r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash b44b6d7bebf34d0393567b22a63a93fa
a1a85b268bc8073d8e4622ceb78b78a1b39af96a
4b69973af6e9c5a78d94e8661b08d9349176a515e7bfb3386b10ace4c6f1ae21
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4B69973AF6E9C5A78D94E8661B08D9349176A515E7BFB3386B10ACE4C6F1AE21"
Last-Modified: Tue, 28 Feb 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11574
Expires: Tue, 28 Feb 2023 19:20:52 GMT
Date: Tue, 28 Feb 2023 16:07:58 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 5997f91ebc2eb50daf9983503bf68d86
9e173d1ec3154a6e77b673bc1ce382a531f01965
e2293a78d786cee4e424a86f17ffc821883a5da3628136dd3064c4c82ce68d5a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E2293A78D786CEE4E424A86F17FFC821883A5DA3628136DD3064C4C82CE68D5A"
Last-Modified: Mon, 27 Feb 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13467
Expires: Tue, 28 Feb 2023 19:52:25 GMT
Date: Tue, 28 Feb 2023 16:07:58 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 7f03faaba3392caae6dae54467bfdf6d
57ea1f14e8bfbcca8190c706d708c9fda12442c1
02ac551ba61fcbc6b04f244df065948b181a8a258db5c2e197aae66fdfcea8ee
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Content-Type, Backoff, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 28 Feb 2023 15:12:46 GMT
content-type: application/json
age: 3312
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash d533446f79adb9523ba9ed92587833da
442454b9811f80ef90768d154036ebd349b8770d
f329f0e623ed8981e9ce3eddb63add02a524ce0d95367ec106730a3dc105973c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F329F0E623ED8981E9CE3EDDB63ADD02A524CE0D95367EC106730A3DC105973C"
Last-Modified: Mon, 27 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11824
Expires: Tue, 28 Feb 2023 19:25:02 GMT
Date: Tue, 28 Feb 2023 16:07:58 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash b5ba6334e73496995e3e3a9ecd0eb323
ad80d3b7718c28364e8c2004fb38a13a1747e462
aa5abb52515c6383c014aadb63a86c9f798ad64de53c0218616c1fc6d424d2e2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: z7yIdWDkYaMMHZJgeSi0QU68pTd2TwFimB4cEGl8mCvvOB33ZRx3F6zvhblvfbSUVBERy6IDJ7WxEzQed+ZZAQ==
x-amz-request-id: GGC2BP14MCWE78NR
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 28 Feb 2023 15:32:17 GMT
age: 2141
last-modified: Sat, 18 Feb 2023 20:28:27 GMT
etag: "b5ba6334e73496995e3e3a9ecd0eb323"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 28 Feb 2023 16:07:58 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Content-Type, Last-Modified, Backoff, Alert, Cache-Control, ETag, Expires, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 28 Feb 2023 15:12:25 GMT
age: 3334
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
zebra.wthelpdesk.com/QLJm0eQZ1/H/aCuAozdEUN66.htm
185.107.56.198302 Found 11 B URL HTTP/1.1 zebra.wthelpdesk.com/QLJm0eQZ1/H/aCuAozdEUN66.htm
IP 185.107.56.198:0
ASN #43350 NForce Entertainment B.V.
File type ASCII text, with no line terminators
Hash 32682312d17c7cbf18e73594f5570319
60e22121bdd0bc71cdb2bae2a3aa577006b2eae9
e55fb1a1d731153e943b68844af12dcce8bfac917c98ffdea64c80da0607dd47
Analyzer Verdict Alert fortinet Malware
GET /QLJm0eQZ1/H/aCuAozdEUN66.htm HTTP/1.1
Host: zebra.wthelpdesk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 11
date: Tue, 28 Feb 2023 16:07:58 GMT
location: http://cynes-gwf.com/zcvisitor/11948150-b782-11ed-8768-121d454a7587/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=11a6d0d1-b782-11ed-8768-121d454a7587
server: nginx
set-cookie: sid=11860a9e-b782-11ed-a292-a9535fff8fc4; path=/; domain=.wthelpdesk.com; expires=Sun, 18 Mar 2091 19:22:06 GMT; max-age=2147483647; HttpOnly
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash a518b418b3b845c6c4f61b595d07d29e
fa6b54344b3e4dfb5c6f16090825264152907bd6
b797e9b583b27d9c7288b67ecd1c8fc0da8a0ff8ac6d335f3d6e0bed653f2aed
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B797E9B583B27D9C7288B67ECD1C8FC0DA8A0FF8AC6D335F3D6E0BED653F2AED"
Last-Modified: Mon, 27 Feb 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2433
Expires: Tue, 28 Feb 2023 16:48:32 GMT
Date: Tue, 28 Feb 2023 16:07:59 GMT
Connection: keep-alive
cynes-gwf.com/zcvisitor/11948150-b782-11ed-8768-121d454a7587/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=11a6d0d1-b782-11ed-8768-121d454a7587
54.237.193.255200 1.1 kB URL HTTP/1.1 cynes-gwf.com/zcvisitor/11948150-b782-11ed-8768-121d454a7587/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=11a6d0d1-b782-11ed-8768-121d454a7587
IP 54.237.193.255:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 07eb022c2db7443d709e1a58248ef97c
a77f4b78815c60704c20a602c16beae34449b0ff
1b84d6760ae4dca9ba8ca16abef749faf1df3b9cb3e6fbb873ce6e451622f4d9
GET /zcvisitor/11948150-b782-11ed-8768-121d454a7587/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=11a6d0d1-b782-11ed-8768-121d454a7587 HTTP/1.1
Host: cynes-gwf.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200
Date: Tue, 28 Feb 2023 16:07:59 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Server: mnbFreaz
push.services.mozilla.com/
54.148.73.41101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.148.73.41:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 1FZ3f8HOLKL/CpQSEj9CkA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: VrFl57ub8WCql7M0nPh+h9Cf8UU=
cynes-gwf.com/zcredirect?visitid=11948150-b782-11ed-8768-121d454a7587&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false
54.237.193.255200 3.7 kB URL HTTP/1.1 cynes-gwf.com/zcredirect?visitid=11948150-b782-11ed-8768-121d454a7587&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false
IP 54.237.193.255:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1793)
Hash a0b3f77b675b48e5b632d0a4c3bf1424
fdcbf097c959e64089af411d00c78159cba6e999
fb26491d6482b4c8ae6b4612d73beb347fda22aa86a2978c59703375753ad1fd
GET /zcredirect?visitid=11948150-b782-11ed-8768-121d454a7587&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false HTTP/1.1
Host: cynes-gwf.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cynes-gwf.com/zcvisitor/11948150-b782-11ed-8768-121d454a7587/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=11a6d0d1-b782-11ed-8768-121d454a7587
Upgrade-Insecure-Requests: 1
HTTP/1.1 200
Date: Tue, 28 Feb 2023 16:07:59 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
redirected: JS
Server: hSDlRFIR
cynes-gwf.com/favicon.ico
54.237.193.255404 653 B URL HTTP/1.1 cynes-gwf.com/favicon.ico
IP 54.237.193.255:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (649), with no line terminators
Hash ba2732b1b2fa2626ffaa15f62f9e7d66
203d4e7fbb1d80449d6e4e1f3ae7a9bf8625debe
879861cb72fe9fbb476dab246021c4c83b4066327de2529e05ec54d3afb0a1c8
GET /favicon.ico HTTP/1.1
Host: cynes-gwf.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cynes-gwf.com/zcredirect?visitid=11948150-b782-11ed-8768-121d454a7587&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false
HTTP/1.1 404
Date: Tue, 28 Feb 2023 16:08:00 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 653
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Content-Language: en
Server: IhyLUiEM
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 48dd5a8493115a3b47ee3f9b794809e9
6eb3ec1a7ed83d3e52c4a7765e44f0b474b99947
ab33fdf4ffcd17938c014dc7890c84ba6711bea23ed1992abacd794897ef1621
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 28 Feb 2023 16:08:00 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sun, 26 Feb 2023 20:46:01 GMT
Expires: Sun, 05 Mar 2023 20:46:00 GMT
Etag: "6eb3ec1a7ed83d3e52c4a7765e44f0b474b99947"
Cache-Control: max-age=448079,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7a0a6a98f9f9b523-OSL
mybettermb.com/aS/feedclick?s=HFz5zNIIs96fzq49jFkHXa3dDnCBF-q5XdKpm_iE5krR4Y6kwqRF86d73pnnDH6ohvzYfNFjJsKn06qgcpL4cAslfKdxj89gROsD6Hix4F-7W8_OsGPNCx1lVC9oF4FMmrbARTGkk3NUUOUcZEDwassk593LVzcv2RysndScI7A0hcu6hKn3wvsVWknfJjvzDZ6-4dIELvnxC9xVparN_tdtrxfn3z9MLvqQBjBuU-FyrSgQCFHQC5R6lreHW1hzFnpt0lm1N3UHkzS6A_HiiIKmWCau9TXvIkg_qjJ_F0nbGdnW-W7y35Xb1Ffm7pW4W2Qo2113gZBlm0Q9kJaDF9AWo7BP5_zLoxqcot3PdTKxWW13n0sOFfFiAFF-FgbPgTni4EJjNPjDvcoZu1VgfdrinapRJf2UifhdGIXEXD_K1tp4k8AeorO8bbHYg6Y4G3PSLqJuGE4h4g_COGDAKDbXYttsXhlYwKINabzkevjvqOapUSwLb3FAOkWZMbB9Mg7VYfyD1XKIfHP37u61yszbFyORoud7G8UcICulahL8TnUz89nfXvplOK49IDcyDZ6-4dIELvnxC9xVparN_tdtrxfn3z9MLvqQBjBuU-FyrSgQCFHQC5R6lreHW1hzUgz4ZZtLihzScf2sndzzRl5Z5pjBOfEx7VvZcws81DizImanAVr_rcIGSNmExBNs1z9U4KjkYAgZT2aereO6XsSZc1Vs3djEgYLv4YQov7AZrMaPyoXKzjhZ_vzGypHZxI34F5fhEVfJixMmkC0n7rEFU_8DgkglbqKiIgFvxPjh8qo-6qP9UsPPScGUzVjbwNiklWU4DOWaalOHdFoh72mwRE-ze-A6GbOg1Gh03GObcct_di23xJRpKKtwCnOoPlBd05ZCEQoBz_t7xxLqJB6a7vlPWTYykwRDUjGI3FENGwdiudlyclSFrVu4EUgOWch0g936617TLJr6AbV4ip-NAP5pT2krRaXFoks5HwnBpsz0OJQ8WfNuKfUNTREDvEV1Sa063313NaBjWgyzwOahulU_0nycMPeuo-0z4e6mu8yMRfZD9l_HBekHgsp9ZybIkDshrsbemUyZNX7HiHnaMzr4fK_SpbHq3qHI857eSKN13ofqu2Ogvy_jzm1mNfGm8cvV5G9k8YzB06BCxhh8FM1DolkmeDBEanPsRxxcTQtRPdux7U1T1CZWUCX4yGyWDkl85uKiI8MZMtHi2v37-fJM7zOJXpu9LghaUODi6QncpGn_khCWUY-LAvDj82PVf5OOC6EDfPogyyjf72Bcu8ws6YGaegGpXtHEzqcWV8Ovk2NWkwWhtc9OegwAm928jfRxQJo4kL7575u-0AG2kbYPHUTjjPKvQdta8BC1EiJAjF60C7ayXrNgOAFRXviB8qn7hQCte1VWtwz0kWaRbBPVESW6TkvyCTgTfO7yp21PpuPCWhfkRTb4KSAPfKL-JJS2RE6tygen2wFTeRZXw6-TY1aTL6yYf11unmu0oMnz0U9yxdX5464EfUFmI4XCXOQKRvPWXT_fxgbecCC9tYwrQn-gCYVIO79thtI4Zz0H8pTbHIB9SEZpYm8fMK3Rj8xBauoDCvHCve4NiZgwBukl0zc7NoMD1C-ZU3LPeHq9Xhh_HTU_Bb3g2c_dcmE0tLH4D3ZEyKRveVvzMq6AMcFvrxfUZZJCxAdeOqU
52.116.53.155302 Found 0 B URL HTTP/2 mybettermb.com/aS/feedclick?s=HFz5zNIIs96fzq49jFkHXa3dDnCBF-q5XdKpm_iE5krR4Y6kwqRF86d73pnnDH6ohvzYfNFjJsKn06qgcpL4cAslfKdxj89gROsD6Hix4F-7W8_OsGPNCx1lVC9oF4FMmrbARTGkk3NUUOUcZEDwassk593LVzcv2RysndScI7A0hcu6hKn3wvsVWknfJjvzDZ6-4dIELvnxC9xVparN_tdtrxfn3z9MLvqQBjBuU-FyrSgQCFHQC5R6lreHW1hzFnpt0lm1N3UHkzS6A_HiiIKmWCau9TXvIkg_qjJ_F0nbGdnW-W7y35Xb1Ffm7pW4W2Qo2113gZBlm0Q9kJaDF9AWo7BP5_zLoxqcot3PdTKxWW13n0sOFfFiAFF-FgbPgTni4EJjNPjDvcoZu1VgfdrinapRJf2UifhdGIXEXD_K1tp4k8AeorO8bbHYg6Y4G3PSLqJuGE4h4g_COGDAKDbXYttsXhlYwKINabzkevjvqOapUSwLb3FAOkWZMbB9Mg7VYfyD1XKIfHP37u61yszbFyORoud7G8UcICulahL8TnUz89nfXvplOK49IDcyDZ6-4dIELvnxC9xVparN_tdtrxfn3z9MLvqQBjBuU-FyrSgQCFHQC5R6lreHW1hzUgz4ZZtLihzScf2sndzzRl5Z5pjBOfEx7VvZcws81DizImanAVr_rcIGSNmExBNs1z9U4KjkYAgZT2aereO6XsSZc1Vs3djEgYLv4YQov7AZrMaPyoXKzjhZ_vzGypHZxI34F5fhEVfJixMmkC0n7rEFU_8DgkglbqKiIgFvxPjh8qo-6qP9UsPPScGUzVjbwNiklWU4DOWaalOHdFoh72mwRE-ze-A6GbOg1Gh03GObcct_di23xJRpKKtwCnOoPlBd05ZCEQoBz_t7xxLqJB6a7vlPWTYykwRDUjGI3FENGwdiudlyclSFrVu4EUgOWch0g936617TLJr6AbV4ip-NAP5pT2krRaXFoks5HwnBpsz0OJQ8WfNuKfUNTREDvEV1Sa063313NaBjWgyzwOahulU_0nycMPeuo-0z4e6mu8yMRfZD9l_HBekHgsp9ZybIkDshrsbemUyZNX7HiHnaMzr4fK_SpbHq3qHI857eSKN13ofqu2Ogvy_jzm1mNfGm8cvV5G9k8YzB06BCxhh8FM1DolkmeDBEanPsRxxcTQtRPdux7U1T1CZWUCX4yGyWDkl85uKiI8MZMtHi2v37-fJM7zOJXpu9LghaUODi6QncpGn_khCWUY-LAvDj82PVf5OOC6EDfPogyyjf72Bcu8ws6YGaegGpXtHEzqcWV8Ovk2NWkwWhtc9OegwAm928jfRxQJo4kL7575u-0AG2kbYPHUTjjPKvQdta8BC1EiJAjF60C7ayXrNgOAFRXviB8qn7hQCte1VWtwz0kWaRbBPVESW6TkvyCTgTfO7yp21PpuPCWhfkRTb4KSAPfKL-JJS2RE6tygen2wFTeRZXw6-TY1aTL6yYf11unmu0oMnz0U9yxdX5464EfUFmI4XCXOQKRvPWXT_fxgbecCC9tYwrQn-gCYVIO79thtI4Zz0H8pTbHIB9SEZpYm8fMK3Rj8xBauoDCvHCve4NiZgwBukl0zc7NoMD1C-ZU3LPeHq9Xhh_HTU_Bb3g2c_dcmE0tLH4D3ZEyKRveVvzMq6AMcFvrxfUZZJCxAdeOqU
IP 52.116.53.155:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /aS/feedclick?s=HFz5zNIIs96fzq49jFkHXa3dDnCBF-q5XdKpm_iE5krR4Y6kwqRF86d73pnnDH6ohvzYfNFjJsKn06qgcpL4cAslfKdxj89gROsD6Hix4F-7W8_OsGPNCx1lVC9oF4FMmrbARTGkk3NUUOUcZEDwassk593LVzcv2RysndScI7A0hcu6hKn3wvsVWknfJjvzDZ6-4dIELvnxC9xVparN_tdtrxfn3z9MLvqQBjBuU-FyrSgQCFHQC5R6lreHW1hzFnpt0lm1N3UHkzS6A_HiiIKmWCau9TXvIkg_qjJ_F0nbGdnW-W7y35Xb1Ffm7pW4W2Qo2113gZBlm0Q9kJaDF9AWo7BP5_zLoxqcot3PdTKxWW13n0sOFfFiAFF-FgbPgTni4EJjNPjDvcoZu1VgfdrinapRJf2UifhdGIXEXD_K1tp4k8AeorO8bbHYg6Y4G3PSLqJuGE4h4g_COGDAKDbXYttsXhlYwKINabzkevjvqOapUSwLb3FAOkWZMbB9Mg7VYfyD1XKIfHP37u61yszbFyORoud7G8UcICulahL8TnUz89nfXvplOK49IDcyDZ6-4dIELvnxC9xVparN_tdtrxfn3z9MLvqQBjBuU-FyrSgQCFHQC5R6lreHW1hzUgz4ZZtLihzScf2sndzzRl5Z5pjBOfEx7VvZcws81DizImanAVr_rcIGSNmExBNs1z9U4KjkYAgZT2aereO6XsSZc1Vs3djEgYLv4YQov7AZrMaPyoXKzjhZ_vzGypHZxI34F5fhEVfJixMmkC0n7rEFU_8DgkglbqKiIgFvxPjh8qo-6qP9UsPPScGUzVjbwNiklWU4DOWaalOHdFoh72mwRE-ze-A6GbOg1Gh03GObcct_di23xJRpKKtwCnOoPlBd05ZCEQoBz_t7xxLqJB6a7vlPWTYykwRDUjGI3FENGwdiudlyclSFrVu4EUgOWch0g936617TLJr6AbV4ip-NAP5pT2krRaXFoks5HwnBpsz0OJQ8WfNuKfUNTREDvEV1Sa063313NaBjWgyzwOahulU_0nycMPeuo-0z4e6mu8yMRfZD9l_HBekHgsp9ZybIkDshrsbemUyZNX7HiHnaMzr4fK_SpbHq3qHI857eSKN13ofqu2Ogvy_jzm1mNfGm8cvV5G9k8YzB06BCxhh8FM1DolkmeDBEanPsRxxcTQtRPdux7U1T1CZWUCX4yGyWDkl85uKiI8MZMtHi2v37-fJM7zOJXpu9LghaUODi6QncpGn_khCWUY-LAvDj82PVf5OOC6EDfPogyyjf72Bcu8ws6YGaegGpXtHEzqcWV8Ovk2NWkwWhtc9OegwAm928jfRxQJo4kL7575u-0AG2kbYPHUTjjPKvQdta8BC1EiJAjF60C7ayXrNgOAFRXviB8qn7hQCte1VWtwz0kWaRbBPVESW6TkvyCTgTfO7yp21PpuPCWhfkRTb4KSAPfKL-JJS2RE6tygen2wFTeRZXw6-TY1aTL6yYf11unmu0oMnz0U9yxdX5464EfUFmI4XCXOQKRvPWXT_fxgbecCC9tYwrQn-gCYVIO79thtI4Zz0H8pTbHIB9SEZpYm8fMK3Rj8xBauoDCvHCve4NiZgwBukl0zc7NoMD1C-ZU3LPeHq9Xhh_HTU_Bb3g2c_dcmE0tLH4D3ZEyKRveVvzMq6AMcFvrxfUZZJCxAdeOqU HTTP/1.1
Host: mybettermb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cynes-gwf.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Tue, 28 Feb 2023 16:08:00 GMT
content-length: 0
set-cookie: rhid=82926458872; Max-Age=15552000; Expires=Sun, 27-Aug-2023 16:08:00 GMT; Domain=mybettermb.com; Path=/; SameSite=None; secure;
location: https://p54677.mybettermb.com/adServe/domainClick?ai=zHPR75Zx-onygYaeN_ogCPKnbU-m48JaF-RFNvgpIA98ov4klLZETq3KB6fbAVN5FlfDr5NjVpMvrJh_XW6ea7SgyfPRT3LF1fnjrgR9QWYjhcJc5ApG89ZdP9_GBt5wIL21jCtCf6AJhUg7v22G0jhnPQfylNscDnHJCWTK0eBMDP1FhsCRVwCDFx3Qt8gL1MXD3USB7qIPdhGn3_C1PsWFI3yN4qDY4X9Qbw4-0SQG9_hEhxtCR4NkbxMK5NnqWwu1N9Eyadm4CvWmDAYJeYHLlDn_W9ZBAUgheKjLQ6KwCMoixrppYvKnbU-m48JaF-RFNvgpIA98ov4klLZETq3KB6fbAVN5FlfDr5NjVpO675vur6_432Gu5pO1GKRhhHkhXtwEIikb-ufT921Vsd347mfhgNbxZuDK-Dk20eQlVRFEktQBWBaf4XymfSdAQOGScGtJTvTwrHjoweW6kBTRhJTr31T6sz6E4fJKdEtrKCtj0Ed3D9R2p1wd5MDK1A3LQQeWyuAM6cRdns6hCZEWaA5Ezek0Lg4vWacia8T9PVemRXHa6iYNb-iWwdA0&ui=HFz5zNIIs96fzq49jFkHXcQzYObQGwwU7xf6tdOZukNmkWwT1RElupWgNAw5gU_X_vECO5NGsm-YPbSF4YyjXvJIWcfeHzsE3I9fVG5JokIViR0TwjbS6A&si=1&oref=c9ce1d5b18e6fdae7568ad65d872115d&optunit=QoejTycKR9qgGMBHu0qr2A&rb=LW_v4KVZAgI&rr=0&abtg=0
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 2f2b86251851c15a6378051a85964269
376c0277369d9cf0f23b197ed42b20be02bb1a8c
e1b4055a26895e7eb7791d8ae2bbd0066dd897ca0f9c27d896480fb0e8ce7bca
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E1B4055A26895E7EB7791D8AE2BBD0066DD897CA0F9C27D896480FB0E8CE7BCA"
Last-Modified: Mon, 27 Feb 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10481
Expires: Tue, 28 Feb 2023 19:02:42 GMT
Date: Tue, 28 Feb 2023 16:08:01 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 2f2b86251851c15a6378051a85964269
376c0277369d9cf0f23b197ed42b20be02bb1a8c
e1b4055a26895e7eb7791d8ae2bbd0066dd897ca0f9c27d896480fb0e8ce7bca
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E1B4055A26895E7EB7791D8AE2BBD0066DD897CA0F9C27D896480FB0E8CE7BCA"
Last-Modified: Mon, 27 Feb 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10481
Expires: Tue, 28 Feb 2023 19:02:42 GMT
Date: Tue, 28 Feb 2023 16:08:01 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 2f2b86251851c15a6378051a85964269
376c0277369d9cf0f23b197ed42b20be02bb1a8c
e1b4055a26895e7eb7791d8ae2bbd0066dd897ca0f9c27d896480fb0e8ce7bca
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E1B4055A26895E7EB7791D8AE2BBD0066DD897CA0F9C27D896480FB0E8CE7BCA"
Last-Modified: Mon, 27 Feb 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10481
Expires: Tue, 28 Feb 2023 19:02:42 GMT
Date: Tue, 28 Feb 2023 16:08:01 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd3522243-5d97-4af8-b226-ab57b3bee6ce.jpeg
34.120.237.76200 OK 5.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd3522243-5d97-4af8-b226-ab57b3bee6ce.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9c31845a0e9bfa6eefa096b10b1748e6
3ac78dbfb5e00eced4d80ead89637db5d5569b59
89da1434d398527a658be5746929afdc17064ea30d05b094b860557d101a2043
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd3522243-5d97-4af8-b226-ab57b3bee6ce.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5676
x-amzn-requestid: c688d38f-fe89-4583-a61f-bd21fdc64325
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BBJiUGmboAMFWTw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63fd22db-17d51fe00701a6f13222bc9e;Sampled=0
x-amzn-remapped-date: Mon, 27 Feb 2023 21:38:35 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: s_upibi5k7u8Zwn4SsH_pwULbXvvkqlotySoutc4EZ21inzz0P1cMQ==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 82893cc36087a50f9a150a621d10e740.cloudfront.net (CloudFront), 1.1 google
date: Mon, 27 Feb 2023 22:13:33 GMT
age: 64468
etag: "3ac78dbfb5e00eced4d80ead89637db5d5569b59"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd1ed5953-9a52-48d8-8c04-773371481cfc.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd1ed5953-9a52-48d8-8c04-773371481cfc.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2ad77b981b7d4dcee854c3b4cdaa51e5
60c58b1da70d5ccaf2808e8855bd16af3abc5091
02aaa7b6e45ec41bb23a00c2818b57ba11bfb067afff596e077996b4c204182b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd1ed5953-9a52-48d8-8c04-773371481cfc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12392
x-amzn-requestid: 756aa1f8-e551-4579-ae1a-a9d8997d14d4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BBI8OHqFoAMFyQg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63fd21e7-58d6305b723057565f143df1;Sampled=0
x-amzn-remapped-date: Mon, 27 Feb 2023 21:34:31 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: 8w0dIx9eQxSej9uZn_9a9ulWv0W02L4S90UbTWyz7_Ihk8eWJKHHow==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 5c35539543902c678280929df206948c.cloudfront.net (CloudFront), 1.1 google
date: Mon, 27 Feb 2023 22:13:56 GMT
age: 64445
etag: "60c58b1da70d5ccaf2808e8855bd16af3abc5091"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa2e02c64-639c-4f05-b3cf-20409c83958f.png
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa2e02c64-639c-4f05-b3cf-20409c83958f.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9b3eea57a1e2f30ca653881fec23a469
5ef9a8b112a861f76f8e9535d5177b87d2b94101
45402417031fdbcfab70ff00418353fc13030b07dafab046c454cc2c8e59765f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa2e02c64-639c-4f05-b3cf-20409c83958f.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12560
x-amzn-requestid: 10e07436-1099-442a-ac5b-79cbc171f293
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BBI7eEHToAMFRcw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63fd21e2-2954354823c91c3977c1dad3;Sampled=0
x-amzn-remapped-date: Mon, 27 Feb 2023 21:34:26 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: pj1nymVrrN_9r2aeGJzV045cBAUYCtiSF3yv5cnaJ68M_AW2DNwqow==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 a06140ffee86972bad90c57fc682df36.cloudfront.net (CloudFront), 1.1 google
date: Mon, 27 Feb 2023 22:13:57 GMT
age: 64444
etag: "5ef9a8b112a861f76f8e9535d5177b87d2b94101"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ab89bda-b5ae-4fc9-ae25-9735e6a09253.jpeg
34.120.237.76200 OK 9.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ab89bda-b5ae-4fc9-ae25-9735e6a09253.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 64333124e6917c70cfdfda426657cf03
cf14d5b8be44b398f1591bb99f4f02475439d46d
2b70a1caf282d895a0f125a3f6ddbe4027b30aff53cfef5763081ce65cd15327
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ab89bda-b5ae-4fc9-ae25-9735e6a09253.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8956
x-amzn-requestid: 121fc6f6-4828-4494-8a7c-607c9ab18751
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BBI8SERsIAMFUwg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63fd21e7-026a30452770078772a812ba;Sampled=0
x-amzn-remapped-date: Mon, 27 Feb 2023 21:34:31 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: hHIV4DB-8v9dbyIh1JWkE0rS5mfEv1_BdUZf0Xn4-neFJ7Fvzy5fkQ==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 a9e73292d0b92053c3e38dcec15fd0e2.cloudfront.net (CloudFront), 1.1 google
date: Mon, 27 Feb 2023 21:47:02 GMT
age: 66059
etag: "cf14d5b8be44b398f1591bb99f4f02475439d46d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb97e8f2e-6da0-4f8b-b12c-1af676e3e4da.jpeg
34.120.237.76200 OK 9.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb97e8f2e-6da0-4f8b-b12c-1af676e3e4da.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2a5f3d376fe6a3a78a5d1fe136f962fb
3e9b03cc296e954d63526a4e7e75beea3130fc3b
c8cf4f1c0352102764247e4dc5a2076921e0eaa18bfd110e5b0b97a55c706690
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb97e8f2e-6da0-4f8b-b12c-1af676e3e4da.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9093
x-amzn-requestid: 3fd9f8c8-cf10-4222-a2cc-5f18ff7b2e9f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Az9D3HqmoAMFeBQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63f7dbb2-352315613cc0c2bc7eb28e05;Sampled=0
x-amzn-remapped-date: Thu, 23 Feb 2023 21:33:38 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: S8s54RJtScNtsl6uEFtBEHnTj4lb3l5xIWR96Kvr_SdwQQQMgSKNxA==
via: 1.1 23206a1c229d8877bdd053c4b05f9d12.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Mon, 27 Feb 2023 21:44:19 GMT
age: 66222
etag: "3e9b03cc296e954d63526a4e7e75beea3130fc3b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe86c29cb-5fdc-45c6-ab49-fced44388b23.jpeg
34.120.237.76200 OK 9.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe86c29cb-5fdc-45c6-ab49-fced44388b23.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 366093382f0d29a755551eb4731de695
08cb50c6b8b088f33768ff7dd1fb190671cd173f
b597462c5bdeef2d0f30f7dafba80f4ca8dbf8a68db12ee3ebdd997f5d6821d9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe86c29cb-5fdc-45c6-ab49-fced44388b23.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9938
x-amzn-requestid: abb817ca-4b43-4cab-b660-df79f84c1b39
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BBI8SErbIAMFydg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63fd21e7-4b7e41432b5d010644420c07;Sampled=0
x-amzn-remapped-date: Mon, 27 Feb 2023 21:34:31 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: ya3h1O06fEWtQ_fVaP62UWuxFmjCGQyeYWk_x9XyKwJe2oJhDOetjQ==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 0ec9ddba08fcd99386924593dbdbd44a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 27 Feb 2023 21:47:02 GMT
age: 66059
etag: "08cb50c6b8b088f33768ff7dd1fb190671cd173f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 62eae7beba21fa79074b5eacfb5fba6a
8b4dfeab59691a14e0f4c42058e06827d98087a9
a5e8d68dabb9380d37b1a83b20bea39a2d5ec585d20dd999a5a281ebd4808880
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A5E8D68DABB9380D37B1A83B20BEA39A2D5EC585D20DD999A5A281EBD4808880"
Last-Modified: Mon, 27 Feb 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Tue, 28 Feb 2023 22:08:01 GMT
Date: Tue, 28 Feb 2023 16:08:01 GMT
Connection: keep-alive
qvikar.com/symantec/security/445227519
192.254.234.214302 Found 0 B URL HTTP/2 qvikar.com/symantec/security/445227519
IP 192.254.234.214:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /symantec/security/445227519 HTTP/1.1
Host: qvikar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
location: https://www.clkmg.com/qvikar/symantec/security/445227519/
vary: User-Agent
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 28 Feb 2023 16:08:01 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.globalsign.com/alphasslcasha256g4
104.18.21.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/alphasslcasha256g4
IP 104.18.21.226:0
Hash 517f53f9660aec1f6b0ba9a39fd0189d
a44bfd5f1ed195b0e65fecb8649c9804c049d098
74707878eceb0344dc8e33b4df87c99911b1411db669eab583e1934651ca3cb6
POST /alphasslcasha256g4 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 28 Feb 2023 16:08:01 GMT
Content-Type: application/ocsp-response
Content-Length: 1437
Connection: keep-alive
Expires: Sat, 04 Mar 2023 12:29:11 GMT
ETag: "a44bfd5f1ed195b0e65fecb8649c9804c049d098"
Last-Modified: Tue, 28 Feb 2023 12:29:12 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3145
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7a0a6aa46bb3b50c-OSL
www.clkmg.com/qvikar/symantec/security/445227519/
50.97.212.250302 Found 252 B URL HTTP/1.1 www.clkmg.com/qvikar/symantec/security/445227519/
IP 50.97.212.250:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash f8e0d84321b2e3784347d18576532a0c
4618d65b989caf526cdd39434e52a42c74dd93ec
f886f67905fa02b7c13894be500f5a1736fe20542e0a57561444ce84be3824a5
GET /qvikar/symantec/security/445227519/ HTTP/1.1
Host: www.clkmg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Date: Tue, 28 Feb 2023 16:08:02 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 252
Connection: keep-alive
P3P: CP="This is not a P3P policy! See https://www.clkmg.com for more info."
Set-Cookie: alc=1; domain=.clkmg.com; expires=Tue Feb 28 16:08:07 2023; path=/;
lids=1537844-154439+; domain=.clkmg.com; expires=Wed Feb 28 16:08:02 2024; path=/;
Location: https://www.clkmg.com/err/?u=qvikar&l=symantec&s=A&e=403
Server: nginx
X-Permitted-Cross-Domain-Policies: none
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Access-Control-Max-Age: 300
X-CM-FE: httpfe-01.clickmagick.com
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
www.clkmg.com/err/?u=qvikar&l=symantec&s=A&e=403
50.97.212.250200 OK 1.4 kB URL HTTP/1.1 www.clkmg.com/err/?u=qvikar&l=symantec&s=A&e=403
IP 50.97.212.250:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash fbf6005663528fbffb7fdf9c8fa995bc
de4dc1559fd1bd3026d94887738125a83b4012b6
972ee94dbdbea4c5e3a75afbb7d2b5ee9dd6e5558b8d09603491b51b7ccbb704
GET /err/?u=qvikar&l=symantec&s=A&e=403 HTTP/1.1
Host: www.clkmg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: alc=1; lids=1537844-154439+
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 28 Feb 2023 16:08:02 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="This is not a P3P policy! See http://www.clkmg.com for more info."
Server: nginx
X-Permitted-Cross-Domain-Policies: none
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Access-Control-Max-Age: 300
X-CM-FE: httpfe-01.clickmagick.com
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
ocsp2.globalsign.com/gsalphasha2g2
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp2.globalsign.com/gsalphasha2g2
IP 104.18.20.226:0
Hash 21fa69fbf5e23d6b13f292bbf7c98aeb
81648d9e240556ba08e729d6cef6670e1e3e1ab6
a7defebf61ad552b6847c5e03039943c5b46131d8ac24bc37077f26431f620be
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 28 Feb 2023 16:08:02 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Sat, 04 Mar 2023 15:16:32 GMT
ETag: "81648d9e240556ba08e729d6cef6670e1e3e1ab6"
Last-Modified: Tue, 28 Feb 2023 15:16:33 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7a0a6aa82f46b51b-OSL
ocsp2.globalsign.com/gsalphasha2g2
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp2.globalsign.com/gsalphasha2g2
IP 104.18.20.226:0
Hash 8bf9804450dd93586e831923bbb18831
3d23185fd984e1628133bb294f419dd84d4a7310
9187cc628cb54035f88e3a29cf8e01e5dd2f7e2715052db04c00308aa8a94506
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 28 Feb 2023 16:08:02 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Sat, 04 Mar 2023 12:28:29 GMT
ETag: "3d23185fd984e1628133bb294f419dd84d4a7310"
Last-Modified: Tue, 28 Feb 2023 12:28:30 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2949
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7a0a6aa8493eb515-OSL
cdn.clickmagick.com/images/logo.gif
54.230.111.94200 OK 4.3 kB URL HTTP/2 cdn.clickmagick.com/images/logo.gif
IP 54.230.111.94:0
File type GIF image data, version 89a, 300 x 64\012- data
Hash 1bfe88368945f71f6b145f8fdc431c3f
2650030369e5c327d5eaf4a6b9fd175786bda751
b069053ff474120a849ba3e9f1d4110f4311608883e9ec1cdbe68e1b181dcc73
GET /images/logo.gif HTTP/1.1
Host: cdn.clickmagick.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.clkmg.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/gif
content-length: 4252
date: Mon, 27 Feb 2023 17:03:01 GMT
last-modified: Wed, 27 Jul 2022 23:18:30 GMT
etag: "62e1c7c6-109c"
server: nginx
x-permitted-cross-domain-policies: none
x-frame-options: SAMEORIGIN
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-max-age: 300
expires: Sun, 28 May 2023 17:03:01 GMT
cache-control: max-age=7776000, public, no-transform
accept-ranges: bytes
x-cache: Hit from cloudfront
via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: hSfQHvX3omIfsnR_OV112p4oqrNNCbPayIE9i3GA9s53GmmAPBW6UQ==
age: 83101
x-robots-tag: noindex
X-Firefox-Spdy: h2
ocsp2.globalsign.com/gsalphasha2g2
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp2.globalsign.com/gsalphasha2g2
IP 104.18.20.226:0
Hash 21fa69fbf5e23d6b13f292bbf7c98aeb
81648d9e240556ba08e729d6cef6670e1e3e1ab6
a7defebf61ad552b6847c5e03039943c5b46131d8ac24bc37077f26431f620be
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 28 Feb 2023 16:08:02 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Sat, 04 Mar 2023 15:16:32 GMT
ETag: "81648d9e240556ba08e729d6cef6670e1e3e1ab6"
Last-Modified: Tue, 28 Feb 2023 15:16:33 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7a0a6aa82d251bfe-OSL
cdn.clkmg.com/misc/css/style.css
143.204.55.114200 OK 4.5 kB URL HTTP/1.1 cdn.clkmg.com/misc/css/style.css
IP 143.204.55.114:0
Hash e540f61448a0e598774be6738463a0c5
75c83228491705c9a412383803decd6878c3f163
263bd19121ab72d1db5109850141dd62598ee8d4240b4cbfb3bce40a85c5da3c
GET /misc/css/style.css HTTP/1.1
Host: cdn.clkmg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.clkmg.com/
Cookie: alc=1; lids=1537844-154439+
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 4498
Connection: keep-alive
Date: Wed, 08 Feb 2023 10:11:27 GMT
Last-Modified: Sat, 06 Aug 2022 19:05:46 GMT
ETag: "62eebb8a-1192"
Server: nginx
X-Permitted-Cross-Domain-Policies: none
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Access-Control-Max-Age: 300
Expires: Fri, 10 Mar 2023 10:11:27 GMT
Cache-Control: max-age=2592000, public, no-transform
Accept-Ranges: bytes
X-Cache: Hit from cloudfront
Via: 1.1 a9120cc3ff449047c990e82a4d5566ba.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: sY_jFKq39XMsTKDHEMQfUHBWECCUY6U7khJeREN1UaWPhEOgN199wQ==
Age: 1749395
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Referrer-Policy: strict-origin-when-cross-origin
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
cdn.clkmg.com/images/spacer.gif
143.204.55.114200 OK 43 B URL HTTP/1.1 cdn.clkmg.com/images/spacer.gif
IP 143.204.55.114:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash fc94fb0c3ed8a8f909dbc7630a0987ff
56d45f8a17f5078a20af9962c992ca4678450765
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
GET /images/spacer.gif HTTP/1.1
Host: cdn.clkmg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.clkmg.com/
Cookie: alc=1; lids=1537844-154439+
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Date: Mon, 09 Jan 2023 02:31:58 GMT
Last-Modified: Thu, 23 Feb 2017 23:21:15 GMT
ETag: "58af6e6b-2b"
Server: nginx
X-Permitted-Cross-Domain-Policies: none
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Access-Control-Max-Age: 300
Expires: Sun, 09 Apr 2023 02:31:58 GMT
Cache-Control: max-age=7776000, public, no-transform
Accept-Ranges: bytes
X-Cache: Hit from cloudfront
Via: 1.1 057fdebf738f5915bf38a78949190758.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 8O7DmlQOj4AjZ3EpUfvBLQyvvA0GsioUBFq3JC96QExdHJ0vrsb6ZQ==
Age: 4368964
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Referrer-Policy: strict-origin-when-cross-origin
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
cdn.clickmagick.com/misc/fonts/website/v3/Inter-Regular.woff
54.230.111.94200 OK 149 kB URL HTTP/2 cdn.clickmagick.com/misc/fonts/website/v3/Inter-Regular.woff
IP 54.230.111.94:0
File type Web Open Font Format, TrueType, length 149344, version 0.0\012- data
Size 149 kB (149344 bytes)
Hash ea2c76b525641c2051cdf7d930e465ba
b3ffc2515b8429e92540e084fd6011f32b8df368
6ab2042219a7bbc2f5523d61ad24c9f1e3627f2cbb891669d981da8bb019c11e
GET /misc/fonts/website/v3/Inter-Regular.woff HTTP/1.1
Host: cdn.clickmagick.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://cdn.clkmg.com/
Origin: https://www.clkmg.com
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/font-woff
content-length: 149344
date: Mon, 27 Feb 2023 17:42:16 GMT
last-modified: Wed, 22 Jun 2022 15:39:23 GMT
etag: "62b337ab-24760"
server: nginx
x-permitted-cross-domain-policies: none
x-frame-options: SAMEORIGIN
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-max-age: 300
x-cm-fe: httpfe-01.clickmagick.com
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
accept-ranges: bytes
x-cache: Hit from cloudfront
via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: kLEv3NOOtqzGLEv0nYYIXAN9H6N6A1mKzHPcdjtgVAuqGCnXPa_LIw==
age: 80745
x-robots-tag: noindex
X-Firefox-Spdy: h2
cdn.clickmagick.com/misc/fonts/website/v3/Inter-Medium.woff
54.230.111.94200 OK 158 kB URL HTTP/2 cdn.clickmagick.com/misc/fonts/website/v3/Inter-Medium.woff
IP 54.230.111.94:0
File type Web Open Font Format, TrueType, length 157888, version 0.0\012- data
Size 158 kB (157888 bytes)
Hash 6b5a42f0603ea013e7099c2160e007e7
1a817b28d15fba7537a6ac0ed28126589062f303
860f80f683dd2cca3acc4680a798cd8a1a8dd8d6a0e18312692d9504f3792242
GET /misc/fonts/website/v3/Inter-Medium.woff HTTP/1.1
Host: cdn.clickmagick.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://cdn.clkmg.com/
Origin: https://www.clkmg.com
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/font-woff
content-length: 157888
date: Mon, 27 Feb 2023 17:42:16 GMT
last-modified: Wed, 22 Jun 2022 15:39:23 GMT
etag: "62b337ab-268c0"
server: nginx
x-permitted-cross-domain-policies: none
x-frame-options: SAMEORIGIN
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-max-age: 300
x-cm-fe: httpfe-01.clickmagick.com
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
accept-ranges: bytes
x-cache: Hit from cloudfront
via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ZMoEx8CLWt-Yft0cFMyzzvA8yhWKVUxGWDMxudqApVPvFW8FGWuzkA==
age: 80745
x-robots-tag: noindex
X-Firefox-Spdy: h2
www.clkmg.com/favicon.ico
50.97.212.250200 OK 78 B URL HTTP/1.1 www.clkmg.com/favicon.ico
IP 50.97.212.250:0
File type MS Windows icon resource - 1 icon, 1x1, 2 colors\012- data
Hash c9e1efa761b83f4a25a07dc85c207f95
7c1df040d4119e1c1b4f875c362f363ad1f6ba13
91634633ca6d34044c356a9a0baa832f1927d8326e1ae1a95af22b864d30dd7f
GET /favicon.ico HTTP/1.1
Host: www.clkmg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.clkmg.com/err/?u=qvikar&l=symantec&s=A&e=403
Cookie: alc=1; lids=1537844-154439+
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Tue, 28 Feb 2023 16:08:02 GMT
Content-Type: image/x-icon
Content-Length: 78
Last-Modified: Thu, 21 Apr 2022 16:32:44 GMT
Connection: keep-alive
ETag: "6261872c-4e"
Server: nginx
X-Permitted-Cross-Domain-Policies: none
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Access-Control-Max-Age: 300
Expires: Thu, 30 Mar 2023 16:08:02 GMT
Pragma: public
Cache-Control: max-age=2592000, public
Accept-Ranges: bytes
p54677.mybettermb.com/adServe/domainClick?ai=zHPR75Zx-onygYaeN_ogCPKnbU-m48JaF-RFNvgpIA98ov4klLZETq3KB6fbAVN5FlfDr5NjVpMvrJh_XW6ea7SgyfPRT3LF1fnjrgR9QWYjhcJc5ApG89ZdP9_GBt5wIL21jCtCf6AJhUg7v22G0jhnPQfylNscDnHJCWTK0eBMDP1FhsCRVwCDFx3Qt8gL1MXD3USB7qIPdhGn3_C1PsWFI3yN4qDY4X9Qbw4-0SQG9_hEhxtCR4NkbxMK5NnqWwu1N9Eyadm4CvWmDAYJeYHLlDn_W9ZBAUgheKjLQ6KwCMoixrppYvKnbU-m48JaF-RFNvgpIA98ov4klLZETq3KB6fbAVN5FlfDr5NjVpO675vur6_432Gu5pO1GKRhhHkhXtwEIikb-ufT921Vsd347mfhgNbxZuDK-Dk20eQlVRFEktQBWBaf4XymfSdAQOGScGtJTvTwrHjoweW6kBTRhJTr31T6sz6E4fJKdEtrKCtj0Ed3D9R2p1wd5MDK1A3LQQeWyuAM6cRdns6hCZEWaA5Ezek0Lg4vWacia8T9PVemRXHa6iYNb-iWwdA0&ui=HFz5zNIIs96fzq49jFkHXcQzYObQGwwU7xf6tdOZukNmkWwT1RElupWgNAw5gU_X_vECO5NGsm-YPbSF4YyjXvJIWcfeHzsE3I9fVG5JokIViR0TwjbS6A&si=1&oref=c9ce1d5b18e6fdae7568ad65d872115d&optunit=QoejTycKR9qgGMBHu0qr2A&rb=LW_v4KVZAgI&rr=0&abtg=0
52.116.53.155200 OK 0 B URL HTTP/2 p54677.mybettermb.com/adServe/domainClick?ai=zHPR75Zx-onygYaeN_ogCPKnbU-m48JaF-RFNvgpIA98ov4klLZETq3KB6fbAVN5FlfDr5NjVpMvrJh_XW6ea7SgyfPRT3LF1fnjrgR9QWYjhcJc5ApG89ZdP9_GBt5wIL21jCtCf6AJhUg7v22G0jhnPQfylNscDnHJCWTK0eBMDP1FhsCRVwCDFx3Qt8gL1MXD3USB7qIPdhGn3_C1PsWFI3yN4qDY4X9Qbw4-0SQG9_hEhxtCR4NkbxMK5NnqWwu1N9Eyadm4CvWmDAYJeYHLlDn_W9ZBAUgheKjLQ6KwCMoixrppYvKnbU-m48JaF-RFNvgpIA98ov4klLZETq3KB6fbAVN5FlfDr5NjVpO675vur6_432Gu5pO1GKRhhHkhXtwEIikb-ufT921Vsd347mfhgNbxZuDK-Dk20eQlVRFEktQBWBaf4XymfSdAQOGScGtJTvTwrHjoweW6kBTRhJTr31T6sz6E4fJKdEtrKCtj0Ed3D9R2p1wd5MDK1A3LQQeWyuAM6cRdns6hCZEWaA5Ezek0Lg4vWacia8T9PVemRXHa6iYNb-iWwdA0&ui=HFz5zNIIs96fzq49jFkHXcQzYObQGwwU7xf6tdOZukNmkWwT1RElupWgNAw5gU_X_vECO5NGsm-YPbSF4YyjXvJIWcfeHzsE3I9fVG5JokIViR0TwjbS6A&si=1&oref=c9ce1d5b18e6fdae7568ad65d872115d&optunit=QoejTycKR9qgGMBHu0qr2A&rb=LW_v4KVZAgI&rr=0&abtg=0
IP 52.116.53.155:0
GET /adServe/domainClick?ai=zHPR75Zx-onygYaeN_ogCPKnbU-m48JaF-RFNvgpIA98ov4klLZETq3KB6fbAVN5FlfDr5NjVpMvrJh_XW6ea7SgyfPRT3LF1fnjrgR9QWYjhcJc5ApG89ZdP9_GBt5wIL21jCtCf6AJhUg7v22G0jhnPQfylNscDnHJCWTK0eBMDP1FhsCRVwCDFx3Qt8gL1MXD3USB7qIPdhGn3_C1PsWFI3yN4qDY4X9Qbw4-0SQG9_hEhxtCR4NkbxMK5NnqWwu1N9Eyadm4CvWmDAYJeYHLlDn_W9ZBAUgheKjLQ6KwCMoixrppYvKnbU-m48JaF-RFNvgpIA98ov4klLZETq3KB6fbAVN5FlfDr5NjVpO675vur6_432Gu5pO1GKRhhHkhXtwEIikb-ufT921Vsd347mfhgNbxZuDK-Dk20eQlVRFEktQBWBaf4XymfSdAQOGScGtJTvTwrHjoweW6kBTRhJTr31T6sz6E4fJKdEtrKCtj0Ed3D9R2p1wd5MDK1A3LQQeWyuAM6cRdns6hCZEWaA5Ezek0Lg4vWacia8T9PVemRXHa6iYNb-iWwdA0&ui=HFz5zNIIs96fzq49jFkHXcQzYObQGwwU7xf6tdOZukNmkWwT1RElupWgNAw5gU_X_vECO5NGsm-YPbSF4YyjXvJIWcfeHzsE3I9fVG5JokIViR0TwjbS6A&si=1&oref=c9ce1d5b18e6fdae7568ad65d872115d&optunit=QoejTycKR9qgGMBHu0qr2A&rb=LW_v4KVZAgI&rr=0&abtg=0 HTTP/1.1
Host: p54677.mybettermb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://cynes-gwf.com/
Connection: keep-alive
Cookie: rhid=82926458872
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 28 Feb 2023 16:08:00 GMT
content-type: text/html;charset=ISO-8859-1
vary: Accept-Encoding
set-cookie: rhid=82926458872; Max-Age=15552000; Expires=Sun, 27-Aug-2023 16:08:00 GMT; Domain=mybettermb.com; Path=/; SameSite=None; secure;
loi=ad_857954_off_361683_aff_11454_cid_54677-WTHELPDESK.COM_ts_1677600480; Max-Age=3600; Expires=Tue, 28-Feb-2023 17:08:00 GMT; Domain=mybettermb.com; Path=/; SameSite=None; secure;
content-encoding: gzip
X-Firefox-Spdy: h2