687ECAF9"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12116
Expires: Tue, 29 Nov 2022 13:55:57 GMT
Date: Tue, 29 Nov 2022 10:34:01 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C266575B4A9441198599F3056CE792E3EEA9CC40925E092B790C408C687ECAF9"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12116
Expires: Tue, 29 Nov 2022 13:55:57 GMT
Date: Tue, 29 Nov 2022 10:34:01 GMT
Connection: keep-alive

                                        
                                            GET /prod/push-subscriber.js HTTP/1.1 
Host: cdn.smrt-assets.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://smartsecuredt.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         23.36.76.163
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Last-Modified: Tue, 29 Mar 2022 15:19:51 GMT
ETag: "6b5bccad39f7057909ad0660f33cc2fa"
Accept-Ranges: bytes
Server: AmazonS3
X-Amz-Cf-Pop: JFK51-C1
X-Amz-Cf-Id: 35kqMJuJ1u5RjAKtxbnFwd5U4zZZCXGXjyOLiAvqNh6C3w79fp8VLA==
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Tue, 29 Nov 2022 10:34:01 GMT
Content-Length: 4395
Connection: keep-alive


--- Additional Info ---
Magic:  ASCII text
Size:   4395
Md5:    d87a44d0aa0b54e75b2eb54c76bcf152
Sha1:   f765110fd22c73d181d9a2ea1b20de424b3d9e35
Sha256: 6ec5fc6e201f4cf0ba2754f2510363cad0ea29076f9775cc25a06ff71763c0f7
                                        
                                            GET /assets/1387/js/backoffer.js HTTP/1.1 
Host: cdn.smrt-assets.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://smartsecuredt.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         23.36.76.163
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Content-Length: 660
Last-Modified: Thu, 06 May 2021 12:38:04 GMT
ETag: "e7e1dc07852a36f89e4be03aa3787316"
Accept-Ranges: bytes
Server: AmazonS3
X-Amz-Cf-Pop: IAD89-P2
X-Amz-Cf-Id: wMlw0DS_2cpDlmt-hXkUlzPF3cZyUBp0ipiQ_g-kkKca6KpQvvKboA==
Date: Tue, 29 Nov 2022 10:34:01 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   660
Md5:    e7e1dc07852a36f89e4be03aa3787316
Sha1:   0dc3f8e7eb943af093cf8f4600fcf0e421891025
Sha256: 33b8a5c4f883a3a775162d3c5287fe94bc4b22a86fe8b52fcb5aa615d2ffe388
                                        
                                            GET /prod/push-lang-config.js HTTP/1.1 
Host: cdn.smrt-assets.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://smartsecuredt.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         23.36.76.163
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Last-Modified: Tue, 15 Feb 2022 10:45:43 GMT
ETag: "7152525f63649929a736f6efb78b58a5"
x-amz-meta-s3cmd-attrs: atime:1644921890/ctime:1644921887/gid:20/gname:staff/md5:7152525f63649929a736f6efb78b58a5/mode:33188/mtime:1644921887/uid:501/uname:nimspy
Accept-Ranges: bytes
Server: AmazonS3
X-Amz-Cf-Pop: EWR53-C1
X-Amz-Cf-Id: PlzHg_kpLQKC63Gp9E61K1OBX5ibTIl975NYZyc2dmovD1t05XIN0Q==
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Tue, 29 Nov 2022 10:34:01 GMT
Content-Length: 2366
Connection: keep-alive


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (7658), with no line terminators
Size:   2366
Md5:    86caa25373c28e4a962df5e15f4c160f
Sha1:   7a992cdd21a4074c155ccc7016e7cf836a66dd85
Sha256: fed4670767cf365c92e940800655239d096bd34d8bf6d2bad114b734fa754c11
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 29 Nov 2022 10:34:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 29 Nov 2022 10:34:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /firebasejs/5.0.2/firebase-app.js HTTP/1.1 
Host: www.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://smartsecuredt.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.163
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
                                        
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 8604
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 18:32:45 GMT
expires: Thu, 23 Nov 2023 18:32:45 GMT
cache-control: public, max-age=31536000
age: 489676
last-modified: Thu, 10 May 2018 20:35:51 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (25088)
Size:   8604
Md5:    73069e532b7039778d3a7128c997c61a
Sha1:   c523bbf1ac7f4e612c8ade75434c42fbca885adc
Sha256: b6d7aec09aad2bb78dfbad4c9530fd03c0f33aed8385c3ee57c10b1fe959c4d5
                                        
                                            GET /firebasejs/5.0.2/firebase-messaging.js HTTP/1.1 
Host: www.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://smartsecuredt.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.163
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
                                        
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 10017
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 28 Nov 2022 18:29:53 GMT
expires: Tue, 28 Nov 2023 18:29:53 GMT
cache-control: public, max-age=31536000
age: 57848
last-modified: Thu, 10 May 2018 20:35:52 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (35547)
Size:   10017
Md5:    fa9987a23f5a9d865766e952511baa30
Sha1:   f2e620b99ee61a01671ba6a9e22ca75d58a1b52d
Sha256: 655daa1e20bf3aff16bc8462339dfea48c7ea5d3dd3505937015af3586d15fb7
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 29 Nov 2022 10:34:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         143.204.42.156
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Tue, 29 Nov 2022 10:34:01 GMT
Etag: "63854e7f-1d7"
Last-Modified: Tue, 29 Nov 2022 09:51:35 GMT
Server: ECS (dcb/7EA3)
X-Cache: Miss from cloudfront
Via: 1.1 a2b4f68a89fc87406bff22c95fc07fba.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: seymcy4ZRfrJX6I4aHSmtoypqSkpTDxDwmAvxirCBH9x8omSp2EYLg==
Age: 2546

                                        
                                            GET /assets/1715/js/multilang_mainstream.js HTTP/1.1 
Host: cdn.smrt-assets.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://smartsecuredt.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         23.36.76.163
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Last-Modified: Thu, 17 Feb 2022 08:14:37 GMT
ETag: "f1fb789c5c071c9966d3cb8bf1baac0d"
Accept-Ranges: bytes
Server: AmazonS3
X-Amz-Cf-Pop: JFK51-C1
X-Amz-Cf-Id: MTIf65nu8x-cYuZ-_RII66AWkUSmZq7KlmwO0OqQMK1NDrCTxtp1uQ==
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Tue, 29 Nov 2022 10:34:01 GMT
Content-Length: 7123
Connection: keep-alive


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with CRLF line terminators
Size:   7123
Md5:    f0c55af7d197e26dabfcca6af2f42b30
Sha1:   c5a51d34eba901def44a1c1cb0c9d7e01741e017
Sha256: cd2dcd1087571759f1d08a2b8a91d1a1be407660b8118af719b2267d452da968
                                        
                                            GET /assets/1826/css/main2.css HTTP/1.1 
Host: cdn.smrt-assets.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://smartsecuredt.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         23.36.76.163
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Last-Modified: Thu, 26 May 2022 06:48:09 GMT
ETag: "a26aa1416011e2478b09f1dbca335786"
Accept-Ranges: bytes
Server: AmazonS3
X-Amz-Cf-Pop: PHL50-C1
X-Amz-Cf-Id: cSiX7grQKVSSeSNQu1b_mBWTagfvjS_o0Pte5W2KZ8X9CAblEJbw9w==
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Tue, 29 Nov 2022 10:34:01 GMT
Content-Length: 2357
Connection: keep-alive


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   2357
Md5:    2525b5ff65e50f91fcbad849ae64baf5
Sha1:   7b1dc18637510e75cf52051d00ee414789d6e738
Sha256: b9e06f32c57ec1258195bb11e1acb317f622eb3adcc01fc728f1a5b7b5eb1724
                                        
                                            GET /assets/1715/js/jquery.min.js HTTP/1.1 
Host: cdn.smrt-assets.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://smartsecuredt.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         23.36.76.163
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Last-Modified: Mon, 06 Sep 2021 11:04:18 GMT
ETag: "2f6b11a7e914718e0290410e85366fe9"
Accept-Ranges: bytes
Server: AmazonS3
X-Amz-Cf-Pop: EWR53-P1
X-Amz-Cf-Id: m2VW3HEU9AK_BYFH1jcHAGcEumFdVTnesI4iSYUK79VeSwey5Hzzmg==
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Tue, 29 Nov 2022 10:34:01 GMT
Content-Length: 29855
Connection: keep-alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (32065)
Size:   29855
Md5:    2fa28552f1ee4e1382ee43930b53afb8
Sha1:   803670da6a35378bf4eb73acc8e72fe4feb5ca30
Sha256: ecfddf7d1e798dd2778c071bea24c70b650ef990fc09793fce25f2f094b35494
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 29 Nov 2022 10:34:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 29 Nov 2022 10:34:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://smartsecuredt.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         216.58.207.195
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 30928
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 24 Nov 2022 16:40:18 GMT
expires: Fri, 24 Nov 2023 16:40:18 GMT
cache-control: public, max-age=31536000
age: 410023
last-modified: Mon, 11 Jul 2022 18:57:39 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 30928, version 1.0\012- data
Size:   30928
Md5:    ac0d2859ea5f8fd6bcb3c305c08ec184
Sha1:   7f6c17e3e592cd8bd346b9cc261d8dd961b8aef7
Sha256: ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 29 Nov 2022 10:34:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /css?family=Montserrat:400,500,600,700&display=swap HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.smrt-assets.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.10
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 29 Nov 2022 10:34:01 GMT
date: Tue, 29 Nov 2022 10:34:01 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   47882
Md5:    9cf8db57f98196e98766fc46e361040f
Sha1:   ebded7a2c80add98f7098834961caa1a0de1282e
Sha256: 4b0689e07e0b23e93c74c185f9288f0b826bc92779d8755a80184bea1779c00b
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 29 Nov 2022 10:34:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /assets/1826/images/3.jpg HTTP/1.1 
Host: cdn.smrt-assets.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.smrt-assets.com/assets/1826/css/main2.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         23.36.76.163
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Content-Length: 90331
Last-Modified: Mon, 18 Oct 2021 09:17:50 GMT
ETag: "c3b69fe3f6f6e2f79864e9bf3483cd65"
Accept-Ranges: bytes
Server: AmazonS3
X-Amz-Cf-Pop: EWR53-C1
X-Amz-Cf-Id: mQkEz8o0QxYrQgVXjxb0JGT3amBz5icDBrFm5asXCO9YrMDPZI4RJA==
Date: Tue, 29 Nov 2022 10:34:01 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 700x1000, components 3\012- data
Size:   90331
Md5:    c3b69fe3f6f6e2f79864e9bf3483cd65
Sha1:   75dd34acf147317ab3bb7c53707f971b65782eea
Sha256: 18fcb7fb1edb0bc7b504ccb1c7f181025f2709e81446056bd4644069c2745d3f
                                        
                                            GET /api/v1/retargeting/set/3f949dfe-3372-4caa-baf0-047f88323cfa?pageviewe={pageviewe}&lead={lead} HTTP/1.1 
Host: tsyndicate.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://smartsecuredt.com/

search
                                         136.243.130.121
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
                                        
Server: nginx
Date: Tue, 29 Nov 2022 10:34:01 GMT
Content-Length: 35
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: *
X-Api-Version: 1
X-Request-Id: 7c90a9d048e863a8
Set-Cookie: ts_rt_3f949dfe-3372-4caa-baf0-047f88323cfa=ANmUCUOmR4kbQgQSPEjEBJwwZ8rYSVPmThmDCB9GnFixDMOA; expires=Wed, 29 Nov 2023 10:34:01 GMT; path=/; HttpOnly; secure; SameSite=None
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   35
Md5:    c2196de8ba412c60c22ab491af7b1409
Sha1:   5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
Sha256: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
                                        
                                            GET /assets/1373/other/favicon.ico HTTP/1.1 
Host: cdn.smrt-assets.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://smartsecuredt.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         23.36.76.163
HTTP/1.1 200 OK
Content-Type: image/x-icon
                                        
Content-Length: 1150
Last-Modified: Wed, 28 Apr 2021 11:28:55 GMT
ETag: "38722a803b73dd1871a3d8a19db44d2f"
Accept-Ranges: bytes
Server: AmazonS3
X-Amz-Cf-Pop: IAD66-C1
X-Amz-Cf-Id: JbGE-qPp-rz1sjNie-YOUT5WYN1nceHRFWqeEDCyU1T8VI4fT_WTxA==
Date: Tue, 29 Nov 2022 10:34:01 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Size:   1150
Md5:    38722a803b73dd1871a3d8a19db44d2f
Sha1:   3379960a2c6611bfefcb39e662198d6df322e12d
Sha256: 314dc8584b1a7c7d66a5882b6d153c53ceae37d7137df7b67ddd9735187f2c97
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         143.204.42.156
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=146099
Date: Tue, 29 Nov 2022 10:34:01 GMT
Etag: "63855f52-1d7"
Expires: Thu, 01 Dec 2022 03:09:00 GMT
Last-Modified: Tue, 29 Nov 2022 01:24:34 GMT
Server: ECS (dcb/7EEB)
X-Cache: Miss from cloudfront
Via: 1.1 a2b4f68a89fc87406bff22c95fc07fba.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: cbw6of1-FphD58n_oyLEbAv9gBbUWVPnit4v437gdAhM0RZM8TZzyw==
Age: 6266

                                        
                                            GET /js/mp.min.js HTTP/1.1 
Host: static.trafficjunky.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://smartsecuredt.com/

search
                                         205.185.208.79
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Tue, 29 Nov 2022 10:34:01 GMT
Connection: Keep-Alive
ETag: "1652721327"
Cache-Control: max-age=31536000
Content-Encoding: gzip
Content-Length: 3628
Last-Modified: Mon, 16 May 2022 17:15:27 GMT
Accept-Ranges: bytes
X-HW: 1669718041.dop022.sk1.t,1669718041.cds003.sk1.c
Access-Control-Allow-Origin: *


--- Additional Info ---
Magic:  ASCII text, with very long lines (10690), with no line terminators
Size:   3628
Md5:    044c370813dc1ea880f32a5be81384e7
Sha1:   53b0733cfc26f2bc7e83d1da0c087d5513fcf548
Sha256: 2acb7fa7d04e9c94971b02b9f67140f2bcc9fb51ee361096c735e7f81518c94c
                                        
                                            GET /analytics.js HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://smartsecuredt.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.174
HTTP/2 200 OK
content-type: text/javascript
                                        
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Tue, 29 Nov 2022 08:41:08 GMT
expires: Tue, 29 Nov 2022 10:41:08 GMT
cache-control: public, max-age=7200
age: 6773
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1325)
Size:   20039
Md5:    47e6f374ca946fddd5b59871b325736c
Sha1:   baa9282efc8785e84d247c3bff518eaa45f101c4
Sha256: 16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
                                        
                                            POST /j/collect?v=1&_v=j98&a=969797699&t=pageview&_s=1&dl=http%3A%2F%2Fsmartsecuredt.com%2Fsmartlink%2F%3Fa%3D89072%26sm%3D9474%26mt%3D2%26s1%3D381f1b1b-7ced-4eef-857b-418b4c176094_781%26s2%3D7abacc83077afbd442f241098bb5828f%26s3%3D558&ul=en-us&de=UTF-8&dt=Best%20dating%20worldwide%20%3C3&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=YADAAEABAAAAACAAI~&jid=1964107336&gjid=1062752887&cid=784137719.1669718041&tid=UA-179148962-2&_gid=6667465.1669718041&_r=1&gtm=2wgb90TR8VQRX&z=712410204 HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: http://smartsecuredt.com
Connection: keep-alive
Referer: http://smartsecuredt.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         142.250.74.174
HTTP/2 200 OK
content-type: text/plain
                                        
access-control-allow-origin: http://smartsecuredt.com
date: Tue, 29 Nov 2022 10:34:01 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   2
Md5:    cc7a1e792bca8ccb1946b7a07f6dbc03
Sha1:   11a2757082428311f587b7664fa9840376137f80
Sha256: de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
                                        
                                            GET /user-segments/?pid=TH HTTP/1.1 
Host: statisticresearch.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://smartsecuredt.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         52.204.249.38
HTTP/2 200 OK
                                        
date: Tue, 29 Nov 2022 10:34:01 GMT
server: nginx
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   64
Md5:    2ba723d5370eb4a09c427fe9f149825d
Sha1:   5053eee8cda1f801c07ea3eb9ecba80a13a42e5a
Sha256: fae4db7186c6f80b3f4c76e8424f7826d649d090e1c35e94c445a88f1bc6f657
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 29 Nov 2022 10:34:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-179148962-2&cid=784137719.1669718041&jid=1964107336&gjid=1062752887&_gid=6667465.1669718041&_u=YADAAEAAAAAAACAAI~&z=616569088 HTTP/1.1 
Host: stats.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: http://smartsecuredt.com
Connection: keep-alive
Referer: http://smartsecuredt.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         142.251.1.154
HTTP/2 200 OK
content-type: text/plain
                                        
access-control-allow-origin: http://smartsecuredt.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Tue, 29 Nov 2022 10:34:01 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  very short file (no magic)
Size:   1
Md5:    c4ca4238a0b923820dcc509a6f75849b
Sha1:   356a192b7913b04c54574d18c28d46e6395428ab
Sha256: 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 29 Nov 2022 10:34:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /g/collect?v=2&tid=G-C3EPRPS8FB&gtm=2oeb90&_p=969797699&cid=784137719.1669718041&ul=en-us&sr=1280x1024&_s=1&sid=1669718040&sct=1&seg=0&dl=http%3A%2F%2Fsmartsecuredt.com%2Fsmartlink%2F%3Fa%3D89072%26sm%3D9474%26mt%3D2%26s1%3D381f1b1b-7ced-4eef-857b-418b4c176094_781%26s2%3D7abacc83077afbd442f241098bb5828f%26s3%3D558&dt=Best%20dating%20worldwide%20%3C3&en=page_view&_fv=1&_nsi=1&_ss=1 HTTP/1.1 
Host: region1.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://smartsecuredt.com
Connection: keep-alive
Referer: http://smartsecuredt.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

search
                                         216.239.34.36
HTTP/2 204 No Content
content-type: text/plain
                                        
access-control-allow-origin: http://smartsecuredt.com
date: Tue, 29 Nov 2022 10:34:02 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4329da24-0de7-409f-87fa-68fd5668aa29.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 11082
x-amzn-requestid: f7a38cfd-874a-47fd-97cd-234459ce7868
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cR8IxEKzIAMFiYg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6383da37-10cbaa3f0be7f1112fd4192e;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 21:44:23 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: kABujFR_j7Zqp_rHqylVBtl1bDxofMkesq6G6EcE7NBRh2Hz8TnLXg==
via: 1.1 1f6e68152880a39d72e6bf2996cd6a60.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 08:07:35 GMT
age: 8791
etag: "796020fb42c93fde996945b41173e5191d98fc90"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   11082
Md5:    30820a2f1a026d67a31e7598773f9a04
Sha1:   796020fb42c93fde996945b41173e5191d98fc90
Sha256: 5da3e0535e72165a1aee6a7ac4ab290ac1ee77878019e8123ed5567ba6768732
                                        
                                            GET /click?a=558&o=2892&sub_id1=wr41kd8qsfe7tiqkicl7nnb0&sub_id3=381f1b1b-7ced-4eef-857b-418b4c176094_781 HTTP/1.1 
Host: v2.trckguardlnk.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

search
                                         18.194.62.185
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
                                        
date: Tue, 29 Nov 2022 10:34:00 GMT
location: https://v2.trckguardlnk.com/click?a=558&sub_id1=wr41kd8qsfe7tiqkicl7nnb0&sub_id3=381f1b1b-7ced-4eef-857b-418b4c176094_781&o=2219
server: nginx/1.20.0
x-powered-by: PHP/7.4.21
set-cookie: U-6fe131632103526e3a6e8114c78eb1e1=unique; expires=Thu, 29-Dec-2022 10:34:00 GMT; Max-Age=2592000; path=/; secure; SameSite=None
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - quad9: Sinkholed