lifestylee.me/kickstart-crocs-adds-more-to-its-colorful-shoes/
104.21.62.220301 Moved Permanently 185 B URL HTTP/1.1 lifestylee.me/kickstart-crocs-adds-more-to-its-colorful-shoes/
IP 104.21.62.220:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4c555068310076e85908835c721911f5
9ec990aabb4391e139034f68e5e657e0f1d0b74d
568b4de0ad30e85670e724dc30ccb675924353b77807356c5ad7f29c8c38f510
GET /kickstart-crocs-adds-more-to-its-colorful-shoes/ HTTP/1.1
Host: lifestylee.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Tue, 20 Sep 2022 23:04:26 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://lifestylee.me/kickstart-crocs-adds-more-to-its-colorful-shoes/
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ckF9eUXpDW%2BiPKxVUQyhjHFzivYQflc3BKugq%2BdsXOZXnIDCvb33RjJuunjscQYNYC55gvPE5cqRCnigIzKQeGhVdj%2Be1NqwtxMnOxPO%2BfpoBv8GVELiIegGJz64jWwU"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74de333f7a25fac0-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a26d0784548ecab22f417f3d689daf23
8893b79366bbadeb5c8d587b8f023e310694df1c
35baaae7b3ce3110ebb2b075881cfab55ecf3eab57d834283fd18ac691b41fa2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "35BAAAE7B3CE3110EBB2B075881CFAB55ECF3EAB57D834283FD18AC691B41FA2"
Last-Modified: Tue, 20 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10784
Expires: Wed, 21 Sep 2022 02:04:11 GMT
Date: Tue, 20 Sep 2022 23:04:27 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
143.204.55.35200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.35:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 804f8bbb7f556d51a5f52d5ebd5b6eef
922cd7e06df278615a04abb81d811d14596c8180
ef4804d381a34ab67873a7755621081c49c646310e085a9b2356ae07098f6021
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Length, Backoff, Retry-After, Content-Type
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 20 Sep 2022 22:13:18 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 71c98156ae29b36a903974f9dd2568f8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: o7OW7tab8ui24vtyyjUOt7IaSKzm0u-HrBdA3j9eOfVb4hS2Oy9W4Q==
Age: 3068
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
143.204.55.49200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 143.204.55.49:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Tue, 20 Sep 2022 04:35:14 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 6cb1d4b545e7beb4ead790454f4807c6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: dg88mbZOd9d2WveYkF76kiM_0fIxPaNjMtQ_Yqrs87BoFw9j0YutYQ==
age: 66554
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 20 Sep 2022 23:04:27 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ef5c2b2e653ad2d6d1ca3296a5182218
bbf691edd81979fd74e8493e14946a15557d1163
001c474612133e2b99306e0f95a2171b9adf9b8d96890407bcb53d772b5c189d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "001C474612133E2B99306E0F95A2171B9ADF9B8D96890407BCB53D772B5C189D"
Last-Modified: Mon, 19 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2060
Expires: Tue, 20 Sep 2022 23:38:47 GMT
Date: Tue, 20 Sep 2022 23:04:27 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c0990949a5454b83abb00f8071d07444
d06ad8d8862819df00ecbe94978ec53d9fcd3397
e34c22588917b277439143652d9c459509d08835d8b7adaaded151db2c71313d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E34C22588917B277439143652D9C459509D08835D8B7ADAADED151DB2C71313D"
Last-Modified: Tue, 20 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12152
Expires: Wed, 21 Sep 2022 02:26:59 GMT
Date: Tue, 20 Sep 2022 23:04:27 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 29b25c91b33ac84ed7719c73d6c9f019
bac21a8629d51bb5acf2a06c7f23fd9104b0a67e
27a55ca322c5df98656f1758d6c1f2f3a67c1655e5bab31604ae0b2b06c468d3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "27A55CA322C5DF98656F1758D6C1F2F3A67C1655E5BAB31604AE0B2B06C468D3"
Last-Modified: Mon, 19 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1152
Expires: Tue, 20 Sep 2022 23:23:39 GMT
Date: Tue, 20 Sep 2022 23:04:27 GMT
Connection: keep-alive
ads.themoneytizer.com/s/gen.js?type=6
185.76.9.24200 OK 19 kB URL HTTP/2 ads.themoneytizer.com/s/gen.js?type=6
IP 185.76.9.24:0
ASN #60068 Datacamp Limited
File type ASCII text, with very long lines (2659)
Hash 45dfff1a26dfd96ebfb4c54e49d4b929
118b7e8964fc3fb47c3c3d58dad90b773af416f8
a8b25f354c15d12965988440691ecb56cdd8518413d3387cf48849e40adfb830
GET /s/gen.js?type=6 HTTP/1.1
Host: ads.themoneytizer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lifestylee.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 23:04:27 GMT
content-type: text/html; charset=UTF-8
cache-control: max-age=86400
x-accel-expires: @1663732861
server: CDN77-Turbo
x-77-nzt: AblMCRTS8rn//gsBAA
x-77-nzt-ray: iFA7gOk47Ko
x-cache: HIT
x-age: 68606
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 12234b751fab092308d6b8e373d72e1e
e5d3be63351a0890f9d96084f66a4568a0ffaea6
4c26b9ff6601c0727211c69ab3529f6d7998b5f54b9a8d1c2bbd47bc782c2d1e
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "4C26B9FF6601C0727211C69AB3529F6D7998B5F54B9A8D1C2BBD47BC782C2D1E"
Last-Modified: Sun, 18 Sep 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18699
Expires: Wed, 21 Sep 2022 04:16:06 GMT
Date: Tue, 20 Sep 2022 23:04:27 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.35200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.35:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Tue, 20 Sep 2022 23:03:22 GMT
Cache-Control: max-age=3600
Expires: Tue, 20 Sep 2022 23:32:46 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 80d21802b1b80c40e55ccf83433b8eac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: d5VuzsgZ2gsQCktcriAq8N6-zXaj9fexkS3eTxRox8o0WdCbDaqcCw==
Age: 65
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 00b89a66f5a5a7368f360ec4e819c64c
687a5bf125154812b8af18f47769a5a439efaf7a
a4827d12f6d3d0531b6269131249fac5519811aef87824802eb167ba8768b2a6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 23:04:27 GMT
Server: ECS (amb/6BB6)
Content-Length: 279
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 12234b751fab092308d6b8e373d72e1e
e5d3be63351a0890f9d96084f66a4568a0ffaea6
4c26b9ff6601c0727211c69ab3529f6d7998b5f54b9a8d1c2bbd47bc782c2d1e
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "4C26B9FF6601C0727211C69AB3529F6D7998B5F54B9A8D1C2BBD47BC782C2D1E"
Last-Modified: Sun, 18 Sep 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18699
Expires: Wed, 21 Sep 2022 04:16:06 GMT
Date: Tue, 20 Sep 2022 23:04:27 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 0537015b8449812eb0000acf28c5871d
8a5d6bc625228d2c3e0d9774ad908800dd3bb529
c72a4320ede5c45cd783dcfe33748de6fee083aa900f8a9805d75a857b9b94e9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C72A4320EDE5C45CD783DCFE33748DE6FEE083AA900F8A9805D75A857B9B94E9"
Last-Modified: Mon, 19 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13957
Expires: Wed, 21 Sep 2022 02:57:04 GMT
Date: Tue, 20 Sep 2022 23:04:27 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 00b89a66f5a5a7368f360ec4e819c64c
687a5bf125154812b8af18f47769a5a439efaf7a
a4827d12f6d3d0531b6269131249fac5519811aef87824802eb167ba8768b2a6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 0
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 23:04:27 GMT
Last-Modified: Tue, 20 Sep 2022 23:04:27 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 279
glimtors.net/zone?pub=0&zone_id=3156533&is_mobile=false&domain=lifestylee.me&var=&ymid=&var_3=
139.45.197.251200 OK 705 B URL HTTP/2 glimtors.net/zone?pub=0&zone_id=3156533&is_mobile=false&domain=lifestylee.me&var=&ymid=&var_3=
IP 139.45.197.251:0
File type JSON data\012- , ASCII text, with very long lines (704)
Hash c4af200264852384f1949cb35b2d7917
89318e24c6366d30a7cbc3d94fad89f77715964a
72bd618e40f22d20c1ba41ec23b2f24f1479bbbfe19da157db6eff6fa3550dba
Analyzer Verdict Alert quad9 Sinkholed
GET /zone?pub=0&zone_id=3156533&is_mobile=false&domain=lifestylee.me&var=&ymid=&var_3= HTTP/1.1
Host: glimtors.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lifestylee.me/
Origin: https://lifestylee.me
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Sep 2022 23:04:27 GMT
content-type: application/json; charset=utf-8
content-length: 705
x-trace-id: a86dbcede69cce5a23bb98a15b685de1
access-control-allow-origin: https://lifestylee.me
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 312 B IP 93.184.220.29:0
Hash a33a07b90e2ef57eaf9c943cb3245cd4
b6659821ca39aa637a987ba147e974892fc50466
4d9d1c0b2f57ecf6e4310e8bd407fe4bf4b2c78f04e55806980399084975d745
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1835
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 23:04:27 GMT
Last-Modified: Tue, 20 Sep 2022 22:33:52 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 312
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f02872d05f40d8bac8d36f952dad468d
72dbd4cfa723fd78309689b545844317918715d5
65566df0f39826a7de4784d7358d9e6db4069efa79f1401995d96d2b7365b858
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "65566DF0F39826A7DE4784D7358D9E6DB4069EFA79F1401995D96D2B7365B858"
Last-Modified: Tue, 20 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14472
Expires: Wed, 21 Sep 2022 03:05:39 GMT
Date: Tue, 20 Sep 2022 23:04:27 GMT
Connection: keep-alive
ads.themoneytizer.com/moneybid7_15/build/dist/prebid.js
185.76.9.24200 OK 171 kB URL HTTP/2 ads.themoneytizer.com/moneybid7_15/build/dist/prebid.js
IP 185.76.9.24:0
ASN #60068 Datacamp Limited
File type ASCII text, with very long lines (64106)
Size 171 kB (171447 bytes)
Hash c6927e69619a51ad96545f91c16a4c75
f47a5a043679e18e744d726e503eb7b7b60b9d68
e74a2471ec7d77dff41829e42f63a04fd190a01f520cdb22125cc414a1602abd
GET /moneybid7_15/build/dist/prebid.js HTTP/1.1
Host: ads.themoneytizer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lifestylee.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 23:04:27 GMT
content-type: application/javascript
last-modified: Wed, 14 Sep 2022 18:37:57 GMT
etag: W/"63221f85-9ec73"
pragma: public
x-accel-expires: @1664683261
server: CDN77-Turbo
x-77-nzt: AblMCRQZuyn//gsBAA
x-77-nzt-ray: Iif0xZvKxoI
x-cache: HIT
x-age: 68606
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f02872d05f40d8bac8d36f952dad468d
72dbd4cfa723fd78309689b545844317918715d5
65566df0f39826a7de4784d7358d9e6db4069efa79f1401995d96d2b7365b858
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "65566DF0F39826A7DE4784D7358D9E6DB4069EFA79F1401995D96D2B7365B858"
Last-Modified: Tue, 20 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14472
Expires: Wed, 21 Sep 2022 03:05:39 GMT
Date: Tue, 20 Sep 2022 23:04:27 GMT
Connection: keep-alive
quantcast.mgr.consensu.org/choice/6Fv0cGNfc_bw8/www.themoneytizer.com/choice.js
143.204.55.17200 OK 1.2 kB URL HTTP/2 quantcast.mgr.consensu.org/choice/6Fv0cGNfc_bw8/www.themoneytizer.com/choice.js
IP 143.204.55.17:0
File type ASCII text, with very long lines (1834)
Hash f5d87253e4f4e0fb72ee0e039127e236
d6dbf806d19d545605be2c87174d917e3b81a7de
ae40fbe2a50e106af968270aa1d8452a8b18e3186303602cf5400dff26754642
GET /choice/6Fv0cGNfc_bw8/www.themoneytizer.com/choice.js HTTP/1.1
Host: quantcast.mgr.consensu.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lifestylee.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
last-modified: Tue, 28 Jun 2022 13:53:56 GMT
x-amz-server-side-encryption: AES256
server: AmazonS3
cross-origin-resource-policy: cross-origin
content-encoding: br
date: Tue, 20 Sep 2022 23:04:27 GMT
cache-control: max-age=900
etag: W/"c53bd785b1ee57b613221019d7d72626"
vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin,Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 410f51195842d9b592b15d6588c36654.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: AFU2VIT--jdwG2veFk3ZvrWlpUrK-pZ2rEiePQjOuKIdjWQa9ZVSsw==
age: 16
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash edf07cd621f733b0eb50c632387ebf4f
61a082d26501c2c8d481b1676d0de2e585269613
e5c4324e4c55824b86f48bf0b9a1d317a82e7d3c19bdea7a91d78ce98d68a980
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5019
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 23:04:27 GMT
Last-Modified: Tue, 20 Sep 2022 21:40:48 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471
dodurantom.com/5/2632704
139.45.197.239200 OK 23 kB IP 139.45.197.239:0
File type ASCII text, with very long lines (62312), with no line terminators
Hash 9047efc5a0c180f9f51c1eb6549effa6
37d8036c143e10058f0e6ce10c7c7f7bf897d698
49677684dc9c06b512bd07b59817b9a7ab2e2e6f102394e1cedfcffa320a0853
Analyzer Verdict Alert quad9 Sinkholed
GET /5/2632704 HTTP/1.1
Host: dodurantom.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lifestylee.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 20 Sep 2022 23:04:27 GMT
content-type: application/javascript
x-trace-id: 8e1c7fb784c9b596361c22ac2ac2acf5
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=946ebaaf7d75436ebe039102ab1ac179; expires=Wed, 20 Sep 2023 23:04:27 GMT; path=/; secure; SameSite=None
oaidts=1663715067; expires=Wed, 20 Sep 2023 23:04:27 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 90d2cadd83f7df5d24056645953bd498
dad7e65c851c3ac044b8bd4fa396d5a5ff47cc6d
b751443b3d94ef56e0aa043f639b4c9132630556fb6f8d13ef926a9a13fd7fd6
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 20 Sep 2022 23:04:27 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 20 Sep 2022 00:12:00 GMT
Expires: Tue, 27 Sep 2022 00:11:59 GMT
Etag: "dad7e65c851c3ac044b8bd4fa396d5a5ff47cc6d"
Cache-Control: max-age=521851,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74de33469d16b4fd-OSL
lifestylee.me/kickstart-crocs-adds-more-to-its-colorful-shoes/
172.67.139.210200 OK 66 kB URL HTTP/2 lifestylee.me/kickstart-crocs-adds-more-to-its-colorful-shoes/
IP 172.67.139.210:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (62513)
Hash e473d2fb7328e7ed8925a76a8ceb87d0
576a20e8c84f2f6adc37ccbc57cad5c1b83dd6f3
67cf3e83647f9a44abf2020dcd78a14834113cbc4a84993a3150174a19ebae81
GET /kickstart-crocs-adds-more-to-its-colorful-shoes/ HTTP/1.1
Host: lifestylee.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Tue, 20 Sep 2022 23:04:27 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding, Cookie
cache-control: max-age=3, must-revalidate
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rPwTfh4QWQjcCMfK3KIP6rfWD4o6Z4m3WoNFiEVauJuWKWQysEYEYnMIFZ2HaTnyC5LF1xceRSm7HA8iQxmTxQbTHbEgbfLpUNgyb98FaFn%2BxQPPnbtzAqrxXXE9A%2Bm2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74de33415a591c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
p.cpx.to/p/12761/px.js
54.155.193.90200 OK 2.0 kB IP 54.155.193.90:0
File type ASCII text, with very long lines (1990), with no line terminators
Hash 226a375bccdd05556ab6cb685658df34
1fc40ba22840e55e412374080348f799518f28f2
309f9e2fb5a81f1cf516723a0dd4fb6ad24dbd7c9d919f8f5c35f3013d7aee95
GET /p/12761/px.js HTTP/1.1
Host: p.cpx.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lifestylee.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=2419200, public
Content-Type: application/javascript; charset=UTF-8
Date: Tue, 20 Sep 2022 23:04:27 GMT
Content-Length: 1990
Connection: keep-alive
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 75925b52065e8c40d078aee85c947946
72219bfe4412de462135af38de924431a60cd5f5
e4931e694c717412c066464f1c206f1049ebe3fa70270dd550c84129e49b68bb
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 20 Sep 2022 23:04:28 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 19 Sep 2022 06:25:21 GMT
Expires: Mon, 26 Sep 2022 06:25:20 GMT
Etag: "72219bfe4412de462135af38de924431a60cd5f5"
Cache-Control: max-age=457851,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74de33462c820b31-OSL
dodurantom.com/1?z=3846473
139.45.197.239200 OK 3.6 kB URL HTTP/2 dodurantom.com/1?z=3846473
IP 139.45.197.239:0
Hash 144fef2c239c58875d23787fb4f5b51a
23206930bbb9ebe7b0372cebc92711bae28d7047
5d2f6a46f23771e9d9b68863ac79935b8f385cc4a545bb64e606e724bee031ae
Analyzer Verdict Alert quad9 Sinkholed
GET /1?z=3846473 HTTP/1.1
Host: dodurantom.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lifestylee.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 20 Sep 2022 23:04:27 GMT
content-type: text/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 0d234f04d410aad023c6b1daa5ea72fe
access-control-expose-headers: X-Sc
x-sc: PdJWbTvPlbrM2wVcuVY2h2lT5HQ-InBJO9Kvm0LO3j4f3erqS6XWNsLMgpP0RCP33OMc3UX0tgxttNj4-ST_7AOhyn8=
set-cookie: scm=1; expires=Wed, 20 Sep 2023 23:04:27 GMT; secure; SameSite=None
OAID=f4e9a3a748a048af9ed42dc65c40b45e; expires=Wed, 20 Sep 2023 23:04:27 GMT; secure; SameSite=None
oaidts=1663715067; expires=Wed, 20 Sep 2023 23:04:27 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a5675732f990644e90c6338568bdde06
7689cdafb74449a3346af7afbcff0301bd423d84
4b35cd3b1feca808bd2c04d61f43b1878912120224f9f107b619f7af23e9d21b
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "4B35CD3B1FECA808BD2C04D61F43B1878912120224F9F107B619F7AF23E9D21B"
Last-Modified: Mon, 19 Sep 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8057
Expires: Wed, 21 Sep 2022 01:18:45 GMT
Date: Tue, 20 Sep 2022 23:04:28 GMT
Connection: keep-alive
glimtors.net/custom
139.45.197.251200 OK 0 B IP 139.45.197.251:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
OPTIONS /custom HTTP/1.1
Host: glimtors.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://lifestylee.me/
Origin: https://lifestylee.me
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Sep 2022 23:04:28 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://lifestylee.me
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a5675732f990644e90c6338568bdde06
7689cdafb74449a3346af7afbcff0301bd423d84
4b35cd3b1feca808bd2c04d61f43b1878912120224f9f107b619f7af23e9d21b
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "4B35CD3B1FECA808BD2C04D61F43B1878912120224F9F107B619F7AF23E9D21B"
Last-Modified: Mon, 19 Sep 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8057
Expires: Wed, 21 Sep 2022 01:18:45 GMT
Date: Tue, 20 Sep 2022 23:04:28 GMT
Connection: keep-alive
ads.themoneytizer.com/s/gen.js?type=2
185.76.9.24200 OK 2.4 kB URL HTTP/2 ads.themoneytizer.com/s/gen.js?type=2
IP 185.76.9.24:0
ASN #60068 Datacamp Limited
File type ASCII text, with very long lines (2659)
Hash 6122cfe97b00bcfc85247ae4120e4b02
7620da6419a5d8289f64c249e4a5a8107f0fa6a1
38c3b9d37ba48a7ca808296d2f9cba9796b4293ab8c49ab5c49caaecd6e9b597
GET /s/gen.js?type=2 HTTP/1.1
Host: ads.themoneytizer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lifestylee.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Sep 2022 23:04:27 GMT
content-type: text/html; charset=UTF-8
cache-control: public, max-age=86400
x-accel-expires: @1663732860
server: CDN77-Turbo
x-77-nzt: AblMCRQqxdn//wsBAA
x-77-nzt-ray: /8f0R3Ouu7A
x-cache: HIT
x-age: 68607
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
borrowdefeat.com/16/63/45/16634562c53f547c47deb1db0259b76a.js
192.243.59.13200 OK 20 kB URL HTTP/1.1 borrowdefeat.com/16/63/45/16634562c53f547c47deb1db0259b76a.js
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (59885)
Hash a4e858d84c2cb5cec57e7521da1bb399
0bf11c6e563c5f96443a309308c9b53135fa4596
e1939868699c2e1880eb82a649267489447daca7dae132170f1ff88443de449d
Analyzer Verdict Alert quad9 Sinkholed
GET /16/63/45/16634562c53f547c47deb1db0259b76a.js HTTP/1.1
Host: borrowdefeat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lifestylee.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Tue, 20 Sep 2022 23:04:28 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: 4b4e7ab587d59b22ad7bcd2439afc363_hd-28118_1=1; expires=Wed, 28 Sep 2022 23:04:28 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: fed1ee81632cc9914a04495aceb0c4db
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
borrowdefeat.com/e3/9e/6d/e39e6de78434e75a812da1a674f8e022.js
192.243.59.13200 OK 13 kB URL HTTP/1.1 borrowdefeat.com/e3/9e/6d/e39e6de78434e75a812da1a674f8e022.js
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (37127), with no line terminators
Hash 5284a10250d94b421d1f9ffd931673cc
59c4d2a5713170ec7887f1a252abd8a6717cf8e6
5114aaf37921a25ba30bae41950b940b30851b558ded5b85b1f9b00f5b57fae9
Analyzer Verdict Alert quad9 Sinkholed
GET /e3/9e/6d/e39e6de78434e75a812da1a674f8e022.js HTTP/1.1
Host: borrowdefeat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lifestylee.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Tue, 20 Sep 2022 23:04:28 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a0068610a4b4767a9a84ca90836123fd
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
push.services.mozilla.com/
35.80.131.74101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.80.131.74:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: DMtuIt/bim3Xijc/sd9Trg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 4PhtZWP///00kQGIOziYfE74Gzg=
dodurantom.com/tag.min.js
139.45.197.239200 OK 33 kB URL HTTP/2 dodurantom.com/tag.min.js
IP 139.45.197.239:0
File type ASCII text, with very long lines (10398)
Hash bd17da798e16fc0d7f6a876f156536d4
a6bb1ed1a797d40414e93d7b0c3ff2d8a898e3a3
f4f54c03fc84a000470918f798fc1f1abd3c85e2788a4f175873aa7b548f06ab
Analyzer Verdict Alert quad9 Sinkholed
GET /tag.min.js HTTP/1.1
Host: dodurantom.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lifestylee.me/
Cookie: OAID=f4e9a3a748a048af9ed42dc65c40b45e; oaidts=1663715067; scm=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Sep 2022 23:04:28 GMT
content-type: text/javascript; charset=utf-8
content-length: 22984
content-encoding: br
x-trace-id: 4a8f54381da8f46cf2d32c1508d28f54
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
accept-ranges: bytes
last-modified: Tue, 20 Sep 2022 08:55:35 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 737cc6f4b8c7d91c15f348a27d8322ec
5b99cbda2ec6f3ff0b8b9115bd8ba096db9ce4f1
685c08333c217cd90d1742bc7d1ab85801ed350e4f5189e575dac285156128eb
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "685C08333C217CD90D1742BC7D1AB85801ED350E4F5189E575DAC285156128EB"
Last-Modified: Mon, 19 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5446
Expires: Wed, 21 Sep 2022 00:35:14 GMT
Date: Tue, 20 Sep 2022 23:04:28 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 0528286dace12ef154588bb423e5877c
01494fb0d18b32da2d1f80d37cef4420c0506c5d
39c8eb46e99b438b8c912728eb96977e932ef6ff8da39294beaa2fa8df1921b0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4169
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 23:04:28 GMT
Last-Modified: Tue, 20 Sep 2022 21:54:59 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 279
dodurantom.com/42/38?z=3846473
139.45.197.239200 OK 0 B URL HTTP/2 dodurantom.com/42/38?z=3846473
IP 139.45.197.239:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /42/38?z=3846473 HTTP/1.1
Host: dodurantom.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lifestylee.me/
Cookie: OAID=f4e9a3a748a048af9ed42dc65c40b45e; oaidts=1663715067; scm=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Sep 2022 23:04:28 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 544e6398a4df8973c2fef1c019c44fb6
access-control-expose-headers: X-Sc
set-cookie: OAID=f4e9a3a748a048af9ed42dc65c40b45e; expires=Wed, 20 Sep 2023 23:04:28 GMT; secure; SameSite=None
oaidts=1663715067; expires=Wed, 20 Sep 2023 23:04:28 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
c.tmyzer.com/c/?s=72277&f=2&fi=99
54.38.64.100200 OK 0 B URL HTTP/1.1 c.tmyzer.com/c/?s=72277&f=2&fi=99
IP 54.38.64.100:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /c/?s=72277&f=2&fi=99 HTTP/1.1
Host: c.tmyzer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lifestylee.me
Connection: keep-alive
Referer: https://lifestylee.me/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 20 Sep 2022 23:02:46 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Access-Control-Allow-Origin: *
X-IPLB-Request-ID: 5B5A2A9A:A6F0_36264064:01BB_632A46FB_1D04C634:1CE6B
X-IPLB-Instance: 38432
ocsp.sca1b.amazontrust.com/
54.230.245.118200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.118:0
Hash f4c9b7ff62fa66a4f516525d8c8ca467
6c113f795d7ca72bacf3c1712d0d6dd2ad86c274
300442f861166c3ba6bdc82beaea50023343d05c1ba38f90450107870e63511b
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Tue, 20 Sep 2022 23:04:28 GMT
Last-Modified: Tue, 20 Sep 2022 22:30:31 GMT
Server: ECS (nyb/1D20)
X-Cache: Miss from cloudfront
Via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: qmxEeh4DReKBUPZ-Uaou2JmiXFl4E72FkhUsZfjx0qZPOPhwj7Ra6Q==
Age: 2037
ocsp.sca1b.amazontrust.com/
54.230.245.118200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.118:0
Hash f4c9b7ff62fa66a4f516525d8c8ca467
6c113f795d7ca72bacf3c1712d0d6dd2ad86c274
300442f861166c3ba6bdc82beaea50023343d05c1ba38f90450107870e63511b
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Tue, 20 Sep 2022 23:04:28 GMT
Last-Modified: Tue, 20 Sep 2022 21:25:54 GMT
Server: ECS (nyb/1D23)
X-Cache: Miss from cloudfront
Via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: mdv9IkBV9SGiJ2qO2kInq-o2MUp2gQwUARcOyIy0BMXAYpCNVj-bXQ==
Age: 5914
simplewebanalysis.com/stats
35.158.153.212200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 35.158.153.212:0
File type ASCII text, with no line terminators
Hash 7beb2a820e3510b1557a5c1dc9aab27d
830693f40bff83eaa57cdbd3ce4f86db91e8a8bd
11778f9ad8ff8e445a9f2d94901a5b1b43ffc132afb3c236047cf731c4c29f45
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lifestylee.me
Connection: keep-alive
Referer: https://lifestylee.me/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Sep 2022 23:04:28 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://lifestylee.me
access-control-allow-credentials: true
set-cookie: uid_id2=69968414-89c9-4f19-9821-0dc235a43d37:3:1; expires=Fri, 17 Sep 2032 23:04:28 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
simplewebanalysis.com/stats
35.158.153.212200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 35.158.153.212:0
File type ASCII text, with no line terminators
Hash dae3f16bc05f142b40bd6e914ec666e7
6f1838252881f511029b85e63649e3cb84de39c5
b0bb16bf3c2deab8a2b6e16f652255666d70f6b4794a0d6129a752c4c6763125
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lifestylee.me
Connection: keep-alive
Referer: https://lifestylee.me/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Sep 2022 23:04:28 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://lifestylee.me
access-control-allow-credentials: true
set-cookie: uid_id2=851e212b-e155-47e8-804e-66d45ab1762d:3:1; expires=Fri, 17 Sep 2032 23:04:28 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 737cc6f4b8c7d91c15f348a27d8322ec
5b99cbda2ec6f3ff0b8b9115bd8ba096db9ce4f1
685c08333c217cd90d1742bc7d1ab85801ed350e4f5189e575dac285156128eb
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "685C08333C217CD90D1742BC7D1AB85801ED350E4F5189E575DAC285156128EB"
Last-Modified: Mon, 19 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5446
Expires: Wed, 21 Sep 2022 00:35:14 GMT
Date: Tue, 20 Sep 2022 23:04:28 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 720e784d6ac0ec89b38dfb4e62551fd9
348e51e3537a30ffd6705d4e73f909370ec4ebbf
8422993f19e1a2a6f0e37070ac11d1ccbe538e755cbed4e2fde2e97e1850166d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8422993F19E1A2A6F0E37070AC11D1CCBE538E755CBED4E2FDE2E97E1850166D"
Last-Modified: Sun, 18 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5713
Expires: Wed, 21 Sep 2022 00:39:41 GMT
Date: Tue, 20 Sep 2022 23:04:28 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 0528286dace12ef154588bb423e5877c
01494fb0d18b32da2d1f80d37cef4420c0506c5d
39c8eb46e99b438b8c912728eb96977e932ef6ff8da39294beaa2fa8df1921b0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4169
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 23:04:28 GMT
Last-Modified: Tue, 20 Sep 2022 21:54:59 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 279
dodurantom.com/9?z=3846473&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Flifestylee.me%2Fkickstart-crocs-adds-more-to-its-colorful-shoes%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&oaid=946ebaaf7d75436ebe039102ab1ac179
139.45.197.239204 No Content 0 B URL HTTP/2 dodurantom.com/9?z=3846473&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Flifestylee.me%2Fkickstart-crocs-adds-more-to-its-colorful-shoes%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&oaid=946ebaaf7d75436ebe039102ab1ac179
IP 139.45.197.239:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /9?z=3846473&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Flifestylee.me%2Fkickstart-crocs-adds-more-to-its-colorful-shoes%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&oaid=946ebaaf7d75436ebe039102ab1ac179 HTTP/1.1
Host: dodurantom.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://lifestylee.me/
Origin: https://lifestylee.me
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Tue, 20 Sep 2022 23:04:28 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://lifestylee.me
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
a-waiting.com/j/m/i.js?v33333334344445345343353452
104.21.41.138200 OK 19 kB URL HTTP/2 a-waiting.com/j/m/i.js?v33333334344445345343353452
IP 104.21.41.138:0
File type ASCII text, with very long lines (59070), with no line terminators
Hash 5c1253b012e1adf4a67bf132ceb14b17
f49216fab66759a7edb5f50c47e76ad6e31abbb4
b26ff7d1ac4f69da1d7e82242bb803172d0ccc82499983d44501f7558cbfb812
GET /j/m/i.js?v33333334344445345343353452 HTTP/1.1
Host: a-waiting.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lifestylee.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Sep 2022 23:04:27 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Thu, 08 Sep 2022 13:15:15 GMT
etag: W/"6319eae3-e6be"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 1066907
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iQ4n0QV5J5hVPRRN4pOWDdHeNnyLUxswDjmVPepStsiWsPpW36mPtT2W3nZCCLWe%2Fs2gR4gQESh5fEJRPEWxPiQV0tprQ145XCkfngsXlMO50UpCFn93lB670p9GiZoK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74de33456c3bb4ff-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
dodurantom.com/9?z=3846473&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Flifestylee.me%2Fkickstart-crocs-adds-more-to-its-colorful-shoes%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&oaid=946ebaaf7d75436ebe039102ab1ac179
139.45.197.239200 OK 3.1 kB URL HTTP/2 dodurantom.com/9?z=3846473&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Flifestylee.me%2Fkickstart-crocs-adds-more-to-its-colorful-shoes%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&oaid=946ebaaf7d75436ebe039102ab1ac179
IP 139.45.197.239:0
Hash 81df478eb56df9a769a49bbbe5f05a4c
9e29a6f7c1303fa7a309afc31e1d8fe57e081de0
9447f3ba55e377b4047756c190b5577e539f3013251ab717c7c52a242867a237
Analyzer Verdict Alert quad9 Sinkholed
POST /9?z=3846473&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Flifestylee.me%2Fkickstart-crocs-adds-more-to-its-colorful-shoes%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&oaid=946ebaaf7d75436ebe039102ab1ac179 HTTP/1.1
Host: dodurantom.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 107
Origin: https://lifestylee.me
Connection: keep-alive
Referer: https://lifestylee.me/
Cookie: OAID=f4e9a3a748a048af9ed42dc65c40b45e; oaidts=1663715067; scm=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Sep 2022 23:04:28 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-origin: https://lifestylee.me
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: cf3510ba3b1c8f6079fbdd20e6814627
access-control-expose-headers: X-Sc
set-cookie: OAID=946ebaaf7d75436ebe039102ab1ac179; expires=Wed, 20 Sep 2023 23:04:28 GMT; secure; SameSite=None
oaidts=1663715067; expires=Wed, 20 Sep 2023 23:04:28 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
bedrapiona.com/5/3156542/?oo=1&js_build=iclick-v1.429.0
139.45.197.234200 OK 1.3 kB URL HTTP/2 bedrapiona.com/5/3156542/?oo=1&js_build=iclick-v1.429.0
IP 139.45.197.234:0
File type JSON data\012- , ASCII text, with very long lines (2763), with no line terminators
Hash 99445558fb41010c1cf7fe2d1427b391
7fa0aab237fecaf8c0eb87f6c239155962762fa1
0ce92e18612af67ee54bc656b1b5de9ee4a0c40ad3260e45e9d01392a5b94461
GET /5/3156542/?oo=1&js_build=iclick-v1.429.0 HTTP/1.1
Host: bedrapiona.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lifestylee.me
Connection: keep-alive
Referer: https://lifestylee.me/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 20 Sep 2022 23:04:28 GMT
content-type: application/json
x-trace-id: d1f27921e47e3acbaa03903a8db53cf4
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: https://lifestylee.me
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=2398a5b2cee44eb0ac38cfea880266bc; expires=Wed, 20 Sep 2023 23:04:28 GMT; path=/; secure; SameSite=None
oaidts=1663715068; expires=Wed, 20 Sep 2023 23:04:28 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 827c77f614af126d6d37c6492c130a39
49ce1e5c3d4c6b9eb900440086de9270726092d9
94caa5ee880b60f70790542c2a18926cda03b5f936cb15d72478b05487522fdd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94CAA5EE880B60F70790542C2A18926CDA03B5F936CB15D72478B05487522FDD"
Last-Modified: Sun, 18 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16586
Expires: Wed, 21 Sep 2022 03:40:54 GMT
Date: Tue, 20 Sep 2022 23:04:28 GMT
Connection: keep-alive
fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
139.45.195.254200 OK 12 B URL HTTP/1.1 fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
IP 139.45.195.254:0
File type JSON data\012- , ASCII text, with no line terminators
Hash adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed
Analyzer Verdict Alert quad9 Sinkholed
POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f HTTP/1.1
Host: fleraprt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lifestylee.me/
Content-Type: text/plain;charset=UTF-8
Origin: https://lifestylee.me
Content-Length: 1799
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Tue, 20 Sep 2022 23:04:44 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://lifestylee.me
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
dodurantom.com/11?rnd=1989765724&z=3846473&b=14566426&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=Eo0v9_QTmJRaBOAW5QQC_Z9btmK0FoTNnvk6fTuEjmVNSJ7yZQVHM4OdkGRuzohXYqTI6GHG5AM1v8cJEd7aZ75LI-YUNZ_xYSyLqFwqXDjOT8Ud40f3rDtpY_Jdph3Jcw_t4Ruup16J4-H1W06FamyXfuoXDomX6Ats_zGC7KMzyAuZ9NyxBC7fMPAP1zitPI1yg4dhQJiDH4m-uK_XsIBXjktDuwqqHb8pa61WqYdLz10aNVQx53_9VndVOReIt3rhzF3Z9UFz5Nfkd0fLgzfQLCp_Ugxw3lflcDbJctplnXyldIzUyyzrey3kdQqFReTtG-9I7pD_XsKQmc3tajE5-pSsAJxtV4iRbJCN0zLh13vEe83sLyY985pMoq-Mp-Q_k0NAAE_6U-pG55u6chTMvOyF3W3MyxIwAmw6H4r6SpS0KPkTLSN1EvOicK3sgz2NKDPtZCMYGnzbb_fHjMMU8LxiX8K7DVT7S3zx0-r-lYa1044MXkTjDe69BWXcMj3-32yKOquFucBruMr4PtPX4M9mpDlELFmxNJWOS9zLDhLy4yPnTPFlTMCgmE5-EMxj6ZPD8-Z2uzpC4OGFJgvOXMSKabZns0O71zaG2iqFZImbIA6DhvNg1oAbnTCtUFHbTzpj3p30wTqrmij1jQ==&ruid=9c2b4337-ff1c-40ce-9fba-8678d7fe50e5&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Flifestylee.me%2Fkickstart-crocs-adds-more-to-its-colorful-shoes%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&ot=137
139.45.197.239200 OK 0 B URL HTTP/2 dodurantom.com/11?rnd=1989765724&z=3846473&b=14566426&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=Eo0v9_QTmJRaBOAW5QQC_Z9btmK0FoTNnvk6fTuEjmVNSJ7yZQVHM4OdkGRuzohXYqTI6GHG5AM1v8cJEd7aZ75LI-YUNZ_xYSyLqFwqXDjOT8Ud40f3rDtpY_Jdph3Jcw_t4Ruup16J4-H1W06FamyXfuoXDomX6Ats_zGC7KMzyAuZ9NyxBC7fMPAP1zitPI1yg4dhQJiDH4m-uK_XsIBXjktDuwqqHb8pa61WqYdLz10aNVQx53_9VndVOReIt3rhzF3Z9UFz5Nfkd0fLgzfQLCp_Ugxw3lflcDbJctplnXyldIzUyyzrey3kdQqFReTtG-9I7pD_XsKQmc3tajE5-pSsAJxtV4iRbJCN0zLh13vEe83sLyY985pMoq-Mp-Q_k0NAAE_6U-pG55u6chTMvOyF3W3MyxIwAmw6H4r6SpS0KPkTLSN1EvOicK3sgz2NKDPtZCMYGnzbb_fHjMMU8LxiX8K7DVT7S3zx0-r-lYa1044MXkTjDe69BWXcMj3-32yKOquFucBruMr4PtPX4M9mpDlELFmxNJWOS9zLDhLy4yPnTPFlTMCgmE5-EMxj6ZPD8-Z2uzpC4OGFJgvOXMSKabZns0O71zaG2iqFZImbIA6DhvNg1oAbnTCtUFHbTzpj3p30wTqrmij1jQ==&ruid=9c2b4337-ff1c-40ce-9fba-8678d7fe50e5&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Flifestylee.me%2Fkickstart-crocs-adds-more-to-its-colorful-shoes%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&ot=137
IP 139.45.197.239:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /11?rnd=1989765724&z=3846473&b=14566426&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=Eo0v9_QTmJRaBOAW5QQC_Z9btmK0FoTNnvk6fTuEjmVNSJ7yZQVHM4OdkGRuzohXYqTI6GHG5AM1v8cJEd7aZ75LI-YUNZ_xYSyLqFwqXDjOT8Ud40f3rDtpY_Jdph3Jcw_t4Ruup16J4-H1W06FamyXfuoXDomX6Ats_zGC7KMzyAuZ9NyxBC7fMPAP1zitPI1yg4dhQJiDH4m-uK_XsIBXjktDuwqqHb8pa61WqYdLz10aNVQx53_9VndVOReIt3rhzF3Z9UFz5Nfkd0fLgzfQLCp_Ugxw3lflcDbJctplnXyldIzUyyzrey3kdQqFReTtG-9I7pD_XsKQmc3tajE5-pSsAJxtV4iRbJCN0zLh13vEe83sLyY985pMoq-Mp-Q_k0NAAE_6U-pG55u6chTMvOyF3W3MyxIwAmw6H4r6SpS0KPkTLSN1EvOicK3sgz2NKDPtZCMYGnzbb_fHjMMU8LxiX8K7DVT7S3zx0-r-lYa1044MXkTjDe69BWXcMj3-32yKOquFucBruMr4PtPX4M9mpDlELFmxNJWOS9zLDhLy4yPnTPFlTMCgmE5-EMxj6ZPD8-Z2uzpC4OGFJgvOXMSKabZns0O71zaG2iqFZImbIA6DhvNg1oAbnTCtUFHbTzpj3p30wTqrmij1jQ==&ruid=9c2b4337-ff1c-40ce-9fba-8678d7fe50e5&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Flifestylee.me%2Fkickstart-crocs-adds-more-to-its-colorful-shoes%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&ot=137 HTTP/1.1
Host: dodurantom.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lifestylee.me
Connection: keep-alive
Referer: https://lifestylee.me/
Cookie: OAID=946ebaaf7d75436ebe039102ab1ac179; oaidts=1663715067; scm=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Sep 2022 23:04:28 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://lifestylee.me
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: b7a40fb4301b70aaf6917358c3cb821a
access-control-expose-headers: X-Sc
set-cookie: OAID=946ebaaf7d75436ebe039102ab1ac179; expires=Wed, 20 Sep 2023 23:04:28 GMT; secure; SameSite=None
oaidts=1663715067; expires=Wed, 20 Sep 2023 23:04:28 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
inpagepush.com/500/3156537?excludes=&oaid=946ebaaf7d75436ebe039102ab1ac179&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Flifestylee.me%2Fkickstart-crocs-adds-more-to-its-colorful-shoes%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 0 B URL HTTP/2 inpagepush.com/500/3156537?excludes=&oaid=946ebaaf7d75436ebe039102ab1ac179&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Flifestylee.me%2Fkickstart-crocs-adds-more-to-its-colorful-shoes%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /500/3156537?excludes=&oaid=946ebaaf7d75436ebe039102ab1ac179&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Flifestylee.me%2Fkickstart-crocs-adds-more-to-its-colorful-shoes%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: inpagepush.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://lifestylee.me/
Origin: https://lifestylee.me
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 20 Sep 2022 23:04:28 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://lifestylee.me
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 70ed50a01e1a965a5b4701c987f20ba1
a9749323c124aad5ac3d185454013b1add3ba37c
aac04367a99a7a7b8c4b58a221efdae302fd96552a1c1ebc779af6807f244879
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AAC04367A99A7A7B8C4B58A221EFDAE302FD96552A1C1EBC779AF6807F244879"
Last-Modified: Sun, 18 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16336
Expires: Wed, 21 Sep 2022 03:36:44 GMT
Date: Tue, 20 Sep 2022 23:04:28 GMT
Connection: keep-alive
inediblepollingbuzz.com/pixel/purst?dl=0&th=0&sc=0&rs=1545&rd=1545&fd=809&bv=22.9.v.2&tmpl=70
192.243.59.13200 OK 0 B URL HTTP/1.1 inediblepollingbuzz.com/pixel/purst?dl=0&th=0&sc=0&rs=1545&rd=1545&fd=809&bv=22.9.v.2&tmpl=70
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=1545&rd=1545&fd=809&bv=22.9.v.2&tmpl=70 HTTP/1.1
Host: inediblepollingbuzz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lifestylee.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Tue, 20 Sep 2022 23:04:28 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
interstitial-07.com/?l=sefakiuwXmtTBGU&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fdodurantom.com%2F12%3Frnd%3D2053669377%26z%3D3846473%26b%3D14566426%26c%3D5990211%26var%3D%26d%3Dhttp%253A%252F%252Ftryhardnow.com%252Fbase.php%253Fc%253D350%2526key%253D2c1f9aa01554345b3025ac0d005c7bea%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DEo0v9_QTmJRaBOAW5QQC_Z9btmK0FoTNnvk6fTuEjmVNSJ7yZQVHM4OdkGRuzohXYqTI6GHG5AM1v8cJEd7aZ75LI-YUNZ_xYSyLqFwqXDjOT8Ud40f3rDtpY_Jdph3Jcw_t4Ruup16J4-H1W06FamyXfuoXDomX6Ats_zGC7KMzyAuZ9NyxBC7fMPAP1zitPI1yg4dhQJiDH4m-uK_XsIBXjktDuwqqHb8pa61WqYdLz10aNVQx53_9VndVOReIt3rhzF3Z9UFz5Nfkd0fLgzfQLCp_Ugxw3lflcDbJctplnXyldIzUyyzrey3kdQqFReTtG-9I7pD_XsKQmc3tajE5-pSsAJxtV4iRbJCN0zLh13vEe83sLyY985pMoq-Mp-Q_k0NAAE_6U-pG55u6chTMvOyF3W3MyxIwAmw6H4r6SpS0KPkTLSN1EvOicK3sgz2NKDPtZCMYGnzbb_fHjMMU8LxiX8K7DVT7S3zx0-r-lYa1044MXkTjDe69BWXcMj3-32yKOquFucBruMr4PtPX4M9mpDlELFmxNJWOS9zLDhLy4yPnTPFlTMCgmE5-EMxj6ZPD8-Z2uzpC4OGFJgvOXMSKabZns0O71zaG2iqFZImbIA6DhvNg1oAbnTCtUFHbTzpj3p30wTqrmij1jQ%3D%3D%26bag%3DrECJmtGDoFy5o1Vh6XUGUA%3D%3D%26ruid%3D9c2b4337-ff1c-40ce-9fba-8678d7fe50e5%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Flifestylee.me%252Fkickstart-crocs-adds-more-to-its-colorful-shoes%252F%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D2%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
139.45.197.152200 OK 25 kB URL HTTP/2 interstitial-07.com/?l=sefakiuwXmtTBGU&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fdodurantom.com%2F12%3Frnd%3D2053669377%26z%3D3846473%26b%3D14566426%26c%3D5990211%26var%3D%26d%3Dhttp%253A%252F%252Ftryhardnow.com%252Fbase.php%253Fc%253D350%2526key%253D2c1f9aa01554345b3025ac0d005c7bea%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DEo0v9_QTmJRaBOAW5QQC_Z9btmK0FoTNnvk6fTuEjmVNSJ7yZQVHM4OdkGRuzohXYqTI6GHG5AM1v8cJEd7aZ75LI-YUNZ_xYSyLqFwqXDjOT8Ud40f3rDtpY_Jdph3Jcw_t4Ruup16J4-H1W06FamyXfuoXDomX6Ats_zGC7KMzyAuZ9NyxBC7fMPAP1zitPI1yg4dhQJiDH4m-uK_XsIBXjktDuwqqHb8pa61WqYdLz10aNVQx53_9VndVOReIt3rhzF3Z9UFz5Nfkd0fLgzfQLCp_Ugxw3lflcDbJctplnXyldIzUyyzrey3kdQqFReTtG-9I7pD_XsKQmc3tajE5-pSsAJxtV4iRbJCN0zLh13vEe83sLyY985pMoq-Mp-Q_k0NAAE_6U-pG55u6chTMvOyF3W3MyxIwAmw6H4r6SpS0KPkTLSN1EvOicK3sgz2NKDPtZCMYGnzbb_fHjMMU8LxiX8K7DVT7S3zx0-r-lYa1044MXkTjDe69BWXcMj3-32yKOquFucBruMr4PtPX4M9mpDlELFmxNJWOS9zLDhLy4yPnTPFlTMCgmE5-EMxj6ZPD8-Z2uzpC4OGFJgvOXMSKabZns0O71zaG2iqFZImbIA6DhvNg1oAbnTCtUFHbTzpj3p30wTqrmij1jQ%3D%3D%26bag%3DrECJmtGDoFy5o1Vh6XUGUA%3D%3D%26ruid%3D9c2b4337-ff1c-40ce-9fba-8678d7fe50e5%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Flifestylee.me%252Fkickstart-crocs-adds-more-to-its-colorful-shoes%252F%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D2%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
IP 139.45.197.152:0
Hash a948d777033e98b7c8c4abcc30bf19d0
2c361efd643a604b449135886232918cdc69366c
689170915a744b0b0296f4957c039e5e0df3306e0e1b11f431df1d9a061e7258
GET /?l=sefakiuwXmtTBGU&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fdodurantom.com%2F12%3Frnd%3D2053669377%26z%3D3846473%26b%3D14566426%26c%3D5990211%26var%3D%26d%3Dhttp%253A%252F%252Ftryhardnow.com%252Fbase.php%253Fc%253D350%2526key%253D2c1f9aa01554345b3025ac0d005c7bea%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DEo0v9_QTmJRaBOAW5QQC_Z9btmK0FoTNnvk6fTuEjmVNSJ7yZQVHM4OdkGRuzohXYqTI6GHG5AM1v8cJEd7aZ75LI-YUNZ_xYSyLqFwqXDjOT8Ud40f3rDtpY_Jdph3Jcw_t4Ruup16J4-H1W06FamyXfuoXDomX6Ats_zGC7KMzyAuZ9NyxBC7fMPAP1zitPI1yg4dhQJiDH4m-uK_XsIBXjktDuwqqHb8pa61WqYdLz10aNVQx53_9VndVOReIt3rhzF3Z9UFz5Nfkd0fLgzfQLCp_Ugxw3lflcDbJctplnXyldIzUyyzrey3kdQqFReTtG-9I7pD_XsKQmc3tajE5-pSsAJxtV4iRbJCN0zLh13vEe83sLyY985pMoq-Mp-Q_k0NAAE_6U-pG55u6chTMvOyF3W3MyxIwAmw6H4r6SpS0KPkTLSN1EvOicK3sgz2NKDPtZCMYGnzbb_fHjMMU8LxiX8K7DVT7S3zx0-r-lYa1044MXkTjDe69BWXcMj3-32yKOquFucBruMr4PtPX4M9mpDlELFmxNJWOS9zLDhLy4yPnTPFlTMCgmE5-EMxj6ZPD8-Z2uzpC4OGFJgvOXMSKabZns0O71zaG2iqFZImbIA6DhvNg1oAbnTCtUFHbTzpj3p30wTqrmij1jQ%3D%3D%26bag%3DrECJmtGDoFy5o1Vh6XUGUA%3D%3D%26ruid%3D9c2b4337-ff1c-40ce-9fba-8678d7fe50e5%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Flifestylee.me%252Fkickstart-crocs-adds-more-to-its-colorful-shoes%252F%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D2%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0 HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lifestylee.me/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 20 Sep 2022 23:04:28 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.25
set-cookie: reverse=ITAcKnYs-5yE2-FhbkBYEeKtYL10K1pzIB8FhiHfSLE; expires=Wed, 21-Sep-2022 00:04:28 GMT; Max-Age=3600; path=/
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d2c3fc46c7794dba5a952bf021293e47
b3d9846c7364bb0714bd5b508b5d99236e489a3e
67f9e6f46b2856ff1e65c5577b67703f63df387768941ce08b4849f0179f85a7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "67F9E6F46B2856FF1E65C5577B67703F63DF387768941CE08B4849F0179F85A7"
Last-Modified: Mon, 19 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=494
Expires: Tue, 20 Sep 2022 23:12:43 GMT
Date: Tue, 20 Sep 2022 23:04:29 GMT
Connection: keep-alive
interstitial-07.com/contents/s/97/9d/a8/6108220fdf5c1958b30270c87e/01455300174645.jpeg
139.45.197.152200 OK 64 kB URL HTTP/2 interstitial-07.com/contents/s/97/9d/a8/6108220fdf5c1958b30270c87e/01455300174645.jpeg
IP 139.45.197.152:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 492x328, components 3\012- data
Hash 979da86108220fdf5c1958b30270c87e
f998e6a47e6bf2e54de20b2028b1b33b7cd5455a
5feefdcfbcb3ffc728afed80725c47b293717a21bb12db4f8303e5b5139a0f31
GET /contents/s/97/9d/a8/6108220fdf5c1958b30270c87e/01455300174645.jpeg HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/?l=sefakiuwXmtTBGU&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fdodurantom.com%2F12%3Frnd%3D2053669377%26z%3D3846473%26b%3D14566426%26c%3D5990211%26var%3D%26d%3Dhttp%253A%252F%252Ftryhardnow.com%252Fbase.php%253Fc%253D350%2526key%253D2c1f9aa01554345b3025ac0d005c7bea%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DEo0v9_QTmJRaBOAW5QQC_Z9btmK0FoTNnvk6fTuEjmVNSJ7yZQVHM4OdkGRuzohXYqTI6GHG5AM1v8cJEd7aZ75LI-YUNZ_xYSyLqFwqXDjOT8Ud40f3rDtpY_Jdph3Jcw_t4Ruup16J4-H1W06FamyXfuoXDomX6Ats_zGC7KMzyAuZ9NyxBC7fMPAP1zitPI1yg4dhQJiDH4m-uK_XsIBXjktDuwqqHb8pa61WqYdLz10aNVQx53_9VndVOReIt3rhzF3Z9UFz5Nfkd0fLgzfQLCp_Ugxw3lflcDbJctplnXyldIzUyyzrey3kdQqFReTtG-9I7pD_XsKQmc3tajE5-pSsAJxtV4iRbJCN0zLh13vEe83sLyY985pMoq-Mp-Q_k0NAAE_6U-pG55u6chTMvOyF3W3MyxIwAmw6H4r6SpS0KPkTLSN1EvOicK3sgz2NKDPtZCMYGnzbb_fHjMMU8LxiX8K7DVT7S3zx0-r-lYa1044MXkTjDe69BWXcMj3-32yKOquFucBruMr4PtPX4M9mpDlELFmxNJWOS9zLDhLy4yPnTPFlTMCgmE5-EMxj6ZPD8-Z2uzpC4OGFJgvOXMSKabZns0O71zaG2iqFZImbIA6DhvNg1oAbnTCtUFHbTzpj3p30wTqrmij1jQ%3D%3D%26bag%3DrECJmtGDoFy5o1Vh6XUGUA%3D%3D%26ruid%3D9c2b4337-ff1c-40ce-9fba-8678d7fe50e5%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Flifestylee.me%252Fkickstart-crocs-adds-more-to-its-colorful-shoes%252F%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D2%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Sep 2022 23:04:29 GMT
content-type: image/jpeg
content-length: 64345
last-modified: Wed, 29 Jun 2022 17:12:35 GMT
etag: "62bc8803-fb59"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3abf1263067d82b799d4bbbc25d4e4a6
0d6e863cf9fa683e050de01f7ee40bd8ed052ed0
2d3ce2306b36b4221e5c1fc22916e23d3a7d51d8d598af3f3e9f6e83a74ed22e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2D3CE2306B36B4221E5C1FC22916E23D3A7D51D8D598AF3F3E9F6E83A74ED22E"
Last-Modified: Mon, 19 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6612
Expires: Wed, 21 Sep 2022 00:54:41 GMT
Date: Tue, 20 Sep 2022 23:04:29 GMT
Connection: keep-alive
inpagepush.com/500/3156537?excludes=&oaid=946ebaaf7d75436ebe039102ab1ac179&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Flifestylee.me%2Fkickstart-crocs-adds-more-to-its-colorful-shoes%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 95 kB URL HTTP/2 inpagepush.com/500/3156537?excludes=&oaid=946ebaaf7d75436ebe039102ab1ac179&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Flifestylee.me%2Fkickstart-crocs-adds-more-to-its-colorful-shoes%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
Hash 1b7728beee1b20a9ef6ab099da52e1f1
dd0c368b6ef37b6bc9ec83b17909e6f2b671625c
521ee0e90b2863c81edd5bc3f15885815f6b80c0b776727fd17064d7a1e40569
GET /500/3156537?excludes=&oaid=946ebaaf7d75436ebe039102ab1ac179&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Flifestylee.me%2Fkickstart-crocs-adds-more-to-its-colorful-shoes%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: inpagepush.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://lifestylee.me
Connection: keep-alive
Referer: https://lifestylee.me/
Cookie: OAID=3deea012d1614de8a835620acf400598
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Sep 2022 23:04:28 GMT
content-type: application/javascript
x-trace-id: 2144f34c2ba8e6a1b8998d94723f8e60
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://lifestylee.me
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=946ebaaf7d75436ebe039102ab1ac179; expires=Wed, 20 Sep 2023 23:04:28 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
offerimage.com/www/images/a563edd673308b2cd8cc1ec9c0543417.png
104.22.33.172200 OK 76 kB URL HTTP/2 offerimage.com/www/images/a563edd673308b2cd8cc1ec9c0543417.png
IP 104.22.33.172:0
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash a563edd673308b2cd8cc1ec9c0543417
bff09cb9d8c3dadb244db8d24b6f58b8dfab6469
bbd22caad95af25c9ccf019fe7499c74743b7ef4eaceeffe0781c3f64f054b0c
GET /www/images/a563edd673308b2cd8cc1ec9c0543417.png HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lifestylee.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 23:04:29 GMT
content-type: image/png
content-length: 76281
last-modified: Tue, 07 Jun 2022 21:58:32 GMT
etag: "629fca08-129f9"
expires: Wed, 21 Sep 2022 22:10:09 GMT
cache-control: max-age=86400
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-max-age: 86400
timing-allow-origin: *
cf-cache-status: HIT
age: 3260
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 74de334ddc8495f6-ARN
X-Firefox-Spdy: h2
unphionetor.com/vctx?t=72747
139.45.197.236204 No Content 0 B URL HTTP/2 unphionetor.com/vctx?t=72747
IP 139.45.197.236:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /vctx?t=72747 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://interstitial-07.com
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Tue, 20 Sep 2022 23:04:29 GMT
access-control-allow-origin: https://interstitial-07.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: ed29762b02f1a3e6b3f63265d90a4810
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e2fce7ea52cefa8942fda9a01f3eb1c2
847fdf38add94f1fd1dd11734484da0c44634f14
e991d5dd29a5f287cef6750770a021cbb6b07f147d1e760689b1c05ed8c6b499
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E991D5DD29A5F287CEF6750770A021CBB6B07F147D1E760689B1C05ED8C6B499"
Last-Modified: Mon, 19 Sep 2022 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1691
Expires: Tue, 20 Sep 2022 23:32:40 GMT
Date: Tue, 20 Sep 2022 23:04:29 GMT
Connection: keep-alive
dodurantom.com/11?rnd=1989765724&z=3846473&b=14566426&var=&rqtdbc=0&rcvdbc=0&btp=7&rb=Eo0v9_QTmJRaBOAW5QQC_Z9btmK0FoTNnvk6fTuEjmVNSJ7yZQVHM4OdkGRuzohXYqTI6GHG5AM1v8cJEd7aZ75LI-YUNZ_xYSyLqFwqXDjOT8Ud40f3rDtpY_Jdph3Jcw_t4Ruup16J4-H1W06FamyXfuoXDomX6Ats_zGC7KMzyAuZ9NyxBC7fMPAP1zitPI1yg4dhQJiDH4m-uK_XsIBXjktDuwqqHb8pa61WqYdLz10aNVQx53_9VndVOReIt3rhzF3Z9UFz5Nfkd0fLgzfQLCp_Ugxw3lflcDbJctplnXyldIzUyyzrey3kdQqFReTtG-9I7pD_XsKQmc3tajE5-pSsAJxtV4iRbJCN0zLh13vEe83sLyY985pMoq-Mp-Q_k0NAAE_6U-pG55u6chTMvOyF3W3MyxIwAmw6H4r6SpS0KPkTLSN1EvOicK3sgz2NKDPtZCMYGnzbb_fHjMMU8LxiX8K7DVT7S3zx0-r-lYa1044MXkTjDe69BWXcMj3-32yKOquFucBruMr4PtPX4M9mpDlELFmxNJWOS9zLDhLy4yPnTPFlTMCgmE5-EMxj6ZPD8-Z2uzpC4OGFJgvOXMSKabZns0O71zaG2iqFZImbIA6DhvNg1oAbnTCtUFHbTzpj3p30wTqrmij1jQ==&ruid=9c2b4337-ff1c-40ce-9fba-8678d7fe50e5&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Flifestylee.me%2Fkickstart-crocs-adds-more-to-its-colorful-shoes%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1
139.45.197.239200 OK 0 B URL HTTP/2 dodurantom.com/11?rnd=1989765724&z=3846473&b=14566426&var=&rqtdbc=0&rcvdbc=0&btp=7&rb=Eo0v9_QTmJRaBOAW5QQC_Z9btmK0FoTNnvk6fTuEjmVNSJ7yZQVHM4OdkGRuzohXYqTI6GHG5AM1v8cJEd7aZ75LI-YUNZ_xYSyLqFwqXDjOT8Ud40f3rDtpY_Jdph3Jcw_t4Ruup16J4-H1W06FamyXfuoXDomX6Ats_zGC7KMzyAuZ9NyxBC7fMPAP1zitPI1yg4dhQJiDH4m-uK_XsIBXjktDuwqqHb8pa61WqYdLz10aNVQx53_9VndVOReIt3rhzF3Z9UFz5Nfkd0fLgzfQLCp_Ugxw3lflcDbJctplnXyldIzUyyzrey3kdQqFReTtG-9I7pD_XsKQmc3tajE5-pSsAJxtV4iRbJCN0zLh13vEe83sLyY985pMoq-Mp-Q_k0NAAE_6U-pG55u6chTMvOyF3W3MyxIwAmw6H4r6SpS0KPkTLSN1EvOicK3sgz2NKDPtZCMYGnzbb_fHjMMU8LxiX8K7DVT7S3zx0-r-lYa1044MXkTjDe69BWXcMj3-32yKOquFucBruMr4PtPX4M9mpDlELFmxNJWOS9zLDhLy4yPnTPFlTMCgmE5-EMxj6ZPD8-Z2uzpC4OGFJgvOXMSKabZns0O71zaG2iqFZImbIA6DhvNg1oAbnTCtUFHbTzpj3p30wTqrmij1jQ==&ruid=9c2b4337-ff1c-40ce-9fba-8678d7fe50e5&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Flifestylee.me%2Fkickstart-crocs-adds-more-to-its-colorful-shoes%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1
IP 139.45.197.239:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /11?rnd=1989765724&z=3846473&b=14566426&var=&rqtdbc=0&rcvdbc=0&btp=7&rb=Eo0v9_QTmJRaBOAW5QQC_Z9btmK0FoTNnvk6fTuEjmVNSJ7yZQVHM4OdkGRuzohXYqTI6GHG5AM1v8cJEd7aZ75LI-YUNZ_xYSyLqFwqXDjOT8Ud40f3rDtpY_Jdph3Jcw_t4Ruup16J4-H1W06FamyXfuoXDomX6Ats_zGC7KMzyAuZ9NyxBC7fMPAP1zitPI1yg4dhQJiDH4m-uK_XsIBXjktDuwqqHb8pa61WqYdLz10aNVQx53_9VndVOReIt3rhzF3Z9UFz5Nfkd0fLgzfQLCp_Ugxw3lflcDbJctplnXyldIzUyyzrey3kdQqFReTtG-9I7pD_XsKQmc3tajE5-pSsAJxtV4iRbJCN0zLh13vEe83sLyY985pMoq-Mp-Q_k0NAAE_6U-pG55u6chTMvOyF3W3MyxIwAmw6H4r6SpS0KPkTLSN1EvOicK3sgz2NKDPtZCMYGnzbb_fHjMMU8LxiX8K7DVT7S3zx0-r-lYa1044MXkTjDe69BWXcMj3-32yKOquFucBruMr4PtPX4M9mpDlELFmxNJWOS9zLDhLy4yPnTPFlTMCgmE5-EMxj6ZPD8-Z2uzpC4OGFJgvOXMSKabZns0O71zaG2iqFZImbIA6DhvNg1oAbnTCtUFHbTzpj3p30wTqrmij1jQ==&ruid=9c2b4337-ff1c-40ce-9fba-8678d7fe50e5&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Flifestylee.me%2Fkickstart-crocs-adds-more-to-its-colorful-shoes%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1 HTTP/1.1
Host: dodurantom.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lifestylee.me
Connection: keep-alive
Referer: https://lifestylee.me/
Cookie: OAID=946ebaaf7d75436ebe039102ab1ac179; oaidts=1663715067; scm=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Sep 2022 23:04:29 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://lifestylee.me
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 0be45c70817facd183a832985c175a2f
access-control-expose-headers: X-Sc
set-cookie: OAID=946ebaaf7d75436ebe039102ab1ac179; expires=Wed, 20 Sep 2023 23:04:29 GMT; secure; SameSite=None
oaidts=1663715067; expires=Wed, 20 Sep 2023 23:04:29 GMT; secure; SameSite=None
oaidvc=1; expires=Wed, 20 Sep 2023 23:04:29 GMT; secure; SameSite=None
CNT=1_v1_GkTeAAEAAAA3SwAA; expires=Wed, 21 Sep 2022 00:04:29 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
banquetunarmedgrater.com/advertisers.js
192.243.59.20200 OK 0 B URL HTTP/1.1 banquetunarmedgrater.com/advertisers.js
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /advertisers.js HTTP/1.1
Host: banquetunarmedgrater.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lifestylee.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Tue, 20 Sep 2022 23:04:29 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 687655ea9a7fe435f1e060d85c8ab42d
Strict-Transport-Security: max-age=0; includeSubdomains
unphionetor.com/vbl?t=72747&bid=undefined&aid=undefined
139.45.197.236204 No Content 0 B URL HTTP/2 unphionetor.com/vbl?t=72747&bid=undefined&aid=undefined
IP 139.45.197.236:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
POST /vbl?t=72747&bid=undefined&aid=undefined HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://interstitial-07.com
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Tue, 20 Sep 2022 23:04:29 GMT
access-control-allow-origin: https://interstitial-07.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 4783d2d558ca1f276d9229ee3b995ac4
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
ced.sascdn.com/tag/1097/smart.js
23.36.77.48200 OK 32 kB URL HTTP/1.1 ced.sascdn.com/tag/1097/smart.js
IP 23.36.77.48:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Hash be0bdd24329bd53a547db353696d08b2
1a41bc8c58e4ec707b74d094177a218136a26f30
618232978c60bc8d39bbef21c2b8fe00ce7feb4871d49d0bb6a4127748a3a40a
GET /tag/1097/smart.js HTTP/1.1
Host: ced.sascdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lifestylee.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=UTF-8
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 32487
Cache-Control: public, max-age=7200
Expires: Wed, 21 Sep 2022 01:04:29 GMT
Date: Tue, 20 Sep 2022 23:04:29 GMT
Connection: keep-alive
d2zur9cc2gf1tx.cloudfront.net/a96081b6-db78-48c4-9f82-b93e316fb1f7/notifyme.js
143.204.42.225200 OK 26 kB URL HTTP/1.1 d2zur9cc2gf1tx.cloudfront.net/a96081b6-db78-48c4-9f82-b93e316fb1f7/notifyme.js
IP 143.204.42.225:0
File type ASCII text, with very long lines (16085)
Hash 8703fc9eead243fe2f47380e962d7fa2
3d9f707259112fa9ccdd1e676f00eadcff71906c
b47b4ca26c57e3dceebd7abd067df9622599bed6bfb11b480f92d09a945cd213
GET /a96081b6-db78-48c4-9f82-b93e316fb1f7/notifyme.js HTTP/1.1
Host: d2zur9cc2gf1tx.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lifestylee.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 25704
Connection: keep-alive
Accept-Ranges: bytes
Last-Modified: Mon, 18 Feb 2019 16:54:28 GMT
Server: Apache
Date: Tue, 20 Sep 2022 19:57:34 GMT
X-Cache: Hit from cloudfront
Via: 1.1 c9f2a4d2bcd548d1a3cbe1617a22f216.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: AxqYCglwufFKnC5CyF8yoNYWC5BFpU3fhDzHAJ1cXsAH4YywKiGBMg==
Age: 80124
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 475134d49380a56070fcf3ffe5376952
5db7ba6645317af40d084cd057e984e2cb9a4642
65e05b0a0a201a4d5f1830d8265b88e9c128c1ad593deeecf0ddc80fdd78b899
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5832
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 23:04:29 GMT
Last-Modified: Tue, 20 Sep 2022 21:27:17 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471
platform-api.sharethis.com/js/sharethis.js
143.204.55.116200 OK 44 kB URL HTTP/2 platform-api.sharethis.com/js/sharethis.js
IP 143.204.55.116:0
Hash 55c294800193ee575a5a15d0bbdc1463
58dc06fc12188d45e9674c5909ec895ddf9e10a3
9aef1a8c1ade44002ca5aecc1743e95013bed3ce88e6bb761f5e5ad352271b8c
GET /js/sharethis.js HTTP/1.1
Host: platform-api.sharethis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lifestylee.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
content-encoding: gzip
edge-control: cache-maxage=60m,downstream-ttl=60m
x-frame-options: SAMEORIGIN
date: Tue, 20 Sep 2022 22:55:35 GMT
cache-control: max-age=600, public
etag: W/"2f749-jZtDoLQECLv0cAmOiJJ6B61Kdic"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: McERiGDGbc5MDwq_ojDdmwvl4Ajy0InIntaVhyxGxuElRjpK7He8Nw==
age: 534
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 9baaa3878151bf5d83c8d7014da17e5d
d8952bdd01ddec1d9a5a480f17ff5e39f6bdb037
1734ff9035c0a9c965cb5047e9fdbc2c1184b6c568066e856c6dbf0b8dc51df3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 23:04:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=f3b4b828-a730-4a27-7e78-f22770e705d8&reqId=e93ce263-98fc-4b5b-7a8c-cb4658f37422&zdid=1258
142.250.74.34302 Found 447 B URL HTTP/2 cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=f3b4b828-a730-4a27-7e78-f22770e705d8&reqId=e93ce263-98fc-4b5b-7a8c-cb4658f37422&zdid=1258
IP 142.250.74.34:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 1fc080c16941698572f44712a4538e1f
9e1688782f54b954e9ca9b15bff474f0558e9939
ef07a948c15a9506b22082f72d0b3a84bc6827b285dff10201c3f2d5ed81d463
GET /pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=f3b4b828-a730-4a27-7e78-f22770e705d8&reqId=e93ce263-98fc-4b5b-7a8c-cb4658f37422&zdid=1258 HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lifestylee.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm=&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=f3b4b828-a730-4a27-7e78-f22770e705d8&reqId=e93ce263-98fc-4b5b-7a8c-cb4658f37422&zdid=1258&google_tc=
date: Tue, 20 Sep 2022 23:04:29 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)
content-length: 447
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Tue, 20-Sep-2022 23:19:29 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 85aa2dcaf76d25900c78356e5e1c254f
46cd66c9921a162c9e67cfa7d85bc82e5967d531
741815f43b76661b9edde512bc9061cb4bc659b297e7d822bf8e68e5aac9d23d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "741815F43B76661B9EDDE512BC9061CB4BC659B297E7D822BF8E68E5AAC9D23D"
Last-Modified: Sun, 18 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14124
Expires: Wed, 21 Sep 2022 02:59:53 GMT
Date: Tue, 20 Sep 2022 23:04:29 GMT
Connection: keep-alive
test.cmp.quantcast.com/GVL-v2/cmp-list.json
143.204.55.14200 OK 3.1 kB URL HTTP/2 test.cmp.quantcast.com/GVL-v2/cmp-list.json
IP 143.204.55.14:0
File type JSON data\012- , ASCII text, with very long lines (9979), with no line terminators
Hash 57b7144c4b56df012a1b245db0a38a62
958c31c67551c5b3ebee2dd07f35d0861901cdad
d2ec90150aa70292e30809995adb4c87a9e647064f26fc19440ddaa04bf3c050
GET /GVL-v2/cmp-list.json HTTP/1.1
Host: test.cmp.quantcast.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lifestylee.me
Connection: keep-alive
Referer: https://lifestylee.me/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json
access-control-max-age: 86400
cache-control: max-age=172800
date: Tue, 20 Sep 2022 03:00:42 GMT
last-modified: Fri, 16 Sep 2022 19:52:29 GMT
etag: W/"50fb7062a6b6a4e6efde705408cf32f0"
x-amz-server-side-encryption: AES256
x-amz-version-id: oUUwrY_6WJ4t3DAGrQVvhBXnrJz9w1fe
server: AmazonS3
access-control-allow-origin: *
access-control-allow-methods: GET
content-encoding: br
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 c9f2a4d2bcd548d1a3cbe1617a22f216.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: eXjKXF-eur3h8qRC5stm8wK9pyI_Y-JyXzUgpyeY6-OjCXLs8Rz4Cg==
age: 72228
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 85aa2dcaf76d25900c78356e5e1c254f
46cd66c9921a162c9e67cfa7d85bc82e5967d531
741815f43b76661b9edde512bc9061cb4bc659b297e7d822bf8e68e5aac9d23d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "741815F43B76661B9EDDE512BC9061CB4BC659B297E7D822BF8E68E5AAC9D23D"
Last-Modified: Sun, 18 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14124
Expires: Wed, 21 Sep 2022 02:59:53 GMT
Date: Tue, 20 Sep 2022 23:04:29 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb447f31d-2a9a-4657-a829-f79bc662f662.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb447f31d-2a9a-4657-a829-f79bc662f662.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 285c04fe0904d41ab1c0259942fa26ec
3a5ad499b134a33e79d5fe00c7f5c7c098b3ee34
b91184725a4171202201b5478271a3ab361c54a8893b4dee70d941821a2e70a8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb447f31d-2a9a-4657-a829-f79bc662f662.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10293
x-amzn-requestid: 0c8a78d5-44be-47f4-927a-f39b0d0dc86f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yvoh3GT2oAMFvig=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63295472-73b322996216171a342783b7;Sampled=0
x-amzn-remapped-date: Tue, 20 Sep 2022 05:49:38 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: a7rPEaM9bqheTlQP1Hr5xwHgW8HenLAvoH95TTtGFu0169tsGnheFQ==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Sep 2022 22:29:09 GMT
age: 2120
etag: "3a5ad499b134a33e79d5fe00c7f5c7c098b3ee34"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 9baaa3878151bf5d83c8d7014da17e5d
d8952bdd01ddec1d9a5a480f17ff5e39f6bdb037
1734ff9035c0a9c965cb5047e9fdbc2c1184b6c568066e856c6dbf0b8dc51df3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 23:04:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe6be1360-d048-4319-9cac-dfebe92db87f.jpeg
34.120.237.76200 OK 9.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe6be1360-d048-4319-9cac-dfebe92db87f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 267173c6b4e4e6ae4a84dc08df92f82f
4183102af1963e1edb3aa572c43aeda7d855e9f5
20487bb2e59f2e6afcaaac3e3c4f1dfec9a8ef761403a44f7f92a6b57d143714
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe6be1360-d048-4319-9cac-dfebe92db87f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9271
x-amzn-requestid: b8139dfc-8f24-41e0-9948-56bad215416c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yx0Q-EkZoAMF_sw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632a3406-4365026f7f832cee0c12e4d7;Sampled=0
x-amzn-remapped-date: Tue, 20 Sep 2022 21:43:34 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: rUeMyRv1DxHKmRAc4s-8GkQELQtAO-_lKHB2tjRYSQUSBMJMmDAZcQ==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Sep 2022 21:56:09 GMT
age: 4100
etag: "4183102af1963e1edb3aa572c43aeda7d855e9f5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4f06ad5e-83fd-449e-b227-1b9d5389e57d.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4f06ad5e-83fd-449e-b227-1b9d5389e57d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 14e6ddceb639a5f4875aecb796f95c79
b1cd04a66852694284eeef16a1cde38896e33c03
4c0657a00d7fb4caefa64c28340cad94a306cc393cffe692fcc69c65a80f2391
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4f06ad5e-83fd-449e-b227-1b9d5389e57d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10244
x-amzn-requestid: 71f08b9e-e977-48de-ad60-5192a43db517
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YYwBkGqjIAMFz0Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63202d3d-0af3334d085ca4a764e31bb5;Sampled=0
x-amzn-remapped-date: Tue, 13 Sep 2022 07:11:57 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 7FaZfI_iYUANPdxGBld5NfneWwKJeX2nYA_gmvF9NjML5YOVhZIIoA==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Sep 2022 14:38:21 GMT
age: 30368
etag: "b1cd04a66852694284eeef16a1cde38896e33c03"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa2a425d5-4fbd-4af0-a85b-75f0878759cb.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa2a425d5-4fbd-4af0-a85b-75f0878759cb.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4d98acc059a69d51165fb5e0c7430ea3
09bd3300d710c3212483159f8398b84cde09da26
6e38bbb5c79c4f714973e10961d7bad9e7ae8711cf24d68b13a77206f474d2a6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa2a425d5-4fbd-4af0-a85b-75f0878759cb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7507
x-amzn-requestid: 2a40c792-8b1b-4476-92de-1fce3df48fc1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YcCmaHefoAMF4Ow=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63217e28-6b05350006b7f3fb73d1e37a;Sampled=0
x-amzn-remapped-date: Wed, 14 Sep 2022 07:09:28 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: rq4QHCD4EubBKHyCj7jyKqpct5d7U33TvNufqj_w8mWunqQsouoh7w==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Sep 2022 22:21:54 GMT
age: 2555
etag: "09bd3300d710c3212483159f8398b84cde09da26"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.globalsign.com/gseccovsslca2018
104.18.20.226200 OK 940 B URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP 104.18.20.226:0
Hash 3035d4cc100f962cf3ff10ba60267b3c
a9da458290058bad6a51d18367fcd8dd473d7bf6
0f1049c738d373c4280d1f433fc2d1c457f7f1877b55b290683d77366147680d
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 20 Sep 2022 23:04:29 GMT
Content-Type: application/ocsp-response
Content-Length: 940
Connection: keep-alive
Expires: Sat, 24 Sep 2022 18:54:10 GMT
ETag: "a9da458290058bad6a51d18367fcd8dd473d7bf6"
Last-Modified: Tue, 20 Sep 2022 18:54:11 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1157
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74de33511ebab506-OSL
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fab5a64d4-8802-4886-ab88-03c39eb96f1a.jpeg
34.120.237.76200 OK 5.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fab5a64d4-8802-4886-ab88-03c39eb96f1a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5a21b393fc4213d090f794f3eeee2333
cf334c1fc3191c5dcafaa2df55f62a10e16fda69
43553a352e6d7c8108bd5152d1c949d8acfb922344a00f8c77c986e2d8f665d9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fab5a64d4-8802-4886-ab88-03c39eb96f1a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5174
x-amzn-requestid: 19cef827-7a71-4789-ae2f-03861f7d65c1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YsvkiG9BoAMFqRA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63282c83-695865cd7f0a236300a179cb;Sampled=0
x-amzn-remapped-date: Mon, 19 Sep 2022 08:46:59 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: pt-UpDrev8YQvpm0E3xWMpkUSsxo80_jlCq1jJ0ePrpLb9rE7_kQ8w==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 ebe4011a81a36e2bf678f69ce1711330.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Sep 2022 22:20:37 GMT
age: 2632
etag: "cf334c1fc3191c5dcafaa2df55f62a10e16fda69"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d9d6ae0-dc0d-4bab-98fe-eb30bb5f5b2d.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d9d6ae0-dc0d-4bab-98fe-eb30bb5f5b2d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 370f018032c47c9e5c11e6afa4ffdd1f
639c8d2d6f1cf5fa6d742925ea61386d600dd368
6084e769cbcc679110c174e8031439f80bcfa0027d1c39c7b6626c54692da120
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d9d6ae0-dc0d-4bab-98fe-eb30bb5f5b2d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11552
x-amzn-requestid: 5457ef1c-d92b-4cd5-a704-64c1ff0cb2b3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yxy1mFRXIAMFv5A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632a31bd-3cd341153ca71b7c069b6ead;Sampled=0
x-amzn-remapped-date: Tue, 20 Sep 2022 21:33:49 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: X4rDCd0vk2t74s7qjkuMYwmoA8Ul9As6m5KBtDhltneCK6hSDgfXPQ==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Sep 2022 21:41:04 GMT
age: 5005
etag: "639c8d2d6f1cf5fa6d742925ea61386d600dd368"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
grumblecrytopless.com/sbar.json?key=e39e6de78434e75a812da1a674f8e022&uuid=851e212b-e155-47e8-804e-66d45ab1762d%3A3%3A1
192.243.59.20200 OK 4.1 kB URL HTTP/1.1 grumblecrytopless.com/sbar.json?key=e39e6de78434e75a812da1a674f8e022&uuid=851e212b-e155-47e8-804e-66d45ab1762d%3A3%3A1
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , ASCII text, with very long lines (5708), with no line terminators
Hash 5053ac456c070fb11fc9137e2e4c428a
2be02bdd6645a46d6542f9d01267c4a01a1ce4b7
cb252634135c83927a1a2340cdea1da4a5bffe913ee01162eaa82233bbf26c36
GET /sbar.json?key=e39e6de78434e75a812da1a674f8e022&uuid=851e212b-e155-47e8-804e-66d45ab1762d%3A3%3A1 HTTP/1.1
Host: grumblecrytopless.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lifestylee.me
Connection: keep-alive
Referer: https://lifestylee.me/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Tue, 20 Sep 2022 23:04:29 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://lifestylee.me
Access-Control-Allow-Origin: https://lifestylee.me
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=15933797; expires=Wed, 21 Sep 2022 23:04:29 GMT; secure; SameSite=None
uid_id2=851e212b-e155-47e8-804e-66d45ab1762d:3:1; expires=Tue, 27 Sep 2022 23:04:29 GMT; secure; SameSite=None
pdhtkv=true; expires=Wed, 21 Sep 2022 23:04:29 GMT; secure; SameSite=None
uncs=1; expires=Wed, 21 Sep 2022 23:04:29 GMT; secure; SameSite=None
pdhtkv29=true; expires=Wed, 21 Sep 2022 23:04:29 GMT; secure; SameSite=None
uncs29=1; expires=Wed, 21 Sep 2022 23:04:29 GMT; secure; SameSite=None
slece39e6de78434e75a812da1a674f8e022=[3364901]; expires=Tue, 20 Sep 2022 23:04:34 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 38ca3c94a9c3a9217807d8dd7762e299
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash bcbb61a4f6f0beed45a5f963bfba6e9d
a07136aeace7036e3b7427d63c60576adbdc388f
3a910cde9f8f65341f3422d28e35ca877558e136c99067b72daaeb56b3d9e76d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 23:04:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cmp.quantcast.com/tcfv2/42/cmp2ui-en.js
143.204.55.17200 OK 61 kB URL HTTP/2 cmp.quantcast.com/tcfv2/42/cmp2ui-en.js
IP 143.204.55.17:0
Hash 99b82cb2cd83e0c050fb5f3349ab11ae
895acd160a0e76570cc9ab66492314cf8f05294e
ab911a29d55518ce4b3144d5d9828d38f7cdcf31a23882e8774fa51468eee0dd
GET /tcfv2/42/cmp2ui-en.js HTTP/1.1
Host: cmp.quantcast.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lifestylee.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/javascript;charset=UTF-8
access-control-max-age: 86400
last-modified: Tue, 05 Jul 2022 18:40:26 GMT
x-amz-server-side-encryption: AES256
server: AmazonS3
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
access-control-allow-methods: GET
content-encoding: gzip
date: Mon, 19 Sep 2022 05:07:16 GMT
cache-control: max-age=172800
etag: W/"24932b3e61742029985961c24d35dbb7"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 410f51195842d9b592b15d6588c36654.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: JkXksTmCzeF7_6CtSOIMlSngPyE8T52YOUC_no9Kbivpw3VgsM6GdQ==
age: 155205
X-Firefox-Spdy: h2
ajax.googleapis.com/ajax/libs/jquery/3.0.0/jquery.min.js
142.250.74.10200 OK 30 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/3.0.0/jquery.min.js
IP 142.250.74.10:0
File type ASCII text, with very long lines (32034)
Hash c54aac7ef64c39b4f384e0d5771d3b46
d3e059104378a3844862a5ed12a13f5d423e86b6
3e1b5002dd64d185f806edeefd333348f423584d876cfc966b5c13884c8fe3da
GET /ajax/libs/jquery/3.0.0/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lifestylee.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30186
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 20 Sep 2022 11:05:10 GMT
expires: Wed, 20 Sep 2023 11:05:10 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 43159
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
id5-sync.com/i/12/9.gif?gdpr=true&gdpr_consent=
162.19.138.82200 43 B URL HTTP/1.1 id5-sync.com/i/12/9.gif?gdpr=true&gdpr_consent=
IP 162.19.138.82:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 07fff40b5dd495aca2ac4e1c3fbc60aa
e8ac224ba9ee97e87670ed6f3a2f0128b7af9fe4
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
GET /i/12/9.gif?gdpr=true&gdpr_consent= HTTP/1.1
Host: id5-sync.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lifestylee.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
p3p: CP="CAO PSA OUR"
set-cookie: cf=; Max-Age=300; Expires=Tue, 20-Sep-2022 23:09:29 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
cip=; Max-Age=300; Expires=Tue, 20-Sep-2022 23:09:29 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
cnac=; Max-Age=300; Expires=Tue, 20-Sep-2022 23:09:29 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
car=; Max-Age=300; Expires=Tue, 20-Sep-2022 23:09:29 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
gdpr=; Max-Age=300; Expires=Tue, 20-Sep-2022 23:09:29 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
callback=; Max-Age=300; Expires=Tue, 20-Sep-2022 23:09:29 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
content-type: image/gif;charset=UTF-8
transfer-encoding: chunked
date: Tue, 20 Sep 2022 23:04:29 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash bcbb61a4f6f0beed45a5f963bfba6e9d
a07136aeace7036e3b7427d63c60576adbdc388f
3a910cde9f8f65341f3422d28e35ca877558e136c99067b72daaeb56b3d9e76d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 23:04:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
mc.yandex.ru/metrika/watch.js
87.250.251.119200 OK 57 kB URL HTTP/2 mc.yandex.ru/metrika/watch.js
IP 87.250.251.119:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (570)
Hash 586a53abefa89b60f73e53e4f44e6f2f
d4c50345603590468c539f46853ce78140f7664a
8472faf943b35943b628eb70fb721ec98aa217d2526631f884f117994c2a8095
GET /metrika/watch.js HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lifestylee.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 56984
date: Tue, 20 Sep 2022 23:04:29 GMT
access-control-allow-origin: *
etag: "63295b76-de98"
expires: Wed, 21 Sep 2022 00:04:29 GMT
last-modified: Tue, 20 Sep 2022 09:19:34 GMT
cache-control: max-age=3600
content-encoding: br
content-type: application/javascript
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mwzeom.zeotap.com/mw?google_gid=&google_cver=&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=f3b4b828-a730-4a27-7e78-f22770e705d8&reqId=e93ce263-98fc-4b5b-7a8c-cb4658f37422&zdid=1258&google_error=3
104.22.24.87200 OK 95 B URL HTTP/2 mwzeom.zeotap.com/mw?google_gid=&google_cver=&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=f3b4b828-a730-4a27-7e78-f22770e705d8&reqId=e93ce263-98fc-4b5b-7a8c-cb4658f37422&zdid=1258&google_error=3
IP 104.22.24.87:0
File type PNG image data, 1 x 1, 1-bit colormap, non-interlaced\012- data
Hash 71a50dbba44c78128b221b7df7bb51f1
0ec63b140374ba704a58fa0c743cb357683313dd
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
GET /mw?google_gid=&google_cver=&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=f3b4b828-a730-4a27-7e78-f22770e705d8&reqId=e93ce263-98fc-4b5b-7a8c-cb4658f37422&zdid=1258&google_error=3 HTTP/1.1
Host: mwzeom.zeotap.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lifestylee.me/
Connection: keep-alive
Cookie: zc=f3b4b828-a730-4a27-7e78-f22770e705d8; zsc=%ADs%E0%A6%CE%F5%09%F1k%D8e%5B%B53%25ag%C4%E9%BB%F66%14%B6%86fS%9D%2C%C9%C7W%01%8F%F4%90%82%B0J%E1%8D%FF3%87%D6%DAZ%D4%B6%B4%B1%EFl%B1-%17%1Cy%C2%C6pb%99%D7%91%2F%A9%9C%40X%B6%FF%03J%95%B9%D8%28%16j%82%27%3F
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 23:04:29 GMT
content-type: image/png
content-length: 95
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-origin: https://lifestylee.me
set-cookie: zc=f3b4b828-a730-4a27-7e78-f22770e705d8; Path=/; Domain=.zeotap.com; Max-Age=31536000; SameSite=None; Secure
vary: Origin
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 74de33528a17b517-OSL
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
54.230.245.118200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.118:0
Hash 79479a728ffc27adc0438553574e6e0a
2d1ce9da06553e42063cd0b33a059f8d46871a7a
da6fd585a651fcd59c85dea6e17086aa494416d827909c22aaaebef4e0ce1360
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Tue, 20 Sep 2022 23:04:29 GMT
Last-Modified: Tue, 20 Sep 2022 21:22:15 GMT
Server: ECS (bsa/EB17)
X-Cache: Miss from cloudfront
Via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: c8bBuZvpXyKKfo65BBm2PbvhWeDt8b4jR_RxToh0-8ugPYDq5mQyeA==
Age: 6134
dodurantom.com/15?rnd=662844754&z=3846473&var=&rb=Eo0v9_QTmJRaBOAW5QQC_Z9btmK0FoTNnvk6fTuEjmVNSJ7yZQVHM4OdkGRuzohXYqTI6GHG5AM1v8cJEd7aZ75LI-YUNZ_xYSyLqFwqXDjOT8Ud40f3rDtpY_Jdph3Jcw_t4Ruup16J4-H1W06FamyXfuoXDomX6Ats_zGC7KMzyAuZ9NyxBC7fMPAP1zitPI1yg4dhQJiDH4m-uK_XsIBXjktDuwqqHb8pa61WqYdLz10aNVQx53_9VndVOReIt3rhzF3Z9UFz5Nfkd0fLgzfQLCp_Ugxw3lflcDbJctplnXyldIzUyyzrey3kdQqFReTtG-9I7pD_XsKQmc3tajE5-pSsAJxtV4iRbJCN0zLh13vEe83sLyY985pMoq-Mp-Q_k0NAAE_6U-pG55u6chTMvOyF3W3MyxIwAmw6H4r6SpS0KPkTLSN1EvOicK3sgz2NKDPtZCMYGnzbb_fHjMMU8LxiX8K7DVT7S3zx0-r-lYa1044MXkTjDe69BWXcMj3-32yKOquFucBruMr4PtPX4M9mpDlELFmxNJWOS9zLDhLy4yPnTPFlTMCgmE5-EMxj6ZPD8-Z2uzpC4OGFJgvOXMSKabZns0O71zaG2iqFZImbIA6DhvNg1oAbnTCtUFHbTzpj3p30wTqrmij1jQ==&ruid=9c2b4337-ff1c-40ce-9fba-8678d7fe50e5&uci=%7B%22path%22%3A%7B%22count%22%3A0%2C%22totalLength%22%3A0%2C%22pathHistogram%22%3A%7B%224%22%3A0%2C%228%22%3A0%2C%2216%22%3A0%2C%2232%22%3A0%2C%2264%22%3A0%2C%22128%22%3A0%2C%22256%22%3A0%2C%22512%22%3A0%2C%221024%22%3A0%7D%7D%2C%22durationOnCreate%22%3A1.259%2C%22location%22%3A%22https%3A%2F%2Flifestylee.me%2Fkickstart-crocs-adds-more-to-its-colorful-shoes%2F%22%2C%22isSelenium%22%3Afalse%2C%22isPhantom%22%3Afalse%2C%22isTouch%22%3Afalse%2C%22pluginCount%22%3A0%2C%22wdov%22%3A0%2C%22wvr%22%3A1%2C%22wiv%22%3Atrue%2C%22isIONS%22%3Atrue%7D
139.45.197.239204 No Content 0 B URL HTTP/2 dodurantom.com/15?rnd=662844754&z=3846473&var=&rb=Eo0v9_QTmJRaBOAW5QQC_Z9btmK0FoTNnvk6fTuEjmVNSJ7yZQVHM4OdkGRuzohXYqTI6GHG5AM1v8cJEd7aZ75LI-YUNZ_xYSyLqFwqXDjOT8Ud40f3rDtpY_Jdph3Jcw_t4Ruup16J4-H1W06FamyXfuoXDomX6Ats_zGC7KMzyAuZ9NyxBC7fMPAP1zitPI1yg4dhQJiDH4m-uK_XsIBXjktDuwqqHb8pa61WqYdLz10aNVQx53_9VndVOReIt3rhzF3Z9UFz5Nfkd0fLgzfQLCp_Ugxw3lflcDbJctplnXyldIzUyyzrey3kdQqFReTtG-9I7pD_XsKQmc3tajE5-pSsAJxtV4iRbJCN0zLh13vEe83sLyY985pMoq-Mp-Q_k0NAAE_6U-pG55u6chTMvOyF3W3MyxIwAmw6H4r6SpS0KPkTLSN1EvOicK3sgz2NKDPtZCMYGnzbb_fHjMMU8LxiX8K7DVT7S3zx0-r-lYa1044MXkTjDe69BWXcMj3-32yKOquFucBruMr4PtPX4M9mpDlELFmxNJWOS9zLDhLy4yPnTPFlTMCgmE5-EMxj6ZPD8-Z2uzpC4OGFJgvOXMSKabZns0O71zaG2iqFZImbIA6DhvNg1oAbnTCtUFHbTzpj3p30wTqrmij1jQ==&ruid=9c2b4337-ff1c-40ce-9fba-8678d7fe50e5&uci=%7B%22path%22%3A%7B%22count%22%3A0%2C%22totalLength%22%3A0%2C%22pathHistogram%22%3A%7B%224%22%3A0%2C%228%22%3A0%2C%2216%22%3A0%2C%2232%22%3A0%2C%2264%22%3A0%2C%22128%22%3A0%2C%22256%22%3A0%2C%22512%22%3A0%2C%221024%22%3A0%7D%7D%2C%22durationOnCreate%22%3A1.259%2C%22location%22%3A%22https%3A%2F%2Flifestylee.me%2Fkickstart-crocs-adds-more-to-its-colorful-shoes%2F%22%2C%22isSelenium%22%3Afalse%2C%22isPhantom%22%3Afalse%2C%22isTouch%22%3Afalse%2C%22pluginCount%22%3A0%2C%22wdov%22%3A0%2C%22wvr%22%3A1%2C%22wiv%22%3Atrue%2C%22isIONS%22%3Atrue%7D
IP 139.45.197.239:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /15?rnd=662844754&z=3846473&var=&rb=Eo0v9_QTmJRaBOAW5QQC_Z9btmK0FoTNnvk6fTuEjmVNSJ7yZQVHM4OdkGRuzohXYqTI6GHG5AM1v8cJEd7aZ75LI-YUNZ_xYSyLqFwqXDjOT8Ud40f3rDtpY_Jdph3Jcw_t4Ruup16J4-H1W06FamyXfuoXDomX6Ats_zGC7KMzyAuZ9NyxBC7fMPAP1zitPI1yg4dhQJiDH4m-uK_XsIBXjktDuwqqHb8pa61WqYdLz10aNVQx53_9VndVOReIt3rhzF3Z9UFz5Nfkd0fLgzfQLCp_Ugxw3lflcDbJctplnXyldIzUyyzrey3kdQqFReTtG-9I7pD_XsKQmc3tajE5-pSsAJxtV4iRbJCN0zLh13vEe83sLyY985pMoq-Mp-Q_k0NAAE_6U-pG55u6chTMvOyF3W3MyxIwAmw6H4r6SpS0KPkTLSN1EvOicK3sgz2NKDPtZCMYGnzbb_fHjMMU8LxiX8K7DVT7S3zx0-r-lYa1044MXkTjDe69BWXcMj3-32yKOquFucBruMr4PtPX4M9mpDlELFmxNJWOS9zLDhLy4yPnTPFlTMCgmE5-EMxj6ZPD8-Z2uzpC4OGFJgvOXMSKabZns0O71zaG2iqFZImbIA6DhvNg1oAbnTCtUFHbTzpj3p30wTqrmij1jQ==&ruid=9c2b4337-ff1c-40ce-9fba-8678d7fe50e5&uci=%7B%22path%22%3A%7B%22count%22%3A0%2C%22totalLength%22%3A0%2C%22pathHistogram%22%3A%7B%224%22%3A0%2C%228%22%3A0%2C%2216%22%3A0%2C%2232%22%3A0%2C%2264%22%3A0%2C%22128%22%3A0%2C%22256%22%3A0%2C%22512%22%3A0%2C%221024%22%3A0%7D%7D%2C%22durationOnCreate%22%3A1.259%2C%22location%22%3A%22https%3A%2F%2Flifestylee.me%2Fkickstart-crocs-adds-more-to-its-colorful-shoes%2F%22%2C%22isSelenium%22%3Afalse%2C%22isPhantom%22%3Afalse%2C%22isTouch%22%3Afalse%2C%22pluginCount%22%3A0%2C%22wdov%22%3A0%2C%22wvr%22%3A1%2C%22wiv%22%3Atrue%2C%22isIONS%22%3Atrue%7D HTTP/1.1
Host: dodurantom.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lifestylee.me
Connection: keep-alive
Referer: https://lifestylee.me/
Cookie: OAID=946ebaaf7d75436ebe039102ab1ac179; oaidts=1663715067; scm=1; oaidvc=1; CNT=1_v1_GkTeAAEAAAA3SwAA
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Tue, 20 Sep 2022 23:04:29 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://lifestylee.me
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 28b55f8a0ff36841b7961c3b16ef7139
access-control-expose-headers: X-Sc
set-cookie: OAID=946ebaaf7d75436ebe039102ab1ac179; expires=Wed, 20 Sep 2023 23:04:29 GMT; secure; SameSite=None
oaidts=1663715067; expires=Wed, 20 Sep 2023 23:04:29 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
l.sharethis.com/pview?event=pview&hostname=lifestylee.me&location=%2Fkickstart-crocs-adds-more-to-its-colorful-shoes%2F&product=sticky-share-buttons&url=https%3A%2F%2Flifestylee.me%2Fkickstart-crocs-adds-more-to-its-colorful-shoes%2F&source=sharethis.js&fcmp=false&fcmpv2=true&has_segmentio=false&title=Kickstart%3A%20Crocs%20adds%20more%20to%20its%20colorful%20shoes%20%E2%80%94%20Life%20Stylee&cms=unknown&publisher=61297b2724fac90012c3ba72&sop=true&version=st_sop.js&lang=en&description=Crocs%20may%20not%20be%20your%20favorite%20shoes%2C%20however%2C%20the%20Colorado%20shoe%20company%20with%20the%20comfortable%20foam%20clogs%20is%20about%20to%20arrive.
52.57.102.63204 No Content 0 B URL HTTP/1.1 l.sharethis.com/pview?event=pview&hostname=lifestylee.me&location=%2Fkickstart-crocs-adds-more-to-its-colorful-shoes%2F&product=sticky-share-buttons&url=https%3A%2F%2Flifestylee.me%2Fkickstart-crocs-adds-more-to-its-colorful-shoes%2F&source=sharethis.js&fcmp=false&fcmpv2=true&has_segmentio=false&title=Kickstart%3A%20Crocs%20adds%20more%20to%20its%20colorful%20shoes%20%E2%80%94%20Life%20Stylee&cms=unknown&publisher=61297b2724fac90012c3ba72&sop=true&version=st_sop.js&lang=en&description=Crocs%20may%20not%20be%20your%20favorite%20shoes%2C%20however%2C%20the%20Colorado%20shoe%20company%20with%20the%20comfortable%20foam%20clogs%20is%20about%20to%20arrive.
IP 52.57.102.63:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pview?event=pview&hostname=lifestylee.me&location=%2Fkickstart-crocs-adds-more-to-its-colorful-shoes%2F&product=sticky-share-buttons&url=https%3A%2F%2Flifestylee.me%2Fkickstart-crocs-adds-more-to-its-colorful-shoes%2F&source=sharethis.js&fcmp=false&fcmpv2=true&has_segmentio=false&title=Kickstart%3A%20Crocs%20adds%20more%20to%20its%20colorful%20shoes%20%E2%80%94%20Life%20Stylee&cms=unknown&publisher=61297b2724fac90012c3ba72&sop=true&version=st_sop.js&lang=en&description=Crocs%20may%20not%20be%20your%20favorite%20shoes%2C%20however%2C%20the%20Colorado%20shoe%20company%20with%20the%20comfortable%20foam%20clogs%20is%20about%20to%20arrive. HTTP/1.1
Host: l.sharethis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lifestylee.me
Connection: keep-alive
Referer: https://lifestylee.me/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: *
Access-Control-Allow-Origin: https://lifestylee.me
Access-Control-Expose-Headers: stid
Access-Control-Max-Age: 1728000
Cache-Control: no-cache, no-store, must-revalidate
Date: Tue, 20 Sep 2022 23:04:29 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains;
Connection: keep-alive
audit-tcfv2.cmp.quantcast.com/?log=%7B%22accountId%22%3A%226Fv0cGNfc_bw8%22%2C%22domain%22%3A%22lifestylee.me%22%2C%22publisher%22%3A%22themoneytizer.com%22%2C%22cmpId%22%3A10%2C%22cmpVersion%22%3A%222.42%22%2C%22displayType%22%3A%22tcfui%3Amandatory%22%2C%22configurationHashCode%22%3A%22zqyqLXlGhIEyBziKWX6tNg%22%2C%22clientTimestamp%22%3A1663715069780%2C%22operationType%22%3A%22init%22%2C%22sessionId%22%3A%22GDPR-a7x5fviy97maemm9dsrv%22%7D
18.196.221.202200 OK 2 B URL HTTP/2 audit-tcfv2.cmp.quantcast.com/?log=%7B%22accountId%22%3A%226Fv0cGNfc_bw8%22%2C%22domain%22%3A%22lifestylee.me%22%2C%22publisher%22%3A%22themoneytizer.com%22%2C%22cmpId%22%3A10%2C%22cmpVersion%22%3A%222.42%22%2C%22displayType%22%3A%22tcfui%3Amandatory%22%2C%22configurationHashCode%22%3A%22zqyqLXlGhIEyBziKWX6tNg%22%2C%22clientTimestamp%22%3A1663715069780%2C%22operationType%22%3A%22init%22%2C%22sessionId%22%3A%22GDPR-a7x5fviy97maemm9dsrv%22%7D
IP 18.196.221.202:0
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
GET /?log=%7B%22accountId%22%3A%226Fv0cGNfc_bw8%22%2C%22domain%22%3A%22lifestylee.me%22%2C%22publisher%22%3A%22themoneytizer.com%22%2C%22cmpId%22%3A10%2C%22cmpVersion%22%3A%222.42%22%2C%22displayType%22%3A%22tcfui%3Amandatory%22%2C%22configurationHashCode%22%3A%22zqyqLXlGhIEyBziKWX6tNg%22%2C%22clientTimestamp%22%3A1663715069780%2C%22operationType%22%3A%22init%22%2C%22sessionId%22%3A%22GDPR-a7x5fviy97maemm9dsrv%22%7D HTTP/1.1
Host: audit-tcfv2.cmp.quantcast.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lifestylee.me
Connection: keep-alive
Referer: https://lifestylee.me/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Sep 2022 23:04:29 GMT
content-type: text/plain; charset=utf-8
content-length: 2
access-control-allow-origin: *
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash a2b39113a70529527307eb2feae6d112
a91848aee8648b986ee238008b30c19211afee7e
5503aa902278ea78a58fee7b81e884975ce8c4c29c596812b9ca6e6711ad9231
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6155
Cache-Control: max-age=158596
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 23:04:30 GMT
Etag: "6329f777-117"
Expires: Thu, 22 Sep 2022 19:07:46 GMT
Last-Modified: Tue, 20 Sep 2022 17:25:11 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 279
mc.yandex.ru/metrika/advert.gif
87.250.251.119200 OK 43 B URL HTTP/2 mc.yandex.ru/metrika/advert.gif
IP 87.250.251.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /metrika/advert.gif HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lifestylee.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Tue, 20 Sep 2022 23:04:30 GMT
access-control-allow-origin: *
etag: "63295b76-2b"
expires: Wed, 21 Sep 2022 00:04:30 GMT
accept-ranges: bytes
last-modified: Tue, 20 Sep 2022 09:19:34 GMT
cache-control: max-age=3600
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
buttons-config.sharethis.com/js/61297b2724fac90012c3ba72.js
54.230.111.123200 OK 457 B URL HTTP/2 buttons-config.sharethis.com/js/61297b2724fac90012c3ba72.js
IP 54.230.111.123:0
File type ASCII text, with very long lines (457), with no line terminators
Hash 19378e5d0f5c381e523c93eae74ad890
5d6f7ea3d0b894a0f30ce0f1919b1d349f27e756
f67a2772e8a292d7d92eefccec94b7a029c43d08b21febb01b3ce1c32bd4d45a
GET /js/61297b2724fac90012c3ba72.js HTTP/1.1
Host: buttons-config.sharethis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lifestylee.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript
content-length: 457
last-modified: Fri, 27 Aug 2021 23:54:16 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
date: Tue, 20 Sep 2022 23:04:31 GMT
cache-control: public, max-age=60
etag: "19378e5d0f5c381e523c93eae74ad890"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 6259d2cd8a5947ad41a420527bbed7a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: EbKeRzCzrIlVX5sIlMBMmhcavjJ5TH1lZL1z0Vxw1jtKMD2MDojZaw==
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
mc.yandex.ru/watch/66105388?wmode=7&page-url=https%3A%2F%2Flifestylee.me%2Fkickstart-crocs-adds-more-to-its-colorful-shoes%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aasbylctlprmpze3hff9a0%3Afp%3A1664%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A903%3Acn%3A1%3Adp%3A0%3Als%3A868334002937%3Ahid%3A678811586%3Az%3A0%3Ai%3A20220920230430%3Aet%3A1663715070%3Ac%3A1%3Arn%3A437326599%3Arqn%3A1%3Au%3A1663715070322708542%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Ads%3A0%2C19%2C97%2C0%2C355%2C0%2C%2C1123%2C4%2C%2C%2C%2C1747%3Ans%3A1663715066716%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1663715070%3At%3AKickstart%3A%20Crocs%20adds%20more%20to%20its%20colorful%20shoes%20%E2%80%94%20Life%20Stylee&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2)
87.250.251.119302 Found 407 B URL HTTP/2 mc.yandex.ru/watch/66105388?wmode=7&page-url=https%3A%2F%2Flifestylee.me%2Fkickstart-crocs-adds-more-to-its-colorful-shoes%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aasbylctlprmpze3hff9a0%3Afp%3A1664%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A903%3Acn%3A1%3Adp%3A0%3Als%3A868334002937%3Ahid%3A678811586%3Az%3A0%3Ai%3A20220920230430%3Aet%3A1663715070%3Ac%3A1%3Arn%3A437326599%3Arqn%3A1%3Au%3A1663715070322708542%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Ads%3A0%2C19%2C97%2C0%2C355%2C0%2C%2C1123%2C4%2C%2C%2C%2C1747%3Ans%3A1663715066716%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1663715070%3At%3AKickstart%3A%20Crocs%20adds%20more%20to%20its%20colorful%20shoes%20%E2%80%94%20Life%20Stylee&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2)
IP 87.250.251.119:0
File type JSON data\012- , ASCII text, with very long lines (407), with no line terminators
Hash 0d64d2618fb8a66194678091a1bb8e16
3da2aaea8af79ec53a4690254f343a237d63954e
d37476ad043e3115a318d4c7c301d4464af89b51e5582c81e7e0b25c8b53e732
GET /watch/66105388?wmode=7&page-url=https%3A%2F%2Flifestylee.me%2Fkickstart-crocs-adds-more-to-its-colorful-shoes%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aasbylctlprmpze3hff9a0%3Afp%3A1664%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A903%3Acn%3A1%3Adp%3A0%3Als%3A868334002937%3Ahid%3A678811586%3Az%3A0%3Ai%3A20220920230430%3Aet%3A1663715070%3Ac%3A1%3Arn%3A437326599%3Arqn%3A1%3Au%3A1663715070322708542%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Ads%3A0%2C19%2C97%2C0%2C355%2C0%2C%2C1123%2C4%2C%2C%2C%2C1747%3Ans%3A1663715066716%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1663715070%3At%3AKickstart%3A%20Crocs%20adds%20more%20to%20its%20colorful%20shoes%20%E2%80%94%20Life%20Stylee&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lifestylee.me
Connection: keep-alive
Referer: https://lifestylee.me/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: /watch/66105388/1?wmode=7&page-url=https%3A%2F%2Flifestylee.me%2Fkickstart-crocs-adds-more-to-its-colorful-shoes%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aasbylctlprmpze3hff9a0%3Afp%3A1664%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A903%3Acn%3A1%3Adp%3A0%3Als%3A868334002937%3Ahid%3A678811586%3Az%3A0%3Ai%3A20220920230430%3Aet%3A1663715070%3Ac%3A1%3Arn%3A437326599%3Arqn%3A1%3Au%3A1663715070322708542%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Ads%3A0%2C19%2C97%2C0%2C355%2C0%2C%2C1123%2C4%2C%2C%2C%2C1747%3Ans%3A1663715066716%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1663715070%3At%3AKickstart%3A%20Crocs%20adds%20more%20to%20its%20colorful%20shoes%20%E2%80%94%20Life%20Stylee&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29
date: Tue, 20 Sep 2022 23:04:30 GMT
access-control-allow-origin: https://lifestylee.me
set-cookie: yandexuid=1292134711663715070; Expires=Wed, 20-Sep-2023 23:04:30 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=1292134711663715070; Expires=Wed, 20-Sep-2023 23:04:30 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yabs-sid=574942621663715070; Path=/; SameSite=None; Secure
i=0RpUukS8hFV23b0PujnSXBREdA0fdAFsmnCNvob9WkeDpv9ep3SQFd+lUbWqlIA6xK9sgHRMM7avBv7cTV7w57aWHrc=; Expires=Fri, 17-Sep-2032 23:04:26 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
ymex=1695251070.yrts.1663715070#1695251070.yrtsi.1663715070; Expires=Wed, 20-Sep-2023 23:04:30 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 20-Sep-2022 23:04:30 GMT
last-modified: Tue, 20-Sep-2022 23:04:30 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
grumblecrytopless.com/ren.gif?sid=H4sIAAAAAAAC%2F1SSz28bxRvGZ5scvtL3BKqQQICMBBIg4u6s17s2PVSEEBSR%2FlALojeY3Rk7Q8Y7q5kdr5NTRFXUG%2B5%2FsHmcNGqpEEhcqZBTqYecYi7kQP4HqMQJJGQ3wvBe3vfd5zl89pn3q113Snw4drJyWW9LpdiFZt2vvXmT0ou1dZm5QW3Qij6Lwos103%2B3HdX9t2ofinRTXwh86vvUp7VVaURHDy5MRcj8YZvW2349DOq0GWJg%2Frtb58EyD7x%2FSp6H5JPFx955yHSMrPfdirCbhc7f%2BaDnFCu0QZ8ffJJtZrrM0JuPHeOhkx2cuaHt8eoj6Gx%2Fhgvd%2F8eYyAnxnjxCkh2cQSLp7804EwWRIeH%2FR9kfQ6gxJBsj1bcg%2BTEBUo4rV5H17l3RpmRbz1Q2VSdk8Y%2BnkOWELP56Hlnv22UlB7UbWrlC6sxi0KkgB2PI7hi5O0SxfQ6yPERafAnJCbJeBclPXm81qQhokCwJ2mwuhbFoLbX8UCxFEQ%2BbLKFxFPBZMFKOITtjKDEEswtw1oOTHlzHg8s99PhJLaWUxj5Pmd9qp2mDxyKJuE9Z3KGM%2BlELLp2yD1HkQ6RqiNTsIDc72JR3j%2BkpjPsJdqOC5R5sQdDnFUpBUFqCkhGUkqAsCMp%2Btc%2BVDWx1jyvrEnrWg7PeqEa66O6yfV10RUZ281Py3Cyzp68JbIqTmmi0RcRF3AoboYibrEUDziiL4rDTEn4QwMoK0p4Dsx625YS8cP535HJCyNe%2FIGGHsOoQqXwZzL0CVo7iwAfbGIUtH9vZg0yU1tk6y3NwXSEvFlFsebvqlLw4o2jcfAMiPbr0eXJ58tv9P5GaCrmp8IV8TNBVd0bXdUn2ruvSku%2Bv5oXsyW02fdUbBSvEwoOPxFapDV9bscP776VTYTo%2B%2FFjYYp1lXGZdS75ZlpwLs6pNKsiPa%2FZTkVxzdmPZmczl69feX13r5UZYK3U2Bpv%2B2JMjpHJC%2FvfD%2FuxgX7p9G9KMYVyFnjsiZwWpD5HmO7D5nN%2FqBRg19yS5h9JVIxMk849KEigx31lSwf5rT%2Bbzrr2DrnkVrLg1u9O%2BqdBXFZgawrqFUZGbo0s%2FN2aFRHmjRBlvL1FG3X0WrpUntbjR8FnUbtI4ZiJOwqDViShnLAijIIpYA4WdpG%2Bv%2FvU3AAAA%2F%2F8BAAD%2F%2F%2B0W9ip7BAAA
192.243.59.20200 OK 7 B URL HTTP/1.1 grumblecrytopless.com/ren.gif?sid=H4sIAAAAAAAC%2F1SSz28bxRvGZ5scvtL3BKqQQICMBBIg4u6s17s2PVSEEBSR%2FlALojeY3Rk7Q8Y7q5kdr5NTRFXUG%2B5%2FsHmcNGqpEEhcqZBTqYecYi7kQP4HqMQJJGQ3wvBe3vfd5zl89pn3q113Snw4drJyWW9LpdiFZt2vvXmT0ou1dZm5QW3Qij6Lwos103%2B3HdX9t2ofinRTXwh86vvUp7VVaURHDy5MRcj8YZvW2349DOq0GWJg%2Frtb58EyD7x%2FSp6H5JPFx955yHSMrPfdirCbhc7f%2BaDnFCu0QZ8ffJJtZrrM0JuPHeOhkx2cuaHt8eoj6Gx%2Fhgvd%2F8eYyAnxnjxCkh2cQSLp7804EwWRIeH%2FR9kfQ6gxJBsj1bcg%2BTEBUo4rV5H17l3RpmRbz1Q2VSdk8Y%2BnkOWELP56Hlnv22UlB7UbWrlC6sxi0KkgB2PI7hi5O0SxfQ6yPERafAnJCbJeBclPXm81qQhokCwJ2mwuhbFoLbX8UCxFEQ%2BbLKFxFPBZMFKOITtjKDEEswtw1oOTHlzHg8s99PhJLaWUxj5Pmd9qp2mDxyKJuE9Z3KGM%2BlELLp2yD1HkQ6RqiNTsIDc72JR3j%2BkpjPsJdqOC5R5sQdDnFUpBUFqCkhGUkqAsCMp%2Btc%2BVDWx1jyvrEnrWg7PeqEa66O6yfV10RUZ281Py3Cyzp68JbIqTmmi0RcRF3AoboYibrEUDziiL4rDTEn4QwMoK0p4Dsx625YS8cP535HJCyNe%2FIGGHsOoQqXwZzL0CVo7iwAfbGIUtH9vZg0yU1tk6y3NwXSEvFlFsebvqlLw4o2jcfAMiPbr0eXJ58tv9P5GaCrmp8IV8TNBVd0bXdUn2ruvSku%2Bv5oXsyW02fdUbBSvEwoOPxFapDV9bscP776VTYTo%2B%2FFjYYp1lXGZdS75ZlpwLs6pNKsiPa%2FZTkVxzdmPZmczl69feX13r5UZYK3U2Bpv%2B2JMjpHJC%2FvfD%2FuxgX7p9G9KMYVyFnjsiZwWpD5HmO7D5nN%2FqBRg19yS5h9JVIxMk849KEigx31lSwf5rT%2Bbzrr2DrnkVrLg1u9O%2BqdBXFZgawrqFUZGbo0s%2FN2aFRHmjRBlvL1FG3X0WrpUntbjR8FnUbtI4ZiJOwqDViShnLAijIIpYA4WdpG%2Bv%2FvU3AAAA%2F%2F8BAAD%2F%2F%2B0W9ip7BAAA
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
GET /ren.gif?sid=H4sIAAAAAAAC%2F1SSz28bxRvGZ5scvtL3BKqQQICMBBIg4u6s17s2PVSEEBSR%2FlALojeY3Rk7Q8Y7q5kdr5NTRFXUG%2B5%2FsHmcNGqpEEhcqZBTqYecYi7kQP4HqMQJJGQ3wvBe3vfd5zl89pn3q113Snw4drJyWW9LpdiFZt2vvXmT0ou1dZm5QW3Qij6Lwos103%2B3HdX9t2ofinRTXwh86vvUp7VVaURHDy5MRcj8YZvW2349DOq0GWJg%2Frtb58EyD7x%2FSp6H5JPFx955yHSMrPfdirCbhc7f%2BaDnFCu0QZ8ffJJtZrrM0JuPHeOhkx2cuaHt8eoj6Gx%2Fhgvd%2F8eYyAnxnjxCkh2cQSLp7804EwWRIeH%2FR9kfQ6gxJBsj1bcg%2BTEBUo4rV5H17l3RpmRbz1Q2VSdk8Y%2BnkOWELP56Hlnv22UlB7UbWrlC6sxi0KkgB2PI7hi5O0SxfQ6yPERafAnJCbJeBclPXm81qQhokCwJ2mwuhbFoLbX8UCxFEQ%2BbLKFxFPBZMFKOITtjKDEEswtw1oOTHlzHg8s99PhJLaWUxj5Pmd9qp2mDxyKJuE9Z3KGM%2BlELLp2yD1HkQ6RqiNTsIDc72JR3j%2BkpjPsJdqOC5R5sQdDnFUpBUFqCkhGUkqAsCMp%2Btc%2BVDWx1jyvrEnrWg7PeqEa66O6yfV10RUZ281Py3Cyzp68JbIqTmmi0RcRF3AoboYibrEUDziiL4rDTEn4QwMoK0p4Dsx625YS8cP535HJCyNe%2FIGGHsOoQqXwZzL0CVo7iwAfbGIUtH9vZg0yU1tk6y3NwXSEvFlFsebvqlLw4o2jcfAMiPbr0eXJ58tv9P5GaCrmp8IV8TNBVd0bXdUn2ruvSku%2Bv5oXsyW02fdUbBSvEwoOPxFapDV9bscP776VTYTo%2B%2FFjYYp1lXGZdS75ZlpwLs6pNKsiPa%2FZTkVxzdmPZmczl69feX13r5UZYK3U2Bpv%2B2JMjpHJC%2FvfD%2FuxgX7p9G9KMYVyFnjsiZwWpD5HmO7D5nN%2FqBRg19yS5h9JVIxMk849KEigx31lSwf5rT%2Bbzrr2DrnkVrLg1u9O%2BqdBXFZgawrqFUZGbo0s%2FN2aFRHmjRBlvL1FG3X0WrpUntbjR8FnUbtI4ZiJOwqDViShnLAijIIpYA4WdpG%2Bv%2FvU3AAAA%2F%2F8BAAD%2F%2F%2B0W9ip7BAAA HTTP/1.1
Host: grumblecrytopless.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lifestylee.me/
Cookie: u_pl=15933797; uid_id2=851e212b-e155-47e8-804e-66d45ab1762d:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slece39e6de78434e75a812da1a674f8e022=[3364901]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Tue, 20 Sep 2022 23:04:30 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9340c12200aeba41136da87bc9eb085a
Strict-Transport-Security: max-age=0; includeSubdomains
ocsp.sca1b.amazontrust.com/
54.230.245.118200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.118:0
Hash 695d7908295261d3448bbdd23bd02054
f07c42ed6d201376b68e9117357e58aa6c005b94
c23b38bafb6648067b5756853d96d0059b9d94457acf0e9edf5cdb7ceabc04c8
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Tue, 20 Sep 2022 23:04:30 GMT
Last-Modified: Tue, 20 Sep 2022 21:56:04 GMT
Server: ECS (nyb/1D06)
X-Cache: Miss from cloudfront
Via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: Z7_XqOfkMnfhGG6sz7YQjQvtkcvLpq9mvllanTS3mq_T4PgPgELttA==
Age: 4106
adtrack.adleadevent.com/notifyme.php?st=a96081b6-db78-48c4-9f82-b93e316fb1f7
54.171.248.84200 OK 20 B URL HTTP/1.1 adtrack.adleadevent.com/notifyme.php?st=a96081b6-db78-48c4-9f82-b93e316fb1f7
IP 54.171.248.84:0
Hash 7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2
GET /notifyme.php?st=a96081b6-db78-48c4-9f82-b93e316fb1f7 HTTP/1.1
Host: adtrack.adleadevent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lifestylee.me
Connection: keep-alive
Referer: https://lifestylee.me/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://lifestylee.me
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Content-Encoding: gzip
Content-Type: application/x-javascript
Date: Tue, 20 Sep 2022 23:04:30 GMT
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Last-Modified: Tue, 20 Sep 2022 23:04:30 GMT
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
Content-Length: 20
Connection: keep-alive
platform-cdn.sharethis.com/img/facebook.svg
54.230.111.19200 OK 301 B URL HTTP/2 platform-cdn.sharethis.com/img/facebook.svg
IP 54.230.111.19:0
File type SVG Scalable Vector Graphics image\012- , ASCII text
Hash c6e9be45643e197ce1db1d7e24a99adc
d7338e398bb0f7a9082d24f121140d2cf9e88859
768d97ec0916217ae82c70aeda3a61b9b0dab344edc4a3240a4f7cd94af00307
GET /img/facebook.svg HTTP/1.1
Host: platform-cdn.sharethis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lifestylee.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/svg+xml
content-length: 301
date: Fri, 02 Sep 2022 05:08:41 GMT
last-modified: Thu, 10 Oct 2019 01:20:12 GMT
etag: "c6e9be45643e197ce1db1d7e24a99adc"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=2592000
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 6259d2cd8a5947ad41a420527bbed7a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: v0qs3QAEi-l8VIf-u7xU9siHftRbHuSwyJpOfMIkHx1x54H_YYTCEA==
age: 1619750
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
platform-cdn.sharethis.com/img/sharethis.svg
54.230.111.19200 OK 514 B URL HTTP/2 platform-cdn.sharethis.com/img/sharethis.svg
IP 54.230.111.19:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (358)
Hash deecdaa377907db5cc1722fc831670a1
4e39e0fd5742cc1460e24620df4a360abb71290e
9a83c65bdd0ff9488af9d25720686457ea7295c9c44f9f1d285a0c9ec89bab99
GET /img/sharethis.svg HTTP/1.1
Host: platform-cdn.sharethis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lifestylee.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
content-length: 514
date: Fri, 09 Sep 2022 00:38:14 GMT
last-modified: Thu, 10 Oct 2019 01:20:13 GMT
etag: "deecdaa377907db5cc1722fc831670a1"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=2592000
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 6259d2cd8a5947ad41a420527bbed7a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Oop8qLyKWkKPy7Bs5DIMDB68x_VyCwohLKQN_jMQ2ehY0NFqwhJmNg==
age: 1031177
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
platform-cdn.sharethis.com/img/arrow_right.svg
54.230.111.19200 OK 565 B URL HTTP/2 platform-cdn.sharethis.com/img/arrow_right.svg
IP 54.230.111.19:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (409)
Hash 9928d025bd5792b718ee0a185f62e67c
16406d7b5b6d383b12859b853cf6cb7e3733e33d
1bae747c7fd090f56608956a97c870391e1c43f89d24d5766129b75628985c1e
GET /img/arrow_right.svg HTTP/1.1
Host: platform-cdn.sharethis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lifestylee.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
content-length: 565
date: Sun, 11 Sep 2022 09:21:07 GMT
last-modified: Thu, 10 Oct 2019 01:20:12 GMT
etag: "9928d025bd5792b718ee0a185f62e67c"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=2592000
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 6259d2cd8a5947ad41a420527bbed7a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: qV9mZDx-qyvdPe2uRnsVOk5wDOz0C25TqmQj-GusVfVgMSNDd_xG6Q==
age: 827004
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
platform-cdn.sharethis.com/img/email.svg
54.230.111.19200 OK 343 B URL HTTP/2 platform-cdn.sharethis.com/img/email.svg
IP 54.230.111.19:0
File type SVG Scalable Vector Graphics image\012- , ASCII text
Hash 5977437466e857c7ddcadda6f6d88c2a
19c6378daa1f946ca225fb8d9e039e1f7762fb0d
5f5012132c752db2433e17712d91ef8689f1bc95167b2720e23224c2ae62e009
GET /img/email.svg HTTP/1.1
Host: platform-cdn.sharethis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lifestylee.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/svg+xml
content-length: 343
date: Mon, 22 Aug 2022 04:56:04 GMT
last-modified: Thu, 10 Oct 2019 01:20:12 GMT
etag: "5977437466e857c7ddcadda6f6d88c2a"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=2592000
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 6259d2cd8a5947ad41a420527bbed7a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: fLMoMEfkqUJ0A1K2zO_2NeY-cXWDqR0YZaMZo1qcCvZW3__nuDtr8Q==
age: 2570907
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
platform-cdn.sharethis.com/img/pinterest.svg
54.230.111.19200 OK 771 B URL HTTP/2 platform-cdn.sharethis.com/img/pinterest.svg
IP 54.230.111.19:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (615)
Hash 2b10a062e719c64b686e2e8fcdc216dc
38bd37fa3975f4d5b849763359481d8b31bb80ba
efc737b4f58cfe73a9bd0e57d7570365701381da31e628b269e7217a0ce3359d
GET /img/pinterest.svg HTTP/1.1
Host: platform-cdn.sharethis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lifestylee.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/svg+xml
content-length: 771
last-modified: Thu, 10 Oct 2019 01:20:13 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
date: Mon, 19 Sep 2022 03:57:45 GMT
cache-control: public, max-age=2592000
etag: "2b10a062e719c64b686e2e8fcdc216dc"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6259d2cd8a5947ad41a420527bbed7a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: n5LnjLRBNDg1lkbEcSOQ7Ijrc_tYvzNWGkl-BVZnU8NReTvX9lZlgw==
age: 155206
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
platform-cdn.sharethis.com/img/twitter.svg
54.230.111.19200 OK 731 B URL HTTP/2 platform-cdn.sharethis.com/img/twitter.svg
IP 54.230.111.19:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (575)
Hash 0af2fb38987598376c99e21af17ade45
bfbdfd0b1a2dcef714e347928bd11b8410dc7ca2
7c93346d4f681a0be90d1dfc19346382a4700f1810f41caa54415688dee1777f
GET /img/twitter.svg HTTP/1.1
Host: platform-cdn.sharethis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lifestylee.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/svg+xml
content-length: 731
last-modified: Thu, 10 Oct 2019 01:20:13 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
date: Sat, 17 Sep 2022 01:05:31 GMT
cache-control: public, max-age=2592000
etag: "0af2fb38987598376c99e21af17ade45"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6259d2cd8a5947ad41a420527bbed7a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: YUhAc46Jn5MNFb0t_zm0QI6LEQDNor7MNUE4d-QUiLdUTTTsb8dWdQ==
age: 338340
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
platform-cdn.sharethis.com/img/arrow_left.svg
54.230.111.19200 OK 565 B URL HTTP/2 platform-cdn.sharethis.com/img/arrow_left.svg
IP 54.230.111.19:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (409)
Hash b55d8d2b9321e381a3c38a4bddb74037
000c29635758e608bbe15d191e953adb27627c2e
5c833b1818762f1e134fbb158447fb0b92f2b018b15aa36f2e2405213f830d38
GET /img/arrow_left.svg HTTP/1.1
Host: platform-cdn.sharethis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lifestylee.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/svg+xml
content-length: 565
last-modified: Thu, 10 Oct 2019 01:20:12 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
date: Wed, 07 Sep 2022 05:01:50 GMT
cache-control: public, max-age=2592000
etag: "b55d8d2b9321e381a3c38a4bddb74037"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6259d2cd8a5947ad41a420527bbed7a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: zqyXkxXomqsDtPunONWood7KHZQPRZ12K8jM97Sx_9oCPMPMdSUheQ==
age: 1188164
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
glimtors.net/custom
139.45.197.251200 OK 39 B IP 139.45.197.251:0
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
POST /custom HTTP/1.1
Host: glimtors.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lifestylee.me/
Content-Type: application/json
Origin: https://lifestylee.me
Content-Length: 775
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Sep 2022 23:04:30 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 5e40b96e25e5499421e3db5a70785689
access-control-allow-origin: https://lifestylee.me
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 0d1a47a7636842e63e684dedecbc44ff
06bc39ee562e5cb4057260c99cb37e6cba410a85
cf3ca449e17d9a0a8bc8b3c7cafc368f420d0591a70ce829446f217bf34a84ab
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5308
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 23:04:30 GMT
Last-Modified: Tue, 20 Sep 2022 21:36:02 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 313
csm.fr.eu.criteo.net/iev?entry=c~Idfs.Rtus.147.Events.StartInit~1&entry=c~Idfs.Rtus.147.Events.SyncframeDropped~1
178.250.0.162200 OK 43 B URL HTTP/2 csm.fr.eu.criteo.net/iev?entry=c~Idfs.Rtus.147.Events.StartInit~1&entry=c~Idfs.Rtus.147.Events.SyncframeDropped~1
IP 178.250.0.162:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
GET /iev?entry=c~Idfs.Rtus.147.Events.StartInit~1&entry=c~Idfs.Rtus.147.Events.SyncframeDropped~1 HTTP/1.1
Host: csm.fr.eu.criteo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lifestylee.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Sep 2022 23:04:29 GMT
pragma: no-cache
server: Finatra
expires: 0
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
content-length: 43
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a72130ae7c499a48ceed4d717ba04279
686cf6c69ee0bc3b20f334e1f40162b0a348ece2
18117375cc72fba620f3e53df7f99a61ab02c4adf834566eb46d63be66f1ca54
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "18117375CC72FBA620F3E53DF7F99A61AB02C4ADF834566EB46D63BE66F1CA54"
Last-Modified: Mon, 19 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10214
Expires: Wed, 21 Sep 2022 01:54:44 GMT
Date: Tue, 20 Sep 2022 23:04:30 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a72130ae7c499a48ceed4d717ba04279
686cf6c69ee0bc3b20f334e1f40162b0a348ece2
18117375cc72fba620f3e53df7f99a61ab02c4adf834566eb46d63be66f1ca54
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "18117375CC72FBA620F3E53DF7F99A61AB02C4ADF834566EB46D63BE66F1CA54"
Last-Modified: Mon, 19 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10214
Expires: Wed, 21 Sep 2022 01:54:44 GMT
Date: Tue, 20 Sep 2022 23:04:30 GMT
Connection: keep-alive
grumblecrytopless.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.yourwebbars.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fsimple_bubbleicon%2F16%2Findex.html&l=2211&fd=612
192.243.59.20200 OK 0 B URL HTTP/1.1 grumblecrytopless.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.yourwebbars.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fsimple_bubbleicon%2F16%2Findex.html&l=2211&fd=612
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.yourwebbars.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fsimple_bubbleicon%2F16%2Findex.html&l=2211&fd=612 HTTP/1.1
Host: grumblecrytopless.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lifestylee.me/
Cookie: u_pl=15933797; uid_id2=851e212b-e155-47e8-804e-66d45ab1762d:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slece39e6de78434e75a812da1a674f8e022=[3364901]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Tue, 20 Sep 2022 23:04:30 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3560fd0459a75cf29346caa46f7e84a1
f4ddcaf667912056478156ea67a9c16cfdacc0b0
f2f4b9cb192aba52569b22fa34a39420113c1ae958b17b6b59652182ffa10eed
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F2F4B9CB192ABA52569B22FA34A39420113C1AE958B17B6B59652182FFA10EED"
Last-Modified: Sun, 18 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18218
Expires: Wed, 21 Sep 2022 04:08:08 GMT
Date: Tue, 20 Sep 2022 23:04:30 GMT
Connection: keep-alive
cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/16/img/close.png
172.64.201.2200 OK 6.0 kB URL HTTP/2 cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/16/img/close.png
IP 172.64.201.2:0
File type PNG image data, 522 x 391, 8-bit/color RGBA, non-interlaced\012- data
Hash c489ce2c491a22ee37a55e26a92dfd73
2fa588ab09e94dd902e5bd24b48f98ad1949c9d6
1eed147c7d5de6291c25fbc5274830c12d5549262fb144271576d4e15966e5bd
GET /sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/16/img/close.png HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 23:04:30 GMT
content-type: image/png
content-length: 5982
last-modified: Fri, 21 May 2021 10:10:48 GMT
etag: "60a78728-175e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 4194007
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J6hobGaldjQE%2Fl7s3PbynF%2Bh%2BUUg%2Bx5I0%2Ba8%2FCjmDieVNu6VAp67vY0fNb8JNHIz6lysscxfDzPiDFVhEGYsLob%2FSYlK3ZCONNWv1LGIdJotFuCaZekSQKjx00v6prZlz9A%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74de33594a8071aa-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/16/img/arrow.png
172.64.201.2200 OK 2.0 kB URL HTTP/2 cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/16/img/arrow.png
IP 172.64.201.2:0
File type PNG image data, 52 x 81, 8-bit/color RGBA, non-interlaced\012- data
Hash ef2bad0eceeff00bf615df0a433a5bff
a910af81d23d78c96283b46c241d3d9652562009
9c362044a93ac6919b7174a1620d4d82dbe1940a450aea1abca32a48fd160d40
GET /sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/16/img/arrow.png HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 23:04:30 GMT
content-type: image/png
content-length: 2008
last-modified: Fri, 21 May 2021 10:10:48 GMT
etag: "60a78728-7d8"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 4194007
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d32Y%2BdXp3cNLdByKHBIGu%2B9RThS0HtSdWBn9XpABMHCrU2qiSzuxlN840jVOfHFTSHVEdp%2BhE0xdUSmO3Nilx0D9CvkROzmAMGlxtcfErd6xvVb6%2BHgzcap39ylvZzr4IHk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74de33594a8671aa-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash e5d7d983b288c67e17280c6a1c0d80d9
8a1e575f8b8427e872c1e4c5645d9ce3e5445e52
a08530049c460e7e3cf236a9969b94b4a794d83f3f4279ac43934194f39dedd6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 23:04:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/16/img/number.png
172.64.201.2200 OK 1.1 kB URL HTTP/2 cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/16/img/number.png
IP 172.64.201.2:0
File type PNG image data, 43 x 43, 8-bit/color RGBA, non-interlaced\012- data
Hash 9e4414e85c588bf7db195e49c02ab2bb
09254e79b255f1b2dfe45adbbe44583a4b433782
0b977ec6e7cf5d35df03cd3a8041f5f523f5d4059ac67c152c0a7b613e20b762
GET /sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/16/img/number.png HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 23:04:30 GMT
content-type: image/png
content-length: 1138
last-modified: Fri, 21 May 2021 10:10:48 GMT
etag: "60a78728-472"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 4194007
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EHeOUkxDiY3Pkx2%2FvBcAihWJwY0RQmBWFTHYEdHaS10GDZZRkQys1BXumOHX7L2R2Ko5oMfXQ8e%2BwQsd508IsZ9JKkjkwMdnyWctHf4CkuTN8Mu35EfNTAx8sXKwV9S%2FkUQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74de33595a8d71aa-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/16/img/icon.png
172.64.201.2200 OK 107 kB URL HTTP/2 cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/16/img/icon.png
IP 172.64.201.2:0
File type PNG image data, 340 x 340, 8-bit/color RGB, non-interlaced\012- data
Size 107 kB (106874 bytes)
Hash c1f6eb397e4025eb9b9f152caf975d28
0fef898a70d937ab0982906947fcb2826a7fde3c
be6b906095a91adeb37fdb83b3567252be9406419a8c7a65e9d62332a3415e99
GET /sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/16/img/icon.png HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 23:04:30 GMT
content-type: image/png
content-length: 106874
last-modified: Tue, 08 Feb 2022 14:16:16 GMT
etag: "62027b30-1a17a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 4194007
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PXTBCvbzClu9EGY19dirl0g1io3C1XI1ms6hovD60V%2FIJ6GYtAR5K0AJRLoT%2BSXhmE9mvY1VcyXBmuulMhq9rbOt5UBCkXJCaI1fgk7R9leW83gSmy75Wm3eKz7Wuk29Mkg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74de33595a9171aa-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a72130ae7c499a48ceed4d717ba04279
686cf6c69ee0bc3b20f334e1f40162b0a348ece2
18117375cc72fba620f3e53df7f99a61ab02c4adf834566eb46d63be66f1ca54
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "18117375CC72FBA620F3E53DF7F99A61AB02C4ADF834566EB46D63BE66F1CA54"
Last-Modified: Mon, 19 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10213
Expires: Wed, 21 Sep 2022 01:54:44 GMT
Date: Tue, 20 Sep 2022 23:04:31 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash e5d7d983b288c67e17280c6a1c0d80d9
8a1e575f8b8427e872c1e4c5645d9ce3e5445e52
a08530049c460e7e3cf236a9969b94b4a794d83f3f4279ac43934194f39dedd6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 23:04:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
unseenreport.com/pxf.gif?uuid=851e212b-e155-47e8-804e-66d45ab1762d&eb=da08d6844107154a138edda4653a0f4b&te=f6ce28b9ffd697cd2ee52a12f20448bb&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.31&b_frame=0&pk=e39e6de78434e75a812da1a674f8e022&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=23
192.243.59.13200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=851e212b-e155-47e8-804e-66d45ab1762d&eb=da08d6844107154a138edda4653a0f4b&te=f6ce28b9ffd697cd2ee52a12f20448bb&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.31&b_frame=0&pk=e39e6de78434e75a812da1a674f8e022&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=23
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=851e212b-e155-47e8-804e-66d45ab1762d&eb=da08d6844107154a138edda4653a0f4b&te=f6ce28b9ffd697cd2ee52a12f20448bb&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.31&b_frame=0&pk=e39e6de78434e75a812da1a674f8e022&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=23 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lifestylee.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Tue, 20 Sep 2022 23:04:31 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: fa4abf931945b7fc9cd243cc27cf96f1
Strict-Transport-Security: max-age=0; includeSubdomains
grumblecrytopless.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fsimple_bubbleicon%2F16%2Fcss%2Fstyle.css&l=9494&fd=251
192.243.59.20200 OK 0 B URL HTTP/1.1 grumblecrytopless.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fsimple_bubbleicon%2F16%2Fcss%2Fstyle.css&l=9494&fd=251
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fsimple_bubbleicon%2F16%2Fcss%2Fstyle.css&l=9494&fd=251 HTTP/1.1
Host: grumblecrytopless.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lifestylee.me/
Cookie: u_pl=15933797; uid_id2=851e212b-e155-47e8-804e-66d45ab1762d:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slece39e6de78434e75a812da1a674f8e022=[3364901]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Tue, 20 Sep 2022 23:04:31 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
unseenreport.com/pxf.gif?uuid=851e212b-e155-47e8-804e-66d45ab1762d&eb=da08d6844107154a138edda4653a0f4b&te=f6ce28b9ffd697cd2ee52a12f20448bb&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.31&b_frame=0&pk=16634562c53f547c47deb1db0259b76a&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=23
192.243.59.13200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=851e212b-e155-47e8-804e-66d45ab1762d&eb=da08d6844107154a138edda4653a0f4b&te=f6ce28b9ffd697cd2ee52a12f20448bb&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.31&b_frame=0&pk=16634562c53f547c47deb1db0259b76a&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=23
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=851e212b-e155-47e8-804e-66d45ab1762d&eb=da08d6844107154a138edda4653a0f4b&te=f6ce28b9ffd697cd2ee52a12f20448bb&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.31&b_frame=0&pk=16634562c53f547c47deb1db0259b76a&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=23 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lifestylee.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Tue, 20 Sep 2022 23:04:31 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 71ca0c919fb634652fc3da5d810d647d
Strict-Transport-Security: max-age=0; includeSubdomains
grumblecrytopless.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fsimple_bubbleicon%2F16%2Fcss%2Fanimate.css&l=79249&fd=367
192.243.59.20200 OK 0 B URL HTTP/1.1 grumblecrytopless.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fsimple_bubbleicon%2F16%2Fcss%2Fanimate.css&l=79249&fd=367
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fsimple_bubbleicon%2F16%2Fcss%2Fanimate.css&l=79249&fd=367 HTTP/1.1
Host: grumblecrytopless.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lifestylee.me/
Cookie: u_pl=15933797; uid_id2=851e212b-e155-47e8-804e-66d45ab1762d:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slece39e6de78434e75a812da1a674f8e022=[3364901]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Tue, 20 Sep 2022 23:04:31 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
csm.fr.eu.criteo.net/iev?entry=c~Idfs.Rtus.147.Events.InitiateFetch~1
178.250.0.162200 OK 43 B URL HTTP/2 csm.fr.eu.criteo.net/iev?entry=c~Idfs.Rtus.147.Events.InitiateFetch~1
IP 178.250.0.162:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
GET /iev?entry=c~Idfs.Rtus.147.Events.InitiateFetch~1 HTTP/1.1
Host: csm.fr.eu.criteo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lifestylee.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 23:04:30 GMT
pragma: no-cache
server: Finatra
expires: 0
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
content-length: 43
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/16/css/style.css
172.64.201.2200 OK 2.7 kB URL HTTP/2 cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/16/css/style.css
IP 172.64.201.2:0
Hash ee3b2442570424ea6ce704aeedf18d1a
842f295dd1991301e8b56f6f990f0c3ad6bbf666
a6033c781db2e95619acff6980992a4e5237039bbc8cbd3379e37127278e2527
GET /sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/16/css/style.css HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lifestylee.me
Connection: keep-alive
Referer: https://lifestylee.me/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Sep 2022 23:04:31 GMT
content-type: text/css
last-modified: Mon, 31 Jan 2022 14:46:40 GMT
etag: W/"61f7f650-2516"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=76qYtVlpo4pGsyDkB2IxlMyumrg2SZWlqa17L3vgoje9khbezO%2Fwdh7En%2FPl7dotkEKxhWnXD91qbVAprueOKzonQLaFgO3RHPG5ljyAQuWLp5%2Fbx%2BEWAHi1d9elVMkvFyo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74de33593a6771aa-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
142.250.74.163200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://lifestylee.me
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 14 Sep 2022 19:34:08 GMT
expires: Thu, 14 Sep 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 531023
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash c683e61e63df92799aa274fdac42cd3b
191aeec95861fa8596a90a10c60b22434431c033
898c007bc0e7d5f4d3180c9fe28b88036102ba64912d0773c023e1f4f07d7beb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 23:04:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/16/js/script.js
172.64.201.2200 OK 16 kB URL HTTP/2 cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/16/js/script.js
IP 172.64.201.2:0
Hash 92aff8bc670f6d1e61ec1aca8d049d8f
eacf8c1ba0f7601914218254fc7e293c29ec7ccb
9920b776286e19945197a163d1da34d550eb1ac2d2143cda120bf16270347c73
GET /sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/16/js/script.js HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lifestylee.me
Connection: keep-alive
Referer: https://lifestylee.me/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 23:04:31 GMT
content-type: application/javascript
last-modified: Fri, 21 May 2021 10:10:50 GMT
etag: W/"60a7872a-2c7"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ck6HpLuFpepv1gn%2Bec3%2FBgaB%2FdHqWN2fwHdPO2HF7yUqKTCg0rmUd2k0dFyobaWmAGNHFvr2Kd0s14h8tmtaHJWB7HaTCHEyq8YvABCM3V1SsvIyXsVafS%2B984e7pnWOSmw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74de335a1c0d71aa-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
grumblecrytopless.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fsimple_bubbleicon%2F16%2Fjs%2Fscript.js&l=711&fd=261
192.243.59.20200 OK 0 B URL HTTP/1.1 grumblecrytopless.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fsimple_bubbleicon%2F16%2Fjs%2Fscript.js&l=711&fd=261
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fsimple_bubbleicon%2F16%2Fjs%2Fscript.js&l=711&fd=261 HTTP/1.1
Host: grumblecrytopless.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lifestylee.me/
Cookie: u_pl=15933797; uid_id2=851e212b-e155-47e8-804e-66d45ab1762d:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slece39e6de78434e75a812da1a674f8e022=[3364901]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Tue, 20 Sep 2022 23:04:31 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash c683e61e63df92799aa274fdac42cd3b
191aeec95861fa8596a90a10c60b22434431c033
898c007bc0e7d5f4d3180c9fe28b88036102ba64912d0773c023e1f4f07d7beb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 23:04:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
grumblecrytopless.com/pixel/sbs?c=1
192.243.59.20200 OK 0 B URL HTTP/1.1 grumblecrytopless.com/pixel/sbs?c=1
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pixel/sbs?c=1 HTTP/1.1
Host: grumblecrytopless.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lifestylee.me/
Cookie: u_pl=15933797; uid_id2=851e212b-e155-47e8-804e-66d45ab1762d:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slece39e6de78434e75a812da1a674f8e022=[3364901]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Tue, 20 Sep 2022 23:04:31 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/16/css/animate.css
172.64.201.2200 OK 4.9 kB URL HTTP/2 cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/16/css/animate.css
IP 172.64.201.2:0
Hash 61855a8c3552b95c1485f3e4b31b18f2
7c6af9a2d594bffc30cfdafbdfe7f3ff2f9f4c12
6a81511fba44103cb083c2dc119fa881f1d717b2c1e0952491075946f7e03b1d
GET /sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/16/css/animate.css HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lifestylee.me
Connection: keep-alive
Referer: https://lifestylee.me/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Sep 2022 23:04:31 GMT
content-type: text/css
last-modified: Fri, 21 May 2021 10:10:46 GMT
etag: W/"60a78726-13591"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dwsEK902oO8z7nLp5kC%2B2IaGHg70MMA4iMbzvHfPbRsh98UBHTfUoLwafsCJWlXhk6%2BQn%2BTB4YqRBI3h3idE3H1uumhBnBxULrW1UD40Pm6sBV9j0bpw4aOqHHXOPInBuC0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74de33593a6571aa-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
dodurantom.com/15?rnd=662844754&z=3846473&var=&rb=Eo0v9_QTmJRaBOAW5QQC_Z9btmK0FoTNnvk6fTuEjmVNSJ7yZQVHM4OdkGRuzohXYqTI6GHG5AM1v8cJEd7aZ75LI-YUNZ_xYSyLqFwqXDjOT8Ud40f3rDtpY_Jdph3Jcw_t4Ruup16J4-H1W06FamyXfuoXDomX6Ats_zGC7KMzyAuZ9NyxBC7fMPAP1zitPI1yg4dhQJiDH4m-uK_XsIBXjktDuwqqHb8pa61WqYdLz10aNVQx53_9VndVOReIt3rhzF3Z9UFz5Nfkd0fLgzfQLCp_Ugxw3lflcDbJctplnXyldIzUyyzrey3kdQqFReTtG-9I7pD_XsKQmc3tajE5-pSsAJxtV4iRbJCN0zLh13vEe83sLyY985pMoq-Mp-Q_k0NAAE_6U-pG55u6chTMvOyF3W3MyxIwAmw6H4r6SpS0KPkTLSN1EvOicK3sgz2NKDPtZCMYGnzbb_fHjMMU8LxiX8K7DVT7S3zx0-r-lYa1044MXkTjDe69BWXcMj3-32yKOquFucBruMr4PtPX4M9mpDlELFmxNJWOS9zLDhLy4yPnTPFlTMCgmE5-EMxj6ZPD8-Z2uzpC4OGFJgvOXMSKabZns0O71zaG2iqFZImbIA6DhvNg1oAbnTCtUFHbTzpj3p30wTqrmij1jQ==&ruid=9c2b4337-ff1c-40ce-9fba-8678d7fe50e5&uci=%7B%22path%22%3A%7B%22count%22%3A0%2C%22totalLength%22%3A0%2C%22pathHistogram%22%3A%7B%224%22%3A0%2C%228%22%3A0%2C%2216%22%3A0%2C%2232%22%3A0%2C%2264%22%3A0%2C%22128%22%3A0%2C%22256%22%3A0%2C%22512%22%3A0%2C%221024%22%3A0%7D%7D%2C%22durationOnCreate%22%3A3.263%2C%22location%22%3A%22https%3A%2F%2Flifestylee.me%2Fkickstart-crocs-adds-more-to-its-colorful-shoes%2F%22%2C%22isSelenium%22%3Afalse%2C%22isPhantom%22%3Afalse%2C%22isTouch%22%3Afalse%2C%22pluginCount%22%3A0%2C%22wdov%22%3A0%2C%22wvr%22%3A1%2C%22wiv%22%3Atrue%2C%22isIONS%22%3Atrue%7D
139.45.197.239204 No Content 0 B URL HTTP/2 dodurantom.com/15?rnd=662844754&z=3846473&var=&rb=Eo0v9_QTmJRaBOAW5QQC_Z9btmK0FoTNnvk6fTuEjmVNSJ7yZQVHM4OdkGRuzohXYqTI6GHG5AM1v8cJEd7aZ75LI-YUNZ_xYSyLqFwqXDjOT8Ud40f3rDtpY_Jdph3Jcw_t4Ruup16J4-H1W06FamyXfuoXDomX6Ats_zGC7KMzyAuZ9NyxBC7fMPAP1zitPI1yg4dhQJiDH4m-uK_XsIBXjktDuwqqHb8pa61WqYdLz10aNVQx53_9VndVOReIt3rhzF3Z9UFz5Nfkd0fLgzfQLCp_Ugxw3lflcDbJctplnXyldIzUyyzrey3kdQqFReTtG-9I7pD_XsKQmc3tajE5-pSsAJxtV4iRbJCN0zLh13vEe83sLyY985pMoq-Mp-Q_k0NAAE_6U-pG55u6chTMvOyF3W3MyxIwAmw6H4r6SpS0KPkTLSN1EvOicK3sgz2NKDPtZCMYGnzbb_fHjMMU8LxiX8K7DVT7S3zx0-r-lYa1044MXkTjDe69BWXcMj3-32yKOquFucBruMr4PtPX4M9mpDlELFmxNJWOS9zLDhLy4yPnTPFlTMCgmE5-EMxj6ZPD8-Z2uzpC4OGFJgvOXMSKabZns0O71zaG2iqFZImbIA6DhvNg1oAbnTCtUFHbTzpj3p30wTqrmij1jQ==&ruid=9c2b4337-ff1c-40ce-9fba-8678d7fe50e5&uci=%7B%22path%22%3A%7B%22count%22%3A0%2C%22totalLength%22%3A0%2C%22pathHistogram%22%3A%7B%224%22%3A0%2C%228%22%3A0%2C%2216%22%3A0%2C%2232%22%3A0%2C%2264%22%3A0%2C%22128%22%3A0%2C%22256%22%3A0%2C%22512%22%3A0%2C%221024%22%3A0%7D%7D%2C%22durationOnCreate%22%3A3.263%2C%22location%22%3A%22https%3A%2F%2Flifestylee.me%2Fkickstart-crocs-adds-more-to-its-colorful-shoes%2F%22%2C%22isSelenium%22%3Afalse%2C%22isPhantom%22%3Afalse%2C%22isTouch%22%3Afalse%2C%22pluginCount%22%3A0%2C%22wdov%22%3A0%2C%22wvr%22%3A1%2C%22wiv%22%3Atrue%2C%22isIONS%22%3Atrue%7D
IP 139.45.197.239:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /15?rnd=662844754&z=3846473&var=&rb=Eo0v9_QTmJRaBOAW5QQC_Z9btmK0FoTNnvk6fTuEjmVNSJ7yZQVHM4OdkGRuzohXYqTI6GHG5AM1v8cJEd7aZ75LI-YUNZ_xYSyLqFwqXDjOT8Ud40f3rDtpY_Jdph3Jcw_t4Ruup16J4-H1W06FamyXfuoXDomX6Ats_zGC7KMzyAuZ9NyxBC7fMPAP1zitPI1yg4dhQJiDH4m-uK_XsIBXjktDuwqqHb8pa61WqYdLz10aNVQx53_9VndVOReIt3rhzF3Z9UFz5Nfkd0fLgzfQLCp_Ugxw3lflcDbJctplnXyldIzUyyzrey3kdQqFReTtG-9I7pD_XsKQmc3tajE5-pSsAJxtV4iRbJCN0zLh13vEe83sLyY985pMoq-Mp-Q_k0NAAE_6U-pG55u6chTMvOyF3W3MyxIwAmw6H4r6SpS0KPkTLSN1EvOicK3sgz2NKDPtZCMYGnzbb_fHjMMU8LxiX8K7DVT7S3zx0-r-lYa1044MXkTjDe69BWXcMj3-32yKOquFucBruMr4PtPX4M9mpDlELFmxNJWOS9zLDhLy4yPnTPFlTMCgmE5-EMxj6ZPD8-Z2uzpC4OGFJgvOXMSKabZns0O71zaG2iqFZImbIA6DhvNg1oAbnTCtUFHbTzpj3p30wTqrmij1jQ==&ruid=9c2b4337-ff1c-40ce-9fba-8678d7fe50e5&uci=%7B%22path%22%3A%7B%22count%22%3A0%2C%22totalLength%22%3A0%2C%22pathHistogram%22%3A%7B%224%22%3A0%2C%228%22%3A0%2C%2216%22%3A0%2C%2232%22%3A0%2C%2264%22%3A0%2C%22128%22%3A0%2C%22256%22%3A0%2C%22512%22%3A0%2C%221024%22%3A0%7D%7D%2C%22durationOnCreate%22%3A3.263%2C%22location%22%3A%22https%3A%2F%2Flifestylee.me%2Fkickstart-crocs-adds-more-to-its-colorful-shoes%2F%22%2C%22isSelenium%22%3Afalse%2C%22isPhantom%22%3Afalse%2C%22isTouch%22%3Afalse%2C%22pluginCount%22%3A0%2C%22wdov%22%3A0%2C%22wvr%22%3A1%2C%22wiv%22%3Atrue%2C%22isIONS%22%3Atrue%7D HTTP/1.1
Host: dodurantom.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lifestylee.me
Connection: keep-alive
Referer: https://lifestylee.me/
Cookie: OAID=946ebaaf7d75436ebe039102ab1ac179; oaidts=1663715067; scm=1; oaidvc=1; CNT=1_v1_GkTeAAEAAAA3SwAA
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Tue, 20 Sep 2022 23:04:31 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://lifestylee.me
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 876068925070ead0457d943deb675e01
access-control-expose-headers: X-Sc
set-cookie: OAID=946ebaaf7d75436ebe039102ab1ac179; expires=Wed, 20 Sep 2023 23:04:31 GMT; secure; SameSite=None
oaidts=1663715067; expires=Wed, 20 Sep 2023 23:04:31 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
dodurantom.com/15?rnd=662844754&z=3846473&var=&rb=Eo0v9_QTmJRaBOAW5QQC_Z9btmK0FoTNnvk6fTuEjmVNSJ7yZQVHM4OdkGRuzohXYqTI6GHG5AM1v8cJEd7aZ75LI-YUNZ_xYSyLqFwqXDjOT8Ud40f3rDtpY_Jdph3Jcw_t4Ruup16J4-H1W06FamyXfuoXDomX6Ats_zGC7KMzyAuZ9NyxBC7fMPAP1zitPI1yg4dhQJiDH4m-uK_XsIBXjktDuwqqHb8pa61WqYdLz10aNVQx53_9VndVOReIt3rhzF3Z9UFz5Nfkd0fLgzfQLCp_Ugxw3lflcDbJctplnXyldIzUyyzrey3kdQqFReTtG-9I7pD_XsKQmc3tajE5-pSsAJxtV4iRbJCN0zLh13vEe83sLyY985pMoq-Mp-Q_k0NAAE_6U-pG55u6chTMvOyF3W3MyxIwAmw6H4r6SpS0KPkTLSN1EvOicK3sgz2NKDPtZCMYGnzbb_fHjMMU8LxiX8K7DVT7S3zx0-r-lYa1044MXkTjDe69BWXcMj3-32yKOquFucBruMr4PtPX4M9mpDlELFmxNJWOS9zLDhLy4yPnTPFlTMCgmE5-EMxj6ZPD8-Z2uzpC4OGFJgvOXMSKabZns0O71zaG2iqFZImbIA6DhvNg1oAbnTCtUFHbTzpj3p30wTqrmij1jQ==&ruid=9c2b4337-ff1c-40ce-9fba-8678d7fe50e5&uci=%7B%22path%22%3A%7B%22count%22%3A0%2C%22totalLength%22%3A0%2C%22pathHistogram%22%3A%7B%224%22%3A0%2C%228%22%3A0%2C%2216%22%3A0%2C%2232%22%3A0%2C%2264%22%3A0%2C%22128%22%3A0%2C%22256%22%3A0%2C%22512%22%3A0%2C%221024%22%3A0%7D%7D%2C%22durationOnCreate%22%3A7.265%2C%22location%22%3A%22https%3A%2F%2Flifestylee.me%2Fkickstart-crocs-adds-more-to-its-colorful-shoes%2F%22%2C%22isSelenium%22%3Afalse%2C%22isPhantom%22%3Afalse%2C%22isTouch%22%3Afalse%2C%22pluginCount%22%3A0%2C%22wdov%22%3A0%2C%22wvr%22%3A1%2C%22wiv%22%3Atrue%2C%22isIONS%22%3Atrue%7D
139.45.197.239204 No Content 0 B URL HTTP/2 dodurantom.com/15?rnd=662844754&z=3846473&var=&rb=Eo0v9_QTmJRaBOAW5QQC_Z9btmK0FoTNnvk6fTuEjmVNSJ7yZQVHM4OdkGRuzohXYqTI6GHG5AM1v8cJEd7aZ75LI-YUNZ_xYSyLqFwqXDjOT8Ud40f3rDtpY_Jdph3Jcw_t4Ruup16J4-H1W06FamyXfuoXDomX6Ats_zGC7KMzyAuZ9NyxBC7fMPAP1zitPI1yg4dhQJiDH4m-uK_XsIBXjktDuwqqHb8pa61WqYdLz10aNVQx53_9VndVOReIt3rhzF3Z9UFz5Nfkd0fLgzfQLCp_Ugxw3lflcDbJctplnXyldIzUyyzrey3kdQqFReTtG-9I7pD_XsKQmc3tajE5-pSsAJxtV4iRbJCN0zLh13vEe83sLyY985pMoq-Mp-Q_k0NAAE_6U-pG55u6chTMvOyF3W3MyxIwAmw6H4r6SpS0KPkTLSN1EvOicK3sgz2NKDPtZCMYGnzbb_fHjMMU8LxiX8K7DVT7S3zx0-r-lYa1044MXkTjDe69BWXcMj3-32yKOquFucBruMr4PtPX4M9mpDlELFmxNJWOS9zLDhLy4yPnTPFlTMCgmE5-EMxj6ZPD8-Z2uzpC4OGFJgvOXMSKabZns0O71zaG2iqFZImbIA6DhvNg1oAbnTCtUFHbTzpj3p30wTqrmij1jQ==&ruid=9c2b4337-ff1c-40ce-9fba-8678d7fe50e5&uci=%7B%22path%22%3A%7B%22count%22%3A0%2C%22totalLength%22%3A0%2C%22pathHistogram%22%3A%7B%224%22%3A0%2C%228%22%3A0%2C%2216%22%3A0%2C%2232%22%3A0%2C%2264%22%3A0%2C%22128%22%3A0%2C%22256%22%3A0%2C%22512%22%3A0%2C%221024%22%3A0%7D%7D%2C%22durationOnCreate%22%3A7.265%2C%22location%22%3A%22https%3A%2F%2Flifestylee.me%2Fkickstart-crocs-adds-more-to-its-colorful-shoes%2F%22%2C%22isSelenium%22%3Afalse%2C%22isPhantom%22%3Afalse%2C%22isTouch%22%3Afalse%2C%22pluginCount%22%3A0%2C%22wdov%22%3A0%2C%22wvr%22%3A1%2C%22wiv%22%3Atrue%2C%22isIONS%22%3Atrue%7D
IP 139.45.197.239:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /15?rnd=662844754&z=3846473&var=&rb=Eo0v9_QTmJRaBOAW5QQC_Z9btmK0FoTNnvk6fTuEjmVNSJ7yZQVHM4OdkGRuzohXYqTI6GHG5AM1v8cJEd7aZ75LI-YUNZ_xYSyLqFwqXDjOT8Ud40f3rDtpY_Jdph3Jcw_t4Ruup16J4-H1W06FamyXfuoXDomX6Ats_zGC7KMzyAuZ9NyxBC7fMPAP1zitPI1yg4dhQJiDH4m-uK_XsIBXjktDuwqqHb8pa61WqYdLz10aNVQx53_9VndVOReIt3rhzF3Z9UFz5Nfkd0fLgzfQLCp_Ugxw3lflcDbJctplnXyldIzUyyzrey3kdQqFReTtG-9I7pD_XsKQmc3tajE5-pSsAJxtV4iRbJCN0zLh13vEe83sLyY985pMoq-Mp-Q_k0NAAE_6U-pG55u6chTMvOyF3W3MyxIwAmw6H4r6SpS0KPkTLSN1EvOicK3sgz2NKDPtZCMYGnzbb_fHjMMU8LxiX8K7DVT7S3zx0-r-lYa1044MXkTjDe69BWXcMj3-32yKOquFucBruMr4PtPX4M9mpDlELFmxNJWOS9zLDhLy4yPnTPFlTMCgmE5-EMxj6ZPD8-Z2uzpC4OGFJgvOXMSKabZns0O71zaG2iqFZImbIA6DhvNg1oAbnTCtUFHbTzpj3p30wTqrmij1jQ==&ruid=9c2b4337-ff1c-40ce-9fba-8678d7fe50e5&uci=%7B%22path%22%3A%7B%22count%22%3A0%2C%22totalLength%22%3A0%2C%22pathHistogram%22%3A%7B%224%22%3A0%2C%228%22%3A0%2C%2216%22%3A0%2C%2232%22%3A0%2C%2264%22%3A0%2C%22128%22%3A0%2C%22256%22%3A0%2C%22512%22%3A0%2C%221024%22%3A0%7D%7D%2C%22durationOnCreate%22%3A7.265%2C%22location%22%3A%22https%3A%2F%2Flifestylee.me%2Fkickstart-crocs-adds-more-to-its-colorful-shoes%2F%22%2C%22isSelenium%22%3Afalse%2C%22isPhantom%22%3Afalse%2C%22isTouch%22%3Afalse%2C%22pluginCount%22%3A0%2C%22wdov%22%3A0%2C%22wvr%22%3A1%2C%22wiv%22%3Atrue%2C%22isIONS%22%3Atrue%7D HTTP/1.1
Host: dodurantom.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lifestylee.me
Connection: keep-alive
Referer: https://lifestylee.me/
Cookie: OAID=946ebaaf7d75436ebe039102ab1ac179; oaidts=1663715067; scm=1; oaidvc=1; CNT=1_v1_GkTeAAEAAAA3SwAA
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Tue, 20 Sep 2022 23:04:35 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://lifestylee.me
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 86af741c3f18e95e8b6d280e7fe9955a
access-control-expose-headers: X-Sc
set-cookie: OAID=946ebaaf7d75436ebe039102ab1ac179; expires=Wed, 20 Sep 2023 23:04:35 GMT; secure; SameSite=None
oaidts=1663715067; expires=Wed, 20 Sep 2023 23:04:35 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
glimtors.net/custom
139.45.197.251200 OK 39 B IP 139.45.197.251:0
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
POST /custom HTTP/1.1
Host: glimtors.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lifestylee.me/
Content-Type: application/json
Origin: https://lifestylee.me
Content-Length: 419
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 20 Sep 2022 23:04:36 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: bbc8edde627e2a59cff95ab68ed9c396
access-control-allow-origin: https://lifestylee.me
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
my.rtmark.net/gid.js?pub=0&userId=3ebde9f56a154d9eb9d506e3cfefd860&zoneId=3156533&checkDuplicate=true&ymid=&var=
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?pub=0&userId=3ebde9f56a154d9eb9d506e3cfefd860&zoneId=3156533&checkDuplicate=true&ymid=&var=
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash becad27492e7740d7109bcb4f0664662
9e842eb6015baef026cab7428dd601184bb425f1
4ed770a22e16c0beb9085c5673eb3d07edf651f9b6f6c01f7ced04b3e21b3437
GET /gid.js?pub=0&userId=3ebde9f56a154d9eb9d506e3cfefd860&zoneId=3156533&checkDuplicate=true&ymid=&var= HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lifestylee.me/
Origin: https://lifestylee.me
Connection: keep-alive
Cookie: ID=946ebaaf7d75436ebe039102ab1ac179
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Sep 2022 23:04:36 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://lifestylee.me
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=946ebaaf7d75436ebe039102ab1ac179; expires=Wed, 20 Sep 2023 23:04:36 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
spl.zeotap.com/?env=mWeb&eventType=pageview&zdid=1258
104.22.24.87200 OK 0 B URL HTTP/2 spl.zeotap.com/?env=mWeb&eventType=pageview&zdid=1258
IP 104.22.24.87:0
GET /?env=mWeb&eventType=pageview&zdid=1258 HTTP/1.1
Host: spl.zeotap.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lifestylee.me
Connection: keep-alive
Referer: https://lifestylee.me/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 23:04:28 GMT
content-type: text/html
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-origin: https://lifestylee.me
set-cookie: zc=f3b4b828-a730-4a27-7e78-f22770e705d8; Path=/; Domain=.zeotap.com; Max-Age=31536000; SameSite=None; Secure
zsc=%ADs%E0%A6%CE%F5%09%F1k%D8e%5B%B53%25ag%C4%E9%BB%F66%14%B6%86fS%9D%2C%C9%C7W%01%8F%F4%90%82%B0J%E1%8D%FF3%87%D6%DAZ%D4%B6%B4%B1%EFl%B1-%17%1Cy%C2%C6pb%99%D7%91%2F%A9%9C%40X%B6%FF%03J%95%B9%D8%28%16j%82%27%3F; Path=/; Domain=.zeotap.com; Max-Age=86400; SameSite=None; Secure
vary: Origin
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 74de3346ebabb517-OSL
content-encoding: br
X-Firefox-Spdy: h2
gum.criteo.com/sync?c=147&r=2&j=criteoCallback
178.250.0.157200 OK 0 B URL HTTP/2 gum.criteo.com/sync?c=147&r=2&j=criteoCallback
IP 178.250.0.157:0
GET /sync?c=147&r=2&j=criteoCallback HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lifestylee.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Sep 2022 23:04:28 GMT
content-type: text/javascript; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
expires: 60
server-processing-duration-in-ticks: 572352
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
ads.themoneytizer.com/s/requestform.js?siteId=72277&formatId=6
185.76.9.24200 OK 0 B URL HTTP/2 ads.themoneytizer.com/s/requestform.js?siteId=72277&formatId=6
IP 185.76.9.24:0
ASN #60068 Datacamp Limited
GET /s/requestform.js?siteId=72277&formatId=6 HTTP/1.1
Host: ads.themoneytizer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lifestylee.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 23:04:27 GMT
content-type: text/html; charset=UTF-8
cache-control: public, max-age=86400
x-accel-expires: @1663801467
server: CDN77-Turbo
x-77-nzt: AblMCRRUcVGh
x-77-nzt-ray: HpK2ccMcOYA
x-cache: MISS
x-77-pop: stockholmSE
x-77-cache: MISS
content-encoding: br
X-Firefox-Spdy: h2
cmp.quantcast.com/tcfv2/42/cmp2.js?referer=www.themoneytizer.com
143.204.55.17200 OK 0 B URL HTTP/2 cmp.quantcast.com/tcfv2/42/cmp2.js?referer=www.themoneytizer.com
IP 143.204.55.17:0
GET /tcfv2/42/cmp2.js?referer=www.themoneytizer.com HTTP/1.1
Host: cmp.quantcast.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lifestylee.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/javascript;charset=UTF-8
access-control-max-age: 86400
last-modified: Tue, 05 Jul 2022 18:40:23 GMT
x-amz-server-side-encryption: AES256
x-amz-meta-qc-ineu: True
server: AmazonS3
access-control-allow-origin: *
access-control-allow-methods: GET
content-encoding: br
cache-control: max-age=172800
date: Tue, 20 Sep 2022 23:04:07 GMT
etag: W/"9494b70738cd74c9137e65c29c0b1f3e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 410f51195842d9b592b15d6588c36654.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 8KpyV_6hNKVF4BSOy2uqYSGEfxF4XzReLj0wDES8w9UttT_DRrWoGw==
age: 23
X-Firefox-Spdy: h2
ads.themoneytizer.com/lib_fs_close.js
185.76.9.24200 OK 0 B URL HTTP/2 ads.themoneytizer.com/lib_fs_close.js
IP 185.76.9.24:0
ASN #60068 Datacamp Limited
GET /lib_fs_close.js HTTP/1.1
Host: ads.themoneytizer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lifestylee.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 23:04:27 GMT
content-type: application/javascript
last-modified: Tue, 14 Jun 2022 12:21:22 GMT
etag: W/"62a87d42-297"
pragma: public
x-accel-expires: @1664683261
server: CDN77-Turbo
x-77-nzt: AblMCRSrUWb//gsBAA
x-77-nzt-ray: JDXIRaEbvww
x-cache: HIT
x-age: 68606
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
ads.themoneytizer.com/s/requestform.js?siteId=72277&formatId=2
185.76.9.24200 OK 0 B URL HTTP/2 ads.themoneytizer.com/s/requestform.js?siteId=72277&formatId=2
IP 185.76.9.24:0
ASN #60068 Datacamp Limited
GET /s/requestform.js?siteId=72277&formatId=2 HTTP/1.1
Host: ads.themoneytizer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lifestylee.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Sep 2022 23:04:27 GMT
content-type: text/html; charset=UTF-8
cache-control: max-age=86400
x-accel-expires: @1663801467
server: CDN77-Turbo
x-77-nzt: AblMCRTAzPGh
x-77-nzt-ray: endk4PS4PJM
x-cache: MISS
x-77-pop: stockholmSE
x-77-cache: MISS
content-encoding: br
X-Firefox-Spdy: h2
platform-cdn.sharethis.com/img/sms.svg
54.230.111.19200 OK 0 B URL HTTP/2 platform-cdn.sharethis.com/img/sms.svg
IP 54.230.111.19:0
GET /img/sms.svg HTTP/1.1
Host: platform-cdn.sharethis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lifestylee.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/svg+xml
date: Fri, 26 Aug 2022 03:57:06 GMT
last-modified: Thu, 10 Oct 2019 01:20:13 GMT
etag: W/"e7eca7e85a8b3599935b0649debb23f2"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=2592000
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6259d2cd8a5947ad41a420527bbed7a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: h5zk1McL5OY6pLKjheXQPSZlpgc0hsPzLjeNkSIiexPJD7rDRH-6Kg==
age: 2228845
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
tzegilo.com/stattag.js
104.21.84.149200 OK 0 B IP 104.21.84.149:0
GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lifestylee.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Sep 2022 23:04:28 GMT
content-type: application/javascript
last-modified: Thu, 04 Aug 2022 15:18:11 GMT
etag: W/"62ebe333-8007"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 4843
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e45waCsH%2BgJIrxHvccks%2FfN%2FBs8Zzf5%2FxstPgKbMa4T1DlL%2BWL56GUZKV7ounyBpTFU6DjFxBtALUHdEB6kWqoIAoxQuUJtBH5UpbAvktIFokcKyN5MCIWbwdpLdlg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74de3347ec65fac4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
dozubatan.com/400/4495524
139.45.197.237200 OK 0 B URL HTTP/2 dozubatan.com/400/4495524
IP 139.45.197.237:0
GET /400/4495524 HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lifestylee.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 20 Sep 2022 23:04:27 GMT
content-type: application/javascript
x-trace-id: fcc16264d106c6e8558570ff1fa1dd3d
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=ff8d53bf725246b0877e177774a05581; expires=Wed, 20 Sep 2023 23:04:27 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
gum.criteo.com/sync?c=147&r=2&j=criteoCallback
178.250.0.157200 OK 0 B URL HTTP/2 gum.criteo.com/sync?c=147&r=2&j=criteoCallback
IP 178.250.0.157:0
GET /sync?c=147&r=2&j=criteoCallback HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lifestylee.me/
Origin: https://lifestylee.me
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 20 Sep 2022 23:04:30 GMT
content-type: text/javascript; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
expires: 60
access-control-allow-credentials: true
access-control-allow-origin: https://lifestylee.me
server-processing-duration-in-ticks: 557012
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
cdn.yourwebbars.com/sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/16/index.html
172.67.74.218200 OK 0 B URL HTTP/2 cdn.yourwebbars.com/sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/16/index.html
IP 172.67.74.218:0
GET /sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/16/index.html HTTP/1.1
Host: cdn.yourwebbars.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lifestylee.me
Connection: keep-alive
Referer: https://lifestylee.me/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Sep 2022 23:04:30 GMT
content-type: text/html
last-modified: Wed, 09 Feb 2022 14:15:28 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UkJIZrv31rrzjnOG%2FvOhlc2z2DT5tRk0EFVYzT1JZpkXRmIZnsYvBO65FS2ZsjpN3mWaN8zc4RgTzWcuZ4FeCGMvlEjtJTD6iloO8%2FZO6CWMVjfQpg53IxztPZZp75QGH%2BKvImg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74de3354dba1b4f7-OSL
content-encoding: br
X-Firefox-Spdy: h2
addresseepaper.com/sfp.js
172.64.100.4200 OK 0 B URL HTTP/2 addresseepaper.com/sfp.js
IP 172.64.100.4:0
GET /sfp.js HTTP/1.1
Host: addresseepaper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lifestylee.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Sep 2022 23:04:28 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 86b3e259c57ec365d4dc8a73d2a400d1
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Tue, 20 Sep 2022 23:04:28 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CdRtC3Lx%2FLT%2FJ9iLk1FVwCxXPSL6eaL6OJMQ%2BKrj1tUp6scr3pPLkyg8Le1OccaooWFaMrninc6bx4UQCESWkt24T1nO1ySjlhLmwPbs%2BX6kpAdxVzA8i1sqnFRuNBQEoEFRqLM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74de33495958d174-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
creepingbrings.com/sfp.js
172.64.105.16200 OK 0 B URL HTTP/2 creepingbrings.com/sfp.js
IP 172.64.105.16:0
GET /sfp.js HTTP/1.1
Host: creepingbrings.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lifestylee.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Sep 2022 23:04:28 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 039bb849136bd9728174d60a0f2fe1a8
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Tue, 20 Sep 2022 23:04:28 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LxQN1jRwozqXAVJXFPpbYyoboq4LiXWiBaqlMtYyPc2qi8K4yMhcK461X7%2B3QBb%2BZEvadD2p%2BU7TFaEZg%2FNS9HJzmB7ZHfhxGwdwuhopT%2Be6C4CUzqTmB03z5eslDf9K4rboZrM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74de334958350656-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cmp.quantcast.com/tcfv2/google-atp-list.json
143.204.55.17200 OK 0 B URL HTTP/2 cmp.quantcast.com/tcfv2/google-atp-list.json
IP 143.204.55.17:0
GET /tcfv2/google-atp-list.json HTTP/1.1
Host: cmp.quantcast.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lifestylee.me
Connection: keep-alive
Referer: https://lifestylee.me/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json
access-control-max-age: 86400
cache-control: max-age=172800
date: Tue, 20 Sep 2022 03:00:29 GMT
last-modified: Tue, 20 Sep 2022 03:00:27 GMT
etag: W/"98d5ec6478de68f1621180313dd2deb6"
x-amz-server-side-encryption: AES256
server: AmazonS3
access-control-allow-origin: *
access-control-allow-methods: GET
content-encoding: br
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 410f51195842d9b592b15d6588c36654.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: hI0I9H79rWRe13TiGk-ZG7TKl2p_DOHt2U4C2C10bTUxnnnso5tvEw==
age: 72241
X-Firefox-Spdy: h2
glimtors.net/ntfc.php?p=3156533
139.45.197.251200 OK 0 B URL HTTP/2 glimtors.net/ntfc.php?p=3156533
IP 139.45.197.251:0
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /ntfc.php?p=3156533 HTTP/1.1
Host: glimtors.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lifestylee.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 20 Sep 2022 23:04:27 GMT
content-type: application/javascript
last-modified: Tue, 20 Sep 2022 07:25:49 GMT
etag: W/"63296afd-38a8"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
inpagepush.com/400/3156537
139.45.197.237200 OK 0 B URL HTTP/2 inpagepush.com/400/3156537
IP 139.45.197.237:0
Analyzer Verdict Alert fortinet Malware
GET /400/3156537 HTTP/1.1
Host: inpagepush.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lifestylee.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 20 Sep 2022 23:04:27 GMT
content-type: application/javascript
x-trace-id: 55dd9387d66cc12f4408bd9c04af6dd0
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=3deea012d1614de8a835620acf400598; expires=Wed, 20 Sep 2023 23:04:27 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
rules.quantcount.com/rules-p-6Fv0cGNfc_bw8.js
54.230.111.16200 OK 0 B URL HTTP/2 rules.quantcount.com/rules-p-6Fv0cGNfc_bw8.js
IP 54.230.111.16:0
GET /rules-p-6Fv0cGNfc_bw8.js HTTP/1.1
Host: rules.quantcount.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lifestylee.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
last-modified: Sat, 27 Aug 2022 14:06:59 GMT
x-amz-server-side-encryption: AES256
server: AmazonS3
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
access-control-allow-methods: GET
content-encoding: gzip
date: Tue, 20 Sep 2022 23:03:43 GMT
cache-control: max-age=3600
etag: W/"552289573698eb75389ce036af4dd98e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 8ac66e1d6983a0f44cf391b1ec3b1cce.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: eM0e6abKoyTj_4T3oW0-FyFUdl3Qf441jfgP1fue_D8gCLOjxuUZ8A==
age: 47
X-Firefox-Spdy: h2
spl.zeotap.com/mapper.js?env=mWeb&eventType=pageview&zdid=1258
104.22.24.87200 OK 0 B URL HTTP/2 spl.zeotap.com/mapper.js?env=mWeb&eventType=pageview&zdid=1258
IP 104.22.24.87:0
GET /mapper.js?env=mWeb&eventType=pageview&zdid=1258 HTTP/1.1
Host: spl.zeotap.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lifestylee.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Sep 2022 23:04:27 GMT
content-type: application/javascript
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-origin: https://lifestylee.me
vary: Origin, Accept-Encoding
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 74de3345baf8b517-OSL
content-encoding: br
X-Firefox-Spdy: h2
secure.quantserve.com/quant.js
91.228.74.251200 OK 0 B URL HTTP/2 secure.quantserve.com/quant.js
IP 91.228.74.251:0
GET /quant.js HTTP/1.1
Host: secure.quantserve.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lifestylee.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Sep 2022 23:04:29 GMT
content-type: application/javascript
accept-ranges: bytes
cache-control: private, max-age=604800
content-encoding: gzip
etag: "eN3sxSgaav0x5wHLxGB1gQ=="
expires: Tue, 27 Sep 2022 23:04:29 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2
dodurantom.com/27/297c24375a3d0be67b0d42f42ac1e540
139.45.197.239200 OK 0 B URL HTTP/2 dodurantom.com/27/297c24375a3d0be67b0d42f42ac1e540
IP 139.45.197.239:0
Analyzer Verdict Alert quad9 Sinkholed
GET /27/297c24375a3d0be67b0d42f42ac1e540 HTTP/1.1
Host: dodurantom.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lifestylee.me/
Cookie: OAID=f4e9a3a748a048af9ed42dc65c40b45e; oaidts=1663715067; scm=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Sep 2022 23:04:28 GMT
content-type: application/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
cache-control: max-age:290304000, public
last-modified: Mon, 19 Sep 2022 05:52:07 GMT
expires: Mon, 19 Oct 2082 05:52:07 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
dozubatan.com/500/4495524?excludes=&oaid=946ebaaf7d75436ebe039102ab1ac179&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Flifestylee.me%2Fkickstart-crocs-adds-more-to-its-colorful-shoes%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 0 B URL HTTP/2 dozubatan.com/500/4495524?excludes=&oaid=946ebaaf7d75436ebe039102ab1ac179&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Flifestylee.me%2Fkickstart-crocs-adds-more-to-its-colorful-shoes%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
GET /500/4495524?excludes=&oaid=946ebaaf7d75436ebe039102ab1ac179&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Flifestylee.me%2Fkickstart-crocs-adds-more-to-its-colorful-shoes%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://lifestylee.me
Connection: keep-alive
Referer: https://lifestylee.me/
Cookie: OAID=ff8d53bf725246b0877e177774a05581
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Sep 2022 23:04:28 GMT
content-type: application/javascript
x-trace-id: fa18d6d29f97970ac6ac393cbb373e08
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://lifestylee.me
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=946ebaaf7d75436ebe039102ab1ac179; expires=Wed, 20 Sep 2023 23:04:28 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
ndc.mynewsj.com/xa.js?v21122222212122222
172.67.159.13200 OK 0 B URL HTTP/2 ndc.mynewsj.com/xa.js?v21122222212122222
IP 172.67.159.13:0
GET /xa.js?v21122222212122222 HTTP/1.1
Host: ndc.mynewsj.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lifestylee.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Sep 2022 23:04:27 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Mon, 12 Sep 2022 13:36:33 GMT
etag: W/"631f35e1-f48c"
cache-control: max-age=14400
cf-cache-status: HIT
age: 6050
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zBjw6G7f4yEdNf8UGtFRPtejz%2F9an7%2BsZyf%2FhXxXqWfn%2FV%2F9rFut%2BxAt143Spf7PQO0dyxc6wKqWRFbB9oMf4Y5%2BxH69qdNR6kCP7t0M91chTk1CkYv%2Fe6UnUl2lf%2B7cPbA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74de3345aed9b506-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
glimtors.net/pfe/current/universal.min.js?v=3.1.395
139.45.197.251200 OK 0 B URL HTTP/2 glimtors.net/pfe/current/universal.min.js?v=3.1.395
IP 139.45.197.251:0
Analyzer Verdict Alert quad9 Sinkholed
GET /pfe/current/universal.min.js?v=3.1.395 HTTP/1.1
Host: glimtors.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lifestylee.me/
Origin: https://lifestylee.me
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Sep 2022 23:04:27 GMT
content-type: application/javascript
last-modified: Tue, 20 Sep 2022 07:25:49 GMT
etag: W/"63296afd-1fafa"
access-control-allow-origin: https://lifestylee.me
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
cmp.quantcast.com/GVL-v2/vendor-list-trimmed-v1.json
143.204.55.17200 OK 0 B URL HTTP/2 cmp.quantcast.com/GVL-v2/vendor-list-trimmed-v1.json
IP 143.204.55.17:0
GET /GVL-v2/vendor-list-trimmed-v1.json HTTP/1.1
Host: cmp.quantcast.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lifestylee.me
Connection: keep-alive
Referer: https://lifestylee.me/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json
access-control-max-age: 3000
cache-control: max-age=172800
date: Tue, 20 Sep 2022 03:00:37 GMT
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-allow-credentials: true
last-modified: Tue, 20 Sep 2022 03:00:34 GMT
etag: W/"e8f6486cbdf11a60d420ee29ef2df850"
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: br
vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
x-cache: Hit from cloudfront
via: 1.1 410f51195842d9b592b15d6588c36654.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: PccLlciu31b-VipHUbkmk_7UKH-2p1TKv1QyxbL669XuQlazReaG_A==
age: 72233
X-Firefox-Spdy: h2
cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/16/js/jquery.min.js
172.64.201.2200 OK 0 B URL HTTP/2 cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/16/js/jquery.min.js
IP 172.64.201.2:0
GET /sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/16/js/jquery.min.js HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 23:04:30 GMT
content-type: application/javascript
last-modified: Fri, 21 May 2021 10:10:50 GMT
etag: W/"60a7872a-15d94"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 4194007
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8KG8zyVCDjGKPejIqEySj%2F%2BGd221Qp%2FKZcpfJxl%2FZPytlPa8LGNxid8pEqWhOYRZ2ru357zBvqApQWBWd5dv%2B%2BxrAjEsdmkR6WmaeR2xdl%2F5%2Bwp36s3TKQNyU2NdBSXEpJs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74de33595a9471aa-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
onmarshtompor.com/?rb=xsK5NSMsNqbxnKLV-H60Urm5iwysd7Vg9eXhr1G-LxBofoxCRvR_v9c26cCKked7vyQqyQhE8mPEXck8Ec8E-Wx4Cbh3E5Rtcfai4A0MgFCt0QmHSAl1AHVgS9jazPnnebo3WNIm6u0Z1ngrbP3zpqUPDTMaSigBQeqxgzM-kY2M0v9mdH9f6y0k1wbufHx-QU4uiY5W63lhiBM0tFaiNzvfLhA%3D&request_ab2=0&zoneid=3156542&js_build=iclick-v1.429.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Flifestylee.me%2Fkickstart-crocs-adds-more-to-its-colorful-shoes%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.429.0&bs=a7be1905-77da-4e4c-badb-6570174fd41d&userId=946ebaaf7d75436ebe039102ab1ac179&m=link
139.45.197.243200 OK 0 B URL HTTP/2 onmarshtompor.com/?rb=xsK5NSMsNqbxnKLV-H60Urm5iwysd7Vg9eXhr1G-LxBofoxCRvR_v9c26cCKked7vyQqyQhE8mPEXck8Ec8E-Wx4Cbh3E5Rtcfai4A0MgFCt0QmHSAl1AHVgS9jazPnnebo3WNIm6u0Z1ngrbP3zpqUPDTMaSigBQeqxgzM-kY2M0v9mdH9f6y0k1wbufHx-QU4uiY5W63lhiBM0tFaiNzvfLhA%3D&request_ab2=0&zoneid=3156542&js_build=iclick-v1.429.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Flifestylee.me%2Fkickstart-crocs-adds-more-to-its-colorful-shoes%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.429.0&bs=a7be1905-77da-4e4c-badb-6570174fd41d&userId=946ebaaf7d75436ebe039102ab1ac179&m=link
IP 139.45.197.243:0
GET /?rb=xsK5NSMsNqbxnKLV-H60Urm5iwysd7Vg9eXhr1G-LxBofoxCRvR_v9c26cCKked7vyQqyQhE8mPEXck8Ec8E-Wx4Cbh3E5Rtcfai4A0MgFCt0QmHSAl1AHVgS9jazPnnebo3WNIm6u0Z1ngrbP3zpqUPDTMaSigBQeqxgzM-kY2M0v9mdH9f6y0k1wbufHx-QU4uiY5W63lhiBM0tFaiNzvfLhA%3D&request_ab2=0&zoneid=3156542&js_build=iclick-v1.429.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Flifestylee.me%2Fkickstart-crocs-adds-more-to-its-colorful-shoes%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.429.0&bs=a7be1905-77da-4e4c-badb-6570174fd41d&userId=946ebaaf7d75436ebe039102ab1ac179&m=link HTTP/1.1
Host: onmarshtompor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lifestylee.me/
Origin: https://lifestylee.me
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 20 Sep 2022 23:04:28 GMT
content-type: application/json
x-trace-id: 2f0d0307cb494339e8b345e7f44af356
access-control-allow-origin: https://lifestylee.me
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=946ebaaf7d75436ebe039102ab1ac179; expires=Wed, 20 Sep 2023 23:04:28 GMT; path=/; secure; SameSite=None
oaidts=1663715068; expires=Wed, 20 Sep 2023 23:04:28 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Tue, 27 Sep 2022 23:04:28 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2