r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 73c4166ca864f777db2cc1cd8658a7c2
c56b66b0b7c8516d4d5bfafe0c166711c78f3d25
310c633350812c064e159275b6dbbdba6d6a5991a54ccfcc23459320c6513572
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "310C633350812C064E159275B6DBBDBA6D6A5991A54CCFCC23459320C6513572"
Last-Modified: Sat, 22 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12255
Expires: Sun, 23 Oct 2022 22:48:29 GMT
Date: Sun, 23 Oct 2022 19:24:14 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
143.204.55.115200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bdb8b66c705a7b996496d780f50c00b5
403ae92039fcc933870f51f913f78ccaf9652256
c923ed2539f4ce9f4d43743c402fbb2060a52a4cbedbf14c5f5742ab718073d6
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Alert, Content-Length, Retry-After, Backoff
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sun, 23 Oct 2022 18:26:53 GMT
Expires: Sun, 23 Oct 2022 18:57:47 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 654YlK6NswLoyAGiDRUwovELi8iVtwHarp7ZBRYya36U3YaI38PvHQ==
Age: 3441
searchancestry.com/search/db.aspx?dbid=3693
45.56.79.23200 OK 7.1 kB URL HTTP/1.1 searchancestry.com/search/db.aspx?dbid=3693
IP 45.56.79.23:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (329)
Hash 9946848197d82d0d00be1b669fb242c9
0db6c433d1e68ce00f18653a3084a584b5af2fa3
cc4bcdd7d69df2dbfb59c7983acdd246a5f51764c31171b592af9f65ad389374
Analyzer Verdict Alert fortinet Malware
GET /search/db.aspx?dbid=3693 HTTP/1.1
Host: searchancestry.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
server: openresty/1.13.6.1
date: Sun, 23 Oct 2022 19:24:14 GMT
content-type: text/html; charset=utf-8
content-length: 7148
vary: Accept-Language
content-language: en
connection: close
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash cecd3b2e0cd07173ee1fb63b0a744119
774e0935fffd5bb39799c040098e32c3dc88702f
78c2c60f2d752f572f1711e23aa3f82d5e5bce1940064405f6f989886f6315df
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "78C2C60F2D752F572F1711E23AA3F82D5E5BCE1940064405F6F989886F6315DF"
Last-Modified: Sat, 22 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15622
Expires: Sun, 23 Oct 2022 23:44:36 GMT
Date: Sun, 23 Oct 2022 19:24:14 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: tDaV+XgQIH88loe7gf2HWHsPm7fdaM/CWOpDZ+3Kh6trlXr0aZxIJmL4jJyXDYjuRg6wHEqzZGg=
x-amz-request-id: 9EGNSEB494YK34JK
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 23 Oct 2022 18:38:05 GMT
age: 2769
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 23 Oct 2022 19:24:14 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
searchancestry.com/mtm/async/.eJxdjNsKwjAQRP8ljzUkQkGs0m-RbbptAs3FzVYj4r-bqk--zZzDzFOs5MRJ6IxAxupxUJBTEVIAzbmKcXBj3x66tiLCCQmp0lpszHwJ4LHW7xiCwcz0UCb67cAYTFwtY2Ft2S8SUlqcAXYx6LKRXfmnfjlf-73qpPMwo4abm37xjkOSjW4-_iheb_YRPz0:1omgZy:YRdnaKPe14E-_DHA5a79CkVbBSI/1/0
45.56.79.23200 OK 442 B URL HTTP/1.1 searchancestry.com/mtm/async/.eJxdjNsKwjAQRP8ljzUkQkGs0m-RbbptAs3FzVYj4r-bqk--zZzDzFOs5MRJ6IxAxupxUJBTEVIAzbmKcXBj3x66tiLCCQmp0lpszHwJ4LHW7xiCwcz0UCb67cAYTFwtY2Ft2S8SUlqcAXYx6LKRXfmnfjlf-73qpPMwo4abm37xjkOSjW4-_iheb_YRPz0:1omgZy:YRdnaKPe14E-_DHA5a79CkVbBSI/1/0
IP 45.56.79.23:0
File type ASCII text, with very long lines (442), with no line terminators
Hash d75e7d764221173e38b0c19ed4ab2121
d0e1be1094d9604994367c44c19002b20aa5848e
252a50b1d169d7f80c6a2dc7f311034ebf03184ee531ca7fe9942620773c0e20
GET /mtm/async/.eJxdjNsKwjAQRP8ljzUkQkGs0m-RbbptAs3FzVYj4r-bqk--zZzDzFOs5MRJ6IxAxupxUJBTEVIAzbmKcXBj3x66tiLCCQmp0lpszHwJ4LHW7xiCwcz0UCb67cAYTFwtY2Ft2S8SUlqcAXYx6LKRXfmnfjlf-73qpPMwo4abm37xjkOSjW4-_iheb_YRPz0:1omgZy:YRdnaKPe14E-_DHA5a79CkVbBSI/1/0 HTTP/1.1
Host: searchancestry.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://searchancestry.com/search/db.aspx?dbid=3693
Connection: keep-alive
HTTP/1.1 200 OK
server: openresty/1.13.6.1
date: Sun, 23 Oct 2022 19:24:14 GMT
content-type: text/html; charset=utf-8
content-length: 442
x-mtm-path: 4
x-mtm-prov: 300:0.00;308:79.33
x-mtm-rd: 0.93
vary: Accept-Language
content-language: en
set-cookie: mtm_delivered=WyJzZWFyY2hhbmNlc3RyeS5jb20iLCJodHRwOi8vd3d3MS5zZWFyY2hhbmNlc3RyeS5jb20vP3RtPTEmc3ViaWQ0PTE2NjY1NTMwNTQuMDM4ODU5MDAwMCZLVzE9TG93ZXN0JTIwQ2FyJTIwSW5zdXJhbmNlJTIwUmF0ZXMmS1cyPUdldCUyMEFuJTIwT25saW5lJTIwRGVncmVlJktXMz1FbGl0ZSUyMERhdGluZyUyMFNlcnZpY2VzJktXND1EZWRpY2F0ZWQlMjBHYW1pbmclMjBTZXJ2ZXImS1c1PVNvY2lhbCUyME1lZGlhJTIwQXV0b21hdGlvbiUyME1hcmtldGluZyUyMFNvZnR3YXJlJktXNj1Tb2NpYWwlMjBNZWRpYSUyMEF1dG9tYXRpb24lMjBNYXJrZXRpbmclMjBTb2Z0d2FyZSZLVzc9TG93ZXN0JTIwQ2FyJTIwSW5zdXJhbmNlJTIwUmF0ZXMmS1c4PU9ubGluZSUyMENhcmVlciUyMENvdW5zZWxpbmclMjBQcm9ncmFtcyZLVzk9RnJlZSUyMENyZWRpdCUyMENhcmQlMjBBcHBseSZzZWFyY2hib3g9MCZiYWNrZmlsbD0wIiwxLCIyMDIyLTEwLTIzIDE5OjI0OjE0IiwxLCIxNjY2NTUzMDU0LjAzODg1OTAwMDAiLDMwOCxudWxsLG51bGxd:1omgZy:ldtZUnzzOsYjBxUyen3bUtvgpKs; expires=Sun, 23-Oct-2022 20:24:14 GMT; Max-Age=3600; Path=/
connection: close
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.115200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Sun, 23 Oct 2022 18:43:40 GMT
Expires: Sun, 23 Oct 2022 19:41:30 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 71c98156ae29b36a903974f9dd2568f8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: i4geKCaAV84NgMGjMWiMp_hvubnWRS1HM2efKKSqWl8_HrZIy0A1nA==
Age: 2434
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 60d5d7cce6c32a6bdaf0d4c92ec93a1a
cd29edee660366b41749cfd206bdc08fb421449c
fb90c4cc44b32e4ca4a7d1533bbf4a2fd5c482dda5d232f1be2334f3cefbbb0e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5588
Cache-Control: max-age=137736
Content-Type: application/ocsp-response
Date: Sun, 23 Oct 2022 19:24:15 GMT
Etag: "6354f613-1d7"
Expires: Tue, 25 Oct 2022 09:39:51 GMT
Last-Modified: Sun, 23 Oct 2022 08:06:43 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471
www1.searchancestry.com/?tm=1&subid4=1666553054.0388590000&KW1=Lowest%20Car%20Insurance%20Rates&KW2=Get%20An%20Online%20Degree&KW3=Elite%20Dating%20Services&KW4=Dedicated%20Gaming%20Server&KW5=Social%20Media%20Automation%20Marketing%20Software&KW6=Social%20Media%20Automation%20Marketing%20Software&KW7=Lowest%20Car%20Insurance%20Rates&KW8=Online%20Career%20Counseling%20Programs&KW9=Free%20Credit%20Card%20Apply&searchbox=0&backfill=0
76.223.26.96200 OK 2.5 kB URL HTTP/1.1 www1.searchancestry.com/?tm=1&subid4=1666553054.0388590000&KW1=Lowest%20Car%20Insurance%20Rates&KW2=Get%20An%20Online%20Degree&KW3=Elite%20Dating%20Services&KW4=Dedicated%20Gaming%20Server&KW5=Social%20Media%20Automation%20Marketing%20Software&KW6=Social%20Media%20Automation%20Marketing%20Software&KW7=Lowest%20Car%20Insurance%20Rates&KW8=Online%20Career%20Counseling%20Programs&KW9=Free%20Credit%20Card%20Apply&searchbox=0&backfill=0
IP 76.223.26.96:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2246)
Hash 97c835b603d89cbfc98572e44f5458f1
6e3beae9b3937409cd2454039f1c480b984bed55
0c7828f1c15c9c969a8111a93b97b5d79a369c0dd492f0586e920ebaa22aa49f
GET /?tm=1&subid4=1666553054.0388590000&KW1=Lowest%20Car%20Insurance%20Rates&KW2=Get%20An%20Online%20Degree&KW3=Elite%20Dating%20Services&KW4=Dedicated%20Gaming%20Server&KW5=Social%20Media%20Automation%20Marketing%20Software&KW6=Social%20Media%20Automation%20Marketing%20Software&KW7=Lowest%20Car%20Insurance%20Rates&KW8=Online%20Career%20Counseling%20Programs&KW9=Free%20Credit%20Card%20Apply&searchbox=0&backfill=0 HTTP/1.1
Host: www1.searchancestry.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://searchancestry.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sun, 23 Oct 2022 19:24:15 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Redirect: zeropark_zeroclick
X-Template: tpl_CleanPeppermintBlack_twoclick
X-Language: norwegian
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Content-Encoding: gzip
d38psrni17bvxu.cloudfront.net/scripts/js3.js
54.230.245.130200 OK 1.1 kB URL HTTP/1.1 d38psrni17bvxu.cloudfront.net/scripts/js3.js
IP 54.230.245.130:0
File type ASCII text, with very long lines (506)
Hash 64b79b43df8fbf2c5d082964b9116a68
dc3c763519baf0f4c32bb60bfc429651a491ea01
c57e9feec209e3ea5eb1d75a1ba6fa277242a3df250055be8446052b51e58637
GET /scripts/js3.js HTTP/1.1
Host: d38psrni17bvxu.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.searchancestry.com/
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 1134
Connection: keep-alive
Server: nginx
Date: Sun, 23 Oct 2022 08:20:16 GMT
Last-Modified: Tue, 17 Aug 2021 09:17:22 GMT
Accept-Ranges: bytes
ETag: "611b7ea2-46e"
X-Cache: Hit from cloudfront
Via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: AF8Fx5dU0A9CyoP9rbCXUaTglKE_jkqJ5drVQITmVtPviJuY0YP7FA==
Age: 39839
push.services.mozilla.com/
54.149.101.24101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.149.101.24:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: c3L69u5MgrIHyt26VjetjA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: DxFyfDGGX+6Fp0Hng7U5clTtgBU=
www1.searchancestry.com/track.php?domain=searchancestry.com&toggle=browserjs&uid=MTY2NjU1MzA1NC45MDQ1OjVlMGJhODA3ZTBlOWIwMjM0MjM2N2VhMWU0ZTYyN2Q2NGQ2YzBkZjM3MWM4ZmI0ZTk4MDRkNzFhZDNjMmMwZTk6NjM1NTk0ZGVkY2QyYw%3D%3D
76.223.26.96200 OK 20 B URL HTTP/1.1 www1.searchancestry.com/track.php?domain=searchancestry.com&toggle=browserjs&uid=MTY2NjU1MzA1NC45MDQ1OjVlMGJhODA3ZTBlOWIwMjM0MjM2N2VhMWU0ZTYyN2Q2NGQ2YzBkZjM3MWM4ZmI0ZTk4MDRkNzFhZDNjMmMwZTk6NjM1NTk0ZGVkY2QyYw%3D%3D
IP 76.223.26.96:0
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /track.php?domain=searchancestry.com&toggle=browserjs&uid=MTY2NjU1MzA1NC45MDQ1OjVlMGJhODA3ZTBlOWIwMjM0MjM2N2VhMWU0ZTYyN2Q2NGQ2YzBkZjM3MWM4ZmI0ZTk4MDRkNzFhZDNjMmMwZTk6NjM1NTk0ZGVkY2QyYw%3D%3D HTTP/1.1
Host: www1.searchancestry.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.searchancestry.com/?tm=1&subid4=1666553054.0388590000&KW1=Lowest%20Car%20Insurance%20Rates&KW2=Get%20An%20Online%20Degree&KW3=Elite%20Dating%20Services&KW4=Dedicated%20Gaming%20Server&KW5=Social%20Media%20Automation%20Marketing%20Software&KW6=Social%20Media%20Automation%20Marketing%20Software&KW7=Lowest%20Car%20Insurance%20Rates&KW8=Online%20Career%20Counseling%20Programs&KW9=Free%20Credit%20Card%20Apply&searchbox=0&backfill=0
HTTP/1.1 200 OK
Date: Sun, 23 Oct 2022 19:24:16 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Custom-Track: browserjs
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Access-Control-Allow-Origin: *
Content-Encoding: gzip
www1.searchancestry.com/ls.php
76.223.26.96201 Created 0 B URL HTTP/1.1 www1.searchancestry.com/ls.php
IP 76.223.26.96:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /ls.php HTTP/1.1
Host: www1.searchancestry.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 2198
Origin: http://www1.searchancestry.com
Connection: keep-alive
Referer: http://www1.searchancestry.com/?tm=1&subid4=1666553054.0388590000&KW1=Lowest%20Car%20Insurance%20Rates&KW2=Get%20An%20Online%20Degree&KW3=Elite%20Dating%20Services&KW4=Dedicated%20Gaming%20Server&KW5=Social%20Media%20Automation%20Marketing%20Software&KW6=Social%20Media%20Automation%20Marketing%20Software&KW7=Lowest%20Car%20Insurance%20Rates&KW8=Online%20Career%20Counseling%20Programs&KW9=Free%20Credit%20Card%20Apply&searchbox=0&backfill=0
HTTP/1.1 201 Created
Date: Sun, 23 Oct 2022 19:24:16 GMT
Content-Type: text/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
X-Log-Success: 635594e06cfbc40def0d1ff7
Charset: utf-8
Access-Control-Allow-Origin: http://www1.searchancestry.com
Access-Control-Allow-Methods: POST, OPTIONS
Access-Control-Max-Age: 86400
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_eOPb/t//BlS965h8V3jx9ucQ9Nfwu6bndlb9noadaXeNR/nVkpR6Gv/OsyUvAWCiyWuf0V7CRogNOocVX/vArw==
www1.searchancestry.com/favicon.ico
76.223.26.96200 OK 0 B URL HTTP/1.1 www1.searchancestry.com/favicon.ico
IP 76.223.26.96:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: www1.searchancestry.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.searchancestry.com/?tm=1&subid4=1666553054.0388590000&KW1=Lowest%20Car%20Insurance%20Rates&KW2=Get%20An%20Online%20Degree&KW3=Elite%20Dating%20Services&KW4=Dedicated%20Gaming%20Server&KW5=Social%20Media%20Automation%20Marketing%20Software&KW6=Social%20Media%20Automation%20Marketing%20Software&KW7=Lowest%20Car%20Insurance%20Rates&KW8=Online%20Career%20Counseling%20Programs&KW9=Free%20Credit%20Card%20Apply&searchbox=0&backfill=0
HTTP/1.1 200 OK
Date: Sun, 23 Oct 2022 19:24:16 GMT
Content-Type: image/x-icon
Content-Length: 0
Connection: keep-alive
Server: nginx
Last-Modified: Tue, 12 May 2020 14:25:52 GMT
ETag: "5ebab1f0-0"
Accept-Ranges: bytes
www1.searchancestry.com/track.php?click=7734c042495d131ef4c95617c4712d5c9f446293&domain=searchancestry.com&uid=MTY2NjU1MzA1NC45MDQ1OjVlMGJhODA3ZTBlOWIwMjM0MjM2N2VhMWU0ZTYyN2Q2NGQ2YzBkZjM3MWM4ZmI0ZTk4MDRkNzFhZDNjMmMwZTk6NjM1NTk0ZGVkY2QyYw%3D%3D&ts=fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMTF8fHx8fHw2MzU1OTRkZWRjZDBhfHx8MTY2NjU1MzA1NS4yNTM2fDRjOWE5NzgwODBiMWM2MzJiYmZiNTE5MjY3NTc3MWEwOGMzNDMyMjN8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fHx8MHwwfHwwfHx8MHwwfFcxMD18fDF8VzEwPXxiODM5NzY4NDIyNTE1NzllZTcxNDg0YTUzNTBhMzBiMjk0YjIxMjQwfDB8ZHAtdGVhbWludGVybmV0MTJfM3BofDB8MA%3D%3D&kw=&search=&pcat=&rxid=&bucket=&clientID=&adtest=off
76.223.26.96200 OK 20 B URL HTTP/1.1 www1.searchancestry.com/track.php?click=7734c042495d131ef4c95617c4712d5c9f446293&domain=searchancestry.com&uid=MTY2NjU1MzA1NC45MDQ1OjVlMGJhODA3ZTBlOWIwMjM0MjM2N2VhMWU0ZTYyN2Q2NGQ2YzBkZjM3MWM4ZmI0ZTk4MDRkNzFhZDNjMmMwZTk6NjM1NTk0ZGVkY2QyYw%3D%3D&ts=fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMTF8fHx8fHw2MzU1OTRkZWRjZDBhfHx8MTY2NjU1MzA1NS4yNTM2fDRjOWE5NzgwODBiMWM2MzJiYmZiNTE5MjY3NTc3MWEwOGMzNDMyMjN8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fHx8MHwwfHwwfHx8MHwwfFcxMD18fDF8VzEwPXxiODM5NzY4NDIyNTE1NzllZTcxNDg0YTUzNTBhMzBiMjk0YjIxMjQwfDB8ZHAtdGVhbWludGVybmV0MTJfM3BofDB8MA%3D%3D&kw=&search=&pcat=&rxid=&bucket=&clientID=&adtest=off
IP 76.223.26.96:0
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /track.php?click=7734c042495d131ef4c95617c4712d5c9f446293&domain=searchancestry.com&uid=MTY2NjU1MzA1NC45MDQ1OjVlMGJhODA3ZTBlOWIwMjM0MjM2N2VhMWU0ZTYyN2Q2NGQ2YzBkZjM3MWM4ZmI0ZTk4MDRkNzFhZDNjMmMwZTk6NjM1NTk0ZGVkY2QyYw%3D%3D&ts=fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMTF8fHx8fHw2MzU1OTRkZWRjZDBhfHx8MTY2NjU1MzA1NS4yNTM2fDRjOWE5NzgwODBiMWM2MzJiYmZiNTE5MjY3NTc3MWEwOGMzNDMyMjN8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fHx8MHwwfHwwfHx8MHwwfFcxMD18fDF8VzEwPXxiODM5NzY4NDIyNTE1NzllZTcxNDg0YTUzNTBhMzBiMjk0YjIxMjQwfDB8ZHAtdGVhbWludGVybmV0MTJfM3BofDB8MA%3D%3D&kw=&search=&pcat=&rxid=&bucket=&clientID=&adtest=off HTTP/1.1
Host: www1.searchancestry.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.searchancestry.com/?tm=1&subid4=1666553054.0388590000&KW1=Lowest%20Car%20Insurance%20Rates&KW2=Get%20An%20Online%20Degree&KW3=Elite%20Dating%20Services&KW4=Dedicated%20Gaming%20Server&KW5=Social%20Media%20Automation%20Marketing%20Software&KW6=Social%20Media%20Automation%20Marketing%20Software&KW7=Lowest%20Car%20Insurance%20Rates&KW8=Online%20Career%20Counseling%20Programs&KW9=Free%20Credit%20Card%20Apply&searchbox=0&backfill=0
HTTP/1.1 200 OK
Date: Sun, 23 Oct 2022 19:24:16 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-View-Match: true
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Access-Control-Allow-Origin: *
Content-Encoding: gzip
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash bed68ee568e74be152402c71cbf26510
38092ae53739e8ee13362c84df108bad734c4b64
26cd9ff2fb48cc7fb7c83cc325f4cb4713fc442cc4842baa728c570081be0445
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "26CD9FF2FB48CC7FB7C83CC325F4CB4713FC442CC4842BAA728C570081BE0445"
Last-Modified: Sat, 22 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10914
Expires: Sun, 23 Oct 2022 22:26:10 GMT
Date: Sun, 23 Oct 2022 19:24:16 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash bed68ee568e74be152402c71cbf26510
38092ae53739e8ee13362c84df108bad734c4b64
26cd9ff2fb48cc7fb7c83cc325f4cb4713fc442cc4842baa728c570081be0445
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "26CD9FF2FB48CC7FB7C83CC325F4CB4713FC442CC4842BAA728C570081BE0445"
Last-Modified: Sat, 22 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10914
Expires: Sun, 23 Oct 2022 22:26:10 GMT
Date: Sun, 23 Oct 2022 19:24:16 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash bed68ee568e74be152402c71cbf26510
38092ae53739e8ee13362c84df108bad734c4b64
26cd9ff2fb48cc7fb7c83cc325f4cb4713fc442cc4842baa728c570081be0445
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "26CD9FF2FB48CC7FB7C83CC325F4CB4713FC442CC4842BAA728C570081BE0445"
Last-Modified: Sat, 22 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10914
Expires: Sun, 23 Oct 2022 22:26:10 GMT
Date: Sun, 23 Oct 2022 19:24:16 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash bed68ee568e74be152402c71cbf26510
38092ae53739e8ee13362c84df108bad734c4b64
26cd9ff2fb48cc7fb7c83cc325f4cb4713fc442cc4842baa728c570081be0445
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "26CD9FF2FB48CC7FB7C83CC325F4CB4713FC442CC4842BAA728C570081BE0445"
Last-Modified: Sat, 22 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10914
Expires: Sun, 23 Oct 2022 22:26:10 GMT
Date: Sun, 23 Oct 2022 19:24:16 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0856e94c-65e7-489a-95b5-cc37407bf90f.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0856e94c-65e7-489a-95b5-cc37407bf90f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 208445a6f07a7259b8a420c062a81998
50d9f1642c3c47504fb2d4086a40ae8fb9479b50
607a81c5d0210faaa103d09fba1e0b9dde333c5142969272b0b5351a779acfa4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0856e94c-65e7-489a-95b5-cc37407bf90f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12031
x-amzn-requestid: 38ca5b87-35e4-46d5-aa1a-15433660ab86
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aZGifEXzIAMFdHw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63538476-6c2e5d980616d50c0ef8698a;Sampled=0
x-amzn-remapped-date: Sat, 22 Oct 2022 05:49:42 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: DpE5uiagdaNLvVqbkou7bVNaLYPZ9vhYawucSE36lWIp65bga3gN2w==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 ebe4011a81a36e2bf678f69ce1711330.cloudfront.net (CloudFront), 1.1 google
date: Sun, 23 Oct 2022 08:04:17 GMT
age: 40799
etag: "50d9f1642c3c47504fb2d4086a40ae8fb9479b50"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F47c95e4a-b411-4326-8723-bceab59b6d74.jpeg
34.120.237.76200 OK 8.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F47c95e4a-b411-4326-8723-bceab59b6d74.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7fa30ef7eff515cfddf2f3b7ee67eb85
b488761c8ce781a44dcaf2e515ef548480dcd1bc
47c0e8ea9ef52c5d45dca54eb251d89983fba9937b7cf7872b065de04786f6ef
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F47c95e4a-b411-4326-8723-bceab59b6d74.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8109
x-amzn-requestid: 39c9edcc-ea64-443e-82b3-230e41edbcb4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aFhHBG_HoAMF7Ug=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634baef9-7d6e66cd2012a3e8607f0d28;Sampled=0
x-amzn-remapped-date: Sun, 16 Oct 2022 07:12:57 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: -mkpkDB8pmoOQhWZI82RUYjaqQmzCGXNyN5sr1TYXb2kTX16pMGJ_A==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 001e7070d795018d01b93988b9723742.cloudfront.net (CloudFront), 1.1 google
date: Sat, 22 Oct 2022 22:26:56 GMT
age: 75440
etag: "b488761c8ce781a44dcaf2e515ef548480dcd1bc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F412682e9-14c9-40e4-bfec-f73f656f5e10.jpeg
34.120.237.76200 OK 5.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F412682e9-14c9-40e4-bfec-f73f656f5e10.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 37143b9d51a289f11607b6b0f9ba534a
4b5e283e4397985f837ab28d94c167ddfdb26c7c
d664702a83cac4eaee1710fd03ca41e35d62ae699224490367e605b529e45566
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F412682e9-14c9-40e4-bfec-f73f656f5e10.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5348
x-amzn-requestid: d44ded7c-15b6-4c30-a810-4af1edbb9bc3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aPYYZEnboAMFcMw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634fa102-6bdd3c1a2fa437b106f8ea79;Sampled=0
x-amzn-remapped-date: Wed, 19 Oct 2022 07:02:26 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: dx2yJ8T_lM1OMR3h0DUtiV359392U2UyReU6hi4tOxxbvFR0iZ_kAg==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 2f7934de1dfe281c3e4446892eab6462.cloudfront.net (CloudFront), 1.1 google
date: Sat, 22 Oct 2022 22:01:40 GMT
age: 76956
etag: "4b5e283e4397985f837ab28d94c167ddfdb26c7c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1f0cea17-2f8e-4f01-bdfc-54051ca7d7dd.jpeg
34.120.237.76200 OK 9.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1f0cea17-2f8e-4f01-bdfc-54051ca7d7dd.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b3a1ed5537b0d648ce6e0ecb427a3230
2f85566b25b22ee703ba5348bce25434c83c69de
d35b1e39b8c6f1adc029eea8f3ffc911426aa49a87261fdb33a770e21ced69ec
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1f0cea17-2f8e-4f01-bdfc-54051ca7d7dd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9549
x-amzn-requestid: e1054150-7691-4446-bc6e-91a4fdccbdc2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aIvfRH0oIAMFkJg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634cf92e-41bd300b1693ad1b18368e22;Sampled=0
x-amzn-remapped-date: Mon, 17 Oct 2022 06:41:50 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: X42MkFQC36cQuD150QxORdiO3npJVwAJm8v56o6S4JULV3ttHsZ-1A==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Sun, 23 Oct 2022 16:21:20 GMT
age: 10976
etag: "2f85566b25b22ee703ba5348bce25434c83c69de"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb7a675ac-f55a-4071-867b-fffb2f9fabed.jpeg
34.120.237.76200 OK 7.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb7a675ac-f55a-4071-867b-fffb2f9fabed.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4df9a6ab2e2874f46f9a26da129ae848
c4c9898711e33fb02374657dd18df8a41c78b4cb
e287d1b63e7644767f573e248f28ee610b2625691e5d42006c0595f7281a07d7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb7a675ac-f55a-4071-867b-fffb2f9fabed.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7762
x-amzn-requestid: 5c275a39-95dc-4329-9483-44ca93719be2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aO1dKGS5oAMFR3g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634f6920-2b700b217832bcd257e0f619;Sampled=0
x-amzn-remapped-date: Wed, 19 Oct 2022 03:04:00 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: ShsGMLBfS7cs-LpXBQPQHWvf2ppuoPPIEVMDmaEjrGgoSHbz2z03Mg==
via: 1.1 d2575afea3774df33dcf5e5ff475025e.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Sun, 23 Oct 2022 13:36:45 GMT
age: 20851
etag: "c4c9898711e33fb02374657dd18df8a41c78b4cb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd337e0f9-4135-4fa1-9843-c609356020a9.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd337e0f9-4135-4fa1-9843-c609356020a9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash bcadefe69587d4ab5bf5ff9e71eb5cab
066fb94a6ae38e57d67001cc319eea17f837d511
45b175a2cecee90b2d0efc16c4139686ffcf34bfac9084fe9e5e1c926dc1330c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd337e0f9-4135-4fa1-9843-c609356020a9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10036
x-amzn-requestid: b1f0e0b9-6fc6-4b7c-a9b0-55845cdfd2d9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: abR9aEvjIAMF22Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63546388-72742b3a1279d76e2e842930;Sampled=0
x-amzn-remapped-date: Sat, 22 Oct 2022 21:41:28 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: e-Q7z6QYQB1CGZ57JUJIf6l7Ofu9nGkF-ONfTrXJb6MMegchNYMqWQ==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 ebe4011a81a36e2bf678f69ce1711330.cloudfront.net (CloudFront), 1.1 google
date: Sat, 22 Oct 2022 21:50:36 GMT
etag: "066fb94a6ae38e57d67001cc319eea17f837d511"
content-type: image/jpeg
age: 77620
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
bilqi-omv.com/zcvisitor/47f86ba0-5308-11ed-a0e9-1296e37b819b/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=480d7a46-5308-11ed-a0e9-1296e37b819b
35.174.150.83200 996 B URL HTTP/1.1 bilqi-omv.com/zcvisitor/47f86ba0-5308-11ed-a0e9-1296e37b819b/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=480d7a46-5308-11ed-a0e9-1296e37b819b
IP 35.174.150.83:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash d62680ffd98084ff8a7ae3081c9e2a82
dbe1c81bcbed9f838edc289819175903370433c0
1575a29fb0b6db162c062c90d77f22ed85cdfd809519efcf813cbccd0073921a
GET /zcvisitor/47f86ba0-5308-11ed-a0e9-1296e37b819b/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=480d7a46-5308-11ed-a0e9-1296e37b819b HTTP/1.1
Host: bilqi-omv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.searchancestry.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200
Date: Sun, 23 Oct 2022 19:24:16 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Server: LWPNtvru
bilqi-omv.com/zcredirect?visitid=47f86ba0-5308-11ed-a0e9-1296e37b819b&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false
35.174.150.83200 304 B URL HTTP/1.1 bilqi-omv.com/zcredirect?visitid=47f86ba0-5308-11ed-a0e9-1296e37b819b&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false
IP 35.174.150.83:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 380bd510324b0a24344ab7975bd43424
ea657138873623550d80f39c719bdd6c833040dd
1278b3aa4f772aa59f64b7dce354a2005b589bd5a1e186f9917e0493f6fa01f2
GET /zcredirect?visitid=47f86ba0-5308-11ed-a0e9-1296e37b819b&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false HTTP/1.1
Host: bilqi-omv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bilqi-omv.com/zcvisitor/47f86ba0-5308-11ed-a0e9-1296e37b819b/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=480d7a46-5308-11ed-a0e9-1296e37b819b
Upgrade-Insecure-Requests: 1
HTTP/1.1 200
Date: Sun, 23 Oct 2022 19:24:16 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
redirected: JS
Server: IoEriwCg
bilqi-omv.com/favicon.ico
35.174.150.83404 653 B URL HTTP/1.1 bilqi-omv.com/favicon.ico
IP 35.174.150.83:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (649), with no line terminators
Hash ba2732b1b2fa2626ffaa15f62f9e7d66
203d4e7fbb1d80449d6e4e1f3ae7a9bf8625debe
879861cb72fe9fbb476dab246021c4c83b4066327de2529e05ec54d3afb0a1c8
GET /favicon.ico HTTP/1.1
Host: bilqi-omv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bilqi-omv.com/zcredirect?visitid=47f86ba0-5308-11ed-a0e9-1296e37b819b&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false
HTTP/1.1 404
Date: Sun, 23 Oct 2022 19:24:17 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 653
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Content-Language: en
Server: sGhSrhyY
xml-v4.netload1.com/click?seat=2354258&i=dqHYItdbOWE_0
198.134.116.17302 Found 0 B URL HTTP/1.1 xml-v4.netload1.com/click?seat=2354258&i=dqHYItdbOWE_0
IP 198.134.116.17:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?seat=2354258&i=dqHYItdbOWE_0 HTTP/1.1
Host: xml-v4.netload1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bilqi-omv.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: https://business.wallester.com/atrk?c=b3db4633-db3d-496d-bc74-77b2cf807bdf&promo=direct_link&sub_id=12297348678
Pragma: no-cache
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 98edf43a4d8a9fd23b9cf500f6995961
13fba8984eb703aada3b400a0aa2be5e6d55e5b1
b5144e3cda53172d54bd3fbd8547a6d17387185adcb914704cff23779d9870c9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=130376
Content-Type: application/ocsp-response
Date: Sun, 23 Oct 2022 19:24:17 GMT
Etag: "6354ef29-118"
Expires: Tue, 25 Oct 2022 07:37:13 GMT
Last-Modified: Sun, 23 Oct 2022 07:37:13 GMT
Server: nginx
Content-Length: 280
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 98edf43a4d8a9fd23b9cf500f6995961
13fba8984eb703aada3b400a0aa2be5e6d55e5b1
b5144e3cda53172d54bd3fbd8547a6d17387185adcb914704cff23779d9870c9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 0
Cache-Control: max-age=130376
Content-Type: application/ocsp-response
Date: Sun, 23 Oct 2022 19:24:17 GMT
Etag: "6354ef29-118"
Expires: Tue, 25 Oct 2022 07:37:13 GMT
Last-Modified: Sun, 23 Oct 2022 07:37:13 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 280
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 1.7 kB IP 142.250.74.35:0
Hash c44c7b88819aa8629b21fe29f4d828bd
38a2fe81b6b71762a8df7c867e0fc642961508e0
c712c89932fe739f373418ef7010df0ed2596a1c5e4ccaf5b628cf18491294a3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 23 Oct 2022 19:24:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=UA-106163345-1
142.250.74.168200 OK 45 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-106163345-1
IP 142.250.74.168:0
File type ASCII text, with very long lines (1588)
Hash f6b87633b68c4c4c5c353ba667550b88
e397bd5889788b5343bace8d6852398a08300e98
e8e3c5e6ba1ef5b554afe1cc9e2f96a4cf0b85554906521fa48ef03ce3ab801d
GET /gtag/js?id=UA-106163345-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 23 Oct 2022 19:24:18 GMT
expires: Sun, 23 Oct 2022 19:24:18 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 44627
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.redditstatic.com/ads/pixel.js
151.101.85.140200 OK 13 kB URL HTTP/2 www.redditstatic.com/ads/pixel.js
IP 151.101.85.140:0
Hash c9dd18e2a83f1176637cfbf0b389a32e
ff9e243e2fbe322b08a7ba43654714c99980418b
54b9cb985409ae42506e156f6a27690ed81952ac5471f99b0f3d0824a5f6bb89
GET /ads/pixel.js HTTP/1.1
Host: www.redditstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Tue, 19 Jul 2022 22:48:09 GMT
etag: "95212d33cfff78ad59f5af5b20c48c53"
cache-control: public, max-age=60
content-encoding: gzip
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Sun, 23 Oct 2022 19:24:18 GMT
vary: Accept-Encoding,Origin
server: snooserv
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
content-length: 7722
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 05ee461624e2ec37f65e859afe6543ba
b99dcb558535d3d35d140e730aeeb41587622b30
576b3bf619d0a152889cc44165a229ad0100ccc319cf4d9044b2f26d4b676658
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 23 Oct 2022 19:24:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
alb.reddit.com/rp.gif?ts=1666553058259&id=t2_s9vy0txy&event=PageVisit&m.itemCount=&m.value=&m.valueDecimal=&m.currency=&m.transactionId=&m.customEventName=&m.products=&uuid=5f695bb9-cdc9-4053-a015-fd00cc4c3c1f&aaid=&em=&external_id=6014dbf4cfc2780f9f5d9a62946715072df5e257774a0ba93a56d7a4ee569604&idfa=&integration=reddit&opt_out=0&sh=1280&sw=1024&v=rdt_02c59ad6
151.101.85.140200 OK 10 kB URL HTTP/2 alb.reddit.com/rp.gif?ts=1666553058259&id=t2_s9vy0txy&event=PageVisit&m.itemCount=&m.value=&m.valueDecimal=&m.currency=&m.transactionId=&m.customEventName=&m.products=&uuid=5f695bb9-cdc9-4053-a015-fd00cc4c3c1f&aaid=&em=&external_id=6014dbf4cfc2780f9f5d9a62946715072df5e257774a0ba93a56d7a4ee569604&idfa=&integration=reddit&opt_out=0&sh=1280&sw=1024&v=rdt_02c59ad6
IP 151.101.85.140:0
Hash 355b64717ef4232977edefe79105031c
4bd91557bc697c08512f89cd4624f73d86d77845
216db2ef034c2cf03d3c84b065c165ca1e57b9591638643044bedff336a71d33
GET /rp.gif?ts=1666553058259&id=t2_s9vy0txy&event=PageVisit&m.itemCount=&m.value=&m.valueDecimal=&m.currency=&m.transactionId=&m.customEventName=&m.products=&uuid=5f695bb9-cdc9-4053-a015-fd00cc4c3c1f&aaid=&em=&external_id=6014dbf4cfc2780f9f5d9a62946715072df5e257774a0ba93a56d7a4ee569604&idfa=&integration=reddit&opt_out=0&sh=1280&sw=1024&v=rdt_02c59ad6 HTTP/1.1
Host: alb.reddit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Varnish
retry-after: 0
cross-origin-resource-policy: cross-origin
content-type: image/gif
accept-ranges: bytes
date: Sun, 23 Oct 2022 19:24:18 GMT
via: 1.1 varnish
content-length: 42
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
216.239.32.178200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 216.239.32.178:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Sun, 23 Oct 2022 18:41:09 GMT
expires: Sun, 23 Oct 2022 20:41:09 GMT
cache-control: public, max-age=7200
age: 2589
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 1.5 kB IP 142.250.74.35:0
Hash 9b94a809ec3353283a951e62ca7c9223
fa16e454ef1fbebcd7f3f79d408bb23196e4a1d1
71035967b2431b8f8e9bf3a2d27e468ac210eace1c6163f89dc80b7f5bd41208
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 23 Oct 2022 19:24:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-VBELS46CRV&cid=149000041.1666553059>m=2oeaj0&aip=1&z=180832750
142.250.74.35200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-VBELS46CRV&cid=149000041.1666553059>m=2oeaj0&aip=1&z=180832750
IP 142.250.74.35:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-VBELS46CRV&cid=149000041.1666553059>m=2oeaj0&aip=1&z=180832750 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Connection: keep-alive
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 23 Oct 2022 19:24:18 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 32b18cf6617f4e930872c1470af05703
4c07ce8749baf89e9812de6bb45deb0a3fc5013e
23481ba8ebf19debe4a6119d605ad31c0589a08bbc253a6428938ac9a84d5b22
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 23 Oct 2022 19:24:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 5.9 kB IP 142.250.74.35:0
Hash 8e022db7bc55ec105dd03e03699d7d5d
08b2a51e29d3f604eb7da257f04c07cd7e0054c0
81135dcd74405af3fa58f265eab52bbc7f7ed1c8dfe1867f19b58783671d771c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 23 Oct 2022 19:24:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
snap.licdn.com/li.lms-analytics/insight.min.js
23.36.76.210200 OK 3.1 kB URL HTTP/2 snap.licdn.com/li.lms-analytics/insight.min.js
IP 23.36.76.210:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (7751)
Hash 57efbbeb3e1d23c82b677511c67c8b0e
f927ba115ef4be362694c22850ddbdd1c1b054d1
873b38d80c8ff1ffcac23ecdb7fb2d17413ae3c217236d8e1e24574b1c4707c6
GET /li.lms-analytics/insight.min.js HTTP/1.1
Host: snap.licdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Connection: keep-alive
HTTP/2 200 OK
last-modified: Wed, 19 Oct 2022 18:56:33 GMT
accept-ranges: bytes
content-type: application/x-javascript;charset=utf-8
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=50486
date: Sun, 23 Oct 2022 19:24:18 GMT
content-length: 3063
x-cdn: AKAM
X-Firefox-Spdy: h2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-106163345-1&cid=149000041.1666553059&jid=1125458922&gjid=210343463&_gid=1147427155.1666553059&_u=YADAAUAAAAAAACAAI~&z=862232544
173.194.222.157200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-106163345-1&cid=149000041.1666553059&jid=1125458922&gjid=210343463&_gid=1147427155.1666553059&_u=YADAAUAAAAAAACAAI~&z=862232544
IP 173.194.222.157:0
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-106163345-1&cid=149000041.1666553059&jid=1125458922&gjid=210343463&_gid=1147427155.1666553059&_u=YADAAUAAAAAAACAAI~&z=862232544 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://business.wallester.com
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Connection: keep-alive
HTTP/2 200 OK
access-control-allow-origin: https://business.wallester.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sun, 23 Oct 2022 19:24:18 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 03d42e3245268a9d8f602cacf5a4404e
59b42c91ab2ec67086f549de3d47d45560b91fc7
6e88b2d135f33b12b5c8e244ea0ba75dc6acef16aeb0069a87141e49dd4b7ec9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 23 Oct 2022 19:24:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash aaa80dd51eaef47c83770b112b9e286c
bfd081a3ad2267e522a20b45695cd8a0860b4ad3
049ff9ce34cf51144dd1c80c0155d98ef0fa3c50234431de3c3c691624f840bd
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 23 Oct 2022 19:24:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-106163345-1&cid=149000041.1666553059&jid=1125458922&_u=YADAAUAAAAAAACAAI~&z=462568015
142.250.74.164200 OK 42 B URL HTTP/2 www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-106163345-1&cid=149000041.1666553059&jid=1125458922&_u=YADAAUAAAAAAACAAI~&z=462568015
IP 142.250.74.164:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-106163345-1&cid=149000041.1666553059&jid=1125458922&_u=YADAAUAAAAAAACAAI~&z=462568015 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Connection: keep-alive
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 23 Oct 2022 19:24:19 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
px.ads.linkedin.com/collect?v=2&fmt=js&pid=3557572&time=1666553058820&url=https%3A%2F%2Fbusiness.wallester.com%2F
13.107.42.14200 OK 0 B URL HTTP/2 px.ads.linkedin.com/collect?v=2&fmt=js&pid=3557572&time=1666553058820&url=https%3A%2F%2Fbusiness.wallester.com%2F
IP 13.107.42.14:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /collect?v=2&fmt=js&pid=3557572&time=1666553058820&url=https%3A%2F%2Fbusiness.wallester.com%2F HTTP/1.1
Host: px.ads.linkedin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Connection: keep-alive
HTTP/2 200 OK
content-type: application/javascript
set-cookie: lang=v=2&lang=en-us; Domain=ads.linkedin.com; Path=/; Secure; SameSite=None
bcookie="v=2&b2d819e8-89b2-4bf6-8ee9-6b64239d09b1"; Domain=.linkedin.com; Expires=Mon, 23-Oct-2023 19:24:19 GMT; Path=/; Secure; SameSite=None
li_gc=MTswOzE2NjY1NTMwNTk7MjswMjG1B/DOoYTZ73+uN5w15rqqYdDv2quX3oOGX5l8r61KZw==; Domain=.linkedin.com; Expires=Fri, 21 Apr 2023 19:24:19 GMT; Path=/; Secure; SameSite=None
lidc="b=VGST09:s=V:r=V:a=V:p=V:g=2414:u=1:x=1:i=1666553059:t=1666639459:v=2:sig=AQHRcOclCR3dVQpiI1CqfJB7SxC9tJpP"; Expires=Mon, 24 Oct 2022 19:24:19 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
x-li-fabric: prod-lva1
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-li-pop: afd-prod-lva1-x
x-li-proto: http/2
x-li-uuid: AAXruJ8VVwgcQRtJa6u/fw==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 7656CCB2F6C34B11B9309C967397C558 Ref B: OSL30EDGE0317 Ref C: 2022-10-23T19:24:18Z
date: Sun, 23 Oct 2022 19:24:18 GMT
content-length: 0
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 924935dfe678e1cafb56906ef15defec
063dc4e38a869415d29ff059c0e173966c0c96dd
12045f462e3aa1fa3d2c97f1c3c67951dedc6410db5ce75c1907de5beff81bf4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 23 Oct 2022 19:24:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
region1.analytics.google.com/g/collect?v=2&tid=G-VBELS46CRV>m=2oeaj0&_p=1492669666&_gaz=1&cid=149000041.1666553059&ul=en-us&sr=1280x1024&_s=1&sid=1666553058&sct=1&seg=0&dl=https%3A%2F%2Fbusiness.wallester.com%2F&dt=Free%20company%20expense%20cards%20is%20a%20Business%20Revolution%20%7C%20Wallester&en=page_view&_fv=1&_nsi=1&_ss=1
216.239.32.36204 No Content 0 B URL HTTP/2 region1.analytics.google.com/g/collect?v=2&tid=G-VBELS46CRV>m=2oeaj0&_p=1492669666&_gaz=1&cid=149000041.1666553059&ul=en-us&sr=1280x1024&_s=1&sid=1666553058&sct=1&seg=0&dl=https%3A%2F%2Fbusiness.wallester.com%2F&dt=Free%20company%20expense%20cards%20is%20a%20Business%20Revolution%20%7C%20Wallester&en=page_view&_fv=1&_nsi=1&_ss=1
IP 216.239.32.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-VBELS46CRV>m=2oeaj0&_p=1492669666&_gaz=1&cid=149000041.1666553059&ul=en-us&sr=1280x1024&_s=1&sid=1666553058&sct=1&seg=0&dl=https%3A%2F%2Fbusiness.wallester.com%2F&dt=Free%20company%20expense%20cards%20is%20a%20Business%20Revolution%20%7C%20Wallester&en=page_view&_fv=1&_nsi=1&_ss=1 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Connection: keep-alive
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: null
date: Sun, 23 Oct 2022 19:24:19 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
business.wallester.com/atrk?c=b3db4633-db3d-496d-bc74-77b2cf807bdf&promo=direct_link&sub_id=12297348678
104.26.10.216302 Found 0 B URL HTTP/2 business.wallester.com/atrk?c=b3db4633-db3d-496d-bc74-77b2cf807bdf&promo=direct_link&sub_id=12297348678
IP 104.26.10.216:0
GET /atrk?c=b3db4633-db3d-496d-bc74-77b2cf807bdf&promo=direct_link&sub_id=12297348678 HTTP/1.1
Host: business.wallester.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://bilqi-omv.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sun, 23 Oct 2022 19:24:17 GMT
content-type: text/html
location: https://affiliates.wallester.com/atrk?c=b3db4633-db3d-496d-bc74-77b2cf807bdf&promo=direct_link&sub_id=12297348678
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
referrer-policy: same-origin
cache-control: public
x-wl-cntr: NO
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M8r4R6pNVdTuLOEAxudxUdXGD3YgiuWZTopC%2FxRtHovNkXx6vmL7C0Caa3mc6xfHTeMnfMUls3PV6m3%2BjvRSPQouPvFn0GcSrAOSiFYn%2BaEBF0kkPZ5Zn%2FOqayNly1SMBQhlxwzgfK0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75ecda203ca7b517-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2