cottonink.online/l/nlgOeSlGG7agB763Nj8Rg1aA/763vRQ3CIB88R5YSwOxRQi9A/SWRVkq0qUgKDBkGkZuXHpw
18.216.136.144302 Found 0 B URL HTTP/1.1 cottonink.online/l/nlgOeSlGG7agB763Nj8Rg1aA/763vRQ3CIB88R5YSwOxRQi9A/SWRVkq0qUgKDBkGkZuXHpw
IP 18.216.136.144:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET /l/nlgOeSlGG7agB763Nj8Rg1aA/763vRQ3CIB88R5YSwOxRQi9A/SWRVkq0qUgKDBkGkZuXHpw HTTP/1.1
Host: cottonink.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Date: Tue, 27 Sep 2022 16:42:36 GMT
Server: Apache/2.4.52 (Ubuntu)
X-Robots-Tag: none
Location: https://back-saamting.s3.us-west-2.amazonaws.com/offerlink.html
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d2560f62890e75b8de444fed96c22f52
334ce0c48e606ee029f31eeb1463af87b1024bb9
4397e6b45b5822fbab9b83abe0b96ee70efba7cd2160b51936159865ede5fdb1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4397E6B45B5822FBAB9B83ABE0B96EE70EFBA7CD2160B51936159865EDE5FDB1"
Last-Modified: Sun, 25 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4313
Expires: Tue, 27 Sep 2022 17:54:29 GMT
Date: Tue, 27 Sep 2022 16:42:36 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
143.204.55.35200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.35:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 1b3053fa528e28810f8a2cc9284cc921
cca9eb471d941881a6b9a1793aecb6c281908f6a
a2427848ba35575dda8a82cf88f104978234c05389deebc3fc8279d9075eff45
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Backoff, Content-Length, Retry-After
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 27 Sep 2022 16:15:30 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 c9f2a4d2bcd548d1a3cbe1617a22f216.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: HeK4fuyTMsUf1VnxW9O9Q5mq1wP5WQLrZdl8RU_FcimF2M0hRA7pRA==
Age: 1626
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1017811d25642601e984edc1676d118d
c177c4f7a897584bf91347fa4990c83d6bfd0321
f35bb3a8c877dd8d3c5920f3c917722f12b157aff398e2ec30fab51fa6caa2ef
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F35BB3A8C877DD8D3C5920F3C917722F12B157AFF398E2EC30FAB51FA6CAA2EF"
Last-Modified: Mon, 26 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6607
Expires: Tue, 27 Sep 2022 18:32:43 GMT
Date: Tue, 27 Sep 2022 16:42:36 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: qmd7qeLO6xp//qlSaTbl50uTBFdsfV7AJuCj+cl6JPqLGOI4xTHepf69c3vkMiwRuea0K34BDGo=
x-amz-request-id: K8YHHKYS2WMNM4NE
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 27 Sep 2022 15:46:55 GMT
age: 3341
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
etag: "6113f8408c59aebe188d6af273b90743"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 16:42:36 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.35200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.35:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Tue, 27 Sep 2022 16:10:46 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Tue, 27 Sep 2022 16:47:56 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 50584ad285d5f627ddebae74efdd0770.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: v9NiaQxm1LUAkZCx7Jtg4C2yTiZt5GoO2uQy3qCO2QWeDac4Z_pBdA==
Age: 1910
ocsp.sca1b.amazontrust.com/
54.230.245.100200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.100:0
Hash 0928c0e31d41beba321865894c5d64fe
0c804bfefca1cd081eb4548a25dcebd6c2a34394
d92a661f13e4622389bdd31fc8b98ae02d215eb38584af1c91b28e65c8fa96e2
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Tue, 27 Sep 2022 16:42:37 GMT
Last-Modified: Tue, 27 Sep 2022 15:51:38 GMT
Server: ECS (nyb/1D16)
X-Cache: Miss from cloudfront
Via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: -Pp2agCEmKYn2_E9amUXkuC2XPWyrSC3cFZzVLUtcyct4Rijg0H4Vg==
Age: 3059
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash c18823050f86339eaa73ddb1bf80d64c
ac4ee81f59f706cee8a74458d498bbc20d8d351a
9a505647517bd02d8ff994fd4ad98dc2f4b519916145b0c327691420c1084c46
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6265
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 16:42:37 GMT
Last-Modified: Tue, 27 Sep 2022 14:58:12 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471
back-saamting.s3.us-west-2.amazonaws.com/offerlink.html
52.92.180.178200 OK 140 B URL HTTP/1.1 back-saamting.s3.us-west-2.amazonaws.com/offerlink.html
IP 52.92.180.178:0
File type HTML document, ASCII text, with CRLF line terminators
Hash f9af4fcd22b80405026998304113af8c
75d8a914e337a521775f3f4a1647843e5f9ffb0d
ebd31c40d46433ad85848d12a1885849ecb5383d55c7453ae7989af72b0c7b9e
GET /offerlink.html HTTP/1.1
Host: back-saamting.s3.us-west-2.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
x-amz-id-2: kdlcj3TcsSyRoSYQf3mjjDW5mAP4SeOB5xrCC5vlBjPjSsgMyulb8JRV9yg+W8BpaKbaVeImrSs=
x-amz-request-id: 5947F43MXFAXV3NM
Date: Tue, 27 Sep 2022 16:42:38 GMT
Last-Modified: Fri, 23 Sep 2022 19:30:11 GMT
ETag: "f9af4fcd22b80405026998304113af8c"
Accept-Ranges: bytes
Content-Type: text/html
Server: AmazonS3
Content-Length: 140
ocsp.globalsign.com/gsrsaovsslca2018
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP 104.18.20.226:0
Hash 86529e2e5fa5b15a63a4e5f2cfe245a4
0b6c4d65db94a984115c486a128989d1446a811e
4ccb4de47f9a7741f2355f009a45fec90c2b84c31d42637273a4403dd609f3f9
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 16:42:37 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Sat, 01 Oct 2022 13:31:59 GMT
ETag: "0b6c4d65db94a984115c486a128989d1446a811e"
Last-Modified: Tue, 27 Sep 2022 13:32:00 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1992
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7515b1905a2f1c12-OSL
www.dpbolvw.net/click-100681988-13991881
89.207.16.75302 Found 583 B URL HTTP/1.1 www.dpbolvw.net/click-100681988-13991881
IP 89.207.16.75:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash e5e59f8ab57236f52cf2370f89c10e9a
c710a238fa07a8eff4e6fb9e7f8eee7b3070ded2
24b8e8f5d97824540bfae52af682e0263316b5b0ad59e64826a94482f59b234a
GET /click-100681988-13991881 HTTP/1.1
Host: www.dpbolvw.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://back-saamting.s3.us-west-2.amazonaws.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: Resin/4.0.66
P3P: policyref="/w3c/p3p.xml", CP="ALL BUS LEG DSP COR ADM CUR DEV PSA OUR NAV INT"
Cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Tue, 27 Sep 2022 16:42:37 GMT
Location: https://cj.dotomi.com/1n104zw43M/w27/LNTTLSSL/LKKQSLTSS/K/K/K?p=j%3c%3cx9958%3A%2F%2FCCC.t5r41BC.3u9%2Fs1ys0-HGGMOHPOO-HJPPHOOH%3c%3cW%3cx9958%3A%2F%2Frqs0-8qq29y3w.8J.A8-Cu89-I.q2qF43qC8.s42%2F%3c%3cH%3cH%3cG%3cG%3cG%3c
Content-Type: text/html; charset=UTF-8
Content-Length: 583
Date: Tue, 27 Sep 2022 16:42:37 GMT
X-VC-HTTPS: On
push.services.mozilla.com/
54.148.190.4101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.148.190.4:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: vXefnUq5L1PGp2L5GsQyFA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: L8WgRynqf2UL/crMlSJIQE5PPP0=
ocsp.globalsign.com/gsrsaovsslca2018
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP 104.18.20.226:0
Hash 86529e2e5fa5b15a63a4e5f2cfe245a4
0b6c4d65db94a984115c486a128989d1446a811e
4ccb4de47f9a7741f2355f009a45fec90c2b84c31d42637273a4403dd609f3f9
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 16:42:37 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Sat, 01 Oct 2022 13:31:59 GMT
ETag: "0b6c4d65db94a984115c486a128989d1446a811e"
Last-Modified: Tue, 27 Sep 2022 13:32:00 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1992
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7515b1912b2b1c12-OSL
cj.dotomi.com/1n104zw43M/w27/LNTTLSSL/LKKQSLTSS/K/K/K?p=j%3c%3cx9958%3A%2F%2FCCC.t5r41BC.3u9%2Fs1ys0-HGGMOHPOO-HJPPHOOH%3c%3cW%3cx9958%3A%2F%2Frqs0-8qq29y3w.8J.A8-Cu89-I.q2qF43qC8.s42%2F%3c%3cH%3cH%3cG%3cG%3cG%3c
89.207.16.75302 Found 809 B URL HTTP/1.1 cj.dotomi.com/1n104zw43M/w27/LNTTLSSL/LKKQSLTSS/K/K/K?p=j%3c%3cx9958%3A%2F%2FCCC.t5r41BC.3u9%2Fs1ys0-HGGMOHPOO-HJPPHOOH%3c%3cW%3cx9958%3A%2F%2Frqs0-8qq29y3w.8J.A8-Cu89-I.q2qF43qC8.s42%2F%3c%3cH%3cH%3cG%3cG%3cG%3c
IP 89.207.16.75:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (402)
Hash 377f7e8bc6bb8f6dbafd626e665fdb0b
e4989d19a3b266be0a784256516ee5393b74f57a
8f007129c2d097d3458043ccceb8f488f65d9ed37474b7151eb7c16976fdacc0
GET /1n104zw43M/w27/LNTTLSSL/LKKQSLTSS/K/K/K?p=j%3c%3cx9958%3A%2F%2FCCC.t5r41BC.3u9%2Fs1ys0-HGGMOHPOO-HJPPHOOH%3c%3cW%3cx9958%3A%2F%2Frqs0-8qq29y3w.8J.A8-Cu89-I.q2qF43qC8.s42%2F%3c%3cH%3cH%3cG%3cG%3cG%3c HTTP/1.1
Host: cj.dotomi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://back-saamting.s3.us-west-2.amazonaws.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: Resin/4.0.66
P3P: policyref="/w3c/p3p-d.xml", CP="NOI DSP NID OUR STP"
Cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Tue, 27 Sep 2022 16:42:37 GMT
Set-Cookie: CJSession=fe8bdc47-b7b6-48b1-873c-56fa6afc5fae; Max-Age=-1; Domain=.dotomi.com; Path=/; Secure; SameSite=None
cjae=47K6NEClD1Uw; Max-Age=34041593; Domain=.dotomi.com; Path=/; Secure; SameSite=None
DotomiUser=400504859738238639$0$1; Max-Age=34041593; Domain=.dotomi.com; Path=/; Secure; SameSite=None
LCLK=cjo!x2x7-ve1wb9u; Max-Age=34041593; Domain=.dotomi.com; Path=/; Secure; SameSite=None
Location: https://www.emjcd.com/ti118y1A9U/18D/RTZZRYYR/RQQWYRZYY/Q/UQQVQUYVZXTYSTYWTZ:UXkWnecAdRuL/WVSRUYS2T3YTRR32YST1V0W1Q-RYQVRQ?n=d%3clsx!6B6G-4nA5kI3%3cq22y1%3A%2F%2F555.mykxu45.wn2%2Flurlt-A99FHAIHH-ACIIAHHA%3c%3cP%3cq22y1%3A%2F%2Fkjlt-1jjv2rwp.1C.31-5n12-B.jvj8xwj51.lxv%2F%3conHkmlDG-kGkF-DHkA-HGCl-EFojFjolEojn%3cA%3cA%3c9%3c9%3c9%3c
Content-Type: text/html; charset=UTF-8
Content-Length: 809
Date: Tue, 27 Sep 2022 16:42:37 GMT
X-VC-HTTPS: On
ocsp.globalsign.com/gsrsaovsslca2018
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP 104.18.20.226:0
Hash 86529e2e5fa5b15a63a4e5f2cfe245a4
0b6c4d65db94a984115c486a128989d1446a811e
4ccb4de47f9a7741f2355f009a45fec90c2b84c31d42637273a4403dd609f3f9
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 16:42:37 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Sat, 01 Oct 2022 13:31:59 GMT
ETag: "0b6c4d65db94a984115c486a128989d1446a811e"
Last-Modified: Tue, 27 Sep 2022 13:32:00 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1992
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7515b1920c461c12-OSL
www.emjcd.com/ti118y1A9U/18D/RTZZRYYR/RQQWYRZYY/Q/UQQVQUYVZXTYSTYWTZ:UXkWnecAdRuL/WVSRUYS2T3YTRR32YST1V0W1Q-RYQVRQ?n=d%3clsx!6B6G-4nA5kI3%3cq22y1%3A%2F%2F555.mykxu45.wn2%2Flurlt-A99FHAIHH-ACIIAHHA%3c%3cP%3cq22y1%3A%2F%2Fkjlt-1jjv2rwp.1C.31-5n12-B.jvj8xwj51.lxv%2F%3conHkmlDG-kGkF-DHkA-HGCl-EFojFjolEojn%3cA%3cA%3c9%3c9%3c9%3c
89.207.16.75302 Found 373 B URL HTTP/1.1 www.emjcd.com/ti118y1A9U/18D/RTZZRYYR/RQQWYRZYY/Q/UQQVQUYVZXTYSTYWTZ:UXkWnecAdRuL/WVSRUYS2T3YTRR32YST1V0W1Q-RYQVRQ?n=d%3clsx!6B6G-4nA5kI3%3cq22y1%3A%2F%2F555.mykxu45.wn2%2Flurlt-A99FHAIHH-ACIIAHHA%3c%3cP%3cq22y1%3A%2F%2Fkjlt-1jjv2rwp.1C.31-5n12-B.jvj8xwj51.lxv%2F%3conHkmlDG-kGkF-DHkA-HGCl-EFojFjolEojn%3cA%3cA%3c9%3c9%3c9%3c
IP 89.207.16.75:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 5a2fb24fec0c86de72a98b17847bf5f2
2933f12d58cc1607cf3f81b9c6b1281cf0a9a5f9
aa7108cd47d7619fb2c463f2a02afd205d20957ecc744c2528a8f26b13a0d1fa
GET /ti118y1A9U/18D/RTZZRYYR/RQQWYRZYY/Q/UQQVQUYVZXTYSTYWTZ:UXkWnecAdRuL/WVSRUYS2T3YTRR32YST1V0W1Q-RYQVRQ?n=d%3clsx!6B6G-4nA5kI3%3cq22y1%3A%2F%2F555.mykxu45.wn2%2Flurlt-A99FHAIHH-ACIIAHHA%3c%3cP%3cq22y1%3A%2F%2Fkjlt-1jjv2rwp.1C.31-5n12-B.jvj8xwj51.lxv%2F%3conHkmlDG-kGkF-DHkA-HGCl-EFojFjolEojn%3cA%3cA%3c9%3c9%3c9%3c HTTP/1.1
Host: www.emjcd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://back-saamting.s3.us-west-2.amazonaws.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: Resin/4.0.66
Set-Cookie: S=400504859738238639:47K6NEClD1Uw; Max-Age=34041593; Domain=.emjcd.com; Path=/; Secure; SameSite=None
LCLK=cjo!x2x7-ve1wb9u; Max-Age=34041593; Domain=.emjcd.com; Path=/; Secure; SameSite=None
CJSession=fe8bdc47-b7b6-48b1-873c-56fa6afc5fae; Max-Age=-1; Domain=.emjcd.com; Path=/; Secure; SameSite=None
S=400504859738238639:47K6NEClD1Uw; Max-Age=34041593; Domain=.emjcd.com; Path=/; Secure; SameSite=None
P3P: policyref="/w3c/p3p.xml", CP="ALL BUS LEG DSP COR ADM CUR DEV PSA OUR NAV INT"
Cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Tue, 27 Sep 2022 16:42:37 GMT
Location: https://www.badcreditloans.com/?aid=12721¬e=6208103_100681988&atrk=d10f15e9b8901c3dc242b664b903c327d705ef7baf0013c9e
Content-Type: text/html; charset=UTF-8
Content-Length: 373
Date: Tue, 27 Sep 2022 16:42:37 GMT
X-VC-HTTPS: On
ocsp.sca1b.amazontrust.com/
54.230.245.100200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.100:0
Hash 2eefeb3a0ef117432105b6b624ac757a
a43ad404a9af0a7276c7ff5c771facc509c0b086
26d8e077d65e27dd3cdfbc5659cf763fb9ef649ca2a667e5d8a7ae33add0b31c
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: 'max-age=158059'
Date: Tue, 27 Sep 2022 16:42:38 GMT
Server: ECS (dcb/7F84)
X-Cache: Miss from cloudfront
Via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 6HrgFTLf4Is4xQYIMI1MxHSbd2qN65RImMLiaeojXaXoAnKjPxSsiQ==
www.badcreditloans.com/?aid=12721¬e=6208103_100681988&atrk=d10f15e9b8901c3dc242b664b903c327d705ef7baf0013c9e
54.183.42.61200 OK 15 kB URL HTTP/2 www.badcreditloans.com/?aid=12721¬e=6208103_100681988&atrk=d10f15e9b8901c3dc242b664b903c327d705ef7baf0013c9e
IP 54.183.42.61:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (10447), with CRLF, LF line terminators
Hash ab643eaa2183e9767c69ed1456df0eef
192d7f239f1074658dce946f5e4939eb68a48a17
d1d85cc78df067ffdb55e3ad15f35697b6d90c8911cb2ad415354b5913a5c1dd
GET /?aid=12721¬e=6208103_100681988&atrk=d10f15e9b8901c3dc242b664b903c327d705ef7baf0013c9e HTTP/1.1
Host: www.badcreditloans.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://back-saamting.s3.us-west-2.amazonaws.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 27 Sep 2022 16:42:38 GMT
content-type: text/html; charset=UTF-8
content-length: 15010
server: Apache/2.4.41 (Ubuntu)
x-pingback: https://www.badcreditloans.com/xmlrpc.php
link: <https://www.badcreditloans.com/wp-json/>; rel="https://api.w.org/", <https://www.badcreditloans.com/>; rel=shortlink
vary: Accept-Encoding
content-encoding: gzip
x-xyz-srv: lg4
x-xyz-runtime: D=141380
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 639785692dc29802e484e1e1d0ec86c4
cf81784351ce6302f540f491f893b44496809677
0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8380
Expires: Tue, 27 Sep 2022 19:02:18 GMT
Date: Tue, 27 Sep 2022 16:42:38 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 639785692dc29802e484e1e1d0ec86c4
cf81784351ce6302f540f491f893b44496809677
0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8380
Expires: Tue, 27 Sep 2022 19:02:18 GMT
Date: Tue, 27 Sep 2022 16:42:38 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 639785692dc29802e484e1e1d0ec86c4
cf81784351ce6302f540f491f893b44496809677
0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8380
Expires: Tue, 27 Sep 2022 19:02:18 GMT
Date: Tue, 27 Sep 2022 16:42:38 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 639785692dc29802e484e1e1d0ec86c4
cf81784351ce6302f540f491f893b44496809677
0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8380
Expires: Tue, 27 Sep 2022 19:02:18 GMT
Date: Tue, 27 Sep 2022 16:42:38 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 639785692dc29802e484e1e1d0ec86c4
cf81784351ce6302f540f491f893b44496809677
0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8380
Expires: Tue, 27 Sep 2022 19:02:18 GMT
Date: Tue, 27 Sep 2022 16:42:38 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1bfe3adc-1955-4f21-9e44-c0bc53a4edc5.jpeg
34.120.237.76200 OK 9.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1bfe3adc-1955-4f21-9e44-c0bc53a4edc5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash deb8d1e3b6d7fbc8c8ba478269621676
84f5a4c8b38acde814bc790e5b514347718d5bb9
ed14fa766f0708b4166e83b61f160db5671af430917b7c67184bf18d9208742b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1bfe3adc-1955-4f21-9e44-c0bc53a4edc5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9163
x-amzn-requestid: 8ccd9b1f-bef9-4591-be32-e6dd98f4ee78
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZFlKpEZrIAMFS1Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63321bdd-4a40b9c8281b64c725fec0f1;Sampled=0
x-amzn-remapped-date: Mon, 26 Sep 2022 21:38:37 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: bs6HOUmHOoYKDuzBoVHhcr8d4HP4bBmwUF3EtOmwKXo7ozhfaIYEvw==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 21:39:07 GMT
age: 68611
etag: "84f5a4c8b38acde814bc790e5b514347718d5bb9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff092f2d0-abd6-40d2-ad33-9fb0ded1ec0a.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff092f2d0-abd6-40d2-ad33-9fb0ded1ec0a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 91d97447a6a35813e57d942f685544c4
3b660de9902fbfcf2efb477f40480b08545ebc5f
08c1ea19c4918273da12c9a2e962edf4463c486a30f60c8a279a45e5edcf972a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff092f2d0-abd6-40d2-ad33-9fb0ded1ec0a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11881
x-amzn-requestid: 584a2270-56ef-4f46-8ab2-dc0e519b5f45
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YshLfEfoIAMFX9g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6328157c-12f8e8e31318d2da70796520;Sampled=0
x-amzn-remapped-date: Mon, 19 Sep 2022 07:08:44 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: bDpP2pZgrMz5bH_vy76SvyPojDGhPIHfOtv2i4dfHCs1GUuSZVC87w==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 5954c6394458ffb44c970b3819d7ff2a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 22:33:24 GMT
age: 65354
etag: "3b660de9902fbfcf2efb477f40480b08545ebc5f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F79631135-a10c-43bf-85d2-fa2236b96883.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F79631135-a10c-43bf-85d2-fa2236b96883.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 62e68c3cd08dd94d910507512a67e85f
3d4fa8701f17e8818c25584ef5f04bfbee8440cd
058d798963f83f5fb88ab728185f755c5353fa981d93e1b6ff869089f501586b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F79631135-a10c-43bf-85d2-fa2236b96883.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13213
x-amzn-requestid: fe9ec409-2757-4910-8443-5b4d3be7efd3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZFlATEp8oAMFd9Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63321b9b-3230e97a4fe34413285eb578;Sampled=0
x-amzn-remapped-date: Mon, 26 Sep 2022 21:37:31 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: kRSg9NTTAgeAJgIZ_C9_rRodCX4bzGduJEvNPNHUya0Moa2vsmWSoQ==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 21:38:57 GMT
age: 68621
etag: "3d4fa8701f17e8818c25584ef5f04bfbee8440cd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2517fd65-65c6-43b1-93a6-b1205ba3f0f8.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2517fd65-65c6-43b1-93a6-b1205ba3f0f8.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5274e770cb5a704916c8965659709f4a
1a26007f761e439db575fb80fb403031260aecf4
e36e8be75c92feb9b416a46c5918356d8f9694894a799b7c10de21034d33d5ef
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2517fd65-65c6-43b1-93a6-b1205ba3f0f8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7455
x-amzn-requestid: 0887cd56-f324-46cf-a086-709e1c66f354
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZGBTdHmhoAMFvIw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633248e2-42391706084f335228fe3994;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 00:50:42 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: IWzfDNFlgYdqYnbQ9uWfOvqb5zl3I3mgTZrT5pU5P3EvetMRDN5P7w==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 ead78c395f4bede3ec6cd7ea180e3d3a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 01:06:47 GMT
age: 56151
etag: "1a26007f761e439db575fb80fb403031260aecf4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F658e1cdd-3e54-47dd-9724-ec65659721ea.jpeg
34.120.237.76200 OK 6.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F658e1cdd-3e54-47dd-9724-ec65659721ea.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 14218a43c5e5bbce546735a780c8ccce
61676358cdbb2373bc644e66f8a84fbc8cc5daf6
905b1c30a2273aef69904f2eb1451c756fc1fdba02e86ea5c957629dd056aeda
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F658e1cdd-3e54-47dd-9724-ec65659721ea.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6390
x-amzn-requestid: b2681ff8-ab83-41e6-adef-3e6772c93c3f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZGFJ6Gc_oAMF44g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63324f0c-3dbf9f4e2047567b5abdbe74;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 01:17:00 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 8JXEBo_L_xKuKdeoOXEJ6FO7ZVsZVQzUmQFe7fYcxaHRQNEq1HWp6w==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 01:37:50 GMT
age: 54288
etag: "61676358cdbb2373bc644e66f8a84fbc8cc5daf6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F171029d0-40d4-47b3-8936-8ba3b16b3212.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F171029d0-40d4-47b3-8936-8ba3b16b3212.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 347dca206e13a3b13953f0ab398310b4
be60bbc96c832ae385cc9ae5828bd32703011b21
f6da888a54a0c6c73466f2c2a72dd875514a39d81b760a6b0116b4dd56ef31dd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F171029d0-40d4-47b3-8936-8ba3b16b3212.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10211
x-amzn-requestid: 3ea4ac84-2465-4bd1-8ade-863de3c9576e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YbfSuGoQoAMF9oQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632145aa-7843b82728ead9a053c689d1;Sampled=0
x-amzn-remapped-date: Wed, 14 Sep 2022 03:08:26 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: p1vYTqYjOmYHjVmJ8f6qyT_nLIsyXsr7ZI-DI7JBF9RJa0ZJNPiluA==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 e95ec8f1dc02e32f0cb9e113963ceb4e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 21:56:23 GMT
age: 67575
etag: "be60bbc96c832ae385cc9ae5828bd32703011b21"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 2f76d47ed4f3c90f557522303bb760bc
f34542cabea7a4517debf64c298b59fc009ea56c
5ce5c216b7cb6a4425f12453e447ad364bcc1cd7d23a9d2468a8a40adfc2cb10
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 16:42:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 2f76d47ed4f3c90f557522303bb760bc
f34542cabea7a4517debf64c298b59fc009ea56c
5ce5c216b7cb6a4425f12453e447ad364bcc1cd7d23a9d2468a8a40adfc2cb10
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 16:42:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash cae538dcce82598fbe43c0bf443e62dd
cc68ac6be9c5e0087a0000e5735b83270ace30f5
954b9e9d9744e1319c51760780a35de2dec353afffac705c2cca6d836a5e056d
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.badcreditloans.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 19826
date: Tue, 27 Sep 2022 16:41:09 GMT
expires: Tue, 27 Sep 2022 18:41:09 GMT
cache-control: public, max-age=7200
age: 89
last-modified: Sun, 11 Sep 2022 13:50:09 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=AW-1002277421
142.250.74.72200 OK 47 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=AW-1002277421
IP 142.250.74.72:0
File type ASCII text, with very long lines (1720)
Hash 5e4189cfdca7969033bf2ab1f24cea89
43dd4385713c0e9026b4e4283752db72416f524e
c1323e5dcea29c0b85e953bb28a9607f044498b4d2e5fc13a4ca46c3372945fb
GET /gtag/js?id=AW-1002277421 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.badcreditloans.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 27 Sep 2022 16:42:38 GMT
expires: Tue, 27 Sep 2022 16:42:38 GMT
cache-control: private, max-age=900
last-modified: Tue, 27 Sep 2022 16:04:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 46582
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 2f76d47ed4f3c90f557522303bb760bc
f34542cabea7a4517debf64c298b59fc009ea56c
5ce5c216b7cb6a4425f12453e447ad364bcc1cd7d23a9d2468a8a40adfc2cb10
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 16:42:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 2f76d47ed4f3c90f557522303bb760bc
f34542cabea7a4517debf64c298b59fc009ea56c
5ce5c216b7cb6a4425f12453e447ad364bcc1cd7d23a9d2468a8a40adfc2cb10
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 16:42:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.badcreditloans.com/wp-content/themes/bcl/style.css?ver=1643320834
54.183.42.61200 OK 8.3 kB URL HTTP/2 www.badcreditloans.com/wp-content/themes/bcl/style.css?ver=1643320834
IP 54.183.42.61:0
File type assembler source, ASCII text
Hash afc6985b9cc78cf0d9240f45e47a62d3
d83965433e942161cb3ccbfc4c8075c8eaec720b
b87ed4887bc0a66c3ed7e4726bc6f25d6d19fe64d95e78e1a5680049ec847f34
GET /wp-content/themes/bcl/style.css?ver=1643320834 HTTP/1.1
Host: www.badcreditloans.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.badcreditloans.com/?aid=12721¬e=6208103_100681988&atrk=d10f15e9b8901c3dc242b664b903c327d705ef7baf0013c9e
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 16:42:38 GMT
content-type: text/css
content-length: 8291
server: Apache/2.4.41 (Ubuntu)
last-modified: Thu, 27 Jan 2022 22:00:34 GMT
etag: "ac9d-5d697729c76b0-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-xyz-srv: lg4
x-xyz-runtime: D=2053
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
www.badcreditloans.com/wp-content/themes/bcl/assets/js/index.js?ver=1603741530
54.183.42.61200 OK 6.9 kB URL HTTP/2 www.badcreditloans.com/wp-content/themes/bcl/assets/js/index.js?ver=1603741530
IP 54.183.42.61:0
File type ASCII text, with CRLF line terminators
Hash a761f60f7435a52b2f5beaab6c091a35
93e473640400147f69672f350ea90306981cba44
e6f47a3f61d441b82f79d2f80fad4f24106edabb1dca8d2ef75e376ca4cfe567
GET /wp-content/themes/bcl/assets/js/index.js?ver=1603741530 HTTP/1.1
Host: www.badcreditloans.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.badcreditloans.com/?aid=12721¬e=6208103_100681988&atrk=d10f15e9b8901c3dc242b664b903c327d705ef7baf0013c9e
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 16:42:38 GMT
content-type: application/javascript
content-length: 6896
server: Apache/2.4.41 (Ubuntu)
last-modified: Mon, 26 Oct 2020 19:44:47 GMT
etag: "6713-5b29829b111d1-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-xyz-srv: lg3
x-xyz-runtime: D=2193
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
www.badcreditloans.com/wp-content/themes/bcl/assets/js/modernizr.min.js?ver=5.4.2
54.183.42.61200 OK 3.4 kB URL HTTP/2 www.badcreditloans.com/wp-content/themes/bcl/assets/js/modernizr.min.js?ver=5.4.2
IP 54.183.42.61:0
File type ASCII text, with very long lines (7614)
Hash 771befed734a999be61a3d203fb93171
01c424996f4c8ab54d722876fa66f6c800a9feb3
441b7b4ae0a12c2f2819758767cf5a562da66727ebf87d7772767a6c68d54f5d
GET /wp-content/themes/bcl/assets/js/modernizr.min.js?ver=5.4.2 HTTP/1.1
Host: www.badcreditloans.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.badcreditloans.com/?aid=12721¬e=6208103_100681988&atrk=d10f15e9b8901c3dc242b664b903c327d705ef7baf0013c9e
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 16:42:38 GMT
content-type: application/javascript
content-length: 3367
server: Apache/2.4.41 (Ubuntu)
last-modified: Mon, 26 Oct 2020 19:44:47 GMT
etag: "1e4c-5b29829b111d1-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-xyz-srv: lg3
x-xyz-runtime: D=950
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
www.badcreditloans.com/wp-content/themes/bcl/assets/fonts/dm-sans-v6-regular.woff2
54.183.42.61200 OK 24 kB URL HTTP/2 www.badcreditloans.com/wp-content/themes/bcl/assets/fonts/dm-sans-v6-regular.woff2
IP 54.183.42.61:0
File type Web Open Font Format (Version 2), TrueType, length 23608, version 1.0\012- data
Hash 7e045b243033b2f66fc27d07ed1c847b
d155b1927bd8bf72e55b8dfc6c58753973e440c9
6bac0edbae065432c2c866657700b58991e469180f37812eb7e697159d4a755b
GET /wp-content/themes/bcl/assets/fonts/dm-sans-v6-regular.woff2 HTTP/1.1
Host: www.badcreditloans.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.badcreditloans.com/?aid=12721¬e=6208103_100681988&atrk=d10f15e9b8901c3dc242b664b903c327d705ef7baf0013c9e
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 16:42:38 GMT
content-type: font/woff2
content-length: 23608
server: Apache/2.4.41 (Ubuntu)
last-modified: Mon, 27 Sep 2021 17:36:25 GMT
etag: "5c38-5ccfd894ac374"
accept-ranges: bytes
x-xyz-srv: lg4
x-xyz-runtime: D=866
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
www.badcreditloans.com/wp-content/themes/bcl/assets/fonts/dm-sans-v6-700.woff2
54.183.42.61200 OK 23 kB URL HTTP/2 www.badcreditloans.com/wp-content/themes/bcl/assets/fonts/dm-sans-v6-700.woff2
IP 54.183.42.61:0
File type Web Open Font Format (Version 2), TrueType, length 23284, version 1.0\012- data
Hash b584bd54a45b024a9108e91832cbeeb1
942b751c15aaf51ade7fe459103bfe02113d1788
7887e5893187e9dd1c93d7c6f8afc49450c91d8ff6cefaf6de524337314af58d
GET /wp-content/themes/bcl/assets/fonts/dm-sans-v6-700.woff2 HTTP/1.1
Host: www.badcreditloans.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.badcreditloans.com/?aid=12721¬e=6208103_100681988&atrk=d10f15e9b8901c3dc242b664b903c327d705ef7baf0013c9e
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 16:42:38 GMT
content-type: font/woff2
content-length: 23284
server: Apache/2.4.41 (Ubuntu)
last-modified: Mon, 27 Sep 2021 17:36:22 GMT
etag: "5af4-5ccfd891ee4b0"
accept-ranges: bytes
x-xyz-srv: lg3
x-xyz-runtime: D=477
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
www.badcreditloans.com/wp-content/themes/bcl/assets/fonts/dm-sans-v6-italic.woff2
54.183.42.61200 OK 25 kB URL HTTP/2 www.badcreditloans.com/wp-content/themes/bcl/assets/fonts/dm-sans-v6-italic.woff2
IP 54.183.42.61:0
File type Web Open Font Format (Version 2), TrueType, length 24708, version 1.0\012- data
Hash 75dd7de02f4e2bac425578c667f1f26c
b8dfe2ddda8cd90f3e992bb12ffc84cd67cfd78c
507d2f4e0f82e7357a5c190d91f359f0321bcf6cd8c3641d7f7b86503df1ac6f
GET /wp-content/themes/bcl/assets/fonts/dm-sans-v6-italic.woff2 HTTP/1.1
Host: www.badcreditloans.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.badcreditloans.com/?aid=12721¬e=6208103_100681988&atrk=d10f15e9b8901c3dc242b664b903c327d705ef7baf0013c9e
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 16:42:38 GMT
content-type: font/woff2
content-length: 24708
server: Apache/2.4.41 (Ubuntu)
last-modified: Mon, 27 Sep 2021 17:36:25 GMT
etag: "6084-5ccfd894ac374"
accept-ranges: bytes
x-xyz-srv: lg4
x-xyz-runtime: D=1883
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
www.badcreditloans.com/wp-content/themes/bcl/assets/js/jquery-3.5.1.min.js?ver=5.4.2
54.183.42.61200 OK 31 kB URL HTTP/2 www.badcreditloans.com/wp-content/themes/bcl/assets/js/jquery-3.5.1.min.js?ver=5.4.2
IP 54.183.42.61:0
File type ASCII text, with very long lines (65451)
Hash 888c5fa4504182a0224b264a1fda0e73
65f058a7dead59a8063362241865526eb0148f16
7d757e510b1f0c4d44fd98cc0121da8ca4f44793f8583debdef300fb1dbd3715
GET /wp-content/themes/bcl/assets/js/jquery-3.5.1.min.js?ver=5.4.2 HTTP/1.1
Host: www.badcreditloans.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.badcreditloans.com/?aid=12721¬e=6208103_100681988&atrk=d10f15e9b8901c3dc242b664b903c327d705ef7baf0013c9e
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 16:42:38 GMT
content-type: application/javascript
content-length: 30910
server: Apache/2.4.41 (Ubuntu)
last-modified: Mon, 26 Oct 2020 19:45:30 GMT
etag: "15d84-5b2982c3ef15c-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-xyz-srv: lg4
x-xyz-runtime: D=7545
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
www.badcreditloans.com/wp-content/themes/bcl/miniform-styles.css?v=2.3
54.183.42.61200 OK 2.0 kB URL HTTP/2 www.badcreditloans.com/wp-content/themes/bcl/miniform-styles.css?v=2.3
IP 54.183.42.61:0
Hash c2d6eb3affb7df4f1cf6dfb5125c13ad
46e23212e801e771e0fadc62305bc206360e6207
061e9d6c261082a8a8c2400fa8620626bf95322b47c3680837d6140e0da3c63f
GET /wp-content/themes/bcl/miniform-styles.css?v=2.3 HTTP/1.1
Host: www.badcreditloans.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.badcreditloans.com/?aid=12721¬e=6208103_100681988&atrk=d10f15e9b8901c3dc242b664b903c327d705ef7baf0013c9e
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 16:42:38 GMT
content-type: text/css
content-length: 1965
server: Apache/2.4.41 (Ubuntu)
last-modified: Tue, 25 Jan 2022 00:07:35 GMT
etag: "2233-5d65cdf5064c9-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-xyz-srv: lg3
x-xyz-runtime: D=705
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
www.badcreditloans.com/wp-content/themes/bcl/assets/fonts/playfair-display-v22-700.woff2
54.183.42.61200 OK 59 kB URL HTTP/2 www.badcreditloans.com/wp-content/themes/bcl/assets/fonts/playfair-display-v22-700.woff2
IP 54.183.42.61:0
File type Web Open Font Format (Version 2), TrueType, length 59372, version 1.0\012- data
Hash 35e48c09a03ba12293245f47e0578f23
0e286900544f8fa844c53f56b9af972d74c5eee8
f531f004c9001fa12a22c0685aea4317cbb08eb5ef2f8dd12e199eb2e4b938a4
GET /wp-content/themes/bcl/assets/fonts/playfair-display-v22-700.woff2 HTTP/1.1
Host: www.badcreditloans.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.badcreditloans.com/?aid=12721¬e=6208103_100681988&atrk=d10f15e9b8901c3dc242b664b903c327d705ef7baf0013c9e
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 16:42:38 GMT
content-type: font/woff2
content-length: 59372
server: Apache/2.4.41 (Ubuntu)
last-modified: Mon, 27 Sep 2021 17:36:22 GMT
etag: "e7ec-5ccfd891ef450"
accept-ranges: bytes
x-xyz-srv: lg3
x-xyz-runtime: D=450
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
www.badcreditloans.com/p/v1/smartform/loader?user=betatester&key=12345&uuid=S-u-20110610-232322-450668&url=/p/v1/&experiment=ABCMini&rsBrand=BadCreditLoans.com&rsMaxAmount=10000&rsMinAmount=100&rsPhone=1-800-245-5626&rsFFLink=/start-here
54.183.42.61200 OK 1.5 kB URL HTTP/2 www.badcreditloans.com/p/v1/smartform/loader?user=betatester&key=12345&uuid=S-u-20110610-232322-450668&url=/p/v1/&experiment=ABCMini&rsBrand=BadCreditLoans.com&rsMaxAmount=10000&rsMinAmount=100&rsPhone=1-800-245-5626&rsFFLink=/start-here
IP 54.183.42.61:0
File type HTML document, ASCII text
Hash 5686c3f3b59c63b1cc078c0301556a5f
8859efcfb97f88bdb525656eff856dc90607f363
a261867aba8ef6bafa75d94773c0eca33e5b5574f73b7e769f1f5d14c2d00946
GET /p/v1/smartform/loader?user=betatester&key=12345&uuid=S-u-20110610-232322-450668&url=/p/v1/&experiment=ABCMini&rsBrand=BadCreditLoans.com&rsMaxAmount=10000&rsMinAmount=100&rsPhone=1-800-245-5626&rsFFLink=/start-here HTTP/1.1
Host: www.badcreditloans.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.badcreditloans.com/?aid=12721¬e=6208103_100681988&atrk=d10f15e9b8901c3dc242b664b903c327d705ef7baf0013c9e
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 16:42:39 GMT
content-type: application/javascript
content-length: 1495
server: Apache/2.4.41 (Ubuntu)
cache-control: max-age=0, no-store, private
x-encoded-content-encoding: gzip
vary: Accept-Encoding
content-encoding: gzip
set-cookie: ITM_GID=ITM_GID_633327ff0d9629.60616667; expires=Mon, 22-Sep-2042 16:42:39 GMT; Max-Age=630720000; path=/; SameSite=Strict
x-xyz-srv: lg4
x-xyz-runtime: D=275014
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
www.badcreditloans.com/wp-content/themes/bcl/assets/images/home-hero_desktop_2x.jpg
54.183.42.61200 OK 145 kB URL HTTP/2 www.badcreditloans.com/wp-content/themes/bcl/assets/images/home-hero_desktop_2x.jpg
IP 54.183.42.61:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 3200x1680, components 3\012- data
Size 145 kB (145199 bytes)
Hash 3e280a9f23d57fa81e7101e0cb2088b7
2aba43765f31128644b8f67fcbf7a7c4bdf94ade
e035e9fc6498319111012d8da914cc784a6cf7fde2156a34109be0a8d06b9258
GET /wp-content/themes/bcl/assets/images/home-hero_desktop_2x.jpg HTTP/1.1
Host: www.badcreditloans.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.badcreditloans.com/wp-content/themes/bcl/style.css?ver=1643320834
Cookie: ITM_GID=ITM_GID_633327ff0d9629.60616667
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 16:42:39 GMT
content-type: image/jpeg
content-length: 145199
server: Apache/2.4.41 (Ubuntu)
last-modified: Mon, 26 Oct 2020 19:44:47 GMT
etag: "2372f-5b29829b10231"
accept-ranges: bytes
x-xyz-srv: lg3
x-xyz-runtime: D=665
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
www.badcreditloans.com/p/cdn/smartform/js/badcreditloanscom-experiment.js?v=1664296959
54.183.42.61200 OK 805 B URL HTTP/2 www.badcreditloans.com/p/cdn/smartform/js/badcreditloanscom-experiment.js?v=1664296959
IP 54.183.42.61:0
File type ASCII text, with very long lines (1646), with no line terminators
Hash e51137b644a68c3cb2117c6a3703b6c1
e3be5ea7e1fb4fbe7154a6e7b38f9c6eaea65b35
628a8327bf0a3c436316c3fa888da37ce7f7be4830434b850208b968116cd703
GET /p/cdn/smartform/js/badcreditloanscom-experiment.js?v=1664296959 HTTP/1.1
Host: www.badcreditloans.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.badcreditloans.com/?aid=12721¬e=6208103_100681988&atrk=d10f15e9b8901c3dc242b664b903c327d705ef7baf0013c9e
Cookie: ITM_GID=ITM_GID_633327ff0d9629.60616667
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 16:42:39 GMT
content-type: application/javascript
content-length: 805
server: Apache/2.4.41 (Ubuntu)
cache-control: max-age=0, no-store, private
vary: Accept-Encoding
last-modified: Tue, 06 Sep 2022 17:17:44 GMT
etag: "8d00dcd88a847b7eaf8af30413eb4497-gzip"
accept-ranges: bytes
x-cache: Miss from cloudfront
via: 1.1 e2d7efb4a6fe4a49c212c47079f43f9c.cloudfront.net (CloudFront)
x-amz-cf-pop: SFO5-P1
x-amz-cf-id: 5YDBZVnUXxxPyL7QSM8-T0lqOy3yhtkTzJLyMaySZQX5nW0e0O7f5g==
content-encoding: gzip
x-xyz-srv: lg3
x-xyz-runtime: D=38969
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
www.badcreditloans.com/wp-content/themes/bcl/assets/images/we-re-here-for-you_desktop_2x.jpg
54.183.42.61200 OK 139 kB URL HTTP/2 www.badcreditloans.com/wp-content/themes/bcl/assets/images/we-re-here-for-you_desktop_2x.jpg
IP 54.183.42.61:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1200x1170, components 3\012- data
Size 139 kB (139438 bytes)
Hash 55427eb75979cd88d5ed1c4537be86d9
c7f1ea798a9bf38147e45329deb3a6e10bdf75ca
b98e22e094dd2317db3e08a464a9668083fb1fb37716c901af44f91462ae3293
GET /wp-content/themes/bcl/assets/images/we-re-here-for-you_desktop_2x.jpg HTTP/1.1
Host: www.badcreditloans.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.badcreditloans.com/wp-content/themes/bcl/style.css?ver=1643320834
Cookie: ITM_GID=ITM_GID_633327ff0d9629.60616667
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 16:42:39 GMT
content-type: image/jpeg
content-length: 139438
server: Apache/2.4.41 (Ubuntu)
last-modified: Mon, 26 Oct 2020 19:45:30 GMT
etag: "220ae-5b2982c3ef15c"
accept-ranges: bytes
x-xyz-srv: lg4
x-xyz-runtime: D=565
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 5e01e4cfb215a3f052b4c716bc77c1a6
6e63b3e883051319571310c44b87591f0312d83f
aebb544e0762c6c3eb289d85c20299baa3f742dc46cfa5bcc33ac6df411285ae
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 16:42:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/pagead/conversion_async.js
142.250.74.164200 OK 16 kB URL HTTP/2 www.google.com/pagead/conversion_async.js
IP 142.250.74.164:0
File type ASCII text, with very long lines (1654)
Hash 890f716858b5f72587e47c5eca121cb5
91871a0acd9a0ab644d51036bb5ca0c3bdc5e687
7a3629e375468328b3fb25e1a6cc5749604f09099e8d2109f366e7e0226aee4a
GET /pagead/conversion_async.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.badcreditloans.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Tue, 27 Sep 2022 16:42:39 GMT
expires: Tue, 27 Sep 2022 16:42:39 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 3080337328058561381
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 15693
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash be52dbe2d47697a7f007d69c486b77b4
fe445ea87749e97423e7865bc559ad78f672a62d
65d16df2b3095c658d2bdf39b06d57486967bba7b43c43108e5025d7af5b7ab6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 16:42:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 6ab8b69fade235ccf1a15d2cac6dd95e
37c426c0e6940920c4478855c6bb610731edd316
025fc814f74bed6fcfc2a4c25b670c1d538d06c5ce07af13d3f9f8354ca34604
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 16:42:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.badcreditloans.com/p/cdn/smartform/js/chunk-common.js?v=1664296959
54.183.42.61200 OK 221 kB URL HTTP/2 www.badcreditloans.com/p/cdn/smartform/js/chunk-common.js?v=1664296959
IP 54.183.42.61:0
Size 221 kB (221258 bytes)
Hash df4368d44735e136f37e5c6f9ffafaa9
1c7e3f6d9fde66aaa4e91ee3f00a079d9645d4d4
72c97ab6367707455212df7eb1998711206001e222a94c72eaa6df40ce3a7bfa
GET /p/cdn/smartform/js/chunk-common.js?v=1664296959 HTTP/1.1
Host: www.badcreditloans.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.badcreditloans.com/?aid=12721¬e=6208103_100681988&atrk=d10f15e9b8901c3dc242b664b903c327d705ef7baf0013c9e
Cookie: ITM_GID=ITM_GID_633327ff0d9629.60616667
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 16:42:39 GMT
content-type: application/javascript
server: Apache/2.4.41 (Ubuntu)
cache-control: max-age=0, no-store, private
vary: Accept-Encoding
last-modified: Tue, 06 Sep 2022 17:17:44 GMT
etag: "e141fb1d390037f9964addda812cc7e7-gzip"
accept-ranges: bytes
x-cache: Miss from cloudfront
via: 1.1 fde752a2d4e95c2353cf5fc17ef7bf2a.cloudfront.net (CloudFront)
x-amz-cf-pop: SFO5-P1
x-amz-cf-id: jMmCZL8x_Kq7Cf_9z_NqlJ-59dta3Wra3xqoV1XK_TmGqAyK7tf50A==
content-encoding: gzip
x-xyz-srv: lg4
x-xyz-runtime: D=71989
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/1002277421/?random=1664296957510&cv=9&fst=1664296957510&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9l0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.badcreditloans.com%2F%3Faid%3D12721%26note%3D6208103_100681988%26atrk%3Dd10f15e9b8901c3dc242b664b903c327d705ef7baf0013c9e&ref=https%3A%2F%2Fback-saamting.s3.us-west-2.amazonaws.com%2F&tiba=Bad%20Credit%20Loans&auid=2079089459.1664296957&hn=www.google.com&async=1&rfmt=3&fmt=4
142.250.74.34200 OK 1.1 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/1002277421/?random=1664296957510&cv=9&fst=1664296957510&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9l0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.badcreditloans.com%2F%3Faid%3D12721%26note%3D6208103_100681988%26atrk%3Dd10f15e9b8901c3dc242b664b903c327d705ef7baf0013c9e&ref=https%3A%2F%2Fback-saamting.s3.us-west-2.amazonaws.com%2F&tiba=Bad%20Credit%20Loans&auid=2079089459.1664296957&hn=www.google.com&async=1&rfmt=3&fmt=4
IP 142.250.74.34:0
File type ASCII text, with very long lines (2588), with no line terminators
Hash ee633e40869de907fb2a5dab4b6add05
41da8a0abf46d110e479dd001aeda9c9221334a2
a3284fb7ee8614d7ffe3bd94e2df6101f9dceaefca4682847fa9c4364982c76c
GET /pagead/viewthroughconversion/1002277421/?random=1664296957510&cv=9&fst=1664296957510&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9l0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.badcreditloans.com%2F%3Faid%3D12721%26note%3D6208103_100681988%26atrk%3Dd10f15e9b8901c3dc242b664b903c327d705ef7baf0013c9e&ref=https%3A%2F%2Fback-saamting.s3.us-west-2.amazonaws.com%2F&tiba=Bad%20Credit%20Loans&auid=2079089459.1664296957&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.badcreditloans.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 27 Sep 2022 16:42:39 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1140
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Tue, 27-Sep-2022 16:57:39 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j97&tid=UA-29593650-1&cid=247961316.1664296957&jid=500502296&gjid=1133997559&_gid=1413387245.1664296957&_u=YEBAAEAAAAAAAC~&z=584939667
64.233.162.155200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j97&tid=UA-29593650-1&cid=247961316.1664296957&jid=500502296&gjid=1133997559&_gid=1413387245.1664296957&_u=YEBAAEAAAAAAAC~&z=584939667
IP 64.233.162.155:0
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j97&tid=UA-29593650-1&cid=247961316.1664296957&jid=500502296&gjid=1133997559&_gid=1413387245.1664296957&_u=YEBAAEAAAAAAAC~&z=584939667 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://www.badcreditloans.com
Connection: keep-alive
Referer: https://www.badcreditloans.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://www.badcreditloans.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Tue, 27 Sep 2022 16:42:39 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 6ab8b69fade235ccf1a15d2cac6dd95e
37c426c0e6940920c4478855c6bb610731edd316
025fc814f74bed6fcfc2a4c25b670c1d538d06c5ce07af13d3f9f8354ca34604
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 16:42:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash ef12641bb4d59312b43f4f06ae2cee73
5450eaf271bf466e6aa58b63d52b49b66c5f4a6f
894fd5dabf39c09179591f3305d88ef71eb467ddeb1fc5c568dc377c3a1317d4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 16:42:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash ef12641bb4d59312b43f4f06ae2cee73
5450eaf271bf466e6aa58b63d52b49b66c5f4a6f
894fd5dabf39c09179591f3305d88ef71eb467ddeb1fc5c568dc377c3a1317d4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 16:42:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-29593650-1&cid=247961316.1664296957&jid=500502296&_u=YEBAAEAAAAAAAC~&z=1805756539
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-29593650-1&cid=247961316.1664296957&jid=500502296&_u=YEBAAEAAAAAAAC~&z=1805756539
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-29593650-1&cid=247961316.1664296957&jid=500502296&_u=YEBAAEAAAAAAAC~&z=1805756539 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.badcreditloans.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 27 Sep 2022 16:42:40 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/pagead/1p-user-list/1002277421/?random=1664296957510&cv=9&fst=1664294400000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9l0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.badcreditloans.com%2F%3Faid%3D12721%26note%3D6208103_100681988%26atrk%3Dd10f15e9b8901c3dc242b664b903c327d705ef7baf0013c9e&ref=https%3A%2F%2Fback-saamting.s3.us-west-2.amazonaws.com%2F&tiba=Bad%20Credit%20Loans&async=1&fmt=3&is_vtc=1&random=1657971249&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/1002277421/?random=1664296957510&cv=9&fst=1664294400000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9l0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.badcreditloans.com%2F%3Faid%3D12721%26note%3D6208103_100681988%26atrk%3Dd10f15e9b8901c3dc242b664b903c327d705ef7baf0013c9e&ref=https%3A%2F%2Fback-saamting.s3.us-west-2.amazonaws.com%2F&tiba=Bad%20Credit%20Loans&async=1&fmt=3&is_vtc=1&random=1657971249&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/1002277421/?random=1664296957510&cv=9&fst=1664294400000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9l0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.badcreditloans.com%2F%3Faid%3D12721%26note%3D6208103_100681988%26atrk%3Dd10f15e9b8901c3dc242b664b903c327d705ef7baf0013c9e&ref=https%3A%2F%2Fback-saamting.s3.us-west-2.amazonaws.com%2F&tiba=Bad%20Credit%20Loans&async=1&fmt=3&is_vtc=1&random=1657971249&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.badcreditloans.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 27 Sep 2022 16:42:40 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash ef12641bb4d59312b43f4f06ae2cee73
5450eaf271bf466e6aa58b63d52b49b66c5f4a6f
894fd5dabf39c09179591f3305d88ef71eb467ddeb1fc5c568dc377c3a1317d4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 16:42:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.badcreditloans.com/p/v1/smartform/load-form?_experiment=ABCMini&aid=12721&atrk=d10f15e9b8901c3dc242b664b903c327d705ef7baf0013c9e¬e=6208103_100681988&domain_uuid=S-u-20110610-232322-450668&landingPage=https%3A%2F%2Fwww.badcreditloans.com%2F%3Faid%3D12721%26note%3D6208103_100681988%26atrk%3Dd10f15e9b8901c3dc242b664b903c327d705ef7baf0013c9e&iFingerprint=%7B%22formFocusCounter%22%3A0%2C%22lastMouseCoords%22%3A%5B%5D%2C%22screen%22%3A%5B1280%2C1024%5D%2C%22start%22%3A1664296958%7D&wtiPrefix=42434c&referer=https%3A%2F%2Fback-saamting.s3.us-west-2.amazonaws.com%2F&owWID=452&user=betatester
54.183.42.61200 OK 4.7 kB URL HTTP/2 www.badcreditloans.com/p/v1/smartform/load-form?_experiment=ABCMini&aid=12721&atrk=d10f15e9b8901c3dc242b664b903c327d705ef7baf0013c9e¬e=6208103_100681988&domain_uuid=S-u-20110610-232322-450668&landingPage=https%3A%2F%2Fwww.badcreditloans.com%2F%3Faid%3D12721%26note%3D6208103_100681988%26atrk%3Dd10f15e9b8901c3dc242b664b903c327d705ef7baf0013c9e&iFingerprint=%7B%22formFocusCounter%22%3A0%2C%22lastMouseCoords%22%3A%5B%5D%2C%22screen%22%3A%5B1280%2C1024%5D%2C%22start%22%3A1664296958%7D&wtiPrefix=42434c&referer=https%3A%2F%2Fback-saamting.s3.us-west-2.amazonaws.com%2F&owWID=452&user=betatester
IP 54.183.42.61:0
Hash da839cc4f8daf8cd810d07de1db2c840
f5817734fb2542acbc7301a35e4d72b16c10c938
3853859d229335419a44c69e1e28ed81fe848090dcba77901fb62738f28d1056
GET /p/v1/smartform/load-form?_experiment=ABCMini&aid=12721&atrk=d10f15e9b8901c3dc242b664b903c327d705ef7baf0013c9e¬e=6208103_100681988&domain_uuid=S-u-20110610-232322-450668&landingPage=https%3A%2F%2Fwww.badcreditloans.com%2F%3Faid%3D12721%26note%3D6208103_100681988%26atrk%3Dd10f15e9b8901c3dc242b664b903c327d705ef7baf0013c9e&iFingerprint=%7B%22formFocusCounter%22%3A0%2C%22lastMouseCoords%22%3A%5B%5D%2C%22screen%22%3A%5B1280%2C1024%5D%2C%22start%22%3A1664296958%7D&wtiPrefix=42434c&referer=https%3A%2F%2Fback-saamting.s3.us-west-2.amazonaws.com%2F&owWID=452&user=betatester HTTP/1.1
Host: www.badcreditloans.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.badcreditloans.com/?aid=12721¬e=6208103_100681988&atrk=d10f15e9b8901c3dc242b664b903c327d705ef7baf0013c9e
authorization: Basic YmV0YXRlc3RlcjoxMjM0NQ==
content-type: application/x-www-form-urlencoded
Connection: keep-alive
Cookie: ITM_GID=ITM_GID_633327ff0d9629.60616667; _ga=GA1.2.247961316.1664296957; _gid=GA1.2.1413387245.1664296957; _gat=1; _gcl_au=1.1.2079089459.1664296957; sfData=eyJsYW5kaW5nUGFnZSI6Imh0dHBzOi8vd3d3LmJhZGNyZWRpdGxvYW5zLmNvbS8%2FYWlkPTEyNzIxJm5vdGU9NjIwODEwM18xMDA2ODE5ODgmYXRyaz1kMTBmMTVlOWI4OTAxYzNkYzI0MmI2NjRiOTAzYzMyN2Q3MDVlZjdiYWYwMDEzYzllIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 16:42:40 GMT
content-type: application/json
content-length: 4681
server: Apache/2.4.41 (Ubuntu)
vary: Authorization,Accept-Encoding
cache-control: no-cache, private
access-control-allow-origin: *
access-control-allow-headers: Authorization
access-control-request-method: GET, POST, PUT, HEAD, OPTIONS
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
x-encoded-content-encoding: gzip
content-encoding: gzip
set-cookie: ITM_GID=ITM_GID_633327ff0d9629.60616667; expires=Mon, 22-Sep-2042 16:42:40 GMT; Max-Age=630720000; path=/; SameSite=Strict
x-xyz-srv: lg4
x-xyz-runtime: D=545057
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3823d156-2245-40a3-a9a3-7cb4a5c4a14d.jpeg
34.120.237.76200 OK 7.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3823d156-2245-40a3-a9a3-7cb4a5c4a14d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8ef8d9284ebd57a7cf76ceb762291356
2b53c4f836970501a682dae07235215c487d35cc
3529ab97ab2214ee9c67ee234beac96cd40f0bd6092b92b71c60956ed5710b41
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3823d156-2245-40a3-a9a3-7cb4a5c4a14d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 7716
x-amzn-requestid: 1cf0b1c7-4611-40bf-b72a-412ebd03ef79
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y2KguFL7IAMFzKA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632bf137-2b7c15d3071e0266586fd17d;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 05:23:03 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: eE2AvjvM7j07Go69VVEmTF8Q-KA5bZwOBdn_SgR5fcZj8lL760_q2Q==
via: 1.1 d042f60a962591f741406f28a8170c5a.cloudfront.net (CloudFront), 1.1 ebe4011a81a36e2bf678f69ce1711330.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 17:57:22 GMT
age: 81923
etag: "2b53c4f836970501a682dae07235215c487d35cc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2