Overview

URL yzvy.com/
IP91.195.240.12
ASNSEDO GmbH
Location Germany
Report completed2022-10-04 12:17:21 UTC
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-10-04 2 yzvy.com/ Malware
mnemonic secure dns  No alerts detected
Quad9 DNS  No alerts detected


Files

No files detected



Passive DNS (15)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2020-05-27 20:08:30 UTC 2022-10-04 09:13:54 UTC 143.204.55.35
mnemonic passive DNS q3.quotes.com (2) 0 2022-09-22 21:17:58 UTC 2022-10-04 01:20:59 UTC 178.162.151.164 Domain (quotes.com) ranked at: 251442
mnemonic passive DNS img-getpocket.cdn.mozilla.net (6) 1631 2017-09-01 03:40:57 UTC 2022-10-04 04:18:32 UTC 34.120.237.76
mnemonic passive DNS mybetterck.com (1) 21362 2022-02-06 09:33:01 UTC 2022-10-04 11:01:18 UTC 108.168.193.189
mnemonic passive DNS p274639.mybetterck.com (1) 381189 2022-06-08 08:33:19 UTC 2022-10-04 07:43:28 UTC 108.168.193.189
mnemonic passive DNS yzvy.com (4) 0 2015-04-16 08:29:45 UTC 2022-10-04 10:11:10 UTC 91.195.240.12 Unknown ranking
mnemonic passive DNS btpnative.com (2) 108657 2018-10-28 06:54:26 UTC 2022-10-03 14:20:28 UTC 209.15.13.136
mnemonic passive DNS ocsp.sectigo.com (1) 487 2018-12-17 11:31:55 UTC 2022-10-04 09:09:40 UTC 172.64.155.188
mnemonic passive DNS ocsp.digicert.com (1) 86 2012-05-21 07:02:23 UTC 2022-10-04 07:51:20 UTC 93.184.220.29
mnemonic passive DNS xml.sedodna.com (1) 278378 2020-10-22 08:18:03 UTC 2022-10-04 06:24:04 UTC 173.239.53.32
mnemonic passive DNS r3.o.lencr.org (6) 344 2020-12-02 08:52:13 UTC 2022-10-04 04:17:22 UTC 23.36.77.32
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-10-04 04:29:41 UTC 143.204.55.110
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-10-04 04:16:51 UTC 34.117.237.239
mnemonic passive DNS push.services.mozilla.com (1) 2140 2015-09-03 10:29:36 UTC 2022-10-04 04:45:06 UTC 34.210.107.213
mnemonic passive DNS img.sedoparking.com (1) 54200 2013-04-22 22:23:29 UTC 2022-10-04 06:20:46 UTC 205.234.175.175


Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 91.195.240.12

Date UQ / IDS / BL URL IP
2022-11-28 19:44:01 +0000
0 - 0 - 1 grassknewspecial.top/ 91.195.240.12
2022-11-28 10:31:31 +0000
0 - 0 - 1 blooduntilproduct.top/ 91.195.240.12
2022-11-27 02:21:10 +0000
0 - 0 - 1 lcntfiqs.bdlifgte.com/ 91.195.240.12
2022-11-26 15:55:14 +0000
0 - 0 - 1 yiqijs.com/ 91.195.240.12
2022-11-26 15:24:05 +0000
0 - 0 - 1 hangelec.com/ 91.195.240.12

Last 5 reports on ASN: SEDO GmbH

Date UQ / IDS / BL URL IP
2022-11-28 20:41:29 +0000
0 - 0 - 3 furubujjul.net/U- 91.195.240.101
2022-11-28 20:18:13 +0000
0 - 0 - 1 ww16.book-of-wonders.com/?sub1=20221129-0717- (...) 91.195.240.112
2022-11-28 19:55:59 +0000
0 - 0 - 1 ww16.wwwintuit.com/lesal/Iicenses/pavment-Iic (...) 64.190.63.136
2022-11-28 19:44:01 +0000
0 - 0 - 1 grassknewspecial.top/ 91.195.240.12
2022-11-28 19:05:11 +0000
0 - 0 - 3 ww16.best-targeted-traffic.com/install.php?un (...) 64.190.63.136

Last 3 reports on domain: yzvy.com

Date UQ / IDS / BL URL IP
2022-10-04 12:17:21 +0000
0 - 0 - 1 yzvy.com/ 91.195.240.12
2022-09-11 17:04:07 +0000
0 - 0 - 1 yzvy.com/ 91.195.240.12
2022-09-04 19:19:31 +0000
0 - 0 - 1 yzvy.com/ 99.83.153.108

Last 5 reports with similar screenshot

Date UQ / IDS / BL URL IP
2022-10-16 07:19:38 +0000
0 - 0 - 1 bmw.cm/ 95.211.219.65
2022-10-08 03:37:08 +0000
0 - 0 - 1 franquinjijecreateursde.afterlivre.com/livre- (...) 209.126.123.12
2022-09-27 06:39:25 +0000
0 - 0 - 2 iekeyword.com/app/?prj=3&pid=jjh1&mac=0800278 (...) 74.206.228.78
2022-09-26 18:58:35 +0000
0 - 0 - 1 c1.getapplicationmy.info/?step_id=1&installer (...) 94.229.72.115
2022-09-12 20:24:17 +0000
0 - 0 - 3 c1.getapplicationmy.info/?step_id=1&installer (...) 162.210.196.172


JavaScript

Executed Scripts (2)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (31)


Request Response
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.35
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-stale=0
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 04 Oct 2022 11:40:45 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 f00e3524edcdf61801454f2bb21e71ce.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: sYJ7onc5GJ0WY9SFX3AoqP93inFAxvptL_0rWfnZoRX3GWkibLVMpg==
Age: 2184


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    2d12f67fe57a87e7366b662d153a5582
Sha1:   d7b02d81cc74f24a251d9363e0f4b0a149264ec1
Sha256: 73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "1F611155394FAC39439B8EC8217D8CD493D6B588D372D264E0D66C03129C50C6"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6971
Expires: Tue, 04 Oct 2022 14:13:22 GMT
Date: Tue, 04 Oct 2022 12:17:11 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.110
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Tue, 04 Oct 2022 05:28:28 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 f66e3db0f0449307dba3fbf72bbf3bac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: BN3IVWthfHCWDlnHq7zybLQD5pqSeMq_PB1MWN9q5zW-vqtE10n4Zg==
age: 24524
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    6113f8408c59aebe188d6af273b90743
Sha1:   7398873bf00f99944eaa77ad3ebc0d43c23dba6b
Sha256: b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Tue, 04 Oct 2022 12:17:11 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.35
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Tue, 04 Oct 2022 11:29:33 GMT
Expires: Tue, 04 Oct 2022 12:17:03 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 a2b4f68a89fc87406bff22c95fc07fba.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: ojkD6-IJ5rEk2b1zu0w3LvNWZsantXu1fXSNWBZPbVZpbZmKpefAJg==
Age: 2858


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 350
Cache-Control: 'max-age=158059'
Date: Tue, 04 Oct 2022 12:17:11 GMT
Last-Modified: Tue, 04 Oct 2022 12:11:21 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 4v4Uz2wizyBHh2+QaC+lig==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         34.210.107.213
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: g1MwblfHUfjn/57kGFv23N/e1Aw=

                                        
                                            GET / HTTP/1.1 
Host: yzvy.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         91.195.240.12
HTTP/1.1 200 OK
content-type: text/html; charset=UTF-8
                                        
date: Tue, 04 Oct 2022 12:17:12 GMT
transfer-encoding: chunked
vary: Accept-Encoding
x-powered-by: PHP/8.1.9
expires: Mon, 26 Jul 1997 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_IiRbeZyNxSpOHSLOLeviHJbNp2Ss5Hto0eHhoYiI0RCU06xM1DY6EWVBW3GoOAP1tTAZ0H6zTKUzv9qqLoszEg==
last-modified: Tue, 04 Oct 2022 12:17:10 GMT
x-cache-miss-from: parking-69b897b95b-jm4r7
server: NginX
content-encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (672)
Size:   1292
Md5:    7eab660a0086c800ad5794f25e3babce
Sha1:   98855300328af838bb65abf954c3515cba3bda0d
Sha256: 095189ae23a530c21862a075195fd8dff424f157376b74d4aa10958c143d9fef

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /images/js_preloader.gif HTTP/1.1 
Host: img.sedoparking.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yzvy.com/

                                         
                                         205.234.175.175
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Date: Tue, 04 Oct 2022 12:17:12 GMT
Content-Length: 4254
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=604800
Expires: Tue, 11 Oct 2022 12:17:12 GMT
X-CFHash: "90c93102a88c2ab94bff1575b7a6e86e"
X-CFF: B
Last-Modified: Fri, 15 Mar 2019 12:24:07 GMT
X-CF3: H
CF4Age: 156700
x-cf-tsc: 1648179742
CF4ttl: 31536000.000
X-CF2: H
Server: CFS 0215
X-CF-ReqID: 8b888683b2e8eec66b365d5bdda6d96c
X-CF1: 11696:fA.arn1:cf:cacheN.arn1-01:H
Accept-Ranges: bytes


--- Additional Info ---
Magic:  GIF image data, version 89a, 16 x 16\012- data
Size:   4254
Md5:    90c93102a88c2ab94bff1575b7a6e86e
Sha1:   56d71bf13de464534643db9d127629a0a3bf677a
Sha256: 5f6ad7031600056b578a6e8c6b34bc718d13125cc8256aa4a9050e549576f81a
                                        
                                            GET /search/tsc.php?200=NDUwMTc4NTYz&21=OTEuOTAuNDIuMTU0&681=MTY2NDg4NTgzMmEwOTA2MTRkOWZiZDJjN2ZhNjQzOWNkMGNkYWNjYWFj&crc=f529883919f1ac1153ab4853bf50b6098ae05a09&cv=1 HTTP/1.1 
Host: yzvy.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yzvy.com/

                                         
                                         91.195.240.12
HTTP/1.1 200 OK
content-type: text/html; charset=UTF-8
                                        
date: Tue, 04 Oct 2022 12:17:12 GMT
content-length: 0
x-powered-by: PHP/8.1.9
x-cache-miss-from: parking-69b897b95b-m72r9
server: NginX

                                        
                                            GET /search/redirect.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3D00SSuMtMW5I_0&v=Mjg5Y2QyYzgxMjY0MzRiOWY1ZTExYzMwMjEwOTU1MTgJMQl5enZ5LmNvbTYzM2MyNDQ2YzFjMmU2LjExNDQ2NTg0CXl6dnkuY29tNjMzYzI0NDZjMWM1NTIuMTU1NDQwOTgJMTY2NDg4NTgzMglhZF82M18w&l=OAliZDhiODAwZjdlNGM2NmZkZGNkYjFhNGZmY2I1NDMzMwkwCTM1CTAJYTM5NTk3ODk4NWNmYmY4NzVkZjZiNTQ2MjhlZjgwZmIJNDUwMTc4NTYzCXl6dnkJMAk2Mwk2CTIJMTY2NDg4NTgzMgkwLjAwMDIwMQlOCTAJMAkwCTEyMDUJMjg2NjU0MjIJOTEuOTAuNDIuMTU0CTA%3D HTTP/1.1 
Host: yzvy.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://yzvy.com/
Upgrade-Insecure-Requests: 1

                                         
                                         91.195.240.12
HTTP/1.1 302 Found
content-type: text/html; charset=UTF-8
                                        
date: Tue, 04 Oct 2022 12:17:12 GMT
content-length: 0
x-powered-by: PHP/8.1.9
expires: Mon, 26 Jul 1997 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
last-modified: Tue, 04 Oct 2022 12:17:12 GMT
location: /search/tcerider.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3D00SSuMtMW5I_0&v=Mjg5Y2QyYzgxMjY0MzRiOWY1ZTExYzMwMjEwOTU1MTgJMQl5enZ5LmNvbTYzM2MyNDQ2YzFjMmU2LjExNDQ2NTg0CXl6dnkuY29tNjMzYzI0NDZjMWM1NTIuMTU1NDQwOTgJMTY2NDg4NTgzMglhZF82M18w&l=OAliZDhiODAwZjdlNGM2NmZkZGNkYjFhNGZmY2I1NDMzMwkwCTM1CTAJYTM5NTk3ODk4NWNmYmY4NzVkZjZiNTQ2MjhlZjgwZmIJNDUwMTc4NTYzCXl6dnkJMAk2Mwk2CTIJMTY2NDg4NTgzMgkwLjAwMDIwMQlOCTAJMAkwCTEyMDUJMjg2NjU0MjIJOTEuOTAuNDIuMTU0CTA%3D
x-cache-miss-from: parking-69b897b95b-xx927
server: NginX

                                        
                                            GET /search/tcerider.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3D00SSuMtMW5I_0&v=Mjg5Y2QyYzgxMjY0MzRiOWY1ZTExYzMwMjEwOTU1MTgJMQl5enZ5LmNvbTYzM2MyNDQ2YzFjMmU2LjExNDQ2NTg0CXl6dnkuY29tNjMzYzI0NDZjMWM1NTIuMTU1NDQwOTgJMTY2NDg4NTgzMglhZF82M18w&l=OAliZDhiODAwZjdlNGM2NmZkZGNkYjFhNGZmY2I1NDMzMwkwCTM1CTAJYTM5NTk3ODk4NWNmYmY4NzVkZjZiNTQ2MjhlZjgwZmIJNDUwMTc4NTYzCXl6dnkJMAk2Mwk2CTIJMTY2NDg4NTgzMgkwLjAwMDIwMQlOCTAJMAkwCTEyMDUJMjg2NjU0MjIJOTEuOTAuNDIuMTU0CTA%3D HTTP/1.1 
Host: yzvy.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://yzvy.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         91.195.240.12
HTTP/1.1 302 Found
content-type: text/html; charset=UTF-8
                                        
date: Tue, 04 Oct 2022 12:17:12 GMT
transfer-encoding: chunked
x-powered-by: PHP/8.1.9
expires: Mon, 26 Jul 1997 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
last-modified: Tue, 04 Oct 2022 12:17:12 GMT
location: http://xml.sedodna.com/click?i=00SSuMtMW5I_0
x-cache-miss-from: parking-69b897b95b-g4w4f
server: NginX


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   311
Md5:    8c73f822fd255e3714e925b38d3608f1
Sha1:   7f06d4e7e178f48682ab11a17f695fb37d1dce3e
Sha256: 0e844a55f5bd9f953214db9d718606b5db22529c8b169a14ef04b155e12ea248
                                        
                                            GET /click?i=00SSuMtMW5I_0 HTTP/1.1 
Host: xml.sedodna.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://yzvy.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         173.239.53.32
HTTP/1.1 302 Found
                                        
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: http://q3.quotes.com/78fcfdd0-43de-11ed-b641-2534284fcacb
Pragma: no-cache

                                        
                                            GET /78fcfdd0-43de-11ed-b641-2534284fcacb HTTP/1.1 
Host: q3.quotes.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://yzvy.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         178.162.151.164
HTTP/1.1 200 OK
content-type: text/html; charset=utf-8
                                        
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 170
date: Tue, 04 Oct 2022 12:17:13 GMT
server: nginx


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with no line terminators
Size:   170
Md5:    8791c6ca844ce08b056b3ea6d5499b3e
Sha1:   0d628d38dad69290cf5a8308c2142e586f71e88f
Sha256: f5e81e43cae696456d46e86575ef6b98ceb5017ef8fc9b82fe908fdc53048dd5
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "E8E5212B8D90257F23BDB0D1D643B5E7D7528D964056C3A4A269B5E09F409F2D"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5533
Expires: Tue, 04 Oct 2022 13:49:26 GMT
Date: Tue, 04 Oct 2022 12:17:13 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "E8E5212B8D90257F23BDB0D1D643B5E7D7528D964056C3A4A269B5E09F409F2D"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5533
Expires: Tue, 04 Oct 2022 13:49:26 GMT
Date: Tue, 04 Oct 2022 12:17:13 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "E8E5212B8D90257F23BDB0D1D643B5E7D7528D964056C3A4A269B5E09F409F2D"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5533
Expires: Tue, 04 Oct 2022 13:49:26 GMT
Date: Tue, 04 Oct 2022 12:17:13 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "E8E5212B8D90257F23BDB0D1D643B5E7D7528D964056C3A4A269B5E09F409F2D"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5533
Expires: Tue, 04 Oct 2022 13:49:26 GMT
Date: Tue, 04 Oct 2022 12:17:13 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "E8E5212B8D90257F23BDB0D1D643B5E7D7528D964056C3A4A269B5E09F409F2D"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5533
Expires: Tue, 04 Oct 2022 13:49:26 GMT
Date: Tue, 04 Oct 2022 12:17:13 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22873375-e381-41ee-a4b6-18ad56172e59.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8508
x-amzn-requestid: 63afa079-f66e-428a-b491-c5859aed2e3b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZJFU9EknoAMF1uA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63338285-54f784262318d7ca0e560d44;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 23:08:53 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: GWTKxBPZnk_dqf9onY05WB16ubdsa93FcrjpqVxBrqBbCZXLSk_HHg==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 89791e6b21b9a30cc51cac1bc51cf098.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 14:41:51 GMT
age: 77722
etag: "a98da6b6ce993bd8f3b58ba42915cd9c4b45946c"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8508
Md5:    515e23ff5ef0fc336ac5ec7fd31dfacd
Sha1:   a98da6b6ce993bd8f3b58ba42915cd9c4b45946c
Sha256: 77c186eb00def4a978d1bfd9eac755f70bf465f622991aaf6681227aec3e118a
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8641c47a-9aff-4f73-bb07-6770cbbcc8d6.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5504
x-amzn-requestid: 37405eb0-5c75-46a9-84c0-e8ed726995d8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcpHvHPvoAMF3mg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b5564-77fd550b58af612525e74761;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:34:28 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: Ovm2wuk28PygH4EZNEUoPchoHQggWCyXbYHOjMV1tZmfyDrL6PjPZA==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 22:29:19 GMT
age: 49674
etag: "20ef861be49c652a938e0145e4ca3a60159367e2"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5504
Md5:    6c6882c60d7ca6f918c77104e3ad1d52
Sha1:   20ef861be49c652a938e0145e4ca3a60159367e2
Sha256: 861f5870990fbd2939d151ae18384cf311e87067ca9a50818efe0c2d51b83088
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a61745f-0c9b-404a-ba22-0a69cf2f0383.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4858
x-amzn-requestid: fb21c414-2994-444a-a838-e643fd05b171
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcpvTEfPoAMFfeQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b5661-593dd8043b0490e7301cac0d;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:38:41 GMT
x-amz-cf-pop: SFO5-P2, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: MiSh_FjAciKCaOakY2mM_EHBN1Z6GIDYIP8mwS4ikkrToQN3Ktsv2g==
via: 1.1 773ca14e6bd4bf9244988cb69fc9dca8.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 21:56:46 GMT
age: 51627
etag: "585e7146fd24cdc2496b05baafea04091dc541e2"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4858
Md5:    6779181f9c06975f2a662da743893939
Sha1:   585e7146fd24cdc2496b05baafea04091dc541e2
Sha256: 8e9a9f92fd89b7cdce77884ccd76b83ab82d28f125ebfc1cb0d371d4046b7985
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fec31ab6c-46f2-4d77-a807-9f14bb5073bc.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 11955
x-amzn-requestid: ce6bbe93-95b0-4b6e-a8bc-012796485e67
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zcqb9FUtoAMF0WQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b577f-59dc0a18523f900a059aa5df;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:43:27 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: tJwzKfs7HnQ7dVcINwnlzxTChXiEi4JPj8jrS8p5KhurRx_o3ZVOZQ==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 9c675215120a4ade8754c4357ef2f3ea.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 22:10:59 GMT
etag: "e2ea2ef6805e391c497e62e101e76a0bdecfce64"
age: 50774
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   11955
Md5:    54b3ef7aa50273b78b59c24511b0c1f9
Sha1:   e2ea2ef6805e391c497e62e101e76a0bdecfce64
Sha256: 296e8954022d5160137b3e02ab5085a15cee7c23cd6d4ca61b36880706062457
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F545190f2-96f3-40f8-bd46-cebe7171aee7.webp HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9917
x-amzn-requestid: 2dff93d9-795d-4885-9b82-610b0d235a82
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcpvTGEnIAMF1zg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b5661-117afa703663ada75627792c;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:38:41 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: p5nOqBojKO6S-c_DxIu8B3p-NK0pzRHkz0DOPeyv7PQt9h0x1jdtoQ==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 1508efc4152aa1778ed4adecb328b374.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 21:55:54 GMT
age: 51679
etag: "22aab05208a01ae5def4d63dc145085630f57bcb"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9917
Md5:    d8c08f8066cc732de8befd6ccd629a95
Sha1:   22aab05208a01ae5def4d63dc145085630f57bcb
Sha256: f8a560a0563518d992d0bd2655d2b5c406435a18e874ca00b51374d2ff901770
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffdb412b7-1bf6-4a48-b9f1-b171f540e434.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4151
x-amzn-requestid: f709a11e-cbea-4965-8502-94ddbd8768bb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcpvSF3YIAMFdow=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b5661-29bfa31d51e8f60b38136dba;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:38:41 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 7H1QKlOtoBoVz93G5lddxHSGiTjtMnHJCZX5FhwqhNPkspslaDoFQA==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 02d90bf99fd6253b329a53c82f19e224.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 21:57:01 GMT
age: 51612
etag: "c20f1fac9020eb4bd6c84583f73872979639b991"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4151
Md5:    24a4a122273ef9f772852031eb13114a
Sha1:   c20f1fac9020eb4bd6c84583f73872979639b991
Sha256: 8e1ffbed5f156637ed2f22e81d03f6d85eff0c28237c1639ea5f977e92ee7b70
                                        
                                            GET /78fcfdd0-43de-11ed-b641-2534284fcacb?hr=1 HTTP/1.1 
Host: q3.quotes.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         178.162.151.164
HTTP/1.1 302 Found
                                        
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 11
date: Tue, 04 Oct 2022 12:17:13 GMT
location: http://btpnative.com/click?data=aTZxZVN2VjUxc3ZkY0x1M2hzVUZXZmlNZVdOakxEb2NQOGF2OW5xT0hJamlUaHFvR2VTUzFyaFhKaUZwZ3RzeVdieUJiS0JRM2ZHMDNpZTlhNkdKcmlZaTlVYklad3B1TlZRSGhwM2tiUzJ5UUpTUDlmR2FZTzR1VUJDM0t5dVNVVGc2OE9CLUFlN2F2VDJZNVdKclZRMg2&id=48a5631d-2ae0-401d-9148-973a57cd2d92
server: nginx


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   11
Md5:    32682312d17c7cbf18e73594f5570319
Sha1:   60e22121bdd0bc71cdb2bae2a3aa577006b2eae9
Sha256: e55fb1a1d731153e943b68844af12dcce8bfac917c98ffdea64c80da0607dd47
                                        
                                            GET /click?data=aTZxZVN2VjUxc3ZkY0x1M2hzVUZXZmlNZVdOakxEb2NQOGF2OW5xT0hJamlUaHFvR2VTUzFyaFhKaUZwZ3RzeVdieUJiS0JRM2ZHMDNpZTlhNkdKcmlZaTlVYklad3B1TlZRSGhwM2tiUzJ5UUpTUDlmR2FZTzR1VUJDM0t5dVNVVGc2OE9CLUFlN2F2VDJZNVdKclZRMg2&id=48a5631d-2ae0-401d-9148-973a57cd2d92 HTTP/1.1 
Host: btpnative.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         209.15.13.136
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Cache-Control: private
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-AspNetMvc-Version: 5.2
X-AspNet-Version: 4.0.30319
Set-Cookie: wWDJWBUXMAStows=wWDJWBUXMAStows; path=/
X-Server: web02
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type
Date: Tue, 04 Oct 2022 12:17:12 GMT
Content-Length: 2127


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (320), with CRLF line terminators
Size:   2127
Md5:    cf0e83536edbb42610b0ef3d109065fe
Sha1:   2ff06d83ea763d0c86b8692b8186b56bfd026646
Sha256: da37949e865d05e2066d3bc52fa257a9430f92c529274c7d63091a0ca5608977
                                        
                                            POST /Redirect/ HTTP/1.1 
Host: btpnative.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 329
Origin: http://btpnative.com
Connection: keep-alive
Referer: http://btpnative.com/click?data=aTZxZVN2VjUxc3ZkY0x1M2hzVUZXZmlNZVdOakxEb2NQOGF2OW5xT0hJamlUaHFvR2VTUzFyaFhKaUZwZ3RzeVdieUJiS0JRM2ZHMDNpZTlhNkdKcmlZaTlVYklad3B1TlZRSGhwM2tiUzJ5UUpTUDlmR2FZTzR1VUJDM0t5dVNVVGc2OE9CLUFlN2F2VDJZNVdKclZRMg2&id=48a5631d-2ae0-401d-9148-973a57cd2d92
Cookie: wWDJWBUXMAStows=wWDJWBUXMAStows
Upgrade-Insecure-Requests: 1

                                         
                                         209.15.13.136
HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
                                        
Cache-Control: private
Location: https://mybetterck.com/aS/feedclick?s=HFz5zNIIs95ROWPasgEEzx8Me0kzRtReLyT4nqgY4lXusdLy4zkOjvKPQlCz-mkqJ-J_MlxHbnZPYJMKbc_lPFsLtTfRMmnZg570qmhSob8o_2szb4ydpgXg034XLZA3sLI_RalizEQmcVjFyxSKD9mNp-ZNGHhwfOw5OY8cfNVWFNoxbCKertEYtpwEjfuVnCdL4tZEo46lrkwoR7mL8GEkoNYKVdn6Rf8uOXI3CXybbtBC036cDg56-Kiuuts5uLj1oP5dHcnp7_q195LUGeGWVrQeUy_Cf0Sa8TYaTgSoynlrW84w10uEoc4psd6qclmwYMVLIt3mqvjnruW6kAyMcBxrV6g-2ZcTUlFhnFQnOKwfLeJL0xFY1V8SkfUMdkGoOwimacfDRa-QLXDYNP4pHrNTc2d6Fdb_LbGfvUh0D27VxxW12WyFNULLy3RUoeA41AROWbpy9o8ViyrTBCHRNFkP4AMj01XVga0Ne7wXArglNBDQET0NdgGT-OdMEgobweb-Qsqtvlp_SRrdR27Jzid7K4n4aYSC8u-GXNxVHDV8r4Uxb2n-OLLGhRs9WRv0wiQSxxd2gATlqNpPHfhq1NPCwLhL0bA4KCo99-iK2jOPC_VPHkngNwUNnOgL2hXmCL90sB1WX2-WvU1XrwpJCKT9ICyBmpOPkUT8dPWDbTwPfZS-XR9iTamOoQ5TpfbOKbz2vTFIWNxQfEGK2NhZ34qHIgK8me9OzW2uuKtrNMxV0zBatNKiHuUBUm_GU8bdX2pg1VmqqwTCJZxIbKeLU8x-pPrbZnhCVYFvB6Cvv5d6Gc1mRXC40bBa2Jau1oK0LzRSUlX47IZzrxgtChUx1LZmQmYP1_v2mE5S-FvnuFVWry4roQSbQXLplekM8xLrAXSqwXcR8YZcC-FfOmH_JkHChnAfy__VetOptHkw8mZomxqxInrmJOeRnuw5QWsZeVDaehPAxvoCgo1X2DGOtzShi6LesNabZfRSVHXANpyfx7sXm5__Aae8bX7qOeqwk9ENwlt55tECxBiCsDSSEby90wvN5fRMpfOqtRO5o6Z0JEfM65kSHR8wMseU5ImlzngRh5JhWFujM_vfbEH6Pp28hcq-ZWVz4kJ7UZnU8BR0AlMNvABIO6nmfWEcySD-n5C41lRu3omWTxk-cw3Yt7QzA_fIpNJsFBOeASBFyl5CHiJ2oN0d2jjb5nzO9XoBlkjl5Cew-wKs3XYIKtl6zmwxYmZRLjddtNgvdsvFKwAFgloip-ZQ5AdIgfoOE8JF80g8EcMMLluUHoZDmMjPOHSGnqiAQPBUOL4USEFwlhZkpbugoBh8FM1DolkmeDBEanPsRxxcTQtRPdux7T0LMSdHXhlfCTnoKjeRsT1oVj_Y6M0ygx1B5OinXJ07jwWRqw0hRPuqdSD7wWOz07EqwSc6YFL5yA0uQ-uN-pInKtMxGLpBojQ2QA1_qEvmKWLhbo1iIvAKiXhgV_Pj3EiFQr1p4g7WnC6yAAoqoyF7iMsdW4c3ZnPXxuXRQZyvqzcUaUCiIq1cfx0th3Q4kblrBsXid41MFqmAC6xKscOBwN-m2qfy2dr7ZXGd5YAlU39kf2AHeVzz8tGbE4uYSG_zkp394gsKUyv3JqvplwEknfhJXt0RRk8laoN4yf5MoK1GYgiI77a5BFx9nw9OAopx_SibtqvF1E8STB8_WdHSkuvXg4NO5_AXzXJe5ZDcTZi0A1M4GwCOi7N6AKaY2cPV5SIV-p6zYa3qQvnObIuih26Ce_wl-kGMnp5jlJ17o_n_VMWxhu8tILVVxMLY1zAVM3CN0Q-wJTu6AXYz7K4TxDcY0Ua4iunq3YN_0ZLzNDZADX-oS-aO91UovxzeRfQaTYYMFQxDEwrLEAaOW_juD4rZNeXej0uuri72txmT
Server: Microsoft-IIS/8.5
X-AspNetMvc-Version: 5.2
X-AspNet-Version: 4.0.30319
X-Server: web02
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type
Date: Tue, 04 Oct 2022 12:17:13 GMT
Content-Length: 2075


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (2003), with CRLF line terminators
Size:   2075
Md5:    867e8585a2f384190ee497168376a9d1
Sha1:   060da969da8496441b455faf1952fefd6aaae068
Sha256: 852a871135af53896e95c6b447a1a31a199dc58c8f5e3000519bc1edd09c02c9
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 04 Oct 2022 12:17:14 GMT
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 03 Oct 2022 19:20:08 GMT
Expires: Mon, 10 Oct 2022 19:20:07 GMT
Etag: "27bffe0e73ced0d7eaa01ff6893a6b41eab18f0f"
Cache-Control: max-age=543172,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 754dda705d3ffac8-OSL

                                        
                                            GET /aS/feedclick?s=HFz5zNIIs95ROWPasgEEzx8Me0kzRtReLyT4nqgY4lXusdLy4zkOjvKPQlCz-mkqJ-J_MlxHbnZPYJMKbc_lPFsLtTfRMmnZg570qmhSob8o_2szb4ydpgXg034XLZA3sLI_RalizEQmcVjFyxSKD9mNp-ZNGHhwfOw5OY8cfNVWFNoxbCKertEYtpwEjfuVnCdL4tZEo46lrkwoR7mL8GEkoNYKVdn6Rf8uOXI3CXybbtBC036cDg56-Kiuuts5uLj1oP5dHcnp7_q195LUGeGWVrQeUy_Cf0Sa8TYaTgSoynlrW84w10uEoc4psd6qclmwYMVLIt3mqvjnruW6kAyMcBxrV6g-2ZcTUlFhnFQnOKwfLeJL0xFY1V8SkfUMdkGoOwimacfDRa-QLXDYNP4pHrNTc2d6Fdb_LbGfvUh0D27VxxW12WyFNULLy3RUoeA41AROWbpy9o8ViyrTBCHRNFkP4AMj01XVga0Ne7wXArglNBDQET0NdgGT-OdMEgobweb-Qsqtvlp_SRrdR27Jzid7K4n4aYSC8u-GXNxVHDV8r4Uxb2n-OLLGhRs9WRv0wiQSxxd2gATlqNpPHfhq1NPCwLhL0bA4KCo99-iK2jOPC_VPHkngNwUNnOgL2hXmCL90sB1WX2-WvU1XrwpJCKT9ICyBmpOPkUT8dPWDbTwPfZS-XR9iTamOoQ5TpfbOKbz2vTFIWNxQfEGK2NhZ34qHIgK8me9OzW2uuKtrNMxV0zBatNKiHuUBUm_GU8bdX2pg1VmqqwTCJZxIbKeLU8x-pPrbZnhCVYFvB6Cvv5d6Gc1mRXC40bBa2Jau1oK0LzRSUlX47IZzrxgtChUx1LZmQmYP1_v2mE5S-FvnuFVWry4roQSbQXLplekM8xLrAXSqwXcR8YZcC-FfOmH_JkHChnAfy__VetOptHkw8mZomxqxInrmJOeRnuw5QWsZeVDaehPAxvoCgo1X2DGOtzShi6LesNabZfRSVHXANpyfx7sXm5__Aae8bX7qOeqwk9ENwlt55tECxBiCsDSSEby90wvN5fRMpfOqtRO5o6Z0JEfM65kSHR8wMseU5ImlzngRh5JhWFujM_vfbEH6Pp28hcq-ZWVz4kJ7UZnU8BR0AlMNvABIO6nmfWEcySD-n5C41lRu3omWTxk-cw3Yt7QzA_fIpNJsFBOeASBFyl5CHiJ2oN0d2jjb5nzO9XoBlkjl5Cew-wKs3XYIKtl6zmwxYmZRLjddtNgvdsvFKwAFgloip-ZQ5AdIgfoOE8JF80g8EcMMLluUHoZDmMjPOHSGnqiAQPBUOL4USEFwlhZkpbugoBh8FM1DolkmeDBEanPsRxxcTQtRPdux7T0LMSdHXhlfCTnoKjeRsT1oVj_Y6M0ygx1B5OinXJ07jwWRqw0hRPuqdSD7wWOz07EqwSc6YFL5yA0uQ-uN-pInKtMxGLpBojQ2QA1_qEvmKWLhbo1iIvAKiXhgV_Pj3EiFQr1p4g7WnC6yAAoqoyF7iMsdW4c3ZnPXxuXRQZyvqzcUaUCiIq1cfx0th3Q4kblrBsXid41MFqmAC6xKscOBwN-m2qfy2dr7ZXGd5YAlU39kf2AHeVzz8tGbE4uYSG_zkp394gsKUyv3JqvplwEknfhJXt0RRk8laoN4yf5MoK1GYgiI77a5BFx9nw9OAopx_SibtqvF1E8STB8_WdHSkuvXg4NO5_AXzXJe5ZDcTZi0A1M4GwCOi7N6AKaY2cPV5SIV-p6zYa3qQvnObIuih26Ce_wl-kGMnp5jlJ17o_n_VMWxhu8tILVVxMLY1zAVM3CN0Q-wJTu6AXYz7K4TxDcY0Ua4iunq3YN_0ZLzNDZADX-oS-aO91UovxzeRfQaTYYMFQxDEwrLEAaOW_juD4rZNeXej0uuri72txmT HTTP/1.1 
Host: mybetterck.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://btpnative.com/
Connection: keep-alive
Cookie: rhid=81412752446
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         108.168.193.189
HTTP/2 302 Found
                                        
server: nginx
date: Tue, 04 Oct 2022 12:17:14 GMT
content-length: 0
set-cookie: rhid=81412752446; Max-Age=15552000; Expires=Sun, 02-Apr-2023 12:17:14 GMT; Domain=mybetterck.com; Path=/; SameSite=None; secure;
location: https://p274639.mybetterck.com/adServe/domainClick?ai=gNSPw4YcvsCApKkKBx7IDM0HWt4K4OmObMY0X3aHtrWsZKRstg7hyzVwJ2AuHbWvAtqT-5TpEkg77ve5nAyGvIsibpq-y6mfJ3z3-TZCmvr1ruVjoVFQX8TXNY-lOSXJq4aeyyabvT8zX8r3edJnKjw3mjMCYb4IeC0ZCwsSLbA8vC-IEblqM5sD_vVA1n525i4cGzeHeYbjOJsHVX4a7bw7yHWY6BM0tkozj-3M-OwYAjiClRhL0zxdvUdClQDIfFwA5c5LytX-vXIKYYFgK7rA7nR_FvrTByS1elyvCGETXnLPvbyStX_9b8ky2I1bKC7gQCEt6FVlqf_64l0Z6hpyy_YN0YQtpLSZmparWHUTxDcY0Ua4ivr4nvPsKvQNOYwwqJPWDKzNB1reCuDpjuUIwhEPFAsT6dGGqN2xFmoIfgDk7o_HvrFzJDPotUiZ1QlvVKC08ytv0-cfxRgHaSCijZY_SNQadM5ECUeELJfkQmjZE96sjp8DPbGbSNtJN0JJKTQdChujiGYQ-VGfM1BKQ8__OyXIgafZ9sDvHt0Fy9LbfW_6duFoOnPfBtp4eZJutMQjpTcuDi9ZpyJrxP09V6ZFcdrqcc3-XZakKfOEJwiKuJdU-dj1KaTVPBqbwqS_mk8O4Wsi-JGCATPNNaiLaoUOknGn&ui=HFz5zNIIs96w8gbO8AoGVPmI0xR1wwxSHTbvXa9bc3i8HGzZExOExjS5S8I15QwkaVMRp6dWf4jJJVuDLqLwcFl20wdZRzi_sjII46KDRJ_6EgtK3wmDUA&si=1&oref=bb0937fcab459606984b9026e0d41c6a&optunit=E8Q3GNFGuIplkkLEB146pQ&rb=LW_v4KVZAgI&rr=4&abtg=0
X-Firefox-Spdy: h2

                                        
                                            GET /adServe/domainClick?ai=gNSPw4YcvsCApKkKBx7IDM0HWt4K4OmObMY0X3aHtrWsZKRstg7hyzVwJ2AuHbWvAtqT-5TpEkg77ve5nAyGvIsibpq-y6mfJ3z3-TZCmvr1ruVjoVFQX8TXNY-lOSXJq4aeyyabvT8zX8r3edJnKjw3mjMCYb4IeC0ZCwsSLbA8vC-IEblqM5sD_vVA1n525i4cGzeHeYbjOJsHVX4a7bw7yHWY6BM0tkozj-3M-OwYAjiClRhL0zxdvUdClQDIfFwA5c5LytX-vXIKYYFgK7rA7nR_FvrTByS1elyvCGETXnLPvbyStX_9b8ky2I1bKC7gQCEt6FVlqf_64l0Z6hpyy_YN0YQtpLSZmparWHUTxDcY0Ua4ivr4nvPsKvQNOYwwqJPWDKzNB1reCuDpjuUIwhEPFAsT6dGGqN2xFmoIfgDk7o_HvrFzJDPotUiZ1QlvVKC08ytv0-cfxRgHaSCijZY_SNQadM5ECUeELJfkQmjZE96sjp8DPbGbSNtJN0JJKTQdChujiGYQ-VGfM1BKQ8__OyXIgafZ9sDvHt0Fy9LbfW_6duFoOnPfBtp4eZJutMQjpTcuDi9ZpyJrxP09V6ZFcdrqcc3-XZakKfOEJwiKuJdU-dj1KaTVPBqbwqS_mk8O4Wsi-JGCATPNNaiLaoUOknGn&ui=HFz5zNIIs96w8gbO8AoGVPmI0xR1wwxSHTbvXa9bc3i8HGzZExOExjS5S8I15QwkaVMRp6dWf4jJJVuDLqLwcFl20wdZRzi_sjII46KDRJ_6EgtK3wmDUA&si=1&oref=bb0937fcab459606984b9026e0d41c6a&optunit=E8Q3GNFGuIplkkLEB146pQ&rb=LW_v4KVZAgI&rr=4&abtg=0 HTTP/1.1 
Host: p274639.mybetterck.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://btpnative.com/
Connection: keep-alive
Cookie: rhid=81412752446
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         108.168.193.189
HTTP/2 302 Found
                                        
server: nginx
date: Tue, 04 Oct 2022 12:17:14 GMT
content-length: 0
set-cookie: rhid=81412752446; Max-Age=15552000; Expires=Sun, 02-Apr-2023 12:17:14 GMT; Domain=mybetterck.com; Path=/; SameSite=None; secure; loi=ad_490233_off_142374_aff_3322_cid_274639-582298973-YZVY.COM_ts_1664885834; Max-Age=3600; Expires=Tue, 04-Oct-2022 13:17:14 GMT; Domain=mybetterck.com; Path=/; SameSite=None; secure;
location: https://myfood.ltd/?v=20171031&s1=0
X-Firefox-Spdy: h2