Overview

URLblog.afterlivre.com/livre-francais-cm2-pdf.html
IP 78.41.204.32 (Netherlands)
ASN#62370 Snel.com B.V.
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-11-30 01:52:46 UTC
StatusLoading report..
IDS alerts0
Blocklist alert1
urlquery alerts No alerts detected
Tags None

Domain Summary (44)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
app.satismeter.com (2) 22472 2015-10-23 02:32:43 UTC 2022-11-29 15:19:54 UTC 104.18.2.19
www.google-analytics.com (1) 40 2012-10-03 01:04:21 UTC 2022-11-29 19:27:24 UTC 142.250.74.110
go.primexbt.com (1) 0 No data No data 34.91.234.242 Domain (primexbt.com) ranked at: 252401
zeep.ly (1) 287572 2019-02-06 12:24:33 UTC 2022-11-30 01:34:44 UTC 95.217.202.210
img-getpocket.cdn.mozilla.net (7) 1631 2018-06-21 23:36:00 UTC 2020-02-19 04:43:25 UTC 34.120.237.76
api.primexbt.com (4) 896789 2019-02-20 07:00:07 UTC 2022-11-02 23:13:15 UTC 104.18.28.58
stats.g.doubleclick.net (1) 96 2013-06-10 20:21:11 UTC 2022-11-29 23:26:21 UTC 74.125.131.154
app.link (2) 6772 2017-03-14 20:36:16 UTC 2022-11-30 00:00:34 UTC 54.230.111.120
ocsp.r2m01.amazontrust.com (1) 0 2022-10-12 20:43:53 UTC 2022-11-29 19:44:21 UTC 54.230.80.227 Domain (amazontrust.com) ranked at: 581
content-signature-2.cdn.mozilla.net (1) 1152 No data No data 34.160.144.191
s.adroll.com (4) 2553 2012-06-27 18:27:26 UTC 2020-04-25 20:03:51 UTC 143.204.55.75
connect.facebook.net (1) 139 2012-05-22 02:51:28 UTC 2020-02-17 13:26:09 UTC 31.13.72.12
region1.analytics.google.com (1) 0 2022-03-17 11:26:33 UTC 2022-11-29 20:13:30 UTC 216.239.32.36 Domain (google.com) ranked at: 1
analytics.tiktok.com (3) 1182 No data No data 23.36.79.32
www.facebook.com (2) 99 2012-05-21 00:23:41 UTC 2021-06-08 06:38:51 UTC 31.13.72.36
widget.intercom.io (1) 2417 2020-07-20 12:16:46 UTC 2022-11-29 20:45:17 UTC 54.230.111.119
firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-11-29 17:14:13 UTC 34.102.187.140
primexbt.com (6) 252401 2018-12-18 15:03:32 UTC 2022-11-26 10:37:39 UTC 104.18.28.58
t.co (2) 569 2012-07-25 19:09:44 UTC 2022-11-29 17:14:22 UTC 104.244.42.69
cdn.branch.io (1) 845 2017-11-13 12:05:09 UTC 2022-11-30 00:09:08 UTC 143.204.55.35
analytics.twitter.com (2) 526 2013-04-10 19:53:18 UTC 2020-02-24 11:40:32 UTC 104.244.42.195
www.google.com (1) 7 2016-03-22 03:56:07 UTC 2022-11-29 17:12:28 UTC 216.58.207.228
blog.afterlivre.com (3) 0 2022-06-02 20:06:30 UTC 2022-11-29 02:25:02 UTC 78.41.204.32 Unknown ranking
push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2020-05-03 10:09:39 UTC 44.242.41.15
ocsp.sectigo.com (1) 487 2019-11-29 11:50:24 UTC 2021-09-17 20:05:40 UTC 172.64.155.188
static.ads-twitter.com (2) 614 2018-06-23 22:08:39 UTC 2020-04-02 08:58:40 UTC 151.101.244.157
adservice.google.no (1) 96969 2018-06-19 23:38:38 UTC 2020-05-14 07:59:11 UTC 142.250.74.162
d.adroll.com (18) 1530 2014-10-06 14:16:35 UTC 2020-01-24 16:56:58 UTC 54.77.66.171
api-iam.intercom.io (1) 2892 2018-11-02 22:54:36 UTC 2022-11-29 17:36:23 UTC 52.20.196.176
contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-11-29 17:10:57 UTC 34.117.237.239
ocsp.pki.goog (12) 175 2018-07-01 06:43:07 UTC 2020-05-02 20:58:16 UTC 142.250.74.131
www.googletagmanager.com (1) 75 2013-05-22 02:07:37 UTC 2022-11-29 23:42:23 UTC 142.250.74.168
www.googleoptimize.com (1) 1604 2019-07-23 08:23:32 UTC 2022-11-29 22:07:12 UTC 142.250.74.78
www.google.no (1) 25607 2016-04-05 19:50:59 UTC 2022-11-29 17:15:29 UTC 142.250.74.163
js.intercomcdn.com (2) 2440 2020-07-20 12:22:33 UTC 2022-11-29 19:51:17 UTC 54.230.111.33
api2.branch.io (4) 537 2020-03-01 00:09:08 UTC 2022-11-29 23:58:33 UTC 54.230.111.34
ocsp.digicert.com (10) 86 2012-05-21 07:02:23 UTC 2020-05-02 20:58:10 UTC 93.184.220.29
u.primexbt.com (1) 0 No data No data 67.199.248.12 Domain (primexbt.com) ranked at: 252401
ocsp.sca1b.amazontrust.com (2) 1015 2017-03-03 15:20:51 UTC 2019-03-27 04:05:54 UTC 143.204.42.88
nexus-websocket-a.intercom.io (1) 2137 2015-06-26 10:17:57 UTC 2022-11-29 17:11:24 UTC 35.174.127.31
click-v4.expmdiadi.com (1) 0 No data No data 198.134.116.17 Unknown ranking
fonts.gstatic.com (2) 0 2014-09-09 00:40:21 UTC 2022-11-29 23:47:40 UTC 216.58.207.227 Domain (gstatic.com) ranked at: 540
sentry.io (1) 2743 2016-08-31 05:38:44 UTC 2022-11-29 17:11:37 UTC 35.188.42.15
r3.o.lencr.org (8) 344 No data No data 23.36.77.32

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
 No alerts detected

PhishTank
 No alerts detected

Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-11-30 2 blog.afterlivre.com/livre-francais-cm2-pdf.html Malware

mnemonic secure dns
 No alerts detected

Quad9 DNS
 No alerts detected


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 78.41.204.32
Date UQ / IDS / BL URL IP
2023-01-14 07:40:54 +0000 0 - 0 - 1 rp.mr-download.info/?pcrc=2045234209&v=2.0 78.41.204.32
2023-01-14 07:40:55 +0000 0 - 1 - 1 os.mr-download.info/CM_SCH/?v=5.0&c=498869763 78.41.204.32
2022-12-12 10:30:17 +0000 0 - 0 - 3 reinssturdivantfuneralhome.com/ 78.41.204.32
2022-11-30 02:12:59 +0000 0 - 0 - 9 monchatauquotidien.afterlivre.com/livre-de-fr (...) 78.41.204.32
2022-11-30 01:52:46 +0000 0 - 0 - 1 blog.afterlivre.com/livre-francais-cm2-pdf.html 78.41.204.32


Last 5 reports on ASN: Snel.com B.V.
Date UQ / IDS / BL URL IP
2023-02-05 16:43:10 +0000 0 - 0 - 5 abbas.com/ 78.41.204.31
2023-02-05 00:33:20 +0000 0 - 3 - 3 dd365x.cc/ 185.244.106.2
2023-02-03 12:56:06 +0000 0 - 1 - 5 util4u.com/ctrl/getid.php?prog=executable.exe 78.41.204.30
2023-02-03 12:54:10 +0000 0 - 1 - 5 util4u.com/ctrl/getid.php?prog=0071b2d052ecf8 (...) 78.41.204.30
2023-02-02 07:55:51 +0000 0 - 0 - 1 kryptrks.com/click.php?project_id=a0b729fa5f& (...) 193.34.166.202


Last 5 reports on domain: afterlivre.com
Date UQ / IDS / BL URL IP
2023-02-01 12:48:49 +0000 0 - 0 - 1 monchatauquotidien.afterlivre.com/livre-pour- (...) 78.41.204.26
2023-01-05 03:23:39 +0000 0 - 2 - 3 blog.afterlivre.com/amazon-livres-italiens.html 78.41.204.33
2023-01-05 02:34:03 +0000 0 - 2 - 35 blog.afterlivre.com/livre-francais-histoire-v (...) 78.41.204.28
2023-01-05 02:33:59 +0000 0 - 0 - 1 monchatauquotidien.afterlivre.com/livre-de-fr (...) 78.41.204.28
2023-01-05 01:35:57 +0000 0 - 3 - 1 mybodymoncorps.afterlivre.com/livre-francais- (...) 78.41.204.28


No other reports with similar screenshot

JavaScript

Executed Scripts (120)

Executed Evals (35)
#1 JavaScript::Eval (size: 328) - SHA256: 18c1b700b021b2ef9c4f52dffa9a5ecda6e6e37c222ece3b8b6628e002872846
(function() {
    var b = google_tag_manager["GTM-WM7CR6W"].macro(38);
    b = b.split(".")[1];
    b = parseInt(b);
    var a = new Date(1E3 * b);
    b = a.toLocaleString("en-GB", {
        year: "numeric"
    });
    var c = a.toLocaleString("en-GB", {
        month: "numeric"
    });
    a = a.toLocaleString("en-GB", {
        day: "numeric"
    });
    10 > a && (a = "0" + a);
    10 > c && (c = "0" + c);
    return first_visit_day = b + "-" + c + "-" + a
})();
#2 JavaScript::Eval (size: 110) - SHA256: 29f3b79fa6ed65a2b1048d7f6c40e56a58881e8a7a7df936699b79766ec359b2
(function() {
    var a = google_tag_manager["GTM-WM7CR6W"].macro(39);
    a = a.split("|")[0];
    return a.split("\x3d")[1]
})();
#3 JavaScript::Eval (size: 90) - SHA256: 4dfffb04523510a666dd4db7f24228b05a040b751bf183e17ff91a71f3ede3a3
(function() {
    var a = google_tag_manager["GTM-WM7CR6W"].macro(59);
    return a = a.substring(6)
})();
#4 JavaScript::Eval (size: 90) - SHA256: a4e2bfaa831505ee3ab27d85fcf386cb6d89de5d7e7e6e97e4439471b676362b
(function() {
    var a = google_tag_manager["GTM-WM7CR6W"].macro(60);
    return a = a.substring(6)
})();
#5 JavaScript::Eval (size: 89) - SHA256: c419c5541814745633e4a85ef1652a967c625f241f5e5fe595d75db913c869fc
(function() {
    var a = google_tag_manager["GTM-WM7CR6W"].macro(4);
    return a = a.substring(6)
})();
#6 JavaScript::Eval (size: 90) - SHA256: 28cc2b2620cfdfc1eb567a62183d5a448666050ba5b2c81a373589418da9a272
(function() {
    var a = google_tag_manager["GTM-WM7CR6W"].macro(29);
    return a = a.substring(6)
})();
#7 JavaScript::Eval (size: 110) - SHA256: 4e4abdd4277b55941b8fa5aa829ca74ae536ce57222406280b76af14187355ba
(function() {
    var a = google_tag_manager["GTM-WM7CR6W"].macro(64);
    a = a.split("|")[1];
    return a.split("\x3d")[1]
})();
#8 JavaScript::Eval (size: 90) - SHA256: c81e791d016ea4cf287854b6617949ee350a5912a35485c8dab2d2a4c45692d5
(function() {
    var a = google_tag_manager["GTM-WM7CR6W"].macro(37);
    return a = a.substring(6)
})();
#9 JavaScript::Eval (size: 90) - SHA256: 7eb15b190a6828c9b62dbf1e5f20d285ff1297af44567357eeec957e1f10cfac
(function() {
    var a = google_tag_manager["GTM-WM7CR6W"].macro(44);
    return a = a.substring(6)
})();
#10 JavaScript::Eval (size: 328) - SHA256: f8f493a80a66f67ea2ed67dbd8df8d2f5d11d95774aea6d693724b04faeb880c
(function() {
    var b = google_tag_manager["GTM-WM7CR6W"].macro(62);
    b = b.split(".")[1];
    b = parseInt(b);
    var a = new Date(1E3 * b);
    b = a.toLocaleString("en-GB", {
        year: "numeric"
    });
    var c = a.toLocaleString("en-GB", {
        month: "numeric"
    });
    a = a.toLocaleString("en-GB", {
        day: "numeric"
    });
    10 > a && (a = "0" + a);
    10 > c && (c = "0" + c);
    return first_visit_day = b + "-" + c + "-" + a
})();
#11 JavaScript::Eval (size: 110) - SHA256: 19de8cbac0d3de6e6e1e025bb3ddca7388cae104ea1dca8bf81a63e427ee30da
(function() {
    var a = google_tag_manager["GTM-WM7CR6W"].macro(47);
    a = a.split("|")[1];
    return a.split("\x3d")[1]
})();
#12 JavaScript::Eval (size: 109) - SHA256: 94fceb0983fbd4048384ba61712972a13deec6cf60c5f036f1bcbc213e40128b
(function() {
    var a = google_tag_manager["GTM-WM7CR6W"].macro(7);
    a = a.split("|")[1];
    return a.split("\x3d")[1]
})();
#13 JavaScript::Eval (size: 110) - SHA256: 401b53a31819c9835e717257cc8c65794365f9d39143de7b123e2de33487477c
(function() {
    var a = google_tag_manager["GTM-WM7CR6W"].macro(25);
    a = a.split("|")[0];
    return a.split("\x3d")[1]
})();
#14 JavaScript::Eval (size: 90) - SHA256: 8ad03d15f896cabf79f54ddfc187d6dfe44859917922be2532ce785b54ff80a2
(function() {
    var a = google_tag_manager["GTM-WM7CR6W"].macro(30);
    return a = a.substring(6)
})();
#15 JavaScript::Eval (size: 110) - SHA256: fb9a1a2caca45abd5d5fb7fa77fc438943e4d0e00b2e6eb8b42190f773d14ddf
(function() {
    var a = google_tag_manager["GTM-WM7CR6W"].macro(32);
    a = a.split("|")[0];
    return a.split("\x3d")[1]
})();
#16 JavaScript::Eval (size: 110) - SHA256: 5017bfda2ac6aa2581d3daadf655e493f14b6cfd65e81a12c35c23cbe7bc2fd9
(function() {
    var a = google_tag_manager["GTM-WM7CR6W"].macro(33);
    a = a.split("|")[1];
    return a.split("\x3d")[1]
})();
#17 JavaScript::Eval (size: 89) - SHA256: 8f3239079b4f99213d2975ad851884b6ea45d53d915c897296ca7c5245e547f4
(function() {
    var a = google_tag_manager["GTM-WM7CR6W"].macro(2);
    return a = a.substring(6)
})();
#18 JavaScript::Eval (size: 34) - SHA256: 92335397ea60fa767f960ce1cd60e5c08ee1a771dbbc6181a37ec49326341f2e
(function() {
    return Date.now()
})();
#19 JavaScript::Eval (size: 109) - SHA256: e4016984cd053355f610f3b0e94beb8a0e9a7e741754d717f40fd2f39a39bd53
(function() {
    var a = google_tag_manager["GTM-WM7CR6W"].macro(6);
    a = a.split("|")[0];
    return a.split("\x3d")[1]
})();
#20 JavaScript::Eval (size: 90) - SHA256: d63b669a9c549a6adb900ffdd7a2b53ea7d8879e7de20803cc4408ef340ff604
(function() {
    var a = google_tag_manager["GTM-WM7CR6W"].macro(22);
    return a = a.substring(6)
})();
#21 JavaScript::Eval (size: 90) - SHA256: c518eba7b3eac197649e2e9ab2877dfa1c03a28171ae657daf7a5571c0fb5c41
(function() {
    var a = google_tag_manager["GTM-WM7CR6W"].macro(23);
    return a = a.substring(6)
})();
#22 JavaScript::Eval (size: 110) - SHA256: f4347b261c6767d96a914425c18069255bd9294629aeb94a6b8e98fa1ab51f62
(function() {
    var a = google_tag_manager["GTM-WM7CR6W"].macro(46);
    a = a.split("|")[0];
    return a.split("\x3d")[1]
})();
#23 JavaScript::Eval (size: 328) - SHA256: f9663c34961126c9f891d24c1179bdd1b6b53b6b5c83b72f62623b5201eec767
(function() {
    var b = google_tag_manager["GTM-WM7CR6W"].macro(45);
    b = b.split(".")[1];
    b = parseInt(b);
    var a = new Date(1E3 * b);
    b = a.toLocaleString("en-GB", {
        year: "numeric"
    });
    var c = a.toLocaleString("en-GB", {
        month: "numeric"
    });
    a = a.toLocaleString("en-GB", {
        day: "numeric"
    });
    10 > a && (a = "0" + a);
    10 > c && (c = "0" + c);
    return first_visit_day = b + "-" + c + "-" + a
})();
#24 JavaScript::Eval (size: 90) - SHA256: 8ad749f417eeed96615c4abd8f4fde7eccbae08ccc567fa7e7701254e5b0cf19
(function() {
    var a = google_tag_manager["GTM-WM7CR6W"].macro(61);
    return a = a.substring(6)
})();
#25 JavaScript::Eval (size: 87) - SHA256: aab310ed9d84ead154e032927d4a74c007f4b03655f5596b12339ea61881ba4e
(function() {
    return (new Date).getTime() + "." + Math.random().toString(36).substring(5)
})();
#26 JavaScript::Eval (size: 327) - SHA256: 0bb94656885142f5626be0c81a18439f847da8756662c04ffcec8cd7f19f3e37
(function() {
    var b = google_tag_manager["GTM-WM7CR6W"].macro(5);
    b = b.split(".")[1];
    b = parseInt(b);
    var a = new Date(1E3 * b);
    b = a.toLocaleString("en-GB", {
        year: "numeric"
    });
    var c = a.toLocaleString("en-GB", {
        month: "numeric"
    });
    a = a.toLocaleString("en-GB", {
        day: "numeric"
    });
    10 > a && (a = "0" + a);
    10 > c && (c = "0" + c);
    return first_visit_day = b + "-" + c + "-" + a
})();
#27 JavaScript::Eval (size: 328) - SHA256: c9e85c4d0a374f66c26741ffbb694097d2925278b82588849d42afbbd98608bd
(function() {
    var b = google_tag_manager["GTM-WM7CR6W"].macro(24);
    b = b.split(".")[1];
    b = parseInt(b);
    var a = new Date(1E3 * b);
    b = a.toLocaleString("en-GB", {
        year: "numeric"
    });
    var c = a.toLocaleString("en-GB", {
        month: "numeric"
    });
    a = a.toLocaleString("en-GB", {
        day: "numeric"
    });
    10 > a && (a = "0" + a);
    10 > c && (c = "0" + c);
    return first_visit_day = b + "-" + c + "-" + a
})();
#28 JavaScript::Eval (size: 90) - SHA256: a831c20d9b5f6702902a876639c988f7e895f8da1c27e21dde4969545768edb8
(function() {
    var a = google_tag_manager["GTM-WM7CR6W"].macro(43);
    return a = a.substring(6)
})();
#29 JavaScript::Eval (size: 110) - SHA256: 08810df742e44588441be35f44f7add301bc032f63e14524310b594bac2c0cb8
(function() {
    var a = google_tag_manager["GTM-WM7CR6W"].macro(63);
    a = a.split("|")[0];
    return a.split("\x3d")[1]
})();
#30 JavaScript::Eval (size: 110) - SHA256: f3481a804804433e75a48d61156f4403ebc97bf6a5a525935f002491fedfed95
(function() {
    var a = google_tag_manager["GTM-WM7CR6W"].macro(40);
    a = a.split("|")[1];
    return a.split("\x3d")[1]
})();
#31 JavaScript::Eval (size: 161) - SHA256: f23b89fa1ca434554057c4d7f940a8cc9d82f11fc4a54adc8781ecea7a364634
(function() {
    var a = new Date,
        b = a.getDate(),
        c = a.getMonth() + 1;
    a = a.getFullYear();
    10 > b && (b = "0" + b);
    10 > c && (c = "0" + c);
    today_string = a + c + b;
    return a = Number(today_string)
})();
#32 JavaScript::Eval (size: 89) - SHA256: 6ad6f57241d8be175304b19e0efbfa2a2d31a9ff715d98e480f6fb739987e989
(function() {
    var a = google_tag_manager["GTM-WM7CR6W"].macro(3);
    return a = a.substring(6)
})();
#33 JavaScript::Eval (size: 110) - SHA256: d5e9360eed7d42f59aadaba9c74b0bde95c3ef782f2d71b73970bb8e3c2fd25b
(function() {
    var a = google_tag_manager["GTM-WM7CR6W"].macro(26);
    a = a.split("|")[1];
    return a.split("\x3d")[1]
})();
#34 JavaScript::Eval (size: 328) - SHA256: 6acd0b5e35c09836a4d466ae0104bd22914d5165f75af3ad05d5bcb31c6cf814
(function() {
    var b = google_tag_manager["GTM-WM7CR6W"].macro(31);
    b = b.split(".")[1];
    b = parseInt(b);
    var a = new Date(1E3 * b);
    b = a.toLocaleString("en-GB", {
        year: "numeric"
    });
    var c = a.toLocaleString("en-GB", {
        month: "numeric"
    });
    a = a.toLocaleString("en-GB", {
        day: "numeric"
    });
    10 > a && (a = "0" + a);
    10 > c && (c = "0" + c);
    return first_visit_day = b + "-" + c + "-" + a
})();
#35 JavaScript::Eval (size: 90) - SHA256: 978fe76628bd9f9421c4fdabc45f9674f22c9e183f170c7b905daa28febebd04
(function() {
    var a = google_tag_manager["GTM-WM7CR6W"].macro(36);
    return a = a.substring(6)
})();

Executed Writes (3)
#1 JavaScript::Write (size: 275) - SHA256: 9a0939c4713c7908547a3ce9e0bd41ad8e6df20cfeff541a94747ec040e4d9e1
< iframe src = "https://10903881.fls.doubleclick.net/activityi;src=10903881;type=prime0;cat=dcm-p0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=1;num=5680033641650.109?"
width = "1"
height = "1"
frameborder = "0"
style = "display:none" > < /iframe>
#2 JavaScript::Write (size: 15) - SHA256: c77e5168dffda66b8dc13f1425b4d3630a6656a3e5acf707f4393277ba3c8b5e
< !DOCTYPE html >
#3 JavaScript::Write (size: 275) - SHA256: ddc714e4141f9e5d3223d99e4c5d6d835fa224e8976cc341d1579ef546037157
< iframe src = "https://10903881.fls.doubleclick.net/activityi;src=10903881;type=prime0;cat=dcm-p0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=1;num=5934858978649.451?"
width = "1"
height = "1"
frameborder = "0"
style = "display:none" > < /iframe>


HTTP Transactions (122)


Request Response
                                        
                                            GET /livre-francais-cm2-pdf.html HTTP/1.1 
Host: blog.afterlivre.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         78.41.204.32
HTTP/1.1 200 OK
content-type: text/html; charset=utf-8
                                        
accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 507
date: Wed, 30 Nov 2022 01:52:32 GMT
server: nginx
set-cookie: sid=a84fd31a-7051-11ed-a18e-2ee850d1fd2f; path=/; domain=.afterlivre.com; expires=Mon, 18 Dec 2090 05:06:40 GMT; max-age=2147483647; HttpOnly


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (507), with no line terminators
Size:   507
Md5:    2592e20eb1bad54838cfb2ed2d7abedb
Sha1:   2f29253263b881c69a263c4dd6146da8b1907ac5
Sha256: 21243304998294f049df92944cd9fd73db70798b05caee9b917894aff90387fa

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "8EED57C91B42EF7B2D5EFF1309E306E23E13C3DE21219AF24A693CBF3E8977FC"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4083
Expires: Wed, 30 Nov 2022 03:00:36 GMT
Date: Wed, 30 Nov 2022 01:52:33 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Accept-Ranges: bytes
Age: 5198
Cache-Control: public, max-age=1209600
Date: Wed, 30 Nov 2022 01:52:33 GMT
Etag: "63866bb2-37"
Last-Modified: Tue, 29 Nov 2022 20:29:38 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 55


--- Additional Info ---
Magic:  HTML document, ASCII text
Size:   55
Md5:    9f073354411bbaf7a319b1519f10b4b7
Sha1:   571498f38548829bf186f49f5be9d5fa6e689a68
Sha256: 4a7aaaa1c093dee8a191d4469c9f701c5e62e88896bc778a13cc4ffedf9be89a
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 30 Nov 2022 01:19:38 GMT
cache-control: public,max-age=3600
age: 1975
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    14cd9a0afb6ba9a763651d5112760d1e
Sha1:   75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
Sha256: 4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "A3EC545A8F9364AC9062EDDB41279E1465687A1B60F9C1DEC6B3A3DF8B033EB3"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6897
Expires: Wed, 30 Nov 2022 03:47:30 GMT
Date: Wed, 30 Nov 2022 01:52:33 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: r2AjXLQKnunmzP/5f85AtGGfftyy7LVZPjNasZ+F0Gi3WJZYglVrpFookd54Xtz5u3Djhb7RQQU=
x-amz-request-id: 5Z3F3XYT9K7KYWE4
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 30 Nov 2022 01:45:41 GMT
age: 413
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    9ebddc2b260d081ebbefee47c037cb28
Sha1:   492bad62a7ca6a74738921ef5ae6f0be5edebf39
Sha256: 74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Wed, 30 Nov 2022 01:52:34 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: blog.afterlivre.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://blog.afterlivre.com/livre-francais-cm2-pdf.html
Cookie: sid=a84fd31a-7051-11ed-a18e-2ee850d1fd2f

search
                                         78.41.204.32
HTTP/1.1 404 Not Found
                                        
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 9
date: Wed, 30 Nov 2022 01:52:33 GMT
server: nginx


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   9
Md5:    d8f4a1993546cc4b850cde3599e27aec
Sha1:   094b763b4cfcc0b05e5d040581cd513c3ca08067
Sha256: 907ba78b4545338d3539683e63ecb51cf51c10adc9dabd86e92bd52339f298b9
                                        
                                            GET /livre-francais-cm2-pdf.html?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY2OTc4MDM1MywiaWF0IjoxNjY5NzczMTUzLCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIyc20zamxoMTM1dHVoZ252M3MwM2dpMjIiLCJuYmYiOjE2Njk3NzMxNTMsInRzIjoxNjY5NzczMTUzNjg4NjE5fQ.-bU4lFmeyqG20Fyy3OKmm-1EZM4x1CW_xBQKFzuWwDg&sid=a84fd31a-7051-11ed-a18e-2ee850d1fd2f HTTP/1.1 
Host: blog.afterlivre.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://blog.afterlivre.com/livre-francais-cm2-pdf.html
Cookie: sid=a84fd31a-7051-11ed-a18e-2ee850d1fd2f
Upgrade-Insecure-Requests: 1

search
                                         78.41.204.32
HTTP/1.1 302 Found
                                        
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 11
date: Wed, 30 Nov 2022 01:52:33 GMT
location: http://click-v4.expmdiadi.com/click?i=yrfAQEV6uEk_0
server: nginx
set-cookie: sid=a84fd31a-7051-11ed-a18e-2ee850d1fd2f; path=/; domain=.afterlivre.com; expires=Mon, 18 Dec 2090 05:06:41 GMT; max-age=2147483647; HttpOnly


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   11
Md5:    32682312d17c7cbf18e73594f5570319
Sha1:   60e22121bdd0bc71cdb2bae2a3aa577006b2eae9
Sha256: e55fb1a1d731153e943b68844af12dcce8bfac917c98ffdea64c80da0607dd47
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Pragma, Last-Modified, ETag, Alert, Expires, Retry-After, Cache-Control, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 30 Nov 2022 01:08:56 GMT
cache-control: public,max-age=3600
age: 2618
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4548
Cache-Control: public, max-age=1209600
Date: Wed, 30 Nov 2022 01:52:34 GMT
Etag: "63866b9a-37"
Last-Modified: Tue, 29 Nov 2022 20:29:14 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /click?i=yrfAQEV6uEk_0 HTTP/1.1 
Host: click-v4.expmdiadi.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://blog.afterlivre.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         198.134.116.17
HTTP/1.1 302 Found
                                        
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: https://zeep.ly/F7pxW
Pragma: no-cache

                                        
                                            GET /F7pxW HTTP/1.1 
Host: zeep.ly
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://blog.afterlivre.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         95.217.202.210
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
                                        
Date: Wed, 30 Nov 2022 01:52:34 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Encoding: gzip
Vary: Accept-Encoding,User-Agent
Set-Cookie: PHPSESSID=fb96090002468182d58f4993acd9c841; path=/ short_F7pxW=1; expires=Wed, 30-Nov-2022 02:22:34 GMT; Max-Age=1800; path=/; HttpOnly
Location: https://u.primexbt.com/criptogeronimo
Connection: close
Transfer-Encoding: chunked

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: tvEFkidH06LQyZdlCkIwag==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         44.242.41.15
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: MP5YmU1s/+LxqCu8ZV8ypbpzqhI=

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "B812AAB7EC59372571A2D0A3A73052A9EA3D429A31BB9C772953CB691D2E57C6"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Wed, 30 Nov 2022 07:52:35 GMT
Date: Wed, 30 Nov 2022 01:52:35 GMT
Connection: keep-alive

                                        
                                            GET /criptogeronimo HTTP/1.1 
Host: u.primexbt.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://blog.afterlivre.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         67.199.248.12
HTTP/2 302 Found
content-type: text/html; charset=utf-8
                                        
cache-control: private, max-age=90
content-security-policy: referrer always;
date: Wed, 30 Nov 2022 01:52:35 GMT
location: https://go.primexbt.com/click?pid=17436&offer_id=12
referrer-policy: unsafe-url
server: nginx
set-cookie: _bit=mau1Qz-74abdbb6ccb57448ac-00y; Domain=u.primexbt.com; Expires=Mon, 29 May 2023 01:52:35 GMT
strict-transport-security: max-age=1209600
content-length: 142
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Size:   142
Md5:    fb66991b79c33c7c0aa301c67ecc4923
Sha1:   585274a6dd23933d8b379b771e9e2cbdce5f573e
Sha256: 492231dd0f338bf65ad36f32086cccc6e48274180b0c9604fd92bfac44f5c08c
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 30 Nov 2022 01:52:35 GMT
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 29 Nov 2022 10:43:59 GMT
Expires: Tue, 06 Dec 2022 10:43:58 GMT
Etag: "fc553bd009365fe8f6fbe51b2144b333e18daf2c"
Cache-Control: max-age=549682,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 771ff1ce3f2db51e-OSL

                                        
                                            GET /click?pid=17436&offer_id=12 HTTP/1.1 
Host: go.primexbt.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://blog.afterlivre.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         34.91.234.242
HTTP/2 302 Found
                                        
server: nginx
date: Wed, 30 Nov 2022 01:52:35 GMT
content-length: 0
location: https://primexbt.com/id/sign-up?click_id=6386b763a89a6e0001c81ea6&pid=17436&offer_id=12&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=
x-adjust-use-original-forwarded-for: 1
set-cookie: afclick=6386b763a89a6e0001c81ea6; expires=Thu, 30 Nov 2023 01:52:35 GMT; secure; SameSite=None afoffers={"12":1669773155}; expires=Thu, 30 Nov 2023 01:52:35 GMT; secure; SameSite=None
access-control-allow-origin: *
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Cache-Control: max-age=155998
Date: Wed, 30 Nov 2022 01:52:35 GMT
Etag: "638675c1-116"
Expires: Thu, 01 Dec 2022 21:12:33 GMT
Last-Modified: Tue, 29 Nov 2022 21:12:33 GMT
Server: nginx
Content-Length: 278

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19425
Expires: Wed, 30 Nov 2022 07:16:21 GMT
Date: Wed, 30 Nov 2022 01:52:36 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19425
Expires: Wed, 30 Nov 2022 07:16:21 GMT
Date: Wed, 30 Nov 2022 01:52:36 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19425
Expires: Wed, 30 Nov 2022 07:16:21 GMT
Date: Wed, 30 Nov 2022 01:52:36 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19425
Expires: Wed, 30 Nov 2022 07:16:21 GMT
Date: Wed, 30 Nov 2022 01:52:36 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19425
Expires: Wed, 30 Nov 2022 07:16:21 GMT
Date: Wed, 30 Nov 2022 01:52:36 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff2730750-552d-4852-8ce1-503874565f75.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9051
x-amzn-requestid: 1032dd9c-a15e-4e8a-9c81-07419e8caf67
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYhGvEMNIAMFaKw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867bc4-1005c20a33320dbf6567ca31;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:38:12 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: IMaVlQblNnh9mFKwb2LG7hw7h_f1_nVYqO4aEUqY01a2HofnnQqcFQ==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 21:49:31 GMT
age: 14585
etag: "6170d6776615503e3e29f86783febc3e3e78ca66"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9051
Md5:    05196ec43964cf559caa0c0279148d62
Sha1:   6170d6776615503e3e29f86783febc3e3e78ca66
Sha256: 47f3a5cde661987e3496ce110a0170b10087dd9ba8d4fd691c4830587ba3fa3f
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa4f88ec5-5875-45d1-bcd3-d997040d6d42.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 3719
x-amzn-requestid: 6fab3454-fedd-4a1e-ae47-468ddd6233bc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYgDaGQ4IAMFUkQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867a15-4b313cf054d6301e71cdc0c1;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:31:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: phw8DXQgjOyH5g4gvbqgZk-2sHr2n9cHVr4lqqPXfXtyhG32gs2pIg==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 21:52:45 GMT
age: 14391
etag: "453067f6ab356aa87a3ad3b56e33545376597852"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   3719
Md5:    ceb8e975fb408de32c43f55febaa6414
Sha1:   453067f6ab356aa87a3ad3b56e33545376597852
Sha256: e0ecbb6052b4fef75f58da8dae589c81ab9ec9d304de08f26c144a2c3ce9eaac
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F966ff24e-ea85-4a2e-aead-22f1a723c59f.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9674
x-amzn-requestid: 7e7d0183-9667-462a-8d44-d125998c1ae3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYgEoHVAoAMFvAQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867a1d-280ba97e3fe1bf7244cbde35;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:31:09 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ym_L3s5E6MLy6BxqNkVxok6L6hA4c-ilSsEqt42j2IbiXYPb4c6-VQ==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 21:52:51 GMT
age: 14385
etag: "53650399f9a986ba54addd668b4557109d12003b"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9674
Md5:    5508d05a290b663fd89ead9b58f2efd8
Sha1:   53650399f9a986ba54addd668b4557109d12003b
Sha256: 65704a961410fdd318c491fedf002c8e9b184cd34b76fe1b67026d42ce21be3f
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2fcfcea6-8f79-45f4-b081-2b90a5d95f8f.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5492
x-amzn-requestid: 4b09d9a8-09fa-40e5-a996-8a6ad9f8283e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYgE9E5TIAMF6ug=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867a1f-2f17467d7a6318796d01fd2e;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:31:11 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 6QhRECWKI2TAlt2bgVuKlQPCeyzkes1_5i5kJ4FQYD591KBADY9qVg==
via: 1.1 42ef990e439ae115ff739f04e3945234.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 21:52:45 GMT
age: 14391
etag: "e1eec39299f081b53c647953b57da4f2f1ba10bc"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5492
Md5:    acb1e555533322dbfeb8e0d8c956c43d
Sha1:   e1eec39299f081b53c647953b57da4f2f1ba10bc
Sha256: 579d2fd6aab6bba72a405bb1d0259856878adc90671a88b2b0edf5a284dba1f9
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52cf4797-5177-4859-9523-faeb4e38f224.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9812
x-amzn-requestid: 70bfeb68-0703-44bf-8550-50c759d52d86
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYgDbFolIAMFYBQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867a15-73fb65ee2b9161372819207f;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:31:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: QQCoNlJBSE2V-IQlZr37dhINTABRu3ms9Y1p4FweO36HD-U6m9vvwg==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 21:52:45 GMT
age: 14391
etag: "ce411cc5b0a37bbd89551d06d7d0349f45734e97"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9812
Md5:    5c5277610f3a542571abb53ffb3d4df1
Sha1:   ce411cc5b0a37bbd89551d06d7d0349f45734e97
Sha256: 3bf1105631ef7fda0249a46390ca90f904ea73b0a4f017c2db85326550a80a3f
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F13e1db4e-7108-464a-85b6-24ac0c4609f9.webp HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9330
x-amzn-requestid: 3fad352d-7664-43e0-9395-e840f671ca61
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYgFQFIdoAMFSmw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867a21-5e9847852f8435231d401fe6;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:31:13 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: mCEtSOenWKxay4vNy5mN9cexxXKXKt7TMuLaLw-M86tLKwQ2MwuxPg==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 12a392bc3a7281f8d5d4591bfadc41fc.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 22:00:54 GMT
age: 13902
etag: "2f3a39a528d3b759060203931de33c12303592e1"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9330
Md5:    bbe350ea797a0fec5a19a450fc5de4b4
Sha1:   2f3a39a528d3b759060203931de33c12303592e1
Sha256: 4d661dac2e19e07ae15d0f8cf00bd268c6c2defb2f5e4de38fcb6e7031dfd605
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 1
Cache-Control: max-age=155998
Date: Wed, 30 Nov 2022 01:52:36 GMT
Etag: "638675c1-116"
Expires: Thu, 01 Dec 2022 21:12:34 GMT
Last-Modified: Tue, 29 Nov 2022 21:12:33 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 278

                                        
                                            GET /my/icons.e61f16d2ddba1578.woff2 HTTP/1.1 
Host: primexbt.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://primexbt.com/
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         104.18.28.58
HTTP/2 200 OK
content-type: font/woff2
                                        
date: Wed, 30 Nov 2022 01:52:36 GMT
content-length: 19584
last-modified: Thu, 17 Nov 2022 06:44:55 GMT
etag: "6375d867-4c80"
cache-control: max-age=31536000
content-security-policy: frame-ancestors 'self' primexbt.com primexbt.ch primexbt-promo.com primexbt-start.com sign-up.primexbt.com eu.primexbt.com;
strict-transport-security: max-age=15552000
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: strict-origin
cf-cache-status: HIT
age: 10681
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 771ff1d2ac061c0e-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 19584, version 1.0\012- data
Size:   19584
Md5:    ae29943bbba7d464db2ed42fcc7bff0c
Sha1:   491105e97ea49ba35d138b5c0d19c2490d96af5c
Sha256: a7672aec764196474d1fa0e4130d95003e7e48737534ef897f2aada1a3c4fc42
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 30 Nov 2022 01:52:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Accept-Ranges: bytes
Age: 3132
Cache-Control: public, max-age=1209600
Date: Wed, 30 Nov 2022 01:52:36 GMT
Etag: "63866bb2-37"
Last-Modified: Tue, 29 Nov 2022 20:29:38 GMT
Server: ECS (amb/6BA7)
X-Cache: HIT
Content-Length: 55


--- Additional Info ---
Magic:  HTML document, ASCII text
Size:   55
Md5:    9f073354411bbaf7a319b1519f10b4b7
Sha1:   571498f38548829bf186f49f5be9d5fa6e689a68
Sha256: 4a7aaaa1c093dee8a191d4469c9f701c5e62e88896bc778a13cc4ffedf9be89a
                                        
                                            GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://primexbt.com/
Origin: https://primexbt.com
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         216.58.207.227
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 11028
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 19:33:59 GMT
expires: Thu, 23 Nov 2023 19:33:59 GMT
cache-control: public, max-age=31536000
age: 541117
last-modified: Wed, 11 May 2022 19:24:50 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 11028, version 1.0\012- data
Size:   11028
Md5:    1f6d3cf6d38f25d83d95f5a800b8cac3
Sha1:   279f300ca2cbbdf9f5036ef2f438607fbf377daa
Sha256: 796de064b8d80eba7ccacb8ba67d77fdbcdf4b385c844645d452c24537b3108f
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 30 Nov 2022 01:52:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /satismeter.js HTTP/1.1 
Host: app.satismeter.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://primexbt.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         104.18.2.19
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Wed, 30 Nov 2022 01:52:36 GMT
content-length: 65111
cache-control: public, max-age=14400
content-encoding: gzip
etag: W/"fe57-Dm3t8A5jIDri6vjBf2F6pe+xydE"
strict-transport-security: max-age=15552000; includeSubDomains
vary: Accept-Encoding
x-powered-by: Express
cf-cache-status: HIT
expires: Wed, 30 Nov 2022 05:52:36 GMT
accept-ranges: bytes
server: cloudflare
cf-ray: 771ff1d339e7fac0-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (10809)
Size:   65111
Md5:    6d959be6244d9c0d809811e538747e01
Sha1:   0e6dedf00e63203ae2eaf8c17f617aa5efb1c9d1
Sha256: c9cb8e8480b9b657b678f66e4620e7e51af62ac255d4e938d426c152d073d9c1
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 30 Nov 2022 01:52:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /gtm.js?id=GTM-WM7CR6W HTTP/1.1 
Host: www.googletagmanager.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://primexbt.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.168
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 30 Nov 2022 01:52:36 GMT
expires: Wed, 30 Nov 2022 01:52:36 GMT
cache-control: private, max-age=900
last-modified: Wed, 30 Nov 2022 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 88561
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (46681)
Size:   88561
Md5:    a693261746c4b8a7e4294aaa8efcc031
Sha1:   493373bf9f169f53411d30eeb458a933aff7713a
Sha256: b6ce8f2bcba4c1260149bc655706ea109821c2c7e70c33a71c363fdeabc34c68
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 30 Nov 2022 01:52:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            OPTIONS /v2/time?_nonce=1669773155680_0.4057765378684296 HTTP/1.1 
Host: api.primexbt.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-client-time,x-client-version,x-guard
Referer: https://primexbt.com/
Origin: https://primexbt.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site

search
                                         104.18.28.58
HTTP/2 204 No Content
                                        
date: Wed, 30 Nov 2022 01:52:36 GMT
access-control-allow-origin: https://primexbt.com
access-control-allow-credentials: true
access-control-allow-headers: Accept-Charset, Authorization, Origin, Accept, User-Agent, Accept-Encoding, Accept-Language, Content-Length, Accept-Datetime, Content-Type, x-client-time, X-Client-Version, x-guard, x-referer
access-control-expose-headers: x-request-id
access-control-allow-methods: GET, POST, PUT
access-control-max-age: 86400
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: origin
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 771ff1d60e5a0b51-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

                                        
                                            OPTIONS /v2/dictionary HTTP/1.1 
Host: api.primexbt.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-client-time,x-client-version,x-guard
Referer: https://primexbt.com/
Origin: https://primexbt.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site

search
                                         104.18.28.58
HTTP/2 204 No Content
                                        
date: Wed, 30 Nov 2022 01:52:36 GMT
access-control-allow-origin: https://primexbt.com
access-control-allow-credentials: true
access-control-allow-headers: Accept-Charset, Authorization, Origin, Accept, User-Agent, Accept-Encoding, Accept-Language, Content-Length, Accept-Datetime, Content-Type, x-client-time, X-Client-Version, x-guard, x-referer
access-control-expose-headers: x-request-id
access-control-allow-methods: GET, POST, PUT
access-control-max-age: 86400
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: origin
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 771ff1d5fe590b51-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

                                        
                                            GET /optimize.js?id=OPT-KBS29MC HTTP/1.1 
Host: www.googleoptimize.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://primexbt.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.78
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 30 Nov 2022 01:52:36 GMT
expires: Wed, 30 Nov 2022 01:52:36 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 45647
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (7115)
Size:   45647
Md5:    7dda10dfc90d5df6faf2fec27d84d6d6
Sha1:   93dcebe26ec60df013c760dac33aa3c6ab6e2c16
Sha256: 4a2d280017de4a92081ad014fb449aed148dad33aac0f95628de809b51c8007c
                                        
                                            GET /v2/time?_nonce=1669773155680_0.4057765378684296 HTTP/1.1 
Host: api.primexbt.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://primexbt.com/
X-Guard: OG5Idjc8bjhwZHdlS0h9XHdId3BNe21ZSDV4SUp6NWQ=
X-Client-Version: 11404
X-Client-Time: 1669773155689
Origin: https://primexbt.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers

search
                                         104.18.28.58
HTTP/2 200 OK
content-type: application/json; charset=utf-8
                                        
date: Wed, 30 Nov 2022 01:52:37 GMT
content-length: 21
cache-control: no-cache
x-response-time: 0ms
access-control-allow-origin: https://primexbt.com
access-control-allow-credentials: true
access-control-allow-headers: Accept-Charset, Authorization, Origin, Accept, User-Agent, Accept-Encoding, Accept-Language, Content-Length, Accept-Datetime, Content-Type, x-client-time, X-Client-Version, x-guard, x-referer
access-control-expose-headers: x-request-id
access-control-allow-methods: GET, POST, PUT
access-control-max-age: 86400
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: origin
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 771ff1d70ea40b51-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   21
Md5:    e5c60fab325bf44a04978ca63544945d
Sha1:   146253ca953177a29e9a90a8725da74f9ae512a3
Sha256: 309d5dbbe5384d3c185b40a067422e191e58d02a1e116046f602afc4c02316ae
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 30 Nov 2022 01:52:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /id/sign-up?click_id=6386b763a89a6e0001c81ea6&pid=17436&offer_id=12&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&sub7=&sub8= HTTP/1.1 
Host: primexbt.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://blog.afterlivre.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         104.18.28.58
HTTP/2 200 OK
content-type: text/html
                                        
date: Wed, 30 Nov 2022 01:52:36 GMT
cache-control: no-cache, no-store, must-revalidate
content-security-policy: frame-ancestors 'self' primexbt.com primexbt.ch primexbt-promo.com primexbt-start.com eu.primexbt.com;
strict-transport-security: max-age=15552000
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: strict-origin
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 771ff1d15b9f1c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (6232), with CRLF, LF line terminators
Size:   9123
Md5:    24caf7e97dea9c41abeee19c0249e349
Sha1:   e8faee180669bafdb48376c99037b415fc2ef59d
Sha256: 66fb0ca29e085d9d94a400252a43170d9fc5a21379517f225c9daff54706099a
                                        
                                            GET /oct.js HTTP/1.1 
Host: static.ads-twitter.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://primexbt.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         151.101.244.157
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
last-modified: Thu, 27 Oct 2022 18:55:37 GMT
cache-control: no-cache
content-encoding: gzip
etag: "32ad004436155ec972bc50e6238b5b67+gzip+gzip"
accept-ranges: bytes
date: Wed, 30 Nov 2022 01:52:37 GMT
x-served-by: cache-iad-kiad7000092-IAD, cache-hel1410032-HEL
x-cache: HIT, HIT
vary: Accept-Encoding,Host
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn: FT
content-length: 15375
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (57596), with no line terminators
Size:   15375
Md5:    573e6a7f86f6f3063763360ef0672c01
Sha1:   b12eab3b4ac8872d49ac6e15f9cd17741765c0cf
Sha256: 02445eb022a04139531f0ce8d8980c31083a1c670936f1477f5cfc4d252133f7
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 30 Nov 2022 01:52:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /api/1388959/envelope/?sentry_key=8c2d11d2ccbb43ae804af6023457b6ad&sentry_version=7&sentry_client=sentry.javascript.browser%2F7.12.1 HTTP/1.1 
Host: sentry.io
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://primexbt.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://primexbt.com
Content-Length: 399
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         35.188.42.15
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Server: nginx
Date: Wed, 30 Nov 2022 01:52:37 GMT
Content-Length: 2
Connection: keep-alive
access-control-allow-origin: https://primexbt.com
access-control-expose-headers: x-sentry-error, x-sentry-rate-limits, retry-after
vary: Origin
x-envoy-upstream-service-time: 1
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   2
Md5:    99914b932bd37a50b983c5e7c90ae93b
Sha1:   bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
Sha256: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 2636
Cache-Control: max-age=125157
Date: Wed, 30 Nov 2022 01:52:37 GMT
Etag: "6385f2fe-13a"
Expires: Thu, 01 Dec 2022 12:38:34 GMT
Last-Modified: Tue, 29 Nov 2022 11:54:38 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 314

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 30 Nov 2022 01:52:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /api/widget HTTP/1.1 
Host: app.satismeter.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://primexbt.com/
Content-Type: text/plain
Content-Length: 446
Origin: https://primexbt.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         104.18.2.19
HTTP/2 200 OK
content-type: application/json; charset=utf-8
                                        
date: Wed, 30 Nov 2022 01:52:37 GMT
access-control-allow-headers: Content-Type,Auth-Token,Traceparent,Request-Context
access-control-allow-methods: PUT,POST
access-control-allow-origin: *
access-control-expose-headers: Location,Auth-Token
content-encoding: gzip
etag: W/"480-BypbgXFW8H2Kh2yZ+yp+y79cBz0"
strict-transport-security: max-age=15552000; includeSubDomains
vary: Accept-Encoding
x-powered-by: Express
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 771ff1d7ceb3fac4-OSL
X-Firefox-Spdy: h2

                                        
                                            GET /oct.js HTTP/1.1 
Host: static.ads-twitter.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://primexbt.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
If-Modified-Since: Thu, 27 Oct 2022 18:55:37 GMT
If-None-Match: "32ad004436155ec972bc50e6238b5b67+gzip+gzip"
TE: trailers

search
                                         151.101.244.157
HTTP/2 304 Not Modified
                                        
date: Wed, 30 Nov 2022 01:52:37 GMT
cache-control: no-cache
etag: "32ad004436155ec972bc50e6238b5b67+gzip+gzip"
x-served-by: cache-hel1410032-HEL
x-cache: HIT
vary: Accept-Encoding,Host
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn: FT
X-Firefox-Spdy: h2

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 30 Nov 2022 01:52:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /i/adsct?bci=1&eci=1&event_id=59c13057-1e30-40da-917e-5ce51f437002&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=f0d73b79-f40d-4da3-bc25-5e0283d093f2&tw_document_href=https%3A%2F%2Fprimexbt.com%2Fid%2Fsign-up%3Fclick_id%3D6386b763a89a6e0001c81ea6%26pid%3D17436%26offer_id%3D12%26sub1%3D%26sub2%3D%26sub3%3D%26sub4%3D%26sub5%3D%26sub6%3D%26sub7%3D%26sub8%3D&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o980i&type=javascript&version=2.3.29 HTTP/1.1 
Host: t.co
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://primexbt.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         104.244.42.69
HTTP/2 200 OK
content-type: image/gif;charset=utf-8
                                        
date: Wed, 30 Nov 2022 01:52:36 GMT
perf: 7626143928
server: tsa_o
set-cookie: muc_ads=72f20bfb-ba4a-4cb2-9b7e-6fcbdb8caf3d; Max-Age=63072000; Expires=Fri, 29 Nov 2024 01:52:37 GMT; Path=/; Domain=t.co; Secure; SameSite=None
cache-control: no-cache, no-store, max-age=0
content-length: 43
x-transaction-id: 87d262920790cdc7
strict-transport-security: max-age=0
x-response-time: 108
x-connection-hash: 993b83bf8ea02734b2977684e5cc807876cac9b4a77266c6d6b543ba62f2a321
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    377d257f2d2e294916143c069141c1c5
Sha1:   b7cae69682cf31dd670b65088db8395acda6ed3e
Sha256: ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
                                        
                                            GET /widget/cr65d8qu HTTP/1.1 
Host: widget.intercom.io
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://primexbt.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         54.230.111.119
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
content-length: 6171
last-modified: Tue, 29 Nov 2022 17:19:28 GMT
x-amz-server-side-encryption: AES256
content-encoding: gzip
x-amz-version-id: k_30q0zFCghygQ5vfRxyyAoEQ1JWa7Rv
accept-ranges: bytes
server: AmazonS3
date: Wed, 30 Nov 2022 01:36:42 GMT
cache-control: max-age=900, s-maxage=900, public
etag: "8d7db1fb17a4a3e42e406eeb04b93655"
x-cache: Error from cloudfront
via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: PXgfEvlUAKu962dja5tjWQ3Vhop0oGWw3Ly4p8EUdeOg4UL7ajq1Tw==
age: 958
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (18920), with no line terminators
Size:   6171
Md5:    8d7db1fb17a4a3e42e406eeb04b93655
Sha1:   ef5d995f02d7382db1a507d5c41b4d38069134c2
Sha256: c4df4b1eaca1b7b28f7a5a1bbd1de9a9b371b6464a0ac00be9328607e17fc049
                                        
                                            GET /i/adsct?bci=1&eci=1&event_id=49293466-4ffa-48ba-89e4-f5b77f50359b&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=f0d73b79-f40d-4da3-bc25-5e0283d093f2&tw_document_href=https%3A%2F%2Fprimexbt.com%2Fid%2Fsign-up%3Fclick_id%3D6386b763a89a6e0001c81ea6%26pid%3D17436%26offer_id%3D12%26sub1%3D%26sub2%3D%26sub3%3D%26sub4%3D%26sub5%3D%26sub6%3D%26sub7%3D%26sub8%3D&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o980i&type=javascript&version=2.3.29 HTTP/1.1 
Host: t.co
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://primexbt.com/
Connection: keep-alive
Cookie: muc_ads=72f20bfb-ba4a-4cb2-9b7e-6fcbdb8caf3d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         104.244.42.69
HTTP/2 200 OK
content-type: image/gif;charset=utf-8
                                        
date: Wed, 30 Nov 2022 01:52:37 GMT
perf: 7626143928
server: tsa_o
cache-control: no-cache, no-store, max-age=0
content-length: 43
x-transaction-id: 75ca85fdb0f97f99
strict-transport-security: max-age=0
x-response-time: 101
x-connection-hash: 993b83bf8ea02734b2977684e5cc807876cac9b4a77266c6d6b543ba62f2a321
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   131474
Md5:    3856caf9463b37c8098d9fde15354e7b
Sha1:   3e7bf5389bce2cc9a2555a29a4d691f00e12aa64
Sha256: d49962020413b0b10c3b42276d58c1022c3abcf695fd639507d5a5e96133764f
                                        
                                            GET /branch-latest.min.js HTTP/1.1 
Host: cdn.branch.io
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://primexbt.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         143.204.55.35
HTTP/2 200 OK
content-type: text/javascript
                                        
content-length: 22048
content-encoding: gzip
last-modified: Thu, 17 Nov 2022 20:07:47 GMT
x-amz-version-id: LzwY9oP1_KD6QZAz0SCDQRP53VCVCZV0
server: AmazonS3
date: Wed, 30 Nov 2022 01:48:57 GMT
cache-control: max-age=300
etag: "2a6320386437cc44ae1713f25f6ea30b"
x-cache: Hit from cloudfront
via: 1.1 410f51195842d9b592b15d6588c36654.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: EgZcb0MpTBpVe6AhNUSzutNFH9wUczCXnNq09rN3YT2KN5Rjn4QBqA==
age: 222
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (2646)
Size:   22048
Md5:    2a6320386437cc44ae1713f25f6ea30b
Sha1:   cf60f8578b16e8beddb82eb43d9b1f9db5491650
Sha256: 75622ee3451d62f121868396395909cd979874287141da4de39562ccf1f8f799
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         143.204.42.88
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Content-Length: 55
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: public, max-age=1209600
Date: Wed, 30 Nov 2022 01:52:37 GMT
Etag: "638651c0-37"
Last-Modified: Tue, 29 Nov 2022 18:38:56 GMT
Server: ECS (nyb/1D17)
X-Cache: Miss from cloudfront
Via: 1.1 41dc61beb3fe8e8c2c299a2522d8330c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: UjgSMfOEHU1jiZcIWivaGuG9Ee-hiYVOVtwdmXS_ZGa20-HTdgZIRw==
Age: 1007


--- Additional Info ---
Magic:  HTML document, ASCII text
Size:   55
Md5:    9f073354411bbaf7a319b1519f10b4b7
Sha1:   571498f38548829bf186f49f5be9d5fa6e689a68
Sha256: 4a7aaaa1c093dee8a191d4469c9f701c5e62e88896bc778a13cc4ffedf9be89a
                                        
                                            GET /j/LDDKXWNNA5HJDJ6GEC5HVF/roundtrip.js HTTP/1.1 
Host: s.adroll.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://primexbt.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         143.204.55.75
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
                                        
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 24 Nov 2022 04:46:30 GMT
X-Amz-Server-Side-Encryption: AES256
X-Amz-Version-Id: hH9qX4PExcR5e7OmFB3f0.UdRay4qrkJ
Server: AmazonS3
Content-Encoding: gzip
Date: Wed, 30 Nov 2022 01:52:37 GMT
Cache-Control: max-age=3600, must-revalidate
Etag: W/"7cb63f0652174849bff6faacbeb337ee"
Vary: Accept-Encoding
Via: 1.1 dbfaae0db03f11cf713bbcbdb25be4a2.cloudfront.net (CloudFront)
Age: 2772
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Access-Control-Allow-Headers: *
X-Cache: Hit from cloudfront
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: lSLikkZRAseR3OGJhT0RAEulGG77agFWfPD6uMfo1WXBo-lfI0k0wg==


--- Additional Info ---
Magic:  ASCII text, with very long lines (1643)
Size:   17867
Md5:    d72812ddc84c99dce1c23827e186e681
Sha1:   bdc101f7bb2c09a6f805b0c6a2c8f4aa32249bc0
Sha256: 81663f3c4a5419f0a1d0c607820f64c1d1ddd9877a29813588d844f77375e674
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Accept-Ranges: bytes
Age: 6512
Cache-Control: max-age=120381
Date: Wed, 30 Nov 2022 01:52:37 GMT
Etag: "6385d132-1d7"
Expires: Thu, 01 Dec 2022 11:18:58 GMT
Last-Modified: Tue, 29 Nov 2022 09:30:26 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 55


--- Additional Info ---
Magic:  HTML document, ASCII text
Size:   55
Md5:    9f073354411bbaf7a319b1519f10b4b7
Sha1:   571498f38548829bf186f49f5be9d5fa6e689a68
Sha256: 4a7aaaa1c093dee8a191d4469c9f701c5e62e88896bc778a13cc4ffedf9be89a
                                        
                                            GET /analytics.js HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://primexbt.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.110
HTTP/2 200 OK
content-type: text/javascript
                                        
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Wed, 30 Nov 2022 00:41:08 GMT
expires: Wed, 30 Nov 2022 02:41:08 GMT
cache-control: public, max-age=7200
age: 4289
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1325)
Size:   20039
Md5:    47e6f374ca946fddd5b59871b325736c
Sha1:   baa9282efc8785e84d247c3bff518eaa45f101c4
Sha256: 16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 30 Nov 2022 01:52:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /en_US/fbevents.js HTTP/1.1 
Host: connect.facebook.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://primexbt.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         31.13.72.12
HTTP/2 200 OK
content-type: application/x-javascript; charset=utf-8
                                        
vary: Accept-Encoding
content-encoding: gzip
content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: kUaMFFghGxF9Oumwdw08pLaelw/A5uvsKuMqBSLMafp7M525CcmPhA+r/6aolVpPX01fZFS0y4USln3Q40gOrw==
content-length: 27340
x-fb-trip-id: 1904183273
date: Wed, 30 Nov 2022 01:52:37 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (64348)
Size:   27340
Md5:    44ecaa3c2a4929a40141edc4540aaf84
Sha1:   f29a573182333b2500d41bfc389d6c5232dfb348
Sha256: 6589fe14578dedd4df678a909afadd7e5bc7f57c7e3e24518a7f5faac7383396
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5470
Cache-Control: 'max-age=158059'
Date: Wed, 30 Nov 2022 01:52:37 GMT
Last-Modified: Wed, 30 Nov 2022 00:21:27 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 314

                                        
                                            GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-TCVBW2Y45T&cid=1446946671.1669773156&gtm=2oebs0&aip=1&z=498663504 HTTP/1.1 
Host: www.google.no
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://primexbt.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.163
HTTP/2 200 OK
content-type: image/gif
                                        
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 30 Nov 2022 01:52:37 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   6982
Md5:    40d5d491f7e3ab2f276975e05ad8f5f9
Sha1:   2ccaec5b7919b03a2fb94244f6dbd3b271467df6
Sha256: 642f45956d889448c89960a6a69b32f2628552d3d1ab9810d0d2ddcff75c1554
                                        
                                            GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://primexbt.com/
Origin: https://primexbt.com
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         216.58.207.227
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 11072
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 19:34:00 GMT
expires: Thu, 23 Nov 2023 19:34:00 GMT
cache-control: public, max-age=31536000
age: 541117
last-modified: Wed, 11 May 2022 19:24:53 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   16849
Md5:    af24ec0c89969b666874f866d311c960
Sha1:   39e7ec340a6c5aa4eed8feef65d1d33037379b8b
Sha256: fbf95bbc984c5256f252acc6d9b4e4f59cdef4ef457be3419e04939c8adb83ab
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5470
Cache-Control: 'max-age=158059'
Date: Wed, 30 Nov 2022 01:52:37 GMT
Last-Modified: Wed, 30 Nov 2022 00:21:27 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 314


--- Additional Info ---
Magic:  data
Size:   188326
Md5:    16c73fdbbb4586a4eb1483e675f03b72
Sha1:   7573bc60ee4a0ad7189fcdb724cab4ed8e52a095
Sha256: d6a1fb7ce13a7397819d6b1dfb254f7c2285c3aabbf49b00bda38b31a10034ea
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 872
Cache-Control: 'max-age=158059'
Date: Wed, 30 Nov 2022 01:52:37 GMT
Last-Modified: Wed, 30 Nov 2022 01:38:05 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 30 Nov 2022 01:52:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /g/collect?v=2&tid=G-TCVBW2Y45T&gtm=2oebs0&_p=1034319779&_gaz=1&cid=1446946671.1669773156&ul=en-us&sr=1280x1024&_s=1&sid=1669773156&sct=1&seg=0&dl=https%3A%2F%2Fprimexbt.com%2Fid%2Fsign-up%3Fclick_id%3D6386b763a89a6e0001c81ea6%26pid%3D17436%26offer_id%3D12%26sub1%3D%26sub2%3D%26sub3%3D%26sub4%3D%26sub5%3D%26sub6%3D%26sub7%3D%26sub8%3D&dr=http%3A%2F%2Fblog.afterlivre.com%2F&dt=Sign%20In%20or%20Create%20Your%20Account%20%7C%20PrimeXBT&en=page_view&_fv=1&_nsi=1&_ss=1&ep.platform=web&upn.date_str=2063 HTTP/1.1 
Host: region1.analytics.google.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://primexbt.com/
Origin: https://primexbt.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

search
                                         216.239.32.36
HTTP/2 204 No Content
content-type: text/plain
                                        
access-control-allow-origin: https://primexbt.com
date: Wed, 30 Nov 2022 01:52:37 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

                                        
                                            GET /i18n/pixel/events.js?sdkid=CDKAB63C77UDCMKM4E5G&lib=ttq HTTP/1.1 
Host: analytics.tiktok.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://primexbt.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         23.36.79.32
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
server: nginx
x-tt-logid: 20221130015237EC856606839FDCB12763
x-tt-trace-host: 016eabbbec2a80a817c88fdee8d986cf602f4e8f28fd518fbd62b4f0adef0d7f17f90ee586a5b64b0824e19f15be354c6c002bdf6e88a8673b1e214b9a432e50899ff5621618f231530507ba548a39ff4879154747261c4eed548a899fb6658465
content-encoding: gzip
x-origin-response-time: 108,104.96.220.52
x-akamai-request-id: db6d286.7cb5fb42
expires: Wed, 30 Nov 2022 01:52:37 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Wed, 30 Nov 2022 01:52:37 GMT
x-cache: TCP_MISS from a23-36-79-28.deploy.akamaitechnologies.com (AkamaiGHost/10.10.2-45048955) (-)
vary: Accept-Encoding
x-cache-remote: TCP_MISS from a104-96-220-52.deploy.akamaitechnologies.com (AkamaiGHost/10.10.2-45048955) (-)
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
server-timing: cdn-cache; desc=MISS, edge; dur=111, origin; dur=108, inner; dur=4
x-parent-response-time: 219,23.36.79.28
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   46309
Md5:    5f569c4beebe34691ea929dbf6726142
Sha1:   f9a0782c2bd657f74dcb4ea89301b0216708611f
Sha256: 8e13ea079fd91c43ba615cd9130d2ba8100b3f6f81cc0379da589c0135fa9498
                                        
                                            GET /i/adsct?bci=1&eci=1&event_id=59c13057-1e30-40da-917e-5ce51f437002&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=f0d73b79-f40d-4da3-bc25-5e0283d093f2&tw_document_href=https%3A%2F%2Fprimexbt.com%2Fid%2Fsign-up%3Fclick_id%3D6386b763a89a6e0001c81ea6%26pid%3D17436%26offer_id%3D12%26sub1%3D%26sub2%3D%26sub3%3D%26sub4%3D%26sub5%3D%26sub6%3D%26sub7%3D%26sub8%3D&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o980i&type=javascript&version=2.3.29 HTTP/1.1 
Host: analytics.twitter.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://primexbt.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         104.244.42.195
HTTP/2 200 OK
content-type: image/gif;charset=utf-8
                                        
date: Wed, 30 Nov 2022 01:52:37 GMT
perf: 7626143928
server: tsa_o
set-cookie: personalization_id="v1_FO7VkHWfCyBoLeycBTKujA=="; Max-Age=63072000; Expires=Fri, 29 Nov 2024 01:52:37 GMT; Path=/; Domain=.twitter.com; Secure; SameSite=None
cache-control: no-cache, no-store, max-age=0
content-length: 43
x-transaction-id: 8bb12911d56ed1a4
strict-transport-security: max-age=631138519
x-response-time: 111
x-connection-hash: fea2ac33a90f3beda7ee184729d17da9966b61fc564a3579e1db7fab18fef759
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    377d257f2d2e294916143c069141c1c5
Sha1:   b7cae69682cf31dd670b65088db8395acda6ed3e
Sha256: ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
                                        
                                            GET /i/adsct?bci=1&eci=1&event_id=49293466-4ffa-48ba-89e4-f5b77f50359b&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=f0d73b79-f40d-4da3-bc25-5e0283d093f2&tw_document_href=https%3A%2F%2Fprimexbt.com%2Fid%2Fsign-up%3Fclick_id%3D6386b763a89a6e0001c81ea6%26pid%3D17436%26offer_id%3D12%26sub1%3D%26sub2%3D%26sub3%3D%26sub4%3D%26sub5%3D%26sub6%3D%26sub7%3D%26sub8%3D&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o980i&type=javascript&version=2.3.29 HTTP/1.1 
Host: analytics.twitter.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://primexbt.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         104.244.42.195
HTTP/2 200 OK
content-type: image/gif;charset=utf-8
                                        
date: Wed, 30 Nov 2022 01:52:37 GMT
perf: 7626143928
server: tsa_o
set-cookie: personalization_id="v1_QdSYQNrlqmewrdj2Ng9Y6A=="; Max-Age=63072000; Expires=Fri, 29 Nov 2024 01:52:37 GMT; Path=/; Domain=.twitter.com; Secure; SameSite=None
cache-control: no-cache, no-store, max-age=0
content-length: 43
x-transaction-id: 86fa9c96f038ee22
strict-transport-security: max-age=631138519
x-response-time: 105
x-connection-hash: fea2ac33a90f3beda7ee184729d17da9966b61fc564a3579e1db7fab18fef759
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    377d257f2d2e294916143c069141c1c5
Sha1:   b7cae69682cf31dd670b65088db8395acda6ed3e
Sha256: ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
                                        
                                            POST /g/collect?v=2&tid=G-TCVBW2Y45T&cid=1446946671.1669773156&gtm=2oebs0&aip=1 HTTP/1.1 
Host: stats.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://primexbt.com/
Origin: https://primexbt.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

search
                                         74.125.131.154
HTTP/2 204 No Content
content-type: text/plain
                                        
access-control-allow-origin: https://primexbt.com
date: Wed, 30 Nov 2022 01:52:37 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 30 Nov 2022 01:52:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /frame.ca455422.js HTTP/1.1 
Host: js.intercomcdn.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://primexbt.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         54.230.111.33
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
content-length: 138431
last-modified: Tue, 29 Nov 2022 17:17:55 GMT
x-amz-server-side-encryption: AES256
content-encoding: gzip
x-amz-version-id: 1UDiLu0R.Tem6O05tVduBTiicdQCoVDh
accept-ranges: bytes
server: AmazonS3
date: Wed, 30 Nov 2022 01:19:34 GMT
cache-control: max-age=31536000, s-maxage=7200, public
etag: "4071efe7edcb93cc41794be1030b4bd7"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 04c4f064943f75498361739eb063cb7a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: H1zwAW_V7uaeHXpYLnEcs_SaUN26WrwFl6UV27e_V95iYVNZTAsMbQ==
age: 1988
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65536), with no line terminators
Size:   138431
Md5:    4071efe7edcb93cc41794be1030b4bd7
Sha1:   59804b3645bdc63773961e12fa768194dc1f7ce9
Sha256: 5cb4cc30dc1dab5f811303a5ad3eed1caf5f5c65f38cbe8fd11a8a1f6a3bcec4
                                        
                                            GET /vendor.f6209ae7.js HTTP/1.1 
Host: js.intercomcdn.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://primexbt.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         54.230.111.33
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
content-length: 108207
last-modified: Tue, 29 Nov 2022 15:13:34 GMT
x-amz-server-side-encryption: AES256
content-encoding: gzip
x-amz-version-id: P14Qj8bj5kgIFTwk7i9kDIwRJ3FmmbTq
accept-ranges: bytes
server: AmazonS3
date: Wed, 30 Nov 2022 01:15:07 GMT
cache-control: max-age=31536000, s-maxage=7200, public
etag: "d00303435d936427a4ac56f8e3116af8"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 04c4f064943f75498361739eb063cb7a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: 1ObklzPw310S-JVT58ZsAin2k2sq-nBbf8Shku9h36CzUJ_SHTSVTA==
age: 2252
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (65431)
Size:   108207
Md5:    d00303435d936427a4ac56f8e3116af8
Sha1:   fe7cff5e94420c5a2617a479657047d24475de6b
Sha256: b0b9d7858c794a044fba2a9ac0cec9e6ceb6e1f4a30abff68a6085b957a37535
                                        
                                            GET /ddm/fls/i/src=9729235;type=invmedia;cat=pixel0;ord=1;num=5654230015373;gtm=2wgbs0;auiddc=1168706551.1669773156;u1=https%3A%2F%2Fprimexbt.com%2Fid%2Fsign-up%3Fclick_id%3D6386b763a89a6e0001c81ea6%26pid%3D17436%26offer_id%3D12%26sub1%3D%26sub2%3D%26sub3%3D%26sub4%3D%26sub5%3D%26sub6%3D%26sub7%3D%26sub8%3D;~oref=https%3A%2F%2Fprimexbt.com%2Fid%2Fsign-up%3Fclick_id%3D6386b763a89a6e0001c81ea6%26pid%3D17436%26offer_id%3D12%26sub1%3D%26sub2%3D%26sub3%3D%26sub4%3D%26sub5%3D%26sub6%3D%26sub7%3D%26sub8%3D HTTP/1.1 
Host: adservice.google.no
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         142.250.74.162
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
                                        
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 30 Nov 2022 01:52:38 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
location: https://9729235.fls.doubleclick.net/ddm/fls/r/src=9729235;type=invmedia;cat=pixel0;ord=1;num=5654230015373;gtm=2wgbs0;auiddc=1168706551.1669773156;u1=https%3A%2F%2Fprimexbt.com%2Fid%2Fsign-up%3Fclick_id%3D6386b763a89a6e0001c81ea6%26pid%3D17436%26offer_id%3D12%26sub1%3D%26sub2%3D%26sub3%3D%26sub4%3D%26sub5%3D%26sub6%3D%26sub7%3D%26sub8%3D;~oref=https%3A%2F%2Fprimexbt.com%2Fid%2Fsign-up%3Fclick_id%3D6386b763a89a6e0001c81ea6%26pid%3D17436%26offer_id%3D12%26sub1%3D%26sub2%3D%26sub3%3D%26sub4%3D%26sub5%3D%26sub6%3D%26sub7%3D%26sub8%3D
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         143.204.42.88
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Content-Length: 55
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: public, max-age=1209600
Date: Wed, 30 Nov 2022 01:52:38 GMT
Etag: "63866b9f-37"
Last-Modified: Tue, 29 Nov 2022 20:29:19 GMT
Server: ECS (bsa/EB20)
X-Cache: Miss from cloudfront
Via: 1.1 41dc61beb3fe8e8c2c299a2522d8330c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: lStVbJzzQkqXr6KTe-Wne9tojSxNheKidpHfiy51l1eav7zYLGUBBw==
Age: 5661


--- Additional Info ---
Magic:  HTML document, ASCII text
Size:   55
Md5:    9f073354411bbaf7a319b1519f10b4b7
Sha1:   571498f38548829bf186f49f5be9d5fa6e689a68
Sha256: 4a7aaaa1c093dee8a191d4469c9f701c5e62e88896bc778a13cc4ffedf9be89a
                                        
                                            POST /api/v2/pixel HTTP/1.1 
Host: analytics.tiktok.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://primexbt.com/
Content-Type: text/plain;charset=UTF-8
Content-Length: 903
Origin: https://primexbt.com
Connection: keep-alive
Cookie: _ttp=2IFN1q38KMNndFFeR8t70wXzXgs
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         23.36.79.32
HTTP/2 200 OK
content-type: application/octet-stream
                                        
server: nginx
content-length: 0
access-control-allow-origin: *
x-tt-logid: 2022113001523822E2AE124A535E57402D
x-tt-trace-host: 016eabbbec2a80a817c88fdee8d986cf602f4e8f28fd518fbd62b4f0adef0d7f17f90ee586a5b64b0824e19f15be354c6ce9584ab538eb50640e14106ae557497339a48ea392589f47e8baf9fc928bd47c52ba5b86571a3b0041ae5deded576b01
x-origin-response-time: 63,104.96.220.52
x-akamai-request-id: db6e803.7cb5fdef
expires: Wed, 30 Nov 2022 01:52:38 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Wed, 30 Nov 2022 01:52:38 GMT
x-cache: TCP_MISS from a23-36-79-28.deploy.akamaitechnologies.com (AkamaiGHost/10.10.2-45048955) (-)
x-cache-remote: TCP_MISS from a104-96-220-52.deploy.akamaitechnologies.com (AkamaiGHost/10.10.2-45048955) (-)
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
server-timing: cdn-cache; desc=MISS, edge; dur=152, origin; dur=63, inner; dur=17
x-parent-response-time: 211,23.36.79.28
X-Firefox-Spdy: h2

                                        
                                            GET /j/exp/LDDKXWNNA5HJDJ6GEC5HVF/index.js HTTP/1.1 
Host: s.adroll.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://primexbt.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         143.204.55.75
HTTP/1.1 302 Moved Temporarily
Content-Type: application/xml
                                        
Content-Length: 0
Connection: keep-alive
Date: Tue, 29 Nov 2022 04:44:07 GMT
Server: AmazonS3
Location: https://s.adroll.com/j/exp/index.js
Via: 1.1 dbfaae0db03f11cf713bbcbdb25be4a2.cloudfront.net (CloudFront)
Age: 76110
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Access-Control-Allow-Headers: *
X-Cache: Hit from cloudfront
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: CLb7TufxoGHeFwAa3Vjf7INWlI4cs5_aHCvxVGtCPKbnb5OM9WvaYA==

                                        
                                            GET /j/exp/index.js HTTP/1.1 
Host: s.adroll.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://primexbt.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         143.204.55.75
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Content-Length: 28
Connection: keep-alive
Last-Modified: Fri, 14 Oct 2022 18:57:24 GMT
X-Amz-Server-Side-Encryption: AES256
X-Amz-Version-Id: 3TnMO1iw0qw17MhnYw4sprJhuU7ahGp7
Accept-Ranges: bytes
Server: AmazonS3
Date: Tue, 29 Nov 2022 20:54:33 GMT
Etag: "5816cced8568d223aa09d889f300692b"
Vary: Accept-Encoding
Via: 1.1 dbfaae0db03f11cf713bbcbdb25be4a2.cloudfront.net (CloudFront)
Age: 17886
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Access-Control-Allow-Headers: *
X-Cache: Hit from cloudfront
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: rIfeqoSAiymjbRkpnl3sFxdp5bU8v5Tk0jRsAAaFxUg7HeFOrU-GJg==


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   28
Md5:    5816cced8568d223aa09d889f300692b
Sha1:   95cab5e474d7391762c3da5c7dc50fcf05df529f
Sha256: f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 30 Nov 2022 01:52:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /_r?sdk=web2.71.0&branch_key=key_live_lpZCHBQzZx7SL2SjKyleAbpczykyM3xh&callback=branch_callback__0 HTTP/1.1 
Host: app.link
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://primexbt.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         54.230.111.120
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
                                        
content-length: 91
server: openresty
date: Wed, 30 Nov 2022 01:52:38 GMT
set-cookie: _s=vqKMxphWRQiTvgxf2V0MRXfweYqD4NZozUW%2BN4WgxpWtpMPc0EpsU0tZ4Z2E1%2Bzn; Max-Age=31536000; Domain=.app.link; Path=/; Expires=Thu, 30 Nov 2023 01:52:38 GMT; Secure
x-content-type-options: nosniff
etag: W/"5b-tO9+UH5Ijpzbm6Cu3oIh4qIYx6w"
strict-transport-security: max-age=31536000; includeSubDomains
x-cache: Miss from cloudfront
via: 1.1 d9fb4c3794a085bb4ee2c5798c2cb1b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: NnD9BnusDGeXJVzeeR3w6r2wQ0G8-7d6RkEG_xvY00Z3ReQyVSMmkw==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   91
Md5:    5f9a62a3dc384e6006ef2db95b2245f0
Sha1:   b4ef7e507e488e9cdb9ba0aede8221e2a218c7ac
Sha256: 62f3fbf59fe7d440080d978e2cc7d0fff6fd174583f131178ce2b9df84115ad2
                                        
                                            GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-127291484-1&cid=1446946671.1669773156&jid=431943347&_u=YADAAEAAQAAAACAAI~&z=796809445 HTTP/1.1 
Host: www.google.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://primexbt.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         216.58.207.228
HTTP/2 200 OK
content-type: image/gif
                                        
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 30 Nov 2022 01:52:38 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   42
Md5:    d89746888da2d9510b64a9f031eaecd5
Sha1:   d5fceb6532643d0d84ffe09c40c481ecdf59e15a
Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
                                        
                                            POST / HTTP/1.1 
Host: ocsp.r2m01.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         54.230.80.227
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: public, max-age=1209600
Date: Wed, 30 Nov 2022 01:52:38 GMT
Etag: "63866b88-37"
Expires: Thu, 01 Dec 2022 23:00:14 GMT
Last-Modified: Tue, 29 Nov 2022 20:28:56 GMT
Server: ECS (nyb/1D07)
X-Cache: Miss from cloudfront
Via: 1.1 fc5e625db631bc657fc73f189d53fa14.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: UkRT_2FR96xwJAF55op_XgycJikvUx0fPHn_aKMABn114Wvr4a-V8w==
Age: 993

                                        
                                            GET /consent/check/LDDKXWNNA5HJDJ6GEC5HVF?pv=50800579642.45&arrfrr=https%3A%2F%2Fprimexbt.com%2Fid%2Fsign-up%3Fclick_id%3D6386b763a89a6e0001c81ea6%26pid%3D17436%26offer_id%3D12%26sub1%3D%26sub2%3D%26sub3%3D%26sub4%3D%26sub5%3D%26sub6%3D%26sub7%3D%26sub8%3D&_s=dd3d1547dd4e64f1ce88454412a61ac0&_b=2 HTTP/1.1 
Host: d.adroll.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://primexbt.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         54.77.66.171
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Wed, 30 Nov 2022 01:52:38 GMT
content-length: 461
server: nginx/1.22.0
cache-control: no-store, no-cache, must-revalidate
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
pragma: no-cache
set-cookie: __adroll=3ab982d1bea9a20d94476e931896041b-a_1669773158; Version=1; Expires=Sat, 30-Dec-2023 01:52:37 GMT; Max-Age=34128000; Path=/; HttpOnly; SameSite=None; Secure; Domain=d.adroll.com __adroll_shared=3ab982d1bea9a20d94476e931896041b-a_1669773158; Version=1; Expires=Sat, 30-Dec-2023 01:52:37 GMT; Max-Age=34128000; Path=/; HttpOnly; SameSite=None; Secure; Domain=adroll.com
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (461), with no line terminators
Size:   461
Md5:    cd113368d2e3be368dafc519ac001fb9
Sha1:   4c0591f1a13572c14b740b0ac427aef7cfe54a3c
Sha256: 2a24412b6b15cf1cc0bbe3a19c6cc88692759d781cc427b4cbdf2bce12209cdf
                                        
                                            POST /v1/open HTTP/1.1 
Host: api2.branch.io
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://primexbt.com/
Content-Type: application/x-www-form-urlencoded
Content-Length: 416
Origin: https://primexbt.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         54.230.111.34
HTTP/2 200 OK
content-type: application/json
                                        
content-length: 317
access-control-allow-origin: *
cache-control: no-cache
date: Wed, 30 Nov 2022 01:52:38 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-branch-request-id: a6e4e9eaa8fe4a1c80231524a8176ab3-2022113001
x-cache: Miss from cloudfront
via: 1.1 193a8c13b6e0a6b90db7172f6358335e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 2_0a9rxlHY4BmlxeYDPjXTBRVleDPx1Hlig5r_EhmM2bkFARFszRVA==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  gzip compressed data, from Unix\012- data
Size:   86295
Md5:    f93b5d7709bca7b6535a8afc794cea2c
Sha1:   11cfbfbb872194e4357624c418091a4ddae6ee1d
Sha256: b4f2b0c8574e373009e3068bc89cc058f887b69c486db19045c1ed053ad643d4
                                        
                                            GET /segment/LDDKXWNNA5HJDJ6GEC5HVF/5AR4FOGSVJHWNMMDL3HUMX?adroll_fpc=7315fe7afec15425a8dc647ec4f9ab08-1669773157637&pv=50800579642.45&arrfrr=https%3A%2F%2Fprimexbt.com%2Fid%2Fsign-up%3Fclick_id%3D6386b763a89a6e0001c81ea6%26pid%3D17436%26offer_id%3D12%26sub1%3D%26sub2%3D%26sub3%3D%26sub4%3D%26sub5%3D%26sub6%3D%26sub7%3D%26sub8%3D&cookie=&adroll_s_ref=http%3A//blog.afterlivre.com/&keyw=&adroll_external_data=&adroll_version=2.0 HTTP/1.1 
Host: d.adroll.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://primexbt.com/
Origin: https://primexbt.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         54.77.66.171
HTTP/2 200 OK
content-type: image/gif
                                        
date: Wed, 30 Nov 2022 01:52:38 GMT
content-length: 42
server: nginx/1.22.0
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-origin: https://primexbt.com
access-control-expose-headers: X-Conversion-Value, X-Conversion-Currency, X-Advertisable-Eid, X-Segment-Eid, X-Rule-Type, X-Pixel-Eid
access-control-request-methods: GET
cache-control: no-store, no-cache, must-revalidate
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
pragma: no-cache
set-cookie: __adroll=55815c8117e8efd0c3281cfe6c227841-a_1669773158; Version=1; Expires=Sat, 30-Dec-2023 01:52:38 GMT; Max-Age=34128000; Path=/; HttpOnly; SameSite=None; Secure; Domain=d.adroll.com __adroll_shared=55815c8117e8efd0c3281cfe6c227841-a_1669773158; Version=1; Expires=Sat, 30-Dec-2023 01:52:38 GMT; Max-Age=34128000; Path=/; HttpOnly; SameSite=None; Secure; Domain=adroll.com
x-advertisable-eid: LDDKXWNNA5HJDJ6GEC5HVF
x-conversion-currency:
x-conversion-value: 0.0
x-pixel-eid: 5AR4FOGSVJHWNMMDL3HUMX
x-rule: */id/sign-up*
x-rule-type: u
x-segment-display-name: STEP 1_Sign up - 30 days
x-segment-eid: RMJRHDWEP5DZDHSYRFHNY3
x-segment-name: cf4693b3
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   4523
Md5:    2525952fa6226ff7d9b579ef57f71ef3
Sha1:   4e1272338c6c3f6ca392e7f9ba39002b20b17234
Sha256: f2a046f4cd9eb6e4c6b277125974e6c0cbd5dd4982e535a197cee2e29c706d0a
                                        
                                            GET /segment/LDDKXWNNA5HJDJ6GEC5HVF/5AR4FOGSVJHWNMMDL3HUMX?adroll_fpc=7315fe7afec15425a8dc647ec4f9ab08-1669773157637&pv=50800579642.45&arrfrr=https%3A%2F%2Fprimexbt.com%2Fid%2Fsign-up%3Fclick_id%3D6386b763a89a6e0001c81ea6%26pid%3D17436%26offer_id%3D12%26sub1%3D%26sub2%3D%26sub3%3D%26sub4%3D%26sub5%3D%26sub6%3D%26sub7%3D%26sub8%3D&cookie=&adroll_s_ref=http%3A//blog.afterlivre.com/&keyw=&adroll_external_data=&adroll_version=2.0 HTTP/1.1 
Host: d.adroll.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://primexbt.com/
Origin: https://primexbt.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         54.77.66.171
HTTP/2 200 OK
content-type: image/gif
                                        
date: Wed, 30 Nov 2022 01:52:38 GMT
content-length: 42
server: nginx/1.22.0
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-origin: https://primexbt.com
access-control-expose-headers: X-Conversion-Value, X-Conversion-Currency, X-Advertisable-Eid, X-Segment-Eid, X-Rule-Type, X-Pixel-Eid
access-control-request-methods: GET
cache-control: no-store, no-cache, must-revalidate
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
pragma: no-cache
set-cookie: __adroll=f2fb6039c77de7dd081d608e105dbdf4-a_1669773158; Version=1; Expires=Sat, 30-Dec-2023 01:52:38 GMT; Max-Age=34128000; Path=/; HttpOnly; SameSite=None; Secure; Domain=d.adroll.com __adroll_shared=f2fb6039c77de7dd081d608e105dbdf4-a_1669773158; Version=1; Expires=Sat, 30-Dec-2023 01:52:38 GMT; Max-Age=34128000; Path=/; HttpOnly; SameSite=None; Secure; Domain=adroll.com
x-advertisable-eid: LDDKXWNNA5HJDJ6GEC5HVF
x-conversion-currency:
x-conversion-value: 0.0
x-pixel-eid: 5AR4FOGSVJHWNMMDL3HUMX
x-rule: */id/sign-up*
x-rule-type: u
x-segment-display-name: STEP 1_Sign up - 30 days
x-segment-eid: RMJRHDWEP5DZDHSYRFHNY3
x-segment-name: cf4693b3
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   13923
Md5:    48d90ad32868ef094fd6f4e10be4c17a
Sha1:   fa5a3412eebceda9bf167363c2d868f830dbf284
Sha256: 589b38727f6e7fc926420277484efabd491f519710888709864fa951c1c84e84
                                        
                                            GET /segment/LDDKXWNNA5HJDJ6GEC5HVF/5AR4FOGSVJHWNMMDL3HUMX?adroll_fpc=7315fe7afec15425a8dc647ec4f9ab08-1669773157637&pv=50800579642.45&arrfrr=https%3A%2F%2Fprimexbt.com%2Fid%2Fsign-up%3Fclick_id%3D6386b763a89a6e0001c81ea6%26pid%3D17436%26offer_id%3D12%26sub1%3D%26sub2%3D%26sub3%3D%26sub4%3D%26sub5%3D%26sub6%3D%26sub7%3D%26sub8%3D&cookie=LDDKXWNNA5HJDJ6GEC5HVF%3A1%7C5AR4FOGSVJHWNMMDL3HUMX%3A1&adroll_s_ref=http%3A//blog.afterlivre.com/&keyw=&adroll_external_data=&adroll_version=2.0 HTTP/1.1 
Host: d.adroll.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://primexbt.com/
Origin: https://primexbt.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         54.77.66.171
HTTP/2 200 OK
content-type: image/gif
                                        
date: Wed, 30 Nov 2022 01:52:38 GMT
content-length: 42
server: nginx/1.22.0
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-origin: https://primexbt.com
access-control-expose-headers: X-Conversion-Value, X-Conversion-Currency, X-Advertisable-Eid, X-Segment-Eid, X-Rule-Type, X-Pixel-Eid
access-control-request-methods: GET
cache-control: no-store, no-cache, must-revalidate
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
pragma: no-cache
set-cookie: __adroll=2e0001b97a51dae838ebe06f46e53bbb-a_1669773158; Version=1; Expires=Sat, 30-Dec-2023 01:52:38 GMT; Max-Age=34128000; Path=/; HttpOnly; SameSite=None; Secure; Domain=d.adroll.com __adroll_shared=2e0001b97a51dae838ebe06f46e53bbb-a_1669773158; Version=1; Expires=Sat, 30-Dec-2023 01:52:38 GMT; Max-Age=34128000; Path=/; HttpOnly; SameSite=None; Secure; Domain=adroll.com
x-advertisable-eid: LDDKXWNNA5HJDJ6GEC5HVF
x-conversion-currency:
x-conversion-value: 0.0
x-pixel-eid: 5AR4FOGSVJHWNMMDL3HUMX
x-rule: */id/sign-up*
x-rule-type: u
x-segment-display-name: STEP 1_Sign up - 30 days
x-segment-eid: RMJRHDWEP5DZDHSYRFHNY3
x-segment-name: cf4693b3
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   42
Md5:    d89746888da2d9510b64a9f031eaecd5
Sha1:   d5fceb6532643d0d84ffe09c40c481ecdf59e15a
Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
                                        
                                            GET /segment/LDDKXWNNA5HJDJ6GEC5HVF/5AR4FOGSVJHWNMMDL3HUMX?adroll_fpc=7315fe7afec15425a8dc647ec4f9ab08-1669773157637&pv=50800579642.45&arrfrr=https%3A%2F%2Fprimexbt.com%2Fid%2Fsign-up%3Fclick_id%3D6386b763a89a6e0001c81ea6%26pid%3D17436%26offer_id%3D12%26sub1%3D%26sub2%3D%26sub3%3D%26sub4%3D%26sub5%3D%26sub6%3D%26sub7%3D%26sub8%3D&cookie=5AR4FOGSVJHWNMMDL3HUMX%3A1%7CLDDKXWNNA5HJDJ6GEC5HVF%3A1&adroll_s_ref=http%3A//blog.afterlivre.com/&keyw=&adroll_external_data=&adroll_version=2.0 HTTP/1.1 
Host: d.adroll.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://primexbt.com/
Origin: https://primexbt.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         54.77.66.171
HTTP/2 200 OK
content-type: image/gif
                                        
date: Wed, 30 Nov 2022 01:52:38 GMT
content-length: 42
server: nginx/1.22.0
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-origin: https://primexbt.com
access-control-expose-headers: X-Conversion-Value, X-Conversion-Currency, X-Advertisable-Eid, X-Segment-Eid, X-Rule-Type, X-Pixel-Eid
access-control-request-methods: GET
cache-control: no-store, no-cache, must-revalidate
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
pragma: no-cache
set-cookie: __adroll=9fe8657eba7c0d2da49ab4bc170e8e9d-a_1669773158; Version=1; Expires=Sat, 30-Dec-2023 01:52:38 GMT; Max-Age=34128000; Path=/; HttpOnly; SameSite=None; Secure; Domain=d.adroll.com __adroll_shared=9fe8657eba7c0d2da49ab4bc170e8e9d-a_1669773158; Version=1; Expires=Sat, 30-Dec-2023 01:52:38 GMT; Max-Age=34128000; Path=/; HttpOnly; SameSite=None; Secure; Domain=adroll.com
x-advertisable-eid: LDDKXWNNA5HJDJ6GEC5HVF
x-conversion-currency:
x-conversion-value: 0.0
x-pixel-eid: 5AR4FOGSVJHWNMMDL3HUMX
x-rule: */id/sign-up*
x-rule-type: u
x-segment-display-name: STEP 1_Sign up - 30 days
x-segment-eid: RMJRHDWEP5DZDHSYRFHNY3
x-segment-name: cf4693b3
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  gzip compressed data, from Unix\012- data
Size:   86050
Md5:    5cdad99260bfe16a8f6c5698839b8e19
Sha1:   3cfcf1b2c3dd93e81489e2c7a8c38d793b89de75
Sha256: 4c897ad10e252a9931a9581d1e918d54f83c49ddc90f65c3aa21b1fa2c92b895
                                        
                                            GET /segment/LDDKXWNNA5HJDJ6GEC5HVF/5AR4FOGSVJHWNMMDL3HUMX?adroll_fpc=7315fe7afec15425a8dc647ec4f9ab08-1669773157637&pv=50800579642.45&arrfrr=https%3A%2F%2Fprimexbt.com%2Fid%2Fsign-up%3Fclick_id%3D6386b763a89a6e0001c81ea6%26pid%3D17436%26offer_id%3D12%26sub1%3D%26sub2%3D%26sub3%3D%26sub4%3D%26sub5%3D%26sub6%3D%26sub7%3D%26sub8%3D&cookie=LDDKXWNNA5HJDJ6GEC5HVF%3A2%7C5AR4FOGSVJHWNMMDL3HUMX%3A2&adroll_s_ref=http%3A//blog.afterlivre.com/&keyw=&adroll_external_data=&adroll_version=2.0 HTTP/1.1 
Host: d.adroll.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://primexbt.com/
Origin: https://primexbt.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         54.77.66.171
HTTP/2 200 OK
content-type: image/gif
                                        
date: Wed, 30 Nov 2022 01:52:38 GMT
content-length: 42
server: nginx/1.22.0
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-origin: https://primexbt.com
access-control-expose-headers: X-Conversion-Value, X-Conversion-Currency, X-Advertisable-Eid, X-Segment-Eid, X-Rule-Type, X-Pixel-Eid
access-control-request-methods: GET
cache-control: no-store, no-cache, must-revalidate
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
pragma: no-cache
set-cookie: __adroll=92cfbcaab874f8b3a918e3228c908671-a_1669773158; Version=1; Expires=Sat, 30-Dec-2023 01:52:38 GMT; Max-Age=34128000; Path=/; HttpOnly; SameSite=None; Secure; Domain=d.adroll.com __adroll_shared=92cfbcaab874f8b3a918e3228c908671-a_1669773158; Version=1; Expires=Sat, 30-Dec-2023 01:52:38 GMT; Max-Age=34128000; Path=/; HttpOnly; SameSite=None; Secure; Domain=adroll.com
x-advertisable-eid: LDDKXWNNA5HJDJ6GEC5HVF
x-conversion-currency:
x-conversion-value: 0.0
x-pixel-eid: 5AR4FOGSVJHWNMMDL3HUMX
x-rule: */id/sign-up*
x-rule-type: u
x-segment-display-name: STEP 1_Sign up - 30 days
x-segment-eid: RMJRHDWEP5DZDHSYRFHNY3
x-segment-name: cf4693b3
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   15963
Md5:    e6b91a46ec8af4b2e3f65b30d52056c6
Sha1:   ec0194ed82c0e821c410ab27f7bba4a3e9159184
Sha256: ba5539210a39be76756dff7048a80decd9af77b778da7a4d749d454bc87fffc3
                                        
                                            GET /segment/LDDKXWNNA5HJDJ6GEC5HVF/5AR4FOGSVJHWNMMDL3HUMX?adroll_fpc=7315fe7afec15425a8dc647ec4f9ab08-1669773157637&pv=50800579642.45&arrfrr=https%3A%2F%2Fprimexbt.com%2Fid%2Fsign-up%3Fclick_id%3D6386b763a89a6e0001c81ea6%26pid%3D17436%26offer_id%3D12%26sub1%3D%26sub2%3D%26sub3%3D%26sub4%3D%26sub5%3D%26sub6%3D%26sub7%3D%26sub8%3D&cookie=5AR4FOGSVJHWNMMDL3HUMX%3A2%7CLDDKXWNNA5HJDJ6GEC5HVF%3A2&adroll_s_ref=http%3A//blog.afterlivre.com/&keyw=&adroll_external_data=&adroll_version=2.0 HTTP/1.1 
Host: d.adroll.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://primexbt.com/
Origin: https://primexbt.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         54.77.66.171
HTTP/2 200 OK
content-type: image/gif
                                        
date: Wed, 30 Nov 2022 01:52:38 GMT
content-length: 42
server: nginx/1.22.0
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-origin: https://primexbt.com
access-control-expose-headers: X-Conversion-Value, X-Conversion-Currency, X-Advertisable-Eid, X-Segment-Eid, X-Rule-Type, X-Pixel-Eid
access-control-request-methods: GET
cache-control: no-store, no-cache, must-revalidate
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
pragma: no-cache
set-cookie: __adroll=38b01f057ccdfc04fee87f00da546658-a_1669773158; Version=1; Expires=Sat, 30-Dec-2023 01:52:38 GMT; Max-Age=34128000; Path=/; HttpOnly; SameSite=None; Secure; Domain=d.adroll.com __adroll_shared=38b01f057ccdfc04fee87f00da546658-a_1669773158; Version=1; Expires=Sat, 30-Dec-2023 01:52:38 GMT; Max-Age=34128000; Path=/; HttpOnly; SameSite=None; Secure; Domain=adroll.com
x-advertisable-eid: LDDKXWNNA5HJDJ6GEC5HVF
x-conversion-currency:
x-conversion-value: 0.0
x-pixel-eid: 5AR4FOGSVJHWNMMDL3HUMX
x-rule: */id/sign-up*
x-rule-type: u
x-segment-display-name: STEP 1_Sign up - 30 days
x-segment-eid: RMJRHDWEP5DZDHSYRFHNY3
x-segment-name: cf4693b3
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   6747
Md5:    1e0d3e1a0c3b3f86dde70aafc057b24c
Sha1:   c45a0e3654dee86099e555b7a4de2c575ba7dc6a
Sha256: 0b6c5eb3cd4fba49ef6d62eb1229512b2c3b07d74a584067840a0ac8ddf00c36
                                        
                                            GET /v1/has-app/key_live_lpZCHBQzZx7SL2SjKyleAbpczykyM3xh?browser_fingerprint_id=1126317138361203511&instrumentation=%7B%22init-began-at%22%3A%224862%22%2C%22%2F_r-brtt%22%3A%22447%22%2C%22%2Fv1%2Fopen-brtt%22%3A%22356%22%7D HTTP/1.1 
Host: api2.branch.io
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://primexbt.com/
Content-Type: application/x-www-form-urlencoded
Origin: https://primexbt.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         54.230.111.34
HTTP/2 200 OK
content-type: application/json; charset=utf-8
                                        
content-length: 5
access-control-allow-origin: *
date: Wed, 30 Nov 2022 01:52:38 GMT
etag: W/"5-fLbvuYullyqbUJDcLlF/4U0SywQ"
strict-transport-security: max-age=31536000; includeSubDomains
x-branch-request-id: 45bccb065bab4892a2ceee10a9965b63-2022113001
x-content-type-options: nosniff
x-powered-by: Express
x-cache: Miss from cloudfront
via: 1.1 193a8c13b6e0a6b90db7172f6358335e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: jZtUa6-ubU6HUBLDZh9uBMBzw_qdYjpJXCSXmTI-k7hTvztBH8ucvg==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   5
Md5:    68934a3e9455fa72420237eb05902327
Sha1:   7cb6efb98ba5972a9b5090dc2e517fe14d12cb04
Sha256: fcbcf165908dd18a9e49f7ff27810176db8e9f63b4352213741664245224f8aa
                                        
                                            GET /_r?sdk=web2.71.0&_t=1126317138361203511&branch_key=key_live_lpZCHBQzZx7SL2SjKyleAbpczykyM3xh&callback=branch_callback__1 HTTP/1.1 
Host: app.link
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://primexbt.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         54.230.111.120
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
                                        
content-length: 91
server: openresty
date: Wed, 30 Nov 2022 01:52:39 GMT
set-cookie: _s=D4QB%2BD2Y3FOUzmjlFAauRZX7RujQsf9F%2F4L3QbW1hb91Q0QMlbZNtkiYxwkJ%2F0FJ; Max-Age=31536000; Domain=.app.link; Path=/; Expires=Thu, 30 Nov 2023 01:52:39 GMT; Secure
x-content-type-options: nosniff
etag: W/"5b-Et+ePMCPS+bX4LniPIiG5OY7DBU"
strict-transport-security: max-age=31536000; includeSubDomains
x-cache: Miss from cloudfront
via: 1.1 d9fb4c3794a085bb4ee2c5798c2cb1b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: OrctF9vtQtMIvja2u5aqt_nlbDhnpQGW4ivpx6A58YwdPjoaiKCuXw==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   12330
Md5:    b881071b065e8088b3e2b66d795a6d22
Sha1:   c076ef091068c18c3743801b88823637289c2149
Sha256: eb9364ee0d9cccf00504266c7e0142b5e64977a33f4b82a86ad1dcc13b8afae8
                                        
                                            POST /v1/pageview HTTP/1.1 
Host: api2.branch.io
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://primexbt.com/
Content-Type: application/x-www-form-urlencoded
Content-Length: 2609
Origin: https://primexbt.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         54.230.111.34
HTTP/2 200 OK
content-type: application/json; charset=utf-8
                                        
content-length: 28
access-control-allow-origin: *
date: Wed, 30 Nov 2022 01:52:39 GMT
etag: W/"1c-KRZWpHfIKyIHGKJ9mp9lAyX+vFY"
strict-transport-security: max-age=31536000; includeSubDomains
x-branch-request-id: 73e0631dde414f2e83250d10d69ef060-2022113001
x-powered-by: Express
x-cache: Miss from cloudfront
via: 1.1 193a8c13b6e0a6b90db7172f6358335e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: EIVxOPSWW6vr6_VAnE39z4PAbqAAf0Tv2LIpMIMsrLKNQRzhTVM3JA==
X-Firefox-Spdy: h2

                                        
                                            GET /j/sendrolling.js HTTP/1.1 
Host: s.adroll.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://primexbt.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         143.204.55.75
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 30 Jun 2022 21:48:50 GMT
X-Amz-Server-Side-Encryption: AES256
X-Amz-Version-Id: wG3UJevK_dyyBSOJeVU2_V1xC3jx_aLw
Server: AmazonS3
Content-Encoding: gzip
Date: Tue, 29 Nov 2022 10:37:57 GMT
Etag: W/"9f2aa6ae991d93164d9512029d813cad"
Vary: Accept-Encoding
Via: 1.1 dbfaae0db03f11cf713bbcbdb25be4a2.cloudfront.net (CloudFront)
Age: 54883
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Access-Control-Allow-Headers: *
X-Cache: Hit from cloudfront
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: B5HQNI7P0BcBztF-vAKvhXR9kiwngqaBQwKH-czVHHn4HQfaifXW6A==


--- Additional Info ---
Magic:  data
Size:   6299
Md5:    ca9fac581eaef4309f601ed7d529cc8e
Sha1:   ab7e729ffd5f211aaf1a53d0dc703626f66889c7
Sha256: b640a0a9edfc090cd846cea70e810084dbe70f60f9865d76529b9de9e588b549
                                        
                                            POST /v1/pageview HTTP/1.1 
Host: api2.branch.io
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://primexbt.com/
Content-Type: application/x-www-form-urlencoded
Content-Length: 2923
Origin: https://primexbt.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         54.230.111.34
HTTP/2 200 OK
content-type: application/json; charset=utf-8
                                        
content-length: 28
access-control-allow-origin: *
date: Wed, 30 Nov 2022 01:52:39 GMT
etag: W/"1c-KRZWpHfIKyIHGKJ9mp9lAyX+vFY"
strict-transport-security: max-age=31536000; includeSubDomains
x-branch-request-id: cc6ff1be8c0e45688065f5ec02ff95f5-2022113001
x-powered-by: Express
x-cache: Miss from cloudfront
via: 1.1 193a8c13b6e0a6b90db7172f6358335e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: xcy2md_if-_gdxvpOHxjWHRLPb5y95I0KyqjwYGecSxFLTBc7MwKvA==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   1686
Md5:    1c316236cd4b0bde139eab1603903ec8
Sha1:   eee479d3da4744a7bf3ab5df4d04d95cdf01ec21
Sha256: d78636663592fd6924e0e9829778a6e6a168b94eec9e98152d272ce5b99d3391
                                        
                                            GET /cm/b/out?adroll_fpc=7315fe7afec15425a8dc647ec4f9ab08-1669773157637&pv=50800579642.45&arrfrr=https%3A%2F%2Fprimexbt.com%2Fid%2Fsign-up%3Fclick_id%3D6386b763a89a6e0001c81ea6%26pid%3D17436%26offer_id%3D12%26sub1%3D%26sub2%3D%26sub3%3D%26sub4%3D%26sub5%3D%26sub6%3D%26sub7%3D%26sub8%3D&advertisable=LDDKXWNNA5HJDJ6GEC5HVF HTTP/1.1 
Host: d.adroll.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://primexbt.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         54.77.66.171
HTTP/2 200 OK
content-type: image/gif
                                        
date: Wed, 30 Nov 2022 01:52:39 GMT
content-length: 42
server: nginx/1.22.0
cache-control: no-store, no-cache, must-revalidate
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
pragma: no-cache
set-cookie: __adroll=c94059599abc71dc212e5208466f927f-a_1669773159; Version=1; Expires=Sat, 30-Dec-2023 01:52:39 GMT; Max-Age=34128000; Path=/; HttpOnly; SameSite=None; Secure; Domain=d.adroll.com __adroll_shared=c94059599abc71dc212e5208466f927f-a_1669773159; Version=1; Expires=Sat, 30-Dec-2023 01:52:39 GMT; Max-Age=34128000; Path=/; HttpOnly; SameSite=None; Secure; Domain=adroll.com
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   13183
Md5:    2a2571018738b77bc8b77836817d62d1
Sha1:   b1dae2df987cfdec3855bb286b9d651908c7f089
Sha256: 366c53739083e0c6955441b96dd5b221aef1149dd25d5e2a086db98047ecd661
                                        
                                            GET /cm/g/out?adroll_fpc=7315fe7afec15425a8dc647ec4f9ab08-1669773157637&pv=50800579642.45&arrfrr=https%3A%2F%2Fprimexbt.com%2Fid%2Fsign-up%3Fclick_id%3D6386b763a89a6e0001c81ea6%26pid%3D17436%26offer_id%3D12%26sub1%3D%26sub2%3D%26sub3%3D%26sub4%3D%26sub5%3D%26sub6%3D%26sub7%3D%26sub8%3D&advertisable=LDDKXWNNA5HJDJ6GEC5HVF HTTP/1.1 
Host: d.adroll.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://primexbt.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         54.77.66.171
HTTP/2 200 OK
content-type: image/gif
                                        
date: Wed, 30 Nov 2022 01:52:39 GMT
content-length: 42
server: nginx/1.22.0
cache-control: no-store, no-cache, must-revalidate
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
pragma: no-cache
set-cookie: __adroll=41096fc49b1cef3bf32c15b23b7bb281-a_1669773159; Version=1; Expires=Sat, 30-Dec-2023 01:52:39 GMT; Max-Age=34128000; Path=/; HttpOnly; SameSite=None; Secure; Domain=d.adroll.com __adroll_shared=41096fc49b1cef3bf32c15b23b7bb281-a_1669773159; Version=1; Expires=Sat, 30-Dec-2023 01:52:39 GMT; Max-Age=34128000; Path=/; HttpOnly; SameSite=None; Secure; Domain=adroll.com
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   14319
Md5:    71a42be08e71f2a49aa204bf21ee7a58
Sha1:   addd207a22fbbcfb3a044202feeea0b165d9a2da
Sha256: 4fb86b0e2885c5da8b763fd6416114d3a8cc00de501ec01cf70044d3a6f4f251
                                        
                                            GET /tr/?id=657680712692700&ev=PageView&dl=https%3A%2F%2Fprimexbt.com%2Fid%2Fsign-up%3Fclick_id%3D6386b763a89a6e0001c81ea6%26pid%3D17436%26offer_id%3D12%26sub1%3D%26sub2%3D%26sub3%3D%26sub4%3D%26sub5%3D%26sub6%3D%26sub7%3D%26sub8%3D&rl=http%3A%2F%2Fblog.afterlivre.com%2F&if=false&ts=1669773157825&sw=1280&sh=1024&v=2.9.89&r=stable&ec=0&o=30&fbp=fb.1.1669773156007.9923889126&it=1669773156996&coo=false&rqm=GET HTTP/1.1 
Host: www.facebook.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://primexbt.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         31.13.72.36
HTTP/2 200 OK
content-type: text/plain
                                        
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Wed, 30 Nov 2022 01:52:39 GMT
X-Firefox-Spdy: h2

                                        
                                            GET /cm/index/out?adroll_fpc=7315fe7afec15425a8dc647ec4f9ab08-1669773157637&pv=50800579642.45&arrfrr=https%3A%2F%2Fprimexbt.com%2Fid%2Fsign-up%3Fclick_id%3D6386b763a89a6e0001c81ea6%26pid%3D17436%26offer_id%3D12%26sub1%3D%26sub2%3D%26sub3%3D%26sub4%3D%26sub5%3D%26sub6%3D%26sub7%3D%26sub8%3D&advertisable=LDDKXWNNA5HJDJ6GEC5HVF HTTP/1.1 
Host: d.adroll.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://primexbt.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         54.77.66.171
HTTP/2 200 OK
content-type: image/gif
                                        
date: Wed, 30 Nov 2022 01:52:39 GMT
content-length: 42
server: nginx/1.22.0
cache-control: no-store, no-cache, must-revalidate
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
pragma: no-cache
set-cookie: __adroll=74572b6b98fbd7fdc3d9711dd483b476-a_1669773159; Version=1; Expires=Sat, 30-Dec-2023 01:52:38 GMT; Max-Age=34128000; Path=/; HttpOnly; SameSite=None; Secure; Domain=d.adroll.com __adroll_shared=74572b6b98fbd7fdc3d9711dd483b476-a_1669773159; Version=1; Expires=Sat, 30-Dec-2023 01:52:38 GMT; Max-Age=34128000; Path=/; HttpOnly; SameSite=None; Secure; Domain=adroll.com
X-Firefox-Spdy: h2

                                        
                                            POST /messenger/web/ping HTTP/1.1 
Host: api-iam.intercom.io
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 614
Origin: https://primexbt.com
Connection: keep-alive
Referer: https://primexbt.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         52.20.196.176
HTTP/2 200 OK
content-type: application/json; charset=utf-8
                                        
date: Wed, 30 Nov 2022 01:52:38 GMT
status: 200 OK
cache-control: max-age=0, private, must-revalidate
x-ratelimit-limit: 13333
x-ratelimit-reset: 1669773160
strict-transport-security: max-age=31556952; includeSubDomains; preload
x-ratelimit-remaining: 13325
access-control-allow-origin: https://primexbt.com
vary: Accept,Accept-Encoding
x-intercom-version: 45e11db5292c18d5dd9240fa170c74f5f141c76f
x-xss-protection: 1; mode=block
content-encoding: gzip
x-request-id: 000aq7pkl9sm4qlavma0
access-control-allow-headers: Content-Type, Idempotency-Key, X-INTERCOM-APP, X-INTERCOM-PAGE-TITLE, X-INTERCOM-USER-DATA
access-control-allow-credentials: true
access-control-allow-methods: POST, GET, OPTIONS
etag: W/"f49f2bcad7f02cd68efbe66ebbfc45a7"
x-runtime: 0.291270
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
server: nginx
x-ami-version: ami-0e0148d2928d0c348
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   10214
Md5:    874ab1980d8b77c8e82db4cb5123910d
Sha1:   1b80118a3c3f7da763a49528bb058eed9cf6ccea
Sha256: df85c785d75dc1fcad4c0e91caa9ec2e7305ded55fc3a3f4174a3b3de2245e80
                                        
                                            GET /cm/n/out?adroll_fpc=7315fe7afec15425a8dc647ec4f9ab08-1669773157637&pv=50800579642.45&arrfrr=https%3A%2F%2Fprimexbt.com%2Fid%2Fsign-up%3Fclick_id%3D6386b763a89a6e0001c81ea6%26pid%3D17436%26offer_id%3D12%26sub1%3D%26sub2%3D%26sub3%3D%26sub4%3D%26sub5%3D%26sub6%3D%26sub7%3D%26sub8%3D&advertisable=LDDKXWNNA5HJDJ6GEC5HVF HTTP/1.1 
Host: d.adroll.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://primexbt.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         54.77.66.171
HTTP/2 200 OK
content-type: image/gif
                                        
date: Wed, 30 Nov 2022 01:52:39 GMT
content-length: 42
server: nginx/1.22.0
cache-control: no-store, no-cache, must-revalidate
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
pragma: no-cache
set-cookie: __adroll=65f7eace59154825cec56711459ebb9b-a_1669773159; Version=1; Expires=Sat, 30-Dec-2023 01:52:39 GMT; Max-Age=34128000; Path=/; HttpOnly; SameSite=None; Secure; Domain=d.adroll.com __adroll_shared=65f7eace59154825cec56711459ebb9b-a_1669773159; Version=1; Expires=Sat, 30-Dec-2023 01:52:39 GMT; Max-Age=34128000; Path=/; HttpOnly; SameSite=None; Secure; Domain=adroll.com
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   1330
Md5:    0975ff358b467f8d4a8aaabe2ca8622d
Sha1:   edc1b457199a7a2d9135aff4b7967d000f00292a
Sha256: 30292e9c5c13d93eb7cef9ab121939c8092912d5be976e21934981c35b10ae79
                                        
                                            GET /cm/o/out?adroll_fpc=7315fe7afec15425a8dc647ec4f9ab08-1669773157637&pv=50800579642.45&arrfrr=https%3A%2F%2Fprimexbt.com%2Fid%2Fsign-up%3Fclick_id%3D6386b763a89a6e0001c81ea6%26pid%3D17436%26offer_id%3D12%26sub1%3D%26sub2%3D%26sub3%3D%26sub4%3D%26sub5%3D%26sub6%3D%26sub7%3D%26sub8%3D&advertisable=LDDKXWNNA5HJDJ6GEC5HVF HTTP/1.1 
Host: d.adroll.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://primexbt.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         54.77.66.171
HTTP/2 200 OK
content-type: image/gif
                                        
date: Wed, 30 Nov 2022 01:52:39 GMT
content-length: 42
server: nginx/1.22.0
cache-control: no-store, no-cache, must-revalidate
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
pragma: no-cache
set-cookie: __adroll=ca7c756f584e2cec3901678fbfc6c71e-a_1669773159; Version=1; Expires=Sat, 30-Dec-2023 01:52:38 GMT; Max-Age=34128000; Path=/; HttpOnly; SameSite=None; Secure; Domain=d.adroll.com __adroll_shared=ca7c756f584e2cec3901678fbfc6c71e-a_1669773159; Version=1; Expires=Sat, 30-Dec-2023 01:52:38 GMT; Max-Age=34128000; Path=/; HttpOnly; SameSite=None; Secure; Domain=adroll.com
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   3101
Md5:    1f64367e585410e72a91ddabc98dca5d
Sha1:   bf416a3c5d1f2c20d277bb4193b84963d452e047
Sha256: 6381d9f3b11da8107f1047b35833bdfef368fa91c36d1bb2ed9e97679217d66b
                                        
                                            GET /cm/outbrain/out?adroll_fpc=7315fe7afec15425a8dc647ec4f9ab08-1669773157637&pv=50800579642.45&arrfrr=https%3A%2F%2Fprimexbt.com%2Fid%2Fsign-up%3Fclick_id%3D6386b763a89a6e0001c81ea6%26pid%3D17436%26offer_id%3D12%26sub1%3D%26sub2%3D%26sub3%3D%26sub4%3D%26sub5%3D%26sub6%3D%26sub7%3D%26sub8%3D&advertisable=LDDKXWNNA5HJDJ6GEC5HVF HTTP/1.1 
Host: d.adroll.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://primexbt.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         54.77.66.171
HTTP/2 200 OK
content-type: image/gif
                                        
date: Wed, 30 Nov 2022 01:52:39 GMT
content-length: 42
server: nginx/1.22.0
cache-control: no-store, no-cache, must-revalidate
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
pragma: no-cache
set-cookie: __adroll=e8a415249492f321703ef0dc32d31b35-a_1669773159; Version=1; Expires=Sat, 30-Dec-2023 01:52:39 GMT; Max-Age=34128000; Path=/; HttpOnly; SameSite=None; Secure; Domain=d.adroll.com __adroll_shared=e8a415249492f321703ef0dc32d31b35-a_1669773159; Version=1; Expires=Sat, 30-Dec-2023 01:52:39 GMT; Max-Age=34128000; Path=/; HttpOnly; SameSite=None; Secure; Domain=adroll.com
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   10802
Md5:    0f7e7ac31338e9053bfe1901bccef593
Sha1:   0b144c6e2ca80975b3f1e8e855790d6bfacf7da8
Sha256: 2030dada74b3f0d6f80dddf9badfc6b9cb3d9a72de22953ef50ceb42b3abdf57
                                        
                                            GET /tr/?id=1425882781274544&ev=PageView&dl=https%3A%2F%2Fprimexbt.com%2Fid%2Fsign-up%3Fclick_id%3D6386b763a89a6e0001c81ea6%26pid%3D17436%26offer_id%3D12%26sub1%3D%26sub2%3D%26sub3%3D%26sub4%3D%26sub5%3D%26sub6%3D%26sub7%3D%26sub8%3D&rl=http%3A%2F%2Fblog.afterlivre.com%2F&if=false&ts=1669773157822&sw=1280&sh=1024&v=2.9.89&r=stable&ec=0&o=30&fbp=fb.1.1669773156007.9923889126&it=1669773156996&coo=false&rqm=GET HTTP/1.1 
Host: www.facebook.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://primexbt.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         31.13.72.36
HTTP/2 200 OK
content-type: text/plain
                                        
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Wed, 30 Nov 2022 01:52:39 GMT
X-Firefox-Spdy: h2

                                        
                                            GET /cm/pubmatic/out?adroll_fpc=7315fe7afec15425a8dc647ec4f9ab08-1669773157637&pv=50800579642.45&arrfrr=https%3A%2F%2Fprimexbt.com%2Fid%2Fsign-up%3Fclick_id%3D6386b763a89a6e0001c81ea6%26pid%3D17436%26offer_id%3D12%26sub1%3D%26sub2%3D%26sub3%3D%26sub4%3D%26sub5%3D%26sub6%3D%26sub7%3D%26sub8%3D&advertisable=LDDKXWNNA5HJDJ6GEC5HVF HTTP/1.1 
Host: d.adroll.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://primexbt.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         54.77.66.171
HTTP/2 200 OK
content-type: image/gif
                                        
date: Wed, 30 Nov 2022 01:52:39 GMT
content-length: 42
server: nginx/1.22.0
cache-control: no-store, no-cache, must-revalidate
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
pragma: no-cache
set-cookie: __adroll=d3a6fc062059ef17656dea765bfbde79-a_1669773159; Version=1; Expires=Sat, 30-Dec-2023 01:52:39 GMT; Max-Age=34128000; Path=/; HttpOnly; SameSite=None; Secure; Domain=d.adroll.com __adroll_shared=d3a6fc062059ef17656dea765bfbde79-a_1669773159; Version=1; Expires=Sat, 30-Dec-2023 01:52:39 GMT; Max-Age=34128000; Path=/; HttpOnly; SameSite=None; Secure; Domain=adroll.com
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   42
Md5:    d89746888da2d9510b64a9f031eaecd5
Sha1:   d5fceb6532643d0d84ffe09c40c481ecdf59e15a
Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
                                        
                                            GET /cm/r/out?adroll_fpc=7315fe7afec15425a8dc647ec4f9ab08-1669773157637&pv=50800579642.45&arrfrr=https%3A%2F%2Fprimexbt.com%2Fid%2Fsign-up%3Fclick_id%3D6386b763a89a6e0001c81ea6%26pid%3D17436%26offer_id%3D12%26sub1%3D%26sub2%3D%26sub3%3D%26sub4%3D%26sub5%3D%26sub6%3D%26sub7%3D%26sub8%3D&advertisable=LDDKXWNNA5HJDJ6GEC5HVF HTTP/1.1 
Host: d.adroll.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://primexbt.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         54.77.66.171
HTTP/2 200 OK
content-type: image/gif
                                        
date: Wed, 30 Nov 2022 01:52:39 GMT
content-length: 42
server: nginx/1.22.0
cache-control: no-store, no-cache, must-revalidate
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
pragma: no-cache
set-cookie: __adroll=509d149c161888b9d0a89a9c74338794-a_1669773159; Version=1; Expires=Sat, 30-Dec-2023 01:52:38 GMT; Max-Age=34128000; Path=/; HttpOnly; SameSite=None; Secure; Domain=d.adroll.com __adroll_shared=509d149c161888b9d0a89a9c74338794-a_1669773159; Version=1; Expires=Sat, 30-Dec-2023 01:52:38 GMT; Max-Age=34128000; Path=/; HttpOnly; SameSite=None; Secure; Domain=adroll.com
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   10094
Md5:    aea377e7209272de14e31a4f7863adb2
Sha1:   5a54ecd7d96efc3b276dd8e4cec2b0d931d493a9
Sha256: e9e33e67b492aab8b6b9beff09e9fda151c84848e1c9795603c9c18aeba58b55
                                        
                                            GET /cm/taboola/out?adroll_fpc=7315fe7afec15425a8dc647ec4f9ab08-1669773157637&pv=50800579642.45&arrfrr=https%3A%2F%2Fprimexbt.com%2Fid%2Fsign-up%3Fclick_id%3D6386b763a89a6e0001c81ea6%26pid%3D17436%26offer_id%3D12%26sub1%3D%26sub2%3D%26sub3%3D%26sub4%3D%26sub5%3D%26sub6%3D%26sub7%3D%26sub8%3D&advertisable=LDDKXWNNA5HJDJ6GEC5HVF HTTP/1.1 
Host: d.adroll.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://primexbt.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         54.77.66.171
HTTP/2 200 OK
content-type: image/gif
                                        
date: Wed, 30 Nov 2022 01:52:39 GMT
content-length: 42
server: nginx/1.22.0
cache-control: no-store, no-cache, must-revalidate
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
pragma: no-cache
set-cookie: __adroll=f04ee01ec94b86d9e828f22369a8b958-a_1669773159; Version=1; Expires=Sat, 30-Dec-2023 01:52:39 GMT; Max-Age=34128000; Path=/; HttpOnly; SameSite=None; Secure; Domain=d.adroll.com __adroll_shared=f04ee01ec94b86d9e828f22369a8b958-a_1669773159; Version=1; Expires=Sat, 30-Dec-2023 01:52:39 GMT; Max-Age=34128000; Path=/; HttpOnly; SameSite=None; Secure; Domain=adroll.com
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   42
Md5:    d89746888da2d9510b64a9f031eaecd5
Sha1:   d5fceb6532643d0d84ffe09c40c481ecdf59e15a
Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
                                        
                                            GET /pubsub/5-g8mRFiX-JusJB8VH3EOrVjTg8s_Sq3aleU_URPI14Ep4WTDTq2cgki0mg_PBHYTUfXtG9Lm2J9PGP7EFM-WggUq6gguWMJoLLRst?X-Nexus-New-Client=true&X-Nexus-Version=0.9.0&user_role=undefined HTTP/1.1 
Host: nexus-websocket-a.intercom.io
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://primexbt.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: dTo3FbAHz//2XWFDEnz6vw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         35.174.127.31
HTTP/1.1 101 Switching Protocols
                                        
Server: nginx
Date: Wed, 30 Nov 2022 01:52:39 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: lry8jz/zVdzVZ6kzCDKlSwtYyKQ=


--- Additional Info ---
Magic:  data
Size:   6334
Md5:    5ab9a8b754afc5829eafed8dc16c04f0
Sha1:   f864104e79e03de7a0d0c2920fb1331332cfade9
Sha256: d637e825c14610ed8d7d112fd89314d0fc4135d9b636d0defefa50b3933229b0
                                        
                                            GET /cm/triplelift/out?adroll_fpc=7315fe7afec15425a8dc647ec4f9ab08-1669773157637&pv=50800579642.45&arrfrr=https%3A%2F%2Fprimexbt.com%2Fid%2Fsign-up%3Fclick_id%3D6386b763a89a6e0001c81ea6%26pid%3D17436%26offer_id%3D12%26sub1%3D%26sub2%3D%26sub3%3D%26sub4%3D%26sub5%3D%26sub6%3D%26sub7%3D%26sub8%3D&advertisable=LDDKXWNNA5HJDJ6GEC5HVF HTTP/1.1 
Host: d.adroll.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://primexbt.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         54.77.66.171
HTTP/2 200 OK
content-type: image/gif
                                        
date: Wed, 30 Nov 2022 01:52:39 GMT
content-length: 42
server: nginx/1.22.0
cache-control: no-store, no-cache, must-revalidate
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
pragma: no-cache
set-cookie: __adroll=1a96030caccf6738162e51a0a915e648-a_1669773159; Version=1; Expires=Sat, 30-Dec-2023 01:52:39 GMT; Max-Age=34128000; Path=/; HttpOnly; SameSite=None; Secure; Domain=d.adroll.com __adroll_shared=1a96030caccf6738162e51a0a915e648-a_1669773159; Version=1; Expires=Sat, 30-Dec-2023 01:52:39 GMT; Max-Age=34128000; Path=/; HttpOnly; SameSite=None; Secure; Domain=adroll.com
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   42
Md5:    d89746888da2d9510b64a9f031eaecd5
Sha1:   d5fceb6532643d0d84ffe09c40c481ecdf59e15a
Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
                                        
                                            GET /cm/x/out?adroll_fpc=7315fe7afec15425a8dc647ec4f9ab08-1669773157637&pv=50800579642.45&arrfrr=https%3A%2F%2Fprimexbt.com%2Fid%2Fsign-up%3Fclick_id%3D6386b763a89a6e0001c81ea6%26pid%3D17436%26offer_id%3D12%26sub1%3D%26sub2%3D%26sub3%3D%26sub4%3D%26sub5%3D%26sub6%3D%26sub7%3D%26sub8%3D&advertisable=LDDKXWNNA5HJDJ6GEC5HVF HTTP/1.1 
Host: d.adroll.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://primexbt.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         54.77.66.171
HTTP/2 200 OK
content-type: image/gif
                                        
date: Wed, 30 Nov 2022 01:52:39 GMT
content-length: 42
server: nginx/1.22.0
cache-control: no-store, no-cache, must-revalidate
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
pragma: no-cache
set-cookie: __adroll=ed197834c60cf1b83b502baa0768e7ef-a_1669773159; Version=1; Expires=Sat, 30-Dec-2023 01:52:38 GMT; Max-Age=34128000; Path=/; HttpOnly; SameSite=None; Secure; Domain=d.adroll.com __adroll_shared=ed197834c60cf1b83b502baa0768e7ef-a_1669773159; Version=1; Expires=Sat, 30-Dec-2023 01:52:38 GMT; Max-Age=34128000; Path=/; HttpOnly; SameSite=None; Secure; Domain=adroll.com
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   42
Md5:    d89746888da2d9510b64a9f031eaecd5
Sha1:   d5fceb6532643d0d84ffe09c40c481ecdf59e15a
Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fde294fb7-e851-4e57-83be-aa3374862dcb.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7971
x-amzn-requestid: e47d10e4-2b60-4998-b5fa-5b145e60aac2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYhgWHgGoAMFcLA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867c68-5b9710a07b0a59730e73dce4;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:40:56 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: OURSF_raDXrHV3-3ScaEdorNpW9ZKSIQjv6WUCQYHhruGz372BU_QA==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 21:58:15 GMT
age: 14068
etag: "87447d20e9c0a6a6aeefe6ca107f93cd3598cd0d"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   9831
Md5:    3a368d97275aaa6da1055410b2a9ead2
Sha1:   7d0df48d64d07a6bcd1749652e3771df2df239ed
Sha256: b618ffbe3daf3a8f45db355d0519167876772ef29e4f368f2155d354ee4b9606
                                        
                                            GET /i18n/pixel/identify.js HTTP/1.1 
Host: analytics.tiktok.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://primexbt.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         23.36.79.32
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
server: nginx
x-tt-logid: 2022113001523751D16EFDF892B886E612
x-tt-trace-host: 016eabbbec2a80a817c88fdee8d986cf602f4e8f28fd518fbd62b4f0adef0d7f17f90ee586a5b64b0824e19f15be354c6ccf44f199ad520382bede1737e1cd75296c7927aa61720225efdcef207bff2517c4a48bd322ad4647dbe65152bdcc782e
content-encoding: gzip
x-origin-response-time: 36,104.96.220.52
x-akamai-request-id: db6b0a6.7cb5fd5e
expires: Wed, 30 Nov 2022 01:52:38 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Wed, 30 Nov 2022 01:52:38 GMT
x-cache: TCP_MISS from a23-36-79-28.deploy.akamaitechnologies.com (AkamaiGHost/10.10.2-45048955) (-)
vary: Accept-Encoding
x-cache-remote: TCP_MISS from a104-96-220-52.deploy.akamaitechnologies.com (AkamaiGHost/10.10.2-45048955) (-)
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
server-timing: cdn-cache; desc=MISS, edge; dur=103, origin; dur=36, inner; dur=3
x-parent-response-time: 139,23.36.79.28
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /my/runtime.614be3ab1a132fb9.js HTTP/1.1 
Host: primexbt.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://primexbt.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         104.18.28.58
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Wed, 30 Nov 2022 01:52:36 GMT
last-modified: Thu, 24 Nov 2022 11:25:16 GMT
etag: W/"637f549c-1743"
cache-control: max-age=31536000
content-security-policy: frame-ancestors 'self' primexbt.com primexbt.ch primexbt-promo.com primexbt-start.com sign-up.primexbt.com eu.primexbt.com;
strict-transport-security: max-age=15552000
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: strict-origin
cf-cache-status: HIT
age: 218105
vary: Accept-Encoding
server: cloudflare
cf-ray: 771ff1d2ac081c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /my/styles.ef4e712452ae4955.css HTTP/1.1 
Host: primexbt.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://primexbt.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         104.18.28.58
HTTP/2 200 OK
content-type: text/css
                                        
date: Wed, 30 Nov 2022 01:52:36 GMT
last-modified: Thu, 24 Nov 2022 11:25:16 GMT
etag: W/"637f549c-25a6e"
cache-control: max-age=31536000
content-security-policy: frame-ancestors 'self' primexbt.com primexbt.ch primexbt-promo.com primexbt-start.com sign-up.primexbt.com eu.primexbt.com;
strict-transport-security: max-age=15552000
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: strict-origin
cf-cache-status: HIT
age: 477961
vary: Accept-Encoding
server: cloudflare
cf-ray: 771ff1d2bc101c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /my/polyfills.9dfb64fb545df8a7.js HTTP/1.1 
Host: primexbt.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://primexbt.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         104.18.28.58
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Wed, 30 Nov 2022 01:52:36 GMT
last-modified: Fri, 28 Oct 2022 14:13:44 GMT
etag: W/"635be398-19d9b"
cache-control: max-age=31536000
content-security-policy: frame-ancestors 'self' primexbt.com primexbt.ch primexbt-promo.com primexbt-start.com sign-up.primexbt.com eu.primexbt.com;
strict-transport-security: max-age=15552000
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: strict-origin
cf-cache-status: HIT
vary: Accept-Encoding
server: cloudflare
cf-ray: 771ff1d2ac091c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /my/main.a9c11151abcd8051.js HTTP/1.1 
Host: primexbt.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://primexbt.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         104.18.28.58
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Wed, 30 Nov 2022 01:52:36 GMT
last-modified: Thu, 24 Nov 2022 11:25:16 GMT
etag: W/"637f549c-1735d5"
cache-control: max-age=31536000
content-security-policy: frame-ancestors 'self' primexbt.com primexbt.ch primexbt-promo.com primexbt-start.com sign-up.primexbt.com eu.primexbt.com;
strict-transport-security: max-age=15552000
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: strict-origin
cf-cache-status: HIT
vary: Accept-Encoding
server: cloudflare
cf-ray: 771ff1d2bc0b1c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /v2/dictionary HTTP/1.1 
Host: api.primexbt.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://primexbt.com/
X-Guard: OG5Idjc8bjhwZHdlS0h9XHdId3BNe21ZSDV4SUp6NWQ=
X-Client-Version: 11404
X-Client-Time: 1669773155697
Origin: https://primexbt.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers

search
                                         104.18.28.58
HTTP/2 200 OK
content-type: application/json; charset=utf-8
                                        
date: Wed, 30 Nov 2022 01:52:37 GMT
x-request-id: 49c7693e-e583-4b7b-9e4a-6a961daafcae
cache-control: public, s-maxage=180
x-response-time: 0ms
access-control-allow-origin: https://primexbt.com
access-control-allow-credentials: true
access-control-allow-headers: Accept-Charset, Authorization, Origin, Accept, User-Agent, Accept-Encoding, Accept-Language, Content-Length, Accept-Datetime, Content-Type, x-client-time, X-Client-Version, x-guard, x-referer
access-control-expose-headers: x-request-id
access-control-allow-methods: GET, POST, PUT
access-control-max-age: 86400
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: origin
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 771ff1d71eaa0b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---