firefox.settings.services.mozilla.com/v1/
143.204.55.35200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.35:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-stale=0
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 04 Oct 2022 11:40:45 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 f00e3524edcdf61801454f2bb21e71ce.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: sYJ7onc5GJ0WY9SFX3AoqP93inFAxvptL_0rWfnZoRX3GWkibLVMpg==
Age: 2184
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9955bda9c9ef64bc5700a14af0bae25e
8de7b7469e905af0374bdfcc3006bbb844f13e94
1f611155394fac39439b8ec8217d8cd493d6b588d372d264e0d66c03129c50c6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1F611155394FAC39439B8EC8217D8CD493D6B588D372D264E0D66C03129C50C6"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6971
Expires: Tue, 04 Oct 2022 14:13:22 GMT
Date: Tue, 04 Oct 2022 12:17:11 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
143.204.55.110200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 143.204.55.110:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Tue, 04 Oct 2022 05:28:28 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 f66e3db0f0449307dba3fbf72bbf3bac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: BN3IVWthfHCWDlnHq7zybLQD5pqSeMq_PB1MWN9q5zW-vqtE10n4Zg==
age: 24524
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 12:17:11 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.35200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.35:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Tue, 04 Oct 2022 11:29:33 GMT
Expires: Tue, 04 Oct 2022 12:17:03 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 a2b4f68a89fc87406bff22c95fc07fba.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: ojkD6-IJ5rEk2b1zu0w3LvNWZsantXu1fXSNWBZPbVZpbZmKpefAJg==
Age: 2858
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 16ebfb2aa621547ecf581e26fc828a7d
f78993331f6f5b8af6409a9ad2fc50b77070f68a
0f81fd1d6be9ccc04b74f0348aafe642c7b9ab7dffb7e8a679b5d67cc2e5fac3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 350
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 12:17:11 GMT
Last-Modified: Tue, 04 Oct 2022 12:11:21 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
34.210.107.213101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.210.107.213:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 4v4Uz2wizyBHh2+QaC+lig==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: g1MwblfHUfjn/57kGFv23N/e1Aw=
yzvy.com/
91.195.240.12200 OK 1.3 kB IP 91.195.240.12:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (672)
Hash 7eab660a0086c800ad5794f25e3babce
98855300328af838bb65abf954c3515cba3bda0d
095189ae23a530c21862a075195fd8dff424f157376b74d4aa10958c143d9fef
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: yzvy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
date: Tue, 04 Oct 2022 12:17:12 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
vary: Accept-Encoding
x-powered-by: PHP/8.1.9
expires: Mon, 26 Jul 1997 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_IiRbeZyNxSpOHSLOLeviHJbNp2Ss5Hto0eHhoYiI0RCU06xM1DY6EWVBW3GoOAP1tTAZ0H6zTKUzv9qqLoszEg==
last-modified: Tue, 04 Oct 2022 12:17:10 GMT
x-cache-miss-from: parking-69b897b95b-jm4r7
server: NginX
content-encoding: gzip
img.sedoparking.com/images/js_preloader.gif
205.234.175.175200 OK 4.3 kB URL HTTP/1.1 img.sedoparking.com/images/js_preloader.gif
IP 205.234.175.175:0
File type GIF image data, version 89a, 16 x 16\012- data
Hash 90c93102a88c2ab94bff1575b7a6e86e
56d71bf13de464534643db9d127629a0a3bf677a
5f6ad7031600056b578a6e8c6b34bc718d13125cc8256aa4a9050e549576f81a
GET /images/js_preloader.gif HTTP/1.1
Host: img.sedoparking.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yzvy.com/
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 12:17:12 GMT
Content-Type: image/gif
Content-Length: 4254
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=604800
Expires: Tue, 11 Oct 2022 12:17:12 GMT
X-CFHash: "90c93102a88c2ab94bff1575b7a6e86e"
X-CFF: B
Last-Modified: Fri, 15 Mar 2019 12:24:07 GMT
X-CF3: H
CF4Age: 156700
x-cf-tsc: 1648179742
CF4ttl: 31536000.000
X-CF2: H
Server: CFS 0215
X-CF-ReqID: 8b888683b2e8eec66b365d5bdda6d96c
X-CF1: 11696:fA.arn1:cf:cacheN.arn1-01:H
Accept-Ranges: bytes
yzvy.com/search/tsc.php?200=NDUwMTc4NTYz&21=OTEuOTAuNDIuMTU0&681=MTY2NDg4NTgzMmEwOTA2MTRkOWZiZDJjN2ZhNjQzOWNkMGNkYWNjYWFj&crc=f529883919f1ac1153ab4853bf50b6098ae05a09&cv=1
91.195.240.12200 OK 0 B URL HTTP/1.1 yzvy.com/search/tsc.php?200=NDUwMTc4NTYz&21=OTEuOTAuNDIuMTU0&681=MTY2NDg4NTgzMmEwOTA2MTRkOWZiZDJjN2ZhNjQzOWNkMGNkYWNjYWFj&crc=f529883919f1ac1153ab4853bf50b6098ae05a09&cv=1
IP 91.195.240.12:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /search/tsc.php?200=NDUwMTc4NTYz&21=OTEuOTAuNDIuMTU0&681=MTY2NDg4NTgzMmEwOTA2MTRkOWZiZDJjN2ZhNjQzOWNkMGNkYWNjYWFj&crc=f529883919f1ac1153ab4853bf50b6098ae05a09&cv=1 HTTP/1.1
Host: yzvy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yzvy.com/
HTTP/1.1 200 OK
date: Tue, 04 Oct 2022 12:17:12 GMT
content-type: text/html; charset=UTF-8
content-length: 0
x-powered-by: PHP/8.1.9
x-cache-miss-from: parking-69b897b95b-m72r9
server: NginX
yzvy.com/search/redirect.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3D00SSuMtMW5I_0&v=Mjg5Y2QyYzgxMjY0MzRiOWY1ZTExYzMwMjEwOTU1MTgJMQl5enZ5LmNvbTYzM2MyNDQ2YzFjMmU2LjExNDQ2NTg0CXl6dnkuY29tNjMzYzI0NDZjMWM1NTIuMTU1NDQwOTgJMTY2NDg4NTgzMglhZF82M18w&l=OAliZDhiODAwZjdlNGM2NmZkZGNkYjFhNGZmY2I1NDMzMwkwCTM1CTAJYTM5NTk3ODk4NWNmYmY4NzVkZjZiNTQ2MjhlZjgwZmIJNDUwMTc4NTYzCXl6dnkJMAk2Mwk2CTIJMTY2NDg4NTgzMgkwLjAwMDIwMQlOCTAJMAkwCTEyMDUJMjg2NjU0MjIJOTEuOTAuNDIuMTU0CTA%3D
91.195.240.12302 Found 0 B URL HTTP/1.1 yzvy.com/search/redirect.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3D00SSuMtMW5I_0&v=Mjg5Y2QyYzgxMjY0MzRiOWY1ZTExYzMwMjEwOTU1MTgJMQl5enZ5LmNvbTYzM2MyNDQ2YzFjMmU2LjExNDQ2NTg0CXl6dnkuY29tNjMzYzI0NDZjMWM1NTIuMTU1NDQwOTgJMTY2NDg4NTgzMglhZF82M18w&l=OAliZDhiODAwZjdlNGM2NmZkZGNkYjFhNGZmY2I1NDMzMwkwCTM1CTAJYTM5NTk3ODk4NWNmYmY4NzVkZjZiNTQ2MjhlZjgwZmIJNDUwMTc4NTYzCXl6dnkJMAk2Mwk2CTIJMTY2NDg4NTgzMgkwLjAwMDIwMQlOCTAJMAkwCTEyMDUJMjg2NjU0MjIJOTEuOTAuNDIuMTU0CTA%3D
IP 91.195.240.12:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /search/redirect.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3D00SSuMtMW5I_0&v=Mjg5Y2QyYzgxMjY0MzRiOWY1ZTExYzMwMjEwOTU1MTgJMQl5enZ5LmNvbTYzM2MyNDQ2YzFjMmU2LjExNDQ2NTg0CXl6dnkuY29tNjMzYzI0NDZjMWM1NTIuMTU1NDQwOTgJMTY2NDg4NTgzMglhZF82M18w&l=OAliZDhiODAwZjdlNGM2NmZkZGNkYjFhNGZmY2I1NDMzMwkwCTM1CTAJYTM5NTk3ODk4NWNmYmY4NzVkZjZiNTQ2MjhlZjgwZmIJNDUwMTc4NTYzCXl6dnkJMAk2Mwk2CTIJMTY2NDg4NTgzMgkwLjAwMDIwMQlOCTAJMAkwCTEyMDUJMjg2NjU0MjIJOTEuOTAuNDIuMTU0CTA%3D HTTP/1.1
Host: yzvy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yzvy.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
date: Tue, 04 Oct 2022 12:17:12 GMT
content-type: text/html; charset=UTF-8
content-length: 0
x-powered-by: PHP/8.1.9
expires: Mon, 26 Jul 1997 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
last-modified: Tue, 04 Oct 2022 12:17:12 GMT
location: /search/tcerider.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3D00SSuMtMW5I_0&v=Mjg5Y2QyYzgxMjY0MzRiOWY1ZTExYzMwMjEwOTU1MTgJMQl5enZ5LmNvbTYzM2MyNDQ2YzFjMmU2LjExNDQ2NTg0CXl6dnkuY29tNjMzYzI0NDZjMWM1NTIuMTU1NDQwOTgJMTY2NDg4NTgzMglhZF82M18w&l=OAliZDhiODAwZjdlNGM2NmZkZGNkYjFhNGZmY2I1NDMzMwkwCTM1CTAJYTM5NTk3ODk4NWNmYmY4NzVkZjZiNTQ2MjhlZjgwZmIJNDUwMTc4NTYzCXl6dnkJMAk2Mwk2CTIJMTY2NDg4NTgzMgkwLjAwMDIwMQlOCTAJMAkwCTEyMDUJMjg2NjU0MjIJOTEuOTAuNDIuMTU0CTA%3D
x-cache-miss-from: parking-69b897b95b-xx927
server: NginX
yzvy.com/search/tcerider.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3D00SSuMtMW5I_0&v=Mjg5Y2QyYzgxMjY0MzRiOWY1ZTExYzMwMjEwOTU1MTgJMQl5enZ5LmNvbTYzM2MyNDQ2YzFjMmU2LjExNDQ2NTg0CXl6dnkuY29tNjMzYzI0NDZjMWM1NTIuMTU1NDQwOTgJMTY2NDg4NTgzMglhZF82M18w&l=OAliZDhiODAwZjdlNGM2NmZkZGNkYjFhNGZmY2I1NDMzMwkwCTM1CTAJYTM5NTk3ODk4NWNmYmY4NzVkZjZiNTQ2MjhlZjgwZmIJNDUwMTc4NTYzCXl6dnkJMAk2Mwk2CTIJMTY2NDg4NTgzMgkwLjAwMDIwMQlOCTAJMAkwCTEyMDUJMjg2NjU0MjIJOTEuOTAuNDIuMTU0CTA%3D
91.195.240.12302 Found 311 B URL HTTP/1.1 yzvy.com/search/tcerider.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3D00SSuMtMW5I_0&v=Mjg5Y2QyYzgxMjY0MzRiOWY1ZTExYzMwMjEwOTU1MTgJMQl5enZ5LmNvbTYzM2MyNDQ2YzFjMmU2LjExNDQ2NTg0CXl6dnkuY29tNjMzYzI0NDZjMWM1NTIuMTU1NDQwOTgJMTY2NDg4NTgzMglhZF82M18w&l=OAliZDhiODAwZjdlNGM2NmZkZGNkYjFhNGZmY2I1NDMzMwkwCTM1CTAJYTM5NTk3ODk4NWNmYmY4NzVkZjZiNTQ2MjhlZjgwZmIJNDUwMTc4NTYzCXl6dnkJMAk2Mwk2CTIJMTY2NDg4NTgzMgkwLjAwMDIwMQlOCTAJMAkwCTEyMDUJMjg2NjU0MjIJOTEuOTAuNDIuMTU0CTA%3D
IP 91.195.240.12:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 8c73f822fd255e3714e925b38d3608f1
7f06d4e7e178f48682ab11a17f695fb37d1dce3e
0e844a55f5bd9f953214db9d718606b5db22529c8b169a14ef04b155e12ea248
GET /search/tcerider.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3D00SSuMtMW5I_0&v=Mjg5Y2QyYzgxMjY0MzRiOWY1ZTExYzMwMjEwOTU1MTgJMQl5enZ5LmNvbTYzM2MyNDQ2YzFjMmU2LjExNDQ2NTg0CXl6dnkuY29tNjMzYzI0NDZjMWM1NTIuMTU1NDQwOTgJMTY2NDg4NTgzMglhZF82M18w&l=OAliZDhiODAwZjdlNGM2NmZkZGNkYjFhNGZmY2I1NDMzMwkwCTM1CTAJYTM5NTk3ODk4NWNmYmY4NzVkZjZiNTQ2MjhlZjgwZmIJNDUwMTc4NTYzCXl6dnkJMAk2Mwk2CTIJMTY2NDg4NTgzMgkwLjAwMDIwMQlOCTAJMAkwCTEyMDUJMjg2NjU0MjIJOTEuOTAuNDIuMTU0CTA%3D HTTP/1.1
Host: yzvy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://yzvy.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
date: Tue, 04 Oct 2022 12:17:12 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
x-powered-by: PHP/8.1.9
expires: Mon, 26 Jul 1997 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
last-modified: Tue, 04 Oct 2022 12:17:12 GMT
location: http://xml.sedodna.com/click?i=00SSuMtMW5I_0
x-cache-miss-from: parking-69b897b95b-g4w4f
server: NginX
xml.sedodna.com/click?i=00SSuMtMW5I_0
173.239.53.32302 Found 0 B URL HTTP/1.1 xml.sedodna.com/click?i=00SSuMtMW5I_0
IP 173.239.53.32:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?i=00SSuMtMW5I_0 HTTP/1.1
Host: xml.sedodna.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://yzvy.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: http://q3.quotes.com/78fcfdd0-43de-11ed-b641-2534284fcacb
Pragma: no-cache
q3.quotes.com/78fcfdd0-43de-11ed-b641-2534284fcacb
178.162.151.164200 OK 170 B URL HTTP/1.1 q3.quotes.com/78fcfdd0-43de-11ed-b641-2534284fcacb
IP 178.162.151.164:0
ASN #60781 LeaseWeb Netherlands B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with no line terminators
Hash 8791c6ca844ce08b056b3ea6d5499b3e
0d628d38dad69290cf5a8308c2142e586f71e88f
f5e81e43cae696456d46e86575ef6b98ceb5017ef8fc9b82fe908fdc53048dd5
GET /78fcfdd0-43de-11ed-b641-2534284fcacb HTTP/1.1
Host: q3.quotes.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://yzvy.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 170
content-type: text/html; charset=utf-8
date: Tue, 04 Oct 2022 12:17:13 GMT
server: nginx
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ff433c9569a3557d806b1480aeafece9
20bbd46383b85326837f45290ff87df708b3b310
e8e5212b8d90257f23bdb0d1d643b5e7d7528d964056c3a4a269b5e09f409f2d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E8E5212B8D90257F23BDB0D1D643B5E7D7528D964056C3A4A269B5E09F409F2D"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5533
Expires: Tue, 04 Oct 2022 13:49:26 GMT
Date: Tue, 04 Oct 2022 12:17:13 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ff433c9569a3557d806b1480aeafece9
20bbd46383b85326837f45290ff87df708b3b310
e8e5212b8d90257f23bdb0d1d643b5e7d7528d964056c3a4a269b5e09f409f2d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E8E5212B8D90257F23BDB0D1D643B5E7D7528D964056C3A4A269B5E09F409F2D"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5533
Expires: Tue, 04 Oct 2022 13:49:26 GMT
Date: Tue, 04 Oct 2022 12:17:13 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ff433c9569a3557d806b1480aeafece9
20bbd46383b85326837f45290ff87df708b3b310
e8e5212b8d90257f23bdb0d1d643b5e7d7528d964056c3a4a269b5e09f409f2d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E8E5212B8D90257F23BDB0D1D643B5E7D7528D964056C3A4A269B5E09F409F2D"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5533
Expires: Tue, 04 Oct 2022 13:49:26 GMT
Date: Tue, 04 Oct 2022 12:17:13 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ff433c9569a3557d806b1480aeafece9
20bbd46383b85326837f45290ff87df708b3b310
e8e5212b8d90257f23bdb0d1d643b5e7d7528d964056c3a4a269b5e09f409f2d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E8E5212B8D90257F23BDB0D1D643B5E7D7528D964056C3A4A269B5E09F409F2D"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5533
Expires: Tue, 04 Oct 2022 13:49:26 GMT
Date: Tue, 04 Oct 2022 12:17:13 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ff433c9569a3557d806b1480aeafece9
20bbd46383b85326837f45290ff87df708b3b310
e8e5212b8d90257f23bdb0d1d643b5e7d7528d964056c3a4a269b5e09f409f2d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E8E5212B8D90257F23BDB0D1D643B5E7D7528D964056C3A4A269B5E09F409F2D"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5533
Expires: Tue, 04 Oct 2022 13:49:26 GMT
Date: Tue, 04 Oct 2022 12:17:13 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22873375-e381-41ee-a4b6-18ad56172e59.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22873375-e381-41ee-a4b6-18ad56172e59.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 515e23ff5ef0fc336ac5ec7fd31dfacd
a98da6b6ce993bd8f3b58ba42915cd9c4b45946c
77c186eb00def4a978d1bfd9eac755f70bf465f622991aaf6681227aec3e118a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22873375-e381-41ee-a4b6-18ad56172e59.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8508
x-amzn-requestid: 63afa079-f66e-428a-b491-c5859aed2e3b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZJFU9EknoAMF1uA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63338285-54f784262318d7ca0e560d44;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 23:08:53 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: GWTKxBPZnk_dqf9onY05WB16ubdsa93FcrjpqVxBrqBbCZXLSk_HHg==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 89791e6b21b9a30cc51cac1bc51cf098.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 14:41:51 GMT
age: 77722
etag: "a98da6b6ce993bd8f3b58ba42915cd9c4b45946c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8641c47a-9aff-4f73-bb07-6770cbbcc8d6.jpeg
34.120.237.76200 OK 5.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8641c47a-9aff-4f73-bb07-6770cbbcc8d6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6c6882c60d7ca6f918c77104e3ad1d52
20ef861be49c652a938e0145e4ca3a60159367e2
861f5870990fbd2939d151ae18384cf311e87067ca9a50818efe0c2d51b83088
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8641c47a-9aff-4f73-bb07-6770cbbcc8d6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5504
x-amzn-requestid: 37405eb0-5c75-46a9-84c0-e8ed726995d8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcpHvHPvoAMF3mg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b5564-77fd550b58af612525e74761;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:34:28 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: Ovm2wuk28PygH4EZNEUoPchoHQggWCyXbYHOjMV1tZmfyDrL6PjPZA==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 22:29:19 GMT
age: 49674
etag: "20ef861be49c652a938e0145e4ca3a60159367e2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a61745f-0c9b-404a-ba22-0a69cf2f0383.jpeg
34.120.237.76200 OK 4.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a61745f-0c9b-404a-ba22-0a69cf2f0383.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6779181f9c06975f2a662da743893939
585e7146fd24cdc2496b05baafea04091dc541e2
8e9a9f92fd89b7cdce77884ccd76b83ab82d28f125ebfc1cb0d371d4046b7985
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a61745f-0c9b-404a-ba22-0a69cf2f0383.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4858
x-amzn-requestid: fb21c414-2994-444a-a838-e643fd05b171
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcpvTEfPoAMFfeQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b5661-593dd8043b0490e7301cac0d;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:38:41 GMT
x-amz-cf-pop: SFO5-P2, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: MiSh_FjAciKCaOakY2mM_EHBN1Z6GIDYIP8mwS4ikkrToQN3Ktsv2g==
via: 1.1 773ca14e6bd4bf9244988cb69fc9dca8.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 21:56:46 GMT
age: 51627
etag: "585e7146fd24cdc2496b05baafea04091dc541e2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fec31ab6c-46f2-4d77-a807-9f14bb5073bc.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fec31ab6c-46f2-4d77-a807-9f14bb5073bc.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 54b3ef7aa50273b78b59c24511b0c1f9
e2ea2ef6805e391c497e62e101e76a0bdecfce64
296e8954022d5160137b3e02ab5085a15cee7c23cd6d4ca61b36880706062457
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fec31ab6c-46f2-4d77-a807-9f14bb5073bc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11955
x-amzn-requestid: ce6bbe93-95b0-4b6e-a8bc-012796485e67
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zcqb9FUtoAMF0WQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b577f-59dc0a18523f900a059aa5df;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:43:27 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: tJwzKfs7HnQ7dVcINwnlzxTChXiEi4JPj8jrS8p5KhurRx_o3ZVOZQ==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 9c675215120a4ade8754c4357ef2f3ea.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 22:10:59 GMT
etag: "e2ea2ef6805e391c497e62e101e76a0bdecfce64"
content-type: image/jpeg
age: 50774
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F545190f2-96f3-40f8-bd46-cebe7171aee7.webp
34.120.237.76200 OK 9.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F545190f2-96f3-40f8-bd46-cebe7171aee7.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d8c08f8066cc732de8befd6ccd629a95
22aab05208a01ae5def4d63dc145085630f57bcb
f8a560a0563518d992d0bd2655d2b5c406435a18e874ca00b51374d2ff901770
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F545190f2-96f3-40f8-bd46-cebe7171aee7.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9917
x-amzn-requestid: 2dff93d9-795d-4885-9b82-610b0d235a82
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcpvTGEnIAMF1zg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b5661-117afa703663ada75627792c;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:38:41 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: p5nOqBojKO6S-c_DxIu8B3p-NK0pzRHkz0DOPeyv7PQt9h0x1jdtoQ==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 1508efc4152aa1778ed4adecb328b374.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 21:55:54 GMT
age: 51679
etag: "22aab05208a01ae5def4d63dc145085630f57bcb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffdb412b7-1bf6-4a48-b9f1-b171f540e434.jpeg
34.120.237.76200 OK 4.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffdb412b7-1bf6-4a48-b9f1-b171f540e434.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 24a4a122273ef9f772852031eb13114a
c20f1fac9020eb4bd6c84583f73872979639b991
8e1ffbed5f156637ed2f22e81d03f6d85eff0c28237c1639ea5f977e92ee7b70
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffdb412b7-1bf6-4a48-b9f1-b171f540e434.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4151
x-amzn-requestid: f709a11e-cbea-4965-8502-94ddbd8768bb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcpvSF3YIAMFdow=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b5661-29bfa31d51e8f60b38136dba;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:38:41 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 7H1QKlOtoBoVz93G5lddxHSGiTjtMnHJCZX5FhwqhNPkspslaDoFQA==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 02d90bf99fd6253b329a53c82f19e224.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 21:57:01 GMT
age: 51612
etag: "c20f1fac9020eb4bd6c84583f73872979639b991"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
q3.quotes.com/78fcfdd0-43de-11ed-b641-2534284fcacb?hr=1
178.162.151.164302 Found 11 B URL HTTP/1.1 q3.quotes.com/78fcfdd0-43de-11ed-b641-2534284fcacb?hr=1
IP 178.162.151.164:0
ASN #60781 LeaseWeb Netherlands B.V.
File type ASCII text, with no line terminators
Hash 32682312d17c7cbf18e73594f5570319
60e22121bdd0bc71cdb2bae2a3aa577006b2eae9
e55fb1a1d731153e943b68844af12dcce8bfac917c98ffdea64c80da0607dd47
GET /78fcfdd0-43de-11ed-b641-2534284fcacb?hr=1 HTTP/1.1
Host: q3.quotes.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 11
date: Tue, 04 Oct 2022 12:17:13 GMT
location: http://btpnative.com/click?data=aTZxZVN2VjUxc3ZkY0x1M2hzVUZXZmlNZVdOakxEb2NQOGF2OW5xT0hJamlUaHFvR2VTUzFyaFhKaUZwZ3RzeVdieUJiS0JRM2ZHMDNpZTlhNkdKcmlZaTlVYklad3B1TlZRSGhwM2tiUzJ5UUpTUDlmR2FZTzR1VUJDM0t5dVNVVGc2OE9CLUFlN2F2VDJZNVdKclZRMg2&id=48a5631d-2ae0-401d-9148-973a57cd2d92
server: nginx
btpnative.com/click?data=aTZxZVN2VjUxc3ZkY0x1M2hzVUZXZmlNZVdOakxEb2NQOGF2OW5xT0hJamlUaHFvR2VTUzFyaFhKaUZwZ3RzeVdieUJiS0JRM2ZHMDNpZTlhNkdKcmlZaTlVYklad3B1TlZRSGhwM2tiUzJ5UUpTUDlmR2FZTzR1VUJDM0t5dVNVVGc2OE9CLUFlN2F2VDJZNVdKclZRMg2&id=48a5631d-2ae0-401d-9148-973a57cd2d92
209.15.13.136200 OK 2.1 kB URL HTTP/1.1 btpnative.com/click?data=aTZxZVN2VjUxc3ZkY0x1M2hzVUZXZmlNZVdOakxEb2NQOGF2OW5xT0hJamlUaHFvR2VTUzFyaFhKaUZwZ3RzeVdieUJiS0JRM2ZHMDNpZTlhNkdKcmlZaTlVYklad3B1TlZRSGhwM2tiUzJ5UUpTUDlmR2FZTzR1VUJDM0t5dVNVVGc2OE9CLUFlN2F2VDJZNVdKclZRMg2&id=48a5631d-2ae0-401d-9148-973a57cd2d92
IP 209.15.13.136:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (320), with CRLF line terminators
Hash cf0e83536edbb42610b0ef3d109065fe
2ff06d83ea763d0c86b8692b8186b56bfd026646
da37949e865d05e2066d3bc52fa257a9430f92c529274c7d63091a0ca5608977
GET /click?data=aTZxZVN2VjUxc3ZkY0x1M2hzVUZXZmlNZVdOakxEb2NQOGF2OW5xT0hJamlUaHFvR2VTUzFyaFhKaUZwZ3RzeVdieUJiS0JRM2ZHMDNpZTlhNkdKcmlZaTlVYklad3B1TlZRSGhwM2tiUzJ5UUpTUDlmR2FZTzR1VUJDM0t5dVNVVGc2OE9CLUFlN2F2VDJZNVdKclZRMg2&id=48a5631d-2ae0-401d-9148-973a57cd2d92 HTTP/1.1
Host: btpnative.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-AspNetMvc-Version: 5.2
X-AspNet-Version: 4.0.30319
Set-Cookie: wWDJWBUXMAStows=wWDJWBUXMAStows; path=/
X-Server: web02
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type
Date: Tue, 04 Oct 2022 12:17:12 GMT
Content-Length: 2127
btpnative.com/Redirect/
209.15.13.136302 Found 2.1 kB IP 209.15.13.136:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (2003), with CRLF line terminators
Hash 867e8585a2f384190ee497168376a9d1
060da969da8496441b455faf1952fefd6aaae068
852a871135af53896e95c6b447a1a31a199dc58c8f5e3000519bc1edd09c02c9
POST /Redirect/ HTTP/1.1
Host: btpnative.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 329
Origin: http://btpnative.com
Connection: keep-alive
Referer: http://btpnative.com/click?data=aTZxZVN2VjUxc3ZkY0x1M2hzVUZXZmlNZVdOakxEb2NQOGF2OW5xT0hJamlUaHFvR2VTUzFyaFhKaUZwZ3RzeVdieUJiS0JRM2ZHMDNpZTlhNkdKcmlZaTlVYklad3B1TlZRSGhwM2tiUzJ5UUpTUDlmR2FZTzR1VUJDM0t5dVNVVGc2OE9CLUFlN2F2VDJZNVdKclZRMg2&id=48a5631d-2ae0-401d-9148-973a57cd2d92
Cookie: wWDJWBUXMAStows=wWDJWBUXMAStows
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: https://mybetterck.com/aS/feedclick?s=HFz5zNIIs95ROWPasgEEzx8Me0kzRtReLyT4nqgY4lXusdLy4zkOjvKPQlCz-mkqJ-J_MlxHbnZPYJMKbc_lPFsLtTfRMmnZg570qmhSob8o_2szb4ydpgXg034XLZA3sLI_RalizEQmcVjFyxSKD9mNp-ZNGHhwfOw5OY8cfNVWFNoxbCKertEYtpwEjfuVnCdL4tZEo46lrkwoR7mL8GEkoNYKVdn6Rf8uOXI3CXybbtBC036cDg56-Kiuuts5uLj1oP5dHcnp7_q195LUGeGWVrQeUy_Cf0Sa8TYaTgSoynlrW84w10uEoc4psd6qclmwYMVLIt3mqvjnruW6kAyMcBxrV6g-2ZcTUlFhnFQnOKwfLeJL0xFY1V8SkfUMdkGoOwimacfDRa-QLXDYNP4pHrNTc2d6Fdb_LbGfvUh0D27VxxW12WyFNULLy3RUoeA41AROWbpy9o8ViyrTBCHRNFkP4AMj01XVga0Ne7wXArglNBDQET0NdgGT-OdMEgobweb-Qsqtvlp_SRrdR27Jzid7K4n4aYSC8u-GXNxVHDV8r4Uxb2n-OLLGhRs9WRv0wiQSxxd2gATlqNpPHfhq1NPCwLhL0bA4KCo99-iK2jOPC_VPHkngNwUNnOgL2hXmCL90sB1WX2-WvU1XrwpJCKT9ICyBmpOPkUT8dPWDbTwPfZS-XR9iTamOoQ5TpfbOKbz2vTFIWNxQfEGK2NhZ34qHIgK8me9OzW2uuKtrNMxV0zBatNKiHuUBUm_GU8bdX2pg1VmqqwTCJZxIbKeLU8x-pPrbZnhCVYFvB6Cvv5d6Gc1mRXC40bBa2Jau1oK0LzRSUlX47IZzrxgtChUx1LZmQmYP1_v2mE5S-FvnuFVWry4roQSbQXLplekM8xLrAXSqwXcR8YZcC-FfOmH_JkHChnAfy__VetOptHkw8mZomxqxInrmJOeRnuw5QWsZeVDaehPAxvoCgo1X2DGOtzShi6LesNabZfRSVHXANpyfx7sXm5__Aae8bX7qOeqwk9ENwlt55tECxBiCsDSSEby90wvN5fRMpfOqtRO5o6Z0JEfM65kSHR8wMseU5ImlzngRh5JhWFujM_vfbEH6Pp28hcq-ZWVz4kJ7UZnU8BR0AlMNvABIO6nmfWEcySD-n5C41lRu3omWTxk-cw3Yt7QzA_fIpNJsFBOeASBFyl5CHiJ2oN0d2jjb5nzO9XoBlkjl5Cew-wKs3XYIKtl6zmwxYmZRLjddtNgvdsvFKwAFgloip-ZQ5AdIgfoOE8JF80g8EcMMLluUHoZDmMjPOHSGnqiAQPBUOL4USEFwlhZkpbugoBh8FM1DolkmeDBEanPsRxxcTQtRPdux7T0LMSdHXhlfCTnoKjeRsT1oVj_Y6M0ygx1B5OinXJ07jwWRqw0hRPuqdSD7wWOz07EqwSc6YFL5yA0uQ-uN-pInKtMxGLpBojQ2QA1_qEvmKWLhbo1iIvAKiXhgV_Pj3EiFQr1p4g7WnC6yAAoqoyF7iMsdW4c3ZnPXxuXRQZyvqzcUaUCiIq1cfx0th3Q4kblrBsXid41MFqmAC6xKscOBwN-m2qfy2dr7ZXGd5YAlU39kf2AHeVzz8tGbE4uYSG_zkp394gsKUyv3JqvplwEknfhJXt0RRk8laoN4yf5MoK1GYgiI77a5BFx9nw9OAopx_SibtqvF1E8STB8_WdHSkuvXg4NO5_AXzXJe5ZDcTZi0A1M4GwCOi7N6AKaY2cPV5SIV-p6zYa3qQvnObIuih26Ce_wl-kGMnp5jlJ17o_n_VMWxhu8tILVVxMLY1zAVM3CN0Q-wJTu6AXYz7K4TxDcY0Ua4iunq3YN_0ZLzNDZADX-oS-aO91UovxzeRfQaTYYMFQxDEwrLEAaOW_juD4rZNeXej0uuri72txmT
Server: Microsoft-IIS/8.5
X-AspNetMvc-Version: 5.2
X-AspNet-Version: 4.0.30319
X-Server: web02
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type
Date: Tue, 04 Oct 2022 12:17:13 GMT
Content-Length: 2075
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 6f6d7ea87d2a7cc80afb3dd0b06df4f6
27bffe0e73ced0d7eaa01ff6893a6b41eab18f0f
54f3576e7ffc518f70802ba82c0ed3cec8a51c865b0b436d3d36d664c429a3de
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 12:17:14 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 03 Oct 2022 19:20:08 GMT
Expires: Mon, 10 Oct 2022 19:20:07 GMT
Etag: "27bffe0e73ced0d7eaa01ff6893a6b41eab18f0f"
Cache-Control: max-age=543172,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 754dda705d3ffac8-OSL
mybetterck.com/aS/feedclick?s=HFz5zNIIs95ROWPasgEEzx8Me0kzRtReLyT4nqgY4lXusdLy4zkOjvKPQlCz-mkqJ-J_MlxHbnZPYJMKbc_lPFsLtTfRMmnZg570qmhSob8o_2szb4ydpgXg034XLZA3sLI_RalizEQmcVjFyxSKD9mNp-ZNGHhwfOw5OY8cfNVWFNoxbCKertEYtpwEjfuVnCdL4tZEo46lrkwoR7mL8GEkoNYKVdn6Rf8uOXI3CXybbtBC036cDg56-Kiuuts5uLj1oP5dHcnp7_q195LUGeGWVrQeUy_Cf0Sa8TYaTgSoynlrW84w10uEoc4psd6qclmwYMVLIt3mqvjnruW6kAyMcBxrV6g-2ZcTUlFhnFQnOKwfLeJL0xFY1V8SkfUMdkGoOwimacfDRa-QLXDYNP4pHrNTc2d6Fdb_LbGfvUh0D27VxxW12WyFNULLy3RUoeA41AROWbpy9o8ViyrTBCHRNFkP4AMj01XVga0Ne7wXArglNBDQET0NdgGT-OdMEgobweb-Qsqtvlp_SRrdR27Jzid7K4n4aYSC8u-GXNxVHDV8r4Uxb2n-OLLGhRs9WRv0wiQSxxd2gATlqNpPHfhq1NPCwLhL0bA4KCo99-iK2jOPC_VPHkngNwUNnOgL2hXmCL90sB1WX2-WvU1XrwpJCKT9ICyBmpOPkUT8dPWDbTwPfZS-XR9iTamOoQ5TpfbOKbz2vTFIWNxQfEGK2NhZ34qHIgK8me9OzW2uuKtrNMxV0zBatNKiHuUBUm_GU8bdX2pg1VmqqwTCJZxIbKeLU8x-pPrbZnhCVYFvB6Cvv5d6Gc1mRXC40bBa2Jau1oK0LzRSUlX47IZzrxgtChUx1LZmQmYP1_v2mE5S-FvnuFVWry4roQSbQXLplekM8xLrAXSqwXcR8YZcC-FfOmH_JkHChnAfy__VetOptHkw8mZomxqxInrmJOeRnuw5QWsZeVDaehPAxvoCgo1X2DGOtzShi6LesNabZfRSVHXANpyfx7sXm5__Aae8bX7qOeqwk9ENwlt55tECxBiCsDSSEby90wvN5fRMpfOqtRO5o6Z0JEfM65kSHR8wMseU5ImlzngRh5JhWFujM_vfbEH6Pp28hcq-ZWVz4kJ7UZnU8BR0AlMNvABIO6nmfWEcySD-n5C41lRu3omWTxk-cw3Yt7QzA_fIpNJsFBOeASBFyl5CHiJ2oN0d2jjb5nzO9XoBlkjl5Cew-wKs3XYIKtl6zmwxYmZRLjddtNgvdsvFKwAFgloip-ZQ5AdIgfoOE8JF80g8EcMMLluUHoZDmMjPOHSGnqiAQPBUOL4USEFwlhZkpbugoBh8FM1DolkmeDBEanPsRxxcTQtRPdux7T0LMSdHXhlfCTnoKjeRsT1oVj_Y6M0ygx1B5OinXJ07jwWRqw0hRPuqdSD7wWOz07EqwSc6YFL5yA0uQ-uN-pInKtMxGLpBojQ2QA1_qEvmKWLhbo1iIvAKiXhgV_Pj3EiFQr1p4g7WnC6yAAoqoyF7iMsdW4c3ZnPXxuXRQZyvqzcUaUCiIq1cfx0th3Q4kblrBsXid41MFqmAC6xKscOBwN-m2qfy2dr7ZXGd5YAlU39kf2AHeVzz8tGbE4uYSG_zkp394gsKUyv3JqvplwEknfhJXt0RRk8laoN4yf5MoK1GYgiI77a5BFx9nw9OAopx_SibtqvF1E8STB8_WdHSkuvXg4NO5_AXzXJe5ZDcTZi0A1M4GwCOi7N6AKaY2cPV5SIV-p6zYa3qQvnObIuih26Ce_wl-kGMnp5jlJ17o_n_VMWxhu8tILVVxMLY1zAVM3CN0Q-wJTu6AXYz7K4TxDcY0Ua4iunq3YN_0ZLzNDZADX-oS-aO91UovxzeRfQaTYYMFQxDEwrLEAaOW_juD4rZNeXej0uuri72txmT
108.168.193.189302 Found 0 B URL HTTP/2 mybetterck.com/aS/feedclick?s=HFz5zNIIs95ROWPasgEEzx8Me0kzRtReLyT4nqgY4lXusdLy4zkOjvKPQlCz-mkqJ-J_MlxHbnZPYJMKbc_lPFsLtTfRMmnZg570qmhSob8o_2szb4ydpgXg034XLZA3sLI_RalizEQmcVjFyxSKD9mNp-ZNGHhwfOw5OY8cfNVWFNoxbCKertEYtpwEjfuVnCdL4tZEo46lrkwoR7mL8GEkoNYKVdn6Rf8uOXI3CXybbtBC036cDg56-Kiuuts5uLj1oP5dHcnp7_q195LUGeGWVrQeUy_Cf0Sa8TYaTgSoynlrW84w10uEoc4psd6qclmwYMVLIt3mqvjnruW6kAyMcBxrV6g-2ZcTUlFhnFQnOKwfLeJL0xFY1V8SkfUMdkGoOwimacfDRa-QLXDYNP4pHrNTc2d6Fdb_LbGfvUh0D27VxxW12WyFNULLy3RUoeA41AROWbpy9o8ViyrTBCHRNFkP4AMj01XVga0Ne7wXArglNBDQET0NdgGT-OdMEgobweb-Qsqtvlp_SRrdR27Jzid7K4n4aYSC8u-GXNxVHDV8r4Uxb2n-OLLGhRs9WRv0wiQSxxd2gATlqNpPHfhq1NPCwLhL0bA4KCo99-iK2jOPC_VPHkngNwUNnOgL2hXmCL90sB1WX2-WvU1XrwpJCKT9ICyBmpOPkUT8dPWDbTwPfZS-XR9iTamOoQ5TpfbOKbz2vTFIWNxQfEGK2NhZ34qHIgK8me9OzW2uuKtrNMxV0zBatNKiHuUBUm_GU8bdX2pg1VmqqwTCJZxIbKeLU8x-pPrbZnhCVYFvB6Cvv5d6Gc1mRXC40bBa2Jau1oK0LzRSUlX47IZzrxgtChUx1LZmQmYP1_v2mE5S-FvnuFVWry4roQSbQXLplekM8xLrAXSqwXcR8YZcC-FfOmH_JkHChnAfy__VetOptHkw8mZomxqxInrmJOeRnuw5QWsZeVDaehPAxvoCgo1X2DGOtzShi6LesNabZfRSVHXANpyfx7sXm5__Aae8bX7qOeqwk9ENwlt55tECxBiCsDSSEby90wvN5fRMpfOqtRO5o6Z0JEfM65kSHR8wMseU5ImlzngRh5JhWFujM_vfbEH6Pp28hcq-ZWVz4kJ7UZnU8BR0AlMNvABIO6nmfWEcySD-n5C41lRu3omWTxk-cw3Yt7QzA_fIpNJsFBOeASBFyl5CHiJ2oN0d2jjb5nzO9XoBlkjl5Cew-wKs3XYIKtl6zmwxYmZRLjddtNgvdsvFKwAFgloip-ZQ5AdIgfoOE8JF80g8EcMMLluUHoZDmMjPOHSGnqiAQPBUOL4USEFwlhZkpbugoBh8FM1DolkmeDBEanPsRxxcTQtRPdux7T0LMSdHXhlfCTnoKjeRsT1oVj_Y6M0ygx1B5OinXJ07jwWRqw0hRPuqdSD7wWOz07EqwSc6YFL5yA0uQ-uN-pInKtMxGLpBojQ2QA1_qEvmKWLhbo1iIvAKiXhgV_Pj3EiFQr1p4g7WnC6yAAoqoyF7iMsdW4c3ZnPXxuXRQZyvqzcUaUCiIq1cfx0th3Q4kblrBsXid41MFqmAC6xKscOBwN-m2qfy2dr7ZXGd5YAlU39kf2AHeVzz8tGbE4uYSG_zkp394gsKUyv3JqvplwEknfhJXt0RRk8laoN4yf5MoK1GYgiI77a5BFx9nw9OAopx_SibtqvF1E8STB8_WdHSkuvXg4NO5_AXzXJe5ZDcTZi0A1M4GwCOi7N6AKaY2cPV5SIV-p6zYa3qQvnObIuih26Ce_wl-kGMnp5jlJ17o_n_VMWxhu8tILVVxMLY1zAVM3CN0Q-wJTu6AXYz7K4TxDcY0Ua4iunq3YN_0ZLzNDZADX-oS-aO91UovxzeRfQaTYYMFQxDEwrLEAaOW_juD4rZNeXej0uuri72txmT
IP 108.168.193.189:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /aS/feedclick?s=HFz5zNIIs95ROWPasgEEzx8Me0kzRtReLyT4nqgY4lXusdLy4zkOjvKPQlCz-mkqJ-J_MlxHbnZPYJMKbc_lPFsLtTfRMmnZg570qmhSob8o_2szb4ydpgXg034XLZA3sLI_RalizEQmcVjFyxSKD9mNp-ZNGHhwfOw5OY8cfNVWFNoxbCKertEYtpwEjfuVnCdL4tZEo46lrkwoR7mL8GEkoNYKVdn6Rf8uOXI3CXybbtBC036cDg56-Kiuuts5uLj1oP5dHcnp7_q195LUGeGWVrQeUy_Cf0Sa8TYaTgSoynlrW84w10uEoc4psd6qclmwYMVLIt3mqvjnruW6kAyMcBxrV6g-2ZcTUlFhnFQnOKwfLeJL0xFY1V8SkfUMdkGoOwimacfDRa-QLXDYNP4pHrNTc2d6Fdb_LbGfvUh0D27VxxW12WyFNULLy3RUoeA41AROWbpy9o8ViyrTBCHRNFkP4AMj01XVga0Ne7wXArglNBDQET0NdgGT-OdMEgobweb-Qsqtvlp_SRrdR27Jzid7K4n4aYSC8u-GXNxVHDV8r4Uxb2n-OLLGhRs9WRv0wiQSxxd2gATlqNpPHfhq1NPCwLhL0bA4KCo99-iK2jOPC_VPHkngNwUNnOgL2hXmCL90sB1WX2-WvU1XrwpJCKT9ICyBmpOPkUT8dPWDbTwPfZS-XR9iTamOoQ5TpfbOKbz2vTFIWNxQfEGK2NhZ34qHIgK8me9OzW2uuKtrNMxV0zBatNKiHuUBUm_GU8bdX2pg1VmqqwTCJZxIbKeLU8x-pPrbZnhCVYFvB6Cvv5d6Gc1mRXC40bBa2Jau1oK0LzRSUlX47IZzrxgtChUx1LZmQmYP1_v2mE5S-FvnuFVWry4roQSbQXLplekM8xLrAXSqwXcR8YZcC-FfOmH_JkHChnAfy__VetOptHkw8mZomxqxInrmJOeRnuw5QWsZeVDaehPAxvoCgo1X2DGOtzShi6LesNabZfRSVHXANpyfx7sXm5__Aae8bX7qOeqwk9ENwlt55tECxBiCsDSSEby90wvN5fRMpfOqtRO5o6Z0JEfM65kSHR8wMseU5ImlzngRh5JhWFujM_vfbEH6Pp28hcq-ZWVz4kJ7UZnU8BR0AlMNvABIO6nmfWEcySD-n5C41lRu3omWTxk-cw3Yt7QzA_fIpNJsFBOeASBFyl5CHiJ2oN0d2jjb5nzO9XoBlkjl5Cew-wKs3XYIKtl6zmwxYmZRLjddtNgvdsvFKwAFgloip-ZQ5AdIgfoOE8JF80g8EcMMLluUHoZDmMjPOHSGnqiAQPBUOL4USEFwlhZkpbugoBh8FM1DolkmeDBEanPsRxxcTQtRPdux7T0LMSdHXhlfCTnoKjeRsT1oVj_Y6M0ygx1B5OinXJ07jwWRqw0hRPuqdSD7wWOz07EqwSc6YFL5yA0uQ-uN-pInKtMxGLpBojQ2QA1_qEvmKWLhbo1iIvAKiXhgV_Pj3EiFQr1p4g7WnC6yAAoqoyF7iMsdW4c3ZnPXxuXRQZyvqzcUaUCiIq1cfx0th3Q4kblrBsXid41MFqmAC6xKscOBwN-m2qfy2dr7ZXGd5YAlU39kf2AHeVzz8tGbE4uYSG_zkp394gsKUyv3JqvplwEknfhJXt0RRk8laoN4yf5MoK1GYgiI77a5BFx9nw9OAopx_SibtqvF1E8STB8_WdHSkuvXg4NO5_AXzXJe5ZDcTZi0A1M4GwCOi7N6AKaY2cPV5SIV-p6zYa3qQvnObIuih26Ce_wl-kGMnp5jlJ17o_n_VMWxhu8tILVVxMLY1zAVM3CN0Q-wJTu6AXYz7K4TxDcY0Ua4iunq3YN_0ZLzNDZADX-oS-aO91UovxzeRfQaTYYMFQxDEwrLEAaOW_juD4rZNeXej0uuri72txmT HTTP/1.1
Host: mybetterck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://btpnative.com/
Connection: keep-alive
Cookie: rhid=81412752446
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Tue, 04 Oct 2022 12:17:14 GMT
content-length: 0
set-cookie: rhid=81412752446; Max-Age=15552000; Expires=Sun, 02-Apr-2023 12:17:14 GMT; Domain=mybetterck.com; Path=/; SameSite=None; secure;
location: https://p274639.mybetterck.com/adServe/domainClick?ai=gNSPw4YcvsCApKkKBx7IDM0HWt4K4OmObMY0X3aHtrWsZKRstg7hyzVwJ2AuHbWvAtqT-5TpEkg77ve5nAyGvIsibpq-y6mfJ3z3-TZCmvr1ruVjoVFQX8TXNY-lOSXJq4aeyyabvT8zX8r3edJnKjw3mjMCYb4IeC0ZCwsSLbA8vC-IEblqM5sD_vVA1n525i4cGzeHeYbjOJsHVX4a7bw7yHWY6BM0tkozj-3M-OwYAjiClRhL0zxdvUdClQDIfFwA5c5LytX-vXIKYYFgK7rA7nR_FvrTByS1elyvCGETXnLPvbyStX_9b8ky2I1bKC7gQCEt6FVlqf_64l0Z6hpyy_YN0YQtpLSZmparWHUTxDcY0Ua4ivr4nvPsKvQNOYwwqJPWDKzNB1reCuDpjuUIwhEPFAsT6dGGqN2xFmoIfgDk7o_HvrFzJDPotUiZ1QlvVKC08ytv0-cfxRgHaSCijZY_SNQadM5ECUeELJfkQmjZE96sjp8DPbGbSNtJN0JJKTQdChujiGYQ-VGfM1BKQ8__OyXIgafZ9sDvHt0Fy9LbfW_6duFoOnPfBtp4eZJutMQjpTcuDi9ZpyJrxP09V6ZFcdrqcc3-XZakKfOEJwiKuJdU-dj1KaTVPBqbwqS_mk8O4Wsi-JGCATPNNaiLaoUOknGn&ui=HFz5zNIIs96w8gbO8AoGVPmI0xR1wwxSHTbvXa9bc3i8HGzZExOExjS5S8I15QwkaVMRp6dWf4jJJVuDLqLwcFl20wdZRzi_sjII46KDRJ_6EgtK3wmDUA&si=1&oref=bb0937fcab459606984b9026e0d41c6a&optunit=E8Q3GNFGuIplkkLEB146pQ&rb=LW_v4KVZAgI&rr=4&abtg=0
X-Firefox-Spdy: h2
p274639.mybetterck.com/adServe/domainClick?ai=gNSPw4YcvsCApKkKBx7IDM0HWt4K4OmObMY0X3aHtrWsZKRstg7hyzVwJ2AuHbWvAtqT-5TpEkg77ve5nAyGvIsibpq-y6mfJ3z3-TZCmvr1ruVjoVFQX8TXNY-lOSXJq4aeyyabvT8zX8r3edJnKjw3mjMCYb4IeC0ZCwsSLbA8vC-IEblqM5sD_vVA1n525i4cGzeHeYbjOJsHVX4a7bw7yHWY6BM0tkozj-3M-OwYAjiClRhL0zxdvUdClQDIfFwA5c5LytX-vXIKYYFgK7rA7nR_FvrTByS1elyvCGETXnLPvbyStX_9b8ky2I1bKC7gQCEt6FVlqf_64l0Z6hpyy_YN0YQtpLSZmparWHUTxDcY0Ua4ivr4nvPsKvQNOYwwqJPWDKzNB1reCuDpjuUIwhEPFAsT6dGGqN2xFmoIfgDk7o_HvrFzJDPotUiZ1QlvVKC08ytv0-cfxRgHaSCijZY_SNQadM5ECUeELJfkQmjZE96sjp8DPbGbSNtJN0JJKTQdChujiGYQ-VGfM1BKQ8__OyXIgafZ9sDvHt0Fy9LbfW_6duFoOnPfBtp4eZJutMQjpTcuDi9ZpyJrxP09V6ZFcdrqcc3-XZakKfOEJwiKuJdU-dj1KaTVPBqbwqS_mk8O4Wsi-JGCATPNNaiLaoUOknGn&ui=HFz5zNIIs96w8gbO8AoGVPmI0xR1wwxSHTbvXa9bc3i8HGzZExOExjS5S8I15QwkaVMRp6dWf4jJJVuDLqLwcFl20wdZRzi_sjII46KDRJ_6EgtK3wmDUA&si=1&oref=bb0937fcab459606984b9026e0d41c6a&optunit=E8Q3GNFGuIplkkLEB146pQ&rb=LW_v4KVZAgI&rr=4&abtg=0
108.168.193.189302 Found 0 B URL HTTP/2 p274639.mybetterck.com/adServe/domainClick?ai=gNSPw4YcvsCApKkKBx7IDM0HWt4K4OmObMY0X3aHtrWsZKRstg7hyzVwJ2AuHbWvAtqT-5TpEkg77ve5nAyGvIsibpq-y6mfJ3z3-TZCmvr1ruVjoVFQX8TXNY-lOSXJq4aeyyabvT8zX8r3edJnKjw3mjMCYb4IeC0ZCwsSLbA8vC-IEblqM5sD_vVA1n525i4cGzeHeYbjOJsHVX4a7bw7yHWY6BM0tkozj-3M-OwYAjiClRhL0zxdvUdClQDIfFwA5c5LytX-vXIKYYFgK7rA7nR_FvrTByS1elyvCGETXnLPvbyStX_9b8ky2I1bKC7gQCEt6FVlqf_64l0Z6hpyy_YN0YQtpLSZmparWHUTxDcY0Ua4ivr4nvPsKvQNOYwwqJPWDKzNB1reCuDpjuUIwhEPFAsT6dGGqN2xFmoIfgDk7o_HvrFzJDPotUiZ1QlvVKC08ytv0-cfxRgHaSCijZY_SNQadM5ECUeELJfkQmjZE96sjp8DPbGbSNtJN0JJKTQdChujiGYQ-VGfM1BKQ8__OyXIgafZ9sDvHt0Fy9LbfW_6duFoOnPfBtp4eZJutMQjpTcuDi9ZpyJrxP09V6ZFcdrqcc3-XZakKfOEJwiKuJdU-dj1KaTVPBqbwqS_mk8O4Wsi-JGCATPNNaiLaoUOknGn&ui=HFz5zNIIs96w8gbO8AoGVPmI0xR1wwxSHTbvXa9bc3i8HGzZExOExjS5S8I15QwkaVMRp6dWf4jJJVuDLqLwcFl20wdZRzi_sjII46KDRJ_6EgtK3wmDUA&si=1&oref=bb0937fcab459606984b9026e0d41c6a&optunit=E8Q3GNFGuIplkkLEB146pQ&rb=LW_v4KVZAgI&rr=4&abtg=0
IP 108.168.193.189:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /adServe/domainClick?ai=gNSPw4YcvsCApKkKBx7IDM0HWt4K4OmObMY0X3aHtrWsZKRstg7hyzVwJ2AuHbWvAtqT-5TpEkg77ve5nAyGvIsibpq-y6mfJ3z3-TZCmvr1ruVjoVFQX8TXNY-lOSXJq4aeyyabvT8zX8r3edJnKjw3mjMCYb4IeC0ZCwsSLbA8vC-IEblqM5sD_vVA1n525i4cGzeHeYbjOJsHVX4a7bw7yHWY6BM0tkozj-3M-OwYAjiClRhL0zxdvUdClQDIfFwA5c5LytX-vXIKYYFgK7rA7nR_FvrTByS1elyvCGETXnLPvbyStX_9b8ky2I1bKC7gQCEt6FVlqf_64l0Z6hpyy_YN0YQtpLSZmparWHUTxDcY0Ua4ivr4nvPsKvQNOYwwqJPWDKzNB1reCuDpjuUIwhEPFAsT6dGGqN2xFmoIfgDk7o_HvrFzJDPotUiZ1QlvVKC08ytv0-cfxRgHaSCijZY_SNQadM5ECUeELJfkQmjZE96sjp8DPbGbSNtJN0JJKTQdChujiGYQ-VGfM1BKQ8__OyXIgafZ9sDvHt0Fy9LbfW_6duFoOnPfBtp4eZJutMQjpTcuDi9ZpyJrxP09V6ZFcdrqcc3-XZakKfOEJwiKuJdU-dj1KaTVPBqbwqS_mk8O4Wsi-JGCATPNNaiLaoUOknGn&ui=HFz5zNIIs96w8gbO8AoGVPmI0xR1wwxSHTbvXa9bc3i8HGzZExOExjS5S8I15QwkaVMRp6dWf4jJJVuDLqLwcFl20wdZRzi_sjII46KDRJ_6EgtK3wmDUA&si=1&oref=bb0937fcab459606984b9026e0d41c6a&optunit=E8Q3GNFGuIplkkLEB146pQ&rb=LW_v4KVZAgI&rr=4&abtg=0 HTTP/1.1
Host: p274639.mybetterck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://btpnative.com/
Connection: keep-alive
Cookie: rhid=81412752446
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx
date: Tue, 04 Oct 2022 12:17:14 GMT
content-length: 0
set-cookie: rhid=81412752446; Max-Age=15552000; Expires=Sun, 02-Apr-2023 12:17:14 GMT; Domain=mybetterck.com; Path=/; SameSite=None; secure;
loi=ad_490233_off_142374_aff_3322_cid_274639-582298973-YZVY.COM_ts_1664885834; Max-Age=3600; Expires=Tue, 04-Oct-2022 13:17:14 GMT; Domain=mybetterck.com; Path=/; SameSite=None; secure;
location: https://myfood.ltd/?v=20171031&s1=0
X-Firefox-Spdy: h2