r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d2e72d45afe3d391c204b5391599607c
149d68b9d00a720b6f380fa2324779dca9dbe26d
f6f1c295c68dfebadacb1fc812b44e01c7ede0e203615ef3e2cced2ce2251e7e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F6F1C295C68DFEBADACB1FC812B44E01C7EDE0E203615EF3E2CCED2CE2251E7E"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8183
Expires: Tue, 31 Jan 2023 04:19:47 GMT
Date: Tue, 31 Jan 2023 02:03:24 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 0c35c3ec659d3a26ea97e68d787bb043
d97e3672244efec5b7814f2d8a734cd1a9387854
4c946a026114ff05316d92277750facf3d5f5d162839149da0b7fb1a4cff6b5e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4C946A026114FF05316D92277750FACF3D5F5D162839149DA0B7FB1A4CFF6B5E"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10309
Expires: Tue, 31 Jan 2023 04:55:13 GMT
Date: Tue, 31 Jan 2023 02:03:24 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Retry-After, Content-Type, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 31 Jan 2023 01:43:15 GMT
content-type: application/json
age: 1209
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 302c7548412192add063ad6c8b99cf3b
e5d178931a27db036ce8daae302594d3ff7050b8
fc2bd9091006189e67e8074093805ee5492ce16e1dbfba32e083abeeae34969d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FC2BD9091006189E67E8074093805EE5492CE16E1DBFBA32E083ABEEAE34969D"
Last-Modified: Sat, 28 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5636
Expires: Tue, 31 Jan 2023 03:37:20 GMT
Date: Tue, 31 Jan 2023 02:03:24 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: g6c09rJ82BPUfZOqN6HWRAVaIMGYBUL55CoeG1j0H+kFijWu76sDjoUnVmMjXpB/cd8QZCtG9ro=
x-amz-request-id: ZE8TNAVFCZQH6STZ
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 31 Jan 2023 01:22:01 GMT
age: 2483
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 31 Jan 2023 02:03:24 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Last-Modified, Pragma, ETag, Retry-After, Content-Type, Content-Length, Expires, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 31 Jan 2023 01:41:41 GMT
age: 1304
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
tpbproxyone.org/torrent/22871872/Dr-Aly_KARLotto-l_auml_r-oss-tanka_C24524.iso
207.244.67.216302 Found 11 B URL HTTP/1.1 tpbproxyone.org/torrent/22871872/Dr-Aly_KARLotto-l_auml_r-oss-tanka_C24524.iso
IP 207.244.67.216:0
ASN #30633 LEASEWEB-USA-WDC
File type ASCII text, with no line terminators
Hash 32682312d17c7cbf18e73594f5570319
60e22121bdd0bc71cdb2bae2a3aa577006b2eae9
e55fb1a1d731153e943b68844af12dcce8bfac917c98ffdea64c80da0607dd47
GET /torrent/22871872/Dr-Aly_KARLotto-l_auml_r-oss-tanka_C24524.iso HTTP/1.1
Host: tpbproxyone.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 11
date: Tue, 31 Jan 2023 02:03:24 GMT
location: http://btpnative.com/click?data=YS1OWTFaZnB1YVN1U3BWSDJfby1KTG1LQzVRZGNHZ19jaE5JdGh5VEIwcmtObS1WS05rbUZXV1NLMC1KNW5rUE5SODMyUE9JZzBLS2N5bWVESFg5WHdxekJael80b0Y5dHZBU2xuSHBlZTdFVGtnUFA0VFlLaW1ZZXprd1MzVHB5ZEk5Mmg4andJa3BEa1RkU1pfYldnMg2&id=98217bf6-f159-43f2-a9ca-9191004d2ded
server: nginx
set-cookie: sid=71d3a790-a10b-11ed-9a6f-16924a9c7922; path=/; domain=.tpbproxyone.org; expires=Sun, 18 Feb 2091 05:17:32 GMT; max-age=2147483647; HttpOnly
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 22b9916fc1fafc9bdc9bb37f9eac8a9a
86f640e134a741a0f906a8e3a0f5c6659dd0e394
a29ee843c8a39551a1507cc6ad949ad509e33aaae8b72c58ac4884bad8b0b38e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A29EE843C8A39551A1507CC6AD949AD509E33AAAE8B72C58AC4884BAD8B0B38E"
Last-Modified: Sun, 29 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8914
Expires: Tue, 31 Jan 2023 04:31:59 GMT
Date: Tue, 31 Jan 2023 02:03:25 GMT
Connection: keep-alive
btpnative.com/click?data=YS1OWTFaZnB1YVN1U3BWSDJfby1KTG1LQzVRZGNHZ19jaE5JdGh5VEIwcmtObS1WS05rbUZXV1NLMC1KNW5rUE5SODMyUE9JZzBLS2N5bWVESFg5WHdxekJael80b0Y5dHZBU2xuSHBlZTdFVGtnUFA0VFlLaW1ZZXprd1MzVHB5ZEk5Mmg4andJa3BEa1RkU1pfYldnMg2&id=98217bf6-f159-43f2-a9ca-9191004d2ded
192.99.158.241200 OK 5.5 kB URL HTTP/1.1 btpnative.com/click?data=YS1OWTFaZnB1YVN1U3BWSDJfby1KTG1LQzVRZGNHZ19jaE5JdGh5VEIwcmtObS1WS05rbUZXV1NLMC1KNW5rUE5SODMyUE9JZzBLS2N5bWVESFg5WHdxekJael80b0Y5dHZBU2xuSHBlZTdFVGtnUFA0VFlLaW1ZZXprd1MzVHB5ZEk5Mmg4andJa3BEa1RkU1pfYldnMg2&id=98217bf6-f159-43f2-a9ca-9191004d2ded
IP 192.99.158.241:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (349), with CRLF line terminators
Hash d91b8bb049c40e5ce742f1fca96651c6
e18bba048ef76e6cf2513783e4a524407e4166f7
b19dd9daba655d60c0fc17de75c18279bc02405d8568f670687ac85fb69387ec
GET /click?data=YS1OWTFaZnB1YVN1U3BWSDJfby1KTG1LQzVRZGNHZ19jaE5JdGh5VEIwcmtObS1WS05rbUZXV1NLMC1KNW5rUE5SODMyUE9JZzBLS2N5bWVESFg5WHdxekJael80b0Y5dHZBU2xuSHBlZTdFVGtnUFA0VFlLaW1ZZXprd1MzVHB5ZEk5Mmg4andJa3BEa1RkU1pfYldnMg2&id=98217bf6-f159-43f2-a9ca-9191004d2ded HTTP/1.1
Host: btpnative.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/10.0
X-AspNetMvc-Version: 5.2
X-AspNet-Version: 4.0.30319
Set-Cookie: UtnIKonQMeAeTXt=UtnIKonQMeAeTXt; path=/
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type
Date: Tue, 31 Jan 2023 02:03:24 GMT
Content-Length: 5470
push.services.mozilla.com/
54.149.117.124101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.149.117.124:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: u2afvXLPTbLNwZ6uLmgCfw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: N/ChueDkvOsjuBIXn7xy9+TpCHw=
btpnative.com/Redirect/
192.99.158.241302 Found 1.8 kB IP 192.99.158.241:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (1737), with CRLF line terminators
Hash fb947b44f474d3617b0bcd83c9d2a16f
912ba1d2f2920e3442a3a4fcf9eb7206c8bfc100
0840371c7b502d8cd52ebbfb75d4e5f23c372971cb9fa36de642c8c5b5c25a07
POST /Redirect/ HTTP/1.1
Host: btpnative.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 359
Origin: http://btpnative.com
Connection: keep-alive
Referer: http://btpnative.com/click?data=YS1OWTFaZnB1YVN1U3BWSDJfby1KTG1LQzVRZGNHZ19jaE5JdGh5VEIwcmtObS1WS05rbUZXV1NLMC1KNW5rUE5SODMyUE9JZzBLS2N5bWVESFg5WHdxekJael80b0Y5dHZBU2xuSHBlZTdFVGtnUFA0VFlLaW1ZZXprd1MzVHB5ZEk5Mmg4andJa3BEa1RkU1pfYldnMg2&id=98217bf6-f159-43f2-a9ca-9191004d2ded
Cookie: UtnIKonQMeAeTXt=UtnIKonQMeAeTXt
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: https://mybettermb.com/aS/feedclick?s=HFz5zNIIs95ROWPasgEEzx8Me0kzRtReLyT4nqgY4lUIKv2ZHTfRFmdNRMz_dvhc29XXvCS9-JLFXNSHgbbvMDcVgn291AC8_M1Mmbofr-ZKceZDQZtXA_b5np8cxJs0YFos_XX7JtPGVWViaJip_gzuORprI4qlt_7kfAZbXZ_3hitpdaEoqb0ydhoZZBqkiOFUSTI7wWesQ9eRj1dK3N-v8BIHlO6ic7m3ynBUcsyUE6MorZxE-9hV4AbS8Fh36g3txk1fZiBIiEGfLCfKHnQQ2Kfo2H--uEn4AkkWG5W9dKDCqaorJkjp3kQ3vjXpxcMc9t0-Ifg5jNi2LLofFcwWK4f86GKtq-BTbUqoyOTW-JGyDg7SXXq85s0cP1DnpEsfwoCuln4rymMpy1wzSkkYz9F6VKwaNuydrbih0BPnoqGn5uHZoui9WEKVZxZX9eOGDO9xP9fgY3t6xIW8DZiZGyfLoIBm_Y6UtOqiQgcDDhC0jlEh9x3A4I2R5IkXxuS3zXNnE691SLYXqlB_pYJBoTPX5eccLGIoYMCT98-0bEjzXcuSWhT39u56G-BU3LSDKxUn4VX7RHopvncO6dqysHoRPoUkMa13p3zeYeqiepGvAlG_wM2GQGd_ZuDPTr7HT5BJdwFm7--4_7Et-fH_WYho3R3zQPiuzYfez3NWjKAro-UUNnDX0gpdFb3-zxIbTGhkzHWaIy-R46lUGgfh3Y1MH56Zm1QpQRJMYmB2ECJBt9vwd-OwZWWftn_5RMLHybMVhST2W37oH6xfmZ_BxgeVkJ36yPH48JebCjsDaToxERLd_aCIlGoVRQJDpsednW4pcl0lD0N8hDzFtLU2t-tWAeTkbGb5ttCbdarrh42FPPTIkatSStWeSexnBDUsAjReqsD_9vB8WeHOtXUVHRmDslSPNvzYUtP77Oe6DV-rqsQUnfGr3Wvy5tECNI2FTAUk1qqQtnNaQPHGUhkjemynkCqKUOtMagxmGVbg77nVSLeFkmXsUdhJ3qUmqM1YFzne7G365sQcnyeNSvZxc3Fd9UC-rtg5Yuugvl7nAA319rQT5Ud6a0Dn6eNJizYKweXujG-J7JnMs7EaWDzJE_6X2Ti4dOAadnGy3NlTx__A9RYUFvznADb-k-FvaPhhgtFwNiv1Zuxk9W74o-5mHSollN8_R_t7s-Wbdx2iW8yKyuTfRJpQ2ge7Uo-9Z8QWW7j6bn4-5zQAw_SMiJ2RWHusoL5zUJcK-tCgLZ_7tmCu0FGrrjjfuAeiMhH9i09DnHmQ_YXZr6uKawK-aMbb8JYUiQxlIfzFlSAXcs7_CNBpFgUsmPZxCf7Wd9tziQt0yfNulW-keGVioozHqbvOGAPg_ei_xXl-GyBnccLJzFuWbFOdlU9i_TRclVxeB_XmHDAjA4b-fVU8keHSqZdYkU_DNJVyudMAcAZikWDNvXFr9TiobNwStkQ3BLEVJh8MbOqq4oL2MCSpNQpOroVV4ZZAOeRBGW2M-edZHsAlzsFMzYGLPkZgDphevg7WD81WSt9dIK1Rlbiaxp54rQ4ZUirtJAe3_wsPGkMWr4h1rP0FF769nCH8xZUgF3LOzpV3p2woOwA1ZtKmSv8w1SH8xZUgF3LO5lBB2RbRzyFlkkLEB146pQ
Server: Microsoft-IIS/10.0
X-AspNetMvc-Version: 5.2
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type
Date: Tue, 31 Jan 2023 02:03:25 GMT
Content-Length: 1809
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash bc288310c7a5f80bbc8e5dbeace292af
d68ca97515594770b04f3c3ae943d186e75ad2c5
6def27992aed1f32911f4820b432dca388db29e13b623596229f8e2ccfb9435f
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 02:03:26 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sun, 29 Jan 2023 19:25:42 GMT
Expires: Sun, 05 Feb 2023 19:25:41 GMT
Etag: "d68ca97515594770b04f3c3ae943d186e75ad2c5"
Cache-Control: max-age=493934,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 791edef07d81b500-OSL
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5247
Expires: Tue, 31 Jan 2023 03:30:53 GMT
Date: Tue, 31 Jan 2023 02:03:26 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5247
Expires: Tue, 31 Jan 2023 03:30:53 GMT
Date: Tue, 31 Jan 2023 02:03:26 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5247
Expires: Tue, 31 Jan 2023 03:30:53 GMT
Date: Tue, 31 Jan 2023 02:03:26 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5247
Expires: Tue, 31 Jan 2023 03:30:53 GMT
Date: Tue, 31 Jan 2023 02:03:26 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6c0b4d2-6327-4501-8fe0-017b08501835.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6c0b4d2-6327-4501-8fe0-017b08501835.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ee0e708ca11a9468634d2a7dff56510f
40d7c0f07b5218c4ceabcd7fc90af26bb3dc2cf3
e944a184377a91dae9fbc38ebc686fb95e261cb16ae09c7d69ababacffa75e57
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6c0b4d2-6327-4501-8fe0-017b08501835.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8529
x-amzn-requestid: 633fc342-7b5a-4103-970e-74730c08679b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fbhguFesIAMFqVQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d47c6a-38e274c36d39ef4f2dd6034a;Sampled=0
x-amzn-remapped-date: Sat, 28 Jan 2023 01:37:46 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: URqrtcPijXsHDSPMQ3K9PHbq20O0KYuk3YyO91rNW7t10zCuF3g5wg==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 30 Jan 2023 15:47:08 GMT
age: 36978
etag: "40d7c0f07b5218c4ceabcd7fc90af26bb3dc2cf3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd328471c-fc31-49a3-ae71-21d6171a8237.jpeg
34.120.237.76200 OK 9.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd328471c-fc31-49a3-ae71-21d6171a8237.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1e575f4c5e3aa793f846cadc8baf386c
f482a4e8e80ea5b6afc29e5cc1a9a2b8c2f0434d
09a5bbe4fb7f23ee43228267f30c1ef0cd8747e515e01c963df0756b866f23ea
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd328471c-fc31-49a3-ae71-21d6171a8237.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9700
x-amzn-requestid: 059475a7-d7de-4a44-9fc7-11fb24e201b6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ffB_9G8DIAMF64A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d5e399-57fea3031d1e93ec02308fac;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 03:10:17 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: vzubP2I1xR5NF1amWIPiIlp6yPykWhz-CEbwDiJOs-eTWkTE-fvfjA==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Mon, 30 Jan 2023 04:12:11 GMT
age: 78675
etag: "f482a4e8e80ea5b6afc29e5cc1a9a2b8c2f0434d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffea501ff-acf4-4b37-aa0a-baf417cf3694.jpeg
34.120.237.76200 OK 5.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffea501ff-acf4-4b37-aa0a-baf417cf3694.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 60fc180ec5b99ac357db8775775c3c11
c9856a488e82bc330881377528bf2e53274ef5f3
a31fd6fc84f79b0f5fb79cccf490ddf61eb58bdaf57ca27f57a911332e550d11
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffea501ff-acf4-4b37-aa0a-baf417cf3694.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5394
x-amzn-requestid: 16d876fb-0afd-4b5d-b19e-1029506fd6f6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fIgq2E4CIAMFiFA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cce178-1f08dc2105b6e182677004e7;Sampled=0
x-amzn-remapped-date: Sun, 22 Jan 2023 07:10:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: FoTKdVc567GRCEDn8JoMOs4-enQPpdvFhPafmSRsgCFZC78q8ba5pA==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Mon, 30 Jan 2023 12:51:52 GMT
age: 47494
etag: "c9856a488e82bc330881377528bf2e53274ef5f3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1295ec36-f5b2-4db1-83c7-667fa373f592.jpeg
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1295ec36-f5b2-4db1-83c7-667fa373f592.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d957012d3e2b8c3bc0eefe11d66e8554
1959fdd94846fa3791c4890578dd15336b909dcc
a97e81ec5eb2eda6a603bf4bfd4fa4ef4fab762747479489e99e6c713258a736
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1295ec36-f5b2-4db1-83c7-667fa373f592.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13853
x-amzn-requestid: ca6ea6e7-3e13-4194-87f5-20a07b813e21
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fk3zzF4hIAMFwWg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d839b1-772487cb1b7495c52c552d36;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 21:42:09 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: T5CaUojMEG8x8vki59UdIhI8IbbBRY_7w3xgiW3RCZlHTyeHPLIy2Q==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 30 Jan 2023 21:47:13 GMT
age: 15373
etag: "1959fdd94846fa3791c4890578dd15336b909dcc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b71db36-11cb-45f6-a296-34813aea1c35.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b71db36-11cb-45f6-a296-34813aea1c35.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4a2d26da68a313cc65958fc2692351c2
798c3538f3147ca77d317676ddd1bf040bd0f93b
76ce30224803d680c0115e987a712ce5552b2760beadf796a96b17439fb20797
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b71db36-11cb-45f6-a296-34813aea1c35.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10898
x-amzn-requestid: e29f8dfc-07d4-4136-afaf-e1e067eea2ab
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fk3zxGshIAMFw5Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d839b1-5e87d2a44722af9e4e86c3d4;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 21:42:09 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: djoQmYTv7Rlq9tKKkJ5U1J3YeVSIs5yzSts_xRN3bdi27Ra8UfM6OQ==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Mon, 30 Jan 2023 21:44:45 GMT
age: 15521
etag: "798c3538f3147ca77d317676ddd1bf040bd0f93b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa70b0b84-f0e7-44e4-a574-ee3e55fbc0d3.jpeg
34.120.237.76200 OK 4.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa70b0b84-f0e7-44e4-a574-ee3e55fbc0d3.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b43468b05cd1fd11c398263a80e4edb2
02e964ea5a88c866267ac6c5601bfcde26ffd42b
19783f05297f7ed5d7ca8cec0fc0e1676831275ac48f1510a4f410dbe2802314
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa70b0b84-f0e7-44e4-a574-ee3e55fbc0d3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4634
x-amzn-requestid: 2941da94-203c-47d1-99ee-d864bdbf6993
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ffCAHF9kIAMFrUg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d5e39a-78bb7189351d830a7ef70c67;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 03:10:18 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: uwVY2yJq8mZgVFAkrRx3OPU0qJ7uI5aehpxP_ULNJX9BQJLCiUwo7g==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Mon, 30 Jan 2023 03:45:40 GMT
age: 80266
etag: "02e964ea5a88c866267ac6c5601bfcde26ffd42b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
mybettermb.com/aS/feedclick?s=HFz5zNIIs95ROWPasgEEzx8Me0kzRtReLyT4nqgY4lUIKv2ZHTfRFmdNRMz_dvhc29XXvCS9-JLFXNSHgbbvMDcVgn291AC8_M1Mmbofr-ZKceZDQZtXA_b5np8cxJs0YFos_XX7JtPGVWViaJip_gzuORprI4qlt_7kfAZbXZ_3hitpdaEoqb0ydhoZZBqkiOFUSTI7wWesQ9eRj1dK3N-v8BIHlO6ic7m3ynBUcsyUE6MorZxE-9hV4AbS8Fh36g3txk1fZiBIiEGfLCfKHnQQ2Kfo2H--uEn4AkkWG5W9dKDCqaorJkjp3kQ3vjXpxcMc9t0-Ifg5jNi2LLofFcwWK4f86GKtq-BTbUqoyOTW-JGyDg7SXXq85s0cP1DnpEsfwoCuln4rymMpy1wzSkkYz9F6VKwaNuydrbih0BPnoqGn5uHZoui9WEKVZxZX9eOGDO9xP9fgY3t6xIW8DZiZGyfLoIBm_Y6UtOqiQgcDDhC0jlEh9x3A4I2R5IkXxuS3zXNnE691SLYXqlB_pYJBoTPX5eccLGIoYMCT98-0bEjzXcuSWhT39u56G-BU3LSDKxUn4VX7RHopvncO6dqysHoRPoUkMa13p3zeYeqiepGvAlG_wM2GQGd_ZuDPTr7HT5BJdwFm7--4_7Et-fH_WYho3R3zQPiuzYfez3NWjKAro-UUNnDX0gpdFb3-zxIbTGhkzHWaIy-R46lUGgfh3Y1MH56Zm1QpQRJMYmB2ECJBt9vwd-OwZWWftn_5RMLHybMVhST2W37oH6xfmZ_BxgeVkJ36yPH48JebCjsDaToxERLd_aCIlGoVRQJDpsednW4pcl0lD0N8hDzFtLU2t-tWAeTkbGb5ttCbdarrh42FPPTIkatSStWeSexnBDUsAjReqsD_9vB8WeHOtXUVHRmDslSPNvzYUtP77Oe6DV-rqsQUnfGr3Wvy5tECNI2FTAUk1qqQtnNaQPHGUhkjemynkCqKUOtMagxmGVbg77nVSLeFkmXsUdhJ3qUmqM1YFzne7G365sQcnyeNSvZxc3Fd9UC-rtg5Yuugvl7nAA319rQT5Ud6a0Dn6eNJizYKweXujG-J7JnMs7EaWDzJE_6X2Ti4dOAadnGy3NlTx__A9RYUFvznADb-k-FvaPhhgtFwNiv1Zuxk9W74o-5mHSollN8_R_t7s-Wbdx2iW8yKyuTfRJpQ2ge7Uo-9Z8QWW7j6bn4-5zQAw_SMiJ2RWHusoL5zUJcK-tCgLZ_7tmCu0FGrrjjfuAeiMhH9i09DnHmQ_YXZr6uKawK-aMbb8JYUiQxlIfzFlSAXcs7_CNBpFgUsmPZxCf7Wd9tziQt0yfNulW-keGVioozHqbvOGAPg_ei_xXl-GyBnccLJzFuWbFOdlU9i_TRclVxeB_XmHDAjA4b-fVU8keHSqZdYkU_DNJVyudMAcAZikWDNvXFr9TiobNwStkQ3BLEVJh8MbOqq4oL2MCSpNQpOroVV4ZZAOeRBGW2M-edZHsAlzsFMzYGLPkZgDphevg7WD81WSt9dIK1Rlbiaxp54rQ4ZUirtJAe3_wsPGkMWr4h1rP0FF769nCH8xZUgF3LOzpV3p2woOwA1ZtKmSv8w1SH8xZUgF3LO5lBB2RbRzyFlkkLEB146pQ
52.116.53.155302 Found 0 B URL HTTP/2 mybettermb.com/aS/feedclick?s=HFz5zNIIs95ROWPasgEEzx8Me0kzRtReLyT4nqgY4lUIKv2ZHTfRFmdNRMz_dvhc29XXvCS9-JLFXNSHgbbvMDcVgn291AC8_M1Mmbofr-ZKceZDQZtXA_b5np8cxJs0YFos_XX7JtPGVWViaJip_gzuORprI4qlt_7kfAZbXZ_3hitpdaEoqb0ydhoZZBqkiOFUSTI7wWesQ9eRj1dK3N-v8BIHlO6ic7m3ynBUcsyUE6MorZxE-9hV4AbS8Fh36g3txk1fZiBIiEGfLCfKHnQQ2Kfo2H--uEn4AkkWG5W9dKDCqaorJkjp3kQ3vjXpxcMc9t0-Ifg5jNi2LLofFcwWK4f86GKtq-BTbUqoyOTW-JGyDg7SXXq85s0cP1DnpEsfwoCuln4rymMpy1wzSkkYz9F6VKwaNuydrbih0BPnoqGn5uHZoui9WEKVZxZX9eOGDO9xP9fgY3t6xIW8DZiZGyfLoIBm_Y6UtOqiQgcDDhC0jlEh9x3A4I2R5IkXxuS3zXNnE691SLYXqlB_pYJBoTPX5eccLGIoYMCT98-0bEjzXcuSWhT39u56G-BU3LSDKxUn4VX7RHopvncO6dqysHoRPoUkMa13p3zeYeqiepGvAlG_wM2GQGd_ZuDPTr7HT5BJdwFm7--4_7Et-fH_WYho3R3zQPiuzYfez3NWjKAro-UUNnDX0gpdFb3-zxIbTGhkzHWaIy-R46lUGgfh3Y1MH56Zm1QpQRJMYmB2ECJBt9vwd-OwZWWftn_5RMLHybMVhST2W37oH6xfmZ_BxgeVkJ36yPH48JebCjsDaToxERLd_aCIlGoVRQJDpsednW4pcl0lD0N8hDzFtLU2t-tWAeTkbGb5ttCbdarrh42FPPTIkatSStWeSexnBDUsAjReqsD_9vB8WeHOtXUVHRmDslSPNvzYUtP77Oe6DV-rqsQUnfGr3Wvy5tECNI2FTAUk1qqQtnNaQPHGUhkjemynkCqKUOtMagxmGVbg77nVSLeFkmXsUdhJ3qUmqM1YFzne7G365sQcnyeNSvZxc3Fd9UC-rtg5Yuugvl7nAA319rQT5Ud6a0Dn6eNJizYKweXujG-J7JnMs7EaWDzJE_6X2Ti4dOAadnGy3NlTx__A9RYUFvznADb-k-FvaPhhgtFwNiv1Zuxk9W74o-5mHSollN8_R_t7s-Wbdx2iW8yKyuTfRJpQ2ge7Uo-9Z8QWW7j6bn4-5zQAw_SMiJ2RWHusoL5zUJcK-tCgLZ_7tmCu0FGrrjjfuAeiMhH9i09DnHmQ_YXZr6uKawK-aMbb8JYUiQxlIfzFlSAXcs7_CNBpFgUsmPZxCf7Wd9tziQt0yfNulW-keGVioozHqbvOGAPg_ei_xXl-GyBnccLJzFuWbFOdlU9i_TRclVxeB_XmHDAjA4b-fVU8keHSqZdYkU_DNJVyudMAcAZikWDNvXFr9TiobNwStkQ3BLEVJh8MbOqq4oL2MCSpNQpOroVV4ZZAOeRBGW2M-edZHsAlzsFMzYGLPkZgDphevg7WD81WSt9dIK1Rlbiaxp54rQ4ZUirtJAe3_wsPGkMWr4h1rP0FF769nCH8xZUgF3LOzpV3p2woOwA1ZtKmSv8w1SH8xZUgF3LO5lBB2RbRzyFlkkLEB146pQ
IP 52.116.53.155:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET /aS/feedclick?s=HFz5zNIIs95ROWPasgEEzx8Me0kzRtReLyT4nqgY4lUIKv2ZHTfRFmdNRMz_dvhc29XXvCS9-JLFXNSHgbbvMDcVgn291AC8_M1Mmbofr-ZKceZDQZtXA_b5np8cxJs0YFos_XX7JtPGVWViaJip_gzuORprI4qlt_7kfAZbXZ_3hitpdaEoqb0ydhoZZBqkiOFUSTI7wWesQ9eRj1dK3N-v8BIHlO6ic7m3ynBUcsyUE6MorZxE-9hV4AbS8Fh36g3txk1fZiBIiEGfLCfKHnQQ2Kfo2H--uEn4AkkWG5W9dKDCqaorJkjp3kQ3vjXpxcMc9t0-Ifg5jNi2LLofFcwWK4f86GKtq-BTbUqoyOTW-JGyDg7SXXq85s0cP1DnpEsfwoCuln4rymMpy1wzSkkYz9F6VKwaNuydrbih0BPnoqGn5uHZoui9WEKVZxZX9eOGDO9xP9fgY3t6xIW8DZiZGyfLoIBm_Y6UtOqiQgcDDhC0jlEh9x3A4I2R5IkXxuS3zXNnE691SLYXqlB_pYJBoTPX5eccLGIoYMCT98-0bEjzXcuSWhT39u56G-BU3LSDKxUn4VX7RHopvncO6dqysHoRPoUkMa13p3zeYeqiepGvAlG_wM2GQGd_ZuDPTr7HT5BJdwFm7--4_7Et-fH_WYho3R3zQPiuzYfez3NWjKAro-UUNnDX0gpdFb3-zxIbTGhkzHWaIy-R46lUGgfh3Y1MH56Zm1QpQRJMYmB2ECJBt9vwd-OwZWWftn_5RMLHybMVhST2W37oH6xfmZ_BxgeVkJ36yPH48JebCjsDaToxERLd_aCIlGoVRQJDpsednW4pcl0lD0N8hDzFtLU2t-tWAeTkbGb5ttCbdarrh42FPPTIkatSStWeSexnBDUsAjReqsD_9vB8WeHOtXUVHRmDslSPNvzYUtP77Oe6DV-rqsQUnfGr3Wvy5tECNI2FTAUk1qqQtnNaQPHGUhkjemynkCqKUOtMagxmGVbg77nVSLeFkmXsUdhJ3qUmqM1YFzne7G365sQcnyeNSvZxc3Fd9UC-rtg5Yuugvl7nAA319rQT5Ud6a0Dn6eNJizYKweXujG-J7JnMs7EaWDzJE_6X2Ti4dOAadnGy3NlTx__A9RYUFvznADb-k-FvaPhhgtFwNiv1Zuxk9W74o-5mHSollN8_R_t7s-Wbdx2iW8yKyuTfRJpQ2ge7Uo-9Z8QWW7j6bn4-5zQAw_SMiJ2RWHusoL5zUJcK-tCgLZ_7tmCu0FGrrjjfuAeiMhH9i09DnHmQ_YXZr6uKawK-aMbb8JYUiQxlIfzFlSAXcs7_CNBpFgUsmPZxCf7Wd9tziQt0yfNulW-keGVioozHqbvOGAPg_ei_xXl-GyBnccLJzFuWbFOdlU9i_TRclVxeB_XmHDAjA4b-fVU8keHSqZdYkU_DNJVyudMAcAZikWDNvXFr9TiobNwStkQ3BLEVJh8MbOqq4oL2MCSpNQpOroVV4ZZAOeRBGW2M-edZHsAlzsFMzYGLPkZgDphevg7WD81WSt9dIK1Rlbiaxp54rQ4ZUirtJAe3_wsPGkMWr4h1rP0FF769nCH8xZUgF3LOzpV3p2woOwA1ZtKmSv8w1SH8xZUgF3LO5lBB2RbRzyFlkkLEB146pQ HTTP/1.1
Host: mybettermb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://btpnative.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Tue, 31 Jan 2023 02:03:26 GMT
content-length: 0
set-cookie: rhid=82800897449; Max-Age=15552000; Expires=Sun, 30-Jul-2023 02:03:26 GMT; Domain=mybettermb.com; Path=/; SameSite=None; secure;
location: https://p274639.mybettermb.com/adServe/domainClick?ai=zHPR75Zx-onygYaeN_ogCBBLFBRk1eiQ4ypU_IICyRP5V1c6EPCUBF8zHiEadnIXHca1CsuLEl2kGko8eoV6LiOFwlzkCkbzEzy7OBJtmOXCgzQbPSpPqqSSkl0jHkvawfpNa9imHsM1Pvdhx6h8GcMlvyNQu9ligKNm5HUY_GWjB2fjK6rwTJjim55TmpSzfpExJBMizSdKgbz0VF_-WH_9b8ky2I1bOt49-zifnPahCJDe0fs2e12k4XVJzHJX8mFgHSWE3TZCCpJ_Aq0_LLnTAHAGYpFgXZomooD2vuliVnQIGgxQDiU7ugF2M-yuw6VwzuvR-x3CQtVBA9Wp7n-oJi-H9AZDZAEJiK7vPzixmWNroOA7iDeDOtSQlmdXjhdEqJB6Nj2XmDvYXWw9hp-qFZn5gpnPqtE9sbJicJwX2fEbVjxB9kp2QAzznS8_6fjhgUFt3sQISiZ3D8mF7LCm2HeI0S938_gGwpSXr3tSAMcY_H2x07HFovOGSDpNKiXhLmiyflhHQ2DhJtv57AionTQ8bleb&ui=HFz5zNIIs96w8gbO8AoGVPmI0xR1wwxSH3LRhS7yFr44jC5B3JLJRQe6_JWYuELBOHIoRdltXdbQty4LB7K0SXOOmJ-RAV7petVg_MhDOHN1Dhh7ZfSJFQ&si=1&oref=dae16bcb6b93b11e9cbacb290c7cfdf8&optunit=w6VwzuvR-x29ebjHufQcSA&rb=E-qvs9aXu7s&rr=0&abtg=0
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 702a14a5d5ca52a018d1158820d36ee7
6d546d6b6a5cfc014acc30e05c1ef02c41ef3e5a
dfd698d4867f97838da13eaf9c3542f223e64d2d64e9443a60784d10d0fab6c7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DFD698D4867F97838DA13EAF9C3542F223E64D2D64E9443A60784D10D0FAB6C7"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Tue, 31 Jan 2023 08:03:27 GMT
Date: Tue, 31 Jan 2023 02:03:27 GMT
Connection: keep-alive
qvikar.com/symantec/security/436947333
192.254.234.214302 Found 0 B URL HTTP/2 qvikar.com/symantec/security/436947333
IP 192.254.234.214:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /symantec/security/436947333 HTTP/1.1
Host: qvikar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
location: https://www.clkmg.com/qvikar/symantec/security/436947333/
vary: User-Agent
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 31 Jan 2023 02:03:28 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp2.globalsign.com/gsalphasha2g2
151.101.194.133200 OK 1.4 kB URL HTTP/1.1 ocsp2.globalsign.com/gsalphasha2g2
IP 151.101.194.133:0
Hash 394033aafed0cb3ac21ac491a405cc08
12bfeec535725bcde4217ec90c703f26269aa38f
4f2c4c448d958d61e5a5f4216eef80c0b45e001de6689b6b5ce7a38d23684cbc
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 1423
Server: nginx
Content-Type: application/ocsp-response
Expires: Sat, 04 Feb 2023 00:44:47 GMT
ETag: "12bfeec535725bcde4217ec90c703f26269aa38f"
Last-Modified: Tue, 31 Jan 2023 00:44:48 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Tue, 31 Jan 2023 02:03:28 GMT
Age: 4721
X-Served-By: cache-qpg1280-QPG, cache-bma1624-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 8, 1
X-Timer: S1675130609.536875,VS0,VE1
www.clkmg.com/qvikar/symantec/security/436947333/
50.97.244.203302 Found 252 B URL HTTP/1.1 www.clkmg.com/qvikar/symantec/security/436947333/
IP 50.97.244.203:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash f8e0d84321b2e3784347d18576532a0c
4618d65b989caf526cdd39434e52a42c74dd93ec
f886f67905fa02b7c13894be500f5a1736fe20542e0a57561444ce84be3824a5
GET /qvikar/symantec/security/436947333/ HTTP/1.1
Host: www.clkmg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Date: Tue, 31 Jan 2023 02:03:28 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 252
Connection: keep-alive
P3P: CP="This is not a P3P policy! See https://www.clkmg.com for more info."
Set-Cookie: alc=1; domain=.clkmg.com; expires=Tue Jan 31 02:03:33 2023; path=/;
lids=1537844-152398+; domain=.clkmg.com; expires=Wed Jan 31 02:03:28 2024; path=/;
Location: https://www.clkmg.com/err/?u=qvikar&l=symantec&s=A&e=403
Server: nginx
X-Permitted-Cross-Domain-Policies: none
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Access-Control-Max-Age: 300
X-CM-FE: httpfe-02.clickmagick.com
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
www.clkmg.com/err/?u=qvikar&l=symantec&s=A&e=403
50.97.244.203200 OK 1.4 kB URL HTTP/1.1 www.clkmg.com/err/?u=qvikar&l=symantec&s=A&e=403
IP 50.97.244.203:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash fbf6005663528fbffb7fdf9c8fa995bc
de4dc1559fd1bd3026d94887738125a83b4012b6
972ee94dbdbea4c5e3a75afbb7d2b5ee9dd6e5558b8d09603491b51b7ccbb704
GET /err/?u=qvikar&l=symantec&s=A&e=403 HTTP/1.1
Host: www.clkmg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: lids=1537844-152398+
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 02:03:28 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="This is not a P3P policy! See http://www.clkmg.com for more info."
Server: nginx
X-Permitted-Cross-Domain-Policies: none
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Access-Control-Max-Age: 300
X-CM-FE: httpfe-02.clickmagick.com
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
cdn.clickmagick.com/images/logo.gif
54.230.111.88200 OK 4.3 kB URL HTTP/2 cdn.clickmagick.com/images/logo.gif
IP 54.230.111.88:0
File type GIF image data, version 89a, 300 x 64\012- data
Hash 1bfe88368945f71f6b145f8fdc431c3f
2650030369e5c327d5eaf4a6b9fd175786bda751
b069053ff474120a849ba3e9f1d4110f4311608883e9ec1cdbe68e1b181dcc73
GET /images/logo.gif HTTP/1.1
Host: cdn.clickmagick.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.clkmg.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/gif
content-length: 4252
date: Mon, 30 Jan 2023 22:52:35 GMT
last-modified: Wed, 27 Jul 2022 23:18:30 GMT
etag: "62e1c7c6-109c"
server: nginx
x-permitted-cross-domain-policies: none
x-frame-options: SAMEORIGIN
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-max-age: 300
expires: Sun, 30 Apr 2023 22:52:35 GMT
cache-control: max-age=7776000, public, no-transform
accept-ranges: bytes
x-cache: Hit from cloudfront
via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: TvNNNz6F5UpzweyUPsIz1JAj3gZ8BSo421S59Vkf2HEkMv9jlDf7ew==
age: 11454
x-robots-tag: noindex
X-Firefox-Spdy: h2
cdn.clkmg.com/misc/css/style.css
54.230.111.107200 OK 4.5 kB URL HTTP/1.1 cdn.clkmg.com/misc/css/style.css
IP 54.230.111.107:0
Hash e540f61448a0e598774be6738463a0c5
75c83228491705c9a412383803decd6878c3f163
263bd19121ab72d1db5109850141dd62598ee8d4240b4cbfb3bce40a85c5da3c
GET /misc/css/style.css HTTP/1.1
Host: cdn.clkmg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.clkmg.com/
Cookie: lids=1537844-152398+
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 4498
Connection: keep-alive
Date: Sun, 08 Jan 2023 01:39:24 GMT
Last-Modified: Sat, 06 Aug 2022 19:05:46 GMT
ETag: "62eebb8a-1192"
Server: nginx
X-Permitted-Cross-Domain-Policies: none
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Access-Control-Max-Age: 300
Expires: Tue, 07 Feb 2023 01:39:24 GMT
Cache-Control: max-age=2592000, public, no-transform
Accept-Ranges: bytes
X-Cache: Hit from cloudfront
Via: 1.1 8ac66e1d6983a0f44cf391b1ec3b1cce.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: k9PfUVl_hKie3TmpRFgOJL1D0Z0Psjc9LJ1PdfFJG1aDXciqJ9zD9g==
Age: 1988645
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Referrer-Policy: strict-origin-when-cross-origin
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
cdn.clkmg.com/images/spacer.gif
54.230.111.107200 OK 43 B URL HTTP/1.1 cdn.clkmg.com/images/spacer.gif
IP 54.230.111.107:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash fc94fb0c3ed8a8f909dbc7630a0987ff
56d45f8a17f5078a20af9962c992ca4678450765
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
GET /images/spacer.gif HTTP/1.1
Host: cdn.clkmg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.clkmg.com/
Cookie: lids=1537844-152398+
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Date: Mon, 09 Jan 2023 02:31:58 GMT
Last-Modified: Thu, 23 Feb 2017 23:21:15 GMT
ETag: "58af6e6b-2b"
Server: nginx
X-Permitted-Cross-Domain-Policies: none
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Access-Control-Max-Age: 300
Expires: Sun, 09 Apr 2023 02:31:58 GMT
Cache-Control: max-age=7776000, public, no-transform
Accept-Ranges: bytes
X-Cache: Hit from cloudfront
Via: 1.1 193a8c13b6e0a6b90db7172f6358335e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: d0f67qhORFDthJoq3MxrDW8q-6MJ3qJuQg6MWesyFeqwYRKRpLLVCw==
Age: 1899091
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Referrer-Policy: strict-origin-when-cross-origin
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
cdn.clickmagick.com/misc/fonts/website/v3/Inter-Medium.woff
54.230.111.88200 OK 158 kB URL HTTP/2 cdn.clickmagick.com/misc/fonts/website/v3/Inter-Medium.woff
IP 54.230.111.88:0
File type Web Open Font Format, TrueType, length 157888, version 0.0\012- data
Size 158 kB (157888 bytes)
Hash 6b5a42f0603ea013e7099c2160e007e7
1a817b28d15fba7537a6ac0ed28126589062f303
860f80f683dd2cca3acc4680a798cd8a1a8dd8d6a0e18312692d9504f3792242
GET /misc/fonts/website/v3/Inter-Medium.woff HTTP/1.1
Host: cdn.clickmagick.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://cdn.clkmg.com/
Origin: https://www.clkmg.com
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/font-woff
content-length: 157888
date: Tue, 31 Jan 2023 00:00:19 GMT
last-modified: Wed, 22 Jun 2022 15:39:23 GMT
etag: "62b337ab-268c0"
server: nginx
x-permitted-cross-domain-policies: none
x-frame-options: SAMEORIGIN
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-max-age: 300
x-cm-fe: httpfe-02.clickmagick.com
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
accept-ranges: bytes
x-cache: Hit from cloudfront
via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: I7YaEm477tonmVxCD9TY9ESzuxkn7a7HfeU99oPAvesz3dLnbw2RZg==
age: 7390
x-robots-tag: noindex
X-Firefox-Spdy: h2
cdn.clickmagick.com/misc/fonts/website/v3/Inter-Regular.woff
54.230.111.88200 OK 149 kB URL HTTP/2 cdn.clickmagick.com/misc/fonts/website/v3/Inter-Regular.woff
IP 54.230.111.88:0
File type Web Open Font Format, TrueType, length 149344, version 0.0\012- data
Size 149 kB (149344 bytes)
Hash ea2c76b525641c2051cdf7d930e465ba
b3ffc2515b8429e92540e084fd6011f32b8df368
6ab2042219a7bbc2f5523d61ad24c9f1e3627f2cbb891669d981da8bb019c11e
GET /misc/fonts/website/v3/Inter-Regular.woff HTTP/1.1
Host: cdn.clickmagick.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://cdn.clkmg.com/
Origin: https://www.clkmg.com
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/font-woff
content-length: 149344
date: Tue, 31 Jan 2023 00:00:19 GMT
last-modified: Wed, 22 Jun 2022 15:39:23 GMT
etag: "62b337ab-24760"
server: nginx
x-permitted-cross-domain-policies: none
x-frame-options: SAMEORIGIN
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-max-age: 300
x-cm-fe: httpfe-01.clickmagick.com
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
accept-ranges: bytes
x-cache: Hit from cloudfront
via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: zzaO6bOXYkIumUFpY7OTyhUcWb4drE12sfX0hTp_CKONHHUlgKVd5Q==
age: 7390
x-robots-tag: noindex
X-Firefox-Spdy: h2
www.clkmg.com/favicon.ico
50.97.244.203200 OK 78 B URL HTTP/1.1 www.clkmg.com/favicon.ico
IP 50.97.244.203:0
File type MS Windows icon resource - 1 icon, 1x1, 2 colors\012- data
Hash c9e1efa761b83f4a25a07dc85c207f95
7c1df040d4119e1c1b4f875c362f363ad1f6ba13
91634633ca6d34044c356a9a0baa832f1927d8326e1ae1a95af22b864d30dd7f
GET /favicon.ico HTTP/1.1
Host: www.clkmg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.clkmg.com/err/?u=qvikar&l=symantec&s=A&e=403
Cookie: lids=1537844-152398+
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 02:03:29 GMT
Content-Type: image/x-icon
Content-Length: 78
Last-Modified: Thu, 21 Apr 2022 16:32:44 GMT
Connection: keep-alive
ETag: "6261872c-4e"
Server: nginx
X-Permitted-Cross-Domain-Policies: none
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Access-Control-Max-Age: 300
Expires: Thu, 02 Mar 2023 02:03:29 GMT
Pragma: public
Cache-Control: max-age=2592000, public
Accept-Ranges: bytes
p274639.mybettermb.com/adServe/domainClick?ai=zHPR75Zx-onygYaeN_ogCBBLFBRk1eiQ4ypU_IICyRP5V1c6EPCUBF8zHiEadnIXHca1CsuLEl2kGko8eoV6LiOFwlzkCkbzEzy7OBJtmOXCgzQbPSpPqqSSkl0jHkvawfpNa9imHsM1Pvdhx6h8GcMlvyNQu9ligKNm5HUY_GWjB2fjK6rwTJjim55TmpSzfpExJBMizSdKgbz0VF_-WH_9b8ky2I1bOt49-zifnPahCJDe0fs2e12k4XVJzHJX8mFgHSWE3TZCCpJ_Aq0_LLnTAHAGYpFgXZomooD2vuliVnQIGgxQDiU7ugF2M-yuw6VwzuvR-x3CQtVBA9Wp7n-oJi-H9AZDZAEJiK7vPzixmWNroOA7iDeDOtSQlmdXjhdEqJB6Nj2XmDvYXWw9hp-qFZn5gpnPqtE9sbJicJwX2fEbVjxB9kp2QAzznS8_6fjhgUFt3sQISiZ3D8mF7LCm2HeI0S938_gGwpSXr3tSAMcY_H2x07HFovOGSDpNKiXhLmiyflhHQ2DhJtv57AionTQ8bleb&ui=HFz5zNIIs96w8gbO8AoGVPmI0xR1wwxSH3LRhS7yFr44jC5B3JLJRQe6_JWYuELBOHIoRdltXdbQty4LB7K0SXOOmJ-RAV7petVg_MhDOHN1Dhh7ZfSJFQ&si=1&oref=dae16bcb6b93b11e9cbacb290c7cfdf8&optunit=w6VwzuvR-x29ebjHufQcSA&rb=E-qvs9aXu7s&rr=0&abtg=0
52.116.53.155200 OK 0 B URL HTTP/2 p274639.mybettermb.com/adServe/domainClick?ai=zHPR75Zx-onygYaeN_ogCBBLFBRk1eiQ4ypU_IICyRP5V1c6EPCUBF8zHiEadnIXHca1CsuLEl2kGko8eoV6LiOFwlzkCkbzEzy7OBJtmOXCgzQbPSpPqqSSkl0jHkvawfpNa9imHsM1Pvdhx6h8GcMlvyNQu9ligKNm5HUY_GWjB2fjK6rwTJjim55TmpSzfpExJBMizSdKgbz0VF_-WH_9b8ky2I1bOt49-zifnPahCJDe0fs2e12k4XVJzHJX8mFgHSWE3TZCCpJ_Aq0_LLnTAHAGYpFgXZomooD2vuliVnQIGgxQDiU7ugF2M-yuw6VwzuvR-x3CQtVBA9Wp7n-oJi-H9AZDZAEJiK7vPzixmWNroOA7iDeDOtSQlmdXjhdEqJB6Nj2XmDvYXWw9hp-qFZn5gpnPqtE9sbJicJwX2fEbVjxB9kp2QAzznS8_6fjhgUFt3sQISiZ3D8mF7LCm2HeI0S938_gGwpSXr3tSAMcY_H2x07HFovOGSDpNKiXhLmiyflhHQ2DhJtv57AionTQ8bleb&ui=HFz5zNIIs96w8gbO8AoGVPmI0xR1wwxSH3LRhS7yFr44jC5B3JLJRQe6_JWYuELBOHIoRdltXdbQty4LB7K0SXOOmJ-RAV7petVg_MhDOHN1Dhh7ZfSJFQ&si=1&oref=dae16bcb6b93b11e9cbacb290c7cfdf8&optunit=w6VwzuvR-x29ebjHufQcSA&rb=E-qvs9aXu7s&rr=0&abtg=0
IP 52.116.53.155:0
GET /adServe/domainClick?ai=zHPR75Zx-onygYaeN_ogCBBLFBRk1eiQ4ypU_IICyRP5V1c6EPCUBF8zHiEadnIXHca1CsuLEl2kGko8eoV6LiOFwlzkCkbzEzy7OBJtmOXCgzQbPSpPqqSSkl0jHkvawfpNa9imHsM1Pvdhx6h8GcMlvyNQu9ligKNm5HUY_GWjB2fjK6rwTJjim55TmpSzfpExJBMizSdKgbz0VF_-WH_9b8ky2I1bOt49-zifnPahCJDe0fs2e12k4XVJzHJX8mFgHSWE3TZCCpJ_Aq0_LLnTAHAGYpFgXZomooD2vuliVnQIGgxQDiU7ugF2M-yuw6VwzuvR-x3CQtVBA9Wp7n-oJi-H9AZDZAEJiK7vPzixmWNroOA7iDeDOtSQlmdXjhdEqJB6Nj2XmDvYXWw9hp-qFZn5gpnPqtE9sbJicJwX2fEbVjxB9kp2QAzznS8_6fjhgUFt3sQISiZ3D8mF7LCm2HeI0S938_gGwpSXr3tSAMcY_H2x07HFovOGSDpNKiXhLmiyflhHQ2DhJtv57AionTQ8bleb&ui=HFz5zNIIs96w8gbO8AoGVPmI0xR1wwxSH3LRhS7yFr44jC5B3JLJRQe6_JWYuELBOHIoRdltXdbQty4LB7K0SXOOmJ-RAV7petVg_MhDOHN1Dhh7ZfSJFQ&si=1&oref=dae16bcb6b93b11e9cbacb290c7cfdf8&optunit=w6VwzuvR-x29ebjHufQcSA&rb=E-qvs9aXu7s&rr=0&abtg=0 HTTP/1.1
Host: p274639.mybettermb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://btpnative.com/
Connection: keep-alive
Cookie: rhid=82800897449
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 31 Jan 2023 02:03:27 GMT
content-type: text/html;charset=ISO-8859-1
vary: Accept-Encoding
set-cookie: rhid=82800897449; Max-Age=15552000; Expires=Sun, 30-Jul-2023 02:03:27 GMT; Domain=mybettermb.com; Path=/; SameSite=None; secure;
loi=ad_857954_off_361683_aff_11454_cid_274639-575551883-TPBPROXYONE.ORG_ts_1675130607; Max-Age=3600; Expires=Tue, 31-Jan-2023 03:03:27 GMT; Domain=mybettermb.com; Path=/; SameSite=None; secure;
content-encoding: gzip
X-Firefox-Spdy: h2