Report - error.exteriorgraphicsdesign.com/ga/click/2-320805751-1626-14315-27951-25824-bec6bd6b1c-r2ea7524db

Report Overview

Submitted URL
error.exteriorgraphicsdesign.com/ga/click/2-320805751-1626-14315-27951-25824-bec6bd6b1c-r2ea7524db
IP
66.94.127.114
ASN
#40021 CONTABO
Submitted
2022-09-26 22:33:40
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
prstfreetrk.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	484 B	542 B	34.210.140.128
fast.wistia.net	8009	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	284 kB	151.101.86.110
embed-ssl.wistia.com	22795	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	445 B	39 kB	151.101.86.133
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	321 B	229 B	34.117.237.239
theprostatecurse.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	16 kB	482 kB	172.66.43.107
stats.g.doubleclick.net	96	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	601 B	715 B	64.233.162.155
www.google.no	25607	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	506 B	694 B	142.250.74.3
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	50 kB	34.120.237.76
www.iz8qatrk.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	463 B	807 B	34.102.147.100
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	329 B	737 B	93.184.220.29
ajax.googleapis.com	12905	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	384 B	32 kB	142.250.74.138
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.3 kB	3.5 kB	23.36.77.32
error.exteriorgraphicsdesign.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	417 B	734 B	66.94.127.114
ocsp2.globalsign.com	1544	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	690 B	3.8 kB	104.18.20.226
ocsp.sca1b.amazontrust.com	1015	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	676 B	1.9 kB	54.230.245.110
distillery.wistia.com	6708	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	434 B	164 B	44.197.44.53
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	758 B	2.7 kB	143.204.55.36
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.3 kB	7.0 kB	142.250.74.3
www.googletagmanager.com	75	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	374 B	45 kB	142.250.74.72
www.google-analytics.com	40	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	365 B	20 kB	142.250.74.174
embedwistia-a.akamaihd.net	8967	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.8 kB	3.9 MB	23.36.76.162
pipedream.wistia.com	6958	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	960 B	422 B	54.152.184.103
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594 B	127 B	34.216.192.228
prstfrtrk.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	660 B	1.1 kB	52.39.146.208
fast.wistia.com	5153	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	779 B	4.3 kB	151.101.86.110
www.google.com	7	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	507 B	694 B	142.250.74.164
go.maxweb.com	389866	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	519 B	566 B	172.66.40.143
ocsp.starfieldtech.com	6616	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	668 B	4.7 kB	192.124.249.23
mwquestion.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	508 B	629 B	172.67.193.9
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	5.8 kB	143.204.55.49

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-09-26	medium	error.exteriorgraphicsdesign.com/ga/click/2-320805751-1626-14315-27951-25824-bec6bd6b1c-r2ea7524db	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (11)

	URL	Size	First Seen	Last Seen
	theprostatecurse.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js	12 kB	2023-03-07	2024-04-19
Pretty URL theprostatecurse.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js IP 172.66.43.107 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:06 Last Seen2024-04-19 01:39:50 Times Seen42895 Hash 88a769d2fe35899fd45a332a0a032cc0 514c6c1d8475d17e412849a4c90159517d0fa10a ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142 Loading...

	theprostatecurse.com/research/?s1=434&s2=7552_sessid20220926223333218&s3=&s4=&crtv_id=2387&affId=68&c1=434&c3=131571764	298 B	2023-03-08	2023-07-16
Pretty URL theprostatecurse.com/research/?s1=434&s2=7552_sessid20220926223333218&s3=&s4=&crtv_id=2387&affId=68&c1=434&c3=131571764 IP 172.66.43.107 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 02:03:08 Last Seen2023-07-16 04:07:46 Times Seen3 Hash 59b6823f956819e38b9d9b365df520d0 dcce43ded509c949b5d44c9fb847875c35b31130 1f1154877f1e29f96d4afb2bd8b755b2c97fa28d0c18dcfd9c5aeb2683a729c5 Loading...

	ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js	90 kB	2023-03-07	2024-04-19
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js IP 142.250.74.138 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:13 Last Seen2024-04-19 02:09:35 Times Seen259737 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	unknown	0 B	2023-03-07	2024-04-19
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-19 02:20:20 Times Seen36951635 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	www.googletagmanager.com/gtm.js?id=GTM-W4CVTDK	114 kB	2023-03-08	2023-03-08
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-W4CVTDK IP 142.250.74.72 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 02:03:08 Last Seen2023-03-08 02:03:08 Times Seen1 Hash a8214245473d37d1507d2dddb56e175e 324e5a038e2e10fbc5f610a35e4d69d359fdcd90 3ad02a7c44d548d7edf9ac15e66502b26aa5b1401d164e1a863ef758bda45dc7 Loading...

	theprostatecurse.com/research/?s1=434&s2=7552_sessid20220926223333218&s3=&s4=&crtv_id=2387&affId=68&c1=434&c3=131571764	234 B	2023-03-08	2023-07-16
Pretty URL theprostatecurse.com/research/?s1=434&s2=7552_sessid20220926223333218&s3=&s4=&crtv_id=2387&affId=68&c1=434&c3=131571764 IP 172.66.43.107 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 02:03:08 Last Seen2023-07-16 04:07:46 Times Seen3 Hash 7c54f85f24a64e61a79ff17bc1791472 fdeca960253c553b0baca4fdab775da83b7074a7 0527b84d50764725225c4551e36b738f0299033e18b5a577db87878f61ded29d Loading...

	theprostatecurse.com/research/?s1=434&s2=7552_sessid20220926223333218&s3=&s4=&crtv_id=2387&affId=68&c1=434&c3=131571764	4.3 kB	2023-03-08	2023-03-11
Pretty URL theprostatecurse.com/research/?s1=434&s2=7552_sessid20220926223333218&s3=&s4=&crtv_id=2387&affId=68&c1=434&c3=131571764 IP 172.66.43.107 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 02:03:08 Last Seen2023-03-11 09:51:56 Times Seen1 Hash ca4a6735f27752e67dff1648b95ee253 c3e074b93feafe770454acb64c7563f62e1d9d24 c09072d982c45263b34a6c46d317b90b1cf895d888587643a7ac628f08403202 Loading...

	fast.wistia.com/embed/medias/zpgiy96yzn.jsonp	5.3 kB	2023-03-08	2023-03-08
Pretty URL fast.wistia.com/embed/medias/zpgiy96yzn.jsonp IP 151.101.86.110 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 02:03:08 Last Seen2023-03-08 02:03:08 Times Seen1 Hash 35aa70f34e006f327f2cf41b8a41da3d bd8bab263aeb28b024350d2d6af7bc0e140075ab cb725665a1690dc053370642b2d663fdd31d1841a8ef7540aa9d68c601d215d3 Loading...

	www.google-analytics.com/analytics.js	50 kB	2023-03-07	2024-01-06
Pretty URL www.google-analytics.com/analytics.js IP 142.250.74.174 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 18:05:31 Last Seen2024-01-06 17:39:53 Times Seen66 Hash 99ba52a15d2da967b023016d1af58cbd 5c2246049c43834d17113877b4731bd4f9803d55 9e25469f734732205f33dd80ff8ca12080406c18d2fa99a1f368103e51f7999f Loading...

	fast.wistia.net/assets/external/wistia-mux.js	130 kB	2023-03-07	2023-03-17
Pretty URL fast.wistia.net/assets/external/wistia-mux.js IP 151.101.86.110 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:40:42 Last Seen2023-03-17 12:48:05 Times Seen1 Hash 0e0d6ff9f01addad79a6def87a72614e b8607afb1cbd3bcc5f3e7b746d2ec7555cc27a17 8d62fd06d48f53842cf78650bbeba172db7a6a347a12821fb81a9d8efab6f00e Loading...

	fast.wistia.net/assets/external/playPauseLoadingControl.js	60 kB	2023-03-07	2023-03-10
Pretty URL fast.wistia.net/assets/external/playPauseLoadingControl.js IP 151.101.86.110 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:45:38 Last Seen2023-03-10 15:12:43 Times Seen1 Hash fbc8610e8705940b94a0a0e15d96fc7a 96768f3220fbd8280fe55dfeed547e2c343d12e3 1a9ad4d9f58e900864451d773178a3b5329654f2a5066a4a0508f06e0bf4890b Loading...

HTTP Transactions (84)

URL IP Response Size

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d2560f62890e75b8de444fed96c22f52
334ce0c48e606ee029f31eeb1463af87b1024bb9
4397e6b45b5822fbab9b83abe0b96ee70efba7cd2160b51936159865ede5fdb1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4397E6B45B5822FBAB9B83ABE0B96EE70EFBA7CD2160B51936159865EDE5FDB1"
Last-Modified: Sun, 25 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11274
Expires: Tue, 27 Sep 2022 01:41:23 GMT
Date: Mon, 26 Sep 2022 22:33:29 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

143.204.55.36

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
143.204.55.36:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Mon, 26 Sep 2022 22:15:24 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 f00e3524edcdf61801454f2bb21e71ce.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: EGFyWa-1RiwMVVH00lmOxYN6rQI-hKQ4z3O6g_aplN7wdl4gl_JM2w==
Age: 1085

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain

143.204.55.49

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP
143.204.55.49:0
ASN
#16509 AMAZON-02

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Mon, 26 Sep 2022 04:35:16 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 277d0e3af1ffdcb1ee40b7dc9f040146.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: wyL4RXvMfZUO1p7c7BbKNnVy8RZjcU26LWXUg-uhnO7Uly7ImRBmxQ==
age: 64694
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 26 Sep 2022 22:33:29 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

error.exteriorgraphicsdesign.com/ga/click/2-320805751-1626-14315-27951-25824-bec6bd6b1c-r2ea7524db

66.94.127.114

302 Found

120 B

URL HTTP/1.1
error.exteriorgraphicsdesign.com/ga/click/2-320805751-1626-14315-27951-25824-bec6bd6b1c-r2ea7524db
IP
66.94.127.114:0
ASN
#40021 CONTABO

File type
HTML document text\012- HTML document, ASCII text, with no line terminators
Size
120 B (120 bytes)
Hash
7940ac55967bf79c5ae020d33aeefd21
ed0f6b25d5603572acfd1f73f59133bf75478182
2a50a137febc23043c6b513aab30bd921f315043622fd9f246be22cca5a2b4eb

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /ga/click/2-320805751-1626-14315-27951-25824-bec6bd6b1c-r2ea7524db HTTP/1.1
Host: error.exteriorgraphicsdesign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 Found
Date: Mon, 26 Sep 2022 22:33:04 GMT
Server: Apache/2.4.51 (Unix) OpenSSL/1.0.2k-fips PHP/7.3.29
Status: 302 Found
X-Rack-Cache: miss
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-Request-Id: a94efc13e1ab638dd61d1768b32e6105
Location: https://www.iz8qatrk.com/9W598/63PMH4C/?sub1=XMcdddelw
X-UA-Compatible: IE=Edge,chrome=1
X-Runtime: 0.019994
Expires: Mon, 01 Jan 1990 00:00:00 GMT
X-Powered-By: Phusion Passenger(R) 6.0.9
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked

ocsp.starfieldtech.com/

192.124.249.23

200 OK

1.8 kB

URL HTTP/1.1
ocsp.starfieldtech.com/
IP
192.124.249.23:0
ASN
#30148 SUCURI-SEC

File type
data
Size
1.8 kB (1845 bytes)
Hash
37a306e0b2f29815839f351232eef473
2dce0feb5e36fb34fe5e4e61b3898ccf8342b83c
5efc8ef743a0f44c3292a49439ad931fae47fd62771170176caa9cc912c845f2

HTTP Headers

POST / HTTP/1.1
Host: ocsp.starfieldtech.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Mon, 26 Sep 2022 22:33:30 GMT
Content-Type: application/ocsp-response
Content-Length: 1845
Connection: keep-alive
X-Sucuri-ID: 19023
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Mon, 26 Sep 2022 21:26:04 GMT
Expires: Tue, 27 Sep 2022 21:26:04 GMT
ETag: "2dce0feb5e36fb34fe5e4e61b3898ccf8342b83c"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

143.204.55.36

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
143.204.55.36:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Mon, 26 Sep 2022 22:10:46 GMT
Expires: Mon, 26 Sep 2022 22:39:20 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 8e6dce34fd223e0c9d89fd938d1784a2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: nNfVdwx6gWtenAeOoH-ulJoue9Ui7DCSwOVBfAKmgGEuNSuKsVB4DQ==
Age: 1363

www.iz8qatrk.com/9W598/63PMH4C/?sub1=XMcdddelw

34.102.147.100

302 Found

130 B

URL HTTP/2
www.iz8qatrk.com/9W598/63PMH4C/?sub1=XMcdddelw
IP
34.102.147.100:0
ASN
#15169 GOOGLE

File type
HTML document, ASCII text
Size
130 B (130 bytes)
Hash
10751c097f3f9981be1e8b92e4ec32f3
d6674747a9c13048310e295fad78fe1174ae3f64
18df26ba683588d48d6926cb9685d6b351e0b7f2cae977335e6ff6105f65b76c

HTTP Headers

GET /9W598/63PMH4C/?sub1=XMcdddelw HTTP/1.1
Host: www.iz8qatrk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 302 Found
server: nginx
date: Mon, 26 Sep 2022 22:33:29 GMT
content-type: text/html; charset=utf-8
content-length: 130
location: https://mwquestion.com/7552/434/2/?subid=7&subid2=9ab5e82d318445019a9f7a09fa37e460&subid3=XMcdddelw
set-cookie: uniqueClick_63PMH4C=1bdb6ce4-6ad3-4387-afba-41bbb24f88a8:1664231609; Path=/; Expires=Wed, 26 Oct 2022 22:33:29 GMT; Secure; SameSite=None
transaction_id=9ab5e82d318445019a9f7a09fa37e460; Path=/; Expires=Sun, 25 Dec 2022 22:33:29 GMT; Secure; SameSite=None
vary: Origin
x-eflow-request-id: eb748397-8754-4590-a631-4e5d7e0bab85
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
5adb7eb1d103eadeeafac36e663ffdd3
23b784388dd634fa736cd60aed71570661e73d02
5c95ba48bc342887b4f7ef697bd4def50f6f2f472f654169179e5ac44df883d9

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5979
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 22:33:29 GMT
Last-Modified: Mon, 26 Sep 2022 20:53:50 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471

ocsp.starfieldtech.com/

192.124.249.23

200 OK

1.8 kB

URL HTTP/1.1
ocsp.starfieldtech.com/
IP
192.124.249.23:0
ASN
#30148 SUCURI-SEC

File type
data
Size
1.8 kB (1845 bytes)
Hash
37a306e0b2f29815839f351232eef473
2dce0feb5e36fb34fe5e4e61b3898ccf8342b83c
5efc8ef743a0f44c3292a49439ad931fae47fd62771170176caa9cc912c845f2

HTTP Headers

POST / HTTP/1.1
Host: ocsp.starfieldtech.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Mon, 26 Sep 2022 22:33:30 GMT
Content-Type: application/ocsp-response
Content-Length: 1845
Connection: keep-alive
X-Sucuri-ID: 19023
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Mon, 26 Sep 2022 21:26:04 GMT
Expires: Tue, 27 Sep 2022 21:26:04 GMT
ETag: "2dce0feb5e36fb34fe5e4e61b3898ccf8342b83c"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"

push.services.mozilla.com/

34.216.192.228

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
34.216.192.228:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 1Q88Uq0fOeCsh03/YOV1OQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Oe2YcBKVxfLoOMOcrMYggaemewY=

ocsp2.globalsign.com/gsalphasha2g2

104.18.20.226

200 OK

1.4 kB

URL HTTP/1.1
ocsp2.globalsign.com/gsalphasha2g2
IP
104.18.20.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.4 kB (1423 bytes)
Hash
4ae55f515989c535e66d6007ed7bfdf0
74b887bd6691842d3186b57b1e882c9aa8975e3a
0ac64c142fd54cd0f648318e6e41c3475bacef5c2322d5b73bf21d567ee218a8

HTTP Headers

POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 26 Sep 2022 22:33:31 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Fri, 30 Sep 2022 22:33:29 GMT
ETag: "74b887bd6691842d3186b57b1e882c9aa8975e3a"
Last-Modified: Mon, 26 Sep 2022 22:33:30 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: MISS
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 750f762f9f3eb51d-OSL

prstfreetrk.com/?a=68&c=2387&s2=7552_sessid20220926223333218&s1=434

34.210.140.128

302 Found

251 B

URL HTTP/1.1
prstfreetrk.com/?a=68&c=2387&s2=7552_sessid20220926223333218&s1=434
IP
34.210.140.128:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
251 B (251 bytes)
Hash
b1585b01f1ed6d1763e31c28f5a8118d
35a8a383871998357140d6a9f7fba23b6798f380
3b500391a8dab97491d0a062c84094387eff38bbad61c6ee30934643e0e360a9

HTTP Headers

GET /?a=68&c=2387&s2=7552_sessid20220926223333218&s1=434 HTTP/1.1
Host: prstfreetrk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/1.1 302 Found
Cache-Control: private
Content-Length: 251
Content-Type: text/html; charset=utf-8
Date: Mon, 26 Sep 2022 22:33:31 GMT
Location: https://prstfrtrk.com/?a=68&c=2387&s2=7552_sessid20220926223333218&s1=434&ckmguid=4a085c46-d374-490a-9cac-10dea21307b2
Connection: close

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
639785692dc29802e484e1e1d0ec86c4
cf81784351ce6302f540f491f893b44496809677
0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3467
Expires: Mon, 26 Sep 2022 23:31:18 GMT
Date: Mon, 26 Sep 2022 22:33:31 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
639785692dc29802e484e1e1d0ec86c4
cf81784351ce6302f540f491f893b44496809677
0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3467
Expires: Mon, 26 Sep 2022 23:31:18 GMT
Date: Mon, 26 Sep 2022 22:33:31 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
639785692dc29802e484e1e1d0ec86c4
cf81784351ce6302f540f491f893b44496809677
0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3467
Expires: Mon, 26 Sep 2022 23:31:18 GMT
Date: Mon, 26 Sep 2022 22:33:31 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc40a8f8a-3bc7-4223-a676-6960af975ebc.jpeg

34.120.237.76

200 OK

6.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc40a8f8a-3bc7-4223-a676-6960af975ebc.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.6 kB (6628 bytes)
Hash
3d478b7bea64d1a5998967c0a665e6be
b078452d30703ea98ad4a7f7fd411b3e2a42ee71
24158d741732109ae2be7314205ac35f4c8b29785876f2785e8bb0ea906762b0

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc40a8f8a-3bc7-4223-a676-6960af975ebc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6628
x-amzn-requestid: 1f0e95f2-d860-422f-80ad-96c6e7c941c1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yv1vvHIaoAMFV4A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63296997-5746c99d78e025945cfdd238;Sampled=0
x-amzn-remapped-date: Tue, 20 Sep 2022 07:19:51 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 9-6jF5OoUb2I2HBasyNXBZC-L6rF1VINmgoBFZMuJ9eNelzkS-8BDQ==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 5397b304713f6301c7c94ac084b6ed08.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 22:08:24 GMT
age: 1507
etag: "b078452d30703ea98ad4a7f7fd411b3e2a42ee71"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe1205d7e-1174-4788-b080-6eefdcf33480.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.8 kB (6836 bytes)
Hash
08590e33d7c8ebc6360d1d631f29178d
b37a39808c82e85f1860a48b3f451ef8d172a336
393c2c891699d1c47cb9d73412229624bdb3cc10cc0b509d8ec582d2c9a97aa1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe1205d7e-1174-4788-b080-6eefdcf33480.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6836
x-amzn-requestid: 64bb0de3-8ea1-42eb-9f09-8ec659ee9298
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZFkrdFptoAMFmlA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63321b15-241d20bc25e670e12ff634cf;Sampled=0
x-amzn-remapped-date: Mon, 26 Sep 2022 21:35:17 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: kYeh01s4UsRIkT9ASt--Gs5uUHPNIMrkY8eypOkjopOXBh4iwOshFw==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 e80693c02cfdfd081110512210d57840.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 21:51:13 GMT
etag: "b37a39808c82e85f1860a48b3f451ef8d172a336"
content-type: image/jpeg
age: 2538
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5bf02f4e-91c0-455b-8378-5eae82174db7.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.7 kB (9737 bytes)
Hash
3140ec95f33c36599de95b25cdade940
932c74fa24b61ee1b1c672b6c19b1e736caab8d3
f7488246ca75fddc504812f4c5944a5a2494cdb14b6ef1db5fb28beca5cff194

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5bf02f4e-91c0-455b-8378-5eae82174db7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9737
x-amzn-requestid: aec3c3e9-42e5-4de5-8882-118002369ef8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZFkreGJxoAMF-oA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63321b16-527ccd70654c22891262279d;Sampled=0
x-amzn-remapped-date: Mon, 26 Sep 2022 21:35:18 GMT
x-amz-cf-pop: SFO5-P2, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: Ukn4d6yPeJJHN5trYK3xbhik2pX41zHki3nG5r6fCzQgm3vYw5lhAA==
via: 1.1 946b9edb2009c5508a0fbbd636f95014.cloudfront.net (CloudFront), 1.1 2ab6211e66998c8b58132661a7e3cade.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 21:43:16 GMT
age: 3015
etag: "932c74fa24b61ee1b1c672b6c19b1e736caab8d3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F06b0646c-a8d3-4b51-ba84-a3c3dff2883c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.1 kB (7128 bytes)
Hash
4197a8a505b360b0c43142faf8cb7f48
4dbd2da7f7c45a97e3f6f6544ed428e892227cc3
434039a91ec37c8ff827c78f7613aa4f6416ded182b01140048a52654a2de4ce

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F06b0646c-a8d3-4b51-ba84-a3c3dff2883c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7128
x-amzn-requestid: 5806782b-498e-427b-be73-a94695e3cacf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZFlPfFn4IAMFwMg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63321bfc-07a420d631e463286c1dafa0;Sampled=0
x-amzn-remapped-date: Mon, 26 Sep 2022 21:39:08 GMT
x-amz-cf-pop: SFO5-P2, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: dVs6mb-XGvvd4DXu8yFwO11iheR3QU3O3jFpxjcHZnWCc6jlXpx0Rg==
via: 1.1 6c90b631453c435bd0022caa657b67e8.cloudfront.net (CloudFront), 1.1 cd858042f70b416ca05e042acf3908a4.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 21:51:54 GMT
age: 2497
etag: "4dbd2da7f7c45a97e3f6f6544ed428e892227cc3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5d8a8cc8-8c9a-4305-bb96-a248c5e44655.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.7 kB (8657 bytes)
Hash
f1af609199093985d73fd1d256482c12
a54f3f4af645c1c93299360bc7dcf06bbae8de81
047e15a2d3ea5b7d1f3d22cdac2ac0446c6267c99deb0b12576366088d29d5b3

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5d8a8cc8-8c9a-4305-bb96-a248c5e44655.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8657
x-amzn-requestid: 172be66b-6140-4ff6-a061-22d177e75c23
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YtlXZGujoAMF2vQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63288295-6f74795f2b26d54409b2f388;Sampled=0
x-amzn-remapped-date: Mon, 19 Sep 2022 14:54:13 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: RCHPkVe_BYTR3-jGiJZ6reK2ZNYa6rvqsK0_QZr0cTiR70JMRPSMuw==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 22:02:04 GMT
age: 1887
etag: "a54f3f4af645c1c93299360bc7dcf06bbae8de81"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8342bc11-d95e-4085-a7ca-d421aba94a91.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.6 kB (4573 bytes)
Hash
efaaa002eb6251769ea6dbf306ced3a1
9f99fa947a603fd6b10ff149e379cd04ad83d27a
238e0ca1aa29223416c34ef2dfcc6570c00e27a98991d91efc16e9bc4083c197

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8342bc11-d95e-4085-a7ca-d421aba94a91.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4573
x-amzn-requestid: ff35a66a-caf2-4ff4-b850-01a584fc2aa0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yv1B8FzLIAMFSPw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63296872-5b4a410a2827baf5598d58e7;Sampled=0
x-amzn-remapped-date: Tue, 20 Sep 2022 07:14:58 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: NFjYOqhUeb3yyjMNWpoBNq_xcsX3wXvc3-rqJt4cGbJXY9Sxr5KpDA==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 5954c6394458ffb44c970b3819d7ff2a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 15:29:19 GMT
age: 25452
etag: "9f99fa947a603fd6b10ff149e379cd04ad83d27a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp2.globalsign.com/gsalphasha2g2

104.18.20.226

200 OK

1.4 kB

URL HTTP/1.1
ocsp2.globalsign.com/gsalphasha2g2
IP
104.18.20.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.4 kB (1423 bytes)
Hash
d521900a3b6b4a628dfad1736c73f536
caa1a1fb24e9d7667b48d76917bd9291604f4c9c
bfd51afafc1031144de4095e34cc814db5c33fc68c5048e4f0665db093f11d7a

HTTP Headers

POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 26 Sep 2022 22:33:31 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Fri, 30 Sep 2022 22:22:39 GMT
ETag: "caa1a1fb24e9d7667b48d76917bd9291604f4c9c"
Last-Modified: Mon, 26 Sep 2022 22:22:40 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 651
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 750f76344c62b51d-OSL

prstfrtrk.com/?a=68&c=2387&s2=7552_sessid20220926223333218&s1=434&ckmguid=4a085c46-d374-490a-9cac-10dea21307b2

52.39.146.208

302 Found

272 B

URL HTTP/1.1
prstfrtrk.com/?a=68&c=2387&s2=7552_sessid20220926223333218&s1=434&ckmguid=4a085c46-d374-490a-9cac-10dea21307b2
IP
52.39.146.208:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
272 B (272 bytes)
Hash
642264fd61e2b48d9ae06b76b50ba7c5
7167541edc3da284aeae8c0083ee119a491da5da
22ee93932103f9e9916b78a277d0ff1ef15468a2f909d09f0f697426d8ffce2d

HTTP Headers

GET /?a=68&c=2387&s2=7552_sessid20220926223333218&s1=434&ckmguid=4a085c46-d374-490a-9cac-10dea21307b2 HTTP/1.1
Host: prstfrtrk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: trk=zWhSSUczfa3OeVWqb3k7NgXxL+MKIQ16EiX52VgH9kOk1cgCXJzFDA==; c141=3R5A7PFm1qUwSY5aOaqkPifZwGwL6NK1+T8ZqkYqnIa+vyfYDwaiRg==
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/1.1 302 Found
Cache-Control: private
Content-Length: 272
Content-Type: text/html; charset=utf-8
Date: Mon, 26 Sep 2022 22:33:31 GMT
Location: https://theprostatecurse.com/research/?s1=434&s2=7552_sessid20220926223333218&s3=&s4=&crtv_id=2387&affId=68&c1=434&c3=131571764
P3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: sid=ifFC0cWMHyg7nbzEwJlsKa1QiodA2pFELdjeYTffuSP6ZYCP6069Yg==; domain=.prstfrtrk.com; path=/; SameSite=None; secure; HttpOnly
trk=/tX76o5/cnTOeVWqb3k7NgDp8rmnEdANEpF+HOMs+nn57dYnZ+aSrg==; domain=.prstfrtrk.com; expires=Thu, 26-Sep-2024 22:33:31 GMT; path=/; SameSite=None; secure; HttpOnly
c141=ifFC0cWMHyijCCv5NnAECbKYNoxIwXI/+T8ZqkYqnIa+vyfYDwaiRg==; domain=.prstfrtrk.com; expires=Wed, 26-Oct-2022 22:33:31 GMT; path=/; SameSite=None; secure; HttpOnly
Connection: close

ocsp.pki.goog/s/gts1p5/SX_GKWsBYcU

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1p5/SX_GKWsBYcU
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
1a0c38303d967bb65b3f744819c7382b
0367bdceda4d3db195be9d0b597f096baacba508
c60f15d6e8ae1f63be1f312dd72e48ed6cfdda4fd1f3e0ad9b921296595b3243

HTTP Headers

POST /s/gts1p5/SX_GKWsBYcU HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 22:33:31 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

theprostatecurse.com/imgs/progressbar.gif

172.66.43.107

200 OK

7.9 kB

URL HTTP/2
theprostatecurse.com/imgs/progressbar.gif
IP
172.66.43.107:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image\012- data
Size
7.9 kB (7908 bytes)
Hash
9ce981dd6cf1482d6c887c0c29f32f8c
81835fea99e551aa90c05c845520707b8327f4b7
43f4f8776afc1bec39e9f79b1db8b68206a2f2597476d6b63798d71557c185a8

HTTP Headers

GET /imgs/progressbar.gif HTTP/1.1
Host: theprostatecurse.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://theprostatecurse.com/research/?s1=434&s2=7552_sessid20220926223333218&s3=&s4=&crtv_id=2387&affId=68&c1=434&c3=131571764
Cookie: _ga=GA1.2.1849269257.1664226756; _gid=GA1.2.1729124119.1664226756; PHPSESSID=4aa7935a9ab2b2b1a97909ae51774a3a
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 26 Sep 2022 22:33:32 GMT
content-type: image/webp
content-length: 7908
cf-bgj: imgq:85,h2pri
cf-polished: origFmt=gif, origSize=10819
content-disposition: inline; filename="progressbar.webp"
last-modified: Fri, 29 Jul 2022 14:49:47 GMT
vary: Accept
cache-control: max-age=14400
cf-cache-status: HIT
age: 4856
accept-ranges: bytes
server: cloudflare
cf-ray: 750f7638ead00b45-OSL
X-Firefox-Spdy: h2

theprostatecurse.com/research/imgs/_screenPF.jpg

172.66.43.107

200 OK

41 kB

URL HTTP/2
theprostatecurse.com/research/imgs/_screenPF.jpg
IP
172.66.43.107:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 896x504, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
41 kB (41032 bytes)
Hash
35656c22266e4d8689f7c19d61fb2990
e40de118372af419a73809c08a66bc88ceeb9340
e7a811fece8ab98d344c6c5604a2564f7fe2f0f0a2aba7ca9da144544d9bd437

HTTP Headers

GET /research/imgs/_screenPF.jpg HTTP/1.1
Host: theprostatecurse.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://theprostatecurse.com/research/?s1=434&s2=7552_sessid20220926223333218&s3=&s4=&crtv_id=2387&affId=68&c1=434&c3=131571764
Cookie: looked=yes; _ga=GA1.2.1849269257.1664226756; _gid=GA1.2.1729124119.1664226756; PHPSESSID=4aa7935a9ab2b2b1a97909ae51774a3a
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 26 Sep 2022 22:33:32 GMT
content-type: image/webp
content-length: 41032
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=61567
content-disposition: inline; filename="_screenPF.webp"
last-modified: Wed, 24 Aug 2022 12:46:40 GMT
vary: Accept
cache-control: max-age=14400
cf-cache-status: HIT
age: 4856
accept-ranges: bytes
server: cloudflare
cf-ray: 750f7638ead10b45-OSL
X-Firefox-Spdy: h2

theprostatecurse.com/research/imgs/product1.png

172.66.43.107

200 OK

6.8 kB

URL HTTP/2
theprostatecurse.com/research/imgs/product1.png
IP
172.66.43.107:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image\012- data
Size
6.8 kB (6752 bytes)
Hash
6bbf16eb564b922bbc3717842cf2ee11
a2e00642f34fd9c571ed2f7da0f5ac993f58daac
40fd66db724554efab7f1903af691342dabc159a9b17ae42844c6db5ae08c7be

HTTP Headers

GET /research/imgs/product1.png HTTP/1.1
Host: theprostatecurse.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://theprostatecurse.com/research/?s1=434&s2=7552_sessid20220926223333218&s3=&s4=&crtv_id=2387&affId=68&c1=434&c3=131571764
Cookie: looked=yes; _ga=GA1.2.1849269257.1664226756; _gid=GA1.2.1729124119.1664226756; PHPSESSID=4aa7935a9ab2b2b1a97909ae51774a3a
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 26 Sep 2022 22:33:32 GMT
content-type: image/webp
content-length: 6752
cf-bgj: imgq:85,h2pri
cf-polished: origFmt=png, origSize=7147
content-disposition: inline; filename="product1.webp"
last-modified: Fri, 29 Jul 2022 14:48:07 GMT
vary: Accept
cache-control: max-age=14400
cf-cache-status: HIT
age: 4856
accept-ranges: bytes
server: cloudflare
cf-ray: 750f7638ead20b45-OSL
X-Firefox-Spdy: h2

theprostatecurse.com/research/imgs/cta-btn.png

172.66.43.107

200 OK

2.1 kB

URL HTTP/2
theprostatecurse.com/research/imgs/cta-btn.png
IP
172.66.43.107:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image\012- data
Size
2.1 kB (2064 bytes)
Hash
eee62eab078856d6d4660487cb319603
02b6b4376ad3a5eca179cd580c5ceba5df70b87f
1d08f6e910e93ba795015492d03f538024b02a5e1c4cba0a9e63f8a3577883c1

HTTP Headers

GET /research/imgs/cta-btn.png HTTP/1.1
Host: theprostatecurse.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://theprostatecurse.com/research/?s1=434&s2=7552_sessid20220926223333218&s3=&s4=&crtv_id=2387&affId=68&c1=434&c3=131571764
Cookie: looked=yes; _ga=GA1.2.1849269257.1664226756; _gid=GA1.2.1729124119.1664226756; PHPSESSID=4aa7935a9ab2b2b1a97909ae51774a3a
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 26 Sep 2022 22:33:32 GMT
content-type: image/webp
content-length: 2064
cf-bgj: imgq:85,h2pri
cf-polished: origFmt=png, origSize=2387
content-disposition: inline; filename="cta-btn.webp"
last-modified: Fri, 29 Jul 2022 14:48:01 GMT
vary: Accept
cache-control: max-age=14400
cf-cache-status: HIT
age: 4856
accept-ranges: bytes
server: cloudflare
cf-ray: 750f7638fad30b45-OSL
X-Firefox-Spdy: h2

theprostatecurse.com/research/imgs/product6.png

172.66.43.107

200 OK

19 kB

URL HTTP/2
theprostatecurse.com/research/imgs/product6.png
IP
172.66.43.107:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image\012- data
Size
19 kB (19310 bytes)
Hash
362bcd184f9dda00d707842e96602ce7
ea0c05df3c8a9e5e8a94b59a23081dcee7bbf0cf
502959ffbd3b102e1e89331121350d834e0339f0e8e0549435d78f5cd5108846

HTTP Headers

GET /research/imgs/product6.png HTTP/1.1
Host: theprostatecurse.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://theprostatecurse.com/research/?s1=434&s2=7552_sessid20220926223333218&s3=&s4=&crtv_id=2387&affId=68&c1=434&c3=131571764
Cookie: looked=yes; _ga=GA1.2.1849269257.1664226756; _gid=GA1.2.1729124119.1664226756; PHPSESSID=4aa7935a9ab2b2b1a97909ae51774a3a
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 26 Sep 2022 22:33:32 GMT
content-type: image/webp
content-length: 19310
cf-bgj: imgq:85,h2pri
cf-polished: origFmt=png, origSize=19810
content-disposition: inline; filename="product6.webp"
last-modified: Fri, 29 Jul 2022 14:48:07 GMT
vary: Accept
cache-control: max-age=14400
cf-cache-status: HIT
age: 4856
accept-ranges: bytes
server: cloudflare
cf-ray: 750f7638fad50b45-OSL
X-Firefox-Spdy: h2

theprostatecurse.com/research/imgs/product3.png

172.66.43.107

200 OK

17 kB

URL HTTP/2
theprostatecurse.com/research/imgs/product3.png
IP
172.66.43.107:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image\012- data
Size
17 kB (16858 bytes)
Hash
88aa9d4db73931135599fce074d75ef5
ba7130fdf3136ee377b484015add315050cc9eeb
6a0b433282a8c9d9229a6659f0643dce2c617469776599478117541786181bff

HTTP Headers

GET /research/imgs/product3.png HTTP/1.1
Host: theprostatecurse.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://theprostatecurse.com/research/?s1=434&s2=7552_sessid20220926223333218&s3=&s4=&crtv_id=2387&affId=68&c1=434&c3=131571764
Cookie: looked=yes; _ga=GA1.2.1849269257.1664226756; _gid=GA1.2.1729124119.1664226756; PHPSESSID=4aa7935a9ab2b2b1a97909ae51774a3a
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 26 Sep 2022 22:33:32 GMT
content-type: image/webp
content-length: 16858
cf-bgj: imgq:85,h2pri
cf-polished: origFmt=png, origSize=17136
content-disposition: inline; filename="product3.webp"
last-modified: Fri, 29 Jul 2022 14:48:07 GMT
vary: Accept
cache-control: max-age=14400
cf-cache-status: HIT
age: 4856
accept-ranges: bytes
server: cloudflare
cf-ray: 750f7638fad70b45-OSL
X-Firefox-Spdy: h2

theprostatecurse.com/research/imgs/cards3.png

172.66.43.107

200 OK

2.7 kB

URL HTTP/2
theprostatecurse.com/research/imgs/cards3.png
IP
172.66.43.107:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image\012- data
Size
2.7 kB (2662 bytes)
Hash
6721a3677d9da2ddb6634f2964bb9d08
09c58b238ed935f25a911d2a3412a1bd79342cc9
b87cbef63d0c5f629562463b02076993d6bac974ed0bc15397f04f76a330146b

HTTP Headers

GET /research/imgs/cards3.png HTTP/1.1
Host: theprostatecurse.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://theprostatecurse.com/research/?s1=434&s2=7552_sessid20220926223333218&s3=&s4=&crtv_id=2387&affId=68&c1=434&c3=131571764
Cookie: looked=yes; _ga=GA1.2.1849269257.1664226756; _gid=GA1.2.1729124119.1664226756; PHPSESSID=4aa7935a9ab2b2b1a97909ae51774a3a
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 26 Sep 2022 22:33:32 GMT
content-type: image/webp
content-length: 2662
cf-bgj: imgq:85,h2pri
cf-polished: origFmt=png, origSize=2954
content-disposition: inline; filename="cards3.webp"
last-modified: Fri, 29 Jul 2022 14:48:00 GMT
vary: Accept
cache-control: max-age=14400
cf-cache-status: HIT
age: 662
accept-ranges: bytes
server: cloudflare
cf-ray: 750f7638fad40b45-OSL
X-Firefox-Spdy: h2

theprostatecurse.com/research/imgs/stars-rating-v1.png

172.66.43.107

200 OK

928 B

URL HTTP/2
theprostatecurse.com/research/imgs/stars-rating-v1.png
IP
172.66.43.107:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image\012- data
Size
928 B (928 bytes)
Hash
326664a0ad80ed37a3d43b2004611aa3
9ca8850e8d45c25399c1d9ca42a14e9dd4451965
94456f4710a41f0fcccd3d83e22bd51328a6067b154abbbd0208038300c42161

HTTP Headers

GET /research/imgs/stars-rating-v1.png HTTP/1.1
Host: theprostatecurse.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://theprostatecurse.com/research/?s1=434&s2=7552_sessid20220926223333218&s3=&s4=&crtv_id=2387&affId=68&c1=434&c3=131571764
Cookie: looked=yes; _ga=GA1.2.1849269257.1664226756; _gid=GA1.2.1729124119.1664226756; PHPSESSID=4aa7935a9ab2b2b1a97909ae51774a3a
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 26 Sep 2022 22:33:32 GMT
content-type: image/webp
content-length: 928
cf-bgj: imgq:85,h2pri
cf-polished: origFmt=png, origSize=1070
content-disposition: inline; filename="stars-rating-v1.webp"
last-modified: Fri, 29 Jul 2022 14:48:11 GMT
vary: Accept
cache-control: max-age=14400
cf-cache-status: HIT
age: 4856
accept-ranges: bytes
server: cloudflare
cf-ray: 750f7638fad90b45-OSL
X-Firefox-Spdy: h2

theprostatecurse.com/research/imgs/guar-bages.png

172.66.43.107

200 OK

16 kB

URL HTTP/2
theprostatecurse.com/research/imgs/guar-bages.png
IP
172.66.43.107:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image\012- data
Size
16 kB (15746 bytes)
Hash
c1331b164fa7bfac30e572f0e0e46aba
dec7c6d658ffb67c498e5f7f104e9384ca958bdf
d23659c0bdf4003d9fb9cd025bfe993542d07f35f953c72e538e5bacd901eff0

HTTP Headers

GET /research/imgs/guar-bages.png HTTP/1.1
Host: theprostatecurse.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://theprostatecurse.com/research/?s1=434&s2=7552_sessid20220926223333218&s3=&s4=&crtv_id=2387&affId=68&c1=434&c3=131571764
Cookie: looked=yes; _ga=GA1.2.1849269257.1664226756; _gid=GA1.2.1729124119.1664226756; PHPSESSID=4aa7935a9ab2b2b1a97909ae51774a3a
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 26 Sep 2022 22:33:32 GMT
content-type: image/webp
content-length: 15746
cf-bgj: imgq:85,h2pri
cf-polished: origFmt=png, origSize=17842
content-disposition: inline; filename="guar-bages.webp"
last-modified: Fri, 29 Jul 2022 14:48:02 GMT
vary: Accept
cache-control: max-age=14400
cf-cache-status: HIT
age: 4856
accept-ranges: bytes
server: cloudflare
cf-ray: 750f7638fae00b45-OSL
X-Firefox-Spdy: h2

theprostatecurse.com/research/imgs/seal1.png

172.66.43.107

200 OK

15 kB

URL HTTP/2
theprostatecurse.com/research/imgs/seal1.png
IP
172.66.43.107:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image\012- data
Size
15 kB (14838 bytes)
Hash
7a3fec56d6bb502bc2679e20b1debcc0
a848705cd983685061a5d0aeec5215470487d220
33177cc7011dcc3acc18800478839d09f63c6928d196f25d4cefac821cc3754d

HTTP Headers

GET /research/imgs/seal1.png HTTP/1.1
Host: theprostatecurse.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://theprostatecurse.com/research/?s1=434&s2=7552_sessid20220926223333218&s3=&s4=&crtv_id=2387&affId=68&c1=434&c3=131571764
Cookie: looked=yes; _ga=GA1.2.1849269257.1664226756; _gid=GA1.2.1729124119.1664226756; PHPSESSID=4aa7935a9ab2b2b1a97909ae51774a3a
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 26 Sep 2022 22:33:32 GMT
content-type: image/webp
content-length: 14838
cf-bgj: imgq:85,h2pri
cf-polished: origFmt=png, origSize=15326
content-disposition: inline; filename="seal1.webp"
last-modified: Fri, 29 Jul 2022 14:48:10 GMT
vary: Accept
cache-control: max-age=14400
cf-cache-status: HIT
age: 662
accept-ranges: bytes
server: cloudflare
cf-ray: 750f7638fadf0b45-OSL
X-Firefox-Spdy: h2

theprostatecurse.com/research/imgs/bonus-prod1.png

172.66.43.107

200 OK

26 kB

URL HTTP/2
theprostatecurse.com/research/imgs/bonus-prod1.png
IP
172.66.43.107:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image\012- data
Size
26 kB (25914 bytes)
Hash
35b0dc05cba4c9744c6ea440867f7679
79b4e253132720ce91d40dc7ddaacf1dd02578e0
c18a89c63efa63797fa1d83cbba48155f63b104326303c9a9ed43ea3fceb5a4e

HTTP Headers

GET /research/imgs/bonus-prod1.png HTTP/1.1
Host: theprostatecurse.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://theprostatecurse.com/research/?s1=434&s2=7552_sessid20220926223333218&s3=&s4=&crtv_id=2387&affId=68&c1=434&c3=131571764
Cookie: looked=yes; _ga=GA1.2.1849269257.1664226756; _gid=GA1.2.1729124119.1664226756; PHPSESSID=4aa7935a9ab2b2b1a97909ae51774a3a
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 26 Sep 2022 22:33:32 GMT
content-type: image/webp
content-length: 25914
cf-bgj: imgq:85,h2pri
cf-polished: origFmt=png, origSize=28232
content-disposition: inline; filename="bonus-prod1.webp"
last-modified: Fri, 29 Jul 2022 14:47:59 GMT
vary: Accept
cache-control: max-age=14400
cf-cache-status: HIT
age: 4856
accept-ranges: bytes
server: cloudflare
cf-ray: 750f76390aea0b45-OSL
X-Firefox-Spdy: h2

theprostatecurse.com/research/imgs/bonus-prod2.png

172.66.43.107

200 OK

68 kB

URL HTTP/2
theprostatecurse.com/research/imgs/bonus-prod2.png
IP
172.66.43.107:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image\012- data
Size
68 kB (67512 bytes)
Hash
c8065e52fd4c6ed090c414622920edf2
5d8938ee6a9f8ae0dfc5a6216c100cc75025368b
8d26631f910c2337fbfbcb32985ce090688a1ad9a346d717bb68e60161af7ad5

HTTP Headers

GET /research/imgs/bonus-prod2.png HTTP/1.1
Host: theprostatecurse.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://theprostatecurse.com/research/?s1=434&s2=7552_sessid20220926223333218&s3=&s4=&crtv_id=2387&affId=68&c1=434&c3=131571764
Cookie: looked=yes; _ga=GA1.2.1849269257.1664226756; _gid=GA1.2.1729124119.1664226756; PHPSESSID=4aa7935a9ab2b2b1a97909ae51774a3a
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 26 Sep 2022 22:33:32 GMT
content-type: image/webp
content-length: 67512
cf-bgj: imgq:85,h2pri
cf-polished: origFmt=png, origSize=72509
content-disposition: inline; filename="bonus-prod2.webp"
last-modified: Fri, 29 Jul 2022 14:48:00 GMT
vary: Accept
cache-control: max-age=14400
cf-cache-status: HIT
age: 4856
accept-ranges: bytes
server: cloudflare
cf-ray: 750f76390aeb0b45-OSL
X-Firefox-Spdy: h2

theprostatecurse.com/research/imgs/shipping-icon.png

172.66.43.107

200 OK

1.2 kB

URL HTTP/2
theprostatecurse.com/research/imgs/shipping-icon.png
IP
172.66.43.107:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image\012- data
Size
1.2 kB (1182 bytes)
Hash
b04e5ea534505d170e447db759fb6577
8fb026ec5ba0e2d197a981b3dfa7591d4808b1b1
6bf0a5e79c679fe916f5eb0ea8499eb116ec7cabec30eb3130f5e30a7073cb70

HTTP Headers

GET /research/imgs/shipping-icon.png HTTP/1.1
Host: theprostatecurse.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://theprostatecurse.com/research/?s1=434&s2=7552_sessid20220926223333218&s3=&s4=&crtv_id=2387&affId=68&c1=434&c3=131571764
Cookie: looked=yes; _ga=GA1.2.1849269257.1664226756; _gid=GA1.2.1729124119.1664226756; PHPSESSID=4aa7935a9ab2b2b1a97909ae51774a3a
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 26 Sep 2022 22:33:32 GMT
content-type: image/webp
content-length: 1182
cf-bgj: imgq:85,h2pri
cf-polished: origFmt=png, origSize=1413
content-disposition: inline; filename="shipping-icon.webp"
last-modified: Fri, 29 Jul 2022 14:48:10 GMT
vary: Accept
cache-control: max-age=14400
cf-cache-status: HIT
age: 4856
accept-ranges: bytes
server: cloudflare
cf-ray: 750f76390aed0b45-OSL
X-Firefox-Spdy: h2

theprostatecurse.com/imgs/ProstaFree_logo-x2.png

172.66.43.107

200 OK

12 kB

URL HTTP/2
theprostatecurse.com/imgs/ProstaFree_logo-x2.png
IP
172.66.43.107:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image\012- data
Size
12 kB (11520 bytes)
Hash
730e83e61956ad3ca7f2a6ee4ed2c00c
48ff338210b813dd17069e727325c5c8a4d74728
e9e23ec8adb9548c8777e58d5f3d3608d2970c8ebb9e75a541c826078df59428

HTTP Headers

GET /imgs/ProstaFree_logo-x2.png HTTP/1.1
Host: theprostatecurse.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://theprostatecurse.com/research/?s1=434&s2=7552_sessid20220926223333218&s3=&s4=&crtv_id=2387&affId=68&c1=434&c3=131571764
Cookie: _ga=GA1.2.1849269257.1664226756; _gid=GA1.2.1729124119.1664226756; PHPSESSID=4aa7935a9ab2b2b1a97909ae51774a3a
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 26 Sep 2022 22:33:32 GMT
content-type: image/webp
content-length: 11520
cf-bgj: imgq:85,h2pri
cf-polished: origFmt=png, origSize=12026
content-disposition: inline; filename="ProstaFree_logo-x2.webp"
last-modified: Fri, 29 Jul 2022 14:49:48 GMT
vary: Accept
cache-control: max-age=14400
cf-cache-status: HIT
age: 661
accept-ranges: bytes
server: cloudflare
cf-ray: 750f76390aee0b45-OSL
X-Firefox-Spdy: h2

theprostatecurse.com/research/imgs/benefits_bullet.png

172.66.43.107

200 OK

1.7 kB

URL HTTP/2
theprostatecurse.com/research/imgs/benefits_bullet.png
IP
172.66.43.107:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image\012- data
Size
1.7 kB (1678 bytes)
Hash
56c3657a7c7c57eb09e283e2d466bd41
16f83093da4bf672d76642f4388c6b7a3cca52fc
88c86a870016c03f246aaa4523de5776f134007cabde287d42402151ca91d379

HTTP Headers

GET /research/imgs/benefits_bullet.png HTTP/1.1
Host: theprostatecurse.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://theprostatecurse.com/research/?s1=434&s2=7552_sessid20220926223333218&s3=&s4=&crtv_id=2387&affId=68&c1=434&c3=131571764
Cookie: looked=yes; _ga=GA1.2.1849269257.1664226756; _gid=GA1.2.1729124119.1664226756; PHPSESSID=4aa7935a9ab2b2b1a97909ae51774a3a
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 26 Sep 2022 22:33:32 GMT
content-type: image/webp
content-length: 1678
cf-bgj: imgq:85,h2pri
cf-polished: origFmt=png, origSize=1879
content-disposition: inline; filename="benefits_bullet.webp"
last-modified: Fri, 29 Jul 2022 14:47:58 GMT
vary: Accept
cache-control: max-age=14400
cf-cache-status: HIT
age: 4856
accept-ranges: bytes
server: cloudflare
cf-ray: 750f76390af00b45-OSL
X-Firefox-Spdy: h2

theprostatecurse.com/research/imgs/testi1.png

172.66.43.107

200 OK

23 kB

URL HTTP/2
theprostatecurse.com/research/imgs/testi1.png
IP
172.66.43.107:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image\012- data
Size
23 kB (22970 bytes)
Hash
bb5a79278c389b30a90a7612c1b3dfa5
67af8deb91d8700d7baf41d0e170a52f262f2c53
45a7a811e3b7bebbbba6449fabed8888a7354afbbe9e0d83aa65e8818cd41509

HTTP Headers

GET /research/imgs/testi1.png HTTP/1.1
Host: theprostatecurse.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://theprostatecurse.com/research/?s1=434&s2=7552_sessid20220926223333218&s3=&s4=&crtv_id=2387&affId=68&c1=434&c3=131571764
Cookie: looked=yes; _ga=GA1.2.1849269257.1664226756; _gid=GA1.2.1729124119.1664226756; PHPSESSID=4aa7935a9ab2b2b1a97909ae51774a3a
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 26 Sep 2022 22:33:32 GMT
content-type: image/webp
content-length: 22970
cf-bgj: imgq:85,h2pri
cf-polished: origFmt=png, origSize=36259
content-disposition: inline; filename="testi1.webp"
last-modified: Fri, 29 Jul 2022 14:48:14 GMT
vary: Accept
cache-control: max-age=14400
cf-cache-status: HIT
age: 4856
accept-ranges: bytes
server: cloudflare
cf-ray: 750f76390af10b45-OSL
X-Firefox-Spdy: h2

theprostatecurse.com/research/imgs/stars.png

172.66.43.107

200 OK

1.1 kB

URL HTTP/2
theprostatecurse.com/research/imgs/stars.png
IP
172.66.43.107:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image\012- data
Size
1.1 kB (1116 bytes)
Hash
4f58890e51e66659232fde7f4e850437
f3b73e9a9e286d6c962a7812cf4908ea036727f6
86145fe164dc0e5c2ed1034bb82bd615ac12fb590f0b7e2578f68e08fd90d587

HTTP Headers

GET /research/imgs/stars.png HTTP/1.1
Host: theprostatecurse.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://theprostatecurse.com/research/?s1=434&s2=7552_sessid20220926223333218&s3=&s4=&crtv_id=2387&affId=68&c1=434&c3=131571764
Cookie: looked=yes; _ga=GA1.2.1849269257.1664226756; _gid=GA1.2.1729124119.1664226756; PHPSESSID=4aa7935a9ab2b2b1a97909ae51774a3a
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 26 Sep 2022 22:33:32 GMT
content-type: image/webp
content-length: 1116
cf-bgj: imgq:85,h2pri
cf-polished: origFmt=png, origSize=1265
content-disposition: inline; filename="stars.webp"
last-modified: Fri, 29 Jul 2022 14:48:11 GMT
vary: Accept
cache-control: max-age=14400
cf-cache-status: HIT
age: 4856
accept-ranges: bytes
server: cloudflare
cf-ray: 750f76390af20b45-OSL
X-Firefox-Spdy: h2

theprostatecurse.com/research/imgs/testi2.png

172.66.43.107

200 OK

23 kB

URL HTTP/2
theprostatecurse.com/research/imgs/testi2.png
IP
172.66.43.107:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image\012- data
Size
23 kB (22752 bytes)
Hash
e826fc53d53107a10b0c520abdebb73e
e56d59b9af0f9cc84862f76b56b431f55d87af05
6339bbff78b92233c48c27ed9ce73e5a855fbdfedc14e0d76ef31b5a7415b9a1

HTTP Headers

GET /research/imgs/testi2.png HTTP/1.1
Host: theprostatecurse.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://theprostatecurse.com/research/?s1=434&s2=7552_sessid20220926223333218&s3=&s4=&crtv_id=2387&affId=68&c1=434&c3=131571764
Cookie: looked=yes; _ga=GA1.2.1849269257.1664226756; _gid=GA1.2.1729124119.1664226756; PHPSESSID=4aa7935a9ab2b2b1a97909ae51774a3a
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 26 Sep 2022 22:33:32 GMT
content-type: image/webp
content-length: 22752
cf-bgj: imgq:85,h2pri
cf-polished: origFmt=png, origSize=35558
content-disposition: inline; filename="testi2.webp"
last-modified: Fri, 29 Jul 2022 14:48:14 GMT
vary: Accept
cache-control: max-age=14400
cf-cache-status: HIT
age: 4856
accept-ranges: bytes
server: cloudflare
cf-ray: 750f76390af50b45-OSL
X-Firefox-Spdy: h2

theprostatecurse.com/imgs/ProstaFree_logo-x2-white.png

172.66.43.107

200 OK

5.8 kB

URL HTTP/2
theprostatecurse.com/imgs/ProstaFree_logo-x2-white.png
IP
172.66.43.107:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image\012- data
Size
5.8 kB (5814 bytes)
Hash
c1e13cacf45d6f9061d468c7f83f3f54
81252e167d9bbf5fa917131176b834ea827c6a16
0788892d5792ca6583bb67c01b3990c88a6defb903887ee5f46916db313023d4

HTTP Headers

GET /imgs/ProstaFree_logo-x2-white.png HTTP/1.1
Host: theprostatecurse.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://theprostatecurse.com/research/?s1=434&s2=7552_sessid20220926223333218&s3=&s4=&crtv_id=2387&affId=68&c1=434&c3=131571764
Cookie: _ga=GA1.2.1849269257.1664226756; _gid=GA1.2.1729124119.1664226756; PHPSESSID=4aa7935a9ab2b2b1a97909ae51774a3a
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 26 Sep 2022 22:33:32 GMT
content-type: image/webp
content-length: 5814
cf-bgj: imgq:85,h2pri
cf-polished: origFmt=png, origSize=6067
content-disposition: inline; filename="ProstaFree_logo-x2-white.webp"
last-modified: Fri, 29 Jul 2022 14:49:47 GMT
vary: Accept
cache-control: max-age=14400
cf-cache-status: HIT
age: 661
accept-ranges: bytes
server: cloudflare
cf-ray: 750f76390af80b45-OSL
X-Firefox-Spdy: h2

theprostatecurse.com/research/imgs/testi3.png

172.66.43.107

200 OK

28 kB

URL HTTP/2
theprostatecurse.com/research/imgs/testi3.png
IP
172.66.43.107:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image\012- data
Size
28 kB (28054 bytes)
Hash
f9e2017378fcb6526846ad7ad6931716
096528177e038681d4497b425f194859b9329f74
e45abee0f32ffd0668e6abb182da6673cd876abfe95e5661b5033b958cbb4d56

HTTP Headers

GET /research/imgs/testi3.png HTTP/1.1
Host: theprostatecurse.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://theprostatecurse.com/research/?s1=434&s2=7552_sessid20220926223333218&s3=&s4=&crtv_id=2387&affId=68&c1=434&c3=131571764
Cookie: looked=yes; _ga=GA1.2.1849269257.1664226756; _gid=GA1.2.1729124119.1664226756; PHPSESSID=4aa7935a9ab2b2b1a97909ae51774a3a
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 26 Sep 2022 22:33:32 GMT
content-type: image/webp
content-length: 28054
cf-bgj: imgq:85,h2pri
cf-polished: origFmt=png, origSize=42565
content-disposition: inline; filename="testi3.webp"
last-modified: Fri, 29 Jul 2022 14:48:15 GMT
vary: Accept
cache-control: max-age=14400
cf-cache-status: HIT
age: 4856
accept-ranges: bytes
server: cloudflare
cf-ray: 750f76390af60b45-OSL
X-Firefox-Spdy: h2

theprostatecurse.com/research/fonts/ProximaNova-Extrabld.woff

172.66.43.107

200 OK

52 kB

URL HTTP/2
theprostatecurse.com/research/fonts/ProximaNova-Extrabld.woff
IP
172.66.43.107:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format, TrueType, length 51504, version 0.0\012- data
Size
52 kB (51504 bytes)
Hash
7f277b30c2d157a866644f7d861cbd6e
68ec8f7b24e40f10374ead63aa0daf0cc455f1e0
ca58fe74a581322b46d41e976600b4a5019bfe2c7839ffd38c8e710f2e833737

HTTP Headers

GET /research/fonts/ProximaNova-Extrabld.woff HTTP/1.1
Host: theprostatecurse.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://theprostatecurse.com/research/?s1=434&s2=7552_sessid20220926223333218&s3=&s4=&crtv_id=2387&affId=68&c1=434&c3=131571764
Cookie: looked=yes; _ga=GA1.2.1849269257.1664226756; _gid=GA1.2.1729124119.1664226756; PHPSESSID=4aa7935a9ab2b2b1a97909ae51774a3a
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 26 Sep 2022 22:33:32 GMT
content-type: font/woff
content-length: 51504
last-modified: Fri, 29 Jul 2022 14:47:54 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 4856
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 750f76393b100b45-OSL
X-Firefox-Spdy: h2

theprostatecurse.com/research/fonts/ProximaNova-Semibold.woff

172.66.43.107

200 OK

52 kB

URL HTTP/2
theprostatecurse.com/research/fonts/ProximaNova-Semibold.woff
IP
172.66.43.107:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format, TrueType, length 51760, version 0.0\012- data
Size
52 kB (51760 bytes)
Hash
3c4a5cdaa683834b9cc535dbcdd75153
19983ffca2d7c7386f07a055f92a358b952f82e9
b0cfaf554e50dd137466c34a03e3bb314e830785afa954956062c6994aec9445

HTTP Headers

GET /research/fonts/ProximaNova-Semibold.woff HTTP/1.1
Host: theprostatecurse.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://theprostatecurse.com/research/?s1=434&s2=7552_sessid20220926223333218&s3=&s4=&crtv_id=2387&affId=68&c1=434&c3=131571764
Cookie: looked=yes; _ga=GA1.2.1849269257.1664226756; _gid=GA1.2.1729124119.1664226756; PHPSESSID=4aa7935a9ab2b2b1a97909ae51774a3a
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 26 Sep 2022 22:33:32 GMT
content-type: font/woff
content-length: 51760
last-modified: Fri, 29 Jul 2022 14:47:56 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 4856
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 750f76394b140b45-OSL
X-Firefox-Spdy: h2

theprostatecurse.com/research/fonts/ProximaNova-Bold.woff

172.66.43.107

200 OK

52 kB

URL HTTP/2
theprostatecurse.com/research/fonts/ProximaNova-Bold.woff
IP
172.66.43.107:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format, TrueType, length 51944, version 0.0\012- data
Size
52 kB (51944 bytes)
Hash
637c241b1d81e95d681796891e1fb1ac
d5da75d2b826d9da27378a9c0f7e0b620031c339
e9f28e3823f3c6f150bbc92899c421d470322e7c1118eb8ce6c9c18e8aeb6799

HTTP Headers

GET /research/fonts/ProximaNova-Bold.woff HTTP/1.1
Host: theprostatecurse.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://theprostatecurse.com/research/?s1=434&s2=7552_sessid20220926223333218&s3=&s4=&crtv_id=2387&affId=68&c1=434&c3=131571764
Cookie: looked=yes; _ga=GA1.2.1849269257.1664226756; _gid=GA1.2.1729124119.1664226756; PHPSESSID=4aa7935a9ab2b2b1a97909ae51774a3a
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 26 Sep 2022 22:33:32 GMT
content-type: font/woff
content-length: 51944
last-modified: Fri, 29 Jul 2022 14:47:53 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 4856
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 750f76395b200b45-OSL
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
bfc8c650e23854f708a3dd54fca4393f
b54c061cf5a5306a68112d403471914e839a68c8
84b8c36947944ea94b27e053f2abb944e6951157e256991f8b1523b9cacfe362

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 22:33:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js

142.250.74.138

200 OK

31 kB

URL HTTP/2
ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js
IP
142.250.74.138:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (65447)
Size
31 kB (31017 bytes)
Hash
7808e0e4b7a714230373852158500533
4a79d18722a68a2f38d52e2d3a11b550bdd30b3c
8ba5796bee6a065b8b31895e7e8d59ba564cfd36d2ce056e327588e67736f054

HTTP Headers

GET /ajax/libs/jquery/3.6.0/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://theprostatecurse.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 31017
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 26 Sep 2022 09:42:03 GMT
expires: Tue, 26 Sep 2023 09:42:03 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 46289
last-modified: Wed, 10 Mar 2021 14:28:09 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
c939f97c8bcbfea356e92036803714bc
608c795e7c4fb943a4db49a4e4533c41ea717023
b05b38c78c15c259720bfc6783ac65ab60ceb1e6037b45b08113f183554f08cb

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 22:33:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fast.wistia.net/assets/external/E-v1.js

151.101.86.110

200 OK

116 kB

URL HTTP/2
fast.wistia.net/assets/external/E-v1.js
IP
151.101.86.110:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (65536), with no line terminators
Size
116 kB (116449 bytes)
Hash
29859c25251a09db0fbb53d16f113f00
92181e51740dc972f12c910bcfd1a0fe65f9c6f7
5f65a138a867ada83aa1e14b1fa47e89c49ece7134486220e5bb78c5ba4d9b38

HTTP Headers

GET /assets/external/E-v1.js HTTP/1.1
Host: fast.wistia.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://theprostatecurse.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
cache-control: public, max-age=3600
content-encoding: br
content-type: application/javascript
etag: "632da87d-1c6e1"
last-modified: Fri, 23 Sep 2022 12:37:17 GMT
timing-allow-origin: *
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 26 Sep 2022 22:33:32 GMT
age: 2038
x-served-by: cache-iad-kiad7000129-IAD, cache-bma1658-BMA
x-cache: HIT, HIT
x-cache-hits: 1, 7
x-timer: S1664231612.467618,VS0,VE0
vary: Accept-Encoding
strict-transport-security: max-age=0
x-ecma-v: modern
x-browser: firefox
x-browser-version: 96
content-length: 116449
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
bfc8c650e23854f708a3dd54fca4393f
b54c061cf5a5306a68112d403471914e839a68c8
84b8c36947944ea94b27e053f2abb944e6951157e256991f8b1523b9cacfe362

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 22:33:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fast.wistia.com/embed/medias/zpgiy96yzn.jsonp

151.101.86.110

200 OK

1.6 kB

URL HTTP/2
fast.wistia.com/embed/medias/zpgiy96yzn.jsonp
IP
151.101.86.110:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (5228)
Size
1.6 kB (1629 bytes)
Hash
cec3846a7a27e036ed1c5b35653d6a1c
d417ee0ac3fee019d4aea74a6336d6e60abb40ef
971b4ef9ffd2f0ff2f604db8d9cd12fc152f0ac91639c5bf340843a1c7b8f888

HTTP Headers

GET /embed/medias/zpgiy96yzn.jsonp HTTP/1.1
Host: fast.wistia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://theprostatecurse.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
cache-control: public, no-cache
content-encoding: br
content-type: application/javascript; charset=utf-8
etag: W/"cb725665a1690dc053370642b2d663fd"
p3p: CP="CURi ADMa DEVa IVAa IVDa CONi OUR IND DSP CAO COR"
referrer-policy: strict-origin-when-cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-request-id: ef153c2c94ff5eecbbcb2e3175f199de
x-runtime: 0.067319
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 26 Sep 2022 22:33:32 GMT
age: 12063
x-served-by: cache-iad-kjyo7100041-IAD, cache-bma1630-BMA
x-cache: HIT, HIT
x-cache-hits: 2, 2
x-timer: S1664231613.503236,VS0,VE0
vary: Accept-Encoding,Referer,X-Forwarded-Proto,X-Normalized-User-Agent,X-ECMA-Override
strict-transport-security: max-age=0
x-ecma-v: modern
x-browser: firefox
x-browser-version: 96
content-length: 1629
X-Firefox-Spdy: h2

www.googletagmanager.com/gtm.js?id=GTM-W4CVTDK

142.250.74.72

200 OK

44 kB

URL HTTP/2
www.googletagmanager.com/gtm.js?id=GTM-W4CVTDK
IP
142.250.74.72:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1720)
Size
44 kB (43914 bytes)
Hash
73e1bfd1fc6474fb07ef78f9f8f2dcaf
09d430a2b23558ee893aba0a7d05cd106b0b4b68
0847924f8c9f047836b5676efe18ffdddb93671a4ccf5b9c95a8fef05fe0876d

HTTP Headers

GET /gtm.js?id=GTM-W4CVTDK HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://theprostatecurse.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 26 Sep 2022 22:33:32 GMT
expires: Mon, 26 Sep 2022 22:33:32 GMT
cache-control: private, max-age=900
last-modified: Mon, 26 Sep 2022 21:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43914
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

513 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
513 B (513 bytes)
Hash
5c8d5fa64a85e1ef896bd5c8a648fde6
6da03fc539be11e60f9766e255d46183b098c341
673a0a9f22e1b4b146e08052c345110b1f3c5e7ea66267522c346513835ad59a

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 22:33:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google-analytics.com/analytics.js

142.250.74.174

200 OK

20 kB

URL HTTP/2
www.google-analytics.com/analytics.js
IP
142.250.74.174:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1325)
Size
20 kB (19826 bytes)
Hash
cae538dcce82598fbe43c0bf443e62dd
cc68ac6be9c5e0087a0000e5735b83270ace30f5
954b9e9d9744e1319c51760780a35de2dec353afffac705c2cca6d836a5e056d

HTTP Headers

GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://theprostatecurse.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 19826
date: Mon, 26 Sep 2022 20:41:09 GMT
expires: Mon, 26 Sep 2022 22:41:09 GMT
cache-control: public, max-age=7200
age: 6743
last-modified: Sun, 11 Sep 2022 13:50:09 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fast.wistia.net/assets/external/wistia-mux.js

151.101.86.110

200 OK

32 kB

URL HTTP/2
fast.wistia.net/assets/external/wistia-mux.js
IP
151.101.86.110:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (65536), with no line terminators
Size
32 kB (32366 bytes)
Hash
4e0bd02908384de7517dc6ce2d132a92
e5be3ef18fddb02671eb704d34e3493cdfcb80ae
da3f40915f30cc7863ae44e57acfbc344682d22cba4f29159e2fd5896574b8c6

HTTP Headers

GET /assets/external/wistia-mux.js HTTP/1.1
Host: fast.wistia.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://theprostatecurse.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
cache-control: public, max-age=3600
content-encoding: br
content-type: application/javascript
etag: "632da87d-7e6e"
last-modified: Fri, 23 Sep 2022 12:37:17 GMT
timing-allow-origin: *
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 26 Sep 2022 22:33:32 GMT
age: 2037
x-served-by: cache-iad-kcgs7200110-IAD, cache-bma1658-BMA
x-cache: HIT, HIT
x-cache-hits: 1, 6
x-timer: S1664231613.712578,VS0,VE0
vary: Accept-Encoding
strict-transport-security: max-age=0
x-ecma-v: modern
x-browser: firefox
x-browser-version: 96
content-length: 32366
X-Firefox-Spdy: h2

fast.wistia.net/assets/external/playPauseLoadingControl.js

151.101.86.110

200 OK

16 kB

URL HTTP/2
fast.wistia.net/assets/external/playPauseLoadingControl.js
IP
151.101.86.110:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (59899), with no line terminators
Size
16 kB (15932 bytes)
Hash
bc2e2ee2292331734472380da1b8e246
f1c0d0a56add17cf01bfcb69f4165f1a987d56a0
fb6c5149e6bded580759f0dbf09eec19df63d2e925b109e5770598e87a2f7a00

HTTP Headers

GET /assets/external/playPauseLoadingControl.js HTTP/1.1
Host: fast.wistia.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://theprostatecurse.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
cache-control: public, max-age=3600
content-encoding: br
content-type: application/javascript
etag: "632da87d-3e3c"
last-modified: Fri, 23 Sep 2022 12:37:17 GMT
timing-allow-origin: *
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 26 Sep 2022 22:33:32 GMT
age: 2038
x-served-by: cache-iad-kcgs7200062-IAD, cache-bma1658-BMA
x-cache: HIT, HIT
x-cache-hits: 1, 6
x-timer: S1664231613.746428,VS0,VE0
vary: Accept-Encoding
strict-transport-security: max-age=0
x-ecma-v: modern
x-browser: firefox
x-browser-version: 96
content-length: 15932
X-Firefox-Spdy: h2

embed-ssl.wistia.com/deliveries/b635c036ddbaf8ef483fb6abd2924ad1.webp?image_crop_resized=896x504

151.101.86.133

200 OK

38 kB

URL HTTP/2
embed-ssl.wistia.com/deliveries/b635c036ddbaf8ef483fb6abd2924ad1.webp?image_crop_resized=896x504
IP
151.101.86.133:0
ASN
#54113 FASTLY

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 896x504, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
38 kB (37930 bytes)
Hash
f8fbbd8864861eda3737ad756128a8c4
910649abb3305044496ec45b36f188d00fd481e4
4ffc11cf448db3abe3380d77092657888238ae5a4c09a34e1fcc581cfeda25af

HTTP Headers

GET /deliveries/b635c036ddbaf8ef483fb6abd2924ad1.webp?image_crop_resized=896x504 HTTP/1.1
Host: embed-ssl.wistia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://theprostatecurse.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: image/webp
access-control-expose-headers: Origin, Content-Type, Accept, Server, x-amz-version-id, X-Cache
cache-control: max-age=31536000
content-disposition: inline
edge-cache-tag: b635c036ddbaf8ef483fb6abd2924ad1
last-modified: Wed, 24 Aug 2022 12:48:18 UTC
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 26 Sep 2022 22:33:32 GMT
age: 2886303
access-control-allow-origin: *
access-control-request-method: *
access-control-allow-methods: GET, HEAD, OPTIONS
x-served-by: cache-iad-kiad7000146-IAD, cache-bma1625-BMA
x-cache: HIT, HIT
x-cache-hits: 1, 1
x-timer: S1664231613.804881,VS0,VE1
content-length: 37930
X-Firefox-Spdy: h2

fast.wistia.net/assets/external/engines/hls_video.js

151.101.86.110

200 OK

114 kB

URL HTTP/2
fast.wistia.net/assets/external/engines/hls_video.js
IP
151.101.86.110:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (65469)
Size
114 kB (114378 bytes)
Hash
16e6e4562ea0bbf6c7ba510f38b0fb8b
20964be4789975feaad850da7bff3df654fad6fe
737ffb23a604268ad34f2dfc3599778fc5934ac18762cbcbc1a68e72b5db091d

HTTP Headers

GET /assets/external/engines/hls_video.js HTTP/1.1
Host: fast.wistia.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://theprostatecurse.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
cache-control: public, max-age=3600
content-encoding: br
content-type: application/javascript
etag: "632da87d-1beca"
last-modified: Fri, 23 Sep 2022 12:37:17 GMT
timing-allow-origin: *
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 26 Sep 2022 22:33:32 GMT
age: 2038
x-served-by: cache-iad-kcgs7200095-IAD, cache-bma1658-BMA
x-cache: HIT, HIT
x-cache-hits: 1, 3
x-timer: S1664231613.848473,VS0,VE0
vary: Accept-Encoding
strict-transport-security: max-age=0
x-ecma-v: modern
x-browser: firefox
x-browser-version: 96
content-length: 114378
X-Firefox-Spdy: h2

stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j97&tid=UA-236253750-1&cid=1849269257.1664226756&jid=788843962&gjid=1479968118&_gid=1729124119.1664226756&_u=QACAAEAAAAAAAC~&z=195344079

64.233.162.155

200 OK

4 B

URL HTTP/2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j97&tid=UA-236253750-1&cid=1849269257.1664226756&jid=788843962&gjid=1479968118&_gid=1729124119.1664226756&_u=QACAAEAAAAAAAC~&z=195344079
IP
64.233.162.155:0
ASN
#15169 GOOGLE

File type
ASCII text, with no line terminators
Size
4 B (4 bytes)
Hash
48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a

HTTP Headers

POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j97&tid=UA-236253750-1&cid=1849269257.1664226756&jid=788843962&gjid=1479968118&_gid=1729124119.1664226756&_u=QACAAEAAAAAAAC~&z=195344079 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://theprostatecurse.com
Connection: keep-alive
Referer: https://theprostatecurse.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: https://theprostatecurse.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Mon, 26 Sep 2022 22:33:32 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
95f95fee6e94fb192e7c06459e3e3f8e
025638b85afcc833cd592c98cc941dd011d2526f
dbc8654990b37741f8e393d069054ae68d584c2496421892e814e7a8c45467fd

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 22:33:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
002d49bafbcc428a44fe523322ad9e05
b39aad0d1e941121f28af8f9b6d76f19216800d5
59a10c7762be219b689cd518aea4d034aa725c6a632b7f866989dcf984b5e007

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 22:33:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
5b7b66f5886a12421c3f3970bbf49d5a
13a31565fb5b2f1e75d67ba1ce09dae339f1c0e8
3ed8ffa99cefdf81381912b426c0ab9091fb5888836665d9012435965f99feba

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 22:33:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-236253750-1&cid=1849269257.1664226756&jid=788843962&_u=QACAAEAAAAAAAC~&z=2009754074

142.250.74.3

200 OK

42 B

URL HTTP/2
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-236253750-1&cid=1849269257.1664226756&jid=788843962&_u=QACAAEAAAAAAAC~&z=2009754074
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-236253750-1&cid=1849269257.1664226756&jid=788843962&_u=QACAAEAAAAAAAC~&z=2009754074 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://theprostatecurse.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 26 Sep 2022 22:33:32 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-236253750-1&cid=1849269257.1664226756&jid=788843962&_u=QACAAEAAAAAAAC~&z=2009754074

142.250.74.164

200 OK

42 B

URL HTTP/2
www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-236253750-1&cid=1849269257.1664226756&jid=788843962&_u=QACAAEAAAAAAAC~&z=2009754074
IP
142.250.74.164:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-236253750-1&cid=1849269257.1664226756&jid=788843962&_u=QACAAEAAAAAAAC~&z=2009754074 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://theprostatecurse.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 26 Sep 2022 22:33:32 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
95f95fee6e94fb192e7c06459e3e3f8e
025638b85afcc833cd592c98cc941dd011d2526f
dbc8654990b37741f8e393d069054ae68d584c2496421892e814e7a8c45467fd

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 22:33:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fast.wistia.net/assets/images/blank.gif

151.101.86.110

200 OK

1.2 kB

URL HTTP/2
fast.wistia.net/assets/images/blank.gif
IP
151.101.86.110:0
ASN
#54113 FASTLY

File type
GIF image data, version 89a, 100 x 100\012- data
Size
1.2 kB (1214 bytes)
Hash
fbdc4ed9a1e2ee4917a265306927bcf1
6d177725d8230df0457e72004080f712e26fe624
a78759ea185fd0fa42ca9be1fc5bca4d3167a2836dc6c85e479a19dbf57fe2c2

HTTP Headers

GET /assets/images/blank.gif HTTP/1.1
Host: fast.wistia.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://theprostatecurse.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
cache-control: max-age=315360000, public
content-type: image/gif
etag: "63321234-4be"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Mon, 26 Sep 2022 20:57:24 GMT
timing-allow-origin: *
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 26 Sep 2022 22:33:33 GMT
age: 5639
x-served-by: cache-iad-kcgs7200157-IAD, cache-bma1658-BMA
x-cache: HIT, HIT
x-cache-hits: 1, 32
x-timer: S1664231613.025197,VS0,VE0
vary: Accept-Encoding
strict-transport-security: max-age=0
x-ecma-v: modern
x-browser: firefox
x-browser-version: 96
content-length: 1214
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
4538701cf9bc34d908f50370beb922f4
df141b9c3ec626ecaba7c1899073a48b811c4113
61497b93eb237687a8fff5845a7a81aff2f2f53dc56f2d0818bfb98dd1256d6f

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 22:33:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fast.wistia.com/embed/medias/zpgiy96yzn.m3u8

151.101.86.110

200 OK

753 B

URL HTTP/2
fast.wistia.com/embed/medias/zpgiy96yzn.m3u8
IP
151.101.86.110:0
ASN
#54113 FASTLY

File type
M3U playlist, ASCII text
Size
753 B (753 bytes)
Hash
3e9cb9483943ff11e1f4b0db2bd3b3d7
231990d6d25317cb706c4b1ad5951630522a78da
d302bf80e15b6848c04ac493171897e59f4ac1559fc4bff9539f30742b96c266

HTTP Headers

GET /embed/medias/zpgiy96yzn.m3u8 HTTP/1.1
Host: fast.wistia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://theprostatecurse.com
Connection: keep-alive
Referer: https://theprostatecurse.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
cache-control: public, no-cache
content-type: application/x-mpegURL
etag: W/"d302bf80e15b6848c04ac493171897e5"
p3p: CP="CURi ADMa DEVa IVAa IVDa CONi OUR IND DSP CAO COR"
referrer-policy: strict-origin-when-cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-request-id: 4bb8f343993545d29cf83eb545a771a5
x-runtime: 0.025334
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 26 Sep 2022 22:33:33 GMT
age: 0
x-served-by: cache-iad-kcgs7200048-IAD, cache-bma1625-BMA
x-cache: HIT, HIT
x-cache-hits: 515, 1
x-timer: S1664231613.066296,VS0,VE102
vary: Accept-Encoding,Referer,X-Forwarded-Proto,X-Normalized-User-Agent,X-ECMA-Override
strict-transport-security: max-age=0
x-ecma-v: modern
x-browser: firefox
x-browser-version: 96
content-length: 753
X-Firefox-Spdy: h2

embedwistia-a.akamaihd.net/deliveries/0f599d2ef063421b6fc7043717da0fde23e6139e.m3u8

23.36.76.162

200 OK

116 kB

URL HTTP/1.1
embedwistia-a.akamaihd.net/deliveries/0f599d2ef063421b6fc7043717da0fde23e6139e.m3u8
IP
23.36.76.162:0
ASN
#20940 Akamai International B.V.

File type
M3U playlist, ASCII text
Size
116 kB (116055 bytes)
Hash
230ba5f787369871971b1880ef017f7b
a064f80616d0d77b0220226257e173278577ba18
2c5c09fffaf083d87ce339ddfa8357ea879f554d55eaff6cd9fe8a46a465b3e7

HTTP Headers

GET /deliveries/0f599d2ef063421b6fc7043717da0fde23e6139e.m3u8 HTTP/1.1
Host: embedwistia-a.akamaihd.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://theprostatecurse.com
Connection: keep-alive
Referer: https://theprostatecurse.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/vnd.apple.mpegurl
Content-Length: 116055
Access-Control-Allow-Headers: *
Access-Control-Expose-Headers: Server,range,Content-Length,Content-Range
Last-Modified: Mon, 05 Nov 2018 10:11:00 GMT
surrogate-key: 0f599d2ef063421b6fc7043717da0fde23e6139e-hls-segment a227918e831bad87448fc210e029b3c9b5b84f05
Accept-Ranges: bytes
Cache-Control: max-age=31461404
Expires: Tue, 26 Sep 2023 01:50:17 GMT
Date: Mon, 26 Sep 2022 22:33:33 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
Access-Control-Allow-Methods: GET, HEAD, OPTIONS
Access-Control-Request-Method: *
Access-Control-Allow-Origin: *

embedwistia-a.akamaihd.net/deliveries/0f599d2ef063421b6fc7043717da0fde23e6139e.m3u8/seg-1-v1-a1.ts

23.36.76.162

200 OK

2.6 MB

URL HTTP/1.1
embedwistia-a.akamaihd.net/deliveries/0f599d2ef063421b6fc7043717da0fde23e6139e.m3u8/seg-1-v1-a1.ts
IP
23.36.76.162:0
ASN
#20940 Akamai International B.V.

File type
MPEG transport stream data\012- data
Size
2.6 MB (2638392 bytes)
Hash
1a658d09de2712271a38aa21594a72df
50fbfba38a6eaddd61e440f4270ead7a47dea986
2756fb32da75ca228bb3d3c7de5617f0cb60adfbff0c58319440dca01c97937c

HTTP Headers

GET /deliveries/0f599d2ef063421b6fc7043717da0fde23e6139e.m3u8/seg-1-v1-a1.ts HTTP/1.1
Host: embedwistia-a.akamaihd.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://theprostatecurse.com
Connection: keep-alive
Referer: https://theprostatecurse.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: video/MP2T
Content-Length: 2638392
Access-Control-Allow-Headers: *
Access-Control-Expose-Headers: Server,range,Content-Length,Content-Range
Last-Modified: Mon, 05 Nov 2018 10:11:00 GMT
surrogate-key: 0f599d2ef063421b6fc7043717da0fde23e6139e-hls-segment a227918e831bad87448fc210e029b3c9b5b84f05
Accept-Ranges: bytes
Cache-Control: max-age=31391065
Expires: Mon, 25 Sep 2023 06:17:58 GMT
Date: Mon, 26 Sep 2022 22:33:33 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
Access-Control-Allow-Methods: GET, HEAD, OPTIONS
Access-Control-Request-Method: *
Access-Control-Allow-Origin: *

embedwistia-a.akamaihd.net/deliveries/629f20bc5761f24f6de88bbaaac9380352fc4afc.m3u8

23.36.76.162

200 OK

116 kB

URL HTTP/1.1
embedwistia-a.akamaihd.net/deliveries/629f20bc5761f24f6de88bbaaac9380352fc4afc.m3u8
IP
23.36.76.162:0
ASN
#20940 Akamai International B.V.

File type
M3U playlist, ASCII text
Size
116 kB (116055 bytes)
Hash
cbe2b26f17e73c7ce3e1e721a7655c6c
7242cc1a7ff3c8607bb4a6fc0faebf5d4641ca2f
4bb573fef42ddca6c8e3c924c243e9a41edc47fe967164e91270ab2409fe50f1

HTTP Headers

GET /deliveries/629f20bc5761f24f6de88bbaaac9380352fc4afc.m3u8 HTTP/1.1
Host: embedwistia-a.akamaihd.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://theprostatecurse.com
Connection: keep-alive
Referer: https://theprostatecurse.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/vnd.apple.mpegurl
Content-Length: 116055
Access-Control-Allow-Headers: *
Access-Control-Expose-Headers: Server,range,Content-Length,Content-Range
Last-Modified: Mon, 05 Nov 2018 10:11:00 GMT
surrogate-key: 629f20bc5761f24f6de88bbaaac9380352fc4afc-hls-segment a227918e831bad87448fc210e029b3c9b5b84f05
Accept-Ranges: bytes
Cache-Control: max-age=31490775
Expires: Tue, 26 Sep 2023 09:59:48 GMT
Date: Mon, 26 Sep 2022 22:33:33 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
Access-Control-Allow-Methods: GET, HEAD, OPTIONS
Access-Control-Request-Method: *
Access-Control-Allow-Origin: *

embedwistia-a.akamaihd.net/deliveries/629f20bc5761f24f6de88bbaaac9380352fc4afc.m3u8/seg-1-v1-a1.ts

23.36.76.162

200 OK

984 kB

URL HTTP/1.1
embedwistia-a.akamaihd.net/deliveries/629f20bc5761f24f6de88bbaaac9380352fc4afc.m3u8/seg-1-v1-a1.ts
IP
23.36.76.162:0
ASN
#20940 Akamai International B.V.

File type
MPEG transport stream data\012- data
Size
984 kB (983992 bytes)
Hash
3e4e077c201c11540050b5f9c4fa1027
e020600d6433cf2ce55904a81ea9d8df33487994
ebd07eec559fd7260f208624002e248ef77d2226f4ab66dd7198673db3f865f6

HTTP Headers

GET /deliveries/629f20bc5761f24f6de88bbaaac9380352fc4afc.m3u8/seg-1-v1-a1.ts HTTP/1.1
Host: embedwistia-a.akamaihd.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://theprostatecurse.com
Connection: keep-alive
Referer: https://theprostatecurse.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: video/MP2T
Content-Length: 983992
Access-Control-Allow-Headers: *
Access-Control-Expose-Headers: Server,range,Content-Length,Content-Range
Last-Modified: Mon, 05 Nov 2018 10:11:00 GMT
surrogate-key: 629f20bc5761f24f6de88bbaaac9380352fc4afc-hls-segment a227918e831bad87448fc210e029b3c9b5b84f05
Accept-Ranges: bytes
Cache-Control: max-age=31438374
Expires: Mon, 25 Sep 2023 19:26:27 GMT
Date: Mon, 26 Sep 2022 22:33:33 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
Access-Control-Allow-Methods: GET, HEAD, OPTIONS
Access-Control-Request-Method: *
Access-Control-Allow-Origin: *

ocsp.sca1b.amazontrust.com/

54.230.245.110

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
54.230.245.110:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
900f0bd9d71861c1d01e36f8a85b5034
50b150078fb0ff955529b4b438a3bd8df1344ea6
e8dbf3c2831be7814edd806d7826394be8efd90a7f221ea6da9daea6448db6a5

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Mon, 26 Sep 2022 22:33:33 GMT
Last-Modified: Mon, 26 Sep 2022 21:17:12 GMT
Server: ECS (nyb/1D34)
X-Cache: Miss from cloudfront
Via: 1.1 ab09332bca1a3bd382d2e408f65b98d2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: LBaUxubLgd4ZH85wkcRgAqcK8pMZ2I_AtFPp6fvrNfQz8NZDFV8jnw==
Age: 4581

ocsp.sca1b.amazontrust.com/

54.230.245.110

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
54.230.245.110:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
900f0bd9d71861c1d01e36f8a85b5034
50b150078fb0ff955529b4b438a3bd8df1344ea6
e8dbf3c2831be7814edd806d7826394be8efd90a7f221ea6da9daea6448db6a5

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Mon, 26 Sep 2022 22:33:33 GMT
Last-Modified: Mon, 26 Sep 2022 20:45:28 GMT
Server: ECS (nyb/1D15)
X-Cache: Miss from cloudfront
Via: 1.1 ab09332bca1a3bd382d2e408f65b98d2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: RwPiH0LcY5ZFHb8_imbFmaBu9WAoEe8LLT9U2XlaNhcVD8BV4Iycdw==
Age: 6485

distillery.wistia.com/x

44.197.44.53

204 No Content

0 B

URL HTTP/2
distillery.wistia.com/x
IP
44.197.44.53:0
ASN
#14618 AMAZON-AES

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /x HTTP/1.1
Host: distillery.wistia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: text/plain
Content-Length: 1592
Origin: https://theprostatecurse.com
Connection: keep-alive
Referer: https://theprostatecurse.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
date: Mon, 26 Sep 2022 22:33:33 GMT
access-control-allow-origin: *
cache-control: max-age=0, private, must-revalidate
X-Firefox-Spdy: h2

pipedream.wistia.com/mput?topic=metrics

54.152.184.103

200 OK

2 B

URL HTTP/2
pipedream.wistia.com/mput?topic=metrics
IP
54.152.184.103:0
ASN
#14618 AMAZON-AES

File type
ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

HTTP Headers

POST /mput?topic=metrics HTTP/1.1
Host: pipedream.wistia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: application/x-www-form-urlencoded
Content-Length: 1486
Origin: https://theprostatecurse.com
Connection: keep-alive
Referer: https://theprostatecurse.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 26 Sep 2022 22:33:33 GMT
content-type: text/plain; charset=utf-8
content-length: 2
access-control-allow-methods: POST, OPTIONS
access-control-allow-origin: *
X-Firefox-Spdy: h2

pipedream.wistia.com/mput?topic=metrics

54.152.184.103

200 OK

2 B

URL HTTP/2
pipedream.wistia.com/mput?topic=metrics
IP
54.152.184.103:0
ASN
#14618 AMAZON-AES

File type
ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

HTTP Headers

POST /mput?topic=metrics HTTP/1.1
Host: pipedream.wistia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: application/x-www-form-urlencoded
Content-Length: 5259
Origin: https://theprostatecurse.com
Connection: keep-alive
Referer: https://theprostatecurse.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Mon, 26 Sep 2022 22:33:34 GMT
content-type: text/plain; charset=utf-8
content-length: 2
access-control-allow-methods: POST, OPTIONS
access-control-allow-origin: *
X-Firefox-Spdy: h2

go.maxweb.com/conversion/iframe/?a=7552&token=32c64d80036cd2a2c2f25a4e1f88668e

172.66.40.143

200 OK

0 B

URL HTTP/2
go.maxweb.com/conversion/iframe/?a=7552&token=32c64d80036cd2a2c2f25a4e1f88668e
IP
172.66.40.143:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /conversion/iframe/?a=7552&token=32c64d80036cd2a2c2f25a4e1f88668e HTTP/1.1
Host: go.maxweb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://theprostatecurse.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 26 Sep 2022 22:33:34 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Mon, 26 Sep 2022 23:33:34 GMT
cache-control: max-age=3600, private
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 750f76465c46b4fd-OSL
content-encoding: br
X-Firefox-Spdy: h2

mwquestion.com/7552/434/2/?subid=7&subid2=9ab5e82d318445019a9f7a09fa37e460&subid3=XMcdddelw

172.67.193.9

302 Found

0 B

URL HTTP/2
mwquestion.com/7552/434/2/?subid=7&subid2=9ab5e82d318445019a9f7a09fa37e460&subid3=XMcdddelw
IP
172.67.193.9:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /7552/434/2/?subid=7&subid2=9ab5e82d318445019a9f7a09fa37e460&subid3=XMcdddelw HTTP/1.1
Host: mwquestion.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 302 Found
date: Mon, 26 Sep 2022 22:33:30 GMT
content-type: text/html; charset=UTF-8
location: https://prstfreetrk.com/?a=68&c=2387&s2=7552_sessid20220926223333218&s1=434
cache-control: max-age=3600, private
pragma: no-cache
expires: Mon, 26 Sep 2022 23:33:30 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 750f7628e9cc1c0a-OSL
X-Firefox-Spdy: h2

theprostatecurse.com/research/?s1=434&s2=7552_sessid20220926223333218&s3=&s4=&crtv_id=2387&affId=68&c1=434&c3=131571764

172.66.43.107

200 OK

0 B

URL HTTP/2
theprostatecurse.com/research/?s1=434&s2=7552_sessid20220926223333218&s3=&s4=&crtv_id=2387&affId=68&c1=434&c3=131571764
IP
172.66.43.107:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /research/?s1=434&s2=7552_sessid20220926223333218&s3=&s4=&crtv_id=2387&affId=68&c1=434&c3=131571764 HTTP/1.1
Host: theprostatecurse.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: _ga=GA1.2.1849269257.1664226756; _gid=GA1.2.1729124119.1664226756
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
date: Mon, 26 Sep 2022 22:33:32 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=4aa7935a9ab2b2b1a97909ae51774a3a; path=/
looked=yes; expires=Mon, 26-Sep-2022 23:33:31 GMT; Max-Age=3600
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 750f7637098d0b45-OSL
content-encoding: br
X-Firefox-Spdy: h2

theprostatecurse.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

172.66.43.107

200 OK

0 B

URL HTTP/2
theprostatecurse.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
IP
172.66.43.107:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js HTTP/1.1
Host: theprostatecurse.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://theprostatecurse.com/research/?s1=434&s2=7552_sessid20220926223333218&s3=&s4=&crtv_id=2387&affId=68&c1=434&c3=131571764
Cookie: _ga=GA1.2.1849269257.1664226756; _gid=GA1.2.1729124119.1664226756; PHPSESSID=4aa7935a9ab2b2b1a97909ae51774a3a
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 26 Sep 2022 22:33:32 GMT
content-type: application/javascript
last-modified: Mon, 26 Sep 2022 11:11:52 GMT
etag: W/"633188f8-302c"
vary: Accept-Encoding
server: cloudflare
cf-ray: 750f76390af90b45-OSL
x-frame-options: DENY
x-content-type-options: nosniff
expires: Wed, 28 Sep 2022 22:33:32 GMT
cache-control: max-age=172800, public
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (11)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP