r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 5ceaca9fd4ad000cb435820812fc69c8
8168397aaf7b572c89a9c83f46c0b65e4ac509f2
9c4e52e7e17158307d752db0bc3d1fbedae4f305cc301fd73b260f73ab796492
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9C4E52E7E17158307D752DB0BC3D1FBEDAE4F305CC301FD73B260F73AB796492"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4712
Expires: Tue, 06 Dec 2022 20:56:15 GMT
Date: Tue, 06 Dec 2022 19:37:43 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash f83c5e33ba42e312ee398848bbb711f5
caa1fd23b1fbbe883292ded04404c1cfd861eb09
106d08fba45f1e13f85b4b5abc456594878494238933e54b6a06e21ed8a52bc9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5776
Cache-Control: max-age=145791
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 19:37:43 GMT
Etag: "638f19f6-1d7"
Expires: Thu, 08 Dec 2022 12:07:34 GMT
Last-Modified: Tue, 06 Dec 2022 10:31:18 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 06 Dec 2022 19:18:40 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 1143
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a0abf10fb7e96c1c98dacf2f013a68b4
acdd839bce85eadc78a8e821e32e00a958d5c0c8
b85d98f8df05431777d96c767ce4c152302ec3f653cdf6e61c8c3fa9574f3255
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B85D98F8DF05431777D96C767CE4C152302EC3F653CDF6E61C8C3FA9574F3255"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6319
Expires: Tue, 06 Dec 2022 21:23:02 GMT
Date: Tue, 06 Dec 2022 19:37:43 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 5SPBWQ0q5EvCv/6V/AcIvFuVjULQLbR/roQc3VEDK9/KWWQn0OFUOmpEGbo0uoeW1WlRQquX9QY=
x-amz-request-id: ZDGKE5H1QZ4BTQ0E
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 06 Dec 2022 18:49:03 GMT
age: 2920
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 06 Dec 2022 19:37:43 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Pragma, Last-Modified, ETag, Alert, Expires, Retry-After, Cache-Control, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 06 Dec 2022 19:11:20 GMT
cache-control: public,max-age=3600
age: 1583
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
8c075.ettr.wy5532.com/
199.115.115.102302 Found 11 B IP 199.115.115.102:0
ASN #30633 LEASEWEB-USA-WDC
File type ASCII text, with no line terminators
Hash 32682312d17c7cbf18e73594f5570319
60e22121bdd0bc71cdb2bae2a3aa577006b2eae9
e55fb1a1d731153e943b68844af12dcce8bfac917c98ffdea64c80da0607dd47
GET / HTTP/1.1
Host: 8c075.ettr.wy5532.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 11
date: Tue, 06 Dec 2022 19:37:43 GMT
location: https://mybettermb.com/aS/feedclick?s=HFz5zNIIs96fzq49jFkHXa3dDnCBF-q5pjcTajzqm_SU5IleOSHalxG_6U4hqQTcO4eq_lgR48_oiQJuDuwoS9gcFc4_-stleEiMFl0NUscCfSwvqLrt3Ni6czQKU3WjqWfap4yUt_iPH1TzciB1Qg6AZUDRz9bjOEX4iGGchU3iaM8vcO7TGAHfPzQVlwuB6mTmVAVTvWa0iH-4nS8dhHVQSH3hwkAo21-WyHjI9N_8ubjDSD9qCAiCzrzrUdR6sUj1qrsCIDzs97VN2QOtZOFThsZ7TwQe6i0xKi9swxGQHg4WFEqySetr5LZ3YBLMWW7AOKwgcLLgWtD9ajfLumZtO3Op1yhGbzGHwAhZBUbMUjiaVxbFss3gGwqNhZX84Ny4tXlhHGisWtkpeDuWpCUkElnZ7x-aASY4wpfhRuXKOswWpkMxTCVoNEAPR6-qlsi1LfQnyu3gC5cohRqkoex94yfh5flWg48a-jtPPieZ8T0_sd3JcBAZugi8ha3hSGlKBJPTqh_nXvaGortFQ10OoF6E_6ZFW41nNn102mrG2UJ6In2n-7l1g2-W3lXw9H_gRilIveqCArfhBuYpjg_HE0_AUN6rSGCm9YU_EoiYNQf7NBR3ue4bcVVmPCrrTNs-BQFEIakG_Mo_-ybgIatSStWeSexnBDUsAjReqsC8T6FZOp0ZMrgPoxdNST-TuiC5-ZNuWGuljBpiiaAB4I_TYdzUGHv9Ag4FMaL2fe-aR_xuJHfApQRS0xd1IoQLpKSxoCYMPte0rt40sUYRCPf8chMAm0Z8vZMExowf_639N8SshSeEx6wPdmEsk7KSrtg5Yuugvl7nAA319rQT5Ud6a0Dn6eNJC2fnSXp7Np_xHf4t_mLY3OLtKF6JjTLgGHwUzUOiWSZ4MERqc-xHHFxNC1E927HtTVPUJlZQJfjIbJYOSXzm4qIjwxky0eLa_fv58kzvM4lem70uCFpQ4OLpCdykaf-SEJZRj4sC8OPzY9V_k44LoQN8-iDLKN_vYFy7zCzpgZp6Aale0cTOp4NtSb91eU9pisfPL66Th49Qe2pkZcxjT2Wn2IkW6nnon5ia4kQy4cU0HlYHa6hxkaVZKcPqz-wxxwTqylmjVcJcfx0th3Q4kYjcFzd0dmGsDUE0MfzNNE10bRoNekFkGFLfQwq6eHk4sAjKIsa6aWK_LoFaskE2YuF-8HRrbc13Lm2uYWJ6y1b1UpM7P10qXw
server: nginx
set-cookie: sid=73b08ff4-759d-11ed-bbb5-e6ae22dcb1db; path=/; domain=.wy5532.com; expires=Sun, 24 Dec 2090 22:51:50 GMT; max-age=2147483647; HttpOnly
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 0f7dcaa590e32cfd1c075255188d5f06
d4bb4954fefdb3b59560b54adf500e806e252e39
195795c2511b31519134f5eb4442d8708918ecaff72f8e821a5473ad7c97c448
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5729
Cache-Control: max-age=140676
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 19:37:43 GMT
Etag: "638f062a-1d7"
Expires: Thu, 08 Dec 2022 10:42:19 GMT
Last-Modified: Tue, 06 Dec 2022 09:06:50 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 8cff693ee9c762244ede97dd8fcd747a
502f6f4bf0484b95b1a1339077d6fd9df5aced9e
99e344ff76e45b61c748a61cd60c67aff303ffc62e6e5a1e679f59d66c0a15da
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 19:37:44 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sun, 04 Dec 2022 19:25:46 GMT
Expires: Sun, 11 Dec 2022 19:25:45 GMT
Etag: "502f6f4bf0484b95b1a1339077d6fd9df5aced9e"
Cache-Control: max-age=430680,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77577a52ab300afe-OSL
push.services.mozilla.com/
35.163.114.208101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.163.114.208:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: VQxXsgYq5FSFMHFNNwhFcA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: o++EuTNLBQ1V+lo1prB/yR0UykA=
mybettermb.com/aS/feedclick?s=HFz5zNIIs96fzq49jFkHXa3dDnCBF-q5pjcTajzqm_SU5IleOSHalxG_6U4hqQTcO4eq_lgR48_oiQJuDuwoS9gcFc4_-stleEiMFl0NUscCfSwvqLrt3Ni6czQKU3WjqWfap4yUt_iPH1TzciB1Qg6AZUDRz9bjOEX4iGGchU3iaM8vcO7TGAHfPzQVlwuB6mTmVAVTvWa0iH-4nS8dhHVQSH3hwkAo21-WyHjI9N_8ubjDSD9qCAiCzrzrUdR6sUj1qrsCIDzs97VN2QOtZOFThsZ7TwQe6i0xKi9swxGQHg4WFEqySetr5LZ3YBLMWW7AOKwgcLLgWtD9ajfLumZtO3Op1yhGbzGHwAhZBUbMUjiaVxbFss3gGwqNhZX84Ny4tXlhHGisWtkpeDuWpCUkElnZ7x-aASY4wpfhRuXKOswWpkMxTCVoNEAPR6-qlsi1LfQnyu3gC5cohRqkoex94yfh5flWg48a-jtPPieZ8T0_sd3JcBAZugi8ha3hSGlKBJPTqh_nXvaGortFQ10OoF6E_6ZFW41nNn102mrG2UJ6In2n-7l1g2-W3lXw9H_gRilIveqCArfhBuYpjg_HE0_AUN6rSGCm9YU_EoiYNQf7NBR3ue4bcVVmPCrrTNs-BQFEIakG_Mo_-ybgIatSStWeSexnBDUsAjReqsC8T6FZOp0ZMrgPoxdNST-TuiC5-ZNuWGuljBpiiaAB4I_TYdzUGHv9Ag4FMaL2fe-aR_xuJHfApQRS0xd1IoQLpKSxoCYMPte0rt40sUYRCPf8chMAm0Z8vZMExowf_639N8SshSeEx6wPdmEsk7KSrtg5Yuugvl7nAA319rQT5Ud6a0Dn6eNJC2fnSXp7Np_xHf4t_mLY3OLtKF6JjTLgGHwUzUOiWSZ4MERqc-xHHFxNC1E927HtTVPUJlZQJfjIbJYOSXzm4qIjwxky0eLa_fv58kzvM4lem70uCFpQ4OLpCdykaf-SEJZRj4sC8OPzY9V_k44LoQN8-iDLKN_vYFy7zCzpgZp6Aale0cTOp4NtSb91eU9pisfPL66Th49Qe2pkZcxjT2Wn2IkW6nnon5ia4kQy4cU0HlYHa6hxkaVZKcPqz-wxxwTqylmjVcJcfx0th3Q4kYjcFzd0dmGsDUE0MfzNNE10bRoNekFkGFLfQwq6eHk4sAjKIsa6aWK_LoFaskE2YuF-8HRrbc13Lm2uYWJ6y1b1UpM7P10qXw
108.168.193.189302 Found 0 B URL HTTP/2 mybettermb.com/aS/feedclick?s=HFz5zNIIs96fzq49jFkHXa3dDnCBF-q5pjcTajzqm_SU5IleOSHalxG_6U4hqQTcO4eq_lgR48_oiQJuDuwoS9gcFc4_-stleEiMFl0NUscCfSwvqLrt3Ni6czQKU3WjqWfap4yUt_iPH1TzciB1Qg6AZUDRz9bjOEX4iGGchU3iaM8vcO7TGAHfPzQVlwuB6mTmVAVTvWa0iH-4nS8dhHVQSH3hwkAo21-WyHjI9N_8ubjDSD9qCAiCzrzrUdR6sUj1qrsCIDzs97VN2QOtZOFThsZ7TwQe6i0xKi9swxGQHg4WFEqySetr5LZ3YBLMWW7AOKwgcLLgWtD9ajfLumZtO3Op1yhGbzGHwAhZBUbMUjiaVxbFss3gGwqNhZX84Ny4tXlhHGisWtkpeDuWpCUkElnZ7x-aASY4wpfhRuXKOswWpkMxTCVoNEAPR6-qlsi1LfQnyu3gC5cohRqkoex94yfh5flWg48a-jtPPieZ8T0_sd3JcBAZugi8ha3hSGlKBJPTqh_nXvaGortFQ10OoF6E_6ZFW41nNn102mrG2UJ6In2n-7l1g2-W3lXw9H_gRilIveqCArfhBuYpjg_HE0_AUN6rSGCm9YU_EoiYNQf7NBR3ue4bcVVmPCrrTNs-BQFEIakG_Mo_-ybgIatSStWeSexnBDUsAjReqsC8T6FZOp0ZMrgPoxdNST-TuiC5-ZNuWGuljBpiiaAB4I_TYdzUGHv9Ag4FMaL2fe-aR_xuJHfApQRS0xd1IoQLpKSxoCYMPte0rt40sUYRCPf8chMAm0Z8vZMExowf_639N8SshSeEx6wPdmEsk7KSrtg5Yuugvl7nAA319rQT5Ud6a0Dn6eNJC2fnSXp7Np_xHf4t_mLY3OLtKF6JjTLgGHwUzUOiWSZ4MERqc-xHHFxNC1E927HtTVPUJlZQJfjIbJYOSXzm4qIjwxky0eLa_fv58kzvM4lem70uCFpQ4OLpCdykaf-SEJZRj4sC8OPzY9V_k44LoQN8-iDLKN_vYFy7zCzpgZp6Aale0cTOp4NtSb91eU9pisfPL66Th49Qe2pkZcxjT2Wn2IkW6nnon5ia4kQy4cU0HlYHa6hxkaVZKcPqz-wxxwTqylmjVcJcfx0th3Q4kYjcFzd0dmGsDUE0MfzNNE10bRoNekFkGFLfQwq6eHk4sAjKIsa6aWK_LoFaskE2YuF-8HRrbc13Lm2uYWJ6y1b1UpM7P10qXw
IP 108.168.193.189:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /aS/feedclick?s=HFz5zNIIs96fzq49jFkHXa3dDnCBF-q5pjcTajzqm_SU5IleOSHalxG_6U4hqQTcO4eq_lgR48_oiQJuDuwoS9gcFc4_-stleEiMFl0NUscCfSwvqLrt3Ni6czQKU3WjqWfap4yUt_iPH1TzciB1Qg6AZUDRz9bjOEX4iGGchU3iaM8vcO7TGAHfPzQVlwuB6mTmVAVTvWa0iH-4nS8dhHVQSH3hwkAo21-WyHjI9N_8ubjDSD9qCAiCzrzrUdR6sUj1qrsCIDzs97VN2QOtZOFThsZ7TwQe6i0xKi9swxGQHg4WFEqySetr5LZ3YBLMWW7AOKwgcLLgWtD9ajfLumZtO3Op1yhGbzGHwAhZBUbMUjiaVxbFss3gGwqNhZX84Ny4tXlhHGisWtkpeDuWpCUkElnZ7x-aASY4wpfhRuXKOswWpkMxTCVoNEAPR6-qlsi1LfQnyu3gC5cohRqkoex94yfh5flWg48a-jtPPieZ8T0_sd3JcBAZugi8ha3hSGlKBJPTqh_nXvaGortFQ10OoF6E_6ZFW41nNn102mrG2UJ6In2n-7l1g2-W3lXw9H_gRilIveqCArfhBuYpjg_HE0_AUN6rSGCm9YU_EoiYNQf7NBR3ue4bcVVmPCrrTNs-BQFEIakG_Mo_-ybgIatSStWeSexnBDUsAjReqsC8T6FZOp0ZMrgPoxdNST-TuiC5-ZNuWGuljBpiiaAB4I_TYdzUGHv9Ag4FMaL2fe-aR_xuJHfApQRS0xd1IoQLpKSxoCYMPte0rt40sUYRCPf8chMAm0Z8vZMExowf_639N8SshSeEx6wPdmEsk7KSrtg5Yuugvl7nAA319rQT5Ud6a0Dn6eNJC2fnSXp7Np_xHf4t_mLY3OLtKF6JjTLgGHwUzUOiWSZ4MERqc-xHHFxNC1E927HtTVPUJlZQJfjIbJYOSXzm4qIjwxky0eLa_fv58kzvM4lem70uCFpQ4OLpCdykaf-SEJZRj4sC8OPzY9V_k44LoQN8-iDLKN_vYFy7zCzpgZp6Aale0cTOp4NtSb91eU9pisfPL66Th49Qe2pkZcxjT2Wn2IkW6nnon5ia4kQy4cU0HlYHa6hxkaVZKcPqz-wxxwTqylmjVcJcfx0th3Q4kYjcFzd0dmGsDUE0MfzNNE10bRoNekFkGFLfQwq6eHk4sAjKIsa6aWK_LoFaskE2YuF-8HRrbc13Lm2uYWJ6y1b1UpM7P10qXw HTTP/1.1
Host: mybettermb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
server: nginx
date: Tue, 06 Dec 2022 19:37:44 GMT
content-length: 0
set-cookie: rhid=82503504616; Max-Age=15552000; Expires=Sun, 04-Jun-2023 19:37:44 GMT; Domain=mybettermb.com; Path=/; SameSite=None; secure;
location: https://p185689.mybettermb.com/adServe/domainClick?ai=GNWsBy0vmeV3SgYApG4dlV_cvGsTSfm9sJ9N7gjFJ1lfN4fHC3nxY-GmQm8pRE7KBp8N1Cqk3GlqgEE0f5Fjh8XnLiFpVgC8Bvf4RIcbQkesmlp2eq07wdMZfCzVyN3SYlZ0CBoMUA4lO7oBdjPsrq437aeeyAtTDwHvy-FgMa3Lq9TLqXVN9AeAQQ5GEQoiMCGY_08RlUhrXZ7fy64Z_MSDPhdk_SCbAOiOAfLKc3X6tVUHBRtKv-3MVfKXZeqnjZ1KsGQdcLbXy9rWOEYUYjyN2o-3EfhQIlDjxDeukss2V8Z1_cNyh9cIHqGMuP9gcBeRmJ93EJu5kygdpabC421p2h3hBQbn6LRFKy_60DM&ui=HFz5zNIIs96fzq49jFkHXcQzYObQGwwU7xf6tdOZukMiakcPe86J4f2wWpZ7b3lfMK37T1hdtpERr2d-QlxUa_GyKAbVU2baPuImapjRz5lg6vy0WiYyYw&si=1&oref=8e1dd1be172304d34167fb9a89f6676a&optunit=Lm2uYWJ6y1bbEItyw-irrg&rb=JqqHJF0zZfk&rr=1&isco=t&abtg=0
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 94ca3a1f96eeb0fa0ba2d8007e77f9c5
f6f9f4397084d7b8fde8b9e245b68794f893b7f4
e45639a26d6a78c7c2a25c6f728e0fbd00876bb5c28d1422cf36cdcec868f273
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E45639A26D6A78C7C2A25C6F728E0FBD00876BB5C28D1422CF36CDCEC868F273"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4690
Expires: Tue, 06 Dec 2022 20:55:54 GMT
Date: Tue, 06 Dec 2022 19:37:44 GMT
Connection: keep-alive
go.proffering.xyz/15GQdy?zoneid=442273227&keyword=wy5532+RO&cost=0.0006
20.113.187.208302 Found 244 B URL HTTP/1.1 go.proffering.xyz/15GQdy?zoneid=442273227&keyword=wy5532+RO&cost=0.0006
IP 20.113.187.208:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document, ASCII text, with no line terminators
Hash abbd0bada388fd85a3c39024be98e167
70ec35ee032ec2f08ef4754cb7477021b903a18c
0f4ce461d48f99229b2022cff051eccfeb42504d8b889043b8a4bf31ca678498
GET /15GQdy?zoneid=442273227&keyword=wy5532+RO&cost=0.0006 HTTP/1.1
Host: go.proffering.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx/1.23.0
Date: Tue, 06 Dec 2022 19:37:45 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 244
Connection: keep-alive
X-Powered-By: Express
Set-Cookie: 15GQdyo=20221206221670356050335; domain=.go.proffering.xyz; path=/;expires=Wed, 07 Dec 2022 19:37:44 GMT; httpOnly=true;SameSite=None; Secure;
_pc_lc_id=15GQdy; domain=.go.proffering.xyz; path=/;expires=Wed, 07 Dec 2022 19:37:44 GMT; httpOnly=true;SameSite=None; Secure;
peerclickcid=a1ca637b498ed139619c8df282b78061-11246-1206; domain=.go.proffering.xyz; path=/;expires=Wed, 07 Dec 2022 19:37:45 GMT; httpOnly=true;SameSite=None; Secure;
_norg=1; domain=.go.proffering.xyz; path=/;expires=Wed, 07 Dec 2022 19:37:45 GMT; httpOnly=true;SameSite=None; Secure;
Location: https://girlstaste.life/?u=7pfk605&o=e9ym176&cid=a1ca637b498ed139619c8df282b78061-11246-1206
Vary: Accept
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 5591795dab506771c36b7d8c7b356d7e
82deb839e772fc56f1b1336283862c8e45229323
853ccd6ba234f607a987c5a6a2a10a5f6c0d4a700e1de8661b84bff24fb9766a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "853CCD6BA234F607A987C5A6A2A10A5F6C0D4A700E1DE8661B84BFF24FB9766A"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16366
Expires: Wed, 07 Dec 2022 00:10:31 GMT
Date: Tue, 06 Dec 2022 19:37:45 GMT
Connection: keep-alive
girlstaste.life/?u=7pfk605&o=e9ym176&cid=a1ca637b498ed139619c8df282b78061-11246-1206
194.87.208.70200 OK 7.2 kB URL HTTP/1.1 girlstaste.life/?u=7pfk605&o=e9ym176&cid=a1ca637b498ed139619c8df282b78061-11246-1206
IP 194.87.208.70:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (531), with CRLF line terminators
Hash 9b22494e82fbef93808bc40b171e4537
8053b86bd75c7e883520c9d038a4b59a36c5f3d9
54b8baa96c97219e19fe234532318bf7d6b36da933a7ab0cc69be9649172cdf9
Analyzer Verdict Alert quad9 Sinkholed
GET /?u=7pfk605&o=e9ym176&cid=a1ca637b498ed139619c8df282b78061-11246-1206 HTTP/1.1
Host: girlstaste.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Dec 2022 19:37:45 GMT
Content-Type: text/html
Content-Length: 7215
Connection: keep-alive
set-cookie: sid=t2~bsprpgh43fkmebnr1hafd1xm; path=/
cache-control: private, no-transform
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5124
Expires: Tue, 06 Dec 2022 21:03:09 GMT
Date: Tue, 06 Dec 2022 19:37:45 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5124
Expires: Tue, 06 Dec 2022 21:03:09 GMT
Date: Tue, 06 Dec 2022 19:37:45 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5124
Expires: Tue, 06 Dec 2022 21:03:09 GMT
Date: Tue, 06 Dec 2022 19:37:45 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5124
Expires: Tue, 06 Dec 2022 21:03:09 GMT
Date: Tue, 06 Dec 2022 19:37:45 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5124
Expires: Tue, 06 Dec 2022 21:03:09 GMT
Date: Tue, 06 Dec 2022 19:37:45 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962c65f4-b402-46b4-83ba-50f3159341f2.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962c65f4-b402-46b4-83ba-50f3159341f2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b15136d60fd0a5e0f657a4f5c75d540f
36082b7329d473829178f280cb71a83b1531e486
79478269b1f5dcfd1e45ccd4264fa44805b37c5c8fec820bcbd2fa1689dfbbd8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962c65f4-b402-46b4-83ba-50f3159341f2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11224
x-amzn-requestid: 938de0b8-1055-4416-9ad7-162ab5f4db9f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csUINEwdoAMFuOw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e6701-38b079ef341bb17e567de773;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:47:45 GMT
x-amz-cf-pop: YVR50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: tGtiCE9C3j0BUruNaFN2j1mKxCSouLmocmTXpmLMBJaLNyVwkXu1gQ==
via: 1.1 f0ac467993db44dbfc36b778dfcaf73c.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 22:09:28 GMT
age: 77297
etag: "36082b7329d473829178f280cb71a83b1531e486"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feff698a5-ffc4-43ea-b7a3-b681cafeb108.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feff698a5-ffc4-43ea-b7a3-b681cafeb108.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5d72fb8d20c29763234c2817b119d11b
d4924ec714f5157bcb2fddcb5f768188a3dd37dc
e9aa59142e0673ed3f58b36beaca48213c678dbe4655f9c4b64581cb0f6f22f6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feff698a5-ffc4-43ea-b7a3-b681cafeb108.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12830
x-amzn-requestid: 66f5f2fa-8472-4484-bbea-20ece7e98b1f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cmcsxGDyIAMFX4Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638c0e51-146167697890d9312ce3dbac;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 03:04:49 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: WMeay1i2pxnboCB3Qcwb2ray4tnyEzO89tQrHCfGdI3s9kJsMWvzBw==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Dec 2022 03:41:05 GMT
age: 57400
etag: "d4924ec714f5157bcb2fddcb5f768188a3dd37dc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffaf0de04-19bf-4944-9ac5-5178afafb192.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffaf0de04-19bf-4944-9ac5-5178afafb192.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7f2c354a00ab51d4a41221b6bf191c10
01ceb7233fe05ad8dff3a0a43eef879ea2b83ec4
7d3c8417e1db0db41ceb8b4bf3f506864392dd1ad29319a06a8a6055f6f2ed12
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffaf0de04-19bf-4944-9ac5-5178afafb192.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11352
x-amzn-requestid: 7c3fc7bb-eb1f-46ec-8e92-b6ffc6261848
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csSwuF1ToAMFiIA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e64d1-7c53152a279f00595b9886bd;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:38:25 GMT
x-amz-cf-pop: SFO5-P2, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: EQorA5VTb0s2BEIWBkdkhDho-bLdLVvu8LnAIQsQqsIjgBLneYqCzg==
via: 1.1 b6d577696b14c86cbfeb5b3459f38c50.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 21:48:22 GMT
age: 78563
etag: "01ceb7233fe05ad8dff3a0a43eef879ea2b83ec4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F70fb9d31-10e5-4323-9fbd-ed451a00e6b1.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F70fb9d31-10e5-4323-9fbd-ed451a00e6b1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7e1b54923ba506fde6b21c5bfb51ccc8
366aa3ab0790c496ea51bc08d1f2ff3358530d9e
a993ca6dc9a1f854f4542f9221e4f90060825ea863974b5163a9d3e284dc4663
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F70fb9d31-10e5-4323-9fbd-ed451a00e6b1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10594
x-amzn-requestid: eee9f193-eef5-44bf-997a-877fa206749e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csSyIHpGoAMF1fw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e64da-0a9190f7698dbf2f73bb1575;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:38:34 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: T28mItwomGU8iDJ18lUF7ZrFuyh_P3ZTwUtA4AC5qZ5C5FQurDMgmQ==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 21:54:01 GMT
age: 78224
etag: "366aa3ab0790c496ea51bc08d1f2ff3358530d9e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6d735c66-8946-4145-a67f-e17dd48087bc.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6d735c66-8946-4145-a67f-e17dd48087bc.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 38b97436af942d5eb1111ca7043259a0
0234fe32c84c4711f0619714f3ac6d3db1b717d3
a76a7721355abbaecd5c8cb5218e7e4626dc345eb26e7541c71bf4ceaa7ae5d8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6d735c66-8946-4145-a67f-e17dd48087bc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11175
x-amzn-requestid: 9c93ddca-1247-44af-a364-e617f69ace26
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csSzYEnEoAMFa2A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e64e2-7d38ea383725901524bc2ca0;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:38:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: fNsYsKfPUM8QaG7-F1tSBDdsNit1BfYpWddNssXwyFO2HgdA0RpjAQ==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 21:54:21 GMT
age: 78204
etag: "0234fe32c84c4711f0619714f3ac6d3db1b717d3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faeae6973-c3cb-4597-8dcc-f36e4cd35fda.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faeae6973-c3cb-4597-8dcc-f36e4cd35fda.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5529617b0748f2d8c82ef99c1ac116a8
a862b74508113ae72b56b9b3de0c75ba559b9032
376a82ae4a5b80f59fb746be79bca569b03a74c345845c7bbf15189964b0bb96
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faeae6973-c3cb-4597-8dcc-f36e4cd35fda.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11469
x-amzn-requestid: f60a3f0d-38f7-4f82-bdd5-9e31814ab1d9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csSuZGAXIAMFwuA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e64c2-5b4b99e779a0aaa71a311a1c;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:38:10 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: bWcuXixVA50JUynSO7ar3nWfjsTa5iOteSYq88bWPlQvz__1qfv7Uw==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 21:41:49 GMT
age: 78956
etag: "a862b74508113ae72b56b9b3de0c75ba559b9032"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
girlstaste.life/media/dating/toon2/css/animate.min.css
194.87.208.70200 OK 53 kB URL HTTP/1.1 girlstaste.life/media/dating/toon2/css/animate.min.css
IP 194.87.208.70:0
File type ASCII text, with very long lines (52592)
Hash 178b651958ceff556cbc5f355e08bbf1
97afa151569f046b2e01f27c1871646e9cd87caf
8fe3fa119255adb5e0c12479331f9e092e85bcff56ab6ecc0510bfa2056b898d
Analyzer Verdict Alert quad9 Sinkholed
GET /media/dating/toon2/css/animate.min.css HTTP/1.1
Host: girlstaste.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlstaste.life/?u=7pfk605&o=e9ym176&cid=a1ca637b498ed139619c8df282b78061-11246-1206
Cookie: sid=t2~bsprpgh43fkmebnr1hafd1xm
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Dec 2022 19:37:45 GMT
Content-Type: text/css
Content-Length: 52789
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "178b651958ceff556cbc5f355e08bbf1"
Last-Modified: Wed, 31 Aug 2022 09:34:40 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E4A18F89F7E18
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Wed, 06 Dec 2023 19:37:45 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
girlstaste.life/media/exit-new/exit1.js
194.87.208.70200 OK 3.5 kB URL HTTP/1.1 girlstaste.life/media/exit-new/exit1.js
IP 194.87.208.70:0
File type ASCII text, with very long lines (641), with CRLF line terminators
Hash 625e5e2950612f771e246beb33c9ea61
e4fc251c6c000496c285f8dc3fa097040b031681
618f345a156a0eda55177a1bf0e8a414104f9b6c6ff5cdbe71966f081ccb8a46
Analyzer Verdict Alert quad9 Sinkholed
GET /media/exit-new/exit1.js HTTP/1.1
Host: girlstaste.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlstaste.life/?u=7pfk605&o=e9ym176&cid=a1ca637b498ed139619c8df282b78061-11246-1206
Cookie: sid=t2~bsprpgh43fkmebnr1hafd1xm
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Dec 2022 19:37:45 GMT
Content-Type: application/javascript
Content-Length: 3473
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "625e5e2950612f771e246beb33c9ea61"
Last-Modified: Wed, 31 Aug 2022 09:34:51 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E49F71EF07EBF
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Wed, 06 Dec 2023 19:37:45 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
girlstaste.life/media/dating/toon2/css/style.css
194.87.208.70200 OK 8.6 kB URL HTTP/1.1 girlstaste.life/media/dating/toon2/css/style.css
IP 194.87.208.70:0
File type ASCII text, with CRLF line terminators
Hash 549edaff59c582a6a3ca91f95c60ea71
a9edcba7d667efcfd812bcd413ccbdcb2b67cc88
b28722475035fc8fdc751034c2df8f49d66eb25cf28cf031c4e7357414a131da
Analyzer Verdict Alert quad9 Sinkholed
GET /media/dating/toon2/css/style.css HTTP/1.1
Host: girlstaste.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlstaste.life/?u=7pfk605&o=e9ym176&cid=a1ca637b498ed139619c8df282b78061-11246-1206
Cookie: sid=t2~bsprpgh43fkmebnr1hafd1xm
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Dec 2022 19:37:45 GMT
Content-Type: text/css
Content-Length: 8608
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "549edaff59c582a6a3ca91f95c60ea71"
Last-Modified: Wed, 31 Aug 2022 09:34:40 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E4A18F8B83194
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Wed, 06 Dec 2023 19:37:45 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
girlstaste.life/media/bb.js
194.87.208.70200 OK 639 B URL HTTP/1.1 girlstaste.life/media/bb.js
IP 194.87.208.70:0
File type ASCII text, with very long lines (639), with no line terminators
Hash 0d553e4bac91c74bfee2dbabba61e99e
5af71e2377c9c012a7826a695f2724901941b19b
1be1304c675449b1bad38ea8c3da6c1da0763ed2fad339ee1aa461c7bf4e2a68
Analyzer Verdict Alert quad9 Sinkholed
GET /media/bb.js HTTP/1.1
Host: girlstaste.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlstaste.life/?u=7pfk605&o=e9ym176&cid=a1ca637b498ed139619c8df282b78061-11246-1206
Cookie: sid=t2~bsprpgh43fkmebnr1hafd1xm
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Dec 2022 19:37:45 GMT
Content-Type: application/javascript
Content-Length: 639
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "0d553e4bac91c74bfee2dbabba61e99e"
Last-Modified: Wed, 31 Aug 2022 09:32:33 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E49F4BB53E643
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Wed, 06 Dec 2023 19:37:45 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash c10bc583c46449dc192a809398b4e814
ff0f7ad905d32d7f3d01e4054552d0ad551503a5
defd2b2559e55c9c6c0f8be9b23c53c4e781a736feae3dd73b4d203b69cfcc57
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 19:37:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash c10bc583c46449dc192a809398b4e814
ff0f7ad905d32d7f3d01e4054552d0ad551503a5
defd2b2559e55c9c6c0f8be9b23c53c4e781a736feae3dd73b4d203b69cfcc57
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 19:37:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
girlstaste.life/util/utils.js
194.87.208.70200 OK 7.5 kB URL HTTP/1.1 girlstaste.life/util/utils.js
IP 194.87.208.70:0
File type ASCII text, with very long lines (641), with CRLF line terminators
Hash 01816d15ca03032751161a746e2fb7c3
dcc72ea5fa1356490ba473288159df9786b4a3c3
8b3c83a330bf1120a13eff6ef60c1e268b827b7bc49b42a7a1f5d8ad6941f2ea
Analyzer Verdict Alert quad9 Sinkholed
GET /util/utils.js HTTP/1.1
Host: girlstaste.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlstaste.life/?u=7pfk605&o=e9ym176&cid=a1ca637b498ed139619c8df282b78061-11246-1206
Cookie: sid=t2~bsprpgh43fkmebnr1hafd1xm
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Dec 2022 19:37:45 GMT
Content-Type: application/javascript
Content-Length: 7512
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "01816d15ca03032751161a746e2fb7c3"
Last-Modified: Wed, 31 Aug 2022 09:38:20 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E49F65A0E2DB5
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Wed, 06 Dec 2023 19:37:45 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
girlstaste.life/cookie/js.cookie.js
194.87.208.70200 OK 4.3 kB URL HTTP/1.1 girlstaste.life/cookie/js.cookie.js
IP 194.87.208.70:0
File type ASCII text, with very long lines (1709), with CRLF line terminators
Hash a7e9883924072f15259de6888d5ef515
7f4f6e5938e68f55aef81e0cd0145f008cd28382
985659942ab60a92b3c0a7f876d9ef60e8f048ff655a622a172fa4b44f901b6c
Analyzer Verdict Alert quad9 Sinkholed
GET /cookie/js.cookie.js HTTP/1.1
Host: girlstaste.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlstaste.life/?u=7pfk605&o=e9ym176&cid=a1ca637b498ed139619c8df282b78061-11246-1206
Cookie: sid=t2~bsprpgh43fkmebnr1hafd1xm
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Dec 2022 19:37:45 GMT
Content-Type: application/javascript
Content-Length: 4264
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "a7e9883924072f15259de6888d5ef515"
Last-Modified: Wed, 31 Aug 2022 09:31:17 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E49F534253A0A
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Wed, 06 Dec 2023 19:37:45 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash e24f2da4ed2e3cd07b0999a67550d634
6e2277e734fd0015849c3554dd2cf2ae289c2cf2
74dc14d7d9ba8bba4a162680e59801af1d7c2995639df51f32ff2f3d4d0b0051
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 19:37:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2
142.250.74.35200 OK 23 kB URL HTTP/2 fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 23040, version 1.0\012- data
Hash de69cf9e514df447d1b0bb16f49d2457
2ac78601179c3a63ba3f3f3081556b12ddcaf655
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
GET /s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://girlstaste.life
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23040
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 01 Dec 2022 12:29:22 GMT
expires: Fri, 01 Dec 2023 12:29:22 GMT
cache-control: public, max-age=31536000
age: 457704
last-modified: Tue, 26 Apr 2022 15:56:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash e24f2da4ed2e3cd07b0999a67550d634
6e2277e734fd0015849c3554dd2cf2ae289c2cf2
74dc14d7d9ba8bba4a162680e59801af1d7c2995639df51f32ff2f3d4d0b0051
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 19:37:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2
142.250.74.35200 OK 24 kB URL HTTP/2 fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 23580, version 1.0\012- data
Hash e1b3b5908c9cf23dfb2b9c52b9a023ab
fcd4136085f2a03481d9958cc6793a5ed98e714c
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
GET /s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://girlstaste.life
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23580
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Dec 2022 17:11:08 GMT
expires: Wed, 06 Dec 2023 17:11:08 GMT
cache-control: public, max-age=31536000
age: 8798
last-modified: Tue, 26 Apr 2022 15:48:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash e24f2da4ed2e3cd07b0999a67550d634
6e2277e734fd0015849c3554dd2cf2ae289c2cf2
74dc14d7d9ba8bba4a162680e59801af1d7c2995639df51f32ff2f3d4d0b0051
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 19:37:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
girlstaste.life/media/dating/toon2/js/jquery-2.2.4.min.js
194.87.208.70200 OK 86 kB URL HTTP/1.1 girlstaste.life/media/dating/toon2/js/jquery-2.2.4.min.js
IP 194.87.208.70:0
File type ASCII text, with very long lines (32065)
Hash 2f6b11a7e914718e0290410e85366fe9
69bb69e25ca7d5ef0935317584e6153f3fd9a88c
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
Analyzer Verdict Alert quad9 Sinkholed
GET /media/dating/toon2/js/jquery-2.2.4.min.js HTTP/1.1
Host: girlstaste.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlstaste.life/?u=7pfk605&o=e9ym176&cid=a1ca637b498ed139619c8df282b78061-11246-1206
Cookie: sid=t2~bsprpgh43fkmebnr1hafd1xm
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Dec 2022 19:37:45 GMT
Content-Type: application/javascript
Content-Length: 85578
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "2f6b11a7e914718e0290410e85366fe9"
Last-Modified: Wed, 31 Aug 2022 09:34:40 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E4A5A239DFAE3
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Wed, 06 Dec 2023 19:37:45 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
girlstaste.life/media/dating/toon2/images/123.jpg
194.87.208.70200 OK 179 kB URL HTTP/1.1 girlstaste.life/media/dating/toon2/images/123.jpg
IP 194.87.208.70:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=1069, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=620], progressive, precision 8, 620x1032, components 3\012- data
Size 179 kB (179176 bytes)
Hash a2d245e1c43c61ca34bea001510dd6d9
7a7e0dbf8bb132958fecd093e6741ffe49d060b5
f6113b1f6bdd279404fd53c920f6ba411b66a897db4c67e16d2129af22370a57
Analyzer Verdict Alert quad9 Sinkholed
GET /media/dating/toon2/images/123.jpg HTTP/1.1
Host: girlstaste.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlstaste.life/?u=7pfk605&o=e9ym176&cid=a1ca637b498ed139619c8df282b78061-11246-1206
Cookie: sid=t2~bsprpgh43fkmebnr1hafd1xm
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Dec 2022 19:37:45 GMT
Content-Type: image/jpeg
Content-Length: 179176
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "a2d245e1c43c61ca34bea001510dd6d9"
Last-Modified: Wed, 31 Aug 2022 09:34:40 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E4AD296FE6CAA
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Wed, 06 Dec 2023 19:37:45 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
girlstaste.life/favicon.ico
194.87.208.70204 No Content 0 B URL HTTP/1.1 girlstaste.life/favicon.ico
IP 194.87.208.70:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: girlstaste.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlstaste.life/?u=7pfk605&o=e9ym176&cid=a1ca637b498ed139619c8df282b78061-11246-1206
Cookie: sid=t2~bsprpgh43fkmebnr1hafd1xm
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 204 No Content
Server: nginx
Date: Tue, 06 Dec 2022 19:37:46 GMT
Connection: keep-alive
Cache-Control: no-transform
fonts.googleapis.com/css?family=Lato:100,100i,300,300i,400,400i,700,700i,900,900i|Roboto:100,100i,300,300i,400,400i,500,500i,700,700i,900,900i&subset=cyrillic,cyrillic-ext,latin-ext
142.250.74.74200 OK 121 kB URL HTTP/2 fonts.googleapis.com/css?family=Lato:100,100i,300,300i,400,400i,700,700i,900,900i|Roboto:100,100i,300,300i,400,400i,500,500i,700,700i,900,900i&subset=cyrillic,cyrillic-ext,latin-ext
IP 142.250.74.74:0
Size 121 kB (121140 bytes)
Hash 665f05403bba1c3046d7246313f7c190
cab872977fd3f19050f997ceee438ade54785a8f
ae1ea2c10c6e3b86592f6960a506edc5b1c8ec568f9a60f72b9ceb83e182d7e1
GET /css?family=Lato:100,100i,300,300i,400,400i,700,700i,900,900i|Roboto:100,100i,300,300i,400,400i,500,500i,700,700i,900,900i&subset=cyrillic,cyrillic-ext,latin-ext HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlstaste.life/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 06 Dec 2022 19:37:45 GMT
date: Tue, 06 Dec 2022 19:37:45 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
girlstaste.life/?u=7pfk605&o=e9ym176&cid=a1ca637b498ed139619c8df282b78061-11246-1206&x=3
194.87.208.70200 OK 1.5 kB URL HTTP/1.1 girlstaste.life/?u=7pfk605&o=e9ym176&cid=a1ca637b498ed139619c8df282b78061-11246-1206&x=3
IP 194.87.208.70:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (531), with CRLF line terminators
Hash d762e82580f738e4f308e4531ff10683
3f735384ff4e19d944aee61a5f972d04ca93e859
901c9bc29fe8ac0925759d5602e8d04f8ab6c1da26603c7d44a44a3c4d9c0c71
Analyzer Verdict Alert quad9 Sinkholed
GET /?u=7pfk605&o=e9ym176&cid=a1ca637b498ed139619c8df282b78061-11246-1206&x=3 HTTP/1.1
Host: girlstaste.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlstaste.life/?u=7pfk605&o=e9ym176&cid=a1ca637b498ed139619c8df282b78061-11246-1206
Cookie: sid=t2~bsprpgh43fkmebnr1hafd1xm; IsNotUnique2=true
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Dec 2022 19:37:51 GMT
Content-Type: text/html
Content-Length: 1456
Connection: keep-alive
cache-control: private, no-transform
p185689.mybettermb.com/adServe/domainClick?ai=GNWsBy0vmeV3SgYApG4dlV_cvGsTSfm9sJ9N7gjFJ1lfN4fHC3nxY-GmQm8pRE7KBp8N1Cqk3GlqgEE0f5Fjh8XnLiFpVgC8Bvf4RIcbQkesmlp2eq07wdMZfCzVyN3SYlZ0CBoMUA4lO7oBdjPsrq437aeeyAtTDwHvy-FgMa3Lq9TLqXVN9AeAQQ5GEQoiMCGY_08RlUhrXZ7fy64Z_MSDPhdk_SCbAOiOAfLKc3X6tVUHBRtKv-3MVfKXZeqnjZ1KsGQdcLbXy9rWOEYUYjyN2o-3EfhQIlDjxDeukss2V8Z1_cNyh9cIHqGMuP9gcBeRmJ93EJu5kygdpabC421p2h3hBQbn6LRFKy_60DM&ui=HFz5zNIIs96fzq49jFkHXcQzYObQGwwU7xf6tdOZukMiakcPe86J4f2wWpZ7b3lfMK37T1hdtpERr2d-QlxUa_GyKAbVU2baPuImapjRz5lg6vy0WiYyYw&si=1&oref=8e1dd1be172304d34167fb9a89f6676a&optunit=Lm2uYWJ6y1bbEItyw-irrg&rb=JqqHJF0zZfk&rr=1&isco=t&abtg=0
108.168.193.189200 OK 0 B URL HTTP/2 p185689.mybettermb.com/adServe/domainClick?ai=GNWsBy0vmeV3SgYApG4dlV_cvGsTSfm9sJ9N7gjFJ1lfN4fHC3nxY-GmQm8pRE7KBp8N1Cqk3GlqgEE0f5Fjh8XnLiFpVgC8Bvf4RIcbQkesmlp2eq07wdMZfCzVyN3SYlZ0CBoMUA4lO7oBdjPsrq437aeeyAtTDwHvy-FgMa3Lq9TLqXVN9AeAQQ5GEQoiMCGY_08RlUhrXZ7fy64Z_MSDPhdk_SCbAOiOAfLKc3X6tVUHBRtKv-3MVfKXZeqnjZ1KsGQdcLbXy9rWOEYUYjyN2o-3EfhQIlDjxDeukss2V8Z1_cNyh9cIHqGMuP9gcBeRmJ93EJu5kygdpabC421p2h3hBQbn6LRFKy_60DM&ui=HFz5zNIIs96fzq49jFkHXcQzYObQGwwU7xf6tdOZukMiakcPe86J4f2wWpZ7b3lfMK37T1hdtpERr2d-QlxUa_GyKAbVU2baPuImapjRz5lg6vy0WiYyYw&si=1&oref=8e1dd1be172304d34167fb9a89f6676a&optunit=Lm2uYWJ6y1bbEItyw-irrg&rb=JqqHJF0zZfk&rr=1&isco=t&abtg=0
IP 108.168.193.189:0
GET /adServe/domainClick?ai=GNWsBy0vmeV3SgYApG4dlV_cvGsTSfm9sJ9N7gjFJ1lfN4fHC3nxY-GmQm8pRE7KBp8N1Cqk3GlqgEE0f5Fjh8XnLiFpVgC8Bvf4RIcbQkesmlp2eq07wdMZfCzVyN3SYlZ0CBoMUA4lO7oBdjPsrq437aeeyAtTDwHvy-FgMa3Lq9TLqXVN9AeAQQ5GEQoiMCGY_08RlUhrXZ7fy64Z_MSDPhdk_SCbAOiOAfLKc3X6tVUHBRtKv-3MVfKXZeqnjZ1KsGQdcLbXy9rWOEYUYjyN2o-3EfhQIlDjxDeukss2V8Z1_cNyh9cIHqGMuP9gcBeRmJ93EJu5kygdpabC421p2h3hBQbn6LRFKy_60DM&ui=HFz5zNIIs96fzq49jFkHXcQzYObQGwwU7xf6tdOZukMiakcPe86J4f2wWpZ7b3lfMK37T1hdtpERr2d-QlxUa_GyKAbVU2baPuImapjRz5lg6vy0WiYyYw&si=1&oref=8e1dd1be172304d34167fb9a89f6676a&optunit=Lm2uYWJ6y1bbEItyw-irrg&rb=JqqHJF0zZfk&rr=1&isco=t&abtg=0 HTTP/1.1
Host: p185689.mybettermb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: rhid=82503504616
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 06 Dec 2022 19:37:44 GMT
content-type: text/html;charset=ISO-8859-1
vary: Accept-Encoding
set-cookie: rhid=82503504616; Max-Age=15552000; Expires=Sun, 04-Jun-2023 19:37:44 GMT; Domain=mybettermb.com; Path=/; SameSite=None; secure;
loi=ad_1339077_off_782179_aff_12652_cid_185689-WY5532.COM_ts_1670355464; Max-Age=3600; Expires=Tue, 06-Dec-2022 20:37:44 GMT; Domain=mybettermb.com; Path=/; SameSite=None; secure;
content-encoding: gzip
X-Firefox-Spdy: h2