Report - westernup.info/

Report Overview

Submitted URL
westernup.info/
IP
37.48.65.152
ASN
#60781 LeaseWeb Netherlands B.V.
Submitted
2022-10-18 18:07:36
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
6

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
westernup.info	unknown			1.4 kB	1.6 kB	37.48.65.152
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-09T05:09:18Z	758 B	2.8 kB	143.204.55.36
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-09T05:09:05Z	2.3 kB	6.2 kB	23.36.77.32
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-09T05:09:48Z	321 B	229 B	34.117.237.239
btpnative.com	108657	2018-10-28T07:54:26Z	2023-03-09T02:26:49Z	1.4 kB	5.9 kB	209.15.13.136
ocsp.sectigo.com	487	2019-11-29T12:50:24Z	2023-03-09T11:25:06Z	328 B	963 B	104.18.32.68
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-09T10:04:36Z	3.2 kB	64 kB	34.120.237.76
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-09T05:09:49Z	401 B	5.9 kB	34.160.144.191
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-09T11:52:10Z	329 B	797 B	93.184.220.29
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-09T05:09:13Z	594 B	127 B	54.149.28.179
mybetterck.com	21362	2022-02-06T10:33:01Z	2022-11-17T20:11:33Z	1.9 kB	978 B	108.168.193.189
p274639.mybetterck.com	381189	2022-06-08T10:33:19Z	2022-11-02T08:11:34Z	1.2 kB	490 B	108.168.193.189

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-10-18	medium	westernup.info	Sinkholed
2022-10-18	medium	westernup.info	Sinkholed
2022-10-18	medium	westernup.info	Sinkholed

JavaScript (2)

	URL	Size	First Seen	Last Seen
	westernup.info/	366 B	2023-03-10	2023-03-10
Pretty URL westernup.info/ IP 37.48.65.152 ASN #60781 LeaseWeb Netherlands B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 11:17:31 Last Seen2023-03-10 11:17:31 Times Seen1 Hash 953a189dd35c517bcd9c604040966510 f4c82273acd411fa46848b8f75e1df18bf7f624e dfcbdfb6d2b570b9692aa1bd6c77f975fd6294d33ba9f420f19f40589a0caf5f Loading...

	btpnative.com/click?data=TjhkeHM0U1Y0RTlYUlViMWZES0h0VkhIS19EelAyZmdwakxYOGNJUEF0SHl5QkJMeFc0eXpMOXZFNGJ5TjVySkRTZ2VUSUhVTXU5aVNtMjJmMVVDS3hKWExsOGdEdXZPZFlzSENKb21RZmowY2dPdHBKVG1oRDYxRDRiWFo0c0VrNTRkc0hwVzMxRWVKdEV1QWNhbF9nMg2&id=a16bb296-c282-451a-ad5e-f3de4fdaee04	4.1 kB	2023-03-07	2023-04-05
Pretty URL btpnative.com/click?data=TjhkeHM0U1Y0RTlYUlViMWZES0h0VkhIS19EelAyZmdwakxYOGNJUEF0SHl5QkJMeFc0eXpMOXZFNGJ5TjVySkRTZ2VUSUhVTXU5aVNtMjJmMVVDS3hKWExsOGdEdXZPZFlzSENKb21RZmowY2dPdHBKVG1oRDYxRDRiWFo0c0VrNTRkc0hwVzMxRWVKdEV1QWNhbF9nMg2&id=a16bb296-c282-451a-ad5e-f3de4fdaee04 IP 209.15.13.136 ASN #13768 COGECO-PEER1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:24 Last Seen2023-04-05 01:56:36 Times Seen24 Hash a95ebc524317681eea9a586db022de39 4971459c3a5c26de04f1ca1edaa9c7ba225ee161 0bdbdaa3f492019a740ce5685efd434006c22801330be205bd590974e73c1b82 Loading...

HTTP Transactions (27)

URL IP Response Size

westernup.info/

37.48.65.152

200 OK

470 B

URL HTTP/1.1
westernup.info/
IP
37.48.65.152:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (470), with no line terminators
Size
470 B (470 bytes)
Hash
0a54ac64ae5832d882775bc28cc5e418
5d36d2f699599333e95921e4847e719ffab23a0d
ae5657216842698fb3c12b4c4128a57c6a517496419234b8151704ecf8199c2c

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: westernup.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 470
content-type: text/html; charset=utf-8
date: Tue, 18 Oct 2022 18:07:24 GMT
server: nginx
set-cookie: sid=b87cd020-4f0f-11ed-aa89-b4a4d150b7ef; path=/; domain=.westernup.info; expires=Sun, 05 Nov 2090 21:21:32 GMT; max-age=2147483647; HttpOnly

firefox.settings.services.mozilla.com/v1/

143.204.55.36

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
143.204.55.36:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
bdb8b66c705a7b996496d780f50c00b5
403ae92039fcc933870f51f913f78ccaf9652256
c923ed2539f4ce9f4d43743c402fbb2060a52a4cbedbf14c5f5742ab718073d6

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Length, Content-Type, Retry-After, Backoff
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 18 Oct 2022 17:51:30 GMT
Expires: Tue, 18 Oct 2022 18:20:39 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 dbfaae0db03f11cf713bbcbdb25be4a2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: fl1Ik5JGo28WcJOHBrq6NLUqL3MLGuActOr22eRGQfclq9rCpgexhg==
Age: 955

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
66155b620c27c14aced991b34be0d1a0
2d489f39edc932199e2d8e03b40c1a5c95b993d2
1a500079242f4472c1e8dafd352c6c6078a7228a1993208d2fe1e27dd00644ea

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1A500079242F4472C1E8DAFD352C6C6078A7228A1993208D2FE1E27DD00644EA"
Last-Modified: Mon, 17 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13532
Expires: Tue, 18 Oct 2022 21:52:57 GMT
Date: Tue, 18 Oct 2022 18:07:25 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
533e1d53f291993ed5886f88a85c6e55
eb4396e8422f71168d32ac6ff3ef49496f625e62
0d1b73b2a228fe76bf14688e603741025a40803971e05570f873b28788334b33

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0D1B73B2A228FE76BF14688E603741025A40803971E05570F873B28788334B33"
Last-Modified: Mon, 17 Oct 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4713
Expires: Tue, 18 Oct 2022 19:25:58 GMT
Date: Tue, 18 Oct 2022 18:07:25 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: BKNn4asqueV7MafO+oHWX/tO+lNKNwU8K4044dAxErekcVKoNY6wuyiCO4mwgT1eHbA4oaCFBKNFgCGBPVFCpw==
x-amz-request-id: P4YCNZMNB7DCEZ1P
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 18 Oct 2022 17:35:58 GMT
age: 1887
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Tue, 18 Oct 2022 18:07:25 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

westernup.info/favicon.ico

37.48.65.152

404 Not Found

9 B

URL HTTP/1.1
westernup.info/favicon.ico
IP
37.48.65.152:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
ASCII text, with no line terminators
Size
9 B (9 bytes)
Hash
d8f4a1993546cc4b850cde3599e27aec
094b763b4cfcc0b05e5d040581cd513c3ca08067
907ba78b4545338d3539683e63ecb51cf51c10adc9dabd86e92bd52339f298b9

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: westernup.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://westernup.info/
Cookie: sid=b87cd020-4f0f-11ed-aa89-b4a4d150b7ef

HTTP/1.1 404 Not Found
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 9
date: Tue, 18 Oct 2022 18:07:25 GMT
server: nginx

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

143.204.55.36

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
143.204.55.36:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Tue, 18 Oct 2022 17:43:40 GMT
Expires: Tue, 18 Oct 2022 17:49:42 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 4f01f770085624552bc30a98954f963a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: YKjpiaVSpDw5bZzLy5ULle414LaLKQovVJaEjenWYr8I9F_wgBADdw==
Age: 1426

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
c9b278637bdca251f78b46e4a0850473
a48fe5095fc27af1c6b6628149d9e8f655295621
eea38f271e134a85a7b586631a8831888ab81f0edb33120b26bd35cdfa032e52

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5242
Cache-Control: max-age=142001
Content-Type: application/ocsp-response
Date: Tue, 18 Oct 2022 18:07:26 GMT
Etag: "634e5e95-1d7"
Expires: Thu, 20 Oct 2022 09:34:07 GMT
Last-Modified: Tue, 18 Oct 2022 08:06:45 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471

westernup.info/?js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY2NjEyMzY0NSwiaWF0IjoxNjY2MTE2NDQ1LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIyc2ZqbzUzaWptcnZqN3MzOTQwbjViMjgiLCJuYmYiOjE2NjYxMTY0NDUsInRzIjoxNjY2MTE2NDQ1NjcwMjYxfQ.3qzpbe_wW5uex7SjaCF2sDFa5ULdYDtyClRq7NxYnFY&sid=b87cd020-4f0f-11ed-aa89-b4a4d150b7ef

37.48.65.152

302 Found

11 B

URL HTTP/1.1
westernup.info/?js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY2NjEyMzY0NSwiaWF0IjoxNjY2MTE2NDQ1LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIyc2ZqbzUzaWptcnZqN3MzOTQwbjViMjgiLCJuYmYiOjE2NjYxMTY0NDUsInRzIjoxNjY2MTE2NDQ1NjcwMjYxfQ.3qzpbe_wW5uex7SjaCF2sDFa5ULdYDtyClRq7NxYnFY&sid=b87cd020-4f0f-11ed-aa89-b4a4d150b7ef
IP
37.48.65.152:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
ASCII text, with no line terminators
Size
11 B (11 bytes)
Hash
32682312d17c7cbf18e73594f5570319
60e22121bdd0bc71cdb2bae2a3aa577006b2eae9
e55fb1a1d731153e943b68844af12dcce8bfac917c98ffdea64c80da0607dd47

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /?js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY2NjEyMzY0NSwiaWF0IjoxNjY2MTE2NDQ1LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIyc2ZqbzUzaWptcnZqN3MzOTQwbjViMjgiLCJuYmYiOjE2NjYxMTY0NDUsInRzIjoxNjY2MTE2NDQ1NjcwMjYxfQ.3qzpbe_wW5uex7SjaCF2sDFa5ULdYDtyClRq7NxYnFY&sid=b87cd020-4f0f-11ed-aa89-b4a4d150b7ef HTTP/1.1
Host: westernup.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://westernup.info/
Cookie: sid=b87cd020-4f0f-11ed-aa89-b4a4d150b7ef
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 Found
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 11
date: Tue, 18 Oct 2022 18:07:25 GMT
location: http://btpnative.com/click?data=TjhkeHM0U1Y0RTlYUlViMWZES0h0VkhIS19EelAyZmdwakxYOGNJUEF0SHl5QkJMeFc0eXpMOXZFNGJ5TjVySkRTZ2VUSUhVTXU5aVNtMjJmMVVDS3hKWExsOGdEdXZPZFlzSENKb21RZmowY2dPdHBKVG1oRDYxRDRiWFo0c0VrNTRkc0hwVzMxRWVKdEV1QWNhbF9nMg2&id=a16bb296-c282-451a-ad5e-f3de4fdaee04
server: nginx
set-cookie: sid=b87cd020-4f0f-11ed-aa89-b4a4d150b7ef; path=/; domain=.westernup.info; expires=Sun, 05 Nov 2090 21:21:33 GMT; max-age=2147483647; HttpOnly

push.services.mozilla.com/

54.149.28.179

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.149.28.179:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: XceF9UvZyShLu8vf73nWGw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 6He5EseY4lQgMd97xGmJE6pVZw0=

btpnative.com/click?data=TjhkeHM0U1Y0RTlYUlViMWZES0h0VkhIS19EelAyZmdwakxYOGNJUEF0SHl5QkJMeFc0eXpMOXZFNGJ5TjVySkRTZ2VUSUhVTXU5aVNtMjJmMVVDS3hKWExsOGdEdXZPZFlzSENKb21RZmowY2dPdHBKVG1oRDYxRDRiWFo0c0VrNTRkc0hwVzMxRWVKdEV1QWNhbF9nMg2&id=a16bb296-c282-451a-ad5e-f3de4fdaee04

209.15.13.136

200 OK

2.2 kB

URL HTTP/1.1
btpnative.com/click?data=TjhkeHM0U1Y0RTlYUlViMWZES0h0VkhIS19EelAyZmdwakxYOGNJUEF0SHl5QkJMeFc0eXpMOXZFNGJ5TjVySkRTZ2VUSUhVTXU5aVNtMjJmMVVDS3hKWExsOGdEdXZPZFlzSENKb21RZmowY2dPdHBKVG1oRDYxRDRiWFo0c0VrNTRkc0hwVzMxRWVKdEV1QWNhbF9nMg2&id=a16bb296-c282-451a-ad5e-f3de4fdaee04
IP
209.15.13.136:0
ASN
#13768 COGECO-PEER1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (349), with CRLF line terminators
Size
2.2 kB (2185 bytes)
Hash
4b5484d618530cf3fbad374041b4f042
f3dc8dff6f7e13bea95e9a246bb24395de9b891f
b23aaeb83c1b04cdac8a9bd8f9ea0515ed0b0e02e0fa487a2d01fd8f280e0d85

HTTP Headers

GET /click?data=TjhkeHM0U1Y0RTlYUlViMWZES0h0VkhIS19EelAyZmdwakxYOGNJUEF0SHl5QkJMeFc0eXpMOXZFNGJ5TjVySkRTZ2VUSUhVTXU5aVNtMjJmMVVDS3hKWExsOGdEdXZPZFlzSENKb21RZmowY2dPdHBKVG1oRDYxRDRiWFo0c0VrNTRkc0hwVzMxRWVKdEV1QWNhbF9nMg2&id=a16bb296-c282-451a-ad5e-f3de4fdaee04 HTTP/1.1
Host: btpnative.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://westernup.info/
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-AspNetMvc-Version: 5.2
X-AspNet-Version: 4.0.30319
Set-Cookie: tYrDKzWOEdAaxbF=tYrDKzWOEdAaxbF; path=/
X-Server: web01
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type
Date: Tue, 18 Oct 2022 18:07:26 GMT
Content-Length: 2185

btpnative.com/Redirect/

209.15.13.136

302 Found

1.5 kB

URL HTTP/1.1
btpnative.com/Redirect/
IP
209.15.13.136:0
ASN
#13768 COGECO-PEER1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (1470), with CRLF line terminators
Size
1.5 kB (1542 bytes)
Hash
61d256df6341836644d2a9956d09de90
8b3bd9531135292d7fbc4b29d361c1c82bd7e3bb
ec0663228de20a9a9820a3b9c34a1b64d185c61805bcacaec260497b0d0de99e

HTTP Headers

POST /Redirect/ HTTP/1.1
Host: btpnative.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 358
Origin: http://btpnative.com
Connection: keep-alive
Referer: http://btpnative.com/click?data=TjhkeHM0U1Y0RTlYUlViMWZES0h0VkhIS19EelAyZmdwakxYOGNJUEF0SHl5QkJMeFc0eXpMOXZFNGJ5TjVySkRTZ2VUSUhVTXU5aVNtMjJmMVVDS3hKWExsOGdEdXZPZFlzSENKb21RZmowY2dPdHBKVG1oRDYxRDRiWFo0c0VrNTRkc0hwVzMxRWVKdEV1QWNhbF9nMg2&id=a16bb296-c282-451a-ad5e-f3de4fdaee04
Cookie: tYrDKzWOEdAaxbF=tYrDKzWOEdAaxbF
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: https://mybetterck.com/aS/feedclick?s=HFz5zNIIs95ROWPasgEEzxpRTG9mCZxJfSMU3tyux_yG1OBPa2Arupnt4ao8LBkH_vAN-6p8GpmDZG8TCuTZ6pDoEwlyap2kCgkrfFs9ISF3Ys-xo4FSmcx7OeVXJCwRHWVUL2gXgUyatsBFMaSTc1RQ5RxkQPBqyyTn3ctXNy_KjrzBLgOCzdi2TCO0dzmXinOx2JwlFvAR7wU948eP6_Pfuzh7x_FCl10uoGr9QiO9Wl0v6NzRFI08XtZDvHGnPhbZEOqjbd-iavoshYp_1-F4drlL_yzqbT6xgvEfb27t1_o0QPrRgOVGi93PF7g-iPxzknryao98b6xBtQS96v_AazKlHknbVWvILOBnQzvFOiAOjhJWiggRzUCTgdBgoi_Kw7JZtpeuw62_Dv6n5SsBP9NvTFVBvnaxJIAjmtUNQjYq0ZiknxqkVcf0FasSVhdfCqJyS6FcbFcMNqm4I4114jwGIEs79G8uwlPYKSUQ_RyCkxpJzAzYwfDz-wODDTS2oP3N7g5R9cLavv8C9bS2iNZgGewWfGhkY4q09_whk43Cg48FqpCz7Yb-WI5nKmeCISTfUaYbkan3PjqAY626xKceTm-wdwyqqz6mQLeangYrcBGgihYxTaDlMe8mrJYlpJcRhbGcp5_CsquxHcgGlYmpepnlx4VtWs3i5kwI0SD6zrDnfRNgiAW0tOF5Akb5J64HLmEnszg0woGiz0RbpfebMFNqlSUDW7ruu1-DwIzBuqzfUbYP_pyjsuQ6QVyPVGBDxxrG6wWOQkvIgnLqTgMVcXjCFCq8CC_izVQRCir97CY0J6tqgkOjByT6roS5_A2uSjR84rahHU9EYkatS5L-RCkHUtVNajDAq_2lkC5mAnyM-KbDfAlgFA_5ibE0IMaNuyipWYSaX27ULwzlI9lmamOtqB6NUit6FEYLRbLirBn0pRRqtuLepC4v0N51OmuzI5M4LO0W6QPpvRLotEzuvHdd83JEZJQRRniSLt5yyuknwRcxRG_MRkay-Vp1TozxZRNaSINcoj9ZdO5mHSollN8_nc30lvvMi97idsaYGogULOw74jN2Hk9q3r6AohbbvlygZvIlQZvOwRCWUY-LAvDj82PVf5OOC6EDfPogyyjf7-wAFAJr2xSfhc3m0GdnIoRiYEu_p7DIHMvJ10dQ-xKBWIeXO8MqKl80hP27KQh_1PTX2Wr-h6FLOJs78iArQNCmrqXUodT6uCZ9EPo-nVtXQEckbX14kBEBdFG90J4ODMW_xy7KIDUREEIcoNjdmVr3_6vWegOwtSNrOhv5tkYgOYwwqJPWDKylKyl9dJYR1B4IgNmbrgkn6erdg3_RkvOfp4mkk_ySByp3LdCyN29u5oestkTcX-c
Server: Microsoft-IIS/8.5
X-AspNetMvc-Version: 5.2
X-AspNet-Version: 4.0.30319
X-Server: web01
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type
Date: Tue, 18 Oct 2022 18:07:26 GMT
Content-Length: 1542

ocsp.sectigo.com/

104.18.32.68

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
0f7610465b8b29c8152fd9f3b7e7b04d
562a450366679608bba9478a417f3c535cdcf705
ea3d6fc2ddc03f950134b455b9595762ade1128bb654829f19a47e70c4f0de3a

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 18 Oct 2022 18:07:27 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 17 Oct 2022 19:20:09 GMT
Expires: Mon, 24 Oct 2022 19:20:08 GMT
Etag: "562a450366679608bba9478a417f3c535cdcf705"
Cache-Control: max-age=522160,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75c336b54a89b511-OSL

mybetterck.com/aS/feedclick?s=HFz5zNIIs95ROWPasgEEzxpRTG9mCZxJfSMU3tyux_yG1OBPa2Arupnt4ao8LBkH_vAN-6p8GpmDZG8TCuTZ6pDoEwlyap2kCgkrfFs9ISF3Ys-xo4FSmcx7OeVXJCwRHWVUL2gXgUyatsBFMaSTc1RQ5RxkQPBqyyTn3ctXNy_KjrzBLgOCzdi2TCO0dzmXinOx2JwlFvAR7wU948eP6_Pfuzh7x_FCl10uoGr9QiO9Wl0v6NzRFI08XtZDvHGnPhbZEOqjbd-iavoshYp_1-F4drlL_yzqbT6xgvEfb27t1_o0QPrRgOVGi93PF7g-iPxzknryao98b6xBtQS96v_AazKlHknbVWvILOBnQzvFOiAOjhJWiggRzUCTgdBgoi_Kw7JZtpeuw62_Dv6n5SsBP9NvTFVBvnaxJIAjmtUNQjYq0ZiknxqkVcf0FasSVhdfCqJyS6FcbFcMNqm4I4114jwGIEs79G8uwlPYKSUQ_RyCkxpJzAzYwfDz-wODDTS2oP3N7g5R9cLavv8C9bS2iNZgGewWfGhkY4q09_whk43Cg48FqpCz7Yb-WI5nKmeCISTfUaYbkan3PjqAY626xKceTm-wdwyqqz6mQLeangYrcBGgihYxTaDlMe8mrJYlpJcRhbGcp5_CsquxHcgGlYmpepnlx4VtWs3i5kwI0SD6zrDnfRNgiAW0tOF5Akb5J64HLmEnszg0woGiz0RbpfebMFNqlSUDW7ruu1-DwIzBuqzfUbYP_pyjsuQ6QVyPVGBDxxrG6wWOQkvIgnLqTgMVcXjCFCq8CC_izVQRCir97CY0J6tqgkOjByT6roS5_A2uSjR84rahHU9EYkatS5L-RCkHUtVNajDAq_2lkC5mAnyM-KbDfAlgFA_5ibE0IMaNuyipWYSaX27ULwzlI9lmamOtqB6NUit6FEYLRbLirBn0pRRqtuLepC4v0N51OmuzI5M4LO0W6QPpvRLotEzuvHdd83JEZJQRRniSLt5yyuknwRcxRG_MRkay-Vp1TozxZRNaSINcoj9ZdO5mHSollN8_nc30lvvMi97idsaYGogULOw74jN2Hk9q3r6AohbbvlygZvIlQZvOwRCWUY-LAvDj82PVf5OOC6EDfPogyyjf7-wAFAJr2xSfhc3m0GdnIoRiYEu_p7DIHMvJ10dQ-xKBWIeXO8MqKl80hP27KQh_1PTX2Wr-h6FLOJs78iArQNCmrqXUodT6uCZ9EPo-nVtXQEckbX14kBEBdFG90J4ODMW_xy7KIDUREEIcoNjdmVr3_6vWegOwtSNrOhv5tkYgOYwwqJPWDKylKyl9dJYR1B4IgNmbrgkn6erdg3_RkvOfp4mkk_ySByp3LdCyN29u5oestkTcX-c

108.168.193.189

302 Found

0 B

URL HTTP/2
mybetterck.com/aS/feedclick?s=HFz5zNIIs95ROWPasgEEzxpRTG9mCZxJfSMU3tyux_yG1OBPa2Arupnt4ao8LBkH_vAN-6p8GpmDZG8TCuTZ6pDoEwlyap2kCgkrfFs9ISF3Ys-xo4FSmcx7OeVXJCwRHWVUL2gXgUyatsBFMaSTc1RQ5RxkQPBqyyTn3ctXNy_KjrzBLgOCzdi2TCO0dzmXinOx2JwlFvAR7wU948eP6_Pfuzh7x_FCl10uoGr9QiO9Wl0v6NzRFI08XtZDvHGnPhbZEOqjbd-iavoshYp_1-F4drlL_yzqbT6xgvEfb27t1_o0QPrRgOVGi93PF7g-iPxzknryao98b6xBtQS96v_AazKlHknbVWvILOBnQzvFOiAOjhJWiggRzUCTgdBgoi_Kw7JZtpeuw62_Dv6n5SsBP9NvTFVBvnaxJIAjmtUNQjYq0ZiknxqkVcf0FasSVhdfCqJyS6FcbFcMNqm4I4114jwGIEs79G8uwlPYKSUQ_RyCkxpJzAzYwfDz-wODDTS2oP3N7g5R9cLavv8C9bS2iNZgGewWfGhkY4q09_whk43Cg48FqpCz7Yb-WI5nKmeCISTfUaYbkan3PjqAY626xKceTm-wdwyqqz6mQLeangYrcBGgihYxTaDlMe8mrJYlpJcRhbGcp5_CsquxHcgGlYmpepnlx4VtWs3i5kwI0SD6zrDnfRNgiAW0tOF5Akb5J64HLmEnszg0woGiz0RbpfebMFNqlSUDW7ruu1-DwIzBuqzfUbYP_pyjsuQ6QVyPVGBDxxrG6wWOQkvIgnLqTgMVcXjCFCq8CC_izVQRCir97CY0J6tqgkOjByT6roS5_A2uSjR84rahHU9EYkatS5L-RCkHUtVNajDAq_2lkC5mAnyM-KbDfAlgFA_5ibE0IMaNuyipWYSaX27ULwzlI9lmamOtqB6NUit6FEYLRbLirBn0pRRqtuLepC4v0N51OmuzI5M4LO0W6QPpvRLotEzuvHdd83JEZJQRRniSLt5yyuknwRcxRG_MRkay-Vp1TozxZRNaSINcoj9ZdO5mHSollN8_nc30lvvMi97idsaYGogULOw74jN2Hk9q3r6AohbbvlygZvIlQZvOwRCWUY-LAvDj82PVf5OOC6EDfPogyyjf7-wAFAJr2xSfhc3m0GdnIoRiYEu_p7DIHMvJ10dQ-xKBWIeXO8MqKl80hP27KQh_1PTX2Wr-h6FLOJs78iArQNCmrqXUodT6uCZ9EPo-nVtXQEckbX14kBEBdFG90J4ODMW_xy7KIDUREEIcoNjdmVr3_6vWegOwtSNrOhv5tkYgOYwwqJPWDKylKyl9dJYR1B4IgNmbrgkn6erdg3_RkvOfp4mkk_ySByp3LdCyN29u5oestkTcX-c
IP
108.168.193.189:0
ASN
#36351 SOFTLAYER

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /aS/feedclick?s=HFz5zNIIs95ROWPasgEEzxpRTG9mCZxJfSMU3tyux_yG1OBPa2Arupnt4ao8LBkH_vAN-6p8GpmDZG8TCuTZ6pDoEwlyap2kCgkrfFs9ISF3Ys-xo4FSmcx7OeVXJCwRHWVUL2gXgUyatsBFMaSTc1RQ5RxkQPBqyyTn3ctXNy_KjrzBLgOCzdi2TCO0dzmXinOx2JwlFvAR7wU948eP6_Pfuzh7x_FCl10uoGr9QiO9Wl0v6NzRFI08XtZDvHGnPhbZEOqjbd-iavoshYp_1-F4drlL_yzqbT6xgvEfb27t1_o0QPrRgOVGi93PF7g-iPxzknryao98b6xBtQS96v_AazKlHknbVWvILOBnQzvFOiAOjhJWiggRzUCTgdBgoi_Kw7JZtpeuw62_Dv6n5SsBP9NvTFVBvnaxJIAjmtUNQjYq0ZiknxqkVcf0FasSVhdfCqJyS6FcbFcMNqm4I4114jwGIEs79G8uwlPYKSUQ_RyCkxpJzAzYwfDz-wODDTS2oP3N7g5R9cLavv8C9bS2iNZgGewWfGhkY4q09_whk43Cg48FqpCz7Yb-WI5nKmeCISTfUaYbkan3PjqAY626xKceTm-wdwyqqz6mQLeangYrcBGgihYxTaDlMe8mrJYlpJcRhbGcp5_CsquxHcgGlYmpepnlx4VtWs3i5kwI0SD6zrDnfRNgiAW0tOF5Akb5J64HLmEnszg0woGiz0RbpfebMFNqlSUDW7ruu1-DwIzBuqzfUbYP_pyjsuQ6QVyPVGBDxxrG6wWOQkvIgnLqTgMVcXjCFCq8CC_izVQRCir97CY0J6tqgkOjByT6roS5_A2uSjR84rahHU9EYkatS5L-RCkHUtVNajDAq_2lkC5mAnyM-KbDfAlgFA_5ibE0IMaNuyipWYSaX27ULwzlI9lmamOtqB6NUit6FEYLRbLirBn0pRRqtuLepC4v0N51OmuzI5M4LO0W6QPpvRLotEzuvHdd83JEZJQRRniSLt5yyuknwRcxRG_MRkay-Vp1TozxZRNaSINcoj9ZdO5mHSollN8_nc30lvvMi97idsaYGogULOw74jN2Hk9q3r6AohbbvlygZvIlQZvOwRCWUY-LAvDj82PVf5OOC6EDfPogyyjf7-wAFAJr2xSfhc3m0GdnIoRiYEu_p7DIHMvJ10dQ-xKBWIeXO8MqKl80hP27KQh_1PTX2Wr-h6FLOJs78iArQNCmrqXUodT6uCZ9EPo-nVtXQEckbX14kBEBdFG90J4ODMW_xy7KIDUREEIcoNjdmVr3_6vWegOwtSNrOhv5tkYgOYwwqJPWDKylKyl9dJYR1B4IgNmbrgkn6erdg3_RkvOfp4mkk_ySByp3LdCyN29u5oestkTcX-c HTTP/1.1
Host: mybetterck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://btpnative.com/
Connection: keep-alive
Cookie: rhid=81412752446
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
server: nginx
date: Tue, 18 Oct 2022 18:07:27 GMT
content-length: 0
set-cookie: rhid=81412752446; Max-Age=15552000; Expires=Sun, 16-Apr-2023 18:07:27 GMT; Domain=mybetterck.com; Path=/; SameSite=None; secure;
location: https://p274639.mybetterck.com/adServe/domainClick?ai=gNSPw4YcvsCApKkKBx7IDKUrKX10lhHUHgiA2ZuuCSc9-pN-296VwllkxBoAj0MJTGPXxfHUfZ4El3Kn0XLeN35SUSIt4s2nP0RWgXMK-vqdSxlVmFZU8_7b0smYQd2ZntvpDL1rWYdOIs3E02P7fdIIVSVCneJApX4VUjrnbzJC7lNHM8LVEzdmkZQqqBbUAbRBquoa7IilfhVSOudvMlSA3mTLCiXVKdetkfa9dXFVO4_EnqWIJX6SG4ly_InwZZnqzIvm-Gm-wHSK4m9oDiX-MgTUZasXT5xISGsNs7ESRyc3Q7-jufs31EvJ1VNOHxXMSdErUoadrNP9-AgE1Lh2c3kkE4JMhb_2mUAuQOK-BQzncPOfLSJmznl89uGV7wgFT-lh_qpuB6OXN_rsgcmEGqekUBiPh4EXwqOopbiWN55gOOCMJQ&ui=HFz5zNIIs96w8gbO8AoGVPmI0xR1wwxSMtxVOH8RecXTlPigIK4Gdu4ExpQZAyMwkS3RYD4Gcg7Bd_RDXEtLI97_COYpzBARmNyneEaZPo4OqPIHa2lA9Q&si=1&oref=84ef2119edfc4caf88ad2a67b54e36e5&optunit=9_-r1noDsLXygbLe8Gw8JQ&rb=4mwZSEUVHek&rr=4&abtg=0
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
59c9f4b6a5cb5571f7e8ec52f3548732
9bd1c495d09547b8cc983f71b90471f42ec61f94
25c4798d1ef0730368cc5c6d41a4596c5c914865f6f7a4fad97bdd4ce017894e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "25C4798D1EF0730368CC5C6D41A4596C5C914865F6F7A4FAD97BDD4CE017894E"
Last-Modified: Sun, 16 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10510
Expires: Tue, 18 Oct 2022 21:02:37 GMT
Date: Tue, 18 Oct 2022 18:07:27 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
59c9f4b6a5cb5571f7e8ec52f3548732
9bd1c495d09547b8cc983f71b90471f42ec61f94
25c4798d1ef0730368cc5c6d41a4596c5c914865f6f7a4fad97bdd4ce017894e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "25C4798D1EF0730368CC5C6D41A4596C5C914865F6F7A4FAD97BDD4CE017894E"
Last-Modified: Sun, 16 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10510
Expires: Tue, 18 Oct 2022 21:02:37 GMT
Date: Tue, 18 Oct 2022 18:07:27 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
59c9f4b6a5cb5571f7e8ec52f3548732
9bd1c495d09547b8cc983f71b90471f42ec61f94
25c4798d1ef0730368cc5c6d41a4596c5c914865f6f7a4fad97bdd4ce017894e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "25C4798D1EF0730368CC5C6D41A4596C5C914865F6F7A4FAD97BDD4CE017894E"
Last-Modified: Sun, 16 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10510
Expires: Tue, 18 Oct 2022 21:02:37 GMT
Date: Tue, 18 Oct 2022 18:07:27 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
59c9f4b6a5cb5571f7e8ec52f3548732
9bd1c495d09547b8cc983f71b90471f42ec61f94
25c4798d1ef0730368cc5c6d41a4596c5c914865f6f7a4fad97bdd4ce017894e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "25C4798D1EF0730368CC5C6D41A4596C5C914865F6F7A4FAD97BDD4CE017894E"
Last-Modified: Sun, 16 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10510
Expires: Tue, 18 Oct 2022 21:02:37 GMT
Date: Tue, 18 Oct 2022 18:07:27 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
59c9f4b6a5cb5571f7e8ec52f3548732
9bd1c495d09547b8cc983f71b90471f42ec61f94
25c4798d1ef0730368cc5c6d41a4596c5c914865f6f7a4fad97bdd4ce017894e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "25C4798D1EF0730368CC5C6D41A4596C5C914865F6F7A4FAD97BDD4CE017894E"
Last-Modified: Sun, 16 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10510
Expires: Tue, 18 Oct 2022 21:02:37 GMT
Date: Tue, 18 Oct 2022 18:07:27 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F183e5182-d899-4aa5-9644-f2b1544cb135.jpeg

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F183e5182-d899-4aa5-9644-f2b1544cb135.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (10748 bytes)
Hash
1f6bf4f5731a4aa97b78bae1ffd519cb
5ac8a79bf62ff1dda432036aacacbb69c853eabd
f4a1ec168c097a6f2d95e6c3c790e8cb20890cb6e376faa79c8aeeee08b1f370

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F183e5182-d899-4aa5-9644-f2b1544cb135.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10748
x-amzn-requestid: 0d5c19df-5776-4c7b-9f62-904adcbe6e1c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aKyosGUJoAMFt_Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634dcb04-44bb56725b31b5f240865d99;Sampled=0
x-amzn-remapped-date: Mon, 17 Oct 2022 21:37:08 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: IiF3b1hUN3X38JLzoLhvqggtupKgzCTBgdanlj4-OnHpHHWhXjRvvw==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Mon, 17 Oct 2022 21:46:13 GMT
age: 73274
etag: "5ac8a79bf62ff1dda432036aacacbb69c853eabd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a291dbb-7f30-4ffb-8098-3b5f0093f379.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.8 kB (6836 bytes)
Hash
6e7fd6e50e59e93dd5329060ecbe7fef
1d89b8268579f42b0265df7b14f77930033b23fe
7c03b8ca2822417615d12bc133b199bb64ccdba10aa0656d1dc6843c6471b39d

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a291dbb-7f30-4ffb-8098-3b5f0093f379.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6836
x-amzn-requestid: ad5ca7f1-a21c-44d3-b419-dfa7cf868e12
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aKzQZHPFIAMFuig=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634dcc02-38b229432e2fbaa8779daa52;Sampled=0
x-amzn-remapped-date: Mon, 17 Oct 2022 21:41:22 GMT
x-amz-cf-pop: SEA73-P2, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: dUm6WGDUVTB3WOdPSILAuSAQFCxj5sNwu2pmzi_ax7mhbrj-_tdWQg==
via: 1.1 2a44ef7b9d28e74c78ffadeedcbb887c.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Mon, 17 Oct 2022 21:55:26 GMT
etag: "1d89b8268579f42b0265df7b14f77930033b23fe"
content-type: image/jpeg
age: 72721
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4e0224bc-3141-475c-88f3-48e2d36f204f.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.4 kB (6352 bytes)
Hash
ddd17c7d44a2e136710171f237ded665
577a22b126e54bfe0e4e4ce26b0fb866bc7fe007
b1327c4f33db5488ae49b1c2f7d5b49804d4245fd0bd92c41005b9045281f2a2

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4e0224bc-3141-475c-88f3-48e2d36f204f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6352
x-amzn-requestid: c0479303-34b2-45d8-b794-4b83003312ef
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aHjNXE81IAMFWaA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634c7f22-702cee0d437cbdc349efa2e8;Sampled=0
x-amzn-remapped-date: Sun, 16 Oct 2022 22:01:06 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: BAmcO20Ujqli3EGGQaTGlMbQ7VxPPQDgxv-qi3gsygBrZ0Z3tcZZuA==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 01147dcc35d57fc0238a3c1700c13f16.cloudfront.net (CloudFront), 1.1 google
date: Mon, 17 Oct 2022 22:34:39 GMT
age: 70368
etag: "577a22b126e54bfe0e4e4ce26b0fb866bc7fe007"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

13 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6ea4d5d-0df9-4cfe-a9fc-e70b8e32f8ef.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
13 kB (13261 bytes)
Hash
54edb9ab897821172fc13756df376ee7
2010f9656d87e6f5220f131628c537720c3673e1
6694c1be0adf97fa77d1bfa29337d9e609b729a58d42e141e9bb55ed6367b1d8

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6ea4d5d-0df9-4cfe-a9fc-e70b8e32f8ef.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 13261
x-amzn-requestid: dd760e09-701e-4956-9723-386edc97c694
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Z0fH6FzIoAMFzJg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6344deff-197cf4f048e146af5654d0bd;Sampled=0
x-amzn-remapped-date: Tue, 11 Oct 2022 03:11:59 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: N-Blz23OttwJC3PacLqAd2IBfJkfEMXm4D1rhNveLqCtHyFDD9OwZw==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 0d4ebcaa87ba94709def0eaac9371e5a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 18 Oct 2022 06:35:41 GMT
age: 41506
etag: "2010f9656d87e6f5220f131628c537720c3673e1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

13 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F12c82a90-f45d-4e0f-b73c-10a7abfd551e.png
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
13 kB (12891 bytes)
Hash
e74f4de677631204256431e010756dd9
698ac04247bc52f9b200138ccfb8bf6184f3582f
a578e99e57e22f5ad3f8aaf102d80e4a6a79aab92ae1be6efdcf0c67968d31e3

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F12c82a90-f45d-4e0f-b73c-10a7abfd551e.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12891
x-amzn-requestid: 57575612-3eaa-4979-b7e6-4eca29498e9c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aKyqfEkdIAMFvYQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634dcb0f-0cd3874a59496e6e2f685eab;Sampled=0
x-amzn-remapped-date: Mon, 17 Oct 2022 21:37:19 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: QxJbPi0RezvItuQg75q2OkJ7tj4YHN6SQJmA9kn5XJoZKlVLLAPcxA==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Mon, 17 Oct 2022 21:55:19 GMT
age: 72728
etag: "698ac04247bc52f9b200138ccfb8bf6184f3582f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3213a7c7-0ccd-4354-bd64-432d8cd565cd.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.2 kB (7205 bytes)
Hash
d5f3e230617c19df2161f174976caa0c
4bca04916f92c53d5f56d7553ac3677a9a14c085
b59139f61666eea62bca4ff5bb8bf36a0093f484d865f7e7c54ef94f3d31139c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3213a7c7-0ccd-4354-bd64-432d8cd565cd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7205
x-amzn-requestid: 4534c655-60a2-41bd-ac80-d60614921988
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aKyQxHD6oAMFbig=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634dca6b-1e32b5bf437ab9586a2175c5;Sampled=0
x-amzn-remapped-date: Mon, 17 Oct 2022 21:34:35 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 737UWQdimbxdQFU9ENL9K0RrqduTRQEkw0aiST-Reztl0DD5-oH87w==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Mon, 17 Oct 2022 22:08:27 GMT
age: 71940
etag: "4bca04916f92c53d5f56d7553ac3677a9a14c085"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

p274639.mybetterck.com/adServe/domainClick?ai=gNSPw4YcvsCApKkKBx7IDKUrKX10lhHUHgiA2ZuuCSc9-pN-296VwllkxBoAj0MJTGPXxfHUfZ4El3Kn0XLeN35SUSIt4s2nP0RWgXMK-vqdSxlVmFZU8_7b0smYQd2ZntvpDL1rWYdOIs3E02P7fdIIVSVCneJApX4VUjrnbzJC7lNHM8LVEzdmkZQqqBbUAbRBquoa7IilfhVSOudvMlSA3mTLCiXVKdetkfa9dXFVO4_EnqWIJX6SG4ly_InwZZnqzIvm-Gm-wHSK4m9oDiX-MgTUZasXT5xISGsNs7ESRyc3Q7-jufs31EvJ1VNOHxXMSdErUoadrNP9-AgE1Lh2c3kkE4JMhb_2mUAuQOK-BQzncPOfLSJmznl89uGV7wgFT-lh_qpuB6OXN_rsgcmEGqekUBiPh4EXwqOopbiWN55gOOCMJQ&ui=HFz5zNIIs96w8gbO8AoGVPmI0xR1wwxSMtxVOH8RecXTlPigIK4Gdu4ExpQZAyMwkS3RYD4Gcg7Bd_RDXEtLI97_COYpzBARmNyneEaZPo4OqPIHa2lA9Q&si=1&oref=84ef2119edfc4caf88ad2a67b54e36e5&optunit=9_-r1noDsLXygbLe8Gw8JQ&rb=4mwZSEUVHek&rr=4&abtg=0

108.168.193.189

302 Found

0 B

URL HTTP/2
p274639.mybetterck.com/adServe/domainClick?ai=gNSPw4YcvsCApKkKBx7IDKUrKX10lhHUHgiA2ZuuCSc9-pN-296VwllkxBoAj0MJTGPXxfHUfZ4El3Kn0XLeN35SUSIt4s2nP0RWgXMK-vqdSxlVmFZU8_7b0smYQd2ZntvpDL1rWYdOIs3E02P7fdIIVSVCneJApX4VUjrnbzJC7lNHM8LVEzdmkZQqqBbUAbRBquoa7IilfhVSOudvMlSA3mTLCiXVKdetkfa9dXFVO4_EnqWIJX6SG4ly_InwZZnqzIvm-Gm-wHSK4m9oDiX-MgTUZasXT5xISGsNs7ESRyc3Q7-jufs31EvJ1VNOHxXMSdErUoadrNP9-AgE1Lh2c3kkE4JMhb_2mUAuQOK-BQzncPOfLSJmznl89uGV7wgFT-lh_qpuB6OXN_rsgcmEGqekUBiPh4EXwqOopbiWN55gOOCMJQ&ui=HFz5zNIIs96w8gbO8AoGVPmI0xR1wwxSMtxVOH8RecXTlPigIK4Gdu4ExpQZAyMwkS3RYD4Gcg7Bd_RDXEtLI97_COYpzBARmNyneEaZPo4OqPIHa2lA9Q&si=1&oref=84ef2119edfc4caf88ad2a67b54e36e5&optunit=9_-r1noDsLXygbLe8Gw8JQ&rb=4mwZSEUVHek&rr=4&abtg=0
IP
108.168.193.189:0
ASN
#36351 SOFTLAYER

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /adServe/domainClick?ai=gNSPw4YcvsCApKkKBx7IDKUrKX10lhHUHgiA2ZuuCSc9-pN-296VwllkxBoAj0MJTGPXxfHUfZ4El3Kn0XLeN35SUSIt4s2nP0RWgXMK-vqdSxlVmFZU8_7b0smYQd2ZntvpDL1rWYdOIs3E02P7fdIIVSVCneJApX4VUjrnbzJC7lNHM8LVEzdmkZQqqBbUAbRBquoa7IilfhVSOudvMlSA3mTLCiXVKdetkfa9dXFVO4_EnqWIJX6SG4ly_InwZZnqzIvm-Gm-wHSK4m9oDiX-MgTUZasXT5xISGsNs7ESRyc3Q7-jufs31EvJ1VNOHxXMSdErUoadrNP9-AgE1Lh2c3kkE4JMhb_2mUAuQOK-BQzncPOfLSJmznl89uGV7wgFT-lh_qpuB6OXN_rsgcmEGqekUBiPh4EXwqOopbiWN55gOOCMJQ&ui=HFz5zNIIs96w8gbO8AoGVPmI0xR1wwxSMtxVOH8RecXTlPigIK4Gdu4ExpQZAyMwkS3RYD4Gcg7Bd_RDXEtLI97_COYpzBARmNyneEaZPo4OqPIHa2lA9Q&si=1&oref=84ef2119edfc4caf88ad2a67b54e36e5&optunit=9_-r1noDsLXygbLe8Gw8JQ&rb=4mwZSEUVHek&rr=4&abtg=0 HTTP/1.1
Host: p274639.mybetterck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://btpnative.com/
Connection: keep-alive
Cookie: rhid=81412752446
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 302 Found
server: nginx
date: Tue, 18 Oct 2022 18:07:27 GMT
content-length: 0
set-cookie: rhid=81412752446; Max-Age=15552000; Expires=Sun, 16-Apr-2023 18:07:27 GMT; Domain=mybetterck.com; Path=/; SameSite=None; secure;
loi=ad_490233_off_142374_aff_3322_cid_274639-578768606-WESTERNUP.INFO_ts_1666116447; Max-Age=3600; Expires=Tue, 18-Oct-2022 19:07:27 GMT; Domain=mybetterck.com; Path=/; SameSite=None; secure;
location: https://myfood.ltd/?v=20171031&s1=0
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (2)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (27)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

File type