r.goaffmy.com/click?pid=9980&offer_id=2359&sub1=102b09e4d8553cbd50e45110fc4927&sub2=44542&sub3=122264_&bo=2753,2754,2755,2756
34.141.137.168302 Found 0 B URL HTTP/1.1 r.goaffmy.com/click?pid=9980&offer_id=2359&sub1=102b09e4d8553cbd50e45110fc4927&sub2=44542&sub3=122264_&bo=2753,2754,2755,2756
IP 34.141.137.168:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?pid=9980&offer_id=2359&sub1=102b09e4d8553cbd50e45110fc4927&sub2=44542&sub3=122264_&bo=2753,2754,2755,2756 HTTP/1.1
Host: r.goaffmy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Server: nginx
Date: Sun, 22 Jan 2023 15:47:59 GMT
Content-Length: 0
Connection: keep-alive
X-Adjust-Use-Original-Forwarded-For: 1
Location: https://r.go2offer-1.com/click?pid=9980&offer_id=3678&sub1=102b09e4d8553cbd50e45110fc4927&sub2=44542&sub3=122264_&sub4=&sub5=&sub6=&sub7=&sub8=
Access-Control-Allow-Origin: *
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 20d267853e48ef7d476459ed67da5d97
06d1bd08efd69c0e93486d3c423fa2640f372d29
24323cd45ca2ed01c63f908233d9b2ad5bb6f63394884c45bf6abb0221d0edd6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "24323CD45CA2ED01C63F908233D9B2AD5BB6F63394884C45BF6ABB0221D0EDD6"
Last-Modified: Fri, 20 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3053
Expires: Sun, 22 Jan 2023 16:38:52 GMT
Date: Sun, 22 Jan 2023 15:47:59 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 4714c95a0c854e38f9be444f9343bf14
07ce5eb635448f2b3bafbe51e4dfeef47cdf4f7b
4d47e08c9afb704096e93a51f6e95c0dc7c7bc31e67ded39998ff37ed56e0965
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4D47E08C9AFB704096E93A51F6E95C0DC7C7BC31E67DED39998FF37ED56E0965"
Last-Modified: Sat, 21 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16652
Expires: Sun, 22 Jan 2023 20:25:31 GMT
Date: Sun, 22 Jan 2023 15:47:59 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 38c102db4bcfb9c4fb19174986950fd3
51c2cc8a3aca4da5c9ab3438467c29203fc0b0c3
dad6b64bc9f4dd827471ccc2e5273fceee574685376083aaa80f9d2f918037f2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DAD6B64BC9F4DD827471CCC2E5273FCEEE574685376083AAA80F9D2F918037F2"
Last-Modified: Fri, 20 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15773
Expires: Sun, 22 Jan 2023 20:10:52 GMT
Date: Sun, 22 Jan 2023 15:47:59 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Content-Type, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 22 Jan 2023 15:42:30 GMT
content-type: application/json
age: 329
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: SEcc/F/tc/10W5wI95P7CkRgsAfHAd1hDJ1l+n57/FQFar/zreGQ2lCOQmhlPjDsBMFIBOreFEA=
x-amz-request-id: XT5XDEJ1124Z8QM2
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 22 Jan 2023 15:18:29 GMT
age: 1770
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 22 Jan 2023 15:47:59 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Expires, Pragma, Content-Type, Backoff, Last-Modified, Cache-Control, ETag
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 22 Jan 2023 14:48:58 GMT
age: 3542
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 1fd6eb58f4baa6d537d5a5785c2cf172
60e6c0eb38353fd9627aea8bdefa9af9f4c7c9e4
b726679b95246f0a73683d09c3465456bf299b4d119cae72df36501fb7b6ae63
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 15:48:00 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 21 Jan 2023 13:32:33 GMT
Expires: Sat, 28 Jan 2023 13:32:32 GMT
Etag: "60e6c0eb38353fd9627aea8bdefa9af9f4c7c9e4"
Cache-Control: max-age=509671,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 78d96e6cec83b527-OSL
r.go2offer-1.com/click?pid=9980&offer_id=3678&sub1=102b09e4d8553cbd50e45110fc4927&sub2=44542&sub3=122264_&sub4=&sub5=&sub6=&sub7=&sub8=
34.90.46.36302 Found 0 B URL HTTP/2 r.go2offer-1.com/click?pid=9980&offer_id=3678&sub1=102b09e4d8553cbd50e45110fc4927&sub2=44542&sub3=122264_&sub4=&sub5=&sub6=&sub7=&sub8=
IP 34.90.46.36:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?pid=9980&offer_id=3678&sub1=102b09e4d8553cbd50e45110fc4927&sub2=44542&sub3=122264_&sub4=&sub5=&sub6=&sub7=&sub8= HTTP/1.1
Host: r.go2offer-1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
server: nginx
date: Sun, 22 Jan 2023 15:48:00 GMT
content-length: 0
location: https://omgtds.com/c1/b30bdb65-5c08-49a9-8082-5c8ea9af818f?aff=9980&source=44542&externalId=63cd5ab0e635ef0001930f7d&sub2=44542&sub3=9980&pp=1
x-adjust-use-original-forwarded-for: 1
set-cookie: afclick=63cd5ab0e635ef0001930f7d; expires=Mon, 22 Jan 2024 15:48:00 GMT; secure; SameSite=None
afoffers={"3678":1674402480}; expires=Mon, 22 Jan 2024 15:48:00 GMT; secure; SameSite=None
access-control-allow-origin: *
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 0c74880fa99032b5c3831c179d702419
0020b368309735c94d8053d3781a7efb7283cfc5
437e2d4e2bbfb33b0ff696172378ce55a0a5ed005a1b8c4005eab4a6995a3042
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 193
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 15:48:00 GMT
Last-Modified: Sun, 22 Jan 2023 15:44:48 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash c408c0f37d44c22f05c3081bf8b1d79b
6740143cd9cc637a47d3a73ed3b0ee213a3d34da
6123342624ccf5c3203dc626efa7125b6cef0ec7a19890758e226c119b47a6a3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6123342624CCF5C3203DC626EFA7125B6CEF0EC7A19890758E226C119B47A6A3"
Last-Modified: Sat, 21 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16418
Expires: Sun, 22 Jan 2023 20:21:38 GMT
Date: Sun, 22 Jan 2023 15:48:00 GMT
Connection: keep-alive
omgtds.com/c1/b30bdb65-5c08-49a9-8082-5c8ea9af818f?aff=9980&source=44542&externalId=63cd5ab0e635ef0001930f7d&sub2=44542&sub3=9980&pp=1
185.162.87.41302 Found 191 B URL HTTP/1.1 omgtds.com/c1/b30bdb65-5c08-49a9-8082-5c8ea9af818f?aff=9980&source=44542&externalId=63cd5ab0e635ef0001930f7d&sub2=44542&sub3=9980&pp=1
IP 185.162.87.41:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document, ASCII text
Hash 8c3ab89e9e40cd92791865f17260a8ee
93a455da6c48ff90473829f9869963585bbafffa
6c012f5aa137e47d2f3a1c3163f98ad6b1f178061e689613ffa84d44a3e6aa9b
GET /c1/b30bdb65-5c08-49a9-8082-5c8ea9af818f?aff=9980&source=44542&externalId=63cd5ab0e635ef0001930f7d&sub2=44542&sub3=9980&pp=1 HTTP/1.1
Host: omgtds.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 302 Found
Server: nginx/1.22.1
Date: Sun, 22 Jan 2023 15:48:00 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 191
Connection: keep-alive
Location: https://r.goaffmy.com/click?pid=14148&offer_id=3261&sub1=cf6llc5ki7qekn1et5r0&sub2=44542&sub3=9980&sub5=63cd5ab0e635ef0001930f7d&sub7=&sub8=
Set-Cookie: uid=93J1_OOaM; Path=/; Domain=omgtds.com; Max-Age=86400; HttpOnly
X-Clickid: cf6llc5ki7qekn1et5r0
push.services.mozilla.com/
54.185.76.10101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.185.76.10:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: +TGXC+JHztmSCcmKdjd0+w==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Esir7WwYX43ZnHhT5UamaynA66I=
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 2f3e59afc67b3f8fdbf988e1bffa92c1
7a5e6b7954fd69c33c2125e059a088563108f622
7ff1203221b2db7ef3958e32677ca3b8878b32609fcf31100c2dc0dda95faf39
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 15:48:00 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 20 Jan 2023 01:23:10 GMT
Expires: Fri, 27 Jan 2023 01:23:09 GMT
Etag: "7a5e6b7954fd69c33c2125e059a088563108f622"
Cache-Control: max-age=379508,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 78d96e703cc9b527-OSL
r.goaffmy.com/click?pid=14148&offer_id=3261&sub1=cf6llc5ki7qekn1et5r0&sub2=44542&sub3=9980&sub5=63cd5ab0e635ef0001930f7d&sub7=&sub8=
34.90.46.36302 Found 0 B URL HTTP/2 r.goaffmy.com/click?pid=14148&offer_id=3261&sub1=cf6llc5ki7qekn1et5r0&sub2=44542&sub3=9980&sub5=63cd5ab0e635ef0001930f7d&sub7=&sub8=
IP 34.90.46.36:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?pid=14148&offer_id=3261&sub1=cf6llc5ki7qekn1et5r0&sub2=44542&sub3=9980&sub5=63cd5ab0e635ef0001930f7d&sub7=&sub8= HTTP/1.1
Host: r.goaffmy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
server: nginx
date: Sun, 22 Jan 2023 15:48:00 GMT
content-length: 0
location: https://brides-story.com/tds/rsl?tdsId=s6593mak_r&tds_campaign=s6593mak&utm_source=arba&utm_term=mob_sml_ww_adv_aff&s1=arb&p1=9980_44542&data2=63cd5ab0855b9f000145ba2b&utm_campaign=38db92b9
x-adjust-use-original-forwarded-for: 1
referer:
referrer-policy: no-referrer
set-cookie: afclick=63cd5ab0855b9f000145ba2b; expires=Mon, 22 Jan 2024 15:48:00 GMT; secure; SameSite=None
afoffers={"3261":1674402480}; expires=Mon, 22 Jan 2024 15:48:00 GMT; secure; SameSite=None
access-control-allow-origin: *
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.165200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.165:0
Hash dfeedc32e658bf5305a8b03024179050
1f4b95bffc7179b3d8aead30738116440bc1363d
d670af00e4617d93ed993bf8298aa5bdadb7d4931c5e4860fff94ddbdedb3a4a
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: 'max-age=158059'
Date: Sun, 22 Jan 2023 15:48:01 GMT
Etag: "63cbed4a-1d7"
Server: ECS (dcb/7EEE)
X-Cache: Miss from cloudfront
Via: 1.1 f00e3524edcdf61801454f2bb21e71ce.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: IJmzi-GbENapGc5VQ1FTMZDDekynnpipzuNA5EhDSaYRry-4TsO8TA==
brides-story.com/favicon.ico
3.127.76.150200 OK 0 B URL HTTP/2 brides-story.com/favicon.ico
IP 3.127.76.150:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: brides-story.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://brides-story.com/tds/interlayer/eb/s/2b93f67a7d71977c70855bac70a71b7f?__t=1674402481274&__l=3600
Cookie: dci=c5f166cf6a37fbdb532633de573604bcbf78b66a; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 22 Jan 2023 15:48:01 GMT
content-type: image/x-icon
content-length: 0
server: nginx
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash a618971ebc90b5698ddbabc4637e3345
f920b73a7c9b57d77194ba8ba406664d8469b6b6
f7c66c647552a10c53d758e1eedd450226c969b0001a25a616773d57f10e16bf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F7C66C647552A10C53D758E1EEDD450226C969B0001A25A616773D57F10E16BF"
Last-Modified: Sat, 21 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12873
Expires: Sun, 22 Jan 2023 19:22:34 GMT
Date: Sun, 22 Jan 2023 15:48:01 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash a618971ebc90b5698ddbabc4637e3345
f920b73a7c9b57d77194ba8ba406664d8469b6b6
f7c66c647552a10c53d758e1eedd450226c969b0001a25a616773d57f10e16bf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F7C66C647552A10C53D758E1EEDD450226C969B0001A25A616773D57F10E16BF"
Last-Modified: Sat, 21 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12873
Expires: Sun, 22 Jan 2023 19:22:34 GMT
Date: Sun, 22 Jan 2023 15:48:01 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash a618971ebc90b5698ddbabc4637e3345
f920b73a7c9b57d77194ba8ba406664d8469b6b6
f7c66c647552a10c53d758e1eedd450226c969b0001a25a616773d57f10e16bf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F7C66C647552A10C53D758E1EEDD450226C969B0001A25A616773D57F10E16BF"
Last-Modified: Sat, 21 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12873
Expires: Sun, 22 Jan 2023 19:22:34 GMT
Date: Sun, 22 Jan 2023 15:48:01 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd68d33e7-2d1d-4f9d-9544-28746d9156e6.jpeg
34.120.237.76200 OK 8.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd68d33e7-2d1d-4f9d-9544-28746d9156e6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4e71636bb9a13ad7d52d253e16cd6a3f
401dd58e34982d3434739b9a2f7182487ea1cac5
1ac336df72b6eb569983e197f094378a26a175113249bedca0610cabd57e2e54
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd68d33e7-2d1d-4f9d-9544-28746d9156e6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8057
x-amzn-requestid: 5469b005-6740-4f3d-80ca-a45fd39cae68
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fHNkCFiZoAMF8oQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cc5c80-210da08f113a3273257b7d61;Sampled=0
x-amzn-remapped-date: Sat, 21 Jan 2023 21:43:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: j3SoP46ER0JjOaLh363bQ9QW4ZIW19_rbgeQ7Ey8W-zgyGMMLSLccA==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Sat, 21 Jan 2023 21:48:17 GMT
etag: "401dd58e34982d3434739b9a2f7182487ea1cac5"
content-type: image/jpeg
age: 64784
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7918883e-706a-42d5-b966-cd7d5fb64f78.jpeg
34.120.237.76200 OK 3.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7918883e-706a-42d5-b966-cd7d5fb64f78.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ce9c90c64a81cfd16050966c2b5ddf57
a2929122b2d2e252f39d23857cd7a2ed4651bb27
6647be8f5be621ef9b0cfe6585cb92c868951a95acf8c9c66d9eec6dc95d34c9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7918883e-706a-42d5-b966-cd7d5fb64f78.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3084
x-amzn-requestid: 034173f8-edba-45b9-bbbc-a7d737b45e26
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fFM68EDMIAMF3Iw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cb8eac-3a22865376bbdcde3ef17088;Sampled=0
x-amzn-remapped-date: Sat, 21 Jan 2023 07:05:16 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: lPrb0OiQtQrd0-1R9wmsMzYwRydWPW9lBTAFUu9SPchT7WZUIVzGdw==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Sun, 22 Jan 2023 08:08:13 GMT
age: 27588
etag: "a2929122b2d2e252f39d23857cd7a2ed4651bb27"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F831c16ae-85e5-4da2-b22e-f840afcd3678.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F831c16ae-85e5-4da2-b22e-f840afcd3678.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5a7ab95a69ddfa5014258076e66a6e19
1a54cca86788536002d6d18c5180ccf265ba1169
09348afd6055b26b5dba6f8f6ef763d52e6e040c039c6f763d64f71b8ca08d51
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F831c16ae-85e5-4da2-b22e-f840afcd3678.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10988
x-amzn-requestid: 67c03c6c-3896-4890-a75b-ecd7c1c1a4e9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e3foHG8tIAMF3XQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c61300-2de17e5b0225f9427c197bc5;Sampled=0
x-amzn-remapped-date: Tue, 17 Jan 2023 03:16:16 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: RlbJymJhU6Ti5RZCSIvPzloackAiBEBGapKI440u4ZIfB5FYBNugLw==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Sun, 22 Jan 2023 03:24:49 GMT
age: 44592
etag: "1a54cca86788536002d6d18c5180ccf265ba1169"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff250419d-5512-4c6b-9460-69d68f74273d.jpeg
34.120.237.76200 OK 7.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff250419d-5512-4c6b-9460-69d68f74273d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d3e5cb3e8d03fffcd307c5ebaef08167
1a813821d15afd416b82c3343a7920a0ffc909cb
84a81b6f63faa3f17a20222b8fa389761a0fb0512a1549b4848849c0425539c9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff250419d-5512-4c6b-9460-69d68f74273d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7656
x-amzn-requestid: 6e1ebd9d-6ef0-48d0-a891-51bbf914ed42
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fHNlYHaUoAMFr-w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cc5c88-479e8fb72b0b248d020d9e77;Sampled=0
x-amzn-remapped-date: Sat, 21 Jan 2023 21:43:36 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: DaWs0RT0IupgLoLeQZYbdYdvYFd02bXrdQBFYpqLxwmKf1bKhh_wgQ==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Sat, 21 Jan 2023 21:48:06 GMT
etag: "1a813821d15afd416b82c3343a7920a0ffc909cb"
content-type: image/jpeg
age: 64795
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb253a292-08cb-455a-bf4c-63bdca08af64.webp
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb253a292-08cb-455a-bf4c-63bdca08af64.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7ec85cf23f6ed6a70e62e17998dfcede
2a690f14cf97f33da2c4f4b21c737a7ca37665b4
ae3cedd8f51f9ed2d996f1d75e7288802d68fa3c27d928934311e4d8821940cc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb253a292-08cb-455a-bf4c-63bdca08af64.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7609
x-amzn-requestid: 86dec496-ff1b-4db8-9bcb-12275f6feeb3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fHNkBGiOIAMFaCQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cc5c7f-16c24501673bc2161c1e8a3b;Sampled=0
x-amzn-remapped-date: Sat, 21 Jan 2023 21:43:27 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: EIRH5l-dSShdZbMvwSEE8jKooGny-prLtbXwx8ZNUi0Wfj4GItKV7g==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 21 Jan 2023 22:08:36 GMT
age: 63565
etag: "2a690f14cf97f33da2c4f4b21c737a7ca37665b4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd73f3807-16ae-46ce-a9a5-84b639ea80c6.jpeg
34.120.237.76200 OK 2.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd73f3807-16ae-46ce-a9a5-84b639ea80c6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 83d96b777a2cac4cb6d577309c8d07e7
86bc900c65d14a338c1d08a0b407590940b39059
50856a41d2bbaec73e06255e06e5ee648f1e7ed1fb04049810d4c03650621bdf
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd73f3807-16ae-46ce-a9a5-84b639ea80c6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 2555
x-amzn-requestid: d5425eec-2182-4b90-a03f-47dfa76439bb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fHOFpEoIoAMF83A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cc5d57-5326fe1a504805be37823571;Sampled=0
x-amzn-remapped-date: Sat, 21 Jan 2023 21:47:03 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: oxNnK5wjQI8w-_5fTcDKXBdExNMJ_S6y8chMHd_woRSBfkBy3fqR8Q==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 981753271eb5b6d11bc29d52f173a5da.cloudfront.net (CloudFront), 1.1 google
date: Sat, 21 Jan 2023 21:48:06 GMT
etag: "86bc900c65d14a338c1d08a0b407590940b39059"
content-type: image/jpeg
age: 64795
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
track.smart-tds.com/7c559eb3-ab02-45e4-84ee-696f874d43fb?tag=b427d0973faec46f2a61bce3d049d1928aadf7e2&tds_cid=b427d0973faec46f2a61bce3d049d1928aadf7e2&t1=b7208mak_38db92b9
35.156.152.207302 Found 0 B URL HTTP/2 track.smart-tds.com/7c559eb3-ab02-45e4-84ee-696f874d43fb?tag=b427d0973faec46f2a61bce3d049d1928aadf7e2&tds_cid=b427d0973faec46f2a61bce3d049d1928aadf7e2&t1=b7208mak_38db92b9
IP 35.156.152.207:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /7c559eb3-ab02-45e4-84ee-696f874d43fb?tag=b427d0973faec46f2a61bce3d049d1928aadf7e2&tds_cid=b427d0973faec46f2a61bce3d049d1928aadf7e2&t1=b7208mak_38db92b9 HTTP/1.1
Host: track.smart-tds.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://brides-story.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Sun, 22 Jan 2023 15:48:01 GMT
content-length: 0
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://normallink.com/c4b5ad04-8822-42c1-9db5-e9a49f15358b?s1=b7208mak_38db92b9&s2=&s3=&s4=&s5=&s6=&s7=&s8=&s9=&ks=3036&cost=&tag=wvsqle9m2031j73mitja0cgo
pragma: no-cache
set-cookie: 7c559eb3-ab02-45e4-84ee-696f874d43fb-v4=YYFL7TayKs7VGZMsP42vQR99RUj8EJ4COyPleM3k49k; Max-Age=86400; Expires=Mon, 23-Jan-2023 15:48:01 GMT; Domain=track.smart-tds.com; Path=/; Secure; HttpOnly;SameSite=None
cc-v4=QpnHbkxhEjJuFXPvUmd4Ol2fCBgYEWANBnqSf4vU0cSfcYPOT%2BWnqxwWS7quoPqNTcHWsfQOy1wb7gsMYwKlKSLADFMnnt1cTZqvPoFfDcXVGAZMdLyy2tfhLUezdcCvgKOYrfrTStqlNhDA5MB3CA%3D%3D; Max-Age=31536000; Expires=Mon, 22-Jan-2024 15:48:01 GMT; Domain=track.smart-tds.com; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2
normallink.com/c4b5ad04-8822-42c1-9db5-e9a49f15358b?s1=b7208mak_38db92b9&s2=&s3=&s4=&s5=&s6=&s7=&s8=&s9=&ks=3036&cost=&tag=wvsqle9m2031j73mitja0cgo
18.193.235.10302 Found 0 B URL HTTP/2 normallink.com/c4b5ad04-8822-42c1-9db5-e9a49f15358b?s1=b7208mak_38db92b9&s2=&s3=&s4=&s5=&s6=&s7=&s8=&s9=&ks=3036&cost=&tag=wvsqle9m2031j73mitja0cgo
IP 18.193.235.10:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /c4b5ad04-8822-42c1-9db5-e9a49f15358b?s1=b7208mak_38db92b9&s2=&s3=&s4=&s5=&s6=&s7=&s8=&s9=&ks=3036&cost=&tag=wvsqle9m2031j73mitja0cgo HTTP/1.1
Host: normallink.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://brides-story.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Sun, 22 Jan 2023 15:48:02 GMT
content-length: 0
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://casual-flirt-hub.com/99/no/NO_black-blonde-milf_13042022/?campaign=Norway&cep=k1t_ZiioidAAIKv15OWNlYnceG045lrifnJufK1kO_i6G9FQvhMVdvmh2Sn-wj-ZGzbJcqg6f2HMvSYNGFG0z4Q2vfR9LYyfvDcN4mU1wqzLpNbQgepOw6i4g63vezpr6YpFOqBNRA_KB5nMfrMfsbxDXEcGOEngY2xjwgsqce9IvB-7H0nlfqWZNqnX7oDNn_SR4Fsarjc_tbPDJMt1gGHLCjCJ2WD6LFq_vTUM9C36lcrN-Btbk2Xgjds80cZ7_JgRjaw0zQgmXNrOU86AXID9_HfuVXmCZ5UEUL7MjpUhy6TftoANUM1vXMgNCiElIhtWTlfQFR8DGeppe-4GzKkvGqtpL35gOwnY9QPu52IK9I7nwriyN5zS-DuOqFBixFWRKq3Ex5drNFIs98Dyg59WWx7-YI2sVKNrcPrtG270GRji7BaG3a4Jbqf456HI4D61zy-dW3JDMWrMlzU8HK3bVJUMSDqi7KVo-tmSwW51bnqXwGG47dk-a_PbUIiRDC8IBwzAf9l04Z1p7RwXGm-9zIl2jXQADyUqSQBfJCxhr0l9qjILWOeoGeXqDHxe&lptoken=16267440403b429c82dd&s1=b7208mak_38db92b9&s2=&s3=&s4=&s5=&s6=&s7=&s8=&s9=&ks=3036&cost=&tag=wvsqle9m2031j73mitja0cgo
pragma: no-cache
set-cookie: c4b5ad04-8822-42c1-9db5-e9a49f15358b-v4=B1n1GZnMZq18JOBSsTFDHorQTw9IiJoN7w7q06yEqOg; Max-Age=86400; Expires=Mon, 23-Jan-2023 15:48:02 GMT; Domain=normallink.com; Path=/; Secure; HttpOnly;SameSite=None
cep-v4=lmo-ID8bzgkBMssvD_cHR_gZde-H0IHHci8ygUImQEJKNifnZqySVryZLmNNuZx8kqnDdpHzVIG6hgtdWpaiN9wSTldqZf8oOFnljjb4GlL-rrNQ3SnxJ8SSxKg6t-lQCUw2v4wif3O6YxeKhBRp9XxqAWRgqjjFkQH0emOdml5q8vqI1fwkyxAqjDfLGWBL61wGUdsHFZgfO_Crj4HtNevHcHtFOhV8xcKt2XKVtUPqc0RN7oYzbmMthk3R9ZZiDBtist5DTZr_Xxt8BuqtGDymkCARytfw-J5gtA07Yw__aCtVhUfZAoIKMYnEsiIvJF4E7Jot6tpEJ2BJ8BTQNXbasEu4a1ftBDu54MIdc0axWrXAwlCbaAsv_MRMZEyMaQSP-ASeaZb2Qq8PxHW4qyFN9a17DZYal4i9HmV9bGZNn0soUfsMmZgkDsfKY-HMfk47ecMF8ak_x0-42EpDZresy4OEwbFce3pxYID_3yDKL7pf2KRD5Y_93zRHvKRF89BqEh04fYm7RAiKAEbGZy2IfkxVObUaD4K8aRduyP3Jv9MuCvgRHrRPP-2Zr8RS; Max-Age=86400; Expires=Mon, 23-Jan-2023 15:48:02 GMT; Domain=normallink.com; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/tV-gbU0e9Hc
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/tV-gbU0e9Hc
IP 142.250.74.131:0
Hash bd8c45b5c3b6899caae9081bd89acef5
2cfbdea2946035ede64172ef7f1daffc2a5c886b
78b4b942bc3774112eeb483084391834b035fc76e7e7355970f03a44ae317fbf
POST /s/gts1p5/tV-gbU0e9Hc HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 15:48:02 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
casual-flirt-hub.com/99/no/NO_black-blonde-milf_13042022/?campaign=Norway&cep=k1t_ZiioidAAIKv15OWNlYnceG045lrifnJufK1kO_i6G9FQvhMVdvmh2Sn-wj-ZGzbJcqg6f2HMvSYNGFG0z4Q2vfR9LYyfvDcN4mU1wqzLpNbQgepOw6i4g63vezpr6YpFOqBNRA_KB5nMfrMfsbxDXEcGOEngY2xjwgsqce9IvB-7H0nlfqWZNqnX7oDNn_SR4Fsarjc_tbPDJMt1gGHLCjCJ2WD6LFq_vTUM9C36lcrN-Btbk2Xgjds80cZ7_JgRjaw0zQgmXNrOU86AXID9_HfuVXmCZ5UEUL7MjpUhy6TftoANUM1vXMgNCiElIhtWTlfQFR8DGeppe-4GzKkvGqtpL35gOwnY9QPu52IK9I7nwriyN5zS-DuOqFBixFWRKq3Ex5drNFIs98Dyg59WWx7-YI2sVKNrcPrtG270GRji7BaG3a4Jbqf456HI4D61zy-dW3JDMWrMlzU8HK3bVJUMSDqi7KVo-tmSwW51bnqXwGG47dk-a_PbUIiRDC8IBwzAf9l04Z1p7RwXGm-9zIl2jXQADyUqSQBfJCxhr0l9qjILWOeoGeXqDHxe&lptoken=16267440403b429c82dd&s1=b7208mak_38db92b9&s2=&s3=&s4=&s5=&s6=&s7=&s8=&s9=&ks=3036&cost=&tag=wvsqle9m2031j73mitja0cgo
104.21.24.208200 OK 327 kB URL HTTP/2 casual-flirt-hub.com/99/no/NO_black-blonde-milf_13042022/?campaign=Norway&cep=k1t_ZiioidAAIKv15OWNlYnceG045lrifnJufK1kO_i6G9FQvhMVdvmh2Sn-wj-ZGzbJcqg6f2HMvSYNGFG0z4Q2vfR9LYyfvDcN4mU1wqzLpNbQgepOw6i4g63vezpr6YpFOqBNRA_KB5nMfrMfsbxDXEcGOEngY2xjwgsqce9IvB-7H0nlfqWZNqnX7oDNn_SR4Fsarjc_tbPDJMt1gGHLCjCJ2WD6LFq_vTUM9C36lcrN-Btbk2Xgjds80cZ7_JgRjaw0zQgmXNrOU86AXID9_HfuVXmCZ5UEUL7MjpUhy6TftoANUM1vXMgNCiElIhtWTlfQFR8DGeppe-4GzKkvGqtpL35gOwnY9QPu52IK9I7nwriyN5zS-DuOqFBixFWRKq3Ex5drNFIs98Dyg59WWx7-YI2sVKNrcPrtG270GRji7BaG3a4Jbqf456HI4D61zy-dW3JDMWrMlzU8HK3bVJUMSDqi7KVo-tmSwW51bnqXwGG47dk-a_PbUIiRDC8IBwzAf9l04Z1p7RwXGm-9zIl2jXQADyUqSQBfJCxhr0l9qjILWOeoGeXqDHxe&lptoken=16267440403b429c82dd&s1=b7208mak_38db92b9&s2=&s3=&s4=&s5=&s6=&s7=&s8=&s9=&ks=3036&cost=&tag=wvsqle9m2031j73mitja0cgo
IP 104.21.24.208:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text
Size 327 kB (327434 bytes)
Hash 8730c7d93758eee61aed2a2d979ae571
d3c030e8556dfff2d4f5c58b3c92fab588e78fb9
42985db6ebcb5b41721fe96906b99ad91ef23d1a1e6c816d0e988b28bffdfe9b
GET /99/no/NO_black-blonde-milf_13042022/?campaign=Norway&cep=k1t_ZiioidAAIKv15OWNlYnceG045lrifnJufK1kO_i6G9FQvhMVdvmh2Sn-wj-ZGzbJcqg6f2HMvSYNGFG0z4Q2vfR9LYyfvDcN4mU1wqzLpNbQgepOw6i4g63vezpr6YpFOqBNRA_KB5nMfrMfsbxDXEcGOEngY2xjwgsqce9IvB-7H0nlfqWZNqnX7oDNn_SR4Fsarjc_tbPDJMt1gGHLCjCJ2WD6LFq_vTUM9C36lcrN-Btbk2Xgjds80cZ7_JgRjaw0zQgmXNrOU86AXID9_HfuVXmCZ5UEUL7MjpUhy6TftoANUM1vXMgNCiElIhtWTlfQFR8DGeppe-4GzKkvGqtpL35gOwnY9QPu52IK9I7nwriyN5zS-DuOqFBixFWRKq3Ex5drNFIs98Dyg59WWx7-YI2sVKNrcPrtG270GRji7BaG3a4Jbqf456HI4D61zy-dW3JDMWrMlzU8HK3bVJUMSDqi7KVo-tmSwW51bnqXwGG47dk-a_PbUIiRDC8IBwzAf9l04Z1p7RwXGm-9zIl2jXQADyUqSQBfJCxhr0l9qjILWOeoGeXqDHxe&lptoken=16267440403b429c82dd&s1=b7208mak_38db92b9&s2=&s3=&s4=&s5=&s6=&s7=&s8=&s9=&ks=3036&cost=&tag=wvsqle9m2031j73mitja0cgo HTTP/1.1
Host: casual-flirt-hub.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://brides-story.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 22 Jan 2023 15:48:02 GMT
content-type: text/html
vary: Accept-Encoding
last-modified: Thu, 19 Jan 2023 17:34:22 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Bf9rHMqHiPv1Hv3DJbIwCf0myiAeW3MQmoaOJvh91arVHk8wW8QxkxD1bTq%2FbwTProINZO7vzaDLL2JeOsUmxMPrPnB7sqTfa9ue1jX0NedalLEN7Aj9vsa2HKCVkcz8llBkAb70XQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78d96e794aa7b4f4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/tV-gbU0e9Hc
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/tV-gbU0e9Hc
IP 142.250.74.131:0
Hash bd8c45b5c3b6899caae9081bd89acef5
2cfbdea2946035ede64172ef7f1daffc2a5c886b
78b4b942bc3774112eeb483084391834b035fc76e7e7355970f03a44ae317fbf
POST /s/gts1p5/tV-gbU0e9Hc HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 15:48:02 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash c0f67edfa92ff11474d17ad3160ed43e
a43cc627d3c9258bdbe14ff3ceeed1c98496ff50
309dea4b94ceda4ec43c2f944cdfad61434c96eaafd172bc55c39545f3bf5a1e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 15:48:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtm.js?id=GTM-W62P37M
172.217.21.168200 OK 56 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-W62P37M
IP 172.217.21.168:0
File type ASCII text, with very long lines (15845)
Hash d126bed04abe3fd413ab9bb61eb46cb6
475a3f6250a04ab81dc8d4a4ac259ed68082f656
d741606b4f182b5beec6df03551c7e4266a96f91685a4421938a9352b2d6caac
GET /gtm.js?id=GTM-W62P37M HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://casual-flirt-hub.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 22 Jan 2023 15:48:02 GMT
expires: Sun, 22 Jan 2023 15:48:02 GMT
cache-control: private, max-age=900
last-modified: Sun, 22 Jan 2023 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 56002
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash c0f67edfa92ff11474d17ad3160ed43e
a43cc627d3c9258bdbe14ff3ceeed1c98496ff50
309dea4b94ceda4ec43c2f944cdfad61434c96eaafd172bc55c39545f3bf5a1e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 15:48:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
casual-flirt-hub.com/99/no/NO_black-blonde-milf_13042022/css/style.css
104.21.24.208200 OK 21 kB URL HTTP/2 casual-flirt-hub.com/99/no/NO_black-blonde-milf_13042022/css/style.css
IP 104.21.24.208:0
File type ASCII text, with very long lines (2360), with no line terminators
Hash 0144fa1e7c3b074972aeccb4e05d62f2
4ece9bbd8a158282abbf8770abec6b378be4ba7d
2c585aca4eeb6eaf0a4ced7391fa2ed80cba1035445e8338bb825f5a15de3ce0
GET /99/no/NO_black-blonde-milf_13042022/css/style.css HTTP/1.1
Host: casual-flirt-hub.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://casual-flirt-hub.com/99/no/NO_black-blonde-milf_13042022/?campaign=Norway&cep=k1t_ZiioidAAIKv15OWNlYnceG045lrifnJufK1kO_i6G9FQvhMVdvmh2Sn-wj-ZGzbJcqg6f2HMvSYNGFG0z4Q2vfR9LYyfvDcN4mU1wqzLpNbQgepOw6i4g63vezpr6YpFOqBNRA_KB5nMfrMfsbxDXEcGOEngY2xjwgsqce9IvB-7H0nlfqWZNqnX7oDNn_SR4Fsarjc_tbPDJMt1gGHLCjCJ2WD6LFq_vTUM9C36lcrN-Btbk2Xgjds80cZ7_JgRjaw0zQgmXNrOU86AXID9_HfuVXmCZ5UEUL7MjpUhy6TftoANUM1vXMgNCiElIhtWTlfQFR8DGeppe-4GzKkvGqtpL35gOwnY9QPu52IK9I7nwriyN5zS-DuOqFBixFWRKq3Ex5drNFIs98Dyg59WWx7-YI2sVKNrcPrtG270GRji7BaG3a4Jbqf456HI4D61zy-dW3JDMWrMlzU8HK3bVJUMSDqi7KVo-tmSwW51bnqXwGG47dk-a_PbUIiRDC8IBwzAf9l04Z1p7RwXGm-9zIl2jXQADyUqSQBfJCxhr0l9qjILWOeoGeXqDHxe&lptoken=16267440403b429c82dd&s1=b7208mak_38db92b9&s2=&s3=&s4=&s5=&s6=&s7=&s8=&s9=&ks=3036&cost=&tag=wvsqle9m2031j73mitja0cgo
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 22 Jan 2023 15:48:02 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=2848
etag: W/"b20-5f2a17f8d4b42"
last-modified: Thu, 19 Jan 2023 17:45:27 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 5907
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wjAL0MMTer%2BNZzUeEj4ZYxdJMtmScdUN6I9eMatNPZr%2B6Lpb8%2BL0By8M1FZH6Qn0z3nnBeIGbmM3ppMZvOnmwWBHQTRngBNBLIF1XxD%2BbB8zY%2BqmnktaDK9cCwRHw6FRjsBJbFD0EQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78d96e79cb65b4f4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.exoclick.com/tag_gen.js
205.185.216.10200 OK 515 B URL HTTP/1.1 a.exoclick.com/tag_gen.js
IP 205.185.216.10:0
File type ASCII text, with very long lines (1030), with no line terminators
Hash 628e0302068ade64b5f411f39d5ce7e5
ff1a609269f34bad5ae67ed1678df3f7b905d018
c583ceaeae2e9a05e25c27b61520710f16b8b98ca7f9087a75ae90a040b8bc3f
GET /tag_gen.js HTTP/1.1
Host: a.exoclick.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://casual-flirt-hub.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 15:48:02 GMT
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 515
Content-Type: application/javascript
Accept-Ranges: bytes
Cache-Control: max-age=10800
Server: nginx
etag: W/"a56c0470b9aa925085e51a6271a"
X-HW: 1674402482.dop226.sk1.t,1674402482.cds235.sk1.shn,1674402482.dop226.sk1.t,1674402482.cds251.sk1.c
Access-Control-Allow-Origin: *, *
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 5074bfa38808c4a0f18b00a601cfef53
ffc0c526e49251605b2c95d0d1d595f9c702cd9a
6262e4155e8fbf18388f2f38c8e65cb87db94dae66d1dbbd329b4973d8b243df
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 15:48:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-127241846-1&cid=921222428.1674402481&jid=795572233&gjid=1751635360&_gid=1837589031.1674402481&_u=YEBAAEAAAAAAACAAI~&z=901544322
64.233.161.154200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-127241846-1&cid=921222428.1674402481&jid=795572233&gjid=1751635360&_gid=1837589031.1674402481&_u=YEBAAEAAAAAAACAAI~&z=901544322
IP 64.233.161.154:0
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-127241846-1&cid=921222428.1674402481&jid=795572233&gjid=1751635360&_gid=1837589031.1674402481&_u=YEBAAEAAAAAAACAAI~&z=901544322 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://casual-flirt-hub.com
Connection: keep-alive
Referer: https://casual-flirt-hub.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://casual-flirt-hub.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sun, 22 Jan 2023 15:48:02 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash f4d171538addb3e350e03876c9c23d81
9874648e426c9a8b65ddcb1d3fc944b8464be9f5
e89b056e51c85f967d05f0cb23a2212d0f391838df414dda9f61e67a96dbefff
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 15:48:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash cc298ded3fc0f058105ddd7b442f5b55
38d43fe921b0b34e4a762598c3ad003956592c04
61a166c11ee3bc04f5be109d262b7f69525e428b1a85f68e00a58de4ff26b4c9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 15:48:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 5074bfa38808c4a0f18b00a601cfef53
ffc0c526e49251605b2c95d0d1d595f9c702cd9a
6262e4155e8fbf18388f2f38c8e65cb87db94dae66d1dbbd329b4973d8b243df
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 15:48:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-127241846-1&cid=921222428.1674402481&jid=795572233&_u=YEBAAEAAAAAAACAAI~&z=477279318
216.58.207.228200 OK 42 B URL HTTP/2 www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-127241846-1&cid=921222428.1674402481&jid=795572233&_u=YEBAAEAAAAAAACAAI~&z=477279318
IP 216.58.207.228:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-127241846-1&cid=921222428.1674402481&jid=795572233&_u=YEBAAEAAAAAAACAAI~&z=477279318 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://casual-flirt-hub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 22 Jan 2023 15:48:02 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-127241846-1&cid=921222428.1674402481&jid=795572233&_u=YEBAAEAAAAAAACAAI~&z=477279318
142.250.74.67200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-127241846-1&cid=921222428.1674402481&jid=795572233&_u=YEBAAEAAAAAAACAAI~&z=477279318
IP 142.250.74.67:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-127241846-1&cid=921222428.1674402481&jid=795572233&_u=YEBAAEAAAAAAACAAI~&z=477279318 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://casual-flirt-hub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 22 Jan 2023 15:48:02 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 1.9 kB IP 142.250.74.131:0
Hash ed5fdb583ec075bf99a7a3875d648947
46b4b24414bfb02edd29cfece5d2db04ebd96dbf
0c005a041f4185f1fb39111dec5c342869a262dc7b74eef31c6585608876c89f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 15:48:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash fb07d2c1d8bcee019ca03761dea26da2
eeb2c1a38a93b84ee59d073de34c82ab078d880e
ba1d0bc1bb2685cb37ea47d0486f1f56668d1619cc1f081b505fbaa7662375e4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 15:48:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash e27372427e0202ed22ddfc77fbadbb09
6eb7947822271f5a31942556aa6001fb4a897375
76d81a7957e7d3b7e51ea0359bdce57935586f244e1262219bf42f9f51ebd8d8
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4803
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 15:48:07 GMT
Last-Modified: Sun, 22 Jan 2023 14:28:04 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 313
ctrack.trafficjunky.net/ctrack?action=list&type=add&id=0&context=instaflirt&cookiename=visit&maxcookiecount=10>mcb=637282724
66.254.114.89200 OK 35 B URL HTTP/1.1 ctrack.trafficjunky.net/ctrack?action=list&type=add&id=0&context=instaflirt&cookiename=visit&maxcookiecount=10>mcb=637282724
IP 66.254.114.89:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
GET /ctrack?action=list&type=add&id=0&context=instaflirt&cookiename=visit&maxcookiecount=10>mcb=637282724 HTTP/1.1
Host: ctrack.trafficjunky.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://casual-flirt-hub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
server: openresty
date: Sun, 22 Jan 2023 15:48:07 GMT
content-type: image/gif
content-length: 35
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Sun, 22 Jan 1984 03:00:00 GMT
p3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
pragma: no-cache
set-cookie: tj_UUID=631cd2ee2b4f4cf89a98c513c08d9583; Path=/; Domain=trafficjunky.net; Expires=Tue, 21 Feb 2023 15:48:07 GMT; Secure; SameSite=None
tj_UUID_v2=631cd2ee-2b4f-4cf8-9a98-c513c08d9583; Path=/; Domain=trafficjunky.net; Expires=Tue, 21 Feb 2023 15:48:07 GMT; Secure; SameSite=None
dcccad4e8cd529e2dd8695d508de7edc=0; Path=/; Domain=trafficjunky.net; Expires=Tue, 30 Nov 2032 15:48:07 GMT; Secure; SameSite=None
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET,POST
access-control-allow-headers: Content-Type
access-control-max-age: 86400
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
x-request-id: 63CD5AB7-42FE725901BB940B-18532D01
brides-story.com/tds/interlayer/eb/s/2b93f67a7d71977c70855bac70a71b7f?__t=1674402481274&__l=3600
3.127.76.150200 OK 0 B URL HTTP/2 brides-story.com/tds/interlayer/eb/s/2b93f67a7d71977c70855bac70a71b7f?__t=1674402481274&__l=3600
IP 3.127.76.150:0
GET /tds/interlayer/eb/s/2b93f67a7d71977c70855bac70a71b7f?__t=1674402481274&__l=3600 HTTP/1.1
Host: brides-story.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: dci=c5f166cf6a37fbdb532633de573604bcbf78b66a; dm=fe450dd0d1dadc615429144d33241f42
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers
HTTP/2 200 OK
date: Sun, 22 Jan 2023 15:48:01 GMT
content-type: text/html
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
accept-ch: UA, Platform, Model, Mobile, Arch
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
brides-story.com/ao.js
3.127.76.150200 OK 0 B IP 3.127.76.150:0
Analyzer Verdict Alert fortinet Phishing
GET /ao.js HTTP/1.1
Host: brides-story.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://brides-story.com/tds/interlayer/eb/s/2b93f67a7d71977c70855bac70a71b7f?__t=1674402481274&__l=3600
Cookie: dci=c5f166cf6a37fbdb532633de573604bcbf78b66a; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 22 Jan 2023 15:48:01 GMT
content-type: application/javascript; charset=UTF-8
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
x-robots-tag: noindex
accept-ranges: bytes
cache-control: public, max-age=3600
last-modified: Tue, 17 Jan 2023 09:11:56 GMT
etag: W/"1509-185beffd760"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
brides-story.com/tds/interlayer?handler=ExternalBackofferEvent&urlIn=https%3A%2F%2Fbrides-story.com%2Ftds%2Finterlayer%2Feb%2Fs%2F2b93f67a7d71977c70855bac70a71b7f%3F__t%3D1674402481274%26__l%3D3600&urlOut=https%3A%2F%2Ftrack.smart-tds.com%2F7c559eb3-ab02-45e4-84ee-696f874d43fb%3Ftag%3Db427d0973faec46f2a61bce3d049d1928aadf7e2%26tds_cid%3Db427d0973faec46f2a61bce3d049d1928aadf7e2%26t1%3Db7208mak_38db92b9&altQs=utm_campaign%3D38db92b9%26utm_source%3Darba%26utm_term%3Dmob_sml_ww_adv_aff%26data2%3D63cd5ab0855b9f000145ba2b%26p1%3D9980_44542%26s1%3Darb%26s2%3D%257Bs2%257D%26tds_campaign%3Db7208mak%26tds_id%3Db7208mak_lp_a_1639037433617_smartlink%26tds_oid%3Dcd2d3032%26tds_cid%3Db427d0973faec46f2a61bce3d049d1928aadf7e2%26tds_ac_id%3Ds6593mak%26tds_host%3Dbrides-story.com%26tds_path%3D%252Ftds%252Frsl%26dci%3Dc5f166cf6a37fbdb532633de573604bcbf78b66a%26tds_ps%3Da&tdsCid=b427d0973faec46f2a61bce3d049d1928aadf7e2&reason=beacon&visitsCount=1&ts=1674402480404
3.127.76.150200 OK 0 B URL HTTP/2 brides-story.com/tds/interlayer?handler=ExternalBackofferEvent&urlIn=https%3A%2F%2Fbrides-story.com%2Ftds%2Finterlayer%2Feb%2Fs%2F2b93f67a7d71977c70855bac70a71b7f%3F__t%3D1674402481274%26__l%3D3600&urlOut=https%3A%2F%2Ftrack.smart-tds.com%2F7c559eb3-ab02-45e4-84ee-696f874d43fb%3Ftag%3Db427d0973faec46f2a61bce3d049d1928aadf7e2%26tds_cid%3Db427d0973faec46f2a61bce3d049d1928aadf7e2%26t1%3Db7208mak_38db92b9&altQs=utm_campaign%3D38db92b9%26utm_source%3Darba%26utm_term%3Dmob_sml_ww_adv_aff%26data2%3D63cd5ab0855b9f000145ba2b%26p1%3D9980_44542%26s1%3Darb%26s2%3D%257Bs2%257D%26tds_campaign%3Db7208mak%26tds_id%3Db7208mak_lp_a_1639037433617_smartlink%26tds_oid%3Dcd2d3032%26tds_cid%3Db427d0973faec46f2a61bce3d049d1928aadf7e2%26tds_ac_id%3Ds6593mak%26tds_host%3Dbrides-story.com%26tds_path%3D%252Ftds%252Frsl%26dci%3Dc5f166cf6a37fbdb532633de573604bcbf78b66a%26tds_ps%3Da&tdsCid=b427d0973faec46f2a61bce3d049d1928aadf7e2&reason=beacon&visitsCount=1&ts=1674402480404
IP 3.127.76.150:0
POST /tds/interlayer?handler=ExternalBackofferEvent&urlIn=https%3A%2F%2Fbrides-story.com%2Ftds%2Finterlayer%2Feb%2Fs%2F2b93f67a7d71977c70855bac70a71b7f%3F__t%3D1674402481274%26__l%3D3600&urlOut=https%3A%2F%2Ftrack.smart-tds.com%2F7c559eb3-ab02-45e4-84ee-696f874d43fb%3Ftag%3Db427d0973faec46f2a61bce3d049d1928aadf7e2%26tds_cid%3Db427d0973faec46f2a61bce3d049d1928aadf7e2%26t1%3Db7208mak_38db92b9&altQs=utm_campaign%3D38db92b9%26utm_source%3Darba%26utm_term%3Dmob_sml_ww_adv_aff%26data2%3D63cd5ab0855b9f000145ba2b%26p1%3D9980_44542%26s1%3Darb%26s2%3D%257Bs2%257D%26tds_campaign%3Db7208mak%26tds_id%3Db7208mak_lp_a_1639037433617_smartlink%26tds_oid%3Dcd2d3032%26tds_cid%3Db427d0973faec46f2a61bce3d049d1928aadf7e2%26tds_ac_id%3Ds6593mak%26tds_host%3Dbrides-story.com%26tds_path%3D%252Ftds%252Frsl%26dci%3Dc5f166cf6a37fbdb532633de573604bcbf78b66a%26tds_ps%3Da&tdsCid=b427d0973faec46f2a61bce3d049d1928aadf7e2&reason=beacon&visitsCount=1&ts=1674402480404 HTTP/1.1
Host: brides-story.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://brides-story.com
Connection: keep-alive
Referer: https://brides-story.com/tds/interlayer/eb/s/2b93f67a7d71977c70855bac70a71b7f?__t=1674402481274&__l=3600
Cookie: dci=c5f166cf6a37fbdb532633de573604bcbf78b66a; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Content-Length: 0
TE: trailers
HTTP/2 200 OK
date: Sun, 22 Jan 2023 15:48:01 GMT
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
accept-ch: UA, Platform, Model, Mobile, Arch
X-Firefox-Spdy: h2
cdn.onesignal.com/sdks/OneSignalSDK.js
104.18.226.52200 OK 0 B URL HTTP/2 cdn.onesignal.com/sdks/OneSignalSDK.js
IP 104.18.226.52:0
GET /sdks/OneSignalSDK.js HTTP/1.1
Host: cdn.onesignal.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://casual-flirt-hub.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 22 Jan 2023 15:48:02 GMT
content-type: application/javascript
etag: W/"ae63ef8ff03da61fffaa7f165729897a"
access-control-allow-headers: OneSignal-Subscription-Id
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: HIT
age: 1663
expires: Wed, 25 Jan 2023 15:48:02 GMT
cache-control: public, max-age=259200
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
server: cloudflare
cf-ray: 78d96e7b5ded0b59-OSL
content-encoding: br
X-Firefox-Spdy: h2
brides-story.com/tds/rsl?tdsId=s6593mak_r&tds_campaign=s6593mak&utm_source=arba&utm_term=mob_sml_ww_adv_aff&s1=arb&p1=9980_44542&data2=63cd5ab0855b9f000145ba2b&utm_campaign=38db92b9
3.127.76.150302 Found 0 B URL HTTP/2 brides-story.com/tds/rsl?tdsId=s6593mak_r&tds_campaign=s6593mak&utm_source=arba&utm_term=mob_sml_ww_adv_aff&s1=arb&p1=9980_44542&data2=63cd5ab0855b9f000145ba2b&utm_campaign=38db92b9
IP 3.127.76.150:0
GET /tds/rsl?tdsId=s6593mak_r&tds_campaign=s6593mak&utm_source=arba&utm_term=mob_sml_ww_adv_aff&s1=arb&p1=9980_44542&data2=63cd5ab0855b9f000145ba2b&utm_campaign=38db92b9 HTTP/1.1
Host: brides-story.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
date: Sun, 22 Jan 2023 15:48:01 GMT
location: https://brides-story.com/tds/interlayer/eb/s/2b93f67a7d71977c70855bac70a71b7f?__t=1674402481274&__l=3600
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
accept-ch: UA, Platform, Model, Mobile, Arch
set-cookie: dci=c5f166cf6a37fbdb532633de573604bcbf78b66a; Max-Age=31536000; Domain=.brides-story.com; Path=/; Expires=Mon, 22 Jan 2024 15:48:01 GMT; Secure; SameSite=None
dm=fe450dd0d1dadc615429144d33241f42; Max-Age=432000; Path=/; Expires=Fri, 27 Jan 2023 15:48:01 GMT
X-Firefox-Spdy: h2