r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 3bbb845b153026fc5332dd4506585b57
3cad200fac28fd00f34ce6ef79373e661e188743
6035871c0de6ff2d120921461207cfa32bc286e1fe78849ce74815ffbb9ff950
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6035871C0DE6FF2D120921461207CFA32BC286E1FE78849CE74815FFBB9FF950"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3595
Expires: Sat, 03 Dec 2022 11:27:35 GMT
Date: Sat, 03 Dec 2022 10:27:40 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 7439fb99a444b66db1e68ffbfaa38451
4b7742d7956485906f1c392c478515ff89a46184
636327ce88f733e5a1d39af212f97242717a39ce20edaef330fafea238e3a309
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3954
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 10:27:40 GMT
Last-Modified: Sat, 03 Dec 2022 09:21:46 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 55b4c61a1e99001307750e3647fe1102
7559f9f6770b7d3f45b723167062096312641e08
39f6bb64420bcfc8f0b010168fd35b67732984cd0698409f04d5ae40410422aa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39F6BB64420BCFC8F0B010168FD35B67732984CD0698409F04D5AE40410422AA"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10148
Expires: Sat, 03 Dec 2022 13:16:48 GMT
Date: Sat, 03 Dec 2022 10:27:40 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 03 Dec 2022 10:18:15 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 565
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: miwmOTzsPvR2+kPL+CFh6KUAODhEXDygRFazg1TkUTNyDe1/Z+nKPxX/PAyZk1fecFapSGHlRqQ=
x-amz-request-id: 01KZC29XM5P00JQP
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 03 Dec 2022 09:47:04 GMT
age: 2436
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 03 Dec 2022 10:27:40 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
www1.localmovement.com/?tm=1&subid4=1670063248.0469780000&KW1=Elite%20Dating%20Services&KW2=Dedicated%20Gaming%20Servers&KW3=Elite%20Dating%20Services&KW4=Lowest%20Car%20Insurance%20Rates&KW5=Social%20Media%20Automation%20Marketing%20Software&KW6=Elite%20Dating%20Services&KW7=Elite%20Dating%20Service&KW8=Social%20Media%20Automation%20Marketing%20Software&KW9=Elite%20Dating%20Service&searchbox=0&backfill=0
13.248.148.254200 OK 2.5 kB URL HTTP/1.1 www1.localmovement.com/?tm=1&subid4=1670063248.0469780000&KW1=Elite%20Dating%20Services&KW2=Dedicated%20Gaming%20Servers&KW3=Elite%20Dating%20Services&KW4=Lowest%20Car%20Insurance%20Rates&KW5=Social%20Media%20Automation%20Marketing%20Software&KW6=Elite%20Dating%20Services&KW7=Elite%20Dating%20Service&KW8=Social%20Media%20Automation%20Marketing%20Software&KW9=Elite%20Dating%20Service&searchbox=0&backfill=0
IP 13.248.148.254:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2222)
Hash 99e0d0b0af9b2efff69c9e6ec0b727cc
01abe93abefdb6d430d02cd10d8a722443d730eb
37b983ae7094d53a95b79a842541dbbe7b6a4a9ff13dcc962ca9f3552dcccba3
GET /?tm=1&subid4=1670063248.0469780000&KW1=Elite%20Dating%20Services&KW2=Dedicated%20Gaming%20Servers&KW3=Elite%20Dating%20Services&KW4=Lowest%20Car%20Insurance%20Rates&KW5=Social%20Media%20Automation%20Marketing%20Software&KW6=Elite%20Dating%20Services&KW7=Elite%20Dating%20Service&KW8=Social%20Media%20Automation%20Marketing%20Software&KW9=Elite%20Dating%20Service&searchbox=0&backfill=0 HTTP/1.1
Host: www1.localmovement.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:27:40 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Redirect: zeropark_zeroclick
X-Template: tpl_CleanPeppermintBlack_twoclick
X-Language: norwegian
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Content-Encoding: gzip
d38psrni17bvxu.cloudfront.net/scripts/js3.js
54.230.245.130200 OK 1.1 kB URL HTTP/1.1 d38psrni17bvxu.cloudfront.net/scripts/js3.js
IP 54.230.245.130:0
File type ASCII text, with very long lines (506)
Hash 64b79b43df8fbf2c5d082964b9116a68
dc3c763519baf0f4c32bb60bfc429651a491ea01
c57e9feec209e3ea5eb1d75a1ba6fa277242a3df250055be8446052b51e58637
Analyzer Verdict Alert fortinet Malware
GET /scripts/js3.js HTTP/1.1
Host: d38psrni17bvxu.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.localmovement.com/
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 1134
Connection: keep-alive
Server: nginx
Date: Sat, 03 Dec 2022 04:54:34 GMT
Last-Modified: Tue, 17 Aug 2021 09:17:22 GMT
Accept-Ranges: bytes
ETag: "611b7ea2-46e"
X-Cache: Hit from cloudfront
Via: 1.1 d9fb4c3794a085bb4ee2c5798c2cb1b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 218B1RkB0g8Zrv9vqwXXtJrkesx_2x3qJ_0Y4_WYRRUOld6MBtHDsw==
Age: 19986
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 03 Dec 2022 10:11:17 GMT
cache-control: public,max-age=3600
age: 983
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash a151c326c67e1abb747847c1427db76f
80885d30ef8ba867bf33c40b861976958a27493a
de2b573ee1c8af980e593352e0c331b2595f62bd4499300ace30821d20814760
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3940
Cache-Control: max-age=171890
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 10:27:41 GMT
Etag: "638b11ab-1d7"
Expires: Mon, 05 Dec 2022 10:12:31 GMT
Last-Modified: Sat, 03 Dec 2022 09:06:51 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471
www1.localmovement.com/track.php?domain=localmovement.com&toggle=browserjs&uid=MTY3MDA2MzI2MC4yNDg6ZjU3NGJmZmQ1OTY2ZmY2MDVmYzY2YTE0YmQ3NWMwYjUyN2M3OTE4YTc2MGNhODhlZTIyNWUwNWE4MjBhM2U5OTo2MzhiMjQ5YzNjOGQx
13.248.148.254200 OK 20 B URL HTTP/1.1 www1.localmovement.com/track.php?domain=localmovement.com&toggle=browserjs&uid=MTY3MDA2MzI2MC4yNDg6ZjU3NGJmZmQ1OTY2ZmY2MDVmYzY2YTE0YmQ3NWMwYjUyN2M3OTE4YTc2MGNhODhlZTIyNWUwNWE4MjBhM2U5OTo2MzhiMjQ5YzNjOGQx
IP 13.248.148.254:0
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /track.php?domain=localmovement.com&toggle=browserjs&uid=MTY3MDA2MzI2MC4yNDg6ZjU3NGJmZmQ1OTY2ZmY2MDVmYzY2YTE0YmQ3NWMwYjUyN2M3OTE4YTc2MGNhODhlZTIyNWUwNWE4MjBhM2U5OTo2MzhiMjQ5YzNjOGQx HTTP/1.1
Host: www1.localmovement.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.localmovement.com/?tm=1&subid4=1670063248.0469780000&KW1=Elite%20Dating%20Services&KW2=Dedicated%20Gaming%20Servers&KW3=Elite%20Dating%20Services&KW4=Lowest%20Car%20Insurance%20Rates&KW5=Social%20Media%20Automation%20Marketing%20Software&KW6=Elite%20Dating%20Services&KW7=Elite%20Dating%20Service&KW8=Social%20Media%20Automation%20Marketing%20Software&KW9=Elite%20Dating%20Service&searchbox=0&backfill=0
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:27:41 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Custom-Track: browserjs
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Access-Control-Allow-Origin: *
Content-Encoding: gzip
push.services.mozilla.com/
35.161.230.192101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.161.230.192:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: xv4azAXK6Tzqj2uUQ5OLpA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: S9aIndPih8mgioyd7H5vTs0MhJ0=
www1.localmovement.com/ls.php
13.248.148.254201 Created 0 B URL HTTP/1.1 www1.localmovement.com/ls.php
IP 13.248.148.254:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
POST /ls.php HTTP/1.1
Host: www1.localmovement.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 2174
Origin: http://www1.localmovement.com
Connection: keep-alive
Referer: http://www1.localmovement.com/?tm=1&subid4=1670063248.0469780000&KW1=Elite%20Dating%20Services&KW2=Dedicated%20Gaming%20Servers&KW3=Elite%20Dating%20Services&KW4=Lowest%20Car%20Insurance%20Rates&KW5=Social%20Media%20Automation%20Marketing%20Software&KW6=Elite%20Dating%20Services&KW7=Elite%20Dating%20Service&KW8=Social%20Media%20Automation%20Marketing%20Software&KW9=Elite%20Dating%20Service&searchbox=0&backfill=0
HTTP/1.1 201 Created
Date: Sat, 03 Dec 2022 10:27:41 GMT
Content-Type: text/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
X-Log-Success: 638b249d3b162237601eb797
Charset: utf-8
Access-Control-Allow-Origin: http://www1.localmovement.com
Access-Control-Allow-Methods: POST, OPTIONS
Access-Control-Max-Age: 86400
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_LWokUOmxlNF9r/e1Sl5IjKkD0nWkjIrtC0TaEbJuYolsK9mA/fT/o7X3oobB7dnioFvZpuYP1jiCWSDvuYaMDQ==
www1.localmovement.com/favicon.ico
13.248.148.254200 OK 0 B URL HTTP/1.1 www1.localmovement.com/favicon.ico
IP 13.248.148.254:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: www1.localmovement.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.localmovement.com/?tm=1&subid4=1670063248.0469780000&KW1=Elite%20Dating%20Services&KW2=Dedicated%20Gaming%20Servers&KW3=Elite%20Dating%20Services&KW4=Lowest%20Car%20Insurance%20Rates&KW5=Social%20Media%20Automation%20Marketing%20Software&KW6=Elite%20Dating%20Services&KW7=Elite%20Dating%20Service&KW8=Social%20Media%20Automation%20Marketing%20Software&KW9=Elite%20Dating%20Service&searchbox=0&backfill=0
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:27:41 GMT
Content-Type: image/x-icon
Content-Length: 0
Connection: keep-alive
Server: nginx
Last-Modified: Tue, 12 May 2020 14:25:52 GMT
ETag: "5ebab1f0-0"
Accept-Ranges: bytes
www1.localmovement.com/track.php?click=8bc5311fea51f5d88ad90580a49f43a22d8f5165&domain=localmovement.com&uid=MTY3MDA2MzI2MC4yNDg6ZjU3NGJmZmQ1OTY2ZmY2MDVmYzY2YTE0YmQ3NWMwYjUyN2M3OTE4YTc2MGNhODhlZTIyNWUwNWE4MjBhM2U5OTo2MzhiMjQ5YzNjOGQx&ts=fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMTF8fHx8fHw2MzhiMjQ5YzNjOGJifHx8MTY3MDA2MzI2MC41ODcyfDMwMzg3ZDFiNWU5Nzk2MDk4MGEwOGE1OTE2MTkzMjVjN2QzOWJiNDV8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fHx8MHwwfHwwfHx8MHwwfFcxMD18fDF8VzEwPXw1YzdmM2E4OTFlYzA2N2QyNzQ4Yjk0YWE5NmZlNmJjMjQ2YTc4MTgyfDB8ZHAtdGVhbWludGVybmV0MTJfM3BofDB8MA%3D%3D&kw=&search=&pcat=&rxid=&bucket=&clientID=&adtest=off
13.248.148.254200 OK 20 B URL HTTP/1.1 www1.localmovement.com/track.php?click=8bc5311fea51f5d88ad90580a49f43a22d8f5165&domain=localmovement.com&uid=MTY3MDA2MzI2MC4yNDg6ZjU3NGJmZmQ1OTY2ZmY2MDVmYzY2YTE0YmQ3NWMwYjUyN2M3OTE4YTc2MGNhODhlZTIyNWUwNWE4MjBhM2U5OTo2MzhiMjQ5YzNjOGQx&ts=fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMTF8fHx8fHw2MzhiMjQ5YzNjOGJifHx8MTY3MDA2MzI2MC41ODcyfDMwMzg3ZDFiNWU5Nzk2MDk4MGEwOGE1OTE2MTkzMjVjN2QzOWJiNDV8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fHx8MHwwfHwwfHx8MHwwfFcxMD18fDF8VzEwPXw1YzdmM2E4OTFlYzA2N2QyNzQ4Yjk0YWE5NmZlNmJjMjQ2YTc4MTgyfDB8ZHAtdGVhbWludGVybmV0MTJfM3BofDB8MA%3D%3D&kw=&search=&pcat=&rxid=&bucket=&clientID=&adtest=off
IP 13.248.148.254:0
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /track.php?click=8bc5311fea51f5d88ad90580a49f43a22d8f5165&domain=localmovement.com&uid=MTY3MDA2MzI2MC4yNDg6ZjU3NGJmZmQ1OTY2ZmY2MDVmYzY2YTE0YmQ3NWMwYjUyN2M3OTE4YTc2MGNhODhlZTIyNWUwNWE4MjBhM2U5OTo2MzhiMjQ5YzNjOGQx&ts=fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMTF8fHx8fHw2MzhiMjQ5YzNjOGJifHx8MTY3MDA2MzI2MC41ODcyfDMwMzg3ZDFiNWU5Nzk2MDk4MGEwOGE1OTE2MTkzMjVjN2QzOWJiNDV8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fHx8MHwwfHwwfHx8MHwwfFcxMD18fDF8VzEwPXw1YzdmM2E4OTFlYzA2N2QyNzQ4Yjk0YWE5NmZlNmJjMjQ2YTc4MTgyfDB8ZHAtdGVhbWludGVybmV0MTJfM3BofDB8MA%3D%3D&kw=&search=&pcat=&rxid=&bucket=&clientID=&adtest=off HTTP/1.1
Host: www1.localmovement.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.localmovement.com/?tm=1&subid4=1670063248.0469780000&KW1=Elite%20Dating%20Services&KW2=Dedicated%20Gaming%20Servers&KW3=Elite%20Dating%20Services&KW4=Lowest%20Car%20Insurance%20Rates&KW5=Social%20Media%20Automation%20Marketing%20Software&KW6=Elite%20Dating%20Services&KW7=Elite%20Dating%20Service&KW8=Social%20Media%20Automation%20Marketing%20Software&KW9=Elite%20Dating%20Service&searchbox=0&backfill=0
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:27:41 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-View-Match: true
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Access-Control-Allow-Origin: *
Content-Encoding: gzip
dipaka-ead.com/zcvisitor/1d651073-72f5-11ed-8cdf-0ad4c21a9ddf/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=1d7934b6-72f5-11ed-8cdf-0ad4c21a9ddf
3.208.247.235200 1.1 kB URL HTTP/1.1 dipaka-ead.com/zcvisitor/1d651073-72f5-11ed-8cdf-0ad4c21a9ddf/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=1d7934b6-72f5-11ed-8cdf-0ad4c21a9ddf
IP 3.208.247.235:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 4784eb4e2fb7c16a139a769f6abd3b79
8bd2794d91edede05da3b585b3f06f99c80b6804
0a4dfbfdbea46e9d58d2d6ec7eb61b81a627cd533cc9d657c6adf8c89d50f2b2
GET /zcvisitor/1d651073-72f5-11ed-8cdf-0ad4c21a9ddf/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=1d7934b6-72f5-11ed-8cdf-0ad4c21a9ddf HTTP/1.1
Host: dipaka-ead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.localmovement.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200
Date: Sat, 03 Dec 2022 10:27:41 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Server: fFWIpKJn
dipaka-ead.com/zcredirect?visitid=1d651073-72f5-11ed-8cdf-0ad4c21a9ddf&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false
3.208.247.235200 5.3 kB URL HTTP/1.1 dipaka-ead.com/zcredirect?visitid=1d651073-72f5-11ed-8cdf-0ad4c21a9ddf&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false
IP 3.208.247.235:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2609)
Hash 6c7d47c9043577a17289a97a62047492
548128a00fa5a2ed5d0f8015099bdf45186d395b
4aed45c0751b59650ebf070defc9e26dc151f79c545b107eb55530a137143245
GET /zcredirect?visitid=1d651073-72f5-11ed-8cdf-0ad4c21a9ddf&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false HTTP/1.1
Host: dipaka-ead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://dipaka-ead.com/zcvisitor/1d651073-72f5-11ed-8cdf-0ad4c21a9ddf/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=1d7934b6-72f5-11ed-8cdf-0ad4c21a9ddf
Upgrade-Insecure-Requests: 1
HTTP/1.1 200
Date: Sat, 03 Dec 2022 10:27:42 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
redirected: JS
Server: fFWIpKJn
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3652
Expires: Sat, 03 Dec 2022 11:28:34 GMT
Date: Sat, 03 Dec 2022 10:27:42 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3652
Expires: Sat, 03 Dec 2022 11:28:34 GMT
Date: Sat, 03 Dec 2022 10:27:42 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3652
Expires: Sat, 03 Dec 2022 11:28:34 GMT
Date: Sat, 03 Dec 2022 10:27:42 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3652
Expires: Sat, 03 Dec 2022 11:28:34 GMT
Date: Sat, 03 Dec 2022 10:27:42 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3652
Expires: Sat, 03 Dec 2022 11:28:34 GMT
Date: Sat, 03 Dec 2022 10:27:42 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F652bfe35-9b09-4fba-b7b5-c6bd90cccdbe.jpeg
34.120.237.76200 OK 6.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F652bfe35-9b09-4fba-b7b5-c6bd90cccdbe.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7ffa12df550123f63b20f67437cd8a04
398fd2d837c73f54c4591b69cd683f29bdf9184a
fd9ac4396488098923c27531295e64475047dd008a901e59915109a73a69f305
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F652bfe35-9b09-4fba-b7b5-c6bd90cccdbe.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6119
x-amzn-requestid: b0bf3aed-f968-4ebb-953e-35300d74ef16
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cdCe8GgNIAMFQag=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63884ac5-4b20ca67753e65c5232660f5;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 06:33:41 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: axyk2U1R7AX1RVQmdc303S2S2CUs_RgphyeYPsbGveGHMAjY3KEzdw==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 13:19:35 GMT
age: 76087
etag: "398fd2d837c73f54c4591b69cd683f29bdf9184a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F627a3f86-b7fa-44c4-a119-2e3d23eb8b6a.jpeg
34.120.237.76200 OK 5.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F627a3f86-b7fa-44c4-a119-2e3d23eb8b6a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1e74254b3fdce7d6b84a71a7aff43789
65c8b4abf957f9b54d99d0f78559e639adb29efb
f278c3cc6734da7188862a8c651c803e7ac1fda82234e191761453cb1359d3ee
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F627a3f86-b7fa-44c4-a119-2e3d23eb8b6a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5354
x-amzn-requestid: 3d58ffea-3433-4c5c-a60b-17f6de3a33e5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cSsnvG44oAMFfyQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638427ca-63b375f04189b7ce7d84cd5d;Sampled=0
x-amzn-remapped-date: Mon, 28 Nov 2022 03:15:22 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: GBhAilKMKo9RvIzqzF9V4jTZbvpa2rPZeoy6Jy8fMc1-JO078OAYzQ==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 11:13:09 GMT
age: 83673
etag: "65c8b4abf957f9b54d99d0f78559e639adb29efb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg
34.120.237.76200 OK 2.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b47431190f34eccf0a6efb98e2a32b7d
9fc7ab3a4eb2d36fd6df7e0267a26a47627d1704
08d3b6be354cafb70c20e6865788cb375adbf88d47711651fe1a3b855094daf2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 2942
x-amzn-requestid: ed26679f-cd56-477f-9914-f9afbcaaeea6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGeoGFYoAMFWgA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891df7-4ec6bebe21656d5026456994;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:47 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: XvG2dAUeB914GQ1qJwQRHovAtra8OSjG-CsXeR8UOBq5r8qVjEbPBQ==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 22:39:04 GMT
age: 42518
etag: "9fc7ab3a4eb2d36fd6df7e0267a26a47627d1704"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F528dcb40-0960-4efd-98b7-a07004a61b22.jpeg
34.120.237.76200 OK 7.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F528dcb40-0960-4efd-98b7-a07004a61b22.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3abdcce275bb9723b4ac1d0c38cc8891
91f0d888c38db0899f106b652e3dcac062648099
ff411fc0d5abaf519d6600961ec51ad71ad9a02e23cc02ad818e27f0324b3d1e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F528dcb40-0960-4efd-98b7-a07004a61b22.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7657
x-amzn-requestid: c0dbd862-41cf-4fa8-ab6b-256763c63fbf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ciZN1Fo6IAMF9EQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638a6f25-554ffbc83fd70c557437120f;Sampled=0
x-amzn-remapped-date: Fri, 02 Dec 2022 21:33:25 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ElvfdUly4Rb3YOQyMO2C_VelFUe6xcFbMh6x5fNrRzGjKCITdGSwLQ==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 21:37:47 GMT
age: 46195
etag: "91f0d888c38db0899f106b652e3dcac062648099"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg
34.120.237.76200 OK 6.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b986f9fcbeca91ed5c8d58fbfaf47d19
6e6c8bd2bce144cc4da1cd7be375b046b60dca79
07a8938d2841f8c13bd646f4e79e41e46acd6463aa019cd70871b3741f12bb4f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6174
x-amzn-requestid: f78f1e9d-8c0c-495d-a862-61838f8297e8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cZ0iyH2WoAMFQdg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63870144-45442a8544259930564f685b;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 07:07:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: QIOz71_Kr08pIIwOm2GUkWr421fO7-UyUI7LYld0JBaGnYQ0j3IDFg==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 06:00:50 GMT
age: 16012
etag: "6e6c8bd2bce144cc4da1cd7be375b046b60dca79"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F20049904-a818-4d1c-9585-79edf76dcc61.jpeg
34.120.237.76200 OK 7.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F20049904-a818-4d1c-9585-79edf76dcc61.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9b77186d0d93f7ccfe729edd9d184af3
458aa485b9abef3b72427d308a172d1c24eceabd
8bed5a8e56e8c43fcbdc807245c2b651d014a06368574e57a25b718399a4a701
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F20049904-a818-4d1c-9585-79edf76dcc61.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6966
x-amzn-requestid: 2b40c185-e050-4bfd-9b08-bb70e6f89824
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfAb7Ev3oAMFnrQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6389144c-65301ace20da6f580ed77e82;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 20:53:32 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: qweaKZsigecnsWw0Cqz_dizuuFZmXkK1gGP0EN3pZx-yYK6eF7YjUg==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 05:22:26 GMT
age: 18316
etag: "458aa485b9abef3b72427d308a172d1c24eceabd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
dipaka-ead.com/favicon.ico
3.208.247.235404 653 B URL HTTP/1.1 dipaka-ead.com/favicon.ico
IP 3.208.247.235:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (649), with no line terminators
Hash ba2732b1b2fa2626ffaa15f62f9e7d66
203d4e7fbb1d80449d6e4e1f3ae7a9bf8625debe
879861cb72fe9fbb476dab246021c4c83b4066327de2529e05ec54d3afb0a1c8
GET /favicon.ico HTTP/1.1
Host: dipaka-ead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://dipaka-ead.com/zcredirect?visitid=1d651073-72f5-11ed-8cdf-0ad4c21a9ddf&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false
HTTP/1.1 404
Date: Sat, 03 Dec 2022 10:27:42 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 653
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Content-Language: en
Server: QOxKarxV
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 35100cbf157b6825ef3d213be11b9169
8b1d43b2b0382b174ba275b72118932ad28a837a
d427cea895f3856ada3f1b648342b55f2463a7fc88a979b4e8e57e351997e5ee
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:27:42 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 07:25:42 GMT
Expires: Thu, 08 Dec 2022 07:25:41 GMT
Etag: "8b1d43b2b0382b174ba275b72118932ad28a837a"
Cache-Control: max-age=420478,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 773b9c7f5968b521-OSL
beta.mybettermb.com/aS/feedclick?s=HFz5zNIIs96fzq49jFkHXa3dDnCBF-q5Hbw7jypZ-P238qwagq1Vx4LUfaDR__NeVVH-ImtJpPaG_Nh80WMmwqfTqqBykvhw6dH2_md3Y9YZj4kSw3nVPpxpIo_48B9vphn_x0BlwTgwt6QWV9axOl8GNGGraCkoLR47zPaaoBw4GVleurTrf2xi7hl7ckbyu2Q1eWCp21mme-O8_xBmehxXtaxfTCUNMsJ-NhV5r2ADO84tTMcLRNZEK00WpFgTLV09IVq_ZqnTXwQ0BKw0ds4rFk_K1ZSLqJLn0yMRmGzeKTBcJ55oxowFbslx_pjqnO5a4xTwpffoA7Pa9vv3kaAL81X8h21wmjxFTfyxhoFSZ1QnaZAggaXIY-XzffpiWWRoo8MTkrEQOIYoPJ8k4QBtRcYoP9exCUBUTZsx2b_h41l21lmPzjY_9vCxMRbWI2sl2NsD8kWwcZnd1HgkDEB0q3v4gN1KmH1IU_30EfFnviRa9pBqSFDjw6oZtEpRlxOcHZgfzmeFTwqbnIrdbQRyVkWEPMgjCOlG_ZX9yufa2azK9yKrc2KJkf1RScLD-ZSJMcrMzM5ssw9YyZb1h81H7qwe2NfybdBMWIPVeFf_oy3omA924YtDWpFmcwBUUhYYLCR9uAZK7PLe1Z21W6hsu_yI95lt4r6bAYwnVTaKOVduMrDYwOpk-zGQkQvl-5vm9gXgy2PYzvjStXTxgQglzHkQMy51UuZJ0gjJC8f5sWemJUBsZhH39vzbx-KcFIBbiFMEng_gAT6WZ0Yxb_ltDaNgM6xqyk0JedPZe75bF78Fk2QASB1MhS7qdpPokLAnPHCinPiuA6kJPdS5zJigi8MadWwQMcXw5pt3xRPzefgeXZmUY0KUAh1UtuJ2k3x1_MnaqsDB-GL14KGfPpHZf9luTosh7m85mXox6g3D4NVkS0JLt9-v9XRgnGYVlLqLXvhsrYWfYIDULtAAS8q9VAj_88-gJ_jFdLJSQ3B8uWI3a_cOgn3dEmD6d6tfMPWaLNR3Wo9j5G5A-r3LdkIomcHCrfp_6KisUzeYQmGfujNPjdMbL3ugKLao2KiwIlLS7grpEFZJzL09wq5h4qOaNDwc4ZJqTd20-9o0-7MI0XAns0S5coGAHDT2IVR2J1TQFWRAFYs9CF-XC0cd9xd56v022rX1QboUqh-VkAG6IdXk38fiWv3T9XQ7L4xVY2jp3TYtY0mpA8L12wQmHbUSsPEfHbFmdcWvVDoOM4egfGZIjuplB1JDfRKt-a2EEQ42OICtmwKsVxWXWao9zHykhxIghM3-l_zYn5EiPa2n2Vneh0IuXjb8vvVTMrI9YgMyVWsY5w3G93wHxEoj-UTeRM8r75y2WJLY7OgvpE0PqnH1IsE8xvWlELhl48oLODVhe_80QnzkdLmdpEgNyZN0HGOhzI9OMEWf7Va-FnVi54GIGyT4YhQxrTTqNBwlMfsUTiGco2w5402ACIteqnkA1XfrH8TNTPWigqOA7Fh4zjEVigqSkymK7k8SoUQMsbLDtjlwMzK7fJPfprpufkqzLDlUjqxSHosHnVPI9MlsEoBLX4ETIe9q3AnBxZpCfB8dvAqHQ7Pa4qSAitcruGQe1IK_lxseMOU_APbRDHzuZh0qJZTfP0f7e7Plm3cdolvMisrk30SaUNoHu1KPvWfEFlu4-m5-Puc0AMP0jIidkVh7rKC-c1CXCvrQoC2f-7ZgrtBRq64437gHojIR_YtPQ5x5kP2F2a-rimsCvmjpejysuYPbgHetbUpMuvHi4xMbufMPWd_iNAi8SM4OGxe-Cmc9wIXo3elfoZx2_82ku2JEH98OFhe-Kj08yO7xeNipJJw5kH7in2biuZbNKq17VVa3DPSRe5kQkcDLqb5bQVlKNumFRfvxVkFDlzMSQ1WjVBV4tSHm8RVSqxr-V33FY4LUl_U_kLiVCgDxUmlSILj-B8Ljk2R2s8bluotsU23SqQdFl_Jxns7rRyrIuSKEGmaBP0_RP6axiO5bYwS8-OWXb-obPijQ3pz51TY2qFaVg62Um5MARukRApG_FGCVFI9Hw5vdFpJTGg8o_XRaJ-O4mqMfRlFj1gBfqylwXD1muFpeDCUNcJwoQHGviWppwF0gnjC1qJ2CuIIz6qY081qazrL-id8HLXW3D3urHt5OkDOWykrYWdt7J2Gt4npN1ndX5QBkSTJhwE55qdtuyH6skAVdv2bIwK1bjaWer4Ue1qQIzLOdr8vy0ViKsVgfPrllgHAUsg7xM7_2Hbpe1qo9surEdufrdBxEtAiFo9ozVz6CXPnc8ROotePKGoY7MM92PbCvWDutPm4SQkquL6dYe2lWI6oLB37SReQfTElrdFUIH7pXOaUilrqrNYjLaeFATOpHJcViX1nTv5NFJl2OM6E87QlQIWQpUq6taPzOAUdKJRiQ_c1_ETGxcf7B18jwcndd9Cj2y8T0f9Xp6t2Df9GS85EX_fH4V2LdAMcseFn_qnz1UpM7P10qXw
108.168.193.189302 Found 0 B URL HTTP/2 beta.mybettermb.com/aS/feedclick?s=HFz5zNIIs96fzq49jFkHXa3dDnCBF-q5Hbw7jypZ-P238qwagq1Vx4LUfaDR__NeVVH-ImtJpPaG_Nh80WMmwqfTqqBykvhw6dH2_md3Y9YZj4kSw3nVPpxpIo_48B9vphn_x0BlwTgwt6QWV9axOl8GNGGraCkoLR47zPaaoBw4GVleurTrf2xi7hl7ckbyu2Q1eWCp21mme-O8_xBmehxXtaxfTCUNMsJ-NhV5r2ADO84tTMcLRNZEK00WpFgTLV09IVq_ZqnTXwQ0BKw0ds4rFk_K1ZSLqJLn0yMRmGzeKTBcJ55oxowFbslx_pjqnO5a4xTwpffoA7Pa9vv3kaAL81X8h21wmjxFTfyxhoFSZ1QnaZAggaXIY-XzffpiWWRoo8MTkrEQOIYoPJ8k4QBtRcYoP9exCUBUTZsx2b_h41l21lmPzjY_9vCxMRbWI2sl2NsD8kWwcZnd1HgkDEB0q3v4gN1KmH1IU_30EfFnviRa9pBqSFDjw6oZtEpRlxOcHZgfzmeFTwqbnIrdbQRyVkWEPMgjCOlG_ZX9yufa2azK9yKrc2KJkf1RScLD-ZSJMcrMzM5ssw9YyZb1h81H7qwe2NfybdBMWIPVeFf_oy3omA924YtDWpFmcwBUUhYYLCR9uAZK7PLe1Z21W6hsu_yI95lt4r6bAYwnVTaKOVduMrDYwOpk-zGQkQvl-5vm9gXgy2PYzvjStXTxgQglzHkQMy51UuZJ0gjJC8f5sWemJUBsZhH39vzbx-KcFIBbiFMEng_gAT6WZ0Yxb_ltDaNgM6xqyk0JedPZe75bF78Fk2QASB1MhS7qdpPokLAnPHCinPiuA6kJPdS5zJigi8MadWwQMcXw5pt3xRPzefgeXZmUY0KUAh1UtuJ2k3x1_MnaqsDB-GL14KGfPpHZf9luTosh7m85mXox6g3D4NVkS0JLt9-v9XRgnGYVlLqLXvhsrYWfYIDULtAAS8q9VAj_88-gJ_jFdLJSQ3B8uWI3a_cOgn3dEmD6d6tfMPWaLNR3Wo9j5G5A-r3LdkIomcHCrfp_6KisUzeYQmGfujNPjdMbL3ugKLao2KiwIlLS7grpEFZJzL09wq5h4qOaNDwc4ZJqTd20-9o0-7MI0XAns0S5coGAHDT2IVR2J1TQFWRAFYs9CF-XC0cd9xd56v022rX1QboUqh-VkAG6IdXk38fiWv3T9XQ7L4xVY2jp3TYtY0mpA8L12wQmHbUSsPEfHbFmdcWvVDoOM4egfGZIjuplB1JDfRKt-a2EEQ42OICtmwKsVxWXWao9zHykhxIghM3-l_zYn5EiPa2n2Vneh0IuXjb8vvVTMrI9YgMyVWsY5w3G93wHxEoj-UTeRM8r75y2WJLY7OgvpE0PqnH1IsE8xvWlELhl48oLODVhe_80QnzkdLmdpEgNyZN0HGOhzI9OMEWf7Va-FnVi54GIGyT4YhQxrTTqNBwlMfsUTiGco2w5402ACIteqnkA1XfrH8TNTPWigqOA7Fh4zjEVigqSkymK7k8SoUQMsbLDtjlwMzK7fJPfprpufkqzLDlUjqxSHosHnVPI9MlsEoBLX4ETIe9q3AnBxZpCfB8dvAqHQ7Pa4qSAitcruGQe1IK_lxseMOU_APbRDHzuZh0qJZTfP0f7e7Plm3cdolvMisrk30SaUNoHu1KPvWfEFlu4-m5-Puc0AMP0jIidkVh7rKC-c1CXCvrQoC2f-7ZgrtBRq64437gHojIR_YtPQ5x5kP2F2a-rimsCvmjpejysuYPbgHetbUpMuvHi4xMbufMPWd_iNAi8SM4OGxe-Cmc9wIXo3elfoZx2_82ku2JEH98OFhe-Kj08yO7xeNipJJw5kH7in2biuZbNKq17VVa3DPSRe5kQkcDLqb5bQVlKNumFRfvxVkFDlzMSQ1WjVBV4tSHm8RVSqxr-V33FY4LUl_U_kLiVCgDxUmlSILj-B8Ljk2R2s8bluotsU23SqQdFl_Jxns7rRyrIuSKEGmaBP0_RP6axiO5bYwS8-OWXb-obPijQ3pz51TY2qFaVg62Um5MARukRApG_FGCVFI9Hw5vdFpJTGg8o_XRaJ-O4mqMfRlFj1gBfqylwXD1muFpeDCUNcJwoQHGviWppwF0gnjC1qJ2CuIIz6qY081qazrL-id8HLXW3D3urHt5OkDOWykrYWdt7J2Gt4npN1ndX5QBkSTJhwE55qdtuyH6skAVdv2bIwK1bjaWer4Ue1qQIzLOdr8vy0ViKsVgfPrllgHAUsg7xM7_2Hbpe1qo9surEdufrdBxEtAiFo9ozVz6CXPnc8ROotePKGoY7MM92PbCvWDutPm4SQkquL6dYe2lWI6oLB37SReQfTElrdFUIH7pXOaUilrqrNYjLaeFATOpHJcViX1nTv5NFJl2OM6E87QlQIWQpUq6taPzOAUdKJRiQ_c1_ETGxcf7B18jwcndd9Cj2y8T0f9Xp6t2Df9GS85EX_fH4V2LdAMcseFn_qnz1UpM7P10qXw
IP 108.168.193.189:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /aS/feedclick?s=HFz5zNIIs96fzq49jFkHXa3dDnCBF-q5Hbw7jypZ-P238qwagq1Vx4LUfaDR__NeVVH-ImtJpPaG_Nh80WMmwqfTqqBykvhw6dH2_md3Y9YZj4kSw3nVPpxpIo_48B9vphn_x0BlwTgwt6QWV9axOl8GNGGraCkoLR47zPaaoBw4GVleurTrf2xi7hl7ckbyu2Q1eWCp21mme-O8_xBmehxXtaxfTCUNMsJ-NhV5r2ADO84tTMcLRNZEK00WpFgTLV09IVq_ZqnTXwQ0BKw0ds4rFk_K1ZSLqJLn0yMRmGzeKTBcJ55oxowFbslx_pjqnO5a4xTwpffoA7Pa9vv3kaAL81X8h21wmjxFTfyxhoFSZ1QnaZAggaXIY-XzffpiWWRoo8MTkrEQOIYoPJ8k4QBtRcYoP9exCUBUTZsx2b_h41l21lmPzjY_9vCxMRbWI2sl2NsD8kWwcZnd1HgkDEB0q3v4gN1KmH1IU_30EfFnviRa9pBqSFDjw6oZtEpRlxOcHZgfzmeFTwqbnIrdbQRyVkWEPMgjCOlG_ZX9yufa2azK9yKrc2KJkf1RScLD-ZSJMcrMzM5ssw9YyZb1h81H7qwe2NfybdBMWIPVeFf_oy3omA924YtDWpFmcwBUUhYYLCR9uAZK7PLe1Z21W6hsu_yI95lt4r6bAYwnVTaKOVduMrDYwOpk-zGQkQvl-5vm9gXgy2PYzvjStXTxgQglzHkQMy51UuZJ0gjJC8f5sWemJUBsZhH39vzbx-KcFIBbiFMEng_gAT6WZ0Yxb_ltDaNgM6xqyk0JedPZe75bF78Fk2QASB1MhS7qdpPokLAnPHCinPiuA6kJPdS5zJigi8MadWwQMcXw5pt3xRPzefgeXZmUY0KUAh1UtuJ2k3x1_MnaqsDB-GL14KGfPpHZf9luTosh7m85mXox6g3D4NVkS0JLt9-v9XRgnGYVlLqLXvhsrYWfYIDULtAAS8q9VAj_88-gJ_jFdLJSQ3B8uWI3a_cOgn3dEmD6d6tfMPWaLNR3Wo9j5G5A-r3LdkIomcHCrfp_6KisUzeYQmGfujNPjdMbL3ugKLao2KiwIlLS7grpEFZJzL09wq5h4qOaNDwc4ZJqTd20-9o0-7MI0XAns0S5coGAHDT2IVR2J1TQFWRAFYs9CF-XC0cd9xd56v022rX1QboUqh-VkAG6IdXk38fiWv3T9XQ7L4xVY2jp3TYtY0mpA8L12wQmHbUSsPEfHbFmdcWvVDoOM4egfGZIjuplB1JDfRKt-a2EEQ42OICtmwKsVxWXWao9zHykhxIghM3-l_zYn5EiPa2n2Vneh0IuXjb8vvVTMrI9YgMyVWsY5w3G93wHxEoj-UTeRM8r75y2WJLY7OgvpE0PqnH1IsE8xvWlELhl48oLODVhe_80QnzkdLmdpEgNyZN0HGOhzI9OMEWf7Va-FnVi54GIGyT4YhQxrTTqNBwlMfsUTiGco2w5402ACIteqnkA1XfrH8TNTPWigqOA7Fh4zjEVigqSkymK7k8SoUQMsbLDtjlwMzK7fJPfprpufkqzLDlUjqxSHosHnVPI9MlsEoBLX4ETIe9q3AnBxZpCfB8dvAqHQ7Pa4qSAitcruGQe1IK_lxseMOU_APbRDHzuZh0qJZTfP0f7e7Plm3cdolvMisrk30SaUNoHu1KPvWfEFlu4-m5-Puc0AMP0jIidkVh7rKC-c1CXCvrQoC2f-7ZgrtBRq64437gHojIR_YtPQ5x5kP2F2a-rimsCvmjpejysuYPbgHetbUpMuvHi4xMbufMPWd_iNAi8SM4OGxe-Cmc9wIXo3elfoZx2_82ku2JEH98OFhe-Kj08yO7xeNipJJw5kH7in2biuZbNKq17VVa3DPSRe5kQkcDLqb5bQVlKNumFRfvxVkFDlzMSQ1WjVBV4tSHm8RVSqxr-V33FY4LUl_U_kLiVCgDxUmlSILj-B8Ljk2R2s8bluotsU23SqQdFl_Jxns7rRyrIuSKEGmaBP0_RP6axiO5bYwS8-OWXb-obPijQ3pz51TY2qFaVg62Um5MARukRApG_FGCVFI9Hw5vdFpJTGg8o_XRaJ-O4mqMfRlFj1gBfqylwXD1muFpeDCUNcJwoQHGviWppwF0gnjC1qJ2CuIIz6qY081qazrL-id8HLXW3D3urHt5OkDOWykrYWdt7J2Gt4npN1ndX5QBkSTJhwE55qdtuyH6skAVdv2bIwK1bjaWer4Ue1qQIzLOdr8vy0ViKsVgfPrllgHAUsg7xM7_2Hbpe1qo9surEdufrdBxEtAiFo9ozVz6CXPnc8ROotePKGoY7MM92PbCvWDutPm4SQkquL6dYe2lWI6oLB37SReQfTElrdFUIH7pXOaUilrqrNYjLaeFATOpHJcViX1nTv5NFJl2OM6E87QlQIWQpUq6taPzOAUdKJRiQ_c1_ETGxcf7B18jwcndd9Cj2y8T0f9Xp6t2Df9GS85EX_fH4V2LdAMcseFn_qnz1UpM7P10qXw HTTP/1.1
Host: beta.mybettermb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://dipaka-ead.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Sat, 03 Dec 2022 10:27:42 GMT
content-length: 0
set-cookie: rhid=82486210378; Max-Age=15552000; Expires=Thu, 01-Jun-2023 10:27:42 GMT; Domain=mybettermb.com; Path=/; SameSite=None; secure;
location: https://beta.mybettermb.com/adServe/domainClick?ai=kuEohdhb_zPVNnwowEBaEfvxVkFDlzMSQ1WjVBV4tSHm8RVSqxr-V33FY4LUl_U_kLiVCgDxUmlSILj-B8Ljk2R2s8bluotsU23SqQdFl_Jxns7rRyrIuSKEGmaBP0_RP6axiO5bYwS8-OWXb-obPijQ3pz51TY2qFaVg62Um5MARukRApG_FGCVFI9Hw5vdFpJTGg8o_XRaJ-O4mqMfRlFj1gBfqylwXD1muFpeDCUNcJwoQHGviWppwF0gnjC1qJ2CuIIz6qY081qazrL-id8HLXW3D3urHt5OkDOWykrYWdt7J2Gt4npN1ndX5QBkSTJhwE55qdtuyH6skAVdv2bIwK1bjaWer4Ue1qQIzLOdr8vy0ViKsWWrA09g-eJtJjOWT2V4WkTb4QKnCS9Fts6gZF8_Qf9eOP4Y9yygj9sM53wxrhOOme2PZA61MqI9llpg4FhZfxRiOqckE7dHFa0h_rdqTroyA9yVR5Xg6t1iVnQIGgxQDiU7ugF2M-yuFxAzU6vkuBrv5y_8G14hHnpqjgSp0e_IHrCOA8jLvEQfteQPHXMKis-8C37fBKZtepx7j1kh07VyyGnFKX0au3SDFZgpnKNmkWTJ0WZCnNnzrhQios4RPu2LYP8V32YO8KbYxDDatVfoQahYdXWKtvQU3fkVEIHqdkM2Rdu-81qOhGX2TFQtdltuLd3hMXTXZnwPAQBUH9KxiYfV7E9RVYiDfJWbwBWTjZbxNzoVSLAmYIJGi_TSUWTfxfs1Jb0VofB33BW-m9pDG-A6O8vm_g3tKy_heZIpllemAWTaPnh7ytE4oS_3pJL4KnOOYIJFKRuNOcPQlyhauS4SJm9wQoLrtg_raixpUqyH51yNysR_tfxqo0oMwEgJRDHxEdL9IBX08ji0YsE&ui=HFz5zNIIs96fzq49jFkHXcQzYObQGwwU7xf6tdOZukN7mRCRwMupvp5VERfFfN9ZM32PfN-LxzKwrUA8Y98H7F0wSjEQWx8pUQE1-aL_jdeJJYWC2HxVeA&si=1&oref=3fefbcb43d479ca261d2ea7755dad835&optunit=SlkYItiv16ZLmKtsnTc28HnSiUDV5iGD&rb=-zspswa4QVw&rr=1&abtg=0
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 156d43f677c031d95abf405c80999a2f
d9cc212c502f709f6f8813b863a0bbc875e26172
d2373ed1bef5b7f7b39345a351d7f97a42e1c738422d01db16786d4ea5895db9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D2373ED1BEF5B7F7B39345A351D7F97A42E1C738422D01DB16786D4EA5895DB9"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10478
Expires: Sat, 03 Dec 2022 13:22:21 GMT
Date: Sat, 03 Dec 2022 10:27:43 GMT
Connection: keep-alive
qvikar.com/fiverr/work/443778678
192.254.234.214302 Found 0 B URL HTTP/2 qvikar.com/fiverr/work/443778678
IP 192.254.234.214:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /fiverr/work/443778678 HTTP/1.1
Host: qvikar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
location: https://www.clkmg.com/qvikar/fiverr/work/443778678/
vary: User-Agent
content-length: 0
content-type: text/html; charset=UTF-8
date: Sat, 03 Dec 2022 10:27:43 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp2.globalsign.com/gsalphasha2g2
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp2.globalsign.com/gsalphasha2g2
IP 104.18.20.226:0
Hash e4582e9c3db7e14ace9bbb680b98defc
c0383ac660e25a01a0c12271a75fb8469f003dd7
99c6e4e72e7915f62440e5d3adda89364f498cbbcf86df7401fd15befe8c56e1
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:27:44 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Wed, 07 Dec 2022 09:01:56 GMT
ETag: "c0383ac660e25a01a0c12271a75fb8469f003dd7"
Last-Modified: Sat, 03 Dec 2022 09:01:57 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 773b9c88dcb5fabc-OSL
www.clkmg.com/qvikar/fiverr/work/443778678/
50.97.244.203302 Found 250 B URL HTTP/1.1 www.clkmg.com/qvikar/fiverr/work/443778678/
IP 50.97.244.203:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash d468dcc820ee553be0bf6d799e2aa739
1581e8f92825dd9b8dd67dd407028afc51465ed4
54960fa4fa4f3d76c7f112645ae2845e19f8931796186431919ad023121d6709
GET /qvikar/fiverr/work/443778678/ HTTP/1.1
Host: www.clkmg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Date: Sat, 03 Dec 2022 10:27:44 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 250
Connection: keep-alive
P3P: CP="This is not a P3P policy! See https://www.clkmg.com for more info."
Set-Cookie: alc=1; domain=.clkmg.com; expires=Sat Dec 3 10:27:49 2022; path=/;
lids=936002-133958+; domain=.clkmg.com; expires=Sun Dec 3 10:27:44 2023; path=/;
Location: https://www.clkmg.com/err/?u=qvikar&l=fiverr&s=A&e=403
Server: nginx
X-Permitted-Cross-Domain-Policies: none
X-CM-FE: httpfe-02.clickmagick.com
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
beta.mybettermb.com/adServe/domainClick?ai=kuEohdhb_zPVNnwowEBaEfvxVkFDlzMSQ1WjVBV4tSHm8RVSqxr-V33FY4LUl_U_kLiVCgDxUmlSILj-B8Ljk2R2s8bluotsU23SqQdFl_Jxns7rRyrIuSKEGmaBP0_RP6axiO5bYwS8-OWXb-obPijQ3pz51TY2qFaVg62Um5MARukRApG_FGCVFI9Hw5vdFpJTGg8o_XRaJ-O4mqMfRlFj1gBfqylwXD1muFpeDCUNcJwoQHGviWppwF0gnjC1qJ2CuIIz6qY081qazrL-id8HLXW3D3urHt5OkDOWykrYWdt7J2Gt4npN1ndX5QBkSTJhwE55qdtuyH6skAVdv2bIwK1bjaWer4Ue1qQIzLOdr8vy0ViKsWWrA09g-eJtJjOWT2V4WkTb4QKnCS9Fts6gZF8_Qf9eOP4Y9yygj9sM53wxrhOOme2PZA61MqI9llpg4FhZfxRiOqckE7dHFa0h_rdqTroyA9yVR5Xg6t1iVnQIGgxQDiU7ugF2M-yuFxAzU6vkuBrv5y_8G14hHnpqjgSp0e_IHrCOA8jLvEQfteQPHXMKis-8C37fBKZtepx7j1kh07VyyGnFKX0au3SDFZgpnKNmkWTJ0WZCnNnzrhQios4RPu2LYP8V32YO8KbYxDDatVfoQahYdXWKtvQU3fkVEIHqdkM2Rdu-81qOhGX2TFQtdltuLd3hMXTXZnwPAQBUH9KxiYfV7E9RVYiDfJWbwBWTjZbxNzoVSLAmYIJGi_TSUWTfxfs1Jb0VofB33BW-m9pDG-A6O8vm_g3tKy_heZIpllemAWTaPnh7ytE4oS_3pJL4KnOOYIJFKRuNOcPQlyhauS4SJm9wQoLrtg_raixpUqyH51yNysR_tfxqo0oMwEgJRDHxEdL9IBX08ji0YsE&ui=HFz5zNIIs96fzq49jFkHXcQzYObQGwwU7xf6tdOZukN7mRCRwMupvp5VERfFfN9ZM32PfN-LxzKwrUA8Y98H7F0wSjEQWx8pUQE1-aL_jdeJJYWC2HxVeA&si=1&oref=3fefbcb43d479ca261d2ea7755dad835&optunit=SlkYItiv16ZLmKtsnTc28HnSiUDV5iGD&rb=-zspswa4QVw&rr=1&abtg=0
108.168.193.189200 OK 1.6 kB URL HTTP/2 beta.mybettermb.com/adServe/domainClick?ai=kuEohdhb_zPVNnwowEBaEfvxVkFDlzMSQ1WjVBV4tSHm8RVSqxr-V33FY4LUl_U_kLiVCgDxUmlSILj-B8Ljk2R2s8bluotsU23SqQdFl_Jxns7rRyrIuSKEGmaBP0_RP6axiO5bYwS8-OWXb-obPijQ3pz51TY2qFaVg62Um5MARukRApG_FGCVFI9Hw5vdFpJTGg8o_XRaJ-O4mqMfRlFj1gBfqylwXD1muFpeDCUNcJwoQHGviWppwF0gnjC1qJ2CuIIz6qY081qazrL-id8HLXW3D3urHt5OkDOWykrYWdt7J2Gt4npN1ndX5QBkSTJhwE55qdtuyH6skAVdv2bIwK1bjaWer4Ue1qQIzLOdr8vy0ViKsWWrA09g-eJtJjOWT2V4WkTb4QKnCS9Fts6gZF8_Qf9eOP4Y9yygj9sM53wxrhOOme2PZA61MqI9llpg4FhZfxRiOqckE7dHFa0h_rdqTroyA9yVR5Xg6t1iVnQIGgxQDiU7ugF2M-yuFxAzU6vkuBrv5y_8G14hHnpqjgSp0e_IHrCOA8jLvEQfteQPHXMKis-8C37fBKZtepx7j1kh07VyyGnFKX0au3SDFZgpnKNmkWTJ0WZCnNnzrhQios4RPu2LYP8V32YO8KbYxDDatVfoQahYdXWKtvQU3fkVEIHqdkM2Rdu-81qOhGX2TFQtdltuLd3hMXTXZnwPAQBUH9KxiYfV7E9RVYiDfJWbwBWTjZbxNzoVSLAmYIJGi_TSUWTfxfs1Jb0VofB33BW-m9pDG-A6O8vm_g3tKy_heZIpllemAWTaPnh7ytE4oS_3pJL4KnOOYIJFKRuNOcPQlyhauS4SJm9wQoLrtg_raixpUqyH51yNysR_tfxqo0oMwEgJRDHxEdL9IBX08ji0YsE&ui=HFz5zNIIs96fzq49jFkHXcQzYObQGwwU7xf6tdOZukN7mRCRwMupvp5VERfFfN9ZM32PfN-LxzKwrUA8Y98H7F0wSjEQWx8pUQE1-aL_jdeJJYWC2HxVeA&si=1&oref=3fefbcb43d479ca261d2ea7755dad835&optunit=SlkYItiv16ZLmKtsnTc28HnSiUDV5iGD&rb=-zspswa4QVw&rr=1&abtg=0
IP 108.168.193.189:0
Hash 93c7d79938e28b53b851bf85eb53c7a5
542bed3c47397ad0f336378fb530881d6b82f0fb
050203fea8f9b22142af8b7810677f8aea80c655e70a749e63328fb60ffb20a8
GET /adServe/domainClick?ai=kuEohdhb_zPVNnwowEBaEfvxVkFDlzMSQ1WjVBV4tSHm8RVSqxr-V33FY4LUl_U_kLiVCgDxUmlSILj-B8Ljk2R2s8bluotsU23SqQdFl_Jxns7rRyrIuSKEGmaBP0_RP6axiO5bYwS8-OWXb-obPijQ3pz51TY2qFaVg62Um5MARukRApG_FGCVFI9Hw5vdFpJTGg8o_XRaJ-O4mqMfRlFj1gBfqylwXD1muFpeDCUNcJwoQHGviWppwF0gnjC1qJ2CuIIz6qY081qazrL-id8HLXW3D3urHt5OkDOWykrYWdt7J2Gt4npN1ndX5QBkSTJhwE55qdtuyH6skAVdv2bIwK1bjaWer4Ue1qQIzLOdr8vy0ViKsWWrA09g-eJtJjOWT2V4WkTb4QKnCS9Fts6gZF8_Qf9eOP4Y9yygj9sM53wxrhOOme2PZA61MqI9llpg4FhZfxRiOqckE7dHFa0h_rdqTroyA9yVR5Xg6t1iVnQIGgxQDiU7ugF2M-yuFxAzU6vkuBrv5y_8G14hHnpqjgSp0e_IHrCOA8jLvEQfteQPHXMKis-8C37fBKZtepx7j1kh07VyyGnFKX0au3SDFZgpnKNmkWTJ0WZCnNnzrhQios4RPu2LYP8V32YO8KbYxDDatVfoQahYdXWKtvQU3fkVEIHqdkM2Rdu-81qOhGX2TFQtdltuLd3hMXTXZnwPAQBUH9KxiYfV7E9RVYiDfJWbwBWTjZbxNzoVSLAmYIJGi_TSUWTfxfs1Jb0VofB33BW-m9pDG-A6O8vm_g3tKy_heZIpllemAWTaPnh7ytE4oS_3pJL4KnOOYIJFKRuNOcPQlyhauS4SJm9wQoLrtg_raixpUqyH51yNysR_tfxqo0oMwEgJRDHxEdL9IBX08ji0YsE&ui=HFz5zNIIs96fzq49jFkHXcQzYObQGwwU7xf6tdOZukN7mRCRwMupvp5VERfFfN9ZM32PfN-LxzKwrUA8Y98H7F0wSjEQWx8pUQE1-aL_jdeJJYWC2HxVeA&si=1&oref=3fefbcb43d479ca261d2ea7755dad835&optunit=SlkYItiv16ZLmKtsnTc28HnSiUDV5iGD&rb=-zspswa4QVw&rr=1&abtg=0 HTTP/1.1
Host: beta.mybettermb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://dipaka-ead.com/
Connection: keep-alive
Cookie: rhid=82486210378
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Dec 2022 10:27:42 GMT
content-type: text/html;charset=ISO-8859-1
vary: Accept-Encoding
set-cookie: rhid=82486210378; Max-Age=15552000; Expires=Thu, 01-Jun-2023 10:27:42 GMT; Domain=mybettermb.com; Path=/; SameSite=None; secure;
loi=ad_945390_off_413008_aff_11454_cid_444222-12460328914_ts_1670063262; Max-Age=3600; Expires=Sat, 03-Dec-2022 11:27:42 GMT; Domain=mybettermb.com; Path=/; SameSite=None; secure;
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.clkmg.com/misc/css/style.css
143.204.55.97200 OK 4.5 kB URL HTTP/1.1 cdn.clkmg.com/misc/css/style.css
IP 143.204.55.97:0
Hash e540f61448a0e598774be6738463a0c5
75c83228491705c9a412383803decd6878c3f163
263bd19121ab72d1db5109850141dd62598ee8d4240b4cbfb3bce40a85c5da3c
GET /misc/css/style.css HTTP/1.1
Host: cdn.clkmg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.clkmg.com/
Cookie: alc=1; lids=936002-133958+
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 4498
Connection: keep-alive
Date: Sat, 26 Nov 2022 05:16:13 GMT
Last-Modified: Sat, 06 Aug 2022 19:05:46 GMT
ETag: "62eebb8a-1192"
Server: nginx
X-Permitted-Cross-Domain-Policies: none
Expires: Mon, 26 Dec 2022 05:16:13 GMT
Cache-Control: max-age=2592000, public, no-transform
Accept-Ranges: bytes
X-Cache: Hit from cloudfront
Via: 1.1 76c917e0bb0ba45eb834d25d76ee125e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: YjXhhX4ODzGcTp99rV56xC8UfNzldS3BiSLl5g9BxKq7ELcj0kCx0Q==
Age: 623492
cdn.clkmg.com/images/spacer.gif
143.204.55.97200 OK 43 B URL HTTP/1.1 cdn.clkmg.com/images/spacer.gif
IP 143.204.55.97:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash fc94fb0c3ed8a8f909dbc7630a0987ff
56d45f8a17f5078a20af9962c992ca4678450765
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
GET /images/spacer.gif HTTP/1.1
Host: cdn.clkmg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.clkmg.com/
Cookie: alc=1; lids=936002-133958+
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Date: Fri, 28 Oct 2022 02:17:27 GMT
Last-Modified: Thu, 23 Feb 2017 23:21:29 GMT
ETag: "58af6e79-2b"
Server: nginx
X-Permitted-Cross-Domain-Policies: none
Expires: Thu, 26 Jan 2023 02:17:27 GMT
Cache-Control: max-age=7776000, public, no-transform
Accept-Ranges: bytes
X-Cache: Hit from cloudfront
Via: 1.1 76c917e0bb0ba45eb834d25d76ee125e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: t87FnaeQjahPPiyz0tFmio5OXWLervuYU-ZvZv7-zxtAHDSDEq7rdA==
Age: 3139818
ocsp2.globalsign.com/gsalphasha2g2
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp2.globalsign.com/gsalphasha2g2
IP 104.18.20.226:0
Hash 4f470a9e4286e72fda4fb4f9189ea53f
07b968661e3e806d5a4a8c534b5fa4959510ebae
317f6e4073364959bb5161f869025aec1fd223529437b28c3857fbacbece3b30
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:27:45 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Wed, 07 Dec 2022 08:21:41 GMT
ETag: "07b968661e3e806d5a4a8c534b5fa4959510ebae"
Last-Modified: Sat, 03 Dec 2022 08:21:42 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 211
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 773b9c8e580dfabc-OSL
cdn.clickmagick.com/images/logo.gif
54.230.111.12200 OK 4.3 kB URL HTTP/2 cdn.clickmagick.com/images/logo.gif
IP 54.230.111.12:0
File type GIF image data, version 89a, 300 x 64\012- data
Hash 1bfe88368945f71f6b145f8fdc431c3f
2650030369e5c327d5eaf4a6b9fd175786bda751
b069053ff474120a849ba3e9f1d4110f4311608883e9ec1cdbe68e1b181dcc73
GET /images/logo.gif HTTP/1.1
Host: cdn.clickmagick.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.clkmg.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/gif
content-length: 4252
date: Thu, 01 Dec 2022 22:41:34 GMT
last-modified: Wed, 27 Jul 2022 23:18:30 GMT
etag: "62e1c7c6-109c"
server: nginx
x-permitted-cross-domain-policies: none
x-frame-options: SAMEORIGIN
expires: Wed, 01 Mar 2023 22:41:34 GMT
cache-control: max-age=7776000, public, no-transform
accept-ranges: bytes
x-cache: Hit from cloudfront
via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 1iCsF0CFqgetEW2cnGb50e9YqZAzi7XZbq30ki1CcapEEdszxFkl3Q==
age: 128771
X-Firefox-Spdy: h2
cdn.clickmagick.com/misc/fonts/website/v3/Inter-Regular.woff
54.230.111.12200 OK 149 kB URL HTTP/2 cdn.clickmagick.com/misc/fonts/website/v3/Inter-Regular.woff
IP 54.230.111.12:0
File type Web Open Font Format, TrueType, length 149344, version 0.0\012- data
Size 149 kB (149344 bytes)
Hash ea2c76b525641c2051cdf7d930e465ba
b3ffc2515b8429e92540e084fd6011f32b8df368
6ab2042219a7bbc2f5523d61ad24c9f1e3627f2cbb891669d981da8bb019c11e
GET /misc/fonts/website/v3/Inter-Regular.woff HTTP/1.1
Host: cdn.clickmagick.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.clkmg.com
Connection: keep-alive
Referer: https://cdn.clkmg.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/font-woff
content-length: 149344
last-modified: Wed, 22 Jun 2022 15:39:23 GMT
server: nginx
x-permitted-cross-domain-policies: none
x-frame-options: SAMEORIGIN
access-control-allow-origin: *
accept-ranges: bytes
date: Sat, 03 Dec 2022 09:38:41 GMT
etag: "62b337ab-24760"
x-cache: Hit from cloudfront
via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: zPh9eUFVdIwhyGS622SFfj2DtdfYATxdMYTraS5x_X_4QlnFAGUjlA==
age: 37721
X-Firefox-Spdy: h2
cdn.clickmagick.com/misc/fonts/website/v3/Inter-Medium.woff
54.230.111.12200 OK 158 kB URL HTTP/2 cdn.clickmagick.com/misc/fonts/website/v3/Inter-Medium.woff
IP 54.230.111.12:0
File type Web Open Font Format, TrueType, length 157888, version 0.0\012- data
Size 158 kB (157888 bytes)
Hash 6b5a42f0603ea013e7099c2160e007e7
1a817b28d15fba7537a6ac0ed28126589062f303
860f80f683dd2cca3acc4680a798cd8a1a8dd8d6a0e18312692d9504f3792242
GET /misc/fonts/website/v3/Inter-Medium.woff HTTP/1.1
Host: cdn.clickmagick.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.clkmg.com
Connection: keep-alive
Referer: https://cdn.clkmg.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/font-woff
content-length: 157888
last-modified: Wed, 22 Jun 2022 15:39:23 GMT
server: nginx
x-permitted-cross-domain-policies: none
x-frame-options: SAMEORIGIN
access-control-allow-origin: *
accept-ranges: bytes
date: Sat, 03 Dec 2022 09:38:41 GMT
etag: "62b337ab-268c0"
x-cache: Hit from cloudfront
via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Bswuu6D9vmSJmCZVgQjO5-BMgib1xiLEtYF4-79B1EqjU7rrs3sbWw==
age: 37721
X-Firefox-Spdy: h2
www.clkmg.com/favicon.ico
50.97.244.203200 OK 78 B URL HTTP/1.1 www.clkmg.com/favicon.ico
IP 50.97.244.203:0
File type MS Windows icon resource - 1 icon, 1x1, 2 colors\012- data
Hash c9e1efa761b83f4a25a07dc85c207f95
7c1df040d4119e1c1b4f875c362f363ad1f6ba13
91634633ca6d34044c356a9a0baa832f1927d8326e1ae1a95af22b864d30dd7f
GET /favicon.ico HTTP/1.1
Host: www.clkmg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.clkmg.com/err/?u=qvikar&l=fiverr&s=A&e=403
Cookie: alc=1; lids=936002-133958+
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:27:45 GMT
Content-Type: image/x-icon
Content-Length: 78
Last-Modified: Thu, 21 Apr 2022 16:32:44 GMT
Connection: keep-alive
ETag: "6261872c-4e"
Server: nginx
X-Permitted-Cross-Domain-Policies: none
Expires: Mon, 02 Jan 2023 10:27:45 GMT
Pragma: public
Cache-Control: max-age=2592000, public
Accept-Ranges: bytes
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F73b53015-e415-4fff-9252-8a16bbe000f5.jpeg
34.120.237.76200 OK 9.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F73b53015-e415-4fff-9252-8a16bbe000f5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 45182367fd4f8b6dd234eef1022acdb1
d4b3052021ff3ad1dc4134fa25eb12a98e7c17da
a57fadaf74db2fb457cfe761314d56f021d22146f5bdb6a8bf11b6519e8a558d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F73b53015-e415-4fff-9252-8a16bbe000f5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 9715
x-amzn-requestid: c8102cfa-78dc-4d81-ad6a-e16b9132e238
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ciZO2HQKIAMF8IA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638a6f2b-350c586b568e6565763376bd;Sampled=0
x-amzn-remapped-date: Fri, 02 Dec 2022 21:33:31 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 0QkVKyYm9UwlF5FEeli9UsRAQwEi3-c3bMR-QSJxIKRQe7WWT76dGQ==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 21:37:54 GMT
age: 46195
etag: "d4b3052021ff3ad1dc4134fa25eb12a98e7c17da"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2