firefox.settings.services.mozilla.com/v1/
143.204.55.36200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.36:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash b593eb39329cfe060d55be5e4a5405e2
78e46c1028e9f94f8569303ad2d90d7df13a059a
08a810103557efe55ca4425ff0cf82593f1f54633df899127eaec9bee05d4d04
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Alert, Content-Length, Content-Type, Backoff
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Fri, 09 Sep 2022 07:55:51 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 277d0e3af1ffdcb1ee40b7dc9f040146.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: VwLgTS4DD5aFrtDZsDYc0TxQVdCfN7EF6odziuyL_CNWf4eeAAzkhw==
Age: 2655
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f55e483f32b3fd50b1a2414aaada9b61
9d6b22edb98866e002e3b1ace44dfb0f8d00935f
4b09e1d2b887ded061e4ec5f82ec70ce699eeed428acc6b4fd3ef10ed9233c89
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4B09E1D2B887DED061E4EC5F82EC70CE699EEED428ACC6B4FD3EF10ED9233C89"
Last-Modified: Thu, 08 Sep 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3671
Expires: Fri, 09 Sep 2022 09:41:17 GMT
Date: Fri, 09 Sep 2022 08:40:06 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
143.204.55.35200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP 143.204.55.35:0
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Fri, 09 Sep 2022 03:46:35 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 a7d2a4ec2f50830f128dc406960aef9a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: eihXxSEixNXLrIDV0yn0MVYajrpPaG3cvWUD5TgXVitTWKqKqfNcpQ==
age: 17612
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 08:40:06 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.36200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.36:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Fri, 09 Sep 2022 07:56:07 GMT
Expires: Fri, 09 Sep 2022 08:28:48 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: a-NeCeRuggQpyyD9gZCmbDjEddKXjMN99kKQFc5O9GaqA7ZWvEi_rg==
Age: 2639
collegebabestube.com/
67.227.226.240200 OK 2.3 kB IP 67.227.226.240:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (646)
Hash 19d5ad2946276156e7683fb2d87f09ef
6adbc1eb67510885ed9a4d5a96ad87d46a7a0324
ee40f67b48a8f86076ed79ac1fce3d191d8b0775d663fd540dbf530e8fa458e7
GET / HTTP/1.1
Host: collegebabestube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Fri, 09 Sep 2022 08:40:06 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9
X-Powered-By: PHP/5.4.16
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 042105f89c8d64b470d84e052cd412d1
a26c7e2559b3760ea2765b16a3f8d1be27f5dcf4
fadb8cdd22f4d7773d5c20d576f6400ab25e20e1efe3e3fe50d2ae39ca6f2725
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2622
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 09 Sep 2022 08:40:07 GMT
Last-Modified: Fri, 09 Sep 2022 07:56:25 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
34.218.159.206101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.218.159.206:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: a0aE+VJCpJkIEFykS3gdhA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: DbXoNsY9bJPIlZ8Tx9KCWH3lb7A=
ocsp.sca1b.amazontrust.com/
143.204.42.165200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.165:0
Hash 2f0f3190438544a1f5121c106d79e8ab
df50bcafc09a24642761e6ff470705010cced8e8
66025faa335158befe37ebef8edc7a9f8312758bbcfe08da4d5f171b5a6c350a
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=96373
Date: Fri, 09 Sep 2022 08:40:07 GMT
Etag: "6319c035-1d7"
Expires: Sat, 10 Sep 2022 11:26:20 GMT
Last-Modified: Thu, 08 Sep 2022 10:13:09 GMT
Server: ECS (nyb/1D04)
X-Cache: Miss from cloudfront
Via: 1.1 6cb1d4b545e7beb4ead790454f4807c6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: CdvP5Rj2zp5cr-AtRCq-tTgEzeV5_xnKsH6uHc3WuQsqMLyPm_hPDA==
Age: 4391
histioned-modgerous.icu/zp-redirect?target=https%3A%2F%2Fyourxfriend.com%2FNorway.choose%2Findex.html%3Fcep%3DmQnbqEgULm8rccUGh0otHEcqItes2szR9WU9Ajr8AOoQLid9G1Wsbj1-Ktmv5sStQvXza3nrzPukFPKOhWXAKkSYXzmGytx-66CI6_XPZoQEqRujYHtczJ7w-q1gIbKBuYJfX9_0flV8bnYbfGcJF-VvB_KvCEfK3goFntQHJwysIbyMyzJ1ZH40Aw8J4jlTDDqQtJt1KS_Zc6X8akYugXgx13enNV12hvYS9GA8RF5GCGHV88eWlZywDBPY5pod9v0jtQ8G68KK_fuavWohqaZRjYEVxex0Up6sefFhinCaxQ0oxGd9grDUqgiGxfFy9G7C062_Q_rbM6CuIo8UsR50JhZ9RrH-70oj59JluNn6x7l9LRTeBj2wy8nKim3hW8GQT1Oo2lGMU5boBbDDDhAqLFthcRUzCKwJCnj6W9mEDs4IEr4QrG3Im5Fx1w1HcQKHf4SvSvQGWvSVGLT-ykKBHqSs8DdGGmGHjRn0yR-CyG2YutwOiSQh1a688bhKSymUpxMWHX6y733AeqL2vA%26lptoken%3D166962197168463207d2&caid=648ec121-6aee-4d70-8377-58cf482fd06d&zpid=015aede3-301b-11ed-8ecb-128accf2cffb&cid=&rt=R
18.193.146.82302 Found 0 B URL HTTP/2 histioned-modgerous.icu/zp-redirect?target=https%3A%2F%2Fyourxfriend.com%2FNorway.choose%2Findex.html%3Fcep%3DmQnbqEgULm8rccUGh0otHEcqItes2szR9WU9Ajr8AOoQLid9G1Wsbj1-Ktmv5sStQvXza3nrzPukFPKOhWXAKkSYXzmGytx-66CI6_XPZoQEqRujYHtczJ7w-q1gIbKBuYJfX9_0flV8bnYbfGcJF-VvB_KvCEfK3goFntQHJwysIbyMyzJ1ZH40Aw8J4jlTDDqQtJt1KS_Zc6X8akYugXgx13enNV12hvYS9GA8RF5GCGHV88eWlZywDBPY5pod9v0jtQ8G68KK_fuavWohqaZRjYEVxex0Up6sefFhinCaxQ0oxGd9grDUqgiGxfFy9G7C062_Q_rbM6CuIo8UsR50JhZ9RrH-70oj59JluNn6x7l9LRTeBj2wy8nKim3hW8GQT1Oo2lGMU5boBbDDDhAqLFthcRUzCKwJCnj6W9mEDs4IEr4QrG3Im5Fx1w1HcQKHf4SvSvQGWvSVGLT-ykKBHqSs8DdGGmGHjRn0yR-CyG2YutwOiSQh1a688bhKSymUpxMWHX6y733AeqL2vA%26lptoken%3D166962197168463207d2&caid=648ec121-6aee-4d70-8377-58cf482fd06d&zpid=015aede3-301b-11ed-8ecb-128accf2cffb&cid=&rt=R
IP 18.193.146.82:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /zp-redirect?target=https%3A%2F%2Fyourxfriend.com%2FNorway.choose%2Findex.html%3Fcep%3DmQnbqEgULm8rccUGh0otHEcqItes2szR9WU9Ajr8AOoQLid9G1Wsbj1-Ktmv5sStQvXza3nrzPukFPKOhWXAKkSYXzmGytx-66CI6_XPZoQEqRujYHtczJ7w-q1gIbKBuYJfX9_0flV8bnYbfGcJF-VvB_KvCEfK3goFntQHJwysIbyMyzJ1ZH40Aw8J4jlTDDqQtJt1KS_Zc6X8akYugXgx13enNV12hvYS9GA8RF5GCGHV88eWlZywDBPY5pod9v0jtQ8G68KK_fuavWohqaZRjYEVxex0Up6sefFhinCaxQ0oxGd9grDUqgiGxfFy9G7C062_Q_rbM6CuIo8UsR50JhZ9RrH-70oj59JluNn6x7l9LRTeBj2wy8nKim3hW8GQT1Oo2lGMU5boBbDDDhAqLFthcRUzCKwJCnj6W9mEDs4IEr4QrG3Im5Fx1w1HcQKHf4SvSvQGWvSVGLT-ykKBHqSs8DdGGmGHjRn0yR-CyG2YutwOiSQh1a688bhKSymUpxMWHX6y733AeqL2vA%26lptoken%3D166962197168463207d2&caid=648ec121-6aee-4d70-8377-58cf482fd06d&zpid=015aede3-301b-11ed-8ecb-128accf2cffb&cid=&rt=R HTTP/1.1
Host: histioned-modgerous.icu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaut-hil.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Fri, 09 Sep 2022 08:40:07 GMT
content-length: 0
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://yourxfriend.com/Norway.choose/index.html?cep=mQnbqEgULm8rccUGh0otHEcqItes2szR9WU9Ajr8AOoQLid9G1Wsbj1-Ktmv5sStQvXza3nrzPukFPKOhWXAKkSYXzmGytx-66CI6_XPZoQEqRujYHtczJ7w-q1gIbKBuYJfX9_0flV8bnYbfGcJF-VvB_KvCEfK3goFntQHJwysIbyMyzJ1ZH40Aw8J4jlTDDqQtJt1KS_Zc6X8akYugXgx13enNV12hvYS9GA8RF5GCGHV88eWlZywDBPY5pod9v0jtQ8G68KK_fuavWohqaZRjYEVxex0Up6sefFhinCaxQ0oxGd9grDUqgiGxfFy9G7C062_Q_rbM6CuIo8UsR50JhZ9RrH-70oj59JluNn6x7l9LRTeBj2wy8nKim3hW8GQT1Oo2lGMU5boBbDDDhAqLFthcRUzCKwJCnj6W9mEDs4IEr4QrG3Im5Fx1w1HcQKHf4SvSvQGWvSVGLT-ykKBHqSs8DdGGmGHjRn0yR-CyG2YutwOiSQh1a688bhKSymUpxMWHX6y733AeqL2vA&lptoken=166962197168463207d2
pragma: no-cache
set-cookie: cep-v4=mQnbqEgULm8rccUGh0otHEcqItes2szR9WU9Ajr8AOoQLid9G1Wsbj1-Ktmv5sStQvXza3nrzPukFPKOhWXAKkSYXzmGytx-66CI6_XPZoQEqRujYHtczJ7w-q1gIbKBuYJfX9_0flV8bnYbfGcJF-VvB_KvCEfK3goFntQHJwysIbyMyzJ1ZH40Aw8J4jlTDDqQtJt1KS_Zc6X8akYugXgx13enNV12hvYS9GA8RF5GCGHV88eWlZywDBPY5pod9v0jtQ8G68KK_fuavWohqaZRjYEVxex0Up6sefFhinCaxQ0oxGd9grDUqgiGxfFy9G7C062_Q_rbM6CuIo8UsR50JhZ9RrH-70oj59JluNn6x7l9LRTeBj2wy8nKim3hW8GQT1Oo2lGMU5boBbDDDhAqLFthcRUzCKwJCnj6W9mEDs4IEr4QrG3Im5Fx1w1HcQKHf4SvSvQGWvSVGLT-ykKBHqSs8DdGGmGHjRn0yR-CyG2YutwOiSQh1a688bhKSymUpxMWHX6y733AeqL2vA; Max-Age=86400; Expires=Sat, 10-Sep-2022 08:40:07 GMT; Domain=histioned-modgerous.icu; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2
gaut-hil.com/favicon.ico
34.194.66.161404 Not Found 653 B IP 34.194.66.161:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (649), with no line terminators
Hash ba2732b1b2fa2626ffaa15f62f9e7d66
203d4e7fbb1d80449d6e4e1f3ae7a9bf8625debe
879861cb72fe9fbb476dab246021c4c83b4066327de2529e05ec54d3afb0a1c8
GET /favicon.ico HTTP/1.1
Host: gaut-hil.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaut-hil.com/zcredirect?visitid=015aede3-301b-11ed-8ecb-128accf2cffb&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Fri, 09 Sep 2022 08:40:07 GMT
content-type: text/html;charset=utf-8
content-length: 653
cache-control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-webkit-csp: default-src 'self'; script-src 'self' 'unsafe-inline'
content-language: en
server: VyhNpWSL
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e6fe0a97e8f1c326a215c28897491902
4ee40d4a02b8db303ce743255558f450e672eaa7
f81b1940ee5922786e05ec5e33254a2cd8bd4fc6d6f8e20d3e299e3e391f552d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F81B1940EE5922786E05EC5E33254A2CD8BD4FC6D6F8E20D3E299E3E391F552D"
Last-Modified: Wed, 07 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6610
Expires: Fri, 09 Sep 2022 10:30:18 GMT
Date: Fri, 09 Sep 2022 08:40:08 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e0fbe5627b19e9ad7ad4d40c96514ae9
d9d361271987c5947d96ddacc67efb3f3a32bbd3
48b4321f3bda8fd67c5bc75f98b0dfe6df2bfda8dcf5e708aecd47270ae03217
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "48B4321F3BDA8FD67C5BC75F98B0DFE6DF2BFDA8DCF5E708AECD47270AE03217"
Last-Modified: Wed, 07 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17740
Expires: Fri, 09 Sep 2022 13:35:48 GMT
Date: Fri, 09 Sep 2022 08:40:08 GMT
Connection: keep-alive
yourxfriend.com/Norway.choose/index_files/js.js.%E4%B8%8B%E8%BD%BD
178.79.185.229200 OK 105 kB URL HTTP/2 yourxfriend.com/Norway.choose/index_files/js.js.%E4%B8%8B%E8%BD%BD
IP 178.79.185.229:0
File type ASCII text, with very long lines (33835)
Size 105 kB (105034 bytes)
Hash 3f72274a714dea2a46314d8f76e8cb9f
afd3deee47506a2ff9604f7ccfac58abb7707e3a
8c40fea3c7ab0c1c253220cb2e55fa12a1c8eb8331e9ac139ccbd0997349cf99
Analyzer Verdict Alert fortinet Phishing
GET /Norway.choose/index_files/js.js.%E4%B8%8B%E8%BD%BD HTTP/1.1
Host: yourxfriend.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yourxfriend.com/Norway.choose/index.html?cep=mQnbqEgULm8rccUGh0otHEcqItes2szR9WU9Ajr8AOoQLid9G1Wsbj1-Ktmv5sStQvXza3nrzPukFPKOhWXAKkSYXzmGytx-66CI6_XPZoQEqRujYHtczJ7w-q1gIbKBuYJfX9_0flV8bnYbfGcJF-VvB_KvCEfK3goFntQHJwysIbyMyzJ1ZH40Aw8J4jlTDDqQtJt1KS_Zc6X8akYugXgx13enNV12hvYS9GA8RF5GCGHV88eWlZywDBPY5pod9v0jtQ8G68KK_fuavWohqaZRjYEVxex0Up6sefFhinCaxQ0oxGd9grDUqgiGxfFy9G7C062_Q_rbM6CuIo8UsR50JhZ9RrH-70oj59JluNn6x7l9LRTeBj2wy8nKim3hW8GQT1Oo2lGMU5boBbDDDhAqLFthcRUzCKwJCnj6W9mEDs4IEr4QrG3Im5Fx1w1HcQKHf4SvSvQGWvSVGLT-ykKBHqSs8DdGGmGHjRn0yR-CyG2YutwOiSQh1a688bhKSymUpxMWHX6y733AeqL2vA&lptoken=166962197168463207d2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 08:40:08 GMT
content-type: application/octet-stream
content-length: 105034
last-modified: Mon, 15 Apr 2019 15:54:43 GMT
etag: "5cb4a943-19a4a"
accept-ranges: bytes
X-Firefox-Spdy: h2
yourxfriend.com/Norway.choose/index_files/css.css
178.79.185.229200 OK 1.2 kB URL HTTP/2 yourxfriend.com/Norway.choose/index_files/css.css
IP 178.79.185.229:0
Hash 1090b4af81d19295584b9649cd2ed47b
d9b1ebca39c6bb9c410dcdede10b6d41440058cc
2a6a747dc2d79eb02e87d8b2c6689a77e4095abcd2a780d416f9b293b97bfafd
GET /Norway.choose/index_files/css.css HTTP/1.1
Host: yourxfriend.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yourxfriend.com/Norway.choose/index.html?cep=mQnbqEgULm8rccUGh0otHEcqItes2szR9WU9Ajr8AOoQLid9G1Wsbj1-Ktmv5sStQvXza3nrzPukFPKOhWXAKkSYXzmGytx-66CI6_XPZoQEqRujYHtczJ7w-q1gIbKBuYJfX9_0flV8bnYbfGcJF-VvB_KvCEfK3goFntQHJwysIbyMyzJ1ZH40Aw8J4jlTDDqQtJt1KS_Zc6X8akYugXgx13enNV12hvYS9GA8RF5GCGHV88eWlZywDBPY5pod9v0jtQ8G68KK_fuavWohqaZRjYEVxex0Up6sefFhinCaxQ0oxGd9grDUqgiGxfFy9G7C062_Q_rbM6CuIo8UsR50JhZ9RrH-70oj59JluNn6x7l9LRTeBj2wy8nKim3hW8GQT1Oo2lGMU5boBbDDDhAqLFthcRUzCKwJCnj6W9mEDs4IEr4QrG3Im5Fx1w1HcQKHf4SvSvQGWvSVGLT-ykKBHqSs8DdGGmGHjRn0yR-CyG2YutwOiSQh1a688bhKSymUpxMWHX6y733AeqL2vA&lptoken=166962197168463207d2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 08:40:08 GMT
content-type: text/css
last-modified: Mon, 15 Apr 2019 15:54:43 GMT
vary: Accept-Encoding
etag: W/"5cb4a943-9e7"
expires: Fri, 09 Sep 2022 20:40:08 GMT
cache-control: max-age=43200
content-encoding: gzip
X-Firefox-Spdy: h2
yourxfriend.com/Norway.choose/index_files/logo.png
178.79.185.229200 OK 2.5 kB URL HTTP/2 yourxfriend.com/Norway.choose/index_files/logo.png
IP 178.79.185.229:0
File type PNG image data, 295 x 60, 8-bit colormap, non-interlaced\012- data
Hash bf86747345e84d2e350daaec10fc85cc
18fc6e339d2a699c9b2f6f210d6e091e12f36445
93edb7ce37a8fab505ed41e3010969a6d8efbb6ea01d8700583c4c1c8d7f0db9
GET /Norway.choose/index_files/logo.png HTTP/1.1
Host: yourxfriend.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yourxfriend.com/Norway.choose/index.html?cep=mQnbqEgULm8rccUGh0otHEcqItes2szR9WU9Ajr8AOoQLid9G1Wsbj1-Ktmv5sStQvXza3nrzPukFPKOhWXAKkSYXzmGytx-66CI6_XPZoQEqRujYHtczJ7w-q1gIbKBuYJfX9_0flV8bnYbfGcJF-VvB_KvCEfK3goFntQHJwysIbyMyzJ1ZH40Aw8J4jlTDDqQtJt1KS_Zc6X8akYugXgx13enNV12hvYS9GA8RF5GCGHV88eWlZywDBPY5pod9v0jtQ8G68KK_fuavWohqaZRjYEVxex0Up6sefFhinCaxQ0oxGd9grDUqgiGxfFy9G7C062_Q_rbM6CuIo8UsR50JhZ9RrH-70oj59JluNn6x7l9LRTeBj2wy8nKim3hW8GQT1Oo2lGMU5boBbDDDhAqLFthcRUzCKwJCnj6W9mEDs4IEr4QrG3Im5Fx1w1HcQKHf4SvSvQGWvSVGLT-ykKBHqSs8DdGGmGHjRn0yR-CyG2YutwOiSQh1a688bhKSymUpxMWHX6y733AeqL2vA&lptoken=166962197168463207d2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 08:40:08 GMT
content-type: image/png
content-length: 2453
last-modified: Mon, 15 Apr 2019 15:54:43 GMT
etag: "5cb4a943-995"
expires: Sun, 09 Oct 2022 08:40:08 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2
yourxfriend.com/Norway.choose/index_files/1.jpg
178.79.185.229200 OK 53 kB URL HTTP/2 yourxfriend.com/Norway.choose/index_files/1.jpg
IP 178.79.185.229:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 600x800, components 3\012- data
Hash c0c533f6b81f4a18186c8be2c043fd1c
5cc3433aba839ebb6156e43fe8de86d7f6cdda58
016c6b7ab8d25b14bb9137152aa6bb3e2249fdeb7cc067440e144513c2179ebe
GET /Norway.choose/index_files/1.jpg HTTP/1.1
Host: yourxfriend.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yourxfriend.com/Norway.choose/index.html?cep=mQnbqEgULm8rccUGh0otHEcqItes2szR9WU9Ajr8AOoQLid9G1Wsbj1-Ktmv5sStQvXza3nrzPukFPKOhWXAKkSYXzmGytx-66CI6_XPZoQEqRujYHtczJ7w-q1gIbKBuYJfX9_0flV8bnYbfGcJF-VvB_KvCEfK3goFntQHJwysIbyMyzJ1ZH40Aw8J4jlTDDqQtJt1KS_Zc6X8akYugXgx13enNV12hvYS9GA8RF5GCGHV88eWlZywDBPY5pod9v0jtQ8G68KK_fuavWohqaZRjYEVxex0Up6sefFhinCaxQ0oxGd9grDUqgiGxfFy9G7C062_Q_rbM6CuIo8UsR50JhZ9RrH-70oj59JluNn6x7l9LRTeBj2wy8nKim3hW8GQT1Oo2lGMU5boBbDDDhAqLFthcRUzCKwJCnj6W9mEDs4IEr4QrG3Im5Fx1w1HcQKHf4SvSvQGWvSVGLT-ykKBHqSs8DdGGmGHjRn0yR-CyG2YutwOiSQh1a688bhKSymUpxMWHX6y733AeqL2vA&lptoken=166962197168463207d2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 08:40:08 GMT
content-type: image/jpeg
content-length: 52656
last-modified: Mon, 15 Apr 2019 15:54:43 GMT
etag: "5cb4a943-cdb0"
expires: Sun, 09 Oct 2022 08:40:08 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2
yourxfriend.com/Norway.choose/index_files/2.jpg
178.79.185.229200 OK 58 kB URL HTTP/2 yourxfriend.com/Norway.choose/index_files/2.jpg
IP 178.79.185.229:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 320x320, segment length 16, progressive, precision 8, 600x800, components 3\012- data
Hash 4cd8c51873861a9c3887f50d6d4684ba
87ce6cd3d715fdd68a4853625ca4b8004f89e3e4
5caa332b02112d998a097b6a617d90075d1929e493d8979ac291c0794cb65246
GET /Norway.choose/index_files/2.jpg HTTP/1.1
Host: yourxfriend.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yourxfriend.com/Norway.choose/index.html?cep=mQnbqEgULm8rccUGh0otHEcqItes2szR9WU9Ajr8AOoQLid9G1Wsbj1-Ktmv5sStQvXza3nrzPukFPKOhWXAKkSYXzmGytx-66CI6_XPZoQEqRujYHtczJ7w-q1gIbKBuYJfX9_0flV8bnYbfGcJF-VvB_KvCEfK3goFntQHJwysIbyMyzJ1ZH40Aw8J4jlTDDqQtJt1KS_Zc6X8akYugXgx13enNV12hvYS9GA8RF5GCGHV88eWlZywDBPY5pod9v0jtQ8G68KK_fuavWohqaZRjYEVxex0Up6sefFhinCaxQ0oxGd9grDUqgiGxfFy9G7C062_Q_rbM6CuIo8UsR50JhZ9RrH-70oj59JluNn6x7l9LRTeBj2wy8nKim3hW8GQT1Oo2lGMU5boBbDDDhAqLFthcRUzCKwJCnj6W9mEDs4IEr4QrG3Im5Fx1w1HcQKHf4SvSvQGWvSVGLT-ykKBHqSs8DdGGmGHjRn0yR-CyG2YutwOiSQh1a688bhKSymUpxMWHX6y733AeqL2vA&lptoken=166962197168463207d2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 08:40:08 GMT
content-type: image/jpeg
content-length: 58100
last-modified: Mon, 15 Apr 2019 15:54:43 GMT
etag: "5cb4a943-e2f4"
expires: Sun, 09 Oct 2022 08:40:08 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e0fbe5627b19e9ad7ad4d40c96514ae9
d9d361271987c5947d96ddacc67efb3f3a32bbd3
48b4321f3bda8fd67c5bc75f98b0dfe6df2bfda8dcf5e708aecd47270ae03217
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "48B4321F3BDA8FD67C5BC75F98B0DFE6DF2BFDA8DCF5E708AECD47270AE03217"
Last-Modified: Wed, 07 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17740
Expires: Fri, 09 Sep 2022 13:35:48 GMT
Date: Fri, 09 Sep 2022 08:40:08 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e0fbe5627b19e9ad7ad4d40c96514ae9
d9d361271987c5947d96ddacc67efb3f3a32bbd3
48b4321f3bda8fd67c5bc75f98b0dfe6df2bfda8dcf5e708aecd47270ae03217
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "48B4321F3BDA8FD67C5BC75F98B0DFE6DF2BFDA8DCF5E708AECD47270AE03217"
Last-Modified: Wed, 07 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17740
Expires: Fri, 09 Sep 2022 13:35:48 GMT
Date: Fri, 09 Sep 2022 08:40:08 GMT
Connection: keep-alive
yourxfriend.com/Norway.choose/index_files/3.jpg
178.79.185.229200 OK 58 kB URL HTTP/2 yourxfriend.com/Norway.choose/index_files/3.jpg
IP 178.79.185.229:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, progressive, precision 8, 600x800, components 3\012- data
Hash 9a1a96ac1f68109853ce5111645b5ff0
2d1234526d8c5830bad954e0a5b4874c6bacb249
59d0229d8d1d80cb1bf4af7245cce87b7e46ad981ade704a6497a041c25eb310
GET /Norway.choose/index_files/3.jpg HTTP/1.1
Host: yourxfriend.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yourxfriend.com/Norway.choose/index.html?cep=mQnbqEgULm8rccUGh0otHEcqItes2szR9WU9Ajr8AOoQLid9G1Wsbj1-Ktmv5sStQvXza3nrzPukFPKOhWXAKkSYXzmGytx-66CI6_XPZoQEqRujYHtczJ7w-q1gIbKBuYJfX9_0flV8bnYbfGcJF-VvB_KvCEfK3goFntQHJwysIbyMyzJ1ZH40Aw8J4jlTDDqQtJt1KS_Zc6X8akYugXgx13enNV12hvYS9GA8RF5GCGHV88eWlZywDBPY5pod9v0jtQ8G68KK_fuavWohqaZRjYEVxex0Up6sefFhinCaxQ0oxGd9grDUqgiGxfFy9G7C062_Q_rbM6CuIo8UsR50JhZ9RrH-70oj59JluNn6x7l9LRTeBj2wy8nKim3hW8GQT1Oo2lGMU5boBbDDDhAqLFthcRUzCKwJCnj6W9mEDs4IEr4QrG3Im5Fx1w1HcQKHf4SvSvQGWvSVGLT-ykKBHqSs8DdGGmGHjRn0yR-CyG2YutwOiSQh1a688bhKSymUpxMWHX6y733AeqL2vA&lptoken=166962197168463207d2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 08:40:08 GMT
content-type: image/jpeg
content-length: 57891
last-modified: Mon, 15 Apr 2019 15:54:43 GMT
etag: "5cb4a943-e223"
expires: Sun, 09 Oct 2022 08:40:08 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e0fbe5627b19e9ad7ad4d40c96514ae9
d9d361271987c5947d96ddacc67efb3f3a32bbd3
48b4321f3bda8fd67c5bc75f98b0dfe6df2bfda8dcf5e708aecd47270ae03217
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "48B4321F3BDA8FD67C5BC75F98B0DFE6DF2BFDA8DCF5E708AECD47270AE03217"
Last-Modified: Wed, 07 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17740
Expires: Fri, 09 Sep 2022 13:35:48 GMT
Date: Fri, 09 Sep 2022 08:40:08 GMT
Connection: keep-alive
yourxfriend.com/Norway.choose/index_files/4.jpg
178.79.185.229200 OK 63 kB URL HTTP/2 yourxfriend.com/Norway.choose/index_files/4.jpg
IP 178.79.185.229:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 600x800, components 3\012- data
Hash af176afd9ee2c211969b5629481133db
f857811cce2e337ab7feb9aca097aed739cd009b
f3e8c18b2c915d286df3a746191bca39d35c3e828666ab351189e4bfc9d629f0
GET /Norway.choose/index_files/4.jpg HTTP/1.1
Host: yourxfriend.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yourxfriend.com/Norway.choose/index.html?cep=mQnbqEgULm8rccUGh0otHEcqItes2szR9WU9Ajr8AOoQLid9G1Wsbj1-Ktmv5sStQvXza3nrzPukFPKOhWXAKkSYXzmGytx-66CI6_XPZoQEqRujYHtczJ7w-q1gIbKBuYJfX9_0flV8bnYbfGcJF-VvB_KvCEfK3goFntQHJwysIbyMyzJ1ZH40Aw8J4jlTDDqQtJt1KS_Zc6X8akYugXgx13enNV12hvYS9GA8RF5GCGHV88eWlZywDBPY5pod9v0jtQ8G68KK_fuavWohqaZRjYEVxex0Up6sefFhinCaxQ0oxGd9grDUqgiGxfFy9G7C062_Q_rbM6CuIo8UsR50JhZ9RrH-70oj59JluNn6x7l9LRTeBj2wy8nKim3hW8GQT1Oo2lGMU5boBbDDDhAqLFthcRUzCKwJCnj6W9mEDs4IEr4QrG3Im5Fx1w1HcQKHf4SvSvQGWvSVGLT-ykKBHqSs8DdGGmGHjRn0yR-CyG2YutwOiSQh1a688bhKSymUpxMWHX6y733AeqL2vA&lptoken=166962197168463207d2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 08:40:08 GMT
content-type: image/jpeg
content-length: 62843
last-modified: Mon, 15 Apr 2019 15:54:43 GMT
etag: "5cb4a943-f57b"
expires: Sun, 09 Oct 2022 08:40:08 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F242561c0-8a95-468b-ba61-6859edfe8518.jpeg
34.120.237.76200 OK 7.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F242561c0-8a95-468b-ba61-6859edfe8518.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3f8aeb20a6543be83f3e422796c4dc70
4e4e127039dd8099c63c3bde198118d2874f7342
0f9fdd1b577e4719f88620bb451131bfb120790479b4feccb4222647fb3ea453
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F242561c0-8a95-468b-ba61-6859edfe8518.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7218
x-amzn-requestid: 4e9672b6-5415-4808-9508-22e8c42de448
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YE_QzHffIAMFYTw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6318459e-743b975a2770e2a90c616d87;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 07:17:50 GMT
x-amz-cf-pop: SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: RWXxavA41fuv9fahIKxt-zxwqiRlW7CDdZvbLl-JLTG-TV3xQlEovA==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 bd6f70221217681265382902c6157c76.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Sep 2022 21:45:51 GMT
age: 39257
etag: "4e4e127039dd8099c63c3bde198118d2874f7342"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6fe67ce8-0dbe-46fe-b313-0e2a78618af6.jpeg
34.120.237.76200 OK 8.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6fe67ce8-0dbe-46fe-b313-0e2a78618af6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6b210b0740e1eb42fcbd3aba71ceb8b4
467e3fee064805e08a9e6e3c86b195f6aa68c433
d5ecaf9ae06ff984c86bee5005c534e3c65255e6faeb5c3837fa601740a2c5ae
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6fe67ce8-0dbe-46fe-b313-0e2a78618af6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8308
x-amzn-requestid: 3610a034-9015-43b5-9ff7-321d7629e77d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YKQ6-EiIIAMFaJg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631a61df-23a8a01717f7e19d5fd6233b;Sampled=0
x-amzn-remapped-date: Thu, 08 Sep 2022 21:42:55 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: uMVbhDzCFBjAYRJsfox5aEW5HJ9muukQRjIJDVXMp_y48cposGzt-w==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 76dcc62b68091cc715d50b5017be77fc.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Sep 2022 21:45:51 GMT
etag: "467e3fee064805e08a9e6e3c86b195f6aa68c433"
content-type: image/jpeg
age: 39257
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
yourxfriend.com/Norway.choose/index_files/6.jpg
178.79.185.229200 OK 62 kB URL HTTP/2 yourxfriend.com/Norway.choose/index_files/6.jpg
IP 178.79.185.229:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 600x800, components 3\012- data
Hash a5797027336218078782757819690f47
02a441f6da0b6651f0c073a61c6cb4fcc1252267
96d3f15366392d78c504a515c27b602a256f8c659b7482230928a4100e25bd38
GET /Norway.choose/index_files/6.jpg HTTP/1.1
Host: yourxfriend.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yourxfriend.com/Norway.choose/index.html?cep=mQnbqEgULm8rccUGh0otHEcqItes2szR9WU9Ajr8AOoQLid9G1Wsbj1-Ktmv5sStQvXza3nrzPukFPKOhWXAKkSYXzmGytx-66CI6_XPZoQEqRujYHtczJ7w-q1gIbKBuYJfX9_0flV8bnYbfGcJF-VvB_KvCEfK3goFntQHJwysIbyMyzJ1ZH40Aw8J4jlTDDqQtJt1KS_Zc6X8akYugXgx13enNV12hvYS9GA8RF5GCGHV88eWlZywDBPY5pod9v0jtQ8G68KK_fuavWohqaZRjYEVxex0Up6sefFhinCaxQ0oxGd9grDUqgiGxfFy9G7C062_Q_rbM6CuIo8UsR50JhZ9RrH-70oj59JluNn6x7l9LRTeBj2wy8nKim3hW8GQT1Oo2lGMU5boBbDDDhAqLFthcRUzCKwJCnj6W9mEDs4IEr4QrG3Im5Fx1w1HcQKHf4SvSvQGWvSVGLT-ykKBHqSs8DdGGmGHjRn0yR-CyG2YutwOiSQh1a688bhKSymUpxMWHX6y733AeqL2vA&lptoken=166962197168463207d2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 08:40:08 GMT
content-type: image/jpeg
content-length: 61583
last-modified: Mon, 15 Apr 2019 15:54:43 GMT
etag: "5cb4a943-f08f"
expires: Sun, 09 Oct 2022 08:40:08 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2
yourxfriend.com/Norway.choose/index_files/7.jpg
178.79.185.229200 OK 47 kB URL HTTP/2 yourxfriend.com/Norway.choose/index_files/7.jpg
IP 178.79.185.229:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 600x800, components 3\012- data
Hash 1a3e25ff18c417373abbb55c8eefb826
32fc576b6b1e9f8dd7d8087e28450813b16278bc
e6a0e3c70d4a9ccf625da672a92c5de8f63ea3f0a23cdd42738f34607cc55687
GET /Norway.choose/index_files/7.jpg HTTP/1.1
Host: yourxfriend.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yourxfriend.com/Norway.choose/index.html?cep=mQnbqEgULm8rccUGh0otHEcqItes2szR9WU9Ajr8AOoQLid9G1Wsbj1-Ktmv5sStQvXza3nrzPukFPKOhWXAKkSYXzmGytx-66CI6_XPZoQEqRujYHtczJ7w-q1gIbKBuYJfX9_0flV8bnYbfGcJF-VvB_KvCEfK3goFntQHJwysIbyMyzJ1ZH40Aw8J4jlTDDqQtJt1KS_Zc6X8akYugXgx13enNV12hvYS9GA8RF5GCGHV88eWlZywDBPY5pod9v0jtQ8G68KK_fuavWohqaZRjYEVxex0Up6sefFhinCaxQ0oxGd9grDUqgiGxfFy9G7C062_Q_rbM6CuIo8UsR50JhZ9RrH-70oj59JluNn6x7l9LRTeBj2wy8nKim3hW8GQT1Oo2lGMU5boBbDDDhAqLFthcRUzCKwJCnj6W9mEDs4IEr4QrG3Im5Fx1w1HcQKHf4SvSvQGWvSVGLT-ykKBHqSs8DdGGmGHjRn0yR-CyG2YutwOiSQh1a688bhKSymUpxMWHX6y733AeqL2vA&lptoken=166962197168463207d2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 08:40:08 GMT
content-type: image/jpeg
content-length: 47347
last-modified: Mon, 15 Apr 2019 15:54:43 GMT
etag: "5cb4a943-b8f3"
expires: Sun, 09 Oct 2022 08:40:08 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2
collegebabestube.com/page/bouncy.php?&bpae=GbhGtKvGtEx%2F9rvvf2p1zU5dvntvp0rlyzQhAJSn6CN8goshKTXdar%2F%2Fup%2BWy9J8QyvzjgZaodNogVWRRVaRGG0M8UH9%2BFl3vdg5emEzAfe85%2FpskTNK%2FRf91b5Vh240qsi2Pv0fvhzyyMgXr67AF0dWxlX%2FhZGDDDcugbdUaD2V1rbyOWnvAgbnauimFtLGMu0hNNR%2FEijai9ZL8erFjAl84XTMbU6M%2FfyUebJSi0UZoRQt8sju7RmUbUZkDEEwI6ZX1EFjTI2pmWKkslOkp6ls5nC6xRV8YrgKsCH1RQvZ%2FZRxF82Fwc9MgzT7SnMS1CnrpXuIOqG1MD9Rcto%2BVigla5ClvUKZSw765n6ocv5nAF6hPPZ5ZPwKWwqbaeb5tTuGF6qClWLAH%2BavJDL0wSw%2Fd451Ktd%2BnlnlPc7i6O32q5787OgoiNZ%2FNrDwyipc47eYipGeE86sUR1zoax%2FclSHxQ9qwgj98kzPIpOZtG3z6u15po5V8%2FT%2FlrHpmGf389Q%3D&redirectType=js&inIframe=false&inPopUp=false
67.227.226.240200 OK 10 kB URL HTTP/1.1 collegebabestube.com/page/bouncy.php?&bpae=GbhGtKvGtEx%2F9rvvf2p1zU5dvntvp0rlyzQhAJSn6CN8goshKTXdar%2F%2Fup%2BWy9J8QyvzjgZaodNogVWRRVaRGG0M8UH9%2BFl3vdg5emEzAfe85%2FpskTNK%2FRf91b5Vh240qsi2Pv0fvhzyyMgXr67AF0dWxlX%2FhZGDDDcugbdUaD2V1rbyOWnvAgbnauimFtLGMu0hNNR%2FEijai9ZL8erFjAl84XTMbU6M%2FfyUebJSi0UZoRQt8sju7RmUbUZkDEEwI6ZX1EFjTI2pmWKkslOkp6ls5nC6xRV8YrgKsCH1RQvZ%2FZRxF82Fwc9MgzT7SnMS1CnrpXuIOqG1MD9Rcto%2BVigla5ClvUKZSw765n6ocv5nAF6hPPZ5ZPwKWwqbaeb5tTuGF6qClWLAH%2BavJDL0wSw%2Fd451Ktd%2BnlnlPc7i6O32q5787OgoiNZ%2FNrDwyipc47eYipGeE86sUR1zoax%2FclSHxQ9qwgj98kzPIpOZtG3z6u15po5V8%2FT%2FlrHpmGf389Q%3D&redirectType=js&inIframe=false&inPopUp=false
IP 67.227.226.240:0
Hash 1066aed62a7c052cf30c15cc4132f115
b952eced2d3085fdb5d3912c14b54a22057a4076
3c95160764807b88d8a05af173f69d853d4045b31f8ba60e94a1b66a6ef76508
GET /page/bouncy.php?&bpae=GbhGtKvGtEx%2F9rvvf2p1zU5dvntvp0rlyzQhAJSn6CN8goshKTXdar%2F%2Fup%2BWy9J8QyvzjgZaodNogVWRRVaRGG0M8UH9%2BFl3vdg5emEzAfe85%2FpskTNK%2FRf91b5Vh240qsi2Pv0fvhzyyMgXr67AF0dWxlX%2FhZGDDDcugbdUaD2V1rbyOWnvAgbnauimFtLGMu0hNNR%2FEijai9ZL8erFjAl84XTMbU6M%2FfyUebJSi0UZoRQt8sju7RmUbUZkDEEwI6ZX1EFjTI2pmWKkslOkp6ls5nC6xRV8YrgKsCH1RQvZ%2FZRxF82Fwc9MgzT7SnMS1CnrpXuIOqG1MD9Rcto%2BVigla5ClvUKZSw765n6ocv5nAF6hPPZ5ZPwKWwqbaeb5tTuGF6qClWLAH%2BavJDL0wSw%2Fd451Ktd%2BnlnlPc7i6O32q5787OgoiNZ%2FNrDwyipc47eYipGeE86sUR1zoax%2FclSHxQ9qwgj98kzPIpOZtG3z6u15po5V8%2FT%2FlrHpmGf389Q%3D&redirectType=js&inIframe=false&inPopUp=false HTTP/1.1
Host: collegebabestube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://collegebabestube.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Fri, 09 Sep 2022 08:40:07 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9
X-Powered-By: PHP/5.4.16
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5f31e9e-7d20-466c-a9b3-ce9e9c5475e8.jpeg
34.120.237.76200 OK 9.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5f31e9e-7d20-466c-a9b3-ce9e9c5475e8.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ba8d1b764c2d18807caecb5ee1e046c0
c0e3d10ce67f77a92b54954410e30621af7ee87c
f558c4827c2edf896588b6e3f0b4f295269e95f86143b40729a7a2a5e1adbbb6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5f31e9e-7d20-466c-a9b3-ce9e9c5475e8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9011
x-amzn-requestid: cf861da4-5f3b-43b8-931a-5285839c6301
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YKQgHFbOoAMFYVQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631a6133-4cf2e37f5e762a557b081446;Sampled=0
x-amzn-remapped-date: Thu, 08 Sep 2022 21:40:03 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: wqcl8zkszPZhWjJ7mr_p82IRaNzU2vMV3wtipUYgRaL7Vj3ntmYYqQ==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 95785220a566cd050f3ad80928463374.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Sep 2022 22:00:13 GMT
age: 38395
etag: "c0e3d10ce67f77a92b54954410e30621af7ee87c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc632269f-fb89-42dc-acc4-f733f3d7beb7.jpeg
34.120.237.76200 OK 4.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc632269f-fb89-42dc-acc4-f733f3d7beb7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a5fdeb374d4e3669ce5d9ff2cd22cd19
70ede5692526afd351d134a391383461dafdc64f
10c5d8e41aae1a36525a45375966b5067333f0c7edc176a540fd6527ebe1ad8c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc632269f-fb89-42dc-acc4-f733f3d7beb7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4532
x-amzn-requestid: e5694699-7f38-4542-8808-54bda7ee7d86
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YIMmGGUmIAMF2cw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63198e26-1aa6788e24fcfdf0008bee21;Sampled=0
x-amzn-remapped-date: Thu, 08 Sep 2022 06:39:34 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: smtzoqnzJiET63xsW_r_-eVNsTK01mGqRbvuwekbqjnzS6Sb1fw9HQ==
via: 1.1 ef6538ee7be7b17c84d06edb0f4c0a1a.cloudfront.net (CloudFront), 1.1 3c974a460e97e56c6eb1e6a30797d9d6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Sep 2022 22:54:58 GMT
etag: "70ede5692526afd351d134a391383461dafdc64f"
content-type: image/jpeg
age: 35110
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
yourxfriend.com/Norway.choose/index_files/9.jpg
178.79.185.229200 OK 41 kB URL HTTP/2 yourxfriend.com/Norway.choose/index_files/9.jpg
IP 178.79.185.229:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 600x800, components 3\012- data
Hash 5a99dfca3ee0a4d3cbdf29216158cc6e
23a0d0cfa9d50b0e8165a848995c9fc051ce7f27
2fbb89ef33eeef625cb40ec7644a250083821110718ed5d105f2a7805ebbddf0
GET /Norway.choose/index_files/9.jpg HTTP/1.1
Host: yourxfriend.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yourxfriend.com/Norway.choose/index.html?cep=mQnbqEgULm8rccUGh0otHEcqItes2szR9WU9Ajr8AOoQLid9G1Wsbj1-Ktmv5sStQvXza3nrzPukFPKOhWXAKkSYXzmGytx-66CI6_XPZoQEqRujYHtczJ7w-q1gIbKBuYJfX9_0flV8bnYbfGcJF-VvB_KvCEfK3goFntQHJwysIbyMyzJ1ZH40Aw8J4jlTDDqQtJt1KS_Zc6X8akYugXgx13enNV12hvYS9GA8RF5GCGHV88eWlZywDBPY5pod9v0jtQ8G68KK_fuavWohqaZRjYEVxex0Up6sefFhinCaxQ0oxGd9grDUqgiGxfFy9G7C062_Q_rbM6CuIo8UsR50JhZ9RrH-70oj59JluNn6x7l9LRTeBj2wy8nKim3hW8GQT1Oo2lGMU5boBbDDDhAqLFthcRUzCKwJCnj6W9mEDs4IEr4QrG3Im5Fx1w1HcQKHf4SvSvQGWvSVGLT-ykKBHqSs8DdGGmGHjRn0yR-CyG2YutwOiSQh1a688bhKSymUpxMWHX6y733AeqL2vA&lptoken=166962197168463207d2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 08:40:08 GMT
content-type: image/jpeg
content-length: 41328
last-modified: Mon, 15 Apr 2019 15:54:43 GMT
etag: "5cb4a943-a170"
expires: Sun, 09 Oct 2022 08:40:08 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F498f96cc-d02c-4ca3-a7e2-0be324253465.jpeg
34.120.237.76200 OK 3.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F498f96cc-d02c-4ca3-a7e2-0be324253465.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0078c7a407144a1ede33aef6f734eecf
113393e0dbabb3aff949d19ab6517ba1082b622d
42afcaf15e45dfa9aff14f59f69d60a3de127005e35783d2d35a4cfa652b57b3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F498f96cc-d02c-4ca3-a7e2-0be324253465.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3125
x-amzn-requestid: 5820e798-6469-40f9-8d70-ee71f1a163b9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YLM5GGQAoAMF8eQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631ac1d3-3a0e9db848ea7ab145f1cffa;Sampled=0
x-amzn-remapped-date: Fri, 09 Sep 2022 04:32:19 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: eZaKpjBYe3Qn7vs3zF52Cxob-xu3LMFs8esQAu6Lp6bzM0aOEHoXVg==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 1352c0a623ff0601dd16439f3f225f70.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Sep 2022 04:32:54 GMT
etag: "113393e0dbabb3aff949d19ab6517ba1082b622d"
content-type: image/jpeg
age: 14834
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
yourxfriend.com/Norway.choose/index_files/5.jpg
178.79.185.229200 OK 104 kB URL HTTP/2 yourxfriend.com/Norway.choose/index_files/5.jpg
IP 178.79.185.229:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 600x800, components 3\012- data
Size 104 kB (103996 bytes)
Hash aa8def841fbf0dfb9b660e1ba064ba3f
7334b7f87be4431960e495e89ab37806bec7a1f7
cfb8272ffeea063ecef1af0623e514d14ae039d7c8e7a028b5055fa66b0cc206
GET /Norway.choose/index_files/5.jpg HTTP/1.1
Host: yourxfriend.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yourxfriend.com/Norway.choose/index.html?cep=mQnbqEgULm8rccUGh0otHEcqItes2szR9WU9Ajr8AOoQLid9G1Wsbj1-Ktmv5sStQvXza3nrzPukFPKOhWXAKkSYXzmGytx-66CI6_XPZoQEqRujYHtczJ7w-q1gIbKBuYJfX9_0flV8bnYbfGcJF-VvB_KvCEfK3goFntQHJwysIbyMyzJ1ZH40Aw8J4jlTDDqQtJt1KS_Zc6X8akYugXgx13enNV12hvYS9GA8RF5GCGHV88eWlZywDBPY5pod9v0jtQ8G68KK_fuavWohqaZRjYEVxex0Up6sefFhinCaxQ0oxGd9grDUqgiGxfFy9G7C062_Q_rbM6CuIo8UsR50JhZ9RrH-70oj59JluNn6x7l9LRTeBj2wy8nKim3hW8GQT1Oo2lGMU5boBbDDDhAqLFthcRUzCKwJCnj6W9mEDs4IEr4QrG3Im5Fx1w1HcQKHf4SvSvQGWvSVGLT-ykKBHqSs8DdGGmGHjRn0yR-CyG2YutwOiSQh1a688bhKSymUpxMWHX6y733AeqL2vA&lptoken=166962197168463207d2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 08:40:08 GMT
content-type: image/jpeg
content-length: 103996
last-modified: Mon, 15 Apr 2019 15:54:43 GMT
etag: "5cb4a943-1963c"
expires: Sun, 09 Oct 2022 08:40:08 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2
yourxfriend.com/Norway.choose/index_files/8.jpg
178.79.185.229200 OK 91 kB URL HTTP/2 yourxfriend.com/Norway.choose/index_files/8.jpg
IP 178.79.185.229:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 600x800, components 3\012- data
Hash b64756e1c7a7d6011d3cbdf1d51d2faf
a75cd1e022b596df306ede5958044388286db795
bfa9314c7cc2044e9cc2024a0642c875f88faa0787cc9cd6d2d06cc90760743f
GET /Norway.choose/index_files/8.jpg HTTP/1.1
Host: yourxfriend.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yourxfriend.com/Norway.choose/index.html?cep=mQnbqEgULm8rccUGh0otHEcqItes2szR9WU9Ajr8AOoQLid9G1Wsbj1-Ktmv5sStQvXza3nrzPukFPKOhWXAKkSYXzmGytx-66CI6_XPZoQEqRujYHtczJ7w-q1gIbKBuYJfX9_0flV8bnYbfGcJF-VvB_KvCEfK3goFntQHJwysIbyMyzJ1ZH40Aw8J4jlTDDqQtJt1KS_Zc6X8akYugXgx13enNV12hvYS9GA8RF5GCGHV88eWlZywDBPY5pod9v0jtQ8G68KK_fuavWohqaZRjYEVxex0Up6sefFhinCaxQ0oxGd9grDUqgiGxfFy9G7C062_Q_rbM6CuIo8UsR50JhZ9RrH-70oj59JluNn6x7l9LRTeBj2wy8nKim3hW8GQT1Oo2lGMU5boBbDDDhAqLFthcRUzCKwJCnj6W9mEDs4IEr4QrG3Im5Fx1w1HcQKHf4SvSvQGWvSVGLT-ykKBHqSs8DdGGmGHjRn0yR-CyG2YutwOiSQh1a688bhKSymUpxMWHX6y733AeqL2vA&lptoken=166962197168463207d2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 08:40:08 GMT
content-type: image/jpeg
content-length: 91208
last-modified: Mon, 15 Apr 2019 15:54:43 GMT
etag: "5cb4a943-16448"
expires: Sun, 09 Oct 2022 08:40:08 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2
yourxfriend.com/Norway.choose/index_files/favicon.ico
178.79.185.229200 OK 1.2 kB URL HTTP/2 yourxfriend.com/Norway.choose/index_files/favicon.ico
IP 178.79.185.229:0
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash 8661b45538e3d8b664dd584cadc799ea
e1bd23cc6745f7c0f652434b0f1c29c62cd6345b
d97e8723706e1aa2d9bf203541f652df24527f48fc71238e2b3c1a50b5865fc4
GET /Norway.choose/index_files/favicon.ico HTTP/1.1
Host: yourxfriend.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yourxfriend.com/Norway.choose/index.html?cep=mQnbqEgULm8rccUGh0otHEcqItes2szR9WU9Ajr8AOoQLid9G1Wsbj1-Ktmv5sStQvXza3nrzPukFPKOhWXAKkSYXzmGytx-66CI6_XPZoQEqRujYHtczJ7w-q1gIbKBuYJfX9_0flV8bnYbfGcJF-VvB_KvCEfK3goFntQHJwysIbyMyzJ1ZH40Aw8J4jlTDDqQtJt1KS_Zc6X8akYugXgx13enNV12hvYS9GA8RF5GCGHV88eWlZywDBPY5pod9v0jtQ8G68KK_fuavWohqaZRjYEVxex0Up6sefFhinCaxQ0oxGd9grDUqgiGxfFy9G7C062_Q_rbM6CuIo8UsR50JhZ9RrH-70oj59JluNn6x7l9LRTeBj2wy8nKim3hW8GQT1Oo2lGMU5boBbDDDhAqLFthcRUzCKwJCnj6W9mEDs4IEr4QrG3Im5Fx1w1HcQKHf4SvSvQGWvSVGLT-ykKBHqSs8DdGGmGHjRn0yR-CyG2YutwOiSQh1a688bhKSymUpxMWHX6y733AeqL2vA&lptoken=166962197168463207d2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 08:40:08 GMT
content-type: image/x-icon
content-length: 1150
last-modified: Sun, 24 Feb 2019 23:58:10 GMT
etag: "5c732f92-47e"
accept-ranges: bytes
X-Firefox-Spdy: h2
yourxfriend.com/Norway.choose/index_files/bg1.jpg
178.79.185.229200 OK 110 kB URL HTTP/2 yourxfriend.com/Norway.choose/index_files/bg1.jpg
IP 178.79.185.229:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 1928x988, components 3\012- data
Size 110 kB (109820 bytes)
Hash c3c940ef88c37355dcb0c11335a9203d
75e228beee5411cb82b7ba80c34842316227b1df
c880b9cca5388810aea25234611b11f60a545f350f944f2230340f67d99b54b6
GET /Norway.choose/index_files/bg1.jpg HTTP/1.1
Host: yourxfriend.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yourxfriend.com/Norway.choose/index_files/css.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 08:40:08 GMT
content-type: image/jpeg
content-length: 109820
last-modified: Mon, 15 Apr 2019 15:55:39 GMT
etag: "5cb4a97b-1acfc"
expires: Sun, 09 Oct 2022 08:40:08 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F134e6c5d-5cc9-4c6a-9a5c-5703f2809918.jpeg
34.120.237.76200 OK 4.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F134e6c5d-5cc9-4c6a-9a5c-5703f2809918.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ee9340025af774eed83fa3ae0ebb4b65
b868b62d5f2bc802c565d35ea59e200aaf6ab986
729127258be88fe97e4c777b08ba709900028c41a052b6868cab515e545e8c56
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F134e6c5d-5cc9-4c6a-9a5c-5703f2809918.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 4776
x-amzn-requestid: 49312697-395a-4058-8899-0203e69bf26b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YDU5jHA_IAMFhkw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63179b70-7b17771e456072e87327ff23;Sampled=0
x-amzn-remapped-date: Tue, 06 Sep 2022 19:11:44 GMT
x-amz-cf-pop: SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: BWKpFwEjVenSFCMPbtJ_RfXRZCc5YgIHWBbXfd74xsAC6MtP_UrQ4Q==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 27fe6f224e0cfa3f3a446471ee256e56.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Sep 2022 21:50:28 GMT
age: 38987
etag: "b868b62d5f2bc802c565d35ea59e200aaf6ab986"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
yourxfriend.com/Norway.choose/index.html?cep=mQnbqEgULm8rccUGh0otHEcqItes2szR9WU9Ajr8AOoQLid9G1Wsbj1-Ktmv5sStQvXza3nrzPukFPKOhWXAKkSYXzmGytx-66CI6_XPZoQEqRujYHtczJ7w-q1gIbKBuYJfX9_0flV8bnYbfGcJF-VvB_KvCEfK3goFntQHJwysIbyMyzJ1ZH40Aw8J4jlTDDqQtJt1KS_Zc6X8akYugXgx13enNV12hvYS9GA8RF5GCGHV88eWlZywDBPY5pod9v0jtQ8G68KK_fuavWohqaZRjYEVxex0Up6sefFhinCaxQ0oxGd9grDUqgiGxfFy9G7C062_Q_rbM6CuIo8UsR50JhZ9RrH-70oj59JluNn6x7l9LRTeBj2wy8nKim3hW8GQT1Oo2lGMU5boBbDDDhAqLFthcRUzCKwJCnj6W9mEDs4IEr4QrG3Im5Fx1w1HcQKHf4SvSvQGWvSVGLT-ykKBHqSs8DdGGmGHjRn0yR-CyG2YutwOiSQh1a688bhKSymUpxMWHX6y733AeqL2vA&lptoken=166962197168463207d2
178.79.185.229200 OK 0 B URL HTTP/2 yourxfriend.com/Norway.choose/index.html?cep=mQnbqEgULm8rccUGh0otHEcqItes2szR9WU9Ajr8AOoQLid9G1Wsbj1-Ktmv5sStQvXza3nrzPukFPKOhWXAKkSYXzmGytx-66CI6_XPZoQEqRujYHtczJ7w-q1gIbKBuYJfX9_0flV8bnYbfGcJF-VvB_KvCEfK3goFntQHJwysIbyMyzJ1ZH40Aw8J4jlTDDqQtJt1KS_Zc6X8akYugXgx13enNV12hvYS9GA8RF5GCGHV88eWlZywDBPY5pod9v0jtQ8G68KK_fuavWohqaZRjYEVxex0Up6sefFhinCaxQ0oxGd9grDUqgiGxfFy9G7C062_Q_rbM6CuIo8UsR50JhZ9RrH-70oj59JluNn6x7l9LRTeBj2wy8nKim3hW8GQT1Oo2lGMU5boBbDDDhAqLFthcRUzCKwJCnj6W9mEDs4IEr4QrG3Im5Fx1w1HcQKHf4SvSvQGWvSVGLT-ykKBHqSs8DdGGmGHjRn0yR-CyG2YutwOiSQh1a688bhKSymUpxMWHX6y733AeqL2vA&lptoken=166962197168463207d2
IP 178.79.185.229:0
GET /Norway.choose/index.html?cep=mQnbqEgULm8rccUGh0otHEcqItes2szR9WU9Ajr8AOoQLid9G1Wsbj1-Ktmv5sStQvXza3nrzPukFPKOhWXAKkSYXzmGytx-66CI6_XPZoQEqRujYHtczJ7w-q1gIbKBuYJfX9_0flV8bnYbfGcJF-VvB_KvCEfK3goFntQHJwysIbyMyzJ1ZH40Aw8J4jlTDDqQtJt1KS_Zc6X8akYugXgx13enNV12hvYS9GA8RF5GCGHV88eWlZywDBPY5pod9v0jtQ8G68KK_fuavWohqaZRjYEVxex0Up6sefFhinCaxQ0oxGd9grDUqgiGxfFy9G7C062_Q_rbM6CuIo8UsR50JhZ9RrH-70oj59JluNn6x7l9LRTeBj2wy8nKim3hW8GQT1Oo2lGMU5boBbDDDhAqLFthcRUzCKwJCnj6W9mEDs4IEr4QrG3Im5Fx1w1HcQKHf4SvSvQGWvSVGLT-ykKBHqSs8DdGGmGHjRn0yR-CyG2YutwOiSQh1a688bhKSymUpxMWHX6y733AeqL2vA&lptoken=166962197168463207d2 HTTP/1.1
Host: yourxfriend.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gaut-hil.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 08:40:08 GMT
content-type: text/html
last-modified: Thu, 25 Jun 2020 16:22:13 GMT
vary: Accept-Encoding
etag: W/"5ef4cf35-c89"
content-encoding: gzip
X-Firefox-Spdy: h2
gaut-hil.com/zcredirect?visitid=015aede3-301b-11ed-8ecb-128accf2cffb&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false
34.194.66.161200 OK 0 B URL HTTP/2 gaut-hil.com/zcredirect?visitid=015aede3-301b-11ed-8ecb-128accf2cffb&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false
IP 34.194.66.161:0
GET /zcredirect?visitid=015aede3-301b-11ed-8ecb-128accf2cffb&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false HTTP/1.1
Host: gaut-hil.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaut-hil.com/zcvisitor/015aede3-301b-11ed-8ecb-128accf2cffb/c48f16c0-a519-11ec-9226-0a76dcc61f13?campaignid=37f958d0-eedd-11e6-bac5-0e0b03568723
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 08:40:07 GMT
content-type: text/html;charset=UTF-8
cache-control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-webkit-csp: default-src 'self'; script-src 'self' 'unsafe-inline'
access-control-allow-origin: *
access-control-allow-methods: GET,POST,OPTIONS
access-control-allow-headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
redirected: JS
server: RHRRduaz
X-Firefox-Spdy: h2