re3f482.qc.wy5532.com/
185.107.56.199200 OK 482 B IP 185.107.56.199:0
ASN #43350 NForce Entertainment B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (482), with no line terminators
Hash dc21cda3b72e845d2656019062274621
0f967556b89b371d14489f6977963808ed52ad2a
3855f546dd124219eca611762c832f1327e13c672fae16a60e1e2ae71d38a486
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: re3f482.qc.wy5532.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 482
content-type: text/html; charset=utf-8
date: Mon, 05 Dec 2022 14:27:28 GMT
server: nginx
set-cookie: sid=f20f1fd2-74a8-11ed-ad32-aedb458d0b37; path=/; domain=.wy5532.com; expires=Sat, 23 Dec 2090 17:41:35 GMT; max-age=2147483647; HttpOnly
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash cfec3d7283a9b66d2be426ce54d210f3
808c1feb1ba918951d1928c1f6bfc0c253262774
1bad6c06aa3e88dcbc125fc98a6cb753eb2b18d2c8dd61da21d12209aeeda3f9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1BAD6C06AA3E88DCBC125FC98A6CB753EB2B18D2C8DD61DA21D12209AEEDA3F9"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9817
Expires: Mon, 05 Dec 2022 17:11:05 GMT
Date: Mon, 05 Dec 2022 14:27:28 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash ee088fab9b287e174cfd1f2c735a909f
25c3335b514a36ad1a24d00413d60c3d394f5161
494e96358ff12366213d7cc0f9197648c6c62ec14fa0d2c78732a683fa26b192
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6327
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 14:27:28 GMT
Etag: "638dc877-1d7"
Last-Modified: Mon, 05 Dec 2022 12:42:01 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1ea206ac3c440825741687351f8c6e4e
2f38dafd8c43dcce2411a0590bc5c02cd6286735
7d7232c8c91bcd18161ba2c9d23e3bff159604e058bd5b3fc1c7fcbcd03a7ee3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D7232C8C91BCD18161BA2C9D23E3BFF159604E058BD5B3FC1C7FCBCD03A7EE3"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8941
Expires: Mon, 05 Dec 2022 16:56:29 GMT
Date: Mon, 05 Dec 2022 14:27:28 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 05 Dec 2022 14:18:29 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 539
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 7MxuSzIzaUtTnPlCjVHGsKVLCZkf6u7RhXa8i9pUIlCLdqh1ku4olKC2WsmSf1Idnp3pYMvbCcFFG3dFzlCSHg==
x-amz-request-id: 1Q5C00YTK277W1QT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 05 Dec 2022 13:47:26 GMT
age: 2402
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 14:27:28 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
re3f482.qc.wy5532.com/favicon.ico
185.107.56.199404 Not Found 9 B URL HTTP/1.1 re3f482.qc.wy5532.com/favicon.ico
IP 185.107.56.199:0
ASN #43350 NForce Entertainment B.V.
File type ASCII text, with no line terminators
Hash d8f4a1993546cc4b850cde3599e27aec
094b763b4cfcc0b05e5d040581cd513c3ca08067
907ba78b4545338d3539683e63ecb51cf51c10adc9dabd86e92bd52339f298b9
GET /favicon.ico HTTP/1.1
Host: re3f482.qc.wy5532.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://re3f482.qc.wy5532.com/
Cookie: sid=f20f1fd2-74a8-11ed-ad32-aedb458d0b37
HTTP/1.1 404 Not Found
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 9
date: Mon, 05 Dec 2022 14:27:28 GMT
server: nginx
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Pragma, Last-Modified, ETag, Alert, Expires, Retry-After, Cache-Control, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 05 Dec 2022 14:08:58 GMT
cache-control: public,max-age=3600
age: 1111
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 2b9d6a686aa3c4ea24568425e43a5221
d53bb4c9579bd1db78a0520619e888aec79f750f
c38734a8dbe51217d73896c0bf7f5c38c107fd79e0dee24b717f130377e9b5f7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6308
Cache-Control: max-age=159871
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 14:27:29 GMT
Etag: "638db4ac-1d7"
Expires: Wed, 07 Dec 2022 10:52:00 GMT
Last-Modified: Mon, 05 Dec 2022 09:06:52 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471
re3f482.qc.wy5532.com/?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY3MDI1NzY0OCwiaWF0IjoxNjcwMjUwNDQ4LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIyc211bnJuZnQ3ZWdjbmhqa2cwNjVub3EiLCJuYmYiOjE2NzAyNTA0NDgsInRzIjoxNjcwMjUwNDQ4Mjg0MDk3fQ.x4lCBVawJiN2TQLlZeghdqrDWhbMi1bnYAoWwjwTjcw&sid=f20f1fd2-74a8-11ed-ad32-aedb458d0b37
185.107.56.199302 Found 11 B URL HTTP/1.1 re3f482.qc.wy5532.com/?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY3MDI1NzY0OCwiaWF0IjoxNjcwMjUwNDQ4LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIyc211bnJuZnQ3ZWdjbmhqa2cwNjVub3EiLCJuYmYiOjE2NzAyNTA0NDgsInRzIjoxNjcwMjUwNDQ4Mjg0MDk3fQ.x4lCBVawJiN2TQLlZeghdqrDWhbMi1bnYAoWwjwTjcw&sid=f20f1fd2-74a8-11ed-ad32-aedb458d0b37
IP 185.107.56.199:0
ASN #43350 NForce Entertainment B.V.
File type ASCII text, with no line terminators
Hash 32682312d17c7cbf18e73594f5570319
60e22121bdd0bc71cdb2bae2a3aa577006b2eae9
e55fb1a1d731153e943b68844af12dcce8bfac917c98ffdea64c80da0607dd47
GET /?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY3MDI1NzY0OCwiaWF0IjoxNjcwMjUwNDQ4LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIyc211bnJuZnQ3ZWdjbmhqa2cwNjVub3EiLCJuYmYiOjE2NzAyNTA0NDgsInRzIjoxNjcwMjUwNDQ4Mjg0MDk3fQ.x4lCBVawJiN2TQLlZeghdqrDWhbMi1bnYAoWwjwTjcw&sid=f20f1fd2-74a8-11ed-ad32-aedb458d0b37 HTTP/1.1
Host: re3f482.qc.wy5532.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://re3f482.qc.wy5532.com/
Cookie: sid=f20f1fd2-74a8-11ed-ad32-aedb458d0b37
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 11
date: Mon, 05 Dec 2022 14:27:29 GMT
location: http://btpnative.com/click?data=WDFLUHNLT2t1ZTNmN29fUE1Ca1FaRm9iWFZEU01yT3BDSDl3QWp1MnVWMFNBdjEwbk1CWVJQZlkzMjEtMHNWU0hmY0ItYnJ0TXY5WEI3cXQzaTZqQXB1TEhQSDFtZ2VyMkhZVFVpOU1oYjZ3c09Rd0I2T2N6M2poSlU1MFJxcm05bFFiTXVlZVF6Z2I3Ry12eHJ5TTd3Mg2&id=03b946a3-0aee-4473-bd2b-513fddd1a962
server: nginx
set-cookie: sid=f20f1fd2-74a8-11ed-ad32-aedb458d0b37; path=/; domain=.wy5532.com; expires=Sat, 23 Dec 2090 17:41:36 GMT; max-age=2147483647; HttpOnly
push.services.mozilla.com/
52.41.252.32101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.41.252.32:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 0k87ADmq1iKf/2RdTcFOGA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: xNbv1fHTZXK1Nm/cJIu7tME8x2I=
btpnative.com/click?data=WDFLUHNLT2t1ZTNmN29fUE1Ca1FaRm9iWFZEU01yT3BDSDl3QWp1MnVWMFNBdjEwbk1CWVJQZlkzMjEtMHNWU0hmY0ItYnJ0TXY5WEI3cXQzaTZqQXB1TEhQSDFtZ2VyMkhZVFVpOU1oYjZ3c09Rd0I2T2N6M2poSlU1MFJxcm05bFFiTXVlZVF6Z2I3Ry12eHJ5TTd3Mg2&id=03b946a3-0aee-4473-bd2b-513fddd1a962
192.99.158.241200 OK 5.4 kB URL HTTP/1.1 btpnative.com/click?data=WDFLUHNLT2t1ZTNmN29fUE1Ca1FaRm9iWFZEU01yT3BDSDl3QWp1MnVWMFNBdjEwbk1CWVJQZlkzMjEtMHNWU0hmY0ItYnJ0TXY5WEI3cXQzaTZqQXB1TEhQSDFtZ2VyMkhZVFVpOU1oYjZ3c09Rd0I2T2N6M2poSlU1MFJxcm05bFFiTXVlZVF6Z2I3Ry12eHJ5TTd3Mg2&id=03b946a3-0aee-4473-bd2b-513fddd1a962
IP 192.99.158.241:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (320), with CRLF line terminators
Hash d26d8f8d2da0297301872225c16d48eb
4810412c8d1c076788fbf6f6d638cbe6ba1c050a
40adca4390b8aaf6e4005780f6190ddfccd16a17e79e591d338ed2c3f82905d0
GET /click?data=WDFLUHNLT2t1ZTNmN29fUE1Ca1FaRm9iWFZEU01yT3BDSDl3QWp1MnVWMFNBdjEwbk1CWVJQZlkzMjEtMHNWU0hmY0ItYnJ0TXY5WEI3cXQzaTZqQXB1TEhQSDFtZ2VyMkhZVFVpOU1oYjZ3c09Rd0I2T2N6M2poSlU1MFJxcm05bFFiTXVlZVF6Z2I3Ry12eHJ5TTd3Mg2&id=03b946a3-0aee-4473-bd2b-513fddd1a962 HTTP/1.1
Host: btpnative.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://re3f482.qc.wy5532.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/10.0
X-AspNetMvc-Version: 5.2
X-AspNet-Version: 4.0.30319
Set-Cookie: JTVKiUbFQhezOUQ=JTVKiUbFQhezOUQ; path=/
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type
Date: Mon, 05 Dec 2022 14:27:29 GMT
Content-Length: 5412
btpnative.com/Redirect/
192.99.158.241302 Found 1.5 kB IP 192.99.158.241:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (1427), with CRLF line terminators
Hash 0cbfc7437f41682dbd93f075dc43313d
64e267f84a43fcdf6efaaa638b7fed05f68f585b
ad308e195e55b71c774a95f35df627c373379e1d7c5b0eabb80165bad85c6098
POST /Redirect/ HTTP/1.1
Host: btpnative.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 329
Origin: http://btpnative.com
Connection: keep-alive
Referer: http://btpnative.com/click?data=WDFLUHNLT2t1ZTNmN29fUE1Ca1FaRm9iWFZEU01yT3BDSDl3QWp1MnVWMFNBdjEwbk1CWVJQZlkzMjEtMHNWU0hmY0ItYnJ0TXY5WEI3cXQzaTZqQXB1TEhQSDFtZ2VyMkhZVFVpOU1oYjZ3c09Rd0I2T2N6M2poSlU1MFJxcm05bFFiTXVlZVF6Z2I3Ry12eHJ5TTd3Mg2&id=03b946a3-0aee-4473-bd2b-513fddd1a962
Cookie: JTVKiUbFQhezOUQ=JTVKiUbFQhezOUQ
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: https://mybettermb.com/aS/feedclick?s=HFz5zNIIs95ROWPasgEEzxpRTG9mCZxJfSMU3tyux_woPqiJVE9nxxwSB56cKSkXT2CTCm3P5TxbC7U30TJp2YOe9KpoUqG_KP9rM2-MnaYmDyfaZRNJu7CyP0WpYsxEJnFYxcsUig_ZjafmTRh4cHzsOTmPHHzVVhTaMWwinq7RGLacBI37lcvFlWEJ6AJqNXCmYCGlL8ySeEceI--DMnQf4m3kj471CL_p296zBYDqjKFd1t7GGjoWauJ0KmZKjqyI4xEVr87DR7FmpYlfDeLpFS7FxIncYfWc_LWSPY7F1fsWYFPafshoKGRslf0NddKsi7pJcNige8ZUo82FnH3oRPL0t3ZZh3LdaFNXKEb6XgTzXwJbO0SZ_K0jAJwPHlqJL7OlybGUtt83Iq61VSMc3By7sz9GScpP_fWLq7tBoB9Dw8gFxErB4brbvJDdyL_6VdcGTbBc9mDh07MfMxNOHabJunt0w1xnX8uc40BsPFiJ2XLUVWjoIhkxbMSDiVbOD23FtJmwjj9FrX4Bhjalx0WKThmwDt9LtBYgYit7uTkUxKxJRAlBjFaT70Z9Dzh3B9xj68zLbXC3P6OBOgRKX0bENZS8v-RsVLl9A-WcSVNrDmNQSfnrTsqbH_JrmNMwL-bNO3bifddDjgTgTcLljO89tPGff-PtquKvwQupBSK6G9damNtMYkbW9bbBuhpW04QkNRG5o6Z0JEfM65kSHR8wMseU5ImlzngRh5JhWFujM_vfbHWnjcA2XRdwde9rSP5DzWEO5vQJmw4TTJGmq27DMFfJsR904yDrVZcZkQ8o3rvkbC-0zUNpTULMNnxE5wY5aQ0cKm6bhq8Vip-5zSNZ553nhk5iODcs_Atum0DKdkWAE9l6zmwxYmZRLjddtNgvdsvFKwAFgloip-ZQ5AdIgfoOE8JF80g8EcMMLluUHoZDmMjPOHSGnqiAg7yEzV9XtwOsi8FtPcgVd_fuLao04_hmufsZRntBDqVPNC_OJaKrruNNVC9UvhJwljCoRyouWo1FrxW_XL0h9YLdDyfApm4RBe5b4Dq96gT8S1bSh8E9vV8hvest8NZzf9v8amTUOOpzC4hrkrlaoTzudx6XBA39XVcMmR7o9X5PUTAv2x7AUWGKtkyD3Tx4iVDzNc_H4ZfCB8Se28cTFL0vuilNnhUYxEnZVhjPtxa2WXQAZrg22h_qgZj88xzg-aZ2EWYIaNDrYb64C4XCNh9CCPEUKEccmqvZYdRcerODbUm_dXlPaZgcAQ22i0kehKq2wcHrhZCDbUm_dXlPadPExdJ3McGJ3iJIluMv8CPv651Q7QxrEyYNb-iWwdA0
Server: Microsoft-IIS/10.0
X-AspNetMvc-Version: 5.2
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type
Date: Mon, 05 Dec 2022 14:27:29 GMT
Content-Length: 1499
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 8cff693ee9c762244ede97dd8fcd747a
502f6f4bf0484b95b1a1339077d6fd9df5aced9e
99e344ff76e45b61c748a61cd60c67aff303ffc62e6e5a1e679f59d66c0a15da
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 05 Dec 2022 14:27:30 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sun, 04 Dec 2022 19:25:46 GMT
Expires: Sun, 11 Dec 2022 19:25:45 GMT
Etag: "502f6f4bf0484b95b1a1339077d6fd9df5aced9e"
Cache-Control: max-age=535694,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 774d7682ef13b523-OSL
mybettermb.com/aS/feedclick?s=HFz5zNIIs95ROWPasgEEzxpRTG9mCZxJfSMU3tyux_woPqiJVE9nxxwSB56cKSkXT2CTCm3P5TxbC7U30TJp2YOe9KpoUqG_KP9rM2-MnaYmDyfaZRNJu7CyP0WpYsxEJnFYxcsUig_ZjafmTRh4cHzsOTmPHHzVVhTaMWwinq7RGLacBI37lcvFlWEJ6AJqNXCmYCGlL8ySeEceI--DMnQf4m3kj471CL_p296zBYDqjKFd1t7GGjoWauJ0KmZKjqyI4xEVr87DR7FmpYlfDeLpFS7FxIncYfWc_LWSPY7F1fsWYFPafshoKGRslf0NddKsi7pJcNige8ZUo82FnH3oRPL0t3ZZh3LdaFNXKEb6XgTzXwJbO0SZ_K0jAJwPHlqJL7OlybGUtt83Iq61VSMc3By7sz9GScpP_fWLq7tBoB9Dw8gFxErB4brbvJDdyL_6VdcGTbBc9mDh07MfMxNOHabJunt0w1xnX8uc40BsPFiJ2XLUVWjoIhkxbMSDiVbOD23FtJmwjj9FrX4Bhjalx0WKThmwDt9LtBYgYit7uTkUxKxJRAlBjFaT70Z9Dzh3B9xj68zLbXC3P6OBOgRKX0bENZS8v-RsVLl9A-WcSVNrDmNQSfnrTsqbH_JrmNMwL-bNO3bifddDjgTgTcLljO89tPGff-PtquKvwQupBSK6G9damNtMYkbW9bbBuhpW04QkNRG5o6Z0JEfM65kSHR8wMseU5ImlzngRh5JhWFujM_vfbHWnjcA2XRdwde9rSP5DzWEO5vQJmw4TTJGmq27DMFfJsR904yDrVZcZkQ8o3rvkbC-0zUNpTULMNnxE5wY5aQ0cKm6bhq8Vip-5zSNZ553nhk5iODcs_Atum0DKdkWAE9l6zmwxYmZRLjddtNgvdsvFKwAFgloip-ZQ5AdIgfoOE8JF80g8EcMMLluUHoZDmMjPOHSGnqiAg7yEzV9XtwOsi8FtPcgVd_fuLao04_hmufsZRntBDqVPNC_OJaKrruNNVC9UvhJwljCoRyouWo1FrxW_XL0h9YLdDyfApm4RBe5b4Dq96gT8S1bSh8E9vV8hvest8NZzf9v8amTUOOpzC4hrkrlaoTzudx6XBA39XVcMmR7o9X5PUTAv2x7AUWGKtkyD3Tx4iVDzNc_H4ZfCB8Se28cTFL0vuilNnhUYxEnZVhjPtxa2WXQAZrg22h_qgZj88xzg-aZ2EWYIaNDrYb64C4XCNh9CCPEUKEccmqvZYdRcerODbUm_dXlPaZgcAQ22i0kehKq2wcHrhZCDbUm_dXlPadPExdJ3McGJ3iJIluMv8CPv651Q7QxrEyYNb-iWwdA0
108.168.193.189302 Found 0 B URL HTTP/2 mybettermb.com/aS/feedclick?s=HFz5zNIIs95ROWPasgEEzxpRTG9mCZxJfSMU3tyux_woPqiJVE9nxxwSB56cKSkXT2CTCm3P5TxbC7U30TJp2YOe9KpoUqG_KP9rM2-MnaYmDyfaZRNJu7CyP0WpYsxEJnFYxcsUig_ZjafmTRh4cHzsOTmPHHzVVhTaMWwinq7RGLacBI37lcvFlWEJ6AJqNXCmYCGlL8ySeEceI--DMnQf4m3kj471CL_p296zBYDqjKFd1t7GGjoWauJ0KmZKjqyI4xEVr87DR7FmpYlfDeLpFS7FxIncYfWc_LWSPY7F1fsWYFPafshoKGRslf0NddKsi7pJcNige8ZUo82FnH3oRPL0t3ZZh3LdaFNXKEb6XgTzXwJbO0SZ_K0jAJwPHlqJL7OlybGUtt83Iq61VSMc3By7sz9GScpP_fWLq7tBoB9Dw8gFxErB4brbvJDdyL_6VdcGTbBc9mDh07MfMxNOHabJunt0w1xnX8uc40BsPFiJ2XLUVWjoIhkxbMSDiVbOD23FtJmwjj9FrX4Bhjalx0WKThmwDt9LtBYgYit7uTkUxKxJRAlBjFaT70Z9Dzh3B9xj68zLbXC3P6OBOgRKX0bENZS8v-RsVLl9A-WcSVNrDmNQSfnrTsqbH_JrmNMwL-bNO3bifddDjgTgTcLljO89tPGff-PtquKvwQupBSK6G9damNtMYkbW9bbBuhpW04QkNRG5o6Z0JEfM65kSHR8wMseU5ImlzngRh5JhWFujM_vfbHWnjcA2XRdwde9rSP5DzWEO5vQJmw4TTJGmq27DMFfJsR904yDrVZcZkQ8o3rvkbC-0zUNpTULMNnxE5wY5aQ0cKm6bhq8Vip-5zSNZ553nhk5iODcs_Atum0DKdkWAE9l6zmwxYmZRLjddtNgvdsvFKwAFgloip-ZQ5AdIgfoOE8JF80g8EcMMLluUHoZDmMjPOHSGnqiAg7yEzV9XtwOsi8FtPcgVd_fuLao04_hmufsZRntBDqVPNC_OJaKrruNNVC9UvhJwljCoRyouWo1FrxW_XL0h9YLdDyfApm4RBe5b4Dq96gT8S1bSh8E9vV8hvest8NZzf9v8amTUOOpzC4hrkrlaoTzudx6XBA39XVcMmR7o9X5PUTAv2x7AUWGKtkyD3Tx4iVDzNc_H4ZfCB8Se28cTFL0vuilNnhUYxEnZVhjPtxa2WXQAZrg22h_qgZj88xzg-aZ2EWYIaNDrYb64C4XCNh9CCPEUKEccmqvZYdRcerODbUm_dXlPaZgcAQ22i0kehKq2wcHrhZCDbUm_dXlPadPExdJ3McGJ3iJIluMv8CPv651Q7QxrEyYNb-iWwdA0
IP 108.168.193.189:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /aS/feedclick?s=HFz5zNIIs95ROWPasgEEzxpRTG9mCZxJfSMU3tyux_woPqiJVE9nxxwSB56cKSkXT2CTCm3P5TxbC7U30TJp2YOe9KpoUqG_KP9rM2-MnaYmDyfaZRNJu7CyP0WpYsxEJnFYxcsUig_ZjafmTRh4cHzsOTmPHHzVVhTaMWwinq7RGLacBI37lcvFlWEJ6AJqNXCmYCGlL8ySeEceI--DMnQf4m3kj471CL_p296zBYDqjKFd1t7GGjoWauJ0KmZKjqyI4xEVr87DR7FmpYlfDeLpFS7FxIncYfWc_LWSPY7F1fsWYFPafshoKGRslf0NddKsi7pJcNige8ZUo82FnH3oRPL0t3ZZh3LdaFNXKEb6XgTzXwJbO0SZ_K0jAJwPHlqJL7OlybGUtt83Iq61VSMc3By7sz9GScpP_fWLq7tBoB9Dw8gFxErB4brbvJDdyL_6VdcGTbBc9mDh07MfMxNOHabJunt0w1xnX8uc40BsPFiJ2XLUVWjoIhkxbMSDiVbOD23FtJmwjj9FrX4Bhjalx0WKThmwDt9LtBYgYit7uTkUxKxJRAlBjFaT70Z9Dzh3B9xj68zLbXC3P6OBOgRKX0bENZS8v-RsVLl9A-WcSVNrDmNQSfnrTsqbH_JrmNMwL-bNO3bifddDjgTgTcLljO89tPGff-PtquKvwQupBSK6G9damNtMYkbW9bbBuhpW04QkNRG5o6Z0JEfM65kSHR8wMseU5ImlzngRh5JhWFujM_vfbHWnjcA2XRdwde9rSP5DzWEO5vQJmw4TTJGmq27DMFfJsR904yDrVZcZkQ8o3rvkbC-0zUNpTULMNnxE5wY5aQ0cKm6bhq8Vip-5zSNZ553nhk5iODcs_Atum0DKdkWAE9l6zmwxYmZRLjddtNgvdsvFKwAFgloip-ZQ5AdIgfoOE8JF80g8EcMMLluUHoZDmMjPOHSGnqiAg7yEzV9XtwOsi8FtPcgVd_fuLao04_hmufsZRntBDqVPNC_OJaKrruNNVC9UvhJwljCoRyouWo1FrxW_XL0h9YLdDyfApm4RBe5b4Dq96gT8S1bSh8E9vV8hvest8NZzf9v8amTUOOpzC4hrkrlaoTzudx6XBA39XVcMmR7o9X5PUTAv2x7AUWGKtkyD3Tx4iVDzNc_H4ZfCB8Se28cTFL0vuilNnhUYxEnZVhjPtxa2WXQAZrg22h_qgZj88xzg-aZ2EWYIaNDrYb64C4XCNh9CCPEUKEccmqvZYdRcerODbUm_dXlPaZgcAQ22i0kehKq2wcHrhZCDbUm_dXlPadPExdJ3McGJ3iJIluMv8CPv651Q7QxrEyYNb-iWwdA0 HTTP/1.1
Host: mybettermb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://btpnative.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Mon, 05 Dec 2022 14:27:30 GMT
content-length: 0
set-cookie: rhid=82497029501; Max-Age=15552000; Expires=Sat, 03-Jun-2023 14:27:30 GMT; Domain=mybettermb.com; Path=/; SameSite=None; secure;
location: https://p274639.mybettermb.com/adServe/domainClick?ai=gNSPw4YcvsCApKkKBx7IDF_cvGsTSfm9uqHPErRaTXoDgwDsRKusVuSzVpy1vp3RTpegkJelYHUE538Al-L_QYf18T9CpHqCT2L9NFyVXF55Q47z-CV1ol2k4XVJzHJX8mFgHSWE3TZFy0dflvxRpINtSb91eU9pMndT0rcbhtKjIQ6n-5BK5qIjUZf-ReyHtSLHLDCCFTAKkOdBnIRm3z3JmuEff5JuKMrBQwMxO6eP9dvbcRzikI4XRKiQejY9l5g72F1sPYafqhWZ-YKZz6rRPbGyYnCcF9nxG1Y8QfZKdkAM850vP-n44YFBbd7ECEomdw_Jheywpth3iNEvd_P4BsKUl697UgDHGPx9sdM7fDtSvK65pHFJmtCp_fEEbWnaHeEFBuddA-e5aUFqZsS33aYyBWDD&ui=HFz5zNIIs96w8gbO8AoGVPmI0xR1wwxSRkRDduRYuhUI0lljopObpzYKyML4lALp9mn-_deOraG6gQwbgnJBGf4Ef7G-Co4-0sDzddIUNswctMnFGilngw&si=1&oref=8e1dd1be172304d34167fb9a89f6676a&optunit=Lm2uYWJ6y1bbEItyw-irrg&rb=2Vb288azLYM&rr=0&abtg=0
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10592
Expires: Mon, 05 Dec 2022 17:24:02 GMT
Date: Mon, 05 Dec 2022 14:27:30 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10592
Expires: Mon, 05 Dec 2022 17:24:02 GMT
Date: Mon, 05 Dec 2022 14:27:30 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10592
Expires: Mon, 05 Dec 2022 17:24:02 GMT
Date: Mon, 05 Dec 2022 14:27:30 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10592
Expires: Mon, 05 Dec 2022 17:24:02 GMT
Date: Mon, 05 Dec 2022 14:27:30 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10592
Expires: Mon, 05 Dec 2022 17:24:02 GMT
Date: Mon, 05 Dec 2022 14:27:30 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7663e5fc-37de-4be8-9be7-49805622f85d.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7663e5fc-37de-4be8-9be7-49805622f85d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 99d1ff8fa2e095dcf2bda3d1e1af1221
f914f04a0e1fb45a221d31d2105bfc73015b03e6
90325d4299a44dbd213857ada6f6880db8c33ad61685cfcb60c4a2455a84cf87
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7663e5fc-37de-4be8-9be7-49805622f85d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10183
x-amzn-requestid: 0cdea572-aab4-4d52-948b-976170a787a4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: co_uLHQZoAMF4hA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638d1327-7948052f39c4f6071b4a0e0d;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 21:37:43 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Vhtd0Bo5kTQySEn0vD_RJin0usoC7GQvK74fhVtrtZNEy64_vrWQNw==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 21:45:46 GMT
age: 60104
etag: "f914f04a0e1fb45a221d31d2105bfc73015b03e6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd528f6ee-d348-431d-8220-5c8b154b2941.jpeg
34.120.237.76200 OK 8.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd528f6ee-d348-431d-8220-5c8b154b2941.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash db1701b7b9d161a0c935bb6e10b17893
22a8c4bd58c729c1abcf794466e8f3231dfb034b
b495524a33e5b1d3ba34cfbe867ada0da956c061370b1fcde06b23a6194a9787
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd528f6ee-d348-431d-8220-5c8b154b2941.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8315
x-amzn-requestid: f1bcc33b-aad9-4d3b-b1f9-49282f2d4fb9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clsAMGVboAMFfxg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc067-13472a097177d4751c8f7a8c;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:23 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 8ugcixaNsXG-AIHYCfoyOWa5zowv2lb4qwWc8o5_7SQc_0w5HW4mBw==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 12a392bc3a7281f8d5d4591bfadc41fc.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 21:52:48 GMT
age: 59682
etag: "22a8c4bd58c729c1abcf794466e8f3231dfb034b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df54ea7-8915-4ac7-af2b-6a71ce14dbf4.webp
34.120.237.76200 OK 5.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df54ea7-8915-4ac7-af2b-6a71ce14dbf4.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 43309032a892c486f9985ef520df696e
36f4682ca6a33ff80ee02129c77e6f27e996ede0
24225ff504f30405d9ec3feb2555c738fcca0d6b265f285aa9c73a64c78a496e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df54ea7-8915-4ac7-af2b-6a71ce14dbf4.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5681
x-amzn-requestid: 8f0d66b8-d532-48d9-9a29-74540cd6ab3a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cltXnEotIAMFqkA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc296-27349a376ff819ab63b04a81;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:41:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Uz-wJTZjej3sjP-O68BQ4hB_kkAecG0o7GkeZUan90ZgV87g0Cg_ZA==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 3cd7af07832481c336aa1c93c9b4a6fe.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 21:52:41 GMT
age: 59689
etag: "36f4682ca6a33ff80ee02129c77e6f27e996ede0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3af2e495-85ff-410f-8418-e683c7f84bcd.jpeg
34.120.237.76200 OK 7.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3af2e495-85ff-410f-8418-e683c7f84bcd.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 027480c06cd67621f373c6765dafee4d
9f80bb7ca6f699d88eaec2248dec508c589fe994
f69a0d6bd6e79d8fa7f2f15df11237c0a8b04d45af3cd5870eeef86d18f553bf
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3af2e495-85ff-410f-8418-e683c7f84bcd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7728
x-amzn-requestid: 9f37e7a6-1f00-4a81-9b14-962fd0b6cdf4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clsAMEJxoAMFchQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc067-4a4cce217327b44525ea1e98;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:23 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: PGz98Kv7xrcdfvzwMFbA9V206DdlXitB-Xk8dllnaLlk1QMhZZEs9Q==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 22:03:04 GMT
age: 59066
etag: "9f80bb7ca6f699d88eaec2248dec508c589fe994"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae18d1b5-3b75-4897-bd1b-03651e437c2e.jpeg
34.120.237.76200 OK 4.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae18d1b5-3b75-4897-bd1b-03651e437c2e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c01fe1cccdb3b672bbade6d98217ffe9
a9a529dc9894827f6243a1bf57f81caa4fe88fc2
c43da6212c79a08e22e78e04e99e8f5422e64b4b0a87f30b7907f1b4bc675c71
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae18d1b5-3b75-4897-bd1b-03651e437c2e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4666
x-amzn-requestid: 850d341f-5ccb-453c-8adf-a8194f8fbdad
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clr_-GiboAMFwww=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc066-766293f2526e637235067aca;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:22 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: kmki-SBINSx1kbiIkaSGebdCLrnDeHVhYeotAWzE__CevkNDdfzRGg==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 21:44:01 GMT
age: 60209
etag: "a9a529dc9894827f6243a1bf57f81caa4fe88fc2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F61cc2744-b517-4404-bfa2-25fadadfa3f3.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F61cc2744-b517-4404-bfa2-25fadadfa3f3.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2636f91bb8fa4d9bb7bef114c248a9ae
8637105f41058bc0d2b259d462b560881928adb6
3d93fd8fcf1af31d00ccbd453142dbea5f2b91d7f58373095943ed40a31ed1f7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F61cc2744-b517-4404-bfa2-25fadadfa3f3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10431
x-amzn-requestid: f79ab5e7-8c1b-4827-a531-aaa19c1d80aa
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clsCGEwxIAMF34g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc073-6358d2950955884c470c0a89;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:35 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: S6Xknz1l6TuuYButc4p3tl4nIZi9YzV9IP6Bag4HNFC_hfbDeWXVCA==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 21:47:06 GMT
age: 60024
etag: "8637105f41058bc0d2b259d462b560881928adb6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
p274639.mybettermb.com/adServe/domainClick?ai=gNSPw4YcvsCApKkKBx7IDF_cvGsTSfm9uqHPErRaTXoDgwDsRKusVuSzVpy1vp3RTpegkJelYHUE538Al-L_QYf18T9CpHqCT2L9NFyVXF55Q47z-CV1ol2k4XVJzHJX8mFgHSWE3TZFy0dflvxRpINtSb91eU9pMndT0rcbhtKjIQ6n-5BK5qIjUZf-ReyHtSLHLDCCFTAKkOdBnIRm3z3JmuEff5JuKMrBQwMxO6eP9dvbcRzikI4XRKiQejY9l5g72F1sPYafqhWZ-YKZz6rRPbGyYnCcF9nxG1Y8QfZKdkAM850vP-n44YFBbd7ECEomdw_Jheywpth3iNEvd_P4BsKUl697UgDHGPx9sdM7fDtSvK65pHFJmtCp_fEEbWnaHeEFBuddA-e5aUFqZsS33aYyBWDD&ui=HFz5zNIIs96w8gbO8AoGVPmI0xR1wwxSRkRDduRYuhUI0lljopObpzYKyML4lALp9mn-_deOraG6gQwbgnJBGf4Ef7G-Co4-0sDzddIUNswctMnFGilngw&si=1&oref=8e1dd1be172304d34167fb9a89f6676a&optunit=Lm2uYWJ6y1bbEItyw-irrg&rb=2Vb288azLYM&rr=0&abtg=0
108.168.193.189302 Found 0 B URL HTTP/2 p274639.mybettermb.com/adServe/domainClick?ai=gNSPw4YcvsCApKkKBx7IDF_cvGsTSfm9uqHPErRaTXoDgwDsRKusVuSzVpy1vp3RTpegkJelYHUE538Al-L_QYf18T9CpHqCT2L9NFyVXF55Q47z-CV1ol2k4XVJzHJX8mFgHSWE3TZFy0dflvxRpINtSb91eU9pMndT0rcbhtKjIQ6n-5BK5qIjUZf-ReyHtSLHLDCCFTAKkOdBnIRm3z3JmuEff5JuKMrBQwMxO6eP9dvbcRzikI4XRKiQejY9l5g72F1sPYafqhWZ-YKZz6rRPbGyYnCcF9nxG1Y8QfZKdkAM850vP-n44YFBbd7ECEomdw_Jheywpth3iNEvd_P4BsKUl697UgDHGPx9sdM7fDtSvK65pHFJmtCp_fEEbWnaHeEFBuddA-e5aUFqZsS33aYyBWDD&ui=HFz5zNIIs96w8gbO8AoGVPmI0xR1wwxSRkRDduRYuhUI0lljopObpzYKyML4lALp9mn-_deOraG6gQwbgnJBGf4Ef7G-Co4-0sDzddIUNswctMnFGilngw&si=1&oref=8e1dd1be172304d34167fb9a89f6676a&optunit=Lm2uYWJ6y1bbEItyw-irrg&rb=2Vb288azLYM&rr=0&abtg=0
IP 108.168.193.189:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /adServe/domainClick?ai=gNSPw4YcvsCApKkKBx7IDF_cvGsTSfm9uqHPErRaTXoDgwDsRKusVuSzVpy1vp3RTpegkJelYHUE538Al-L_QYf18T9CpHqCT2L9NFyVXF55Q47z-CV1ol2k4XVJzHJX8mFgHSWE3TZFy0dflvxRpINtSb91eU9pMndT0rcbhtKjIQ6n-5BK5qIjUZf-ReyHtSLHLDCCFTAKkOdBnIRm3z3JmuEff5JuKMrBQwMxO6eP9dvbcRzikI4XRKiQejY9l5g72F1sPYafqhWZ-YKZz6rRPbGyYnCcF9nxG1Y8QfZKdkAM850vP-n44YFBbd7ECEomdw_Jheywpth3iNEvd_P4BsKUl697UgDHGPx9sdM7fDtSvK65pHFJmtCp_fEEbWnaHeEFBuddA-e5aUFqZsS33aYyBWDD&ui=HFz5zNIIs96w8gbO8AoGVPmI0xR1wwxSRkRDduRYuhUI0lljopObpzYKyML4lALp9mn-_deOraG6gQwbgnJBGf4Ef7G-Co4-0sDzddIUNswctMnFGilngw&si=1&oref=8e1dd1be172304d34167fb9a89f6676a&optunit=Lm2uYWJ6y1bbEItyw-irrg&rb=2Vb288azLYM&rr=0&abtg=0 HTTP/1.1
Host: p274639.mybettermb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://btpnative.com/
Connection: keep-alive
Cookie: rhid=82497029501
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx
date: Mon, 05 Dec 2022 14:27:30 GMT
content-length: 0
set-cookie: rhid=82497029501; Max-Age=15552000; Expires=Sat, 03-Jun-2023 14:27:30 GMT; Domain=mybettermb.com; Path=/; SameSite=None; secure;
loi=ad_490233_off_142374_aff_3322_cid_274639-581116130-WY5532.COM_ts_1670250450; Max-Age=3600; Expires=Mon, 05-Dec-2022 15:27:30 GMT; Domain=mybettermb.com; Path=/; SameSite=None; secure;
location: https://myfood.ltd/?v=20171031&s1=0
X-Firefox-Spdy: h2
myfood.ltd/?v=20171031&s1=0
151.139.128.10200 OK 2.9 kB URL HTTP/2 myfood.ltd/?v=20171031&s1=0
IP 151.139.128.10:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (6859), with no line terminators
Hash 029ccb01ef612a9e6748494c60d24b69
d385f7671725be11701998c27571e94b1950f991
7ac429dc45b509b1bed9bdcdc5610868d510d979ce3cc06d48870511bf0425f5
GET /?v=20171031&s1=0 HTTP/1.1
Host: myfood.ltd
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://btpnative.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 05 Dec 2022 14:27:30 GMT
cache-control: max-age=30
content-encoding: gzip
content-length: 2896
content-type: text/html
last-modified: Mon, 01 Mar 2021 09:43:13 GMT
accept-ranges: bytes
server: nginx
etag: W/"603cb731-1ad4"
x-hw: 1670250450.cds259.sk1.hn,1670250450.cds236.sk1.c
X-Firefox-Spdy: h2
myfood.ltd/main/css/style.css
151.139.128.10200 OK 19 kB URL HTTP/2 myfood.ltd/main/css/style.css
IP 151.139.128.10:0
File type Unicode text, UTF-8 text, with very long lines (65134), with no line terminators
Hash a95a0c8bd1273406b8c8053fb3527d56
2a461dcfa2c4bf1d22727bfd7c3c2abc85d44343
55b46146d32f4ee365d4ca91d8b3b1c504a062b15bbc1ed60a22ac2d05be1db5
GET /main/css/style.css HTTP/1.1
Host: myfood.ltd
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://myfood.ltd/?v=20171031&s1=0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Dec 2022 14:27:30 GMT
cache-control: max-age=30
content-encoding: gzip
content-length: 18933
content-type: text/css
last-modified: Mon, 01 Mar 2021 09:43:15 GMT
accept-ranges: bytes
server: nginx
etag: W/"603cb733-1b1ac"
x-hw: 1670250450.cds259.sk1.hn,1670250450.cds261.sk1.c
X-Firefox-Spdy: h2
myfood.ltd/images/Superfood_1.jpg
151.139.128.10200 OK 74 kB URL HTTP/2 myfood.ltd/images/Superfood_1.jpg
IP 151.139.128.10:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, copyright=Bigstock], progressive, precision 8, 800x420, components 3\012- data
Hash c2c3ec0e55e648c2a85d4499714a9c11
073f2990a52da59a7d3b73583b30be3c2cf45523
b66cf7365382753dc6340bfa2fba89c368ca3b930a0833d8f64c4c34525fc2ec
GET /images/Superfood_1.jpg HTTP/1.1
Host: myfood.ltd
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://myfood.ltd/?v=20171031&s1=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Dec 2022 14:27:30 GMT
cache-control: max-age=30
content-length: 74204
content-type: image/jpeg
last-modified: Mon, 01 Mar 2021 09:43:12 GMT
accept-ranges: bytes
server: nginx
etag: "603cb730-121dc"
x-hw: 1670250450.cds259.sk1.hn,1670250450.cds247.sk1.c
X-Firefox-Spdy: h2
myfood.ltd/images/Superfood_2.jpg
151.139.128.10200 OK 52 kB URL HTTP/2 myfood.ltd/images/Superfood_2.jpg
IP 151.139.128.10:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, copyright=Bigstock], progressive, precision 8, 800x341, components 3\012- data
Hash b87af7248a82f58fe2ea5d0c7b030886
1d5a5b9752d7978c68b0d4a1689b3d8e6d322f0a
14da8c39c357dad0441b26d575c0000a9529c76d785680306a3cf51abe4cae81
GET /images/Superfood_2.jpg HTTP/1.1
Host: myfood.ltd
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://myfood.ltd/?v=20171031&s1=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Dec 2022 14:27:30 GMT
cache-control: max-age=30
content-length: 51830
content-type: image/jpeg
last-modified: Mon, 01 Mar 2021 09:43:13 GMT
accept-ranges: bytes
server: nginx
etag: "603cb731-ca76"
x-hw: 1670250450.cds259.sk1.hn,1670250450.cds220.sk1.c
X-Firefox-Spdy: h2
myfood.ltd/images/avatar-1.jpg
151.139.128.10200 OK 11 kB URL HTTP/2 myfood.ltd/images/avatar-1.jpg
IP 151.139.128.10:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=12, height=128, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=128], progressive, precision 8, 128x128, components 3\012- data
Hash 62d0b6a649ac10e72bcb6ea3bbf57564
3e333889b0b66bfc6a32499f4c55878e2102b463
58dddc0a77632d920d096da6c6e2587c5859a4b4dd7af6dcd6eb8009ebc23ba6
GET /images/avatar-1.jpg HTTP/1.1
Host: myfood.ltd
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://myfood.ltd/?v=20171031&s1=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Dec 2022 14:27:30 GMT
cache-control: max-age=30
content-length: 11304
content-type: image/jpeg
last-modified: Mon, 01 Mar 2021 09:43:12 GMT
accept-ranges: bytes
server: nginx
etag: "603cb730-2c28"
x-hw: 1670250450.cds259.sk1.hn,1670250450.cds218.sk1.c
X-Firefox-Spdy: h2
myfood.ltd/images/avatar-2.jpg
151.139.128.10200 OK 11 kB URL HTTP/2 myfood.ltd/images/avatar-2.jpg
IP 151.139.128.10:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=12, height=128, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=128], progressive, precision 8, 128x128, components 3\012- data
Hash dd3881ed1b5b03b1d571edf89e12c466
61ca68c1c2d2ae7d286dfc0540f4ca8b357fdf3d
97b65e41dd547b310e1e860d2ae4717dba1d97bd36c0cd06c35749caa515e207
GET /images/avatar-2.jpg HTTP/1.1
Host: myfood.ltd
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://myfood.ltd/?v=20171031&s1=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Dec 2022 14:27:30 GMT
cache-control: max-age=30
content-length: 10665
content-type: image/jpeg
last-modified: Mon, 01 Mar 2021 09:43:12 GMT
accept-ranges: bytes
server: nginx
etag: "603cb730-29a9"
x-hw: 1670250450.cds259.sk1.hn,1670250450.cds217.sk1.c
X-Firefox-Spdy: h2
myfood.ltd/main/js/main.js
151.139.128.10200 OK 39 kB URL HTTP/2 myfood.ltd/main/js/main.js
IP 151.139.128.10:0
File type Unicode text, UTF-8 text, with very long lines (60220)
Hash 181e3fa3b1de97ff4efd259bc2a2c8c7
52edf1dc36109cb57bea12689a48442e27f06ad1
ffa8984bea3bf0c0a0cb282e9a5a98b3435e63fb6a26dfe0351979fa9f827c40
GET /main/js/main.js HTTP/1.1
Host: myfood.ltd
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://myfood.ltd/?v=20171031&s1=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Dec 2022 14:27:30 GMT
cache-control: max-age=30
content-encoding: gzip
content-length: 38656
content-type: application/javascript
last-modified: Mon, 01 Mar 2021 09:43:14 GMT
accept-ranges: bytes
server: nginx
etag: "603cb732-1d57b"
x-hw: 1670250450.cds259.sk1.hn,1670250450.cds228.sk1.c
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 79c225db327a78b782f5a9512b07eaf0
398a1be3a70264d959146d6670d2ca54cdf4e91a
8539ea44d81775448ae8c6179d54d8a397c559b112291fa78abcf6ac6c480815
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 14:27:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 79c225db327a78b782f5a9512b07eaf0
398a1be3a70264d959146d6670d2ca54cdf4e91a
8539ea44d81775448ae8c6179d54d8a397c559b112291fa78abcf6ac6c480815
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 14:27:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/opensans/v15/MTP_ySUJH_bn48VBG8sNSugdm0LZdjqr5-oayXSOefg.woff2
142.250.74.35200 OK 14 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v15/MTP_ySUJH_bn48VBG8sNSugdm0LZdjqr5-oayXSOefg.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 14544, version 1.0\012- data
Hash 223a277bd88d8a90c8cdf24cda0ad5f5
24234c1c81b3948758c1a0be8e5a65386ca94c52
d61b45b8b3cded238a65ee0aac4043b989f11cee56acfe5c889777f961f241a2
GET /s/opensans/v15/MTP_ySUJH_bn48VBG8sNSugdm0LZdjqr5-oayXSOefg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://myfood.ltd
Connection: keep-alive
Referer: https://myfood.ltd/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 14544
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 29 Nov 2022 15:49:12 GMT
expires: Wed, 29 Nov 2023 15:49:12 GMT
cache-control: public, max-age=31536000
age: 513499
last-modified: Wed, 11 Oct 2017 21:49:52 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v15/DXI1ORHCpsQm3Vp6mXoaTegdm0LZdjqr5-oayXSOefg.woff2
142.250.74.35200 OK 15 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v15/DXI1ORHCpsQm3Vp6mXoaTegdm0LZdjqr5-oayXSOefg.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 14564, version 1.0\012- data
Hash 60c866748ff15f5b347fdba64596b1b1
34f486906decb7c8cf7a02d4758add9a2408c7a5
5278c0f6063ca9ad85653b18a2ddf1aa57e3ab40b7973a69b09acf859db8264d
GET /s/opensans/v15/DXI1ORHCpsQm3Vp6mXoaTegdm0LZdjqr5-oayXSOefg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://myfood.ltd
Connection: keep-alive
Referer: https://myfood.ltd/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 14564
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 02 Dec 2022 03:27:36 GMT
expires: Sat, 02 Dec 2023 03:27:36 GMT
cache-control: public, max-age=31536000
age: 298795
last-modified: Wed, 11 Oct 2017 21:49:34 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
myfood.ltd/favicon.ico
151.139.128.10200 OK 1.2 kB IP 151.139.128.10:0
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash b671b0407b8abf4ffb9946ee1596d992
79a116ffd13f1888451abd3cb8751cb2140f2fa4
1515616a51664df153b03397585ee45469cb936100992f870419514b17820649
GET /favicon.ico HTTP/1.1
Host: myfood.ltd
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://myfood.ltd/?v=20171031&s1=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Dec 2022 14:27:31 GMT
cache-control: max-age=30
content-length: 1150
content-type: image/x-icon
last-modified: Wed, 28 Mar 2018 14:00:16 GMT
accept-ranges: bytes
server: nginx
etag: "5abb9ff0-47e"
x-hw: 1670250451.cds259.sk1.hn,1670250451.cds240.sk1.c
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 79c225db327a78b782f5a9512b07eaf0
398a1be3a70264d959146d6670d2ca54cdf4e91a
8539ea44d81775448ae8c6179d54d8a397c559b112291fa78abcf6ac6c480815
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 14:27:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN