grapefort.com/?a=1003&oc=15341&c=42507&m=3&s1=2_20002_2632619&s2=1649_1131725_3533207_30&s3=1_107-178-200-213&ckmguid=187cae9c-c85d-4c27-bed6-6bacb2b50f29
35.233.80.224302 Found 205 B URL HTTP/1.1 grapefort.com/?a=1003&oc=15341&c=42507&m=3&s1=2_20002_2632619&s2=1649_1131725_3533207_30&s3=1_107-178-200-213&ckmguid=187cae9c-c85d-4c27-bed6-6bacb2b50f29
IP 35.233.80.224:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash ef593c0f52c9287a0f23f8f23a136692
cc74d0484eaa19b961e229c7135d202f32078c37
c26f0b4443624a30266384a6cd5c123e48b024701b36dff50fdc7b928e742f7c
GET /?a=1003&oc=15341&c=42507&m=3&s1=2_20002_2632619&s2=1649_1131725_3533207_30&s3=1_107-178-200-213&ckmguid=187cae9c-c85d-4c27-bed6-6bacb2b50f29 HTTP/1.1
Host: grapefort.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
date: Tue, 20 Sep 2022 22:26:00 GMT
content-type: text/html; charset=utf-8
content-length: 205
cache-control: private
location: https://r.goaffmy.com/click?pid=14012&offer_id=3284&sub1=266780062&sub2=1003
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
set-cookie: st=QEdWEdXIL3e8AfQ5PhEF8b3oVLircl/Ap5N3j1kozbsGQrAVI8WrUg==; domain=.grapefort.com; path=/; HttpOnly
ti=mMYLnmlrNO2Tto9OgDd2er3oVLircl/Ap5N3j1kozbsGQrAVI8WrUg==; domain=.grapefort.com; expires=Fri, 20-Sep-2024 22:26:00 GMT; path=/; HttpOnly
c15289=QEdWEdXIL3ef0js5u5aLLYGqg1HRiX255oKMCLQKIejGxM02ZPX6UA==; domain=.grapefort.com; expires=Thu, 20-Oct-2022 22:26:00 GMT; path=/; HttpOnly
firefox.settings.services.mozilla.com/v1/
143.204.55.27200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 804f8bbb7f556d51a5f52d5ebd5b6eef
922cd7e06df278615a04abb81d811d14596c8180
ef4804d381a34ab67873a7755621081c49c646310e085a9b2356ae07098f6021
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Length, Backoff, Retry-After, Content-Type
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 20 Sep 2022 21:39:34 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 e49f22f18c16784c0f42291e768d1daa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: APw98GzFR_-gJ0UZ5CnrHuLz8dBtApU_kd2nX2tDdGdNLe_BlGIehQ==
Age: 2786
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a26d0784548ecab22f417f3d689daf23
8893b79366bbadeb5c8d587b8f023e310694df1c
35baaae7b3ce3110ebb2b075881cfab55ecf3eab57d834283fd18ac691b41fa2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "35BAAAE7B3CE3110EBB2B075881CFAB55ECF3EAB57D834283FD18AC691B41FA2"
Last-Modified: Tue, 20 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13091
Expires: Wed, 21 Sep 2022 02:04:11 GMT
Date: Tue, 20 Sep 2022 22:26:00 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
143.204.55.25200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 143.204.55.25:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Tue, 20 Sep 2022 04:35:14 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 71c98156ae29b36a903974f9dd2568f8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: fq-z_jqae5vIkvDGJ0ZAFj3GbdaB_w6ItszOkFBiwMDqhaCbLA2qYg==
age: 64247
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 20 Sep 2022 22:26:00 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.27200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Tue, 20 Sep 2022 22:03:22 GMT
Expires: Tue, 20 Sep 2022 22:32:37 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 71c98156ae29b36a903974f9dd2568f8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: S7mOOQXteD5hP2zDxj6lsU6MDtGVmwMAZmA765R6LGpPM9_WiHVwvg==
Age: 1358
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash a28b4774ca65b208b725682e8162af1b
441581198669642ae056dfdefd18142e9bb862b5
3ef6e15765a000a06e6b61aaf3b4097abc19934094b696314c66ea2e97aac8b7
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 20 Sep 2022 22:26:00 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 19 Sep 2022 13:23:13 GMT
Expires: Mon, 26 Sep 2022 13:23:12 GMT
Etag: "441581198669642ae056dfdefd18142e9bb862b5"
Cache-Control: max-age=485231,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74ddfaf2f8771c0a-OSL
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash edf07cd621f733b0eb50c632387ebf4f
61a082d26501c2c8d481b1676d0de2e585269613
e5c4324e4c55824b86f48bf0b9a1d317a82e7d3c19bdea7a91d78ce98d68a980
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5905
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 22:26:01 GMT
Last-Modified: Tue, 20 Sep 2022 20:47:36 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
54.149.83.187101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.149.83.187:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: avJ274wnGxyH7kntJskjaQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: yQDpjaEuAQn0GzFNYfUQJPj1J6k=
r.goaffmy.com/click?pid=14012&offer_id=3284&sub1=266780062&sub2=1003
34.141.137.168302 Found 0 B URL HTTP/2 r.goaffmy.com/click?pid=14012&offer_id=3284&sub1=266780062&sub2=1003
IP 34.141.137.168:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?pid=14012&offer_id=3284&sub1=266780062&sub2=1003 HTTP/1.1
Host: r.goaffmy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
server: nginx
date: Tue, 20 Sep 2022 22:26:01 GMT
content-length: 0
location: https://r.go2offer-1.com/click?pid=14012&offer_id=3678&sub1=266780062&sub2=1003&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=
referer:
referrer-policy: no-referrer
access-control-allow-origin: *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 85aa2dcaf76d25900c78356e5e1c254f
46cd66c9921a162c9e67cfa7d85bc82e5967d531
741815f43b76661b9edde512bc9061cb4bc659b297e7d822bf8e68e5aac9d23d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "741815F43B76661B9EDDE512BC9061CB4BC659B297E7D822BF8E68E5AAC9D23D"
Last-Modified: Sun, 18 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16431
Expires: Wed, 21 Sep 2022 02:59:53 GMT
Date: Tue, 20 Sep 2022 22:26:02 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 85aa2dcaf76d25900c78356e5e1c254f
46cd66c9921a162c9e67cfa7d85bc82e5967d531
741815f43b76661b9edde512bc9061cb4bc659b297e7d822bf8e68e5aac9d23d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "741815F43B76661B9EDDE512BC9061CB4BC659B297E7D822BF8E68E5AAC9D23D"
Last-Modified: Sun, 18 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16431
Expires: Wed, 21 Sep 2022 02:59:53 GMT
Date: Tue, 20 Sep 2022 22:26:02 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 85aa2dcaf76d25900c78356e5e1c254f
46cd66c9921a162c9e67cfa7d85bc82e5967d531
741815f43b76661b9edde512bc9061cb4bc659b297e7d822bf8e68e5aac9d23d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "741815F43B76661B9EDDE512BC9061CB4BC659B297E7D822BF8E68E5AAC9D23D"
Last-Modified: Sun, 18 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16431
Expires: Wed, 21 Sep 2022 02:59:53 GMT
Date: Tue, 20 Sep 2022 22:26:02 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 85aa2dcaf76d25900c78356e5e1c254f
46cd66c9921a162c9e67cfa7d85bc82e5967d531
741815f43b76661b9edde512bc9061cb4bc659b297e7d822bf8e68e5aac9d23d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "741815F43B76661B9EDDE512BC9061CB4BC659B297E7D822BF8E68E5AAC9D23D"
Last-Modified: Sun, 18 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16431
Expires: Wed, 21 Sep 2022 02:59:53 GMT
Date: Tue, 20 Sep 2022 22:26:02 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 85aa2dcaf76d25900c78356e5e1c254f
46cd66c9921a162c9e67cfa7d85bc82e5967d531
741815f43b76661b9edde512bc9061cb4bc659b297e7d822bf8e68e5aac9d23d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "741815F43B76661B9EDDE512BC9061CB4BC659B297E7D822BF8E68E5AAC9D23D"
Last-Modified: Sun, 18 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16431
Expires: Wed, 21 Sep 2022 02:59:53 GMT
Date: Tue, 20 Sep 2022 22:26:02 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff0461a18-eff3-4de5-b1f6-be49fa5db229.jpeg
34.120.237.76200 OK 8.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff0461a18-eff3-4de5-b1f6-be49fa5db229.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4eb6d1b35f680bfec656941b6167fd23
344c6000dbdafdb5105edc93a082d640c3e95ddc
67fc85fa0f1a55d57ab9db6f4c723fb9116ef3b2c5282dbdd42d9c37396bd7b9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff0461a18-eff3-4de5-b1f6-be49fa5db229.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8826
x-amzn-requestid: cf0c711e-4ec9-4f87-a60f-41374262a114
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YYweUHIyoAMFYQg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63202df5-17ad5d4e25a754586e531d05;Sampled=0
x-amzn-remapped-date: Tue, 13 Sep 2022 07:15:01 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: OEbpCQXLpTCDZH4OlzVvvsc-bSgbsIoXRgX6f-nKVwJTL5-SVTCHeA==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 ee330666adf9f04c8c30094f8ddcd004.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Sep 2022 21:48:37 GMT
age: 2245
etag: "344c6000dbdafdb5105edc93a082d640c3e95ddc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d9d6ae0-dc0d-4bab-98fe-eb30bb5f5b2d.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d9d6ae0-dc0d-4bab-98fe-eb30bb5f5b2d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 370f018032c47c9e5c11e6afa4ffdd1f
639c8d2d6f1cf5fa6d742925ea61386d600dd368
6084e769cbcc679110c174e8031439f80bcfa0027d1c39c7b6626c54692da120
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d9d6ae0-dc0d-4bab-98fe-eb30bb5f5b2d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11552
x-amzn-requestid: 5457ef1c-d92b-4cd5-a704-64c1ff0cb2b3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yxy1mFRXIAMFv5A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632a31bd-3cd341153ca71b7c069b6ead;Sampled=0
x-amzn-remapped-date: Tue, 20 Sep 2022 21:33:49 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: mRLExeUrP-mJL7eNWxdoPgYc-Wamgb7OrZBAjP5L5aBkMhE9IYF_7g==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Sep 2022 21:41:30 GMT
age: 2672
etag: "639c8d2d6f1cf5fa6d742925ea61386d600dd368"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F273857c4-a36e-4755-b3c4-1ff5fcd3d260.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F273857c4-a36e-4755-b3c4-1ff5fcd3d260.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a4a275a6a20ad8a21f49b3ed73098126
5dfdf9835782ef3825a45bfcc7f38dfe3a754df0
933a6d502e92d7320ad9f3204c768b0d7d757f136d4c9c130e418e74a36dde06
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F273857c4-a36e-4755-b3c4-1ff5fcd3d260.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11440
x-amzn-requestid: eda42fc3-bfca-4c15-856f-fae709e79c4b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YYvZ5EcDIAMF9lQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63202c3f-3ae1bd425e29e23c2ee71933;Sampled=0
x-amzn-remapped-date: Tue, 13 Sep 2022 07:07:43 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: UscDE1v3vDPb-3zj6gYkmlNRx4gBIYgiTMf4bYivsZm3Q-0kFOO10Q==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Sep 2022 22:12:22 GMT
age: 820
etag: "5dfdf9835782ef3825a45bfcc7f38dfe3a754df0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F06a0b4c5-4223-42cf-b012-2e09b250c8c1.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F06a0b4c5-4223-42cf-b012-2e09b250c8c1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c2db94039cb675cb250519fe57b2b3c9
37222a70df5d9a69073b4b32ebc3a5da60006001
444f4359ac25747e7c5d7e09202f195d407bc94a4933ac7ebbbaf9839bf59aff
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F06a0b4c5-4223-42cf-b012-2e09b250c8c1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12048
x-amzn-requestid: bc551b18-fddb-4502-8c11-b8de83d75def
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YwlKzF9FoAMFp_w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6329b578-7e030b2e0af1d1c309d2dde6;Sampled=0
x-amzn-remapped-date: Tue, 20 Sep 2022 12:43:36 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: q4_aUdJyUhQIezjvo7LtOw_0pV-W3EkdLVzVnVB4_4gHSK9AYhrTxA==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 36810aa1793ee589dc8c194860296078.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Sep 2022 12:43:36 GMT
etag: "37222a70df5d9a69073b4b32ebc3a5da60006001"
content-type: image/jpeg
age: 34946
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb19a7100-8d4f-4c0a-8865-191670cb2db4.jpeg
34.120.237.76200 OK 6.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb19a7100-8d4f-4c0a-8865-191670cb2db4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9c4ba493d60a12accc1dc9c3299fa01d
65886e11d9f792452cceea23444722ff4028b081
b287b0bf2b3dc834a657dc98a9eef006577554306fa481bbc9de5a16943129f1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb19a7100-8d4f-4c0a-8865-191670cb2db4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6667
x-amzn-requestid: 1798057c-208d-471e-8d5c-602631418afd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yxy1nHvsoAMF23A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632a31bd-121c21f710767cde77a06945;Sampled=0
x-amzn-remapped-date: Tue, 20 Sep 2022 21:33:49 GMT
x-amz-cf-pop: YVR50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: vdjC0dj8L5qN-SdmlBD_TD0T0hdFtWzmnC9_AdJVP5qTi9dWz6_K9g==
via: 1.1 e71753cf85369390852fdcb22bf59aa8.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Sep 2022 21:40:13 GMT
age: 2749
etag: "65886e11d9f792452cceea23444722ff4028b081"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Febae4a05-492e-4ab9-a79b-7e3f27cfc01e.jpeg
34.120.237.76200 OK 6.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Febae4a05-492e-4ab9-a79b-7e3f27cfc01e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2cb692de2fcf108bf060af0b9599869f
443706b089783f7a16d4b001948a141a83ace053
06bedf63121d961420176535071c3a98d39e1d4586acb734d00ad80ce2b291ce
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Febae4a05-492e-4ab9-a79b-7e3f27cfc01e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6904
x-amzn-requestid: 1c4e2685-d06f-45fc-ab93-8678905f3804
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YwcI5HuLoAMFoRA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6329a705-099ce127249e148456270c11;Sampled=0
x-amzn-remapped-date: Tue, 20 Sep 2022 11:41:57 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: sRlJblY5obOlucutG9WQ_WPl5QGdA-0XsxIkHGkShaHvezNeqwGrkw==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 5397b304713f6301c7c94ac084b6ed08.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Sep 2022 21:41:43 GMT
age: 2659
etag: "443706b089783f7a16d4b001948a141a83ace053"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 5ce94743dcf11c9696f5dd708087a0de
a31086fbd6f668498c74ef40bfed1dab72ef8f62
5997a10a032c0d18319fbc4797df499f7a2f9378481121e885f939fd7e0b053a
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 20 Sep 2022 22:26:03 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 20 Sep 2022 11:14:03 GMT
Expires: Tue, 27 Sep 2022 11:14:02 GMT
Etag: "a31086fbd6f668498c74ef40bfed1dab72ef8f62"
Cache-Control: max-age=563878,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74ddfb0138f31c0a-OSL
r.go2offer-1.com/click?pid=14012&offer_id=3678&sub1=266780062&sub2=1003&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=
34.141.137.168302 Found 0 B URL HTTP/2 r.go2offer-1.com/click?pid=14012&offer_id=3678&sub1=266780062&sub2=1003&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=
IP 34.141.137.168:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?pid=14012&offer_id=3678&sub1=266780062&sub2=1003&sub3=&sub4=&sub5=&sub6=&sub7=&sub8= HTTP/1.1
Host: r.go2offer-1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
server: nginx
date: Tue, 20 Sep 2022 22:26:03 GMT
content-length: 0
location: https://omgtds.com/c1/b30bdb65-5c08-49a9-8082-5c8ea9af818f?aff=14012&source=1003&externalId=632a3dfbd663a30001128634&sub2=1003&sub3=14012&pp=1
set-cookie: afclick=632a3dfbd663a30001128634; expires=Wed, 20 Sep 2023 22:26:03 GMT; secure; SameSite=None
afoffers={"3678":1663712763}; expires=Wed, 20 Sep 2023 22:26:03 GMT; secure; SameSite=None
access-control-allow-origin: *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 19c6595d929c33722fb392b3110b60ac
22c74de648f9a5019ab4f3b3d7145cb512e9e189
1143f7765f0f9455177a69b9e7557623abdc4bb6570302fb1cb2f7876709a9f8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1143F7765F0F9455177A69B9E7557623ABDC4BB6570302FB1CB2F7876709A9F8"
Last-Modified: Tue, 20 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3600
Expires: Tue, 20 Sep 2022 23:26:03 GMT
Date: Tue, 20 Sep 2022 22:26:03 GMT
Connection: keep-alive
omgtds.com/c1/b30bdb65-5c08-49a9-8082-5c8ea9af818f?aff=14012&source=1003&externalId=632a3dfbd663a30001128634&sub2=1003&sub3=14012&pp=1
185.162.87.41302 Found 191 B URL HTTP/1.1 omgtds.com/c1/b30bdb65-5c08-49a9-8082-5c8ea9af818f?aff=14012&source=1003&externalId=632a3dfbd663a30001128634&sub2=1003&sub3=14012&pp=1
IP 185.162.87.41:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document, ASCII text
Hash 37d0918ca0ef9a6fc651a2a5aa6f5ddf
9eaa141260d0b94eb91eeb5835e7537454eb7c68
9700af346659270ab3f01a1789bdd9e42ab93ac0ab0eb9bbf2e15169cafa1857
GET /c1/b30bdb65-5c08-49a9-8082-5c8ea9af818f?aff=14012&source=1003&externalId=632a3dfbd663a30001128634&sub2=1003&sub3=14012&pp=1 HTTP/1.1
Host: omgtds.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 302 Found
Server: nginx/1.22.0
Date: Tue, 20 Sep 2022 22:26:03 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 191
Connection: keep-alive
Location: https://r.goaffmy.com/click?pid=14148&offer_id=3261&sub1=ccl3rut1su2qcqfmcodg&sub2=1003&sub3=14012&sub5=632a3dfbd663a30001128634&sub7=&sub8=
Set-Cookie: uid=k7sE924ap; Path=/; Domain=omgtds.com; Max-Age=86400; HttpOnly
X-Clickid: ccl3rut1su2qcqfmcodg
r.goaffmy.com/click?pid=14148&offer_id=3261&sub1=ccl3rut1su2qcqfmcodg&sub2=1003&sub3=14012&sub5=632a3dfbd663a30001128634&sub7=&sub8=
34.141.137.168302 Found 0 B URL HTTP/2 r.goaffmy.com/click?pid=14148&offer_id=3261&sub1=ccl3rut1su2qcqfmcodg&sub2=1003&sub3=14012&sub5=632a3dfbd663a30001128634&sub7=&sub8=
IP 34.141.137.168:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?pid=14148&offer_id=3261&sub1=ccl3rut1su2qcqfmcodg&sub2=1003&sub3=14012&sub5=632a3dfbd663a30001128634&sub7=&sub8= HTTP/1.1
Host: r.goaffmy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers
HTTP/2 302 Found
server: nginx
date: Tue, 20 Sep 2022 22:26:03 GMT
content-length: 0
location: https://brides-story.com/tds/rsl?tdsId=s6593mak_r&tds_campaign=s6593mak&utm_source=arba&utm_term=mob_sml_ww_adv_aff&s1=arb&p1=14012_1003&data2=632a3dfba599640001863fd3&utm_campaign=38db92b9
referer:
referrer-policy: no-referrer
set-cookie: afclick=632a3dfba599640001863fd3; expires=Wed, 20 Sep 2023 22:26:03 GMT; secure; SameSite=None
afoffers={"3261":1663712763}; expires=Wed, 20 Sep 2023 22:26:03 GMT; secure; SameSite=None
access-control-allow-origin: *
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
54.230.245.100200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.100:0
Hash adf35aab092a019a43bf0f67b70c0ca7
476fee75280e1d1c170980722ac44be0ca631ddb
1de806e7f91211d7477001a63eca19e894745576e6a0f69acbf6dc8f9618b5b6
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: 'max-age=158059'
Date: Tue, 20 Sep 2022 22:26:03 GMT
Server: ECS (dcb/7F80)
X-Cache: Miss from cloudfront
Via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: ySN0OZRv0YB8wlbiQlDHuLwr0MWueq7xxY3k7Crw81Ye7_EI9IyP7w==
track.smart-tds.com/7c559eb3-ab02-45e4-84ee-696f874d43fb?tag=36023619ef93fdc9977338b3311fc5ac8516f725&tds_cid=36023619ef93fdc9977338b3311fc5ac8516f725&t1=b7208mak_38db92b9
35.156.152.207302 Found 0 B URL HTTP/2 track.smart-tds.com/7c559eb3-ab02-45e4-84ee-696f874d43fb?tag=36023619ef93fdc9977338b3311fc5ac8516f725&tds_cid=36023619ef93fdc9977338b3311fc5ac8516f725&t1=b7208mak_38db92b9
IP 35.156.152.207:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /7c559eb3-ab02-45e4-84ee-696f874d43fb?tag=36023619ef93fdc9977338b3311fc5ac8516f725&tds_cid=36023619ef93fdc9977338b3311fc5ac8516f725&t1=b7208mak_38db92b9 HTTP/1.1
Host: track.smart-tds.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://brides-story.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Tue, 20 Sep 2022 22:26:04 GMT
content-length: 0
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://nicking-unding.com/c4b5ad04-8822-42c1-9db5-e9a49f15358b?s1=b7208mak_38db92b9&s2=&s3=&s4=&s5=&s6=&s7=&s8=&s9=&ks=3036&cost=&tag=w2p5rl2l8lj1ke6jiglk8vn2
pragma: no-cache
set-cookie: 7c559eb3-ab02-45e4-84ee-696f874d43fb-v4=8VwACdfqq3sA7KRkUyyY86n6NRubxengTupAAgAJ5kw; Max-Age=86400; Expires=Wed, 21-Sep-2022 22:26:04 GMT; Domain=track.smart-tds.com; Path=/; Secure; HttpOnly;SameSite=None
cc-v4=8ASRY9SZ3YCeyZH%2BQqeC0qYxufPkkIhXNWLf6oYRwaAQh7rI6kz1m%2BhS3qIOuMnKHzazOaYc5FW%2BrnMF0ocHAZnlmJF%2FInZhiIJtRavZKS8TzxYeCSf2ySGWEyyDi%2F0itLISGopSzcr827WG9QEwLA%3D%3D; Max-Age=31536000; Expires=Wed, 20-Sep-2023 22:26:04 GMT; Domain=track.smart-tds.com; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2
nicking-unding.com/c4b5ad04-8822-42c1-9db5-e9a49f15358b?s1=b7208mak_38db92b9&s2=&s3=&s4=&s5=&s6=&s7=&s8=&s9=&ks=3036&cost=&tag=w2p5rl2l8lj1ke6jiglk8vn2
18.193.235.10302 Found 0 B URL HTTP/2 nicking-unding.com/c4b5ad04-8822-42c1-9db5-e9a49f15358b?s1=b7208mak_38db92b9&s2=&s3=&s4=&s5=&s6=&s7=&s8=&s9=&ks=3036&cost=&tag=w2p5rl2l8lj1ke6jiglk8vn2
IP 18.193.235.10:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /c4b5ad04-8822-42c1-9db5-e9a49f15358b?s1=b7208mak_38db92b9&s2=&s3=&s4=&s5=&s6=&s7=&s8=&s9=&ks=3036&cost=&tag=w2p5rl2l8lj1ke6jiglk8vn2 HTTP/1.1
Host: nicking-unding.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://brides-story.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Tue, 20 Sep 2022 22:26:04 GMT
content-length: 0
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://secret-flirt-hub.com/0/no/NO_pink-vids-milfs_20072022/?campaign=Norway&cep=0kVZVVX5LMqi0zl8eYHoGAWW7rEsLyQ0EgtVgSTibinpV3Tbt8NiXCZCqVpI4Fnmldrt-z9GMlSKVf9nYnsnAND2us4y8-aKYB2i_rjkU0g7jGtc3Nzve1q8Pg4WeMwikm1kVjC7pDrhCxQRL3M1mjygN3kAo8H3RyT9eTFugYE8oH4ySy5mJbeoUOG9AZeOJHWUmm_DdhiXmrQ19lMhWNRO6Q9JstN9J7J3pPXqcNXtsN6-EiWSphVlntrOUjSJJV0M9bP9fFFHquvi2o66wa9YHeT4lWxKbM0x9vqudGsjSq53kA3X-cU_GtyApaaAjVW1kvZ63IaoleD5UN4N-V9a7ldtx2AT6UlX4iAAkH8c8iBq_FxLYRDgMnNTSO-W23iIKednuVosVpg_KHS_My8bfzKBgm5aoGAJAYBXOKrqknkiHrmnSqn4RfOt0VWqJSeDI1iEE_Z_0-oZXC12EFjPqeNvQJ-p7jMVcBAeRzWFrqq3GogU85HJLrc5gXSsT0y7sFC-vIwkoAhYnjQRrY-5l0gBzM08pQp5a1FfuzrITMLl5BGnks7RXq6wOsKY&lptoken=1672637a710a45f3644a&s1=b7208mak_38db92b9&s2=&s3=&s4=&s5=&s6=&s7=&s8=&s9=&ks=3036&cost=&tag=w2p5rl2l8lj1ke6jiglk8vn2
pragma: no-cache
set-cookie: c4b5ad04-8822-42c1-9db5-e9a49f15358b-v4=KFJ0BVTXAfEtvVYG17IbsDEUVwGkyjpZFBNEpWnaQyw; Max-Age=86400; Expires=Wed, 21-Sep-2022 22:26:04 GMT; Domain=nicking-unding.com; Path=/; Secure; HttpOnly;SameSite=None
cep-v4=1cP5PzVxDIvcPROM5VqKB6v3PWKdqDXCNe9NjdgLEHXb1kWFYXHNVE5rKU2eEiAvplmgzFekAuT5iJVD4JLdP9oxzYdNauyN3T7iKzqD2Rad2292n6bH5TYWzj_RHraPoI8D2Xx9iUbtN6uSsyqVgEBOmQyFJ3H8zys5zaj0PDPCxkmEPluqBud18yoX-BcnSi2O_J3boW7LqHuRwH4L9VUMk6jLXDaIyDKl2927c_bq56cswc-_6c33uIWm9mm4iBHLb-F2NFI60hcwKyvXuqlA5PeNDOasx-l3amwwEBQWZiNrN2_sX60en5Lhi1-bRAyEseeaS-KswvIhCiUTFzLwzHCFmidhwkWPRjD-pB0WMefZQvhC0zBReI04tmRdyVRkd5-gCkY_Bru6cy48HZ7n0mVPWzwqvuBjdKL271sVHhcp_A4iwUMakh-prw9ldFexp9NfmYAlrl7pRl0CvlhHOezD2-I3AZH9yX6XclYQwxjD6JdNxGlHvQsy3MiSXxD4W_mcwe8bxNXmrzkIoeqZ-kahgnQSsIQb5ua_sNYyEHaz0vrEvJ6A-Dle7mN4; Max-Age=86400; Expires=Wed, 21-Sep-2022 22:26:04 GMT; Domain=nicking-unding.com; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7dc81f26563398db5c82e3c6581fab1b
6c059305cc2d9ff119a510960f713d5b086f787c
08bce886c1de41cb53f4b7b1cc6a4403cb9f86a57421b498baf5c64a739b28be
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "08BCE886C1DE41CB53F4B7B1CC6A4403CB9F86A57421B498BAF5C64A739B28BE"
Last-Modified: Tue, 20 Sep 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5303
Expires: Tue, 20 Sep 2022 23:54:27 GMT
Date: Tue, 20 Sep 2022 22:26:04 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7dc81f26563398db5c82e3c6581fab1b
6c059305cc2d9ff119a510960f713d5b086f787c
08bce886c1de41cb53f4b7b1cc6a4403cb9f86a57421b498baf5c64a739b28be
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "08BCE886C1DE41CB53F4B7B1CC6A4403CB9F86A57421B498BAF5C64A739B28BE"
Last-Modified: Tue, 20 Sep 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5303
Expires: Tue, 20 Sep 2022 23:54:27 GMT
Date: Tue, 20 Sep 2022 22:26:04 GMT
Connection: keep-alive
brides-story.com/tds/interlayer?handler=ExternalBackofferEvent&urlIn=https%3A%2F%2Fbrides-story.com%2Ftds%2Finterlayer%2Feb%2Fs%2Ffbf90b30e3799f8d30776b563a3d932d%3F__t%3D1663712764120%26__l%3D3600&urlOut=https%3A%2F%2Ftrack.smart-tds.com%2F7c559eb3-ab02-45e4-84ee-696f874d43fb%3Ftag%3D36023619ef93fdc9977338b3311fc5ac8516f725%26tds_cid%3D36023619ef93fdc9977338b3311fc5ac8516f725%26t1%3Db7208mak_38db92b9&altQs=utm_campaign%3D38db92b9%26utm_source%3Darba%26utm_term%3Dmob_sml_ww_adv_aff%26data2%3D632a3dfba599640001863fd3%26p1%3D14012_1003%26s1%3Darb%26s2%3D%257Bs2%257D%26tds_campaign%3Db7208mak%26tds_id%3Db7208mak_lp_a_1639037433617_smartlink%26tds_oid%3Dcd2d3032%26tds_cid%3D36023619ef93fdc9977338b3311fc5ac8516f725%26tds_ac_id%3Ds6593mak%26tds_host%3Dbrides-story.com%26tds_path%3D%252Ftds%252Frsl%26dci%3D56fe3bbefa6226f65fb54f95cba6c82acc0daccc&tdsCid=36023619ef93fdc9977338b3311fc5ac8516f725&reason=beacon&visitsCount=1&ts=1663712764380
18.185.231.134200 OK 180 kB URL HTTP/2 brides-story.com/tds/interlayer?handler=ExternalBackofferEvent&urlIn=https%3A%2F%2Fbrides-story.com%2Ftds%2Finterlayer%2Feb%2Fs%2Ffbf90b30e3799f8d30776b563a3d932d%3F__t%3D1663712764120%26__l%3D3600&urlOut=https%3A%2F%2Ftrack.smart-tds.com%2F7c559eb3-ab02-45e4-84ee-696f874d43fb%3Ftag%3D36023619ef93fdc9977338b3311fc5ac8516f725%26tds_cid%3D36023619ef93fdc9977338b3311fc5ac8516f725%26t1%3Db7208mak_38db92b9&altQs=utm_campaign%3D38db92b9%26utm_source%3Darba%26utm_term%3Dmob_sml_ww_adv_aff%26data2%3D632a3dfba599640001863fd3%26p1%3D14012_1003%26s1%3Darb%26s2%3D%257Bs2%257D%26tds_campaign%3Db7208mak%26tds_id%3Db7208mak_lp_a_1639037433617_smartlink%26tds_oid%3Dcd2d3032%26tds_cid%3D36023619ef93fdc9977338b3311fc5ac8516f725%26tds_ac_id%3Ds6593mak%26tds_host%3Dbrides-story.com%26tds_path%3D%252Ftds%252Frsl%26dci%3D56fe3bbefa6226f65fb54f95cba6c82acc0daccc&tdsCid=36023619ef93fdc9977338b3311fc5ac8516f725&reason=beacon&visitsCount=1&ts=1663712764380
IP 18.185.231.134:0
File type GIF image data, version 89a, 300 x 300\012- data
Size 180 kB (180540 bytes)
Hash db4fe659e873ae1ea6efec6ac3b569fc
3c623f04a2ffce21bf462e6ea75d9921bac5aed4
78c23e762a61cae9907bc2dd2a7014e9ed9789eb4367822ea3acfa7417448588
POST /tds/interlayer?handler=ExternalBackofferEvent&urlIn=https%3A%2F%2Fbrides-story.com%2Ftds%2Finterlayer%2Feb%2Fs%2Ffbf90b30e3799f8d30776b563a3d932d%3F__t%3D1663712764120%26__l%3D3600&urlOut=https%3A%2F%2Ftrack.smart-tds.com%2F7c559eb3-ab02-45e4-84ee-696f874d43fb%3Ftag%3D36023619ef93fdc9977338b3311fc5ac8516f725%26tds_cid%3D36023619ef93fdc9977338b3311fc5ac8516f725%26t1%3Db7208mak_38db92b9&altQs=utm_campaign%3D38db92b9%26utm_source%3Darba%26utm_term%3Dmob_sml_ww_adv_aff%26data2%3D632a3dfba599640001863fd3%26p1%3D14012_1003%26s1%3Darb%26s2%3D%257Bs2%257D%26tds_campaign%3Db7208mak%26tds_id%3Db7208mak_lp_a_1639037433617_smartlink%26tds_oid%3Dcd2d3032%26tds_cid%3D36023619ef93fdc9977338b3311fc5ac8516f725%26tds_ac_id%3Ds6593mak%26tds_host%3Dbrides-story.com%26tds_path%3D%252Ftds%252Frsl%26dci%3D56fe3bbefa6226f65fb54f95cba6c82acc0daccc&tdsCid=36023619ef93fdc9977338b3311fc5ac8516f725&reason=beacon&visitsCount=1&ts=1663712764380 HTTP/1.1
Host: brides-story.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://brides-story.com
Connection: keep-alive
Referer: https://brides-story.com/tds/interlayer/eb/s/fbf90b30e3799f8d30776b563a3d932d?__t=1663712764120&__l=3600
Cookie: dci=56fe3bbefa6226f65fb54f95cba6c82acc0daccc; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Content-Length: 0
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 22:26:04 GMT
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
accept-ch: UA, Platform, Model, Mobile, Arch
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 596ea0e7cffcb12819c214fd7e55e6b5
fdf581b35743d7693bf8c7f6154471a1b2646f06
a78eee2be3725b096407fde832e7762dad74ac69165f57a10b1ef76b5b2d9874
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 22:26:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
secret-flirt-hub.com/0/no/NO_pink-vids-milfs_20072022/css/css.css?family=Copse
172.67.131.63200 OK 599 B URL HTTP/2 secret-flirt-hub.com/0/no/NO_pink-vids-milfs_20072022/css/css.css?family=Copse
IP 172.67.131.63:0
File type ASCII text, with no line terminators
Hash 393c104ea19bc41b01f352c82d7347a4
79ff438c456a326b5eeaf5a4eca8582dd68dc8eb
f65437107060f852665021f3989ac07ec3a7c76347cf5b12d8b784bccc7a9ca8
GET /0/no/NO_pink-vids-milfs_20072022/css/css.css?family=Copse HTTP/1.1
Host: secret-flirt-hub.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://secret-flirt-hub.com/0/no/NO_pink-vids-milfs_20072022/?campaign=Norway&cep=0kVZVVX5LMqi0zl8eYHoGAWW7rEsLyQ0EgtVgSTibinpV3Tbt8NiXCZCqVpI4Fnmldrt-z9GMlSKVf9nYnsnAND2us4y8-aKYB2i_rjkU0g7jGtc3Nzve1q8Pg4WeMwikm1kVjC7pDrhCxQRL3M1mjygN3kAo8H3RyT9eTFugYE8oH4ySy5mJbeoUOG9AZeOJHWUmm_DdhiXmrQ19lMhWNRO6Q9JstN9J7J3pPXqcNXtsN6-EiWSphVlntrOUjSJJV0M9bP9fFFHquvi2o66wa9YHeT4lWxKbM0x9vqudGsjSq53kA3X-cU_GtyApaaAjVW1kvZ63IaoleD5UN4N-V9a7ldtx2AT6UlX4iAAkH8c8iBq_FxLYRDgMnNTSO-W23iIKednuVosVpg_KHS_My8bfzKBgm5aoGAJAYBXOKrqknkiHrmnSqn4RfOt0VWqJSeDI1iEE_Z_0-oZXC12EFjPqeNvQJ-p7jMVcBAeRzWFrqq3GogU85HJLrc5gXSsT0y7sFC-vIwkoAhYnjQRrY-5l0gBzM08pQp5a1FfuzrITMLl5BGnks7RXq6wOsKY&lptoken=1672637a710a45f3644a&s1=b7208mak_38db92b9&s2=&s3=&s4=&s5=&s6=&s7=&s8=&s9=&ks=3036&cost=&tag=w2p5rl2l8lj1ke6jiglk8vn2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 22:26:04 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=175
etag: W/"af-5e4525d6d7567"
last-modified: Thu, 21 Jul 2022 15:28:09 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k%2FpAtW%2B2xAyl3bo%2BCHxemBOskPtYbFQMwlxzvbPck9iVTxg6wYGOg%2BIliB8G9gjqSQsR7BQ8lrzwhBSWuVMcBekofXScjqCzvDh0%2BTG6WC4EkXEsaKvKJWL947okMDba3nlYBQiWpQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74ddfb0b481db51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.gstatic.com/s/copse/v15/11hPGpDKz1rGb3dkFEw.ttf
142.250.74.163200 OK 35 kB URL HTTP/2 fonts.gstatic.com/s/copse/v15/11hPGpDKz1rGb3dkFEw.ttf
IP 142.250.74.163:0
File type TrueType Font data, 17 tables, 1st "GDEF", 8 names, Microsoft, language 0x409\012- data
Hash af154e4c921b5abb45eaf5abfcca00e9
e784292f83e7249d5be2c16ef5f4490067721e28
33c4e81c9c1b48a1cfebbadaeec3cae0e606ce38fb8e190693d42459784147a0
GET /s/copse/v15/11hPGpDKz1rGb3dkFEw.ttf HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://secret-flirt-hub.com
Connection: keep-alive
Referer: https://secret-flirt-hub.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 34767
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 15 Sep 2022 11:30:59 GMT
expires: Fri, 15 Sep 2023 11:30:59 GMT
cache-control: public, max-age=31536000
age: 471305
last-modified: Thu, 21 Apr 2022 16:25:55 GMT
content-type: font/ttf
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.googletagmanager.com/gtm.js?id=GTM-W62P37M
142.250.74.72200 OK 53 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-W62P37M
IP 142.250.74.72:0
File type ASCII text, with very long lines (7863)
Hash 5416ec472f640f05cdcafe18a34b6832
eb25918b6e3171da07009c6a1d5ba414fdb550bf
e0e1406c58120db9349dff832026e857e9c1a53d8954f83a1262793c0a4d2159
GET /gtm.js?id=GTM-W62P37M HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://secret-flirt-hub.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 20 Sep 2022 22:26:04 GMT
expires: Tue, 20 Sep 2022 22:26:04 GMT
cache-control: private, max-age=900
last-modified: Tue, 20 Sep 2022 21:37:52 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 52748
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 596ea0e7cffcb12819c214fd7e55e6b5
fdf581b35743d7693bf8c7f6154471a1b2646f06
a78eee2be3725b096407fde832e7762dad74ac69165f57a10b1ef76b5b2d9874
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 22:26:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 94184bf5c510f04fb3f4bb623c589674
6e3343680ce72151edbaf54e6b4c9e36386944b8
66d561b20de0a6a75d05f2ef4f28e18b3ee81e3bdf540c616cbb20d216f614d1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5133
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 22:26:05 GMT
Last-Modified: Tue, 20 Sep 2022 21:00:32 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 94184bf5c510f04fb3f4bb623c589674
6e3343680ce72151edbaf54e6b4c9e36386944b8
66d561b20de0a6a75d05f2ef4f28e18b3ee81e3bdf540c616cbb20d216f614d1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5133
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 22:26:05 GMT
Last-Modified: Tue, 20 Sep 2022 21:00:32 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 279
a.exoclick.com/tag_gen.js
205.185.216.10200 OK 515 B URL HTTP/1.1 a.exoclick.com/tag_gen.js
IP 205.185.216.10:0
File type ASCII text, with very long lines (1030), with no line terminators
Hash 628e0302068ade64b5f411f39d5ce7e5
ff1a609269f34bad5ae67ed1678df3f7b905d018
c583ceaeae2e9a05e25c27b61520710f16b8b98ca7f9087a75ae90a040b8bc3f
GET /tag_gen.js HTTP/1.1
Host: a.exoclick.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://secret-flirt-hub.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 20 Sep 2022 22:26:05 GMT
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 515
Content-Type: application/javascript
Accept-Ranges: bytes
Cache-Control: max-age=10800
Server: nginx
etag: W/"a56c0470b9aa925085e51a6271a"
X-HW: 1663712765.dop071.sk1.t,1663712765.cds220.sk1.shn,1663712765.dop071.sk1.t,1663712765.cds251.sk1.c
Access-Control-Allow-Origin: *, *
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash 56f5d7f608e25d64207135f045f988cb
901eb59372ae330ae85e1384da93479b21ae1082
1910daea79e5a9d04829a91e432dfa56f45a80a3e14a8cf667fec73af9fd3d29
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://secret-flirt-hub.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20006
date: Tue, 20 Sep 2022 20:41:12 GMT
expires: Tue, 20 Sep 2022 22:41:12 GMT
cache-control: public, max-age=7200
age: 6293
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 9baaa3878151bf5d83c8d7014da17e5d
d8952bdd01ddec1d9a5a480f17ff5e39f6bdb037
1734ff9035c0a9c965cb5047e9fdbc2c1184b6c568066e856c6dbf0b8dc51df3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 22:26:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-127241846-1&cid=528724774.1663712765&jid=54023020&gjid=1548676642&_gid=721772910.1663712765&_u=YEBAAEAAAAAAAC~&z=434980115
142.251.1.154200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-127241846-1&cid=528724774.1663712765&jid=54023020&gjid=1548676642&_gid=721772910.1663712765&_u=YEBAAEAAAAAAAC~&z=434980115
IP 142.251.1.154:0
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-127241846-1&cid=528724774.1663712765&jid=54023020&gjid=1548676642&_gid=721772910.1663712765&_u=YEBAAEAAAAAAAC~&z=434980115 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://secret-flirt-hub.com
Connection: keep-alive
Referer: https://secret-flirt-hub.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://secret-flirt-hub.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Tue, 20 Sep 2022 22:26:05 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash fde987c85b17b2242afddd76c3fd3b62
08e87b8185fc39462e6b331d565a864df2fd5865
49bc15e88c546089cc42939f8dc9f7046f1dd98332c31cf52435586bc8ea177c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 22:26:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 67b756e82caefc7860b9f2d4a4f40341
adeae15d52089bcca4ca247fc4aebceef8406e34
72ff9f52080a633dc841554f7d4cc70083edd2572b535d84093ae63f0c50b832
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 22:26:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 9baaa3878151bf5d83c8d7014da17e5d
d8952bdd01ddec1d9a5a480f17ff5e39f6bdb037
1734ff9035c0a9c965cb5047e9fdbc2c1184b6c568066e856c6dbf0b8dc51df3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 22:26:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-127241846-1&cid=528724774.1663712765&jid=54023020&_u=YEBAAEAAAAAAAC~&z=1868409231
142.250.74.164200 OK 42 B URL HTTP/2 www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-127241846-1&cid=528724774.1663712765&jid=54023020&_u=YEBAAEAAAAAAAC~&z=1868409231
IP 142.250.74.164:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-127241846-1&cid=528724774.1663712765&jid=54023020&_u=YEBAAEAAAAAAAC~&z=1868409231 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://secret-flirt-hub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 20 Sep 2022 22:26:05 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-127241846-1&cid=528724774.1663712765&jid=54023020&_u=YEBAAEAAAAAAAC~&z=1868409231
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-127241846-1&cid=528724774.1663712765&jid=54023020&_u=YEBAAEAAAAAAAC~&z=1868409231
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-127241846-1&cid=528724774.1663712765&jid=54023020&_u=YEBAAEAAAAAAAC~&z=1868409231 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://secret-flirt-hub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 20 Sep 2022 22:26:05 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash bb4bdc4c3c6869c822618f0b9ef1bdc5
6a438b8d9d87aa30e0989ace7fc0d4cafce1f29d
eb762661b0a0ecc4ccdf50229ce134d0062e8d60698b7ed1970c5073b18f31ac
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 22:26:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash fde987c85b17b2242afddd76c3fd3b62
08e87b8185fc39462e6b331d565a864df2fd5865
49bc15e88c546089cc42939f8dc9f7046f1dd98332c31cf52435586bc8ea177c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 22:26:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151514
104.18.226.52200 OK 0 B URL HTTP/2 cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151514
IP 104.18.226.52:0
GET /sdks/OneSignalPageSDKES6.js?v=151514 HTTP/1.1
Host: cdn.onesignal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://secret-flirt-hub.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 22:26:05 GMT
content-type: application/javascript
etag: W/"2f96824aee4bf927e734cc519e3e726d"
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: HIT
age: 2606
expires: Fri, 23 Sep 2022 22:26:05 GMT
cache-control: public, max-age=259200
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
server: cloudflare
cf-ray: 74ddfb0de9241c0e-OSL
content-encoding: br
X-Firefox-Spdy: h2
brides-story.com/tds/rsl?tdsId=s6593mak_r&tds_campaign=s6593mak&utm_source=arba&utm_term=mob_sml_ww_adv_aff&s1=arb&p1=14012_1003&data2=632a3dfba599640001863fd3&utm_campaign=38db92b9
18.185.231.134302 Found 0 B URL HTTP/2 brides-story.com/tds/rsl?tdsId=s6593mak_r&tds_campaign=s6593mak&utm_source=arba&utm_term=mob_sml_ww_adv_aff&s1=arb&p1=14012_1003&data2=632a3dfba599640001863fd3&utm_campaign=38db92b9
IP 18.185.231.134:0
GET /tds/rsl?tdsId=s6593mak_r&tds_campaign=s6593mak&utm_source=arba&utm_term=mob_sml_ww_adv_aff&s1=arb&p1=14012_1003&data2=632a3dfba599640001863fd3&utm_campaign=38db92b9 HTTP/1.1
Host: brides-story.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
date: Tue, 20 Sep 2022 22:26:04 GMT
location: https://brides-story.com/tds/interlayer/eb/s/fbf90b30e3799f8d30776b563a3d932d?__t=1663712764120&__l=3600
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
accept-ch: UA, Platform, Model, Mobile, Arch
set-cookie: dci=56fe3bbefa6226f65fb54f95cba6c82acc0daccc; Max-Age=31536000; Domain=.brides-story.com; Path=/; Expires=Wed, 20 Sep 2023 22:26:04 GMT; Secure; SameSite=None
dm=fe450dd0d1dadc615429144d33241f42; Max-Age=432000; Path=/; Expires=Sun, 25 Sep 2022 22:26:04 GMT
X-Firefox-Spdy: h2
brides-story.com/tds/interlayer/eb/s/fbf90b30e3799f8d30776b563a3d932d?__t=1663712764120&__l=3600
18.185.231.134200 OK 0 B URL HTTP/2 brides-story.com/tds/interlayer/eb/s/fbf90b30e3799f8d30776b563a3d932d?__t=1663712764120&__l=3600
IP 18.185.231.134:0
GET /tds/interlayer/eb/s/fbf90b30e3799f8d30776b563a3d932d?__t=1663712764120&__l=3600 HTTP/1.1
Host: brides-story.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: dci=56fe3bbefa6226f65fb54f95cba6c82acc0daccc; dm=fe450dd0d1dadc615429144d33241f42
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 22:26:04 GMT
content-type: text/html
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
accept-ch: UA, Platform, Model, Mobile, Arch
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
secret-flirt-hub.com/0/no/NO_pink-vids-milfs_20072022/js/jquery-1.10.2.min.js
172.67.131.63200 OK 0 B URL HTTP/2 secret-flirt-hub.com/0/no/NO_pink-vids-milfs_20072022/js/jquery-1.10.2.min.js
IP 172.67.131.63:0
GET /0/no/NO_pink-vids-milfs_20072022/js/jquery-1.10.2.min.js HTTP/1.1
Host: secret-flirt-hub.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://secret-flirt-hub.com/0/no/NO_pink-vids-milfs_20072022/?campaign=Norway&cep=0kVZVVX5LMqi0zl8eYHoGAWW7rEsLyQ0EgtVgSTibinpV3Tbt8NiXCZCqVpI4Fnmldrt-z9GMlSKVf9nYnsnAND2us4y8-aKYB2i_rjkU0g7jGtc3Nzve1q8Pg4WeMwikm1kVjC7pDrhCxQRL3M1mjygN3kAo8H3RyT9eTFugYE8oH4ySy5mJbeoUOG9AZeOJHWUmm_DdhiXmrQ19lMhWNRO6Q9JstN9J7J3pPXqcNXtsN6-EiWSphVlntrOUjSJJV0M9bP9fFFHquvi2o66wa9YHeT4lWxKbM0x9vqudGsjSq53kA3X-cU_GtyApaaAjVW1kvZ63IaoleD5UN4N-V9a7ldtx2AT6UlX4iAAkH8c8iBq_FxLYRDgMnNTSO-W23iIKednuVosVpg_KHS_My8bfzKBgm5aoGAJAYBXOKrqknkiHrmnSqn4RfOt0VWqJSeDI1iEE_Z_0-oZXC12EFjPqeNvQJ-p7jMVcBAeRzWFrqq3GogU85HJLrc5gXSsT0y7sFC-vIwkoAhYnjQRrY-5l0gBzM08pQp5a1FfuzrITMLl5BGnks7RXq6wOsKY&lptoken=1672637a710a45f3644a&s1=b7208mak_38db92b9&s2=&s3=&s4=&s5=&s6=&s7=&s8=&s9=&ks=3036&cost=&tag=w2p5rl2l8lj1ke6jiglk8vn2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 22:26:04 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 21 Jul 2022 15:28:11 GMT
etag: W/"16bb3-5e4525d85a104"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CUG7DQ55dDxNRtbulTc7YiDNRCsWcEZ3sPN%2F3i4x%2BEydspzDUkrh6kwHJ8P7abB6ZUuEWFCltO3Cg3sYO054CH1%2B%2Fw9WhrqWAZuDdlDzrqvQ%2B81gJ2JtszxaRw%2Ftosvgd9Ngv6kZUQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74ddfb0b481eb51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
secret-flirt-hub.com/0/no/NO_pink-vids-milfs_20072022/css/loading.css
172.67.131.63200 OK 0 B URL HTTP/2 secret-flirt-hub.com/0/no/NO_pink-vids-milfs_20072022/css/loading.css
IP 172.67.131.63:0
GET /0/no/NO_pink-vids-milfs_20072022/css/loading.css HTTP/1.1
Host: secret-flirt-hub.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://secret-flirt-hub.com/0/no/NO_pink-vids-milfs_20072022/?campaign=Norway&cep=0kVZVVX5LMqi0zl8eYHoGAWW7rEsLyQ0EgtVgSTibinpV3Tbt8NiXCZCqVpI4Fnmldrt-z9GMlSKVf9nYnsnAND2us4y8-aKYB2i_rjkU0g7jGtc3Nzve1q8Pg4WeMwikm1kVjC7pDrhCxQRL3M1mjygN3kAo8H3RyT9eTFugYE8oH4ySy5mJbeoUOG9AZeOJHWUmm_DdhiXmrQ19lMhWNRO6Q9JstN9J7J3pPXqcNXtsN6-EiWSphVlntrOUjSJJV0M9bP9fFFHquvi2o66wa9YHeT4lWxKbM0x9vqudGsjSq53kA3X-cU_GtyApaaAjVW1kvZ63IaoleD5UN4N-V9a7ldtx2AT6UlX4iAAkH8c8iBq_FxLYRDgMnNTSO-W23iIKednuVosVpg_KHS_My8bfzKBgm5aoGAJAYBXOKrqknkiHrmnSqn4RfOt0VWqJSeDI1iEE_Z_0-oZXC12EFjPqeNvQJ-p7jMVcBAeRzWFrqq3GogU85HJLrc5gXSsT0y7sFC-vIwkoAhYnjQRrY-5l0gBzM08pQp5a1FfuzrITMLl5BGnks7RXq6wOsKY&lptoken=1672637a710a45f3644a&s1=b7208mak_38db92b9&s2=&s3=&s4=&s5=&s6=&s7=&s8=&s9=&ks=3036&cost=&tag=w2p5rl2l8lj1ke6jiglk8vn2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 22:26:04 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=664
etag: W/"298-5e4525d6db3e8"
last-modified: Thu, 21 Jul 2022 15:28:09 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rzQ4jIp3lJfA6KG9%2FodIfQ2cdZ9Xz9h8h2YOqmA%2BKa%2BnDxT7Q6IOZHhgA5dhSrJHDv9rV05Fg7SvRvsGwmVhDEH7CopWeqR1xaSQ0gX7f7%2Fg6jsHCtAZbK6YvXLUc3Id%2B9joIOlUfw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74ddfb0b5825b51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
secret-flirt-hub.com/0/no/NO_pink-vids-milfs_20072022/js/universalps.js
172.67.131.63200 OK 0 B URL HTTP/2 secret-flirt-hub.com/0/no/NO_pink-vids-milfs_20072022/js/universalps.js
IP 172.67.131.63:0
GET /0/no/NO_pink-vids-milfs_20072022/js/universalps.js HTTP/1.1
Host: secret-flirt-hub.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://secret-flirt-hub.com/0/no/NO_pink-vids-milfs_20072022/?campaign=Norway&cep=0kVZVVX5LMqi0zl8eYHoGAWW7rEsLyQ0EgtVgSTibinpV3Tbt8NiXCZCqVpI4Fnmldrt-z9GMlSKVf9nYnsnAND2us4y8-aKYB2i_rjkU0g7jGtc3Nzve1q8Pg4WeMwikm1kVjC7pDrhCxQRL3M1mjygN3kAo8H3RyT9eTFugYE8oH4ySy5mJbeoUOG9AZeOJHWUmm_DdhiXmrQ19lMhWNRO6Q9JstN9J7J3pPXqcNXtsN6-EiWSphVlntrOUjSJJV0M9bP9fFFHquvi2o66wa9YHeT4lWxKbM0x9vqudGsjSq53kA3X-cU_GtyApaaAjVW1kvZ63IaoleD5UN4N-V9a7ldtx2AT6UlX4iAAkH8c8iBq_FxLYRDgMnNTSO-W23iIKednuVosVpg_KHS_My8bfzKBgm5aoGAJAYBXOKrqknkiHrmnSqn4RfOt0VWqJSeDI1iEE_Z_0-oZXC12EFjPqeNvQJ-p7jMVcBAeRzWFrqq3GogU85HJLrc5gXSsT0y7sFC-vIwkoAhYnjQRrY-5l0gBzM08pQp5a1FfuzrITMLl5BGnks7RXq6wOsKY&lptoken=1672637a710a45f3644a&s1=b7208mak_38db92b9&s2=&s3=&s4=&s5=&s6=&s7=&s8=&s9=&ks=3036&cost=&tag=w2p5rl2l8lj1ke6jiglk8vn2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 22:26:04 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=7522
etag: W/"1d62-5e4525d833fa1"
last-modified: Thu, 21 Jul 2022 15:28:10 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hFcF2AvheUpB5d9eqH4c5%2FTdSEqtdr8H7TF%2FwkgqJG%2BXDwMCVXypDk3ZVfbwRG99CWrSEsM%2BfAQ5ev00SekmXQoAJL8PSDP6CoH%2BdzNic6S%2B7k0%2BBDrS5d5G4dPpdbneDAYvGad57w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74ddfb0b5826b51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
secret-flirt-hub.com/0/no/NO_pink-vids-milfs_20072022/js/jquery-ui.min.js
172.67.131.63200 OK 0 B URL HTTP/2 secret-flirt-hub.com/0/no/NO_pink-vids-milfs_20072022/js/jquery-ui.min.js
IP 172.67.131.63:0
GET /0/no/NO_pink-vids-milfs_20072022/js/jquery-ui.min.js HTTP/1.1
Host: secret-flirt-hub.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://secret-flirt-hub.com/0/no/NO_pink-vids-milfs_20072022/?campaign=Norway&cep=0kVZVVX5LMqi0zl8eYHoGAWW7rEsLyQ0EgtVgSTibinpV3Tbt8NiXCZCqVpI4Fnmldrt-z9GMlSKVf9nYnsnAND2us4y8-aKYB2i_rjkU0g7jGtc3Nzve1q8Pg4WeMwikm1kVjC7pDrhCxQRL3M1mjygN3kAo8H3RyT9eTFugYE8oH4ySy5mJbeoUOG9AZeOJHWUmm_DdhiXmrQ19lMhWNRO6Q9JstN9J7J3pPXqcNXtsN6-EiWSphVlntrOUjSJJV0M9bP9fFFHquvi2o66wa9YHeT4lWxKbM0x9vqudGsjSq53kA3X-cU_GtyApaaAjVW1kvZ63IaoleD5UN4N-V9a7ldtx2AT6UlX4iAAkH8c8iBq_FxLYRDgMnNTSO-W23iIKednuVosVpg_KHS_My8bfzKBgm5aoGAJAYBXOKrqknkiHrmnSqn4RfOt0VWqJSeDI1iEE_Z_0-oZXC12EFjPqeNvQJ-p7jMVcBAeRzWFrqq3GogU85HJLrc5gXSsT0y7sFC-vIwkoAhYnjQRrY-5l0gBzM08pQp5a1FfuzrITMLl5BGnks7RXq6wOsKY&lptoken=1672637a710a45f3644a&s1=b7208mak_38db92b9&s2=&s3=&s4=&s5=&s6=&s7=&s8=&s9=&ks=3036&cost=&tag=w2p5rl2l8lj1ke6jiglk8vn2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 22:26:04 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 21 Jul 2022 15:28:10 GMT
etag: W/"37c6e-5e4525d846882"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RaI1SRabswsCIEKTmm3IwZJKSUCcC0Gntj0DXOHne%2BrPOfRTrDcmlAkPBD25V7Y5oiVcBEi1j56z%2BgkTGthojaopkwdsVtswNdME7N8S2iqdbjEKk4x3%2BRgvVM1F8hAKTdwgCGqmWw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74ddfb0b4824b51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
brides-story.com/mtu-integration.js
18.185.231.134200 OK 0 B URL HTTP/2 brides-story.com/mtu-integration.js
IP 18.185.231.134:0
Analyzer Verdict Alert fortinet Phishing
GET /mtu-integration.js HTTP/1.1
Host: brides-story.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://brides-story.com/tds/interlayer/eb/s/fbf90b30e3799f8d30776b563a3d932d?__t=1663712764120&__l=3600
Cookie: dci=56fe3bbefa6226f65fb54f95cba6c82acc0daccc; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 22:26:04 GMT
content-type: application/javascript; charset=UTF-8
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
x-robots-tag: noindex
accept-ranges: bytes
cache-control: public, max-age=3600
last-modified: Tue, 20 Sep 2022 12:46:12 GMT
etag: W/"1273-1835aef3e20"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.onesignal.com/sdks/OneSignalSDK.js
104.18.226.52200 OK 0 B URL HTTP/2 cdn.onesignal.com/sdks/OneSignalSDK.js
IP 104.18.226.52:0
GET /sdks/OneSignalSDK.js HTTP/1.1
Host: cdn.onesignal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://secret-flirt-hub.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Sep 2022 22:26:05 GMT
content-type: application/javascript
etag: W/"ae63ef8ff03da61fffaa7f165729897a"
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: HIT
age: 2606
expires: Fri, 23 Sep 2022 22:26:05 GMT
cache-control: public, max-age=259200
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
server: cloudflare
cf-ray: 74ddfb0db90c1c0e-OSL
content-encoding: br
X-Firefox-Spdy: h2
secret-flirt-hub.com/0/no/NO_pink-vids-milfs_20072022/?campaign=Norway&cep=0kVZVVX5LMqi0zl8eYHoGAWW7rEsLyQ0EgtVgSTibinpV3Tbt8NiXCZCqVpI4Fnmldrt-z9GMlSKVf9nYnsnAND2us4y8-aKYB2i_rjkU0g7jGtc3Nzve1q8Pg4WeMwikm1kVjC7pDrhCxQRL3M1mjygN3kAo8H3RyT9eTFugYE8oH4ySy5mJbeoUOG9AZeOJHWUmm_DdhiXmrQ19lMhWNRO6Q9JstN9J7J3pPXqcNXtsN6-EiWSphVlntrOUjSJJV0M9bP9fFFHquvi2o66wa9YHeT4lWxKbM0x9vqudGsjSq53kA3X-cU_GtyApaaAjVW1kvZ63IaoleD5UN4N-V9a7ldtx2AT6UlX4iAAkH8c8iBq_FxLYRDgMnNTSO-W23iIKednuVosVpg_KHS_My8bfzKBgm5aoGAJAYBXOKrqknkiHrmnSqn4RfOt0VWqJSeDI1iEE_Z_0-oZXC12EFjPqeNvQJ-p7jMVcBAeRzWFrqq3GogU85HJLrc5gXSsT0y7sFC-vIwkoAhYnjQRrY-5l0gBzM08pQp5a1FfuzrITMLl5BGnks7RXq6wOsKY&lptoken=1672637a710a45f3644a&s1=b7208mak_38db92b9&s2=&s3=&s4=&s5=&s6=&s7=&s8=&s9=&ks=3036&cost=&tag=w2p5rl2l8lj1ke6jiglk8vn2
172.67.131.63200 OK 0 B URL HTTP/2 secret-flirt-hub.com/0/no/NO_pink-vids-milfs_20072022/?campaign=Norway&cep=0kVZVVX5LMqi0zl8eYHoGAWW7rEsLyQ0EgtVgSTibinpV3Tbt8NiXCZCqVpI4Fnmldrt-z9GMlSKVf9nYnsnAND2us4y8-aKYB2i_rjkU0g7jGtc3Nzve1q8Pg4WeMwikm1kVjC7pDrhCxQRL3M1mjygN3kAo8H3RyT9eTFugYE8oH4ySy5mJbeoUOG9AZeOJHWUmm_DdhiXmrQ19lMhWNRO6Q9JstN9J7J3pPXqcNXtsN6-EiWSphVlntrOUjSJJV0M9bP9fFFHquvi2o66wa9YHeT4lWxKbM0x9vqudGsjSq53kA3X-cU_GtyApaaAjVW1kvZ63IaoleD5UN4N-V9a7ldtx2AT6UlX4iAAkH8c8iBq_FxLYRDgMnNTSO-W23iIKednuVosVpg_KHS_My8bfzKBgm5aoGAJAYBXOKrqknkiHrmnSqn4RfOt0VWqJSeDI1iEE_Z_0-oZXC12EFjPqeNvQJ-p7jMVcBAeRzWFrqq3GogU85HJLrc5gXSsT0y7sFC-vIwkoAhYnjQRrY-5l0gBzM08pQp5a1FfuzrITMLl5BGnks7RXq6wOsKY&lptoken=1672637a710a45f3644a&s1=b7208mak_38db92b9&s2=&s3=&s4=&s5=&s6=&s7=&s8=&s9=&ks=3036&cost=&tag=w2p5rl2l8lj1ke6jiglk8vn2
IP 172.67.131.63:0
GET /0/no/NO_pink-vids-milfs_20072022/?campaign=Norway&cep=0kVZVVX5LMqi0zl8eYHoGAWW7rEsLyQ0EgtVgSTibinpV3Tbt8NiXCZCqVpI4Fnmldrt-z9GMlSKVf9nYnsnAND2us4y8-aKYB2i_rjkU0g7jGtc3Nzve1q8Pg4WeMwikm1kVjC7pDrhCxQRL3M1mjygN3kAo8H3RyT9eTFugYE8oH4ySy5mJbeoUOG9AZeOJHWUmm_DdhiXmrQ19lMhWNRO6Q9JstN9J7J3pPXqcNXtsN6-EiWSphVlntrOUjSJJV0M9bP9fFFHquvi2o66wa9YHeT4lWxKbM0x9vqudGsjSq53kA3X-cU_GtyApaaAjVW1kvZ63IaoleD5UN4N-V9a7ldtx2AT6UlX4iAAkH8c8iBq_FxLYRDgMnNTSO-W23iIKednuVosVpg_KHS_My8bfzKBgm5aoGAJAYBXOKrqknkiHrmnSqn4RfOt0VWqJSeDI1iEE_Z_0-oZXC12EFjPqeNvQJ-p7jMVcBAeRzWFrqq3GogU85HJLrc5gXSsT0y7sFC-vIwkoAhYnjQRrY-5l0gBzM08pQp5a1FfuzrITMLl5BGnks7RXq6wOsKY&lptoken=1672637a710a45f3644a&s1=b7208mak_38db92b9&s2=&s3=&s4=&s5=&s6=&s7=&s8=&s9=&ks=3036&cost=&tag=w2p5rl2l8lj1ke6jiglk8vn2 HTTP/1.1
Host: secret-flirt-hub.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://brides-story.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Sep 2022 22:26:04 GMT
content-type: text/html
vary: Accept-Encoding
last-modified: Thu, 21 Jul 2022 15:28:09 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=80z399FZ2jtH%2FOdC30FZu31uv1fm6u2SupoP6wKo6RMUDVOvNn80pr4HGmRMjm5yWtq7ykQkWOXyPqcHILPHWNTPxhZrgng7Elo%2FSXRnjoKuPTwwdnuchtdPUrL7aVt4oH%2FQkJ%2Fwzg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74ddfb0abf88b51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
secret-flirt-hub.com/0/no/NO_pink-vids-milfs_20072022/css/styling.css
172.67.131.63200 OK 0 B URL HTTP/2 secret-flirt-hub.com/0/no/NO_pink-vids-milfs_20072022/css/styling.css
IP 172.67.131.63:0
GET /0/no/NO_pink-vids-milfs_20072022/css/styling.css HTTP/1.1
Host: secret-flirt-hub.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://secret-flirt-hub.com/0/no/NO_pink-vids-milfs_20072022/?campaign=Norway&cep=0kVZVVX5LMqi0zl8eYHoGAWW7rEsLyQ0EgtVgSTibinpV3Tbt8NiXCZCqVpI4Fnmldrt-z9GMlSKVf9nYnsnAND2us4y8-aKYB2i_rjkU0g7jGtc3Nzve1q8Pg4WeMwikm1kVjC7pDrhCxQRL3M1mjygN3kAo8H3RyT9eTFugYE8oH4ySy5mJbeoUOG9AZeOJHWUmm_DdhiXmrQ19lMhWNRO6Q9JstN9J7J3pPXqcNXtsN6-EiWSphVlntrOUjSJJV0M9bP9fFFHquvi2o66wa9YHeT4lWxKbM0x9vqudGsjSq53kA3X-cU_GtyApaaAjVW1kvZ63IaoleD5UN4N-V9a7ldtx2AT6UlX4iAAkH8c8iBq_FxLYRDgMnNTSO-W23iIKednuVosVpg_KHS_My8bfzKBgm5aoGAJAYBXOKrqknkiHrmnSqn4RfOt0VWqJSeDI1iEE_Z_0-oZXC12EFjPqeNvQJ-p7jMVcBAeRzWFrqq3GogU85HJLrc5gXSsT0y7sFC-vIwkoAhYnjQRrY-5l0gBzM08pQp5a1FfuzrITMLl5BGnks7RXq6wOsKY&lptoken=1672637a710a45f3644a&s1=b7208mak_38db92b9&s2=&s3=&s4=&s5=&s6=&s7=&s8=&s9=&ks=3036&cost=&tag=w2p5rl2l8lj1ke6jiglk8vn2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 22:26:04 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=1688
etag: W/"698-5e4525d6b6225"
last-modified: Thu, 21 Jul 2022 15:28:09 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5zxz05c%2FdOsIu3VlBWQ3VfodrYmV0hEcr0CdjfNS34q5vx8QryPgwaTgSbOXcO5bgkLftwgWGYQ2n4GdnG5YZG8Snly%2BwdPuGUkjvi2gQe8FVDFJ6mM2erQj6DqAeywmOycny5cDOQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74ddfb0b5828b51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2