exceptionalphonesecurity.xyz/smart-security-0/index.html?clickid={clickid}&utm_source={var1}&utm_medium=restart_{lander.name}&publisher={trafficsource.name}&utm_campaign={trafficsource.name}
301 Moved Permanently 0 B URL HTTP/1.1 exceptionalphonesecurity.xyz/smart-security-0/index.html?clickid={clickid}&utm_source={var1}&utm_medium=restart_{lander.name}&publisher={trafficsource.name}&utm_campaign={trafficsource.name}
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /smart-security-0/index.html?clickid={clickid}&utm_source={var1}&utm_medium=restart_{lander.name}&publisher={trafficsource.name}&utm_campaign={trafficsource.name} HTTP/1.1
Host: exceptionalphonesecurity.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Mon, 12 Sep 2022 11:01:55 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Mon, 12 Sep 2022 12:01:55 GMT
Location: https://exceptionalphonesecurity.xyz/smart-security-0/index.html?clickid={clickid}&utm_source={var1}&utm_medium=restart_{lander.name}&publisher={trafficsource.name}&utm_campaign={trafficsource.name}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OWyuKgq7y11v3b2iY%2FlnTzQtpi3T2bo4ET6bFmhixYeRPT%2Fp5hsUAHLBspCE%2BgG77hui0LKLL7oF9CSAd%2BYTZYHS0PT6Tj4Y4ZAKmKj7qL0ryvu5orm7Mbzxx43GQzjn9hTlb4RNh%2F7VWzcrsAFs"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 749825db19aab512-OSL
alt-svc: h2=":443"; ma=60
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash b593eb39329cfe060d55be5e4a5405e2
78e46c1028e9f94f8569303ad2d90d7df13a059a
08a810103557efe55ca4425ff0cf82593f1f54633df899127eaec9bee05d4d04
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Alert, Content-Length, Content-Type, Backoff
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Mon, 12 Sep 2022 10:08:11 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 f00e3524edcdf61801454f2bb21e71ce.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: kTk7oj_t1FCCqre8eLwRZq1tuJTwZkBDM7Y84yiUpbUeRwEuZW-0Ag==
Age: 3224
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 76d5eb597558e3dee0d99719d17e71e0
f3a0f3932fa8059f27dc9422d523b938fa9a7d09
d16de6cc9eb0e1297f53dc1137bb764bf5c21a7727be32ad05afebd1fe9501ed
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D16DE6CC9EB0E1297F53DC1137BB764BF5C21A7727BE32AD05AFEBD1FE9501ED"
Last-Modified: Sat, 10 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14059
Expires: Mon, 12 Sep 2022 14:56:14 GMT
Date: Mon, 12 Sep 2022 11:01:55 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Mon, 12 Sep 2022 07:17:13 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 9ede9483eb891e14681c7c693b47c862.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: OXie5B4lzr7wgKYYnfHTkPQ97Uh0DP1d9EAo8POVKxs4xm5RqJlONQ==
age: 13483
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 12 Sep 2022 11:01:55 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Mon, 12 Sep 2022 10:56:07 GMT
Expires: Mon, 12 Sep 2022 11:29:50 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: bm-LLf1bVcLJKhAlOghetn0oO10qdPbupmPSwVaXLZQ2iHll7DOVnw==
Age: 348
ocsp.digicert.com/
200 OK 471 B IP
Hash cb674936db4af4be99c3c397eff8c6ae
de79d76bac3fae5799b0ff35ecc19360595dfb06
992b884b64f9f6fdb76a6ba91c48fed329325b95b99d8003b282879a52093c08
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6312
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 11:01:55 GMT
Last-Modified: Mon, 12 Sep 2022 09:16:43 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 471
ocsp.sectigo.com/
200 OK 1.3 kB IP
Hash 0c3a53f4182bc77c6b74fc6c5e881be7
8f72b9f8efcb1d871410c7088d3198106722dafa
0740bf37de89b1e0cb347e352dd98a26320356b080436476800f2ddfba7946b5
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 12 Sep 2022 11:01:56 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 08 Sep 2022 18:25:21 GMT
Expires: Thu, 15 Sep 2022 18:25:20 GMT
Etag: "a653f55ef7e337bd259cd76d14fe2adc91c11603"
Cache-Control: max-age=285203,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 749825e13ac10b49-OSL
my.rtmark.net/p.js?f=sync&lr=1&partner=4d524b7a70f9429d3f354097c0083db80c0150ac1699f4b97f6029051cf877c8
200 OK 697 B URL HTTP/2 my.rtmark.net/p.js?f=sync&lr=1&partner=4d524b7a70f9429d3f354097c0083db80c0150ac1699f4b97f6029051cf877c8
IP
Hash 7e1da03b7d5254f7b1d93874c8f85ce4
c1ff6bec84dd9b2bf2bbcd11bb8791444f04b2d7
ff9366f794284e39381efd6b8ae4b6273469134c741ca7c3d6a1e1248e1a98d4
GET /p.js?f=sync&lr=1&partner=4d524b7a70f9429d3f354097c0083db80c0150ac1699f4b97f6029051cf877c8 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exceptionalphonesecurity.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 12 Sep 2022 11:01:56 GMT
content-type: text/javascript
content-length: 697
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
analytics.tiktok.com/i18n/pixel/events.js?sdkid=C8SQEGFV9S6N3MLDFVTG&lib=ttq
200 OK 38 kB URL HTTP/2 analytics.tiktok.com/i18n/pixel/events.js?sdkid=C8SQEGFV9S6N3MLDFVTG&lib=ttq
IP
ASN #20940 Akamai International B.V.
Hash f4e3598a42e29fde2b089e31da498b6f
eac3a88057d6406122ed5788faf2110263627844
694c6729eca086ea4716bc198a1712635b27a20fa03a405c6d220002e357e5ed
GET /i18n/pixel/events.js?sdkid=C8SQEGFV9S6N3MLDFVTG&lib=ttq HTTP/1.1
Host: analytics.tiktok.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exceptionalphonesecurity.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=UTF-8
x-tt-logid: 202209121101564EB704C09EDBB3134EFC
x-tt-trace-host: 0126282891bc51fb24322ca3dc41539fa5c83e66763bcd13b255e58dc4a41e27c5a52f814e3885538efa3d5031d4e3304e7ca60a8ddd8254d3368516f7f20c7421878d74d0817162fd9f1d358e2040656ea0636b6a3a2919c027f51a8246bc099c
content-encoding: gzip
x-origin-response-time: 5,184.25.157.184
x-akamai-request-id: 50f4d121.3b0ae2f7
expires: Mon, 12 Sep 2022 11:01:56 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Mon, 12 Sep 2022 11:01:56 GMT
x-cache: TCP_MISS from a2-22-31-212.deploy.akamaitechnologies.com (AkamaiGHost/10.9.3-43949849) (-)
vary: Accept-Encoding
x-cache-remote: TCP_MISS from a184-25-157-184.deploy.akamaitechnologies.com (AkamaiGHost/10.9.3-43949849) (-)
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
server-timing: cdn-cache; desc=MISS, edge; dur=97, origin; dur=5, inner; dur=3
x-parent-response-time: 102,2.22.31.212
X-Firefox-Spdy: h2
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: h5EvFsKriDLfL3Qd5izSow==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: VyCFupFmv7XS307Bq19+v3CN1Jg=
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash 6a413b52cd9bc6570b194c0d1c4acad6
06aae3a58ab21ed9de2b3f84282c31556e31824b
be3b7cf24756eda0a88d6f12182074a3fbc852ad03b8fb0cd39dacdb39e059e0
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Mon, 12 Sep 2022 11:01:56 GMT
Last-Modified: Mon, 12 Sep 2022 09:33:36 GMT
Server: ECS (nyb/1D33)
X-Cache: Miss from cloudfront
Via: 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: BBCqT7Sqz2x10_dqazl82FrE_jaMIW1ygBwfUVnkCjzAoDCezgScEA==
Age: 5301
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash 6a413b52cd9bc6570b194c0d1c4acad6
06aae3a58ab21ed9de2b3f84282c31556e31824b
be3b7cf24756eda0a88d6f12182074a3fbc852ad03b8fb0cd39dacdb39e059e0
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Mon, 12 Sep 2022 11:01:56 GMT
Last-Modified: Mon, 12 Sep 2022 10:33:03 GMT
Server: ECS (nyb/1D18)
X-Cache: Miss from cloudfront
Via: 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: m4Fi_tAzbggqgLVX1pX-rn2rvee9cuj_9SdZPD8tVoQm5qieY7bIDw==
Age: 1733
overalltrack.com/api/v3.0/clickapi/img?aid=1&clickId={clickid}
200 OK 202 B URL HTTP/1.1 overalltrack.com/api/v3.0/clickapi/img?aid=1&clickId={clickid}
IP
ASN #14061 DIGITALOCEAN-ASN
Hash 7960ff3756efd0e6f028312bcb7fc36a
1886ec6aee495e5747ab57f8812bc2d6d5fb47f3
88edd55a8c20bb9dc537010671e1981140ce5be4d4b5b9ecf9675d42949c91a2
GET /api/v3.0/clickapi/img?aid=1&clickId={clickid} HTTP/1.1
Host: overalltrack.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exceptionalphonesecurity.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Mon, 12 Sep 2022 11:01:56 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Set-Cookie: currentClickid=%7B%221%22%3A%22%7Bclickid%7D%22%7D; Max-Age=31536000; Path=/; Expires=Tue, 12 Sep 2023 11:01:56 GMT; Secure; SameSite=None
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 2f9aad37564f84bc900b60ba39560ea7
500706d59a3b3f0ef3d4bf07d75952ff5314c82f
385dcaac77b00ecb87eae6bc02a7ec7a0075b5c3f08452f6950966e2bb9e8cd6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "385DCAAC77B00ECB87EAE6BC02A7EC7A0075B5C3F08452F6950966E2BB9E8CD6"
Last-Modified: Mon, 12 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10742
Expires: Mon, 12 Sep 2022 14:00:58 GMT
Date: Mon, 12 Sep 2022 11:01:56 GMT
Connection: keep-alive
app1-smartsecurity-etl.herokuapp.com/device_by_model?model=rv:96.0
200 OK 0 B URL HTTP/1.1 app1-smartsecurity-etl.herokuapp.com/device_by_model?model=rv:96.0
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /device_by_model?model=rv:96.0 HTTP/1.1
Host: app1-smartsecurity-etl.herokuapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization
Referer: https://exceptionalphonesecurity.xyz/
Origin: https://exceptionalphonesecurity.xyz
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Connection: keep-alive
Server: gunicorn
Date: Mon, 12 Sep 2022 11:01:56 GMT
Content-Type: text/html; charset=utf-8
Vary: Origin
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: accept, accept-encoding, authorization, content-type, dnt, origin, user-agent, x-csrftoken, x-requested-with
Access-Control-Allow-Methods: DELETE, GET, OPTIONS, PATCH, POST, PUT
Access-Control-Max-Age: 86400
Content-Length: 0
Via: 1.1 vegur
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 6ab4489da7869f4719654f329949aef2
91e9f3a17b90fdf1a406586c431cb560d456161d
0fb7459faaf714fd3382ddeb7c25ff80df9fe38b0f9c539924eefd95deddb63f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FB7459FAAF714FD3382DDEB7C25FF80DF9FE38B0F9C539924EEFD95DEDDB63F"
Last-Modified: Mon, 12 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21593
Expires: Mon, 12 Sep 2022 17:01:49 GMT
Date: Mon, 12 Sep 2022 11:01:56 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 51960004c5ee6e059e73c059b2c7545d
22423b1d5a47645028191e8078f54041309d1c12
f5a26eeb4efa23645154c9562624520b6e7b186e26eddea2fdaeda51592ee400
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F5A26EEB4EFA23645154C9562624520B6E7B186E26EDDEA2FDAEDA51592EE400"
Last-Modified: Sun, 11 Sep 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Mon, 12 Sep 2022 17:01:56 GMT
Date: Mon, 12 Sep 2022 11:01:56 GMT
Connection: keep-alive
overalltrack.com/api/v3.0/clickapi/otherInstall?clickId={clickid}&aid=1&checkOld=1&medium=restart_{lander.name}&source=var1&campaign={trafficsource.name}&publisher={trafficsource.name}&checkUninstall=1
200 OK 8 B URL HTTP/1.1 overalltrack.com/api/v3.0/clickapi/otherInstall?clickId={clickid}&aid=1&checkOld=1&medium=restart_{lander.name}&source=var1&campaign={trafficsource.name}&publisher={trafficsource.name}&checkUninstall=1
IP
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with no line terminators
Hash f30c3a40e9a3e65c868c754a5de95919
65101ff283414b70636ff494d866190a66ed9978
875befe7cefc0715a17dc737f9514dda981f79a3c9f174badcae5bd1cc2425fe
OPTIONS /api/v3.0/clickapi/otherInstall?clickId={clickid}&aid=1&checkOld=1&medium=restart_{lander.name}&source=var1&campaign={trafficsource.name}&publisher={trafficsource.name}&checkUninstall=1 HTTP/1.1
Host: overalltrack.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://exceptionalphonesecurity.xyz/
Origin: https://exceptionalphonesecurity.xyz
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Mon, 12 Sep 2022 11:01:56 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 8
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Allow: GET,HEAD
app1-smartsecurity-etl.herokuapp.com/device_by_model?model=rv:96.0
301 Moved Permanently 0 B URL HTTP/1.1 app1-smartsecurity-etl.herokuapp.com/device_by_model?model=rv:96.0
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /device_by_model?model=rv:96.0 HTTP/1.1
Host: app1-smartsecurity-etl.herokuapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Authorization: Basic bGFuZDptb2RlbGJyYW5k
Origin: https://exceptionalphonesecurity.xyz
Connection: keep-alive
Referer: https://exceptionalphonesecurity.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Connection: keep-alive
Server: gunicorn
Date: Mon, 12 Sep 2022 11:01:56 GMT
Content-Type: text/html; charset=utf-8
Location: /device_by_model/?model=rv:96.0
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin
Vary: Origin
Access-Control-Allow-Origin: *
Content-Length: 0
Via: 1.1 vegur
analytics.tiktok.com/api/v2/pixel
200 OK 0 B URL HTTP/2 analytics.tiktok.com/api/v2/pixel
IP
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /api/v2/pixel HTTP/1.1
Host: analytics.tiktok.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 900
Origin: https://exceptionalphonesecurity.xyz
Connection: keep-alive
Referer: https://exceptionalphonesecurity.xyz/
Cookie: _ttp=2EfJ4q1VuUJni3wNKEvOQPZvX9U
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/octet-stream
content-length: 0
access-control-allow-origin: *
x-tt-logid: 202209121101564F672F3A0E89951005A3
x-tt-trace-host: 0126282891bc51fb24322ca3dc41539fa55b56420fe6a867c439f1cd85850230b1f1133669dcefb14e5cebfe2fd77bf1a33f84c7c0abb6e61a9d245a096e6250377534e499d88850d226fdf703c2297cdedbe7c957bce6af3d8435d8a7107d1289
x-origin-response-time: 61,72.247.190.92
x-akamai-request-id: 60605e40.3b0ae5dc
expires: Mon, 12 Sep 2022 11:01:56 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Mon, 12 Sep 2022 11:01:56 GMT
x-cache: TCP_MISS from a2-22-31-212.deploy.akamaitechnologies.com (AkamaiGHost/10.9.3-43949849) (-)
x-cache-remote: TCP_MISS from a72-247-190-92.deploy.akamaitechnologies.com (AkamaiGHost/10.9.3-43949849) (-)
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
server-timing: cdn-cache; desc=MISS, edge; dur=117, origin; dur=61, inner; dur=13
x-parent-response-time: 176,2.22.31.212
X-Firefox-Spdy: h2
overalltrack.com/api/v3.0/clickapi/otherInstall?clickId={clickid}&aid=1&checkOld=1&medium=restart_{lander.name}&source=var1&campaign={trafficsource.name}&publisher={trafficsource.name}&checkUninstall=1
200 OK 126 B URL HTTP/1.1 overalltrack.com/api/v3.0/clickapi/otherInstall?clickId={clickid}&aid=1&checkOld=1&medium=restart_{lander.name}&source=var1&campaign={trafficsource.name}&publisher={trafficsource.name}&checkUninstall=1
IP
ASN #14061 DIGITALOCEAN-ASN
File type JSON data\012- , ASCII text, with no line terminators
Hash c8f85db18fe8f89306f6c0819c67036d
7b5c44e4a9fd70e664aa4fe54fc0bd7bb3963a31
a71ab24977d03d440189548647bee7fdbdf0d6dee44478d1f6b44f17699a75ee
GET /api/v3.0/clickapi/otherInstall?clickId={clickid}&aid=1&checkOld=1&medium=restart_{lander.name}&source=var1&campaign={trafficsource.name}&publisher={trafficsource.name}&checkUninstall=1 HTTP/1.1
Host: overalltrack.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://exceptionalphonesecurity.xyz
Connection: keep-alive
Referer: https://exceptionalphonesecurity.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Mon, 12 Sep 2022 11:01:56 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 126
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
app1-smartsecurity-etl.herokuapp.com/device_by_model/?model=rv:96.0
200 OK 0 B URL HTTP/1.1 app1-smartsecurity-etl.herokuapp.com/device_by_model/?model=rv:96.0
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /device_by_model/?model=rv:96.0 HTTP/1.1
Host: app1-smartsecurity-etl.herokuapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization
Origin: https://exceptionalphonesecurity.xyz
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Connection: keep-alive
Server: gunicorn
Date: Mon, 12 Sep 2022 11:01:56 GMT
Content-Type: text/html; charset=utf-8
Vary: Origin
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: accept, accept-encoding, authorization, content-type, dnt, origin, user-agent, x-csrftoken, x-requested-with
Access-Control-Allow-Methods: DELETE, GET, OPTIONS, PATCH, POST, PUT
Access-Control-Max-Age: 86400
Content-Length: 0
Via: 1.1 vegur
my.rtmark.net/img.gif?f=sync&partner=4d524b7a70f9429d3f354097c0083db80c0150ac1699f4b97f6029051cf877c8&ttl=&rurl=https%3A%2F%2Fexceptionalphonesecurity.xyz%2Fsmart-security-0%2Findex.html%3Fclickid%3D%7Bclickid%7D%26utm_source%3D%7Bvar1%7D%26utm_medium%3Drestart_%7Blander.name%7D%26publisher%3D%7Btrafficsource.name%7D%26utm_campaign%3D%7Btrafficsource.name%7D%23
200 OK 43 B URL HTTP/2 my.rtmark.net/img.gif?f=sync&partner=4d524b7a70f9429d3f354097c0083db80c0150ac1699f4b97f6029051cf877c8&ttl=&rurl=https%3A%2F%2Fexceptionalphonesecurity.xyz%2Fsmart-security-0%2Findex.html%3Fclickid%3D%7Bclickid%7D%26utm_source%3D%7Bvar1%7D%26utm_medium%3Drestart_%7Blander.name%7D%26publisher%3D%7Btrafficsource.name%7D%26utm_campaign%3D%7Btrafficsource.name%7D%23
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
GET /img.gif?f=sync&partner=4d524b7a70f9429d3f354097c0083db80c0150ac1699f4b97f6029051cf877c8&ttl=&rurl=https%3A%2F%2Fexceptionalphonesecurity.xyz%2Fsmart-security-0%2Findex.html%3Fclickid%3D%7Bclickid%7D%26utm_source%3D%7Bvar1%7D%26utm_medium%3Drestart_%7Blander.name%7D%26publisher%3D%7Btrafficsource.name%7D%26utm_campaign%3D%7Btrafficsource.name%7D%23 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exceptionalphonesecurity.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 12 Sep 2022 11:01:56 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=6133e4dc21bd4c58a29f277cfd679618; expires=Tue, 12 Sep 2023 11:01:56 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 40d316dc75a2f4f74dfdeceef1cd31d9
5554d0aacb124fc34b7810d53967cecdf701be3d
c28c8d0fde1e99e09fa20e0dead1af0241821ce8b43668e1a5cba54f496f2dd6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C28C8D0FDE1E99E09FA20E0DEAD1AF0241821CE8B43668E1A5CBA54F496F2DD6"
Last-Modified: Sat, 10 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1953
Expires: Mon, 12 Sep 2022 11:34:29 GMT
Date: Mon, 12 Sep 2022 11:01:56 GMT
Connection: keep-alive
app1-smartsecurity-etl.herokuapp.com/device_by_model/?model=rv:96.0
404 Not Found 90 B URL HTTP/1.1 app1-smartsecurity-etl.herokuapp.com/device_by_model/?model=rv:96.0
IP
File type JSON data\012- , Unicode text, UTF-8 text, with no line terminators
Hash 2333fc4fb0305a69c4127a26296830f7
8019da38e6449bf32aacc41b941155d3cca9e578
7b9954a74aab72fdb8478c4209d31f54ae822cd90c2c392c2bfb9f5736fdb4f3
GET /device_by_model/?model=rv:96.0 HTTP/1.1
Host: app1-smartsecurity-etl.herokuapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exceptionalphonesecurity.xyz
Authorization: Basic bGFuZDptb2RlbGJyYW5k
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 404 Not Found
Connection: keep-alive
Server: gunicorn
Date: Mon, 12 Sep 2022 11:01:56 GMT
Content-Type: application/json
Allow: GET, HEAD, OPTIONS
X-Frame-Options: DENY
Content-Length: 90
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin
Vary: Origin
Access-Control-Allow-Origin: *
Via: 1.1 vegur
primaveratrack.com/testb.php
200 OK 126 B URL HTTP/1.1 primaveratrack.com/testb.php
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash a5b3bfed693e840e5d91095409c6af0b
7fbe8433eda44893839708d5ce47d7a7041005fd
a04e547854da7a70b03398e9329527420ef9f14486d35d5c3186ee46248f25a4
GET /testb.php HTTP/1.1
Host: primaveratrack.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exceptionalphonesecurity.xyz
Connection: keep-alive
Referer: https://exceptionalphonesecurity.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Date: Mon, 12 Sep 2022 11:01:56 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
redrotou.net/zone?&pub=0&zone_id=4826947&is_mobile=false&domain=exceptionalphonesecurity.xyz&var=&ymid=&var_3=&dsig=&action=prerequest
200 OK 0 B URL HTTP/2 redrotou.net/zone?&pub=0&zone_id=4826947&is_mobile=false&domain=exceptionalphonesecurity.xyz&var=&ymid=&var_3=&dsig=&action=prerequest
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /zone?&pub=0&zone_id=4826947&is_mobile=false&domain=exceptionalphonesecurity.xyz&var=&ymid=&var_3=&dsig=&action=prerequest HTTP/1.1
Host: redrotou.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exceptionalphonesecurity.xyz
Connection: keep-alive
Referer: https://exceptionalphonesecurity.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 12 Sep 2022 11:01:56 GMT
content-length: 0
x-trace-id: bc7e0b17f6f2b040a5d82c2f09532968
access-control-allow-origin: https://exceptionalphonesecurity.xyz
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
redrotou.net/zone?&pub=0&zone_id=4826947&is_mobile=false&domain=exceptionalphonesecurity.xyz&var=&ymid=&var_3=&dsig=&action=settings
200 OK 693 B URL HTTP/2 redrotou.net/zone?&pub=0&zone_id=4826947&is_mobile=false&domain=exceptionalphonesecurity.xyz&var=&ymid=&var_3=&dsig=&action=settings
IP
File type JSON data\012- , ASCII text, with very long lines (692)
Hash 22006f3369cf3f6eb55d338907995792
57c1413630d561bc5fb5fc7a8dab77789982dd82
5cf7cdd6d4335d1668e344fc11824b267d4cf700e940025f288c36ef8e53ca81
GET /zone?&pub=0&zone_id=4826947&is_mobile=false&domain=exceptionalphonesecurity.xyz&var=&ymid=&var_3=&dsig=&action=settings HTTP/1.1
Host: redrotou.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exceptionalphonesecurity.xyz/
Origin: https://exceptionalphonesecurity.xyz
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 12 Sep 2022 11:01:56 GMT
content-type: application/json; charset=utf-8
content-length: 693
x-trace-id: 836766dc45a1a3465f18b9119013bbbd
access-control-allow-origin: https://exceptionalphonesecurity.xyz
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
my.rtmark.net/gid.js?pub=0&userId=&zoneId=4826947&checkDuplicate=true&ymid=&var=
200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?pub=0&userId=&zoneId=4826947&checkDuplicate=true&ymid=&var=
IP
File type JSON data\012- , ASCII text
Hash b8d58d12faf2813e9717f59bdc89e874
053de661a1f89b5bda573dd1ecfa95edcdae605a
8d44b656c0038d207f35eb12d9c17249b90a55a182aa3c6eebe2567d8e01d5a8
GET /gid.js?pub=0&userId=&zoneId=4826947&checkDuplicate=true&ymid=&var= HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exceptionalphonesecurity.xyz/
Origin: https://exceptionalphonesecurity.xyz
Connection: keep-alive
Cookie: ID=6133e4dc21bd4c58a29f277cfd679618
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 12 Sep 2022 11:01:56 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://exceptionalphonesecurity.xyz
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=6133e4dc21bd4c58a29f277cfd679618; expires=Tue, 12 Sep 2023 11:01:56 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
track.profitableredirect.com/e69b0e43-f199-496b-87cc-2daa322bb681
200 OK 404 B URL HTTP/2 track.profitableredirect.com/e69b0e43-f199-496b-87cc-2daa322bb681
IP
File type HTML document text\012- HTML document, ASCII text, with very long lines (404), with no line terminators
Hash 41bfa516eb0ac44250e8a76f0802f8e4
e820430db49b0e941373ea418e03436fb67dbc9b
a6da24db37ba62229481237f5e1a4236c6eb2cd9a408d029930c60257177e6d4
GET /e69b0e43-f199-496b-87cc-2daa322bb681 HTTP/1.1
Host: track.profitableredirect.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exceptionalphonesecurity.xyz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 12 Sep 2022 11:01:57 GMT
content-type: text/html;charset=UTF-8
content-length: 404
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
set-cookie: e69b0e43-f199-496b-87cc-2daa322bb681-v4=mAoHvbsOSaKh7GqUexcIqDmnuqd4tGSwcgUPZ4awlg0; Max-Age=86400; Expires=Tue, 13-Sep-2022 11:01:56 GMT; Domain=track.profitableredirect.com; Path=/; Secure; HttpOnly;SameSite=None
cc-v4=cmLjwrdr%2BEL8P%2FzrwUMsZhsP0p4JNnBzSlu0cwszVMMqBNQ1P4oHdi%2BPXUSlhsZePYqjVX5AAhJb%2BSKsEr0q%2BYqMN%2BB3HeM294UgrZmDt10EABpoNVR5AYqFDREcdzA9MWDqApMUvVpSvfGY4EAkIQ%3D%3D; Max-Age=31536000; Expires=Tue, 12-Sep-2023 11:01:56 GMT; Domain=track.profitableredirect.com; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2
track.profitableredirect.com/redirect?target=BASE64aHR0cHM6Ly9vdWhhc3RheS5uZXQvYWZ1LnBocD96b25laWQ9MzY0NzY3Ng&ts=1662980516999&hash=x3s9qg6bbPsUvugwXiKBgMBfPW18Hl1FKTFD4qk0v6g&rm=D
200 OK 255 B URL HTTP/2 track.profitableredirect.com/redirect?target=BASE64aHR0cHM6Ly9vdWhhc3RheS5uZXQvYWZ1LnBocD96b25laWQ9MzY0NzY3Ng&ts=1662980516999&hash=x3s9qg6bbPsUvugwXiKBgMBfPW18Hl1FKTFD4qk0v6g&rm=D
IP
File type HTML document text\012- HTML document, ASCII text, with no line terminators
Hash de8ab645056a8f8a15edbbc7b143db6e
efffa3c5deaab6a66b6bc6e3e7f825a3d7af7eb1
78e82c2f577490b708665560db3b6d26b33a0f8c8a81e5f27b428ec323070119
GET /redirect?target=BASE64aHR0cHM6Ly9vdWhhc3RheS5uZXQvYWZ1LnBocD96b25laWQ9MzY0NzY3Ng&ts=1662980516999&hash=x3s9qg6bbPsUvugwXiKBgMBfPW18Hl1FKTFD4qk0v6g&rm=D HTTP/1.1
Host: track.profitableredirect.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: e69b0e43-f199-496b-87cc-2daa322bb681-v4=mAoHvbsOSaKh7GqUexcIqDmnuqd4tGSwcgUPZ4awlg0; cc-v4=cmLjwrdr%2BEL8P%2FzrwUMsZhsP0p4JNnBzSlu0cwszVMMqBNQ1P4oHdi%2BPXUSlhsZePYqjVX5AAhJb%2BSKsEr0q%2BYqMN%2BB3HeM294UgrZmDt10EABpoNVR5AYqFDREcdzA9MWDqApMUvVpSvfGY4EAkIQ%3D%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 12 Sep 2022 11:01:57 GMT
content-type: text/html;charset=UTF-8
content-length: 255
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash dbbe03d6aa7dad38a59b49c88ee7c5a9
b1c3b0a69804e93c96ada36cd29371e7db2dced5
1c3fdb7f97e3702e99b6f3f0993a3b9f1de88c7df1308a232262274e757813ae
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1C3FDB7F97E3702E99B6F3F0993A3B9F1DE88C7DF1308A232262274E757813AE"
Last-Modified: Sun, 11 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20745
Expires: Mon, 12 Sep 2022 16:47:42 GMT
Date: Mon, 12 Sep 2022 11:01:57 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11933
Expires: Mon, 12 Sep 2022 14:20:50 GMT
Date: Mon, 12 Sep 2022 11:01:57 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11933
Expires: Mon, 12 Sep 2022 14:20:50 GMT
Date: Mon, 12 Sep 2022 11:01:57 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11933
Expires: Mon, 12 Sep 2022 14:20:50 GMT
Date: Mon, 12 Sep 2022 11:01:57 GMT
Connection: keep-alive
dratingmaject.com/3d3be039-23cb-4934-aaf6-c11425045708?zoneid=3647676&bannerid=14747845&browser=firefox&os=linux&device=desktop®ion=03&isp=blix%20group%20as&useragent=Mozilla/5.0%20(X11;%20Linux%20x86_64;%20rv:96.0)%20Gecko/20100101%20Firefox/96.0&language=en&connectiontype=broadband&cost=0.005871&visitor_id=593145877267489567&rdk=rk1
302 Found 0 B URL HTTP/2 dratingmaject.com/3d3be039-23cb-4934-aaf6-c11425045708?zoneid=3647676&bannerid=14747845&browser=firefox&os=linux&device=desktop®ion=03&isp=blix%20group%20as&useragent=Mozilla/5.0%20(X11;%20Linux%20x86_64;%20rv:96.0)%20Gecko/20100101%20Firefox/96.0&language=en&connectiontype=broadband&cost=0.005871&visitor_id=593145877267489567&rdk=rk1
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /3d3be039-23cb-4934-aaf6-c11425045708?zoneid=3647676&bannerid=14747845&browser=firefox&os=linux&device=desktop®ion=03&isp=blix%20group%20as&useragent=Mozilla/5.0%20(X11;%20Linux%20x86_64;%20rv:96.0)%20Gecko/20100101%20Firefox/96.0&language=en&connectiontype=broadband&cost=0.005871&visitor_id=593145877267489567&rdk=rk1 HTTP/1.1
Host: dratingmaject.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: cc-v4=9HmGe0ONF6tzSuZIEj%2FsXiutoRZJhfFQai9JmT3Zju4K7w822ja5X%2FrMoiDqYvbQM1Z%2FqIBmMMOUPloTMNVNVr7wKuUP72UNxkIE30ssw5xDI14OONfOKkDijQDomKA7mhKRVv5PEYnO45r%2BW%2B8okg%3D%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Mon, 12 Sep 2022 11:01:57 GMT
content-length: 0
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://babesroulette.com/landers/18c/?clickid=wv0nqo5o97s1930j2m77itfo&source=3d3be039-23cb-4934-aaf6-c11425045708&cep=jVZdzLEWt4Hd8XVng2hClWKyTuZ6W8dCsteVEPdrzYQkno2ubLXDs3QMWo4mj1SyQ_M9GbLLlwyAKlMBQOr6Qrl8hN_3CFtTQohSsS-JJhcB1pWzBa5P1110hZqhyO_c5P99hCxG2IPG-ziUAsaIvbKdhZYBX9Z48agVD-6I9iw0KzhdbtthgWhVM2l2sML21cItLS6HiQNTaFKz9tNJBL_442f9Hi-Xuc81KO-_i7kwPOnGyRcCo903ZFA3uSTuaPeKEA9Dxdx3ZLd8isnnepTSERV-dVWcRahkHAvAuXzzNOyw7BozPmqrYfxTz9UL1sUy3Ezq7hF7U7UlG03THMMGAnQjmzhwQhFHSehBlksV9FpeXKMdVzRFZ6cFhjJzqt-XExxCfqcLf4TpmxW3kRdywt4flXpaR9ww3buX9oc_zMVWKl_TIpaOBmEyrz_7iNrGag5SrAe-US3dB8h7rjvkuhII1ofHliKxyw6LRi3ngN__W5HF67a1Qnh5TbGABhfifRYLpCa9VyOTLDC2Nj3HBqpV2mby-KyF7_5w6qwmDjyvP13fjOS2cXQ-xvb5QVjCmiyy5cCKxa2pmjktnp2g0d_j77G0sSTCfgCtC6iVLKRe6yzJnJP9WX5-WlbaPw_LG-tjKr-3bS4tre-tE7XxL6rEOdTTxDqK6DnGznxpx3kSttMbkDgcUyx6Cc7_&lptoken=164762b79887238a17a8&zoneid=3647676&bannerid=14747845&browser=firefox&os=linux&device=desktop®ion=03&isp=blix+group+as&useragent=Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0&language=en&connectiontype=broadband&cost=0.005871&visitor_id=593145877267489567&rdk=rk1
pragma: no-cache
set-cookie: 3d3be039-23cb-4934-aaf6-c11425045708-v4=xJshbhXImZ0Ecj1WnSfpqHeq6x9F04CQ1CQj-jh0MhY; Max-Age=86400; Expires=Tue, 13-Sep-2022 11:01:57 GMT; Domain=dratingmaject.com; Path=/; Secure; HttpOnly;SameSite=None
cep-v4=9bP3dli7iJSaL3n9GAInmyNzukzj4rFttWb6iYeXxsrXdxN-7SaG3EhZHL9qLwIBpzT9sjy9a-OjeVfwegi4I3ve4f_3-GRqKajzo56aUBTFhOgdysKKXhVHu079Fu7styBhtvh6ql8f3DDZ21X97ioewkwdGh-VbcoaS6bES1yPzqKHuHFBAg9k662_3nhsAdH8Ql_xJ9unRVGiDLjKqbDniyjmszczlsYrfVfyF5sxlVR-9SpqgkUKNgeab4YZlI55H9YKCElULqhqHHsmlMV1zM_klQ5vJ1OJ4OPjqOW3Ht9Gmf2oi1pHnO2HG-Nu9oZkjNEqKHQlkKcN5AM3SYZ9QgILwtuuZjf_W8sX9q-MXJOKOvHlfnqbo1iVh-evNpDZs5-UzfDmXTappdyJVcFphjFg3JixMwwZUIxbqZNUQRWgOmutJ1npFSbxwxD-0Fyk8aKqvviYmmoeYSVHCWuhPFdQG8WRdVtiR-sUbuNwljMfag_C8HdA8XlZA1aiOKExovGTdfkIa9iykiZvEBKOsMr_Wt3yEjCzKIOnQzHirAEjgYkuddWy9nR71UhAQgoj59vEWGnGCt6echbNVgvn5_mhe4fH-gPo17UYiV9XXenMQR_j9l_fTsl7pMrr9RgdDDTTWXQg24GsCqPGvzuc4DmslQPwegNR098sLX7zQRtN1LuaecHTRo6OxE-4; Max-Age=86400; Expires=Tue, 13-Sep-2022 11:01:57 GMT; Domain=dratingmaject.com; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae1f7987-7b92-4cec-85ab-243250e02a06.webp
200 OK 7.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae1f7987-7b92-4cec-85ab-243250e02a06.webp
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b7ccc33ae0c85a906f2c17db281ec790
1904722d70348235d5472c54f888d2b4b991e2aa
f48edc03624f582b05b596694b76bd784f85eb9f2ca5dd025bbea9cc2ff1f096
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae1f7987-7b92-4cec-85ab-243250e02a06.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6999
x-amzn-requestid: 61e3e817-fb62-47c7-b938-2dfc6a134622
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YO1mlG3XIAMFo5w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631c3629-37c2c8982c4ccf891875c59a;Sampled=0
x-amzn-remapped-date: Sat, 10 Sep 2022 07:00:57 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: S2TR552YpZeEbhTSAn4vdXexYpvR4Lrr-LaJmfNd7LnO0L4QM8w-Dg==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 68fadeb91f97256bb67b03bfca74d830.cloudfront.net (CloudFront), 1.1 google
date: Mon, 12 Sep 2022 03:38:55 GMT
age: 26582
etag: "1904722d70348235d5472c54f888d2b4b991e2aa"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F75931920-737e-40b5-8dd6-d2070639ea2d.jpeg
200 OK 8.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F75931920-737e-40b5-8dd6-d2070639ea2d.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c14088c4ca0d576e087feed41b7f1565
172b23f2ef39b6c3fdebb5441b10a95712206d0a
2699efa811ceac5420f5bd26c35a6f48b51854e29cbce7cbb62efb613db7d6b9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F75931920-737e-40b5-8dd6-d2070639ea2d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8799
x-amzn-requestid: 1bcdf387-9ad2-449a-861e-3352b1744d23
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YUI-0G6vIAMFgbA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631e552b-42aa46af6315148106c4fdee;Sampled=0
x-amzn-remapped-date: Sun, 11 Sep 2022 21:37:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: g2mxKK8L5T4YkeD8JqNUuV_KfsIq8ypRMvxhsyzSZSEIP4gDl4zLVQ==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Sep 2022 21:41:51 GMT
age: 48006
etag: "172b23f2ef39b6c3fdebb5441b10a95712206d0a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6b50df-cdcd-4b44-9ed3-90a502ea29ad.jpeg
200 OK 9.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6b50df-cdcd-4b44-9ed3-90a502ea29ad.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 239262b6ab17cb19414c35cd4f761092
48eddcf9838e980e67cc8f9cbb05b475df2f0331
cd27cbce632d769288d9c33c5c8e887ba02df5677f10f7a6d03139b590ba24b4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6b50df-cdcd-4b44-9ed3-90a502ea29ad.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9815
x-amzn-requestid: 89243e57-94eb-4c6b-903f-aa01df030ecc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YUIxnEAjoAMF_Ig=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631e54d6-199403e2695b214711f5117f;Sampled=0
x-amzn-remapped-date: Sun, 11 Sep 2022 21:36:23 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: NKM6RRhJ5AuRF4NKSyBO6-KMkd1UGaw3DuZBkBao_8fzzpkMeDrn0w==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 89791e6b21b9a30cc51cac1bc51cf098.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Sep 2022 21:55:40 GMT
etag: "48eddcf9838e980e67cc8f9cbb05b475df2f0331"
content-type: image/jpeg
age: 47177
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe6c05fb6-7f49-4d2f-96eb-0b6c468353f5.jpeg
200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe6c05fb6-7f49-4d2f-96eb-0b6c468353f5.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8625e0707046e7a3715a8dbb40b1cae2
0f44ee871ad9d0a0ddd07d0c87d54f7e72b56f78
abc4c12561be08897341d9c8104c30a289357c0907e55c46895f7fb6afb2f75d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe6c05fb6-7f49-4d2f-96eb-0b6c468353f5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13568
x-amzn-requestid: ad06f499-3e04-414a-8a3f-6daa9e0124ba
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X3yN1F2BIAMFoqg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6312fd8b-3a17f11440d2f37b23ac7f6a;Sampled=0
x-amzn-remapped-date: Sat, 03 Sep 2022 07:08:59 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: iNRnq8nMhoTo9oY379Ynb6uPW0vNyf3dNufU_HpXNfzxvhrAEKEzJQ==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Sep 2022 14:06:07 GMT
age: 75350
etag: "0f44ee871ad9d0a0ddd07d0c87d54f7e72b56f78"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0f86a13b-1b13-4298-8397-2a35d951a8f4.jpeg
200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0f86a13b-1b13-4298-8397-2a35d951a8f4.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7407173746b961cba0f774536bdc5406
7c8363a01b498ae9299a9205d779499f00a477b4
4dc901dfa6637f4e2205813f7b62938a6c1c45577bb1eff8b22bc2c391d54759
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0f86a13b-1b13-4298-8397-2a35d951a8f4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8461
x-amzn-requestid: 8f7492c7-ae65-4dd5-8ee9-85a2e2fc80dc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YLVAaEt3oAMFcnw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631acecf-2db2074c53de3db23380767b;Sampled=0
x-amzn-remapped-date: Fri, 09 Sep 2022 05:27:43 GMT
x-amz-cf-pop: SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: m0cnQ1kABQEYadt_zivtyeY8Uow9N1S8kDio2jooE9h7u1oh6u_ANg==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 3c974a460e97e56c6eb1e6a30797d9d6.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Sep 2022 16:51:54 GMT
age: 65403
etag: "7c8363a01b498ae9299a9205d779499f00a477b4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6bb54538-5f31-44e8-8743-582e31d384e4.jpeg
200 OK 5.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6bb54538-5f31-44e8-8743-582e31d384e4.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 63d953ea7dce676e8b1c6fcab9f8eab7
5a359aed379e554c5c9885cc8f7a3bff7447d246
428029d6b65a52758df9fd8cb284df83ca4685031126b0ab5b60764a3e2d1a27
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6bb54538-5f31-44e8-8743-582e31d384e4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5709
x-amzn-requestid: 747b7be7-356b-4a9e-9869-4b8f71e66f53
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YMl6sHaoIAMF2lA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631b5044-0c6b0f57046b79cf56ecbf39;Sampled=0
x-amzn-remapped-date: Fri, 09 Sep 2022 14:40:04 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: WbzMgteMd5CxXXK6sARu-n39xAWcZiYHgkR2TCg2aNbzEXcaxS-TZQ==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 e95ec8f1dc02e32f0cb9e113963ceb4e.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Sep 2022 23:26:14 GMT
age: 41743
etag: "5a359aed379e554c5c9885cc8f7a3bff7447d246"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sectigo.com/
200 OK 471 B IP
Hash 5b36f6508bf779a395d4b559b41d267d
a653f55ef7e337bd259cd76d14fe2adc91c11603
91e3696c53649e8d76b738dca29ed03b8b935f9fc230c735d2fd729428742605
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 12 Sep 2022 11:01:57 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 08 Sep 2022 18:25:21 GMT
Expires: Thu, 15 Sep 2022 18:25:20 GMT
Etag: "a653f55ef7e337bd259cd76d14fe2adc91c11603"
Cache-Control: max-age=285202,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 749825eacdda0b49-OSL
my.rtmark.net/img.gif?f=merge&userId=bc8e99ce15a1474bbb341c18dd7d7651
200 OK 43 B URL HTTP/2 my.rtmark.net/img.gif?f=merge&userId=bc8e99ce15a1474bbb341c18dd7d7651
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
POST /img.gif?f=merge&userId=bc8e99ce15a1474bbb341c18dd7d7651 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 200 OK
server: nginx
date: Mon, 12 Sep 2022 11:01:57 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: null
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=bc8e99ce15a1474bbb341c18dd7d7651; expires=Tue, 12 Sep 2023 11:01:57 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
ouhastay.net/favicon.ico
204 No Content 0 B IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: ouhastay.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: OAID=bc8e99ce15a1474bbb341c18dd7d7651; oaidts=1662980517
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Mon, 12 Sep 2022 11:01:57 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
pragma: public
cache-control: max-age=315360000, public, must-revalidate, proxy-revalidate
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash bff3a3f3f4f889b08163e7d307438790
c430c7c151973fa0e63ddf52e5624e1ce2282161
bce7d12a2343d8e43fbd05522fe82807ed48933a984aa113c284267364981750
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 11:01:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.googleapis.com/css?family=Roboto:100,100italic,300,400,400italic,300italic,500,500italic,700,700italic
200 OK 1.5 kB URL HTTP/2 fonts.googleapis.com/css?family=Roboto:100,100italic,300,400,400italic,300italic,500,500italic,700,700italic
IP
Hash 04b630c1ede9fde881a2b52e2e9f2568
2bc7538c003ee67d10a083e9404b0cb163487371
93fa1c17d8cb539ce39e5121454896f40f7ab4db2d626e76dc6823940204515c
GET /css?family=Roboto:100,100italic,300,400,400italic,300italic,500,500italic,700,700italic HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://babesroulette.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 12 Sep 2022 11:01:57 GMT
date: Mon, 12 Sep 2022 11:01:57 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
babesroulette.com/landers/18c/?clickid=wv0nqo5o97s1930j2m77itfo&source=3d3be039-23cb-4934-aaf6-c11425045708&cep=jVZdzLEWt4Hd8XVng2hClWKyTuZ6W8dCsteVEPdrzYQkno2ubLXDs3QMWo4mj1SyQ_M9GbLLlwyAKlMBQOr6Qrl8hN_3CFtTQohSsS-JJhcB1pWzBa5P1110hZqhyO_c5P99hCxG2IPG-ziUAsaIvbKdhZYBX9Z48agVD-6I9iw0KzhdbtthgWhVM2l2sML21cItLS6HiQNTaFKz9tNJBL_442f9Hi-Xuc81KO-_i7kwPOnGyRcCo903ZFA3uSTuaPeKEA9Dxdx3ZLd8isnnepTSERV-dVWcRahkHAvAuXzzNOyw7BozPmqrYfxTz9UL1sUy3Ezq7hF7U7UlG03THMMGAnQjmzhwQhFHSehBlksV9FpeXKMdVzRFZ6cFhjJzqt-XExxCfqcLf4TpmxW3kRdywt4flXpaR9ww3buX9oc_zMVWKl_TIpaOBmEyrz_7iNrGag5SrAe-US3dB8h7rjvkuhII1ofHliKxyw6LRi3ngN__W5HF67a1Qnh5TbGABhfifRYLpCa9VyOTLDC2Nj3HBqpV2mby-KyF7_5w6qwmDjyvP13fjOS2cXQ-xvb5QVjCmiyy5cCKxa2pmjktnp2g0d_j77G0sSTCfgCtC6iVLKRe6yzJnJP9WX5-WlbaPw_LG-tjKr-3bS4tre-tE7XxL6rEOdTTxDqK6DnGznxpx3kSttMbkDgcUyx6Cc7_&lptoken=164762b79887238a17a8&zoneid=3647676&bannerid=14747845&browser=firefox&os=linux&device=desktop®ion=03&isp=blix+group+as&useragent=Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0&language=en&connectiontype=broadband&cost=0.005871&visitor_id=593145877267489567&rdk=rk1
200 OK 380 kB URL HTTP/2 babesroulette.com/landers/18c/?clickid=wv0nqo5o97s1930j2m77itfo&source=3d3be039-23cb-4934-aaf6-c11425045708&cep=jVZdzLEWt4Hd8XVng2hClWKyTuZ6W8dCsteVEPdrzYQkno2ubLXDs3QMWo4mj1SyQ_M9GbLLlwyAKlMBQOr6Qrl8hN_3CFtTQohSsS-JJhcB1pWzBa5P1110hZqhyO_c5P99hCxG2IPG-ziUAsaIvbKdhZYBX9Z48agVD-6I9iw0KzhdbtthgWhVM2l2sML21cItLS6HiQNTaFKz9tNJBL_442f9Hi-Xuc81KO-_i7kwPOnGyRcCo903ZFA3uSTuaPeKEA9Dxdx3ZLd8isnnepTSERV-dVWcRahkHAvAuXzzNOyw7BozPmqrYfxTz9UL1sUy3Ezq7hF7U7UlG03THMMGAnQjmzhwQhFHSehBlksV9FpeXKMdVzRFZ6cFhjJzqt-XExxCfqcLf4TpmxW3kRdywt4flXpaR9ww3buX9oc_zMVWKl_TIpaOBmEyrz_7iNrGag5SrAe-US3dB8h7rjvkuhII1ofHliKxyw6LRi3ngN__W5HF67a1Qnh5TbGABhfifRYLpCa9VyOTLDC2Nj3HBqpV2mby-KyF7_5w6qwmDjyvP13fjOS2cXQ-xvb5QVjCmiyy5cCKxa2pmjktnp2g0d_j77G0sSTCfgCtC6iVLKRe6yzJnJP9WX5-WlbaPw_LG-tjKr-3bS4tre-tE7XxL6rEOdTTxDqK6DnGznxpx3kSttMbkDgcUyx6Cc7_&lptoken=164762b79887238a17a8&zoneid=3647676&bannerid=14747845&browser=firefox&os=linux&device=desktop®ion=03&isp=blix+group+as&useragent=Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0&language=en&connectiontype=broadband&cost=0.005871&visitor_id=593145877267489567&rdk=rk1
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (757), with CRLF line terminators
Size 380 kB (379464 bytes)
Hash f6f3d2e6c026bffeac804dae17be2bd8
fcc05ffbd15e108f7f592e37f394731b245c83eb
588396bce0e4bbadfdded5233410ebd443808c5137419af00b3465443c3130b0
GET /landers/18c/?clickid=wv0nqo5o97s1930j2m77itfo&source=3d3be039-23cb-4934-aaf6-c11425045708&cep=jVZdzLEWt4Hd8XVng2hClWKyTuZ6W8dCsteVEPdrzYQkno2ubLXDs3QMWo4mj1SyQ_M9GbLLlwyAKlMBQOr6Qrl8hN_3CFtTQohSsS-JJhcB1pWzBa5P1110hZqhyO_c5P99hCxG2IPG-ziUAsaIvbKdhZYBX9Z48agVD-6I9iw0KzhdbtthgWhVM2l2sML21cItLS6HiQNTaFKz9tNJBL_442f9Hi-Xuc81KO-_i7kwPOnGyRcCo903ZFA3uSTuaPeKEA9Dxdx3ZLd8isnnepTSERV-dVWcRahkHAvAuXzzNOyw7BozPmqrYfxTz9UL1sUy3Ezq7hF7U7UlG03THMMGAnQjmzhwQhFHSehBlksV9FpeXKMdVzRFZ6cFhjJzqt-XExxCfqcLf4TpmxW3kRdywt4flXpaR9ww3buX9oc_zMVWKl_TIpaOBmEyrz_7iNrGag5SrAe-US3dB8h7rjvkuhII1ofHliKxyw6LRi3ngN__W5HF67a1Qnh5TbGABhfifRYLpCa9VyOTLDC2Nj3HBqpV2mby-KyF7_5w6qwmDjyvP13fjOS2cXQ-xvb5QVjCmiyy5cCKxa2pmjktnp2g0d_j77G0sSTCfgCtC6iVLKRe6yzJnJP9WX5-WlbaPw_LG-tjKr-3bS4tre-tE7XxL6rEOdTTxDqK6DnGznxpx3kSttMbkDgcUyx6Cc7_&lptoken=164762b79887238a17a8&zoneid=3647676&bannerid=14747845&browser=firefox&os=linux&device=desktop®ion=03&isp=blix+group+as&useragent=Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0&language=en&connectiontype=broadband&cost=0.005871&visitor_id=593145877267489567&rdk=rk1 HTTP/1.1
Host: babesroulette.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 12 Sep 2022 11:01:57 GMT
content-type: text/html
last-modified: Thu, 25 Aug 2022 23:06:23 GMT
x-powered-by: PleskLin
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ljfIQc7tN8pK5P9uA7ds1h9Ef71r8w9Y3ye1riSPkHGiZ0dyqp1WzCg1RN6oUvX7pSbexglexbz1vat64cBLFrDIlsuNjmOZ6JpzdysL3H1TIqVA3dSQEgrSren6LhMrX4Rn7g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 749825eaff55b50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 4894843dd17150368f9e81305262c361
09c1036ec45f4da92b1749c5b0a76062d32ee681
5242d2bcde6e9f49b38e0749771de0388b9687af78be7b13a27e147b3e38684e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 11:01:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
Hash 77476a06d37eabe29027cea2b202c002
8c31a9ed4145875a52763e2de03093cea38117d5
9dcfe4a64b78dbe988ee8a5945521376e8d85e824815b8096dc07e3240b3423c
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://babesroulette.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 07 Sep 2022 19:34:08 GMT
expires: Thu, 07 Sep 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 401270
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 4894843dd17150368f9e81305262c361
09c1036ec45f4da92b1749c5b0a76062d32ee681
5242d2bcde6e9f49b38e0749771de0388b9687af78be7b13a27e147b3e38684e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 11:01:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 05525b53954f939de1a370d63f459db5
bdbb8e83df39c95ac7d99c594ebc118902493203
93436d0f4f70ac3994bea3a095c3567b6de008df1e1630225ec31d4254ac7b99
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "93436D0F4F70AC3994BEA3A095C3567B6DE008DF1E1630225EC31D4254AC7B99"
Last-Modified: Sat, 10 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17798
Expires: Mon, 12 Sep 2022 15:58:36 GMT
Date: Mon, 12 Sep 2022 11:01:58 GMT
Connection: keep-alive
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://babesroulette.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 07 Sep 2022 19:34:08 GMT
expires: Thu, 07 Sep 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 401270
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 4894843dd17150368f9e81305262c361
09c1036ec45f4da92b1749c5b0a76062d32ee681
5242d2bcde6e9f49b38e0749771de0388b9687af78be7b13a27e147b3e38684e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 11:01:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
dratingmaject.com/d/.js?lpref=&lpurl=https%3A%2F%2Fbabesroulette.com%2Flanders%2F18c%2F%3Fclickid%3Dwv0nqo5o97s1930j2m77itfo%26source%3D3d3be039-23cb-4934-aaf6-c11425045708%26cep%3DjVZdzLEWt4Hd8XVng2hClWKyTuZ6W8dCsteVEPdrzYQkno2ubLXDs3QMWo4mj1SyQ_M9GbLLlwyAKlMBQOr6Qrl8hN_3CFtTQohSsS-JJhcB1pWzBa5P1110hZqhyO_c5P99hCxG2IPG-ziUAsaIvbKdhZYBX9Z48agVD-6I9iw0KzhdbtthgWhVM2l2sML21cItLS6HiQNTaFKz9tNJBL_442f9Hi-Xuc81KO-_i7kwPOnGyRcCo903ZFA3uSTuaPeKEA9Dxdx3ZLd8isnnepTSERV-dVWcRahkHAvAuXzzNOyw7BozPmqrYfxTz9UL1sUy3Ezq7hF7U7UlG03THMMGAnQjmzhwQhFHSehBlksV9FpeXKMdVzRFZ6cFhjJzqt-XExxCfqcLf4TpmxW3kRdywt4flXpaR9ww3buX9oc_zMVWKl_TIpaOBmEyrz_7iNrGag5SrAe-US3dB8h7rjvkuhII1ofHliKxyw6LRi3ngN__W5HF67a1Qnh5TbGABhfifRYLpCa9VyOTLDC2Nj3HBqpV2mby-KyF7_5w6qwmDjyvP13fjOS2cXQ-xvb5QVjCmiyy5cCKxa2pmjktnp2g0d_j77G0sSTCfgCtC6iVLKRe6yzJnJP9WX5-WlbaPw_LG-tjKr-3bS4tre-tE7XxL6rEOdTTxDqK6DnGznxpx3kSttMbkDgcUyx6Cc7_%26lptoken%3D164762b79887238a17a8%26zoneid%3D3647676%26bannerid%3D14747845%26browser%3Dfirefox%26os%3Dlinux%26device%3Ddesktop%26region%3D03%26isp%3Dblix%2Bgroup%2Bas%26useragent%3DMozilla%252F5.0%2B%2528X11%253B%2BLinux%2Bx86_64%253B%2Brv%253A96.0%2529%2BGecko%252F20100101%2BFirefox%252F96.0%26language%3Den%26connectiontype%3Dbroadband%26cost%3D0.005871%26visitor_id%3D593145877267489567%26rdk%3Drk1&lpt=Title%20here&t=1662980506238
200 OK 3.6 kB URL HTTP/2 dratingmaject.com/d/.js?lpref=&lpurl=https%3A%2F%2Fbabesroulette.com%2Flanders%2F18c%2F%3Fclickid%3Dwv0nqo5o97s1930j2m77itfo%26source%3D3d3be039-23cb-4934-aaf6-c11425045708%26cep%3DjVZdzLEWt4Hd8XVng2hClWKyTuZ6W8dCsteVEPdrzYQkno2ubLXDs3QMWo4mj1SyQ_M9GbLLlwyAKlMBQOr6Qrl8hN_3CFtTQohSsS-JJhcB1pWzBa5P1110hZqhyO_c5P99hCxG2IPG-ziUAsaIvbKdhZYBX9Z48agVD-6I9iw0KzhdbtthgWhVM2l2sML21cItLS6HiQNTaFKz9tNJBL_442f9Hi-Xuc81KO-_i7kwPOnGyRcCo903ZFA3uSTuaPeKEA9Dxdx3ZLd8isnnepTSERV-dVWcRahkHAvAuXzzNOyw7BozPmqrYfxTz9UL1sUy3Ezq7hF7U7UlG03THMMGAnQjmzhwQhFHSehBlksV9FpeXKMdVzRFZ6cFhjJzqt-XExxCfqcLf4TpmxW3kRdywt4flXpaR9ww3buX9oc_zMVWKl_TIpaOBmEyrz_7iNrGag5SrAe-US3dB8h7rjvkuhII1ofHliKxyw6LRi3ngN__W5HF67a1Qnh5TbGABhfifRYLpCa9VyOTLDC2Nj3HBqpV2mby-KyF7_5w6qwmDjyvP13fjOS2cXQ-xvb5QVjCmiyy5cCKxa2pmjktnp2g0d_j77G0sSTCfgCtC6iVLKRe6yzJnJP9WX5-WlbaPw_LG-tjKr-3bS4tre-tE7XxL6rEOdTTxDqK6DnGznxpx3kSttMbkDgcUyx6Cc7_%26lptoken%3D164762b79887238a17a8%26zoneid%3D3647676%26bannerid%3D14747845%26browser%3Dfirefox%26os%3Dlinux%26device%3Ddesktop%26region%3D03%26isp%3Dblix%2Bgroup%2Bas%26useragent%3DMozilla%252F5.0%2B%2528X11%253B%2BLinux%2Bx86_64%253B%2Brv%253A96.0%2529%2BGecko%252F20100101%2BFirefox%252F96.0%26language%3Den%26connectiontype%3Dbroadband%26cost%3D0.005871%26visitor_id%3D593145877267489567%26rdk%3Drk1&lpt=Title%20here&t=1662980506238
IP
File type ASCII text, with very long lines (1559)
Hash 416a4b68e8bbe50bbd8d03b8622917cb
16963c6866ff585b7ffaf6577f881e27f62fc638
7f84af4ccc44c1ede030d19683047e2956adcb6ab32f3c7446336ec505c3b764
GET /d/.js?lpref=&lpurl=https%3A%2F%2Fbabesroulette.com%2Flanders%2F18c%2F%3Fclickid%3Dwv0nqo5o97s1930j2m77itfo%26source%3D3d3be039-23cb-4934-aaf6-c11425045708%26cep%3DjVZdzLEWt4Hd8XVng2hClWKyTuZ6W8dCsteVEPdrzYQkno2ubLXDs3QMWo4mj1SyQ_M9GbLLlwyAKlMBQOr6Qrl8hN_3CFtTQohSsS-JJhcB1pWzBa5P1110hZqhyO_c5P99hCxG2IPG-ziUAsaIvbKdhZYBX9Z48agVD-6I9iw0KzhdbtthgWhVM2l2sML21cItLS6HiQNTaFKz9tNJBL_442f9Hi-Xuc81KO-_i7kwPOnGyRcCo903ZFA3uSTuaPeKEA9Dxdx3ZLd8isnnepTSERV-dVWcRahkHAvAuXzzNOyw7BozPmqrYfxTz9UL1sUy3Ezq7hF7U7UlG03THMMGAnQjmzhwQhFHSehBlksV9FpeXKMdVzRFZ6cFhjJzqt-XExxCfqcLf4TpmxW3kRdywt4flXpaR9ww3buX9oc_zMVWKl_TIpaOBmEyrz_7iNrGag5SrAe-US3dB8h7rjvkuhII1ofHliKxyw6LRi3ngN__W5HF67a1Qnh5TbGABhfifRYLpCa9VyOTLDC2Nj3HBqpV2mby-KyF7_5w6qwmDjyvP13fjOS2cXQ-xvb5QVjCmiyy5cCKxa2pmjktnp2g0d_j77G0sSTCfgCtC6iVLKRe6yzJnJP9WX5-WlbaPw_LG-tjKr-3bS4tre-tE7XxL6rEOdTTxDqK6DnGznxpx3kSttMbkDgcUyx6Cc7_%26lptoken%3D164762b79887238a17a8%26zoneid%3D3647676%26bannerid%3D14747845%26browser%3Dfirefox%26os%3Dlinux%26device%3Ddesktop%26region%3D03%26isp%3Dblix%2Bgroup%2Bas%26useragent%3DMozilla%252F5.0%2B%2528X11%253B%2BLinux%2Bx86_64%253B%2Brv%253A96.0%2529%2BGecko%252F20100101%2BFirefox%252F96.0%26language%3Den%26connectiontype%3Dbroadband%26cost%3D0.005871%26visitor_id%3D593145877267489567%26rdk%3Drk1&lpt=Title%20here&t=1662980506238 HTTP/1.1
Host: dratingmaject.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://babesroulette.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 12 Sep 2022 11:01:58 GMT
content-type: application/javascript;charset=UTF-8
content-length: 3587
access-control-allow-origin: *
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
X-Firefox-Spdy: h2
deefauph.com/zone?&pub=0&zone_id=4740019&is_mobile=false&domain=babesroulette.com&var=3d3be039-23cb-4934-aaf6-c11425045708&ymid=wv0nqo5o97s1930j2m77itfo&var_3=&dsig=&action=prerequest
200 OK 0 B URL HTTP/2 deefauph.com/zone?&pub=0&zone_id=4740019&is_mobile=false&domain=babesroulette.com&var=3d3be039-23cb-4934-aaf6-c11425045708&ymid=wv0nqo5o97s1930j2m77itfo&var_3=&dsig=&action=prerequest
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /zone?&pub=0&zone_id=4740019&is_mobile=false&domain=babesroulette.com&var=3d3be039-23cb-4934-aaf6-c11425045708&ymid=wv0nqo5o97s1930j2m77itfo&var_3=&dsig=&action=prerequest HTTP/1.1
Host: deefauph.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://babesroulette.com
Connection: keep-alive
Referer: https://babesroulette.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 12 Sep 2022 11:01:58 GMT
content-length: 0
x-trace-id: 1e61b0ae478abd20ced6e7cdd9aad9a6
access-control-allow-origin: https://babesroulette.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
deefauph.com/zone?&pub=0&zone_id=4740019&is_mobile=false&domain=babesroulette.com&var=3d3be039-23cb-4934-aaf6-c11425045708&ymid=wv0nqo5o97s1930j2m77itfo&var_3=&dsig=&action=settings
200 OK 693 B URL HTTP/2 deefauph.com/zone?&pub=0&zone_id=4740019&is_mobile=false&domain=babesroulette.com&var=3d3be039-23cb-4934-aaf6-c11425045708&ymid=wv0nqo5o97s1930j2m77itfo&var_3=&dsig=&action=settings
IP
File type JSON data\012- , ASCII text, with very long lines (692)
Hash 557683d491fb7c28d0ae3408cd19988f
ce818311d63933916109997fbfb82d007b15d1dc
2cee7494ea8240d1ede88281de219194704c6e27b1119f7cc3872376822e4d1c
GET /zone?&pub=0&zone_id=4740019&is_mobile=false&domain=babesroulette.com&var=3d3be039-23cb-4934-aaf6-c11425045708&ymid=wv0nqo5o97s1930j2m77itfo&var_3=&dsig=&action=settings HTTP/1.1
Host: deefauph.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://babesroulette.com/
Origin: https://babesroulette.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 12 Sep 2022 11:01:58 GMT
content-type: application/json; charset=utf-8
content-length: 693
x-trace-id: 39061e2cae6bce6b8594611d25f44f4b
access-control-allow-origin: https://babesroulette.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
ocsp.sectigo.com/
200 OK 471 B IP
Hash 5b36f6508bf779a395d4b559b41d267d
a653f55ef7e337bd259cd76d14fe2adc91c11603
91e3696c53649e8d76b738dca29ed03b8b935f9fc230c735d2fd729428742605
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 12 Sep 2022 11:01:58 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 08 Sep 2022 18:25:21 GMT
Expires: Thu, 15 Sep 2022 18:25:20 GMT
Etag: "a653f55ef7e337bd259cd76d14fe2adc91c11603"
Cache-Control: max-age=285201,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 749825f00c090b49-OSL
my.rtmark.net/gid.js?pub=0&userId=&zoneId=4740019&checkDuplicate=true&ymid=wv0nqo5o97s1930j2m77itfo&var=3d3be039-23cb-4934-aaf6-c11425045708
200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?pub=0&userId=&zoneId=4740019&checkDuplicate=true&ymid=wv0nqo5o97s1930j2m77itfo&var=3d3be039-23cb-4934-aaf6-c11425045708
IP
File type JSON data\012- , ASCII text
Hash eaed38fea0a5913e03556be9d1345d45
5a9841d895a03aaf8a148e98fa0557a89efc4a70
cb709338a17519d125f27540d8f90c5f0be4aec1c8910cbec39330bf24c0fcb9
GET /gid.js?pub=0&userId=&zoneId=4740019&checkDuplicate=true&ymid=wv0nqo5o97s1930j2m77itfo&var=3d3be039-23cb-4934-aaf6-c11425045708 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://babesroulette.com/
Origin: https://babesroulette.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 12 Sep 2022 11:01:58 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://babesroulette.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=c458de779a90428899e5aade7c7e8b8e; expires=Tue, 12 Sep 2023 11:01:58 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F81f9b0a3-fe8f-4665-9e54-9dfaf5d4876b.jpeg
200 OK 9.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F81f9b0a3-fe8f-4665-9e54-9dfaf5d4876b.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6174529fff57758e958da5432344962f
05ec2076b32398d60ee77fab8c14345bc7dfe647
65284a76355864efa944dff5033575013c6d74a019a7b731e0236603f2f656a7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F81f9b0a3-fe8f-4665-9e54-9dfaf5d4876b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 9466
x-amzn-requestid: ba3f7eac-61c9-4b5f-ae8a-b372906a25ba
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YOTeoHMKoAMFr5Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631bff90-1e70e2c444242a2d46387986;Sampled=0
x-amzn-remapped-date: Sat, 10 Sep 2022 03:08:00 GMT
x-amz-cf-pop: SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: u_jETr8miiFyuhq7R09yb0lAP-hUv_6eTRV81Xzd9gSqU31VXwC9CQ==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 583992e175976bd59a21b4416890271e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 12 Sep 2022 03:15:48 GMT
age: 27976
etag: "05ec2076b32398d60ee77fab8c14345bc7dfe647"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
deefauph.com/pfe/current/micro.tag.min.js?z=4740019&ymid=wv0nqo5o97s1930j2m77itfo&var=3d3be039-23cb-4934-aaf6-c11425045708&sw=/sw-check-permissions-2e801.js
200 OK 0 B URL HTTP/2 deefauph.com/pfe/current/micro.tag.min.js?z=4740019&ymid=wv0nqo5o97s1930j2m77itfo&var=3d3be039-23cb-4934-aaf6-c11425045708&sw=/sw-check-permissions-2e801.js
IP
GET /pfe/current/micro.tag.min.js?z=4740019&ymid=wv0nqo5o97s1930j2m77itfo&var=3d3be039-23cb-4934-aaf6-c11425045708&sw=/sw-check-permissions-2e801.js HTTP/1.1
Host: deefauph.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://babesroulette.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 12 Sep 2022 11:01:58 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 12:32:41 GMT
etag: W/"6315ec69-1a29e"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
exceptionalphonesecurity.xyz/smart-security-0/index.html?clickid={clickid}&utm_source={var1}&utm_medium=restart_{lander.name}&publisher={trafficsource.name}&utm_campaign={trafficsource.name}
200 OK 0 B URL HTTP/2 exceptionalphonesecurity.xyz/smart-security-0/index.html?clickid={clickid}&utm_source={var1}&utm_medium=restart_{lander.name}&publisher={trafficsource.name}&utm_campaign={trafficsource.name}
IP
GET /smart-security-0/index.html?clickid={clickid}&utm_source={var1}&utm_medium=restart_{lander.name}&publisher={trafficsource.name}&utm_campaign={trafficsource.name} HTTP/1.1
Host: exceptionalphonesecurity.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Mon, 12 Sep 2022 11:01:55 GMT
content-type: text/html
last-modified: Mon, 13 Jun 2022 09:09:10 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BCaVMRvmnbg3niMNeyYOivXkIMb0MteXwGqDPDEH0l9z1I%2BkICBhw%2Bt%2FqkLOwd4Nscktl7FAtX9oOIQENibCiihliCiWoHY1kDCBIlk6QSA%2FD61VJopBPg%2BPeKXuqhVm6Rola5MjolG5mZwLugtN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 749825dcb84fb4ff-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
analytics.tiktok.com/i18n/pixel/identify.js
200 OK 0 B URL HTTP/2 analytics.tiktok.com/i18n/pixel/identify.js
IP
ASN #20940 Akamai International B.V.
GET /i18n/pixel/identify.js HTTP/1.1
Host: analytics.tiktok.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exceptionalphonesecurity.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=UTF-8
x-tt-logid: 202209121101565F636C89A4BEB61FC092
x-tt-trace-host: 0126282891bc51fb24322ca3dc41539fa55b56420fe6a867c439f1cd85850230b1f1133669dcefb14e5cebfe2fd77bf1a3552e0652dd67dae5015ce1afa36fda7b81509c63ced49b329894d3f9feac1916bda51d4f8501f01df8adc176783bbe38
content-encoding: gzip
x-origin-response-time: 13,72.247.190.92
x-akamai-request-id: 60601aab.3b0ae439
expires: Mon, 12 Sep 2022 11:01:56 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Mon, 12 Sep 2022 11:01:56 GMT
x-cache: TCP_MISS from a2-22-31-212.deploy.akamaitechnologies.com (AkamaiGHost/10.9.3-43949849) (-)
vary: Accept-Encoding
x-cache-remote: TCP_MISS from a72-247-190-92.deploy.akamaitechnologies.com (AkamaiGHost/10.9.3-43949849) (-)
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
server-timing: cdn-cache; desc=MISS, edge; dur=114, origin; dur=13, inner; dur=4
x-parent-response-time: 124,2.22.31.212
X-Firefox-Spdy: h2
analytics.tiktok.com/i18n/pixel/config.js?sdkid=C8SQEGFV9S6N3MLDFVTG&hostname=exceptionalphonesecurity.xyz
200 OK 0 B URL HTTP/2 analytics.tiktok.com/i18n/pixel/config.js?sdkid=C8SQEGFV9S6N3MLDFVTG&hostname=exceptionalphonesecurity.xyz
IP
ASN #20940 Akamai International B.V.
GET /i18n/pixel/config.js?sdkid=C8SQEGFV9S6N3MLDFVTG&hostname=exceptionalphonesecurity.xyz HTTP/1.1
Host: analytics.tiktok.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exceptionalphonesecurity.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=UTF-8
x-tt-logid: 2022091211015640A5D6DEC00382082102
x-tt-trace-host: 0126282891bc51fb24322ca3dc41539fa563d999e9b954be90403b3360afc773204177a3154fd3a70e4b13f3413b15218729477444eb96a6f61ca54bcbdc5f29b970c15d4721d695c329ac38649ad1049e0d641e870725419148cfa3793447a46c
content-encoding: gzip
x-origin-response-time: 8,23.218.223.7
x-akamai-request-id: 1ac48f54.3b0ae45f
expires: Mon, 12 Sep 2022 11:01:56 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Mon, 12 Sep 2022 11:01:56 GMT
x-cache: TCP_MISS from a2-22-31-212.deploy.akamaitechnologies.com (AkamaiGHost/10.9.3-43949849) (-)
vary: Accept-Encoding
set-cookie: _ttp=2EfJ4q1VuUJni3wNKEvOQPZvX9U; Path=/; Domain=tiktok.com; Max-Age=33696000; Secure; SameSite=None
x-cache-remote: TCP_MISS from a23-218-223-7.deploy.akamaitechnologies.com (AkamaiGHost/10.9.3-43949849) (-)
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
server-timing: cdn-cache; desc=MISS, edge; dur=113, origin; dur=8, inner; dur=3
x-parent-response-time: 121,2.22.31.212
X-Firefox-Spdy: h2
redrotou.net/pfe/current/micro.tag.min.js?z=4826947&sw=/sw-check-permissions-8b114.js
200 OK 0 B URL HTTP/2 redrotou.net/pfe/current/micro.tag.min.js?z=4826947&sw=/sw-check-permissions-8b114.js
IP
GET /pfe/current/micro.tag.min.js?z=4826947&sw=/sw-check-permissions-8b114.js HTTP/1.1
Host: redrotou.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exceptionalphonesecurity.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 12 Sep 2022 11:01:56 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 12:32:41 GMT
etag: W/"6315ec69-1a29e"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
ouhastay.net/afu.php?zoneid=3647676
200 OK 0 B URL HTTP/2 ouhastay.net/afu.php?zoneid=3647676
IP
Analyzer Verdict Alert quad9 Sinkholed
GET /afu.php?zoneid=3647676 HTTP/1.1
Host: ouhastay.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 12 Sep 2022 11:01:57 GMT
content-type: text/html; charset=utf8
x-trace-id: 15749d672570a561eb6a185c4861c587
link: <https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch", <https://dratingmaject.com>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=bc8e99ce15a1474bbb341c18dd7d7651; expires=Tue, 12 Sep 2023 11:01:57 GMT; path=/; secure; SameSite=None
oaidts=1662980517; expires=Tue, 12 Sep 2023 11:01:57 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
172.67.155.44
167.114.103.223
139.45.197.251
18.195.149.11
104.21.72.186
23.33.119.27
2.22.31.216