os2.thebestallcodecsapp.com/CM/?v=3.0&c=1191632539
74.206.228.78302 Moved Temporarily 145 B URL HTTP/1.1 os2.thebestallcodecsapp.com/CM/?v=3.0&c=1191632539
IP 74.206.228.78:0
ASN #27257 WEBAIR-INTERNET
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash bfe2c1d1b36c62666ce9ba537d324bd4
4d52a7c6d2909a506a4e81559eb24e8af077c741
5216ad883da8fe250db6892c9abca11bae07572d49a4c48a3c42276ffe6a9fb8
GET /CM/?v=3.0&c=1191632539 HTTP/1.1
Host: os2.thebestallcodecsapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Moved Temporarily
Server: nginx/1.18.0
Date: Tue, 11 Oct 2022 04:40:50 GMT
Content-Type: text/html
Content-Length: 145
Connection: keep-alive
Location: http://os2.thebestallcodecsapp.com/
firefox.settings.services.mozilla.com/v1/
18.164.68.8200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 18.164.68.8:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 3f17af4e8a1739eda4a518039f4892f9
c3feba08ae7e8f57e0fe9bcd2ebedea6bda67cbb
c485b09cad08b5233fe8753682faf59219fe0d18fcc34d90dc88fb0971295f5f
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 11 Oct 2022 04:08:14 GMT
Expires: Tue, 11 Oct 2022 04:29:18 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 9f698c14e6527accab310c26bfca2030.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P4
X-Amz-Cf-Id: tegSDwJdNysSBdAjoBbs7vASzcbjcF9MIdQeZMKWtUUh3RCWy2o4ag==
Age: 1956
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ef6d323da0ad155f526b4a57c2e46ccc
71686b19b3ca049b9b66f8740284c552a3f61a20
99e2f56075a08f133a9d1d0122ab9ef2d9eaa61e18f46994e52e21a8a53203f3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "99E2F56075A08F133A9D1D0122AB9EF2D9EAA61E18F46994E52E21A8A53203F3"
Last-Modified: Mon, 10 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13529
Expires: Tue, 11 Oct 2022 08:26:19 GMT
Date: Tue, 11 Oct 2022 04:40:50 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3d0ffae9abfdf558a6286013a0201c8b
2dc8ea0000a1b0c0f849611fdd73429bca51bfad
8e19eab9b6d16819f9ef3920971542cbcf5dd18280617e2de1a3827f0c149398
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8E19EAB9B6D16819F9EF3920971542CBCF5DD18280617E2DE1A3827F0C149398"
Last-Modified: Sun, 09 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8172
Expires: Tue, 11 Oct 2022 06:57:02 GMT
Date: Tue, 11 Oct 2022 04:40:50 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: DsU+bRI4j8gWMhZY9FAkP2NeV+Vvl8BMKlmN9Gt9veUbpQtgocLGef+u5qQgysd7Fdi2TkFXiJ86Ai1s9rmfWw==
x-amz-request-id: NNTXVSTFDP931WDE
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 11 Oct 2022 04:32:47 GMT
age: 483
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
os2.thebestallcodecsapp.com/
74.206.228.78200 OK 253 B URL HTTP/1.1 os2.thebestallcodecsapp.com/
IP 74.206.228.78:0
ASN #27257 WEBAIR-INTERNET
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 4210185d8d4f57d9e86b517c328559a4
dedd04628136342d0d170e6511c97e8120a26742
924adcc05b165063396d7f85c6f0affe5e61e4d2b0c906e2c1cda474e413c257
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: os2.thebestallcodecsapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Tue, 11 Oct 2022 04:40:50 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 11 Oct 2022 04:40:50 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
os2.thebestallcodecsapp.com/favicon.ico
74.206.228.78404 Not Found 114 B URL HTTP/1.1 os2.thebestallcodecsapp.com/favicon.ico
IP 74.206.228.78:0
ASN #27257 WEBAIR-INTERNET
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 021ffd3b4e081732edb9f2fa096e8ef2
4b0c71d74bf395719f8f91e4903609e37b513046
71dc6b3c545761e64c88967c0f8005939255df258bf60e122b238095d0c9659c
GET /favicon.ico HTTP/1.1
Host: os2.thebestallcodecsapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://os2.thebestallcodecsapp.com/
HTTP/1.1 404 Not Found
Server: nginx/1.18.0
Date: Tue, 11 Oct 2022 04:40:50 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
18.164.68.8200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 18.164.68.8:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Pragma, Content-Length, Backoff, Last-Modified, Cache-Control, Content-Type, Retry-After, ETag, Expires, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Tue, 11 Oct 2022 03:41:37 GMT
Expires: Tue, 11 Oct 2022 04:38:13 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 46b5aeb0e7bcc8895e9b923ffd4a3896.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P4
X-Amz-Cf-Id: vE-lAsLtD9MaWNPpm2VfW4pxlJjaopw6Fg2KgpAExVEpmJBpOh1iSQ==
Age: 3554
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash d545bc725dcd5d6f1dfc10a8b35aeb3a
82d92587953dac8a05d691730b8318719328de6b
9d1e6f1bf4b1c138d9e07e67264cb9ac5090a1c338ff72c87e1758e187cccb24
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3267
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 11 Oct 2022 04:40:51 GMT
Last-Modified: Tue, 11 Oct 2022 03:46:24 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
thebestallcodecsapp.com/
173.239.8.164200 OK 181 B IP 173.239.8.164:0
ASN #27257 WEBAIR-INTERNET
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 0508b645ae760b2dbab83817a94f53f2
003f171488375545d1762d2c7cab85c12f6a6642
d9b4761a42d3839c5c7f0ebb284f46cf6656591532a899e709beaaad0e6b5cee
Analyzer Verdict Alert fortinet Malware
POST / HTTP/1.1
Host: thebestallcodecsapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 12
Origin: http://os2.thebestallcodecsapp.com
Connection: keep-alive
Referer: http://os2.thebestallcodecsapp.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Tue, 11 Oct 2022 04:40:51 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: ipc=eyJ2ZXJzaW9uIjoxLCJzdWJJZCI6MywiZm9sZGVySWQiOjEsImZlZWRJZCI6MSwidHMiOjE2NjU0NjMyNTEsImhhc2giOiJkZWYxMmNlZiJ9;Expires=Tue, 11-Oct-2022 05:40:51 GMT;Max-Age=3600
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Encoding: gzip
push.services.mozilla.com/
35.161.6.128101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.161.6.128:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: jPz9LNIzIH+QAyR6FRjtVA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: lhYOUgM7fdbukH5D+ILTjCITWY8=
q3.quotes.com/e217ce40-491e-11ed-8d5e-3bc5373ef0db
178.162.151.164200 OK 170 B URL HTTP/1.1 q3.quotes.com/e217ce40-491e-11ed-8d5e-3bc5373ef0db
IP 178.162.151.164:0
ASN #60781 LeaseWeb Netherlands B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with no line terminators
Hash 9b14fbfea57cd5300263a5d8dbdbb3c7
3e45f01681a7c599c07353b1c5c5b34cc583fa32
da4ae9aa41f3e08c1d889d2ff243c6b73d4b6669b7da5798059f61b2b213525a
GET /e217ce40-491e-11ed-8d5e-3bc5373ef0db HTTP/1.1
Host: q3.quotes.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://thebestallcodecsapp.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 170
content-type: text/html; charset=utf-8
date: Tue, 11 Oct 2022 04:40:51 GMT
server: nginx
q3.quotes.com/e217ce40-491e-11ed-8d5e-3bc5373ef0db?hr=1
178.162.151.164302 Found 11 B URL HTTP/1.1 q3.quotes.com/e217ce40-491e-11ed-8d5e-3bc5373ef0db?hr=1
IP 178.162.151.164:0
ASN #60781 LeaseWeb Netherlands B.V.
File type ASCII text, with no line terminators
Hash 32682312d17c7cbf18e73594f5570319
60e22121bdd0bc71cdb2bae2a3aa577006b2eae9
e55fb1a1d731153e943b68844af12dcce8bfac917c98ffdea64c80da0607dd47
GET /e217ce40-491e-11ed-8d5e-3bc5373ef0db?hr=1 HTTP/1.1
Host: q3.quotes.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 11
date: Tue, 11 Oct 2022 04:40:51 GMT
location: http://btpnative.com/click?data=MG1JZGpaY1MwSUpxakJWR2g4VVpiU1VYWUQ0VWJvTHlaWHF3SlhrMHlhTnhrajlpdXBjLVV1SjFuY3BCZC1xblNiLVQtMFhiMnJ3N1RTanpkMnFRTXJ0bFJHdFRkbFh5ZDJIM3hPS2o1REp6anBBUDZOaXNpRGQxbG9IeE5QZWVYSmEtSDNOTGZRMzdvOGVmY1p2U0swbGp3dlZya1V6emwzWm5GbFFyNUVjMQ2&id=8556cf14-3efd-4f2b-9e0e-da94b0665f2b
server: nginx
btpnative.com/click?data=MG1JZGpaY1MwSUpxakJWR2g4VVpiU1VYWUQ0VWJvTHlaWHF3SlhrMHlhTnhrajlpdXBjLVV1SjFuY3BCZC1xblNiLVQtMFhiMnJ3N1RTanpkMnFRTXJ0bFJHdFRkbFh5ZDJIM3hPS2o1REp6anBBUDZOaXNpRGQxbG9IeE5QZWVYSmEtSDNOTGZRMzdvOGVmY1p2U0swbGp3dlZya1V6emwzWm5GbFFyNUVjMQ2&id=8556cf14-3efd-4f2b-9e0e-da94b0665f2b
209.15.13.136200 OK 2.2 kB URL HTTP/1.1 btpnative.com/click?data=MG1JZGpaY1MwSUpxakJWR2g4VVpiU1VYWUQ0VWJvTHlaWHF3SlhrMHlhTnhrajlpdXBjLVV1SjFuY3BCZC1xblNiLVQtMFhiMnJ3N1RTanpkMnFRTXJ0bFJHdFRkbFh5ZDJIM3hPS2o1REp6anBBUDZOaXNpRGQxbG9IeE5QZWVYSmEtSDNOTGZRMzdvOGVmY1p2U0swbGp3dlZya1V6emwzWm5GbFFyNUVjMQ2&id=8556cf14-3efd-4f2b-9e0e-da94b0665f2b
IP 209.15.13.136:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (349), with CRLF line terminators
Hash 67960ca8152e1704f8ec48ce0175a8a3
707831fc666ee226fcd2004249fff2055d736e99
880512530f2d9401ca33ef57435a794d0efaea852f914da33c38a06b07cbe56c
GET /click?data=MG1JZGpaY1MwSUpxakJWR2g4VVpiU1VYWUQ0VWJvTHlaWHF3SlhrMHlhTnhrajlpdXBjLVV1SjFuY3BCZC1xblNiLVQtMFhiMnJ3N1RTanpkMnFRTXJ0bFJHdFRkbFh5ZDJIM3hPS2o1REp6anBBUDZOaXNpRGQxbG9IeE5QZWVYSmEtSDNOTGZRMzdvOGVmY1p2U0swbGp3dlZya1V6emwzWm5GbFFyNUVjMQ2&id=8556cf14-3efd-4f2b-9e0e-da94b0665f2b HTTP/1.1
Host: btpnative.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-AspNetMvc-Version: 5.2
X-AspNet-Version: 4.0.30319
Set-Cookie: yQEtjlkQJenSqQh=yQEtjlkQJenSqQh; path=/
X-Server: web02
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type
Date: Tue, 11 Oct 2022 04:40:51 GMT
Content-Length: 2156
btpnative.com/Redirect/
209.15.13.136302 Found 2.0 kB IP 209.15.13.136:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (1918), with CRLF line terminators
Hash 2fb3146f81464bb0e79da78810f01000
7552e122028f2a2e2160e911436ed50605113690
ce290780169817b6b899998e0a61ad3296719c0d53f7ea834d5664357a818f9e
POST /Redirect/ HTTP/1.1
Host: btpnative.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 358
Origin: http://btpnative.com
Connection: keep-alive
Referer: http://btpnative.com/click?data=MG1JZGpaY1MwSUpxakJWR2g4VVpiU1VYWUQ0VWJvTHlaWHF3SlhrMHlhTnhrajlpdXBjLVV1SjFuY3BCZC1xblNiLVQtMFhiMnJ3N1RTanpkMnFRTXJ0bFJHdFRkbFh5ZDJIM3hPS2o1REp6anBBUDZOaXNpRGQxbG9IeE5QZWVYSmEtSDNOTGZRMzdvOGVmY1p2U0swbGp3dlZya1V6emwzWm5GbFFyNUVjMQ2&id=8556cf14-3efd-4f2b-9e0e-da94b0665f2b
Cookie: yQEtjlkQJenSqQh=yQEtjlkQJenSqQh
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: https://mybetterck.com/aS/feedclick?s=HFz5zNIIs95ROWPasgEEzx8Me0kzRtReLyT4nqgY4lUIKv2ZHTfRFmdNRMz_dvhc29XXvCS9-JLFXNSHgbbvMDcVgn291AC8YBoQL_cnsAH98M0aES-8Hfb5np8cxJs0YFos_XX7JtPGVWViaJip_uHVl7m5D8n6prPeNkHZz5l4z7fXvRG7iJfzP0q4z-nb2Vu5kCG6cnUqvxLSPTZX5nNHm07vkZ1o2YZTedC7FXGQPEUdVXzHmd-tUCjGytmkYtjI78zLXU2QPIY49AC1x9OJySMHQyX42Pj3WNVCCXuFpVvWHFOh6TZIT_lLvu1rDbusjVwJYrkBA__IkcClB7Lt5P86QEuhhveB5C8kjatbnTSCKm9GZcD8r6sws87iGb1XnSfn4MvxRsfLemN-8NuSMr2Zh3TQG1hxMFcwVNpneVPiFwmXzT_twNH_tdtsspBQAqpwnZ4HJZVhrbyijWF8vqLKIyXJWYX0KyMec1kDAD7pZvZ-t-e7C5lqIctbSuCW5e-sVLK_KIZlrvqQ9Bas_z02Icb5k8COj9HAdsGG9UbQSM0ZFRpZUBL98ZHxknrfmTzYr9NTn2lKYgbEfl26lCkwb4e2M-bzLSv3OZs76aVnw8wPMO5rbrqpVgDr2y6wPsjFcBZFUzi1VHWh-pVKxXXie8ytZuNSG0G205x-OtOAs5kuD99b_Mncayg8RFU7_CMl4apA-K7Nh97Pc1aMoCuj5RQ2cNfSCl0Vvf7PEhtMaGTMdZojL5HjqVQaB-HdjUwfnpmbVClBEkxiYHYQIkG32_B347BlZZ-2f_lEwsfJsxWFJPZbfugfrF-Zn8HGB5WQnfrI8fjwl5sKOwNpOjEREt39ithRb6BAu2eEcwLIXEwE18l2DVEB0SR4Y_vxrB5rJ_LLklVqjeZuc5CmWIYuYcwm1LBY-9besbR09Ly9lE07b7S_gwkWtMjiC4qYZFiFzxZ45fNUdQyOiRJhB_sG_evlqsmeezxzhzxkjPiDxeuz4HQeiyXOT7zqWylpUK9yBKg6sCbIw1lehKchj6C_p994FPAnJ-1FgJDlf3545iScOBSIyBtFIqdS0Zr-1w6fmMhHipiNIM2Q3fqyPFbdWF3AIwA3eXiDzKAMvtF9Z_bKN8PULfLsYesdTySK1WQdsF8BEtFuaQveBSQPtXcJTecQHYnF_uGKIhflVdO4tCVvabfaCU-MbVzLeOuDHI4OhPTM_L8ayOHc2YzDqRUtoRj9QmmhOPTwNWaGaT2zyOxJtkaAoFFo-StgNVIHIKyq8IRHQJpsyxV7m4MRXfqc9uZLPo2zZEFN5lY_FXAWgMdusLUVOz6tuUu0-COflArKyxRKSiEA1cvlrLvsQLmg2vrVlK5Pp8oP2etDvfwyvOBULiCG-9tNAm_5q0ielJ6O31I3VN_t1V1nSw5Tf8cQqSQgYYq2TIPdPHhGw84N2FzD4IJfmmZsBzmV7fWxIz_VuUSgtd9ZEzuSDCg6qnXf2BSHiQ6X2b9qv_hPWP3cGRfIz_pjAcDzSd3pWwgoQdiY7OnBRr_ei1BnkG6O79fSqXPRe-ONonZD8id4GJrpTCNOT9wStkQ3BLEVwR9QwZxs-ljNbQkZGaS89y-MkqNsQHu3-Enx24tEQ5BGpaNBwrdXZ2XowybBDd4nNPm4hFTJovLN4zrzUR49WYK7oJgVsASxOYwwqJPWDKyv0_DZ1s-DyC_h13fMuh17MrBOH_hHE4LTxMXSdzHBiUv5RqaWcynwL-HXd8y6HXsysE4f-EcTgo73VSi_HN5F9BpNhgwVDEMTCssQBo5b-HtRZEU4XnsIbMIaID2rNpE
Server: Microsoft-IIS/8.5
X-AspNetMvc-Version: 5.2
X-AspNet-Version: 4.0.30319
X-Server: web02
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type
Date: Tue, 11 Oct 2022 04:40:51 GMT
Content-Length: 1990
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 5d6e783ca060b4856ebbb6d194b168c9
0ef77af5a0df80d2d7880b06d45978ea862ebe4f
a750feff0403f89427e9a457d3c7a536aff2819e9e12075f27b7b08e90115276
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 11 Oct 2022 04:40:52 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 10 Oct 2022 19:20:12 GMT
Expires: Mon, 17 Oct 2022 19:20:11 GMT
Etag: "0ef77af5a0df80d2d7880b06d45978ea862ebe4f"
Cache-Control: max-age=570558,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7584eb8fecd81c12-OSL
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f97cde01f1afd5ed30319169445ec773
1cb25a8da62cdf1f9ab1b2b35d03163037691b33
1db2f13247d84bbebf5221ac7429e9367ee92aa1148b4aa879751e1944766406
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1DB2F13247D84BBEBF5221AC7429E9367EE92AA1148B4AA879751E1944766406"
Last-Modified: Mon, 10 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13382
Expires: Tue, 11 Oct 2022 08:23:54 GMT
Date: Tue, 11 Oct 2022 04:40:52 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f97cde01f1afd5ed30319169445ec773
1cb25a8da62cdf1f9ab1b2b35d03163037691b33
1db2f13247d84bbebf5221ac7429e9367ee92aa1148b4aa879751e1944766406
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1DB2F13247D84BBEBF5221AC7429E9367EE92AA1148B4AA879751E1944766406"
Last-Modified: Mon, 10 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13382
Expires: Tue, 11 Oct 2022 08:23:54 GMT
Date: Tue, 11 Oct 2022 04:40:52 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f97cde01f1afd5ed30319169445ec773
1cb25a8da62cdf1f9ab1b2b35d03163037691b33
1db2f13247d84bbebf5221ac7429e9367ee92aa1148b4aa879751e1944766406
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1DB2F13247D84BBEBF5221AC7429E9367EE92AA1148B4AA879751E1944766406"
Last-Modified: Mon, 10 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13382
Expires: Tue, 11 Oct 2022 08:23:54 GMT
Date: Tue, 11 Oct 2022 04:40:52 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f97cde01f1afd5ed30319169445ec773
1cb25a8da62cdf1f9ab1b2b35d03163037691b33
1db2f13247d84bbebf5221ac7429e9367ee92aa1148b4aa879751e1944766406
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1DB2F13247D84BBEBF5221AC7429E9367EE92AA1148B4AA879751E1944766406"
Last-Modified: Mon, 10 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13382
Expires: Tue, 11 Oct 2022 08:23:54 GMT
Date: Tue, 11 Oct 2022 04:40:52 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F647e8146-dad8-449f-a0ea-efe8d7b14e99.jpeg
34.120.237.76200 OK 6.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F647e8146-dad8-449f-a0ea-efe8d7b14e99.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6943f4735bdb3eaf396cd0edbd101dae
3be209d8b74abe0d12033cf6149da04eb9e1a116
7578a8981216adc59909baf4e41ef4044d5a592e6dc7f80f4fa8f5f1cc1b282f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F647e8146-dad8-449f-a0ea-efe8d7b14e99.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5957
x-amzn-requestid: e7388c82-006d-4114-84e1-f6c5af236edb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zt4h5EMzoAMF5GQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63423ad8-135cd65273a99b4c1719796b;Sampled=0
x-amzn-remapped-date: Sun, 09 Oct 2022 03:07:04 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: H6aoPUjEEPgK6GhTjcpiUg0lVa0e78LQa7cbpYT-QR8NKUzn7UL1Sw==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google
date: Tue, 11 Oct 2022 04:12:36 GMT
age: 1696
etag: "3be209d8b74abe0d12033cf6149da04eb9e1a116"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98a938ec-0f85-4cc4-b114-6a3bb049c111.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98a938ec-0f85-4cc4-b114-6a3bb049c111.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9e6761274cf8c2ed62e317e310f74ac3
32b3631be51d3385f061fee29e41ed28fad4b914
45d68ffebd269cae06ae471a11a128c32070367db85f525b81df4164f510adea
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98a938ec-0f85-4cc4-b114-6a3bb049c111.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11336
x-amzn-requestid: 2f64751f-13d2-49c3-85c4-fb0f28186a37
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zzt8mFh7IAMF_lA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63449050-100b2d49411d4bed369655c1;Sampled=0
x-amzn-remapped-date: Mon, 10 Oct 2022 21:36:16 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: lss2UdzBjP4PysNdrrEsK0WX20WfoKkbHuhcPzL6WWyyTXSynpXJDA==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Mon, 10 Oct 2022 21:55:51 GMT
etag: "32b3631be51d3385f061fee29e41ed28fad4b914"
content-type: image/jpeg
age: 24301
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64713a02-dc11-4aea-ad13-17dc62767165.jpeg
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64713a02-dc11-4aea-ad13-17dc62767165.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 00b0de9d0ee43054810268bdc36ab790
e3e1203073f20305a2648f2471d1adb5f2d6cf3b
157aa861cc76a482c58993e02f0a49241b5105a9287bca1c01f8eb7215953724
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64713a02-dc11-4aea-ad13-17dc62767165.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7620
x-amzn-requestid: 658373fd-c35b-4541-b85d-9923c52664e5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zt6ddGTToAMFWxQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63423def-4e4b407e250e130a389a9a5a;Sampled=0
x-amzn-remapped-date: Sun, 09 Oct 2022 03:20:15 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: bMPnF1JgnYO_MNECbL82H8I3NAsd49Lz9npxuRsYOCEPjp8VW8_dTg==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 11 Oct 2022 04:27:33 GMT
age: 799
etag: "e3e1203073f20305a2648f2471d1adb5f2d6cf3b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6427b2e3-1afc-4db4-b1b7-02f92b2e016e.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6427b2e3-1afc-4db4-b1b7-02f92b2e016e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3e27480fbe74711c84a851583febc690
cd77eee86e60e745fbcb51d64b1dd0dd379c941c
272eb95d8f7688490be7515a7ac63e5585b0ce134be2d316a0795c8500d8f61c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6427b2e3-1afc-4db4-b1b7-02f92b2e016e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8668
x-amzn-requestid: fe7c4024-b127-4b23-af2c-f9b82c9cbdb2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZhGL9H9-IAMFTtg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633d1d7f-5eb503175b1b0af323e85e57;Sampled=0
x-amzn-remapped-date: Wed, 05 Oct 2022 06:00:31 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: i72ViuEwj90R1kN-gHHHe7Xho204xHCxAM1_HEsYCF3OQ1e9Y0Lw5g==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Mon, 10 Oct 2022 21:56:22 GMT
age: 24270
etag: "cd77eee86e60e745fbcb51d64b1dd0dd379c941c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faf363159-c109-46fe-bd9b-9134e7b048c3.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faf363159-c109-46fe-bd9b-9134e7b048c3.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e3c99f149a624060a36dd392ac0d5ef4
ccbb22ad9c30baa4e3f013dfc60195400f469dc0
3f9dc61fff639b4b8aa778630e8009c190e804b8d58684e9244cef8419a61c00
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faf363159-c109-46fe-bd9b-9134e7b048c3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11239
x-amzn-requestid: 9f628fab-edd5-425d-add3-31beea676070
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZzuvOGzhoAMFd0A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63449194-48cae2de0a5968fb46772067;Sampled=0
x-amzn-remapped-date: Mon, 10 Oct 2022 21:41:40 GMT
x-amz-cf-pop: SFO5-P2, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 7i8fLObJFEx_Y_7k2gRtapXCaDgMWiAlHD3cnxuNlNWGz-HGH1T1wQ==
via: 1.1 332ef4544bd8b531e8f11abaa4197c08.cloudfront.net (CloudFront), 1.1 0d4ebcaa87ba94709def0eaac9371e5a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 10 Oct 2022 22:17:11 GMT
age: 23021
etag: "ccbb22ad9c30baa4e3f013dfc60195400f469dc0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0583d755-2f5b-458f-86f0-774b9909eb6f.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0583d755-2f5b-458f-86f0-774b9909eb6f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6e9aa9808428e5fd81ac9d61d6f7c708
3a8d76badce50dd98938885082dcb6e30363ae88
d8f7c48a1cbe04af2f7e0455d1ef7af9b63506b9ae343ebf14ece8689bb06bf6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0583d755-2f5b-458f-86f0-774b9909eb6f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11800
x-amzn-requestid: 94e8e091-1136-41a7-843c-44c4ffe9e688
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZqylGGYwoAMFQIg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6340fe20-60b47aeb3b55af4f755577f4;Sampled=0
x-amzn-remapped-date: Sat, 08 Oct 2022 04:35:44 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: fzfUAL2jahiFgsqMExf1dB_7PFJt9wwO2BDKo3XJHSvk5AeeNP8FQg==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Mon, 10 Oct 2022 22:22:13 GMT
age: 22719
etag: "3a8d76badce50dd98938885082dcb6e30363ae88"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
mybetterck.com/aS/feedclick?s=HFz5zNIIs95ROWPasgEEzx8Me0kzRtReLyT4nqgY4lUIKv2ZHTfRFmdNRMz_dvhc29XXvCS9-JLFXNSHgbbvMDcVgn291AC8YBoQL_cnsAH98M0aES-8Hfb5np8cxJs0YFos_XX7JtPGVWViaJip_uHVl7m5D8n6prPeNkHZz5l4z7fXvRG7iJfzP0q4z-nb2Vu5kCG6cnUqvxLSPTZX5nNHm07vkZ1o2YZTedC7FXGQPEUdVXzHmd-tUCjGytmkYtjI78zLXU2QPIY49AC1x9OJySMHQyX42Pj3WNVCCXuFpVvWHFOh6TZIT_lLvu1rDbusjVwJYrkBA__IkcClB7Lt5P86QEuhhveB5C8kjatbnTSCKm9GZcD8r6sws87iGb1XnSfn4MvxRsfLemN-8NuSMr2Zh3TQG1hxMFcwVNpneVPiFwmXzT_twNH_tdtsspBQAqpwnZ4HJZVhrbyijWF8vqLKIyXJWYX0KyMec1kDAD7pZvZ-t-e7C5lqIctbSuCW5e-sVLK_KIZlrvqQ9Bas_z02Icb5k8COj9HAdsGG9UbQSM0ZFRpZUBL98ZHxknrfmTzYr9NTn2lKYgbEfl26lCkwb4e2M-bzLSv3OZs76aVnw8wPMO5rbrqpVgDr2y6wPsjFcBZFUzi1VHWh-pVKxXXie8ytZuNSG0G205x-OtOAs5kuD99b_Mncayg8RFU7_CMl4apA-K7Nh97Pc1aMoCuj5RQ2cNfSCl0Vvf7PEhtMaGTMdZojL5HjqVQaB-HdjUwfnpmbVClBEkxiYHYQIkG32_B347BlZZ-2f_lEwsfJsxWFJPZbfugfrF-Zn8HGB5WQnfrI8fjwl5sKOwNpOjEREt39ithRb6BAu2eEcwLIXEwE18l2DVEB0SR4Y_vxrB5rJ_LLklVqjeZuc5CmWIYuYcwm1LBY-9besbR09Ly9lE07b7S_gwkWtMjiC4qYZFiFzxZ45fNUdQyOiRJhB_sG_evlqsmeezxzhzxkjPiDxeuz4HQeiyXOT7zqWylpUK9yBKg6sCbIw1lehKchj6C_p994FPAnJ-1FgJDlf3545iScOBSIyBtFIqdS0Zr-1w6fmMhHipiNIM2Q3fqyPFbdWF3AIwA3eXiDzKAMvtF9Z_bKN8PULfLsYesdTySK1WQdsF8BEtFuaQveBSQPtXcJTecQHYnF_uGKIhflVdO4tCVvabfaCU-MbVzLeOuDHI4OhPTM_L8ayOHc2YzDqRUtoRj9QmmhOPTwNWaGaT2zyOxJtkaAoFFo-StgNVIHIKyq8IRHQJpsyxV7m4MRXfqc9uZLPo2zZEFN5lY_FXAWgMdusLUVOz6tuUu0-COflArKyxRKSiEA1cvlrLvsQLmg2vrVlK5Pp8oP2etDvfwyvOBULiCG-9tNAm_5q0ielJ6O31I3VN_t1V1nSw5Tf8cQqSQgYYq2TIPdPHhGw84N2FzD4IJfmmZsBzmV7fWxIz_VuUSgtd9ZEzuSDCg6qnXf2BSHiQ6X2b9qv_hPWP3cGRfIz_pjAcDzSd3pWwgoQdiY7OnBRr_ei1BnkG6O79fSqXPRe-ONonZD8id4GJrpTCNOT9wStkQ3BLEVwR9QwZxs-ljNbQkZGaS89y-MkqNsQHu3-Enx24tEQ5BGpaNBwrdXZ2XowybBDd4nNPm4hFTJovLN4zrzUR49WYK7oJgVsASxOYwwqJPWDKyv0_DZ1s-DyC_h13fMuh17MrBOH_hHE4LTxMXSdzHBiUv5RqaWcynwL-HXd8y6HXsysE4f-EcTgo73VSi_HN5F9BpNhgwVDEMTCssQBo5b-HtRZEU4XnsIbMIaID2rNpE
108.168.193.189302 Found 0 B URL HTTP/2 mybetterck.com/aS/feedclick?s=HFz5zNIIs95ROWPasgEEzx8Me0kzRtReLyT4nqgY4lUIKv2ZHTfRFmdNRMz_dvhc29XXvCS9-JLFXNSHgbbvMDcVgn291AC8YBoQL_cnsAH98M0aES-8Hfb5np8cxJs0YFos_XX7JtPGVWViaJip_uHVl7m5D8n6prPeNkHZz5l4z7fXvRG7iJfzP0q4z-nb2Vu5kCG6cnUqvxLSPTZX5nNHm07vkZ1o2YZTedC7FXGQPEUdVXzHmd-tUCjGytmkYtjI78zLXU2QPIY49AC1x9OJySMHQyX42Pj3WNVCCXuFpVvWHFOh6TZIT_lLvu1rDbusjVwJYrkBA__IkcClB7Lt5P86QEuhhveB5C8kjatbnTSCKm9GZcD8r6sws87iGb1XnSfn4MvxRsfLemN-8NuSMr2Zh3TQG1hxMFcwVNpneVPiFwmXzT_twNH_tdtsspBQAqpwnZ4HJZVhrbyijWF8vqLKIyXJWYX0KyMec1kDAD7pZvZ-t-e7C5lqIctbSuCW5e-sVLK_KIZlrvqQ9Bas_z02Icb5k8COj9HAdsGG9UbQSM0ZFRpZUBL98ZHxknrfmTzYr9NTn2lKYgbEfl26lCkwb4e2M-bzLSv3OZs76aVnw8wPMO5rbrqpVgDr2y6wPsjFcBZFUzi1VHWh-pVKxXXie8ytZuNSG0G205x-OtOAs5kuD99b_Mncayg8RFU7_CMl4apA-K7Nh97Pc1aMoCuj5RQ2cNfSCl0Vvf7PEhtMaGTMdZojL5HjqVQaB-HdjUwfnpmbVClBEkxiYHYQIkG32_B347BlZZ-2f_lEwsfJsxWFJPZbfugfrF-Zn8HGB5WQnfrI8fjwl5sKOwNpOjEREt39ithRb6BAu2eEcwLIXEwE18l2DVEB0SR4Y_vxrB5rJ_LLklVqjeZuc5CmWIYuYcwm1LBY-9besbR09Ly9lE07b7S_gwkWtMjiC4qYZFiFzxZ45fNUdQyOiRJhB_sG_evlqsmeezxzhzxkjPiDxeuz4HQeiyXOT7zqWylpUK9yBKg6sCbIw1lehKchj6C_p994FPAnJ-1FgJDlf3545iScOBSIyBtFIqdS0Zr-1w6fmMhHipiNIM2Q3fqyPFbdWF3AIwA3eXiDzKAMvtF9Z_bKN8PULfLsYesdTySK1WQdsF8BEtFuaQveBSQPtXcJTecQHYnF_uGKIhflVdO4tCVvabfaCU-MbVzLeOuDHI4OhPTM_L8ayOHc2YzDqRUtoRj9QmmhOPTwNWaGaT2zyOxJtkaAoFFo-StgNVIHIKyq8IRHQJpsyxV7m4MRXfqc9uZLPo2zZEFN5lY_FXAWgMdusLUVOz6tuUu0-COflArKyxRKSiEA1cvlrLvsQLmg2vrVlK5Pp8oP2etDvfwyvOBULiCG-9tNAm_5q0ielJ6O31I3VN_t1V1nSw5Tf8cQqSQgYYq2TIPdPHhGw84N2FzD4IJfmmZsBzmV7fWxIz_VuUSgtd9ZEzuSDCg6qnXf2BSHiQ6X2b9qv_hPWP3cGRfIz_pjAcDzSd3pWwgoQdiY7OnBRr_ei1BnkG6O79fSqXPRe-ONonZD8id4GJrpTCNOT9wStkQ3BLEVwR9QwZxs-ljNbQkZGaS89y-MkqNsQHu3-Enx24tEQ5BGpaNBwrdXZ2XowybBDd4nNPm4hFTJovLN4zrzUR49WYK7oJgVsASxOYwwqJPWDKyv0_DZ1s-DyC_h13fMuh17MrBOH_hHE4LTxMXSdzHBiUv5RqaWcynwL-HXd8y6HXsysE4f-EcTgo73VSi_HN5F9BpNhgwVDEMTCssQBo5b-HtRZEU4XnsIbMIaID2rNpE
IP 108.168.193.189:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /aS/feedclick?s=HFz5zNIIs95ROWPasgEEzx8Me0kzRtReLyT4nqgY4lUIKv2ZHTfRFmdNRMz_dvhc29XXvCS9-JLFXNSHgbbvMDcVgn291AC8YBoQL_cnsAH98M0aES-8Hfb5np8cxJs0YFos_XX7JtPGVWViaJip_uHVl7m5D8n6prPeNkHZz5l4z7fXvRG7iJfzP0q4z-nb2Vu5kCG6cnUqvxLSPTZX5nNHm07vkZ1o2YZTedC7FXGQPEUdVXzHmd-tUCjGytmkYtjI78zLXU2QPIY49AC1x9OJySMHQyX42Pj3WNVCCXuFpVvWHFOh6TZIT_lLvu1rDbusjVwJYrkBA__IkcClB7Lt5P86QEuhhveB5C8kjatbnTSCKm9GZcD8r6sws87iGb1XnSfn4MvxRsfLemN-8NuSMr2Zh3TQG1hxMFcwVNpneVPiFwmXzT_twNH_tdtsspBQAqpwnZ4HJZVhrbyijWF8vqLKIyXJWYX0KyMec1kDAD7pZvZ-t-e7C5lqIctbSuCW5e-sVLK_KIZlrvqQ9Bas_z02Icb5k8COj9HAdsGG9UbQSM0ZFRpZUBL98ZHxknrfmTzYr9NTn2lKYgbEfl26lCkwb4e2M-bzLSv3OZs76aVnw8wPMO5rbrqpVgDr2y6wPsjFcBZFUzi1VHWh-pVKxXXie8ytZuNSG0G205x-OtOAs5kuD99b_Mncayg8RFU7_CMl4apA-K7Nh97Pc1aMoCuj5RQ2cNfSCl0Vvf7PEhtMaGTMdZojL5HjqVQaB-HdjUwfnpmbVClBEkxiYHYQIkG32_B347BlZZ-2f_lEwsfJsxWFJPZbfugfrF-Zn8HGB5WQnfrI8fjwl5sKOwNpOjEREt39ithRb6BAu2eEcwLIXEwE18l2DVEB0SR4Y_vxrB5rJ_LLklVqjeZuc5CmWIYuYcwm1LBY-9besbR09Ly9lE07b7S_gwkWtMjiC4qYZFiFzxZ45fNUdQyOiRJhB_sG_evlqsmeezxzhzxkjPiDxeuz4HQeiyXOT7zqWylpUK9yBKg6sCbIw1lehKchj6C_p994FPAnJ-1FgJDlf3545iScOBSIyBtFIqdS0Zr-1w6fmMhHipiNIM2Q3fqyPFbdWF3AIwA3eXiDzKAMvtF9Z_bKN8PULfLsYesdTySK1WQdsF8BEtFuaQveBSQPtXcJTecQHYnF_uGKIhflVdO4tCVvabfaCU-MbVzLeOuDHI4OhPTM_L8ayOHc2YzDqRUtoRj9QmmhOPTwNWaGaT2zyOxJtkaAoFFo-StgNVIHIKyq8IRHQJpsyxV7m4MRXfqc9uZLPo2zZEFN5lY_FXAWgMdusLUVOz6tuUu0-COflArKyxRKSiEA1cvlrLvsQLmg2vrVlK5Pp8oP2etDvfwyvOBULiCG-9tNAm_5q0ielJ6O31I3VN_t1V1nSw5Tf8cQqSQgYYq2TIPdPHhGw84N2FzD4IJfmmZsBzmV7fWxIz_VuUSgtd9ZEzuSDCg6qnXf2BSHiQ6X2b9qv_hPWP3cGRfIz_pjAcDzSd3pWwgoQdiY7OnBRr_ei1BnkG6O79fSqXPRe-ONonZD8id4GJrpTCNOT9wStkQ3BLEVwR9QwZxs-ljNbQkZGaS89y-MkqNsQHu3-Enx24tEQ5BGpaNBwrdXZ2XowybBDd4nNPm4hFTJovLN4zrzUR49WYK7oJgVsASxOYwwqJPWDKyv0_DZ1s-DyC_h13fMuh17MrBOH_hHE4LTxMXSdzHBiUv5RqaWcynwL-HXd8y6HXsysE4f-EcTgo73VSi_HN5F9BpNhgwVDEMTCssQBo5b-HtRZEU4XnsIbMIaID2rNpE HTTP/1.1
Host: mybetterck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://btpnative.com/
Connection: keep-alive
Cookie: rhid=81412752446
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Tue, 11 Oct 2022 04:40:52 GMT
content-length: 0
set-cookie: rhid=81412752446; Max-Age=15552000; Expires=Sun, 09-Apr-2023 04:40:52 GMT; Domain=mybetterck.com; Path=/; SameSite=None; secure;
location: https://p274639.mybetterck.com/adServe/domainClick?ai=gNSPw4YcvsCApKkKBx7IDK_T8NnWz4PIL-HXd8y6HXsysE4f-EcTggdeVOnJlov8J6VoLBo1j54cVxa8GfExORSSbmTdEOU_3aLx-_J00aw5bSTdWcYVZHJJmxWvb-tAhLTfjgVu3mMOGVIq7SQHt4MmNmfUGj9edP4vP38GGG2Mw6kVLaEY_UJpoTj08DVmhmk9s8jsSbZGgKBRaPkrYDVSByCsqvCEh_XxP0KkeoJPYv00XJVcXnlDjvP4JXWiXaThdUnMclfyYWAdJYTdNkIKkn8CrT8sbo7v19Kpc9F7442idkPyJ5vuKYX1Z9FzYlZ0CBoMUA4lO7oBdjPsrrEb9OBP4O7sT8F-9PcQTUQ6D3MLWJiA_w70sCjuHHHRZAEJiK7vPzhsLIA17nSIGXBOjoKf7s83jhdEqJB6Nj2XmDvYXWw9hp-qFZn5gpnPqtE9sbJicJwX2fEbVjxB9kp2QAzznS8_6fjhgUFt3sQISiZ3D8mF7LCm2HeI0S938_gGwpSXr3tSAMcY_H2x04LPup2KcifG55t7YBKnHdNtadod4QUG5-x8gRDqP9rSedozOvh8r9L3UsZ1mkv96ZXotdbE7jCRrm6gVTpyUJvEt92mMgVgww&ui=HFz5zNIIs96w8gbO8AoGVPmI0xR1wwxS2iJjOcrEjyuRlzYtnG-FPzbX9-cQaZQw0N0WQKFYHcvDiy4psgHSnd4w4oHmiMcTnHtMvlRisKluqenpzrhP8A&si=1&oref=edd3155de27f671a05acd39a0f10e15e&optunit=sRv04E_g7uxPwX709xBNRG5RKvaaTsOV&rb=E-qvs9aXu7s&rr=0&abtg=0
X-Firefox-Spdy: h2
p274639.mybetterck.com/adServe/domainClick?ai=gNSPw4YcvsCApKkKBx7IDK_T8NnWz4PIL-HXd8y6HXsysE4f-EcTggdeVOnJlov8J6VoLBo1j54cVxa8GfExORSSbmTdEOU_3aLx-_J00aw5bSTdWcYVZHJJmxWvb-tAhLTfjgVu3mMOGVIq7SQHt4MmNmfUGj9edP4vP38GGG2Mw6kVLaEY_UJpoTj08DVmhmk9s8jsSbZGgKBRaPkrYDVSByCsqvCEh_XxP0KkeoJPYv00XJVcXnlDjvP4JXWiXaThdUnMclfyYWAdJYTdNkIKkn8CrT8sbo7v19Kpc9F7442idkPyJ5vuKYX1Z9FzYlZ0CBoMUA4lO7oBdjPsrrEb9OBP4O7sT8F-9PcQTUQ6D3MLWJiA_w70sCjuHHHRZAEJiK7vPzhsLIA17nSIGXBOjoKf7s83jhdEqJB6Nj2XmDvYXWw9hp-qFZn5gpnPqtE9sbJicJwX2fEbVjxB9kp2QAzznS8_6fjhgUFt3sQISiZ3D8mF7LCm2HeI0S938_gGwpSXr3tSAMcY_H2x04LPup2KcifG55t7YBKnHdNtadod4QUG5-x8gRDqP9rSedozOvh8r9L3UsZ1mkv96ZXotdbE7jCRrm6gVTpyUJvEt92mMgVgww&ui=HFz5zNIIs96w8gbO8AoGVPmI0xR1wwxS2iJjOcrEjyuRlzYtnG-FPzbX9-cQaZQw0N0WQKFYHcvDiy4psgHSnd4w4oHmiMcTnHtMvlRisKluqenpzrhP8A&si=1&oref=edd3155de27f671a05acd39a0f10e15e&optunit=sRv04E_g7uxPwX709xBNRG5RKvaaTsOV&rb=E-qvs9aXu7s&rr=0&abtg=0
108.168.193.189302 Found 0 B URL HTTP/2 p274639.mybetterck.com/adServe/domainClick?ai=gNSPw4YcvsCApKkKBx7IDK_T8NnWz4PIL-HXd8y6HXsysE4f-EcTggdeVOnJlov8J6VoLBo1j54cVxa8GfExORSSbmTdEOU_3aLx-_J00aw5bSTdWcYVZHJJmxWvb-tAhLTfjgVu3mMOGVIq7SQHt4MmNmfUGj9edP4vP38GGG2Mw6kVLaEY_UJpoTj08DVmhmk9s8jsSbZGgKBRaPkrYDVSByCsqvCEh_XxP0KkeoJPYv00XJVcXnlDjvP4JXWiXaThdUnMclfyYWAdJYTdNkIKkn8CrT8sbo7v19Kpc9F7442idkPyJ5vuKYX1Z9FzYlZ0CBoMUA4lO7oBdjPsrrEb9OBP4O7sT8F-9PcQTUQ6D3MLWJiA_w70sCjuHHHRZAEJiK7vPzhsLIA17nSIGXBOjoKf7s83jhdEqJB6Nj2XmDvYXWw9hp-qFZn5gpnPqtE9sbJicJwX2fEbVjxB9kp2QAzznS8_6fjhgUFt3sQISiZ3D8mF7LCm2HeI0S938_gGwpSXr3tSAMcY_H2x04LPup2KcifG55t7YBKnHdNtadod4QUG5-x8gRDqP9rSedozOvh8r9L3UsZ1mkv96ZXotdbE7jCRrm6gVTpyUJvEt92mMgVgww&ui=HFz5zNIIs96w8gbO8AoGVPmI0xR1wwxS2iJjOcrEjyuRlzYtnG-FPzbX9-cQaZQw0N0WQKFYHcvDiy4psgHSnd4w4oHmiMcTnHtMvlRisKluqenpzrhP8A&si=1&oref=edd3155de27f671a05acd39a0f10e15e&optunit=sRv04E_g7uxPwX709xBNRG5RKvaaTsOV&rb=E-qvs9aXu7s&rr=0&abtg=0
IP 108.168.193.189:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /adServe/domainClick?ai=gNSPw4YcvsCApKkKBx7IDK_T8NnWz4PIL-HXd8y6HXsysE4f-EcTggdeVOnJlov8J6VoLBo1j54cVxa8GfExORSSbmTdEOU_3aLx-_J00aw5bSTdWcYVZHJJmxWvb-tAhLTfjgVu3mMOGVIq7SQHt4MmNmfUGj9edP4vP38GGG2Mw6kVLaEY_UJpoTj08DVmhmk9s8jsSbZGgKBRaPkrYDVSByCsqvCEh_XxP0KkeoJPYv00XJVcXnlDjvP4JXWiXaThdUnMclfyYWAdJYTdNkIKkn8CrT8sbo7v19Kpc9F7442idkPyJ5vuKYX1Z9FzYlZ0CBoMUA4lO7oBdjPsrrEb9OBP4O7sT8F-9PcQTUQ6D3MLWJiA_w70sCjuHHHRZAEJiK7vPzhsLIA17nSIGXBOjoKf7s83jhdEqJB6Nj2XmDvYXWw9hp-qFZn5gpnPqtE9sbJicJwX2fEbVjxB9kp2QAzznS8_6fjhgUFt3sQISiZ3D8mF7LCm2HeI0S938_gGwpSXr3tSAMcY_H2x04LPup2KcifG55t7YBKnHdNtadod4QUG5-x8gRDqP9rSedozOvh8r9L3UsZ1mkv96ZXotdbE7jCRrm6gVTpyUJvEt92mMgVgww&ui=HFz5zNIIs96w8gbO8AoGVPmI0xR1wwxS2iJjOcrEjyuRlzYtnG-FPzbX9-cQaZQw0N0WQKFYHcvDiy4psgHSnd4w4oHmiMcTnHtMvlRisKluqenpzrhP8A&si=1&oref=edd3155de27f671a05acd39a0f10e15e&optunit=sRv04E_g7uxPwX709xBNRG5RKvaaTsOV&rb=E-qvs9aXu7s&rr=0&abtg=0 HTTP/1.1
Host: p274639.mybetterck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://btpnative.com/
Connection: keep-alive
Cookie: rhid=81412752446
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx
date: Tue, 11 Oct 2022 04:40:52 GMT
content-length: 0
set-cookie: rhid=81412752446; Max-Age=15552000; Expires=Sun, 09-Apr-2023 04:40:52 GMT; Domain=mybetterck.com; Path=/; SameSite=None; secure;
loi=ad_490233_off_142374_aff_3322_cid_274639-573745158-THEBESTALLCODECSAPP.COM_ts_1665463252; Max-Age=3600; Expires=Tue, 11-Oct-2022 05:40:52 GMT; Domain=mybetterck.com; Path=/; SameSite=None; secure;
location: https://myfood.ltd/?v=20171031&s1=0
X-Firefox-Spdy: h2