shridurgadevelopers.com/aakrungsr/prelogon/preauth/proceed/authentication/digital/display/logon/home/going/commercial-upcoming.php
185.107.56.197200 OK 585 B URL HTTP/1.1 shridurgadevelopers.com/aakrungsr/prelogon/preauth/proceed/authentication/digital/display/logon/home/going/commercial-upcoming.php
IP 185.107.56.197:0
ASN #43350 NForce Entertainment B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (585), with no line terminators
Hash 870a84984ba25ea10ded479a306988fa
92a588650f5a900080d5d8cb03da769e36d44207
386cfd18156c1148910db43a901faa25f940c9f614ec4bfb1d95276ff2835639
Analyzer Verdict Alert fortinet Phishing
GET /aakrungsr/prelogon/preauth/proceed/authentication/digital/display/logon/home/going/commercial-upcoming.php HTTP/1.1
Host: shridurgadevelopers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 585
content-type: text/html; charset=utf-8
date: Mon, 24 Oct 2022 02:45:07 GMT
server: nginx
set-cookie: sid=df2936e8-5345-11ed-9eda-911a9432c2e0; path=/; domain=.shridurgadevelopers.com; expires=Sat, 11 Nov 2090 05:59:15 GMT; max-age=2147483647; HttpOnly
firefox.settings.services.mozilla.com/v1/
143.204.55.35200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.35:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bdb8b66c705a7b996496d780f50c00b5
403ae92039fcc933870f51f913f78ccaf9652256
c923ed2539f4ce9f4d43743c402fbb2060a52a4cbedbf14c5f5742ab718073d6
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Alert, Content-Length, Retry-After, Backoff
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Mon, 24 Oct 2022 01:52:56 GMT
Expires: Mon, 24 Oct 2022 02:17:30 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 76c917e0bb0ba45eb834d25d76ee125e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: xXuGnNK_Gw-2xSyHwdadnE9QhLZ5xGhPU3FxtEpi2GcBGlosOFPaxw==
Age: 3132
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c19f4a1def760c07cbc4aec1d0d6c050
6ad911a7c02f5e5fdd82fa86cae0453528d53a6d
750bba81910a4bbd78ab484ba03781a36459a0aec147d7c47424e9a9bf152b40
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "750BBA81910A4BBD78AB484BA03781A36459A0AEC147D7C47424E9A9BF152B40"
Last-Modified: Fri, 21 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8485
Expires: Mon, 24 Oct 2022 05:06:33 GMT
Date: Mon, 24 Oct 2022 02:45:08 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ae56efd62a0d9249d98573172eb8b28b
5ff4e9959be677ad76c26ca73f9ef4feb9fa2f28
82d9ee4948fce839f7edb1f8490c4213cded3912464a4169b0bf6a61278694bd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "82D9EE4948FCE839F7EDB1F8490C4213CDED3912464A4169B0BF6A61278694BD"
Last-Modified: Sat, 22 Oct 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8532
Expires: Mon, 24 Oct 2022 05:07:20 GMT
Date: Mon, 24 Oct 2022 02:45:08 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: MY48x1aXf9eVQcAX2OBTDTY7K2fOGxjKXtZgjPI5q/UA02820/xlRNREI4gjHyL2RwOKy4vz9J8=
x-amz-request-id: ZZ6XAS4QHNF918K2
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 24 Oct 2022 02:38:13 GMT
age: 415
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 24 Oct 2022 02:45:08 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
shridurgadevelopers.com/favicon.ico
185.107.56.197404 Not Found 9 B URL HTTP/1.1 shridurgadevelopers.com/favicon.ico
IP 185.107.56.197:0
ASN #43350 NForce Entertainment B.V.
File type ASCII text, with no line terminators
Hash d8f4a1993546cc4b850cde3599e27aec
094b763b4cfcc0b05e5d040581cd513c3ca08067
907ba78b4545338d3539683e63ecb51cf51c10adc9dabd86e92bd52339f298b9
GET /favicon.ico HTTP/1.1
Host: shridurgadevelopers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shridurgadevelopers.com/aakrungsr/prelogon/preauth/proceed/authentication/digital/display/logon/home/going/commercial-upcoming.php
Cookie: sid=df2936e8-5345-11ed-9eda-911a9432c2e0
HTTP/1.1 404 Not Found
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 9
date: Mon, 24 Oct 2022 02:45:08 GMT
server: nginx
shridurgadevelopers.com/aakrungsr/prelogon/preauth/proceed/authentication/digital/display/logon/home/going/commercial-upcoming.php?js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY2NjU4NjcwOCwiaWF0IjoxNjY2NTc5NTA4LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIyc2dlMmVzZHYybDdxMGJzZzAyc2hrNGoiLCJuYmYiOjE2NjY1Nzk1MDgsInRzIjoxNjY2NTc5NTA4MDI4MjIyfQ.GI5_aBEl8iFL_uUpMWCSJoHwtp-LVG_u9xh8xL4UnjY&sid=df2936e8-5345-11ed-9eda-911a9432c2e0
185.107.56.197302 Found 11 B URL HTTP/1.1 shridurgadevelopers.com/aakrungsr/prelogon/preauth/proceed/authentication/digital/display/logon/home/going/commercial-upcoming.php?js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY2NjU4NjcwOCwiaWF0IjoxNjY2NTc5NTA4LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIyc2dlMmVzZHYybDdxMGJzZzAyc2hrNGoiLCJuYmYiOjE2NjY1Nzk1MDgsInRzIjoxNjY2NTc5NTA4MDI4MjIyfQ.GI5_aBEl8iFL_uUpMWCSJoHwtp-LVG_u9xh8xL4UnjY&sid=df2936e8-5345-11ed-9eda-911a9432c2e0
IP 185.107.56.197:0
ASN #43350 NForce Entertainment B.V.
File type ASCII text, with no line terminators
Hash 32682312d17c7cbf18e73594f5570319
60e22121bdd0bc71cdb2bae2a3aa577006b2eae9
e55fb1a1d731153e943b68844af12dcce8bfac917c98ffdea64c80da0607dd47
GET /aakrungsr/prelogon/preauth/proceed/authentication/digital/display/logon/home/going/commercial-upcoming.php?js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY2NjU4NjcwOCwiaWF0IjoxNjY2NTc5NTA4LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIyc2dlMmVzZHYybDdxMGJzZzAyc2hrNGoiLCJuYmYiOjE2NjY1Nzk1MDgsInRzIjoxNjY2NTc5NTA4MDI4MjIyfQ.GI5_aBEl8iFL_uUpMWCSJoHwtp-LVG_u9xh8xL4UnjY&sid=df2936e8-5345-11ed-9eda-911a9432c2e0 HTTP/1.1
Host: shridurgadevelopers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shridurgadevelopers.com/aakrungsr/prelogon/preauth/proceed/authentication/digital/display/logon/home/going/commercial-upcoming.php
Cookie: sid=df2936e8-5345-11ed-9eda-911a9432c2e0
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 11
date: Mon, 24 Oct 2022 02:45:08 GMT
location: http://bilqi-omv.com/zcvisitor/df750376-5345-11ed-93f4-120fc048c1b5/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=62c492c0-3b47-11ed-a49b-0a918cbcbb97
server: nginx
set-cookie: sid=df2936e8-5345-11ed-9eda-911a9432c2e0; path=/; domain=.shridurgadevelopers.com; expires=Sat, 11 Nov 2090 05:59:15 GMT; max-age=2147483647; HttpOnly
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.35200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.35:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Mon, 24 Oct 2022 02:43:40 GMT
Cache-Control: max-age=3600
Expires: Mon, 24 Oct 2022 02:51:29 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 057fdebf738f5915bf38a78949190758.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: DnI3FBUfxA3BqtXjreVQR7s5oeRDKNnsPCO3OlD5ecOpTnzm1wzvRA==
Age: 696
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 60d5d7cce6c32a6bdaf0d4c92ec93a1a
cd29edee660366b41749cfd206bdc08fb421449c
fb90c4cc44b32e4ca4a7d1533bbf4a2fd5c482dda5d232f1be2334f3cefbbb0e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3977
Cache-Control: max-age=109671
Content-Type: application/ocsp-response
Date: Mon, 24 Oct 2022 02:45:09 GMT
Etag: "6354f613-1d7"
Expires: Tue, 25 Oct 2022 09:13:00 GMT
Last-Modified: Sun, 23 Oct 2022 08:06:43 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471
bilqi-omv.com/zcvisitor/df750376-5345-11ed-93f4-120fc048c1b5/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=62c492c0-3b47-11ed-a49b-0a918cbcbb97
34.239.209.41200 996 B URL HTTP/1.1 bilqi-omv.com/zcvisitor/df750376-5345-11ed-93f4-120fc048c1b5/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=62c492c0-3b47-11ed-a49b-0a918cbcbb97
IP 34.239.209.41:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 2fff0da1bc882d0983ffd0f352da9f7e
9966d4fc7fcc895e3c6ff3439d6d6c8d5db8998f
2775060db17f2044bbdc7a0171dcd4a1e60bdf8d70a4019ab8f1a7f11d1b9b7c
GET /zcvisitor/df750376-5345-11ed-93f4-120fc048c1b5/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=62c492c0-3b47-11ed-a49b-0a918cbcbb97 HTTP/1.1
Host: bilqi-omv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://shridurgadevelopers.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200
Date: Mon, 24 Oct 2022 02:45:08 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Server: ZHReUcNz
bilqi-omv.com/zcredirect?visitid=df750376-5345-11ed-93f4-120fc048c1b5&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false
34.239.209.41200 994 B URL HTTP/1.1 bilqi-omv.com/zcredirect?visitid=df750376-5345-11ed-93f4-120fc048c1b5&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false
IP 34.239.209.41:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (454)
Hash db6757a12e496da34a3aef65f02c09d7
060d225da2b0ed26eb1a985497fdf4874068b5e8
ebf85dad314100e01f63de4d7ede38ae9159a386272ddb957c2417439d2645fe
GET /zcredirect?visitid=df750376-5345-11ed-93f4-120fc048c1b5&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false HTTP/1.1
Host: bilqi-omv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bilqi-omv.com/zcvisitor/df750376-5345-11ed-93f4-120fc048c1b5/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=62c492c0-3b47-11ed-a49b-0a918cbcbb97
Upgrade-Insecure-Requests: 1
HTTP/1.1 200
Date: Mon, 24 Oct 2022 02:45:09 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
redirected: JS
Server: sGhSrhyY
push.services.mozilla.com/
35.80.175.197101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.80.175.197:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: qvLi8TTSsn/78vQFiOzQFw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: TlSvN9KMEgWCycAMV4hAj6JTuu8=
bilqi-omv.com/favicon.ico
34.239.209.41404 653 B URL HTTP/1.1 bilqi-omv.com/favicon.ico
IP 34.239.209.41:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (649), with no line terminators
Hash ba2732b1b2fa2626ffaa15f62f9e7d66
203d4e7fbb1d80449d6e4e1f3ae7a9bf8625debe
879861cb72fe9fbb476dab246021c4c83b4066327de2529e05ec54d3afb0a1c8
GET /favicon.ico HTTP/1.1
Host: bilqi-omv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bilqi-omv.com/zcredirect?visitid=df750376-5345-11ed-93f4-120fc048c1b5&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false
HTTP/1.1 404
Date: Mon, 24 Oct 2022 02:45:09 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 653
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Content-Language: en
Server: sGhSrhyY
cartining-specute.com/zp-redirect?target=https%3A%2F%2Fbustygirls4u.com%2Ftds%2Fae%3FtdsId%3Ds8655tok_r%26tds_campaign%3Ds8655tok%26utm_sub%3Dopnfnl%26s1%3Dps%26utm_source%3Dint%26affid%3D497f5345%26subid%3D%26clickid%3Dwsjsqu3me1osdavj22vvgjr4%26subid2%3Dwsjsqu3me1osdavj22vvgjr4&caid=8500be2f-30a7-4684-a7e7-f51ce3b821c4&zpid=df750376-5345-11ed-93f4-120fc048c1b5&cid=wsjsqu3me1osdavj22vvgjr4&rt=R
18.197.36.77302 Found 0 B URL HTTP/2 cartining-specute.com/zp-redirect?target=https%3A%2F%2Fbustygirls4u.com%2Ftds%2Fae%3FtdsId%3Ds8655tok_r%26tds_campaign%3Ds8655tok%26utm_sub%3Dopnfnl%26s1%3Dps%26utm_source%3Dint%26affid%3D497f5345%26subid%3D%26clickid%3Dwsjsqu3me1osdavj22vvgjr4%26subid2%3Dwsjsqu3me1osdavj22vvgjr4&caid=8500be2f-30a7-4684-a7e7-f51ce3b821c4&zpid=df750376-5345-11ed-93f4-120fc048c1b5&cid=wsjsqu3me1osdavj22vvgjr4&rt=R
IP 18.197.36.77:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /zp-redirect?target=https%3A%2F%2Fbustygirls4u.com%2Ftds%2Fae%3FtdsId%3Ds8655tok_r%26tds_campaign%3Ds8655tok%26utm_sub%3Dopnfnl%26s1%3Dps%26utm_source%3Dint%26affid%3D497f5345%26subid%3D%26clickid%3Dwsjsqu3me1osdavj22vvgjr4%26subid2%3Dwsjsqu3me1osdavj22vvgjr4&caid=8500be2f-30a7-4684-a7e7-f51ce3b821c4&zpid=df750376-5345-11ed-93f4-120fc048c1b5&cid=wsjsqu3me1osdavj22vvgjr4&rt=R HTTP/1.1
Host: cartining-specute.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://bilqi-omv.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Mon, 24 Oct 2022 02:45:09 GMT
content-length: 0
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://bustygirls4u.com/tds/ae?tdsId=s8655tok_r&tds_campaign=s8655tok&utm_sub=opnfnl&s1=ps&utm_source=int&affid=497f5345&subid=&clickid=wsjsqu3me1osdavj22vvgjr4&subid2=wsjsqu3me1osdavj22vvgjr4
pragma: no-cache
set-cookie: cc-v4=X8PyWyoMWQILBmi72h8oG1WLA4v3seGEIU9wpTP9pntf4hg7eGXg%2FkUtGT7FkIaFl37Eq%2Bk5oUjMPcpULdw%2BqKVUI%2BD4j0kIHoNDRBct%2FoaGqWKW1TDjoYO3WMeqJtIhk%2Frei8gdkUJEpEGFqkgF0w%3D%3D; Max-Age=31536000; Expires=Tue, 24-Oct-2023 02:45:09 GMT; Domain=cartining-specute.com; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash 4d4a1663c6e806fc36202faf36b97586
8f3868c8e3e9ecd0ff4fc12a820ba2d04cff863b
6540b15ee484cd17043e814bc01a8af446195e14254a037cf9696d4d15593fc5
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=165492
Date: Mon, 24 Oct 2022 02:45:09 GMT
Etag: "6355dfa9-1d7"
Expires: Wed, 26 Oct 2022 00:43:21 GMT
Last-Modified: Mon, 24 Oct 2022 00:43:21 GMT
Server: nginx
X-Cache: Miss from cloudfront
Via: 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Lo1z9Bz0uQ77-AW2UrUuJN6H7kIgRuJSc-y7vE0C6Zf132j4hjuv0w==
bustygirls4u.com/bridge/intg.js?v=8
18.197.205.236200 OK 317 B URL HTTP/2 bustygirls4u.com/bridge/intg.js?v=8
IP 18.197.205.236:0
File type ASCII text, with very long lines (316)
Hash d9bd6d4fe07232e0fcae03c7e68d4e81
4a7e1c2e8cc35c2ff31c71175095f4b1a2b8c17b
0ad2eb2d6a74f3d18026ab24c088ca7c561a742fd870e44045db9d823ac0a3c6
GET /bridge/intg.js?v=8 HTTP/1.1
Host: bustygirls4u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bustygirls4u.com/jump?tds_cid=c84c11d83f0c5603080ecec1edf62d81285422e4&s3=wsjsqu3me1osdavj22vvgjr4&tds_campaign=b1727pos&tds_oid=24401&tds_id=b1727pos_jump_a_1598613018653&dci=bb25dab22c2ea689bfbdbada986627832e97fe95&s1=ps&utm_campaign=497f5345&tds_ac_id=s8655tok&data2=wsjsqu3me1osdavj22vvgjr4&tds_ao=1&id=24401&_tgUrl=aHR0cHM6Ly9idXN0eWdpcmxzNHUuY29tL3Rkcy9hZS90Zy9zL2NkODFkOTI0NDRmYmVjNDk1MDcwOGYxMjZhNzYyZjEzP19fdD0xNjY2NTc5NTA5OTc0Jl9fbD0zNjAw&tds_rt=&utm_content=&tds_host=bustygirls4u.com&utm_source=int
Cookie: dci=bb25dab22c2ea689bfbdbada986627832e97fe95; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 24 Oct 2022 02:45:10 GMT
content-type: application/javascript; charset=UTF-8
content-length: 317
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
x-robots-tag: noindex
accept-ranges: bytes
cache-control: public, max-age=3600
last-modified: Thu, 20 Oct 2022 10:01:48 GMT
etag: W/"13d-183f4d782e0"
vary: Accept-Encoding
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash bed68ee568e74be152402c71cbf26510
38092ae53739e8ee13362c84df108bad734c4b64
26cd9ff2fb48cc7fb7c83cc325f4cb4713fc442cc4842baa728c570081be0445
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "26CD9FF2FB48CC7FB7C83CC325F4CB4713FC442CC4842BAA728C570081BE0445"
Last-Modified: Sat, 22 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9270
Expires: Mon, 24 Oct 2022 05:19:40 GMT
Date: Mon, 24 Oct 2022 02:45:10 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash bed68ee568e74be152402c71cbf26510
38092ae53739e8ee13362c84df108bad734c4b64
26cd9ff2fb48cc7fb7c83cc325f4cb4713fc442cc4842baa728c570081be0445
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "26CD9FF2FB48CC7FB7C83CC325F4CB4713FC442CC4842BAA728C570081BE0445"
Last-Modified: Sat, 22 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9270
Expires: Mon, 24 Oct 2022 05:19:40 GMT
Date: Mon, 24 Oct 2022 02:45:10 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash bed68ee568e74be152402c71cbf26510
38092ae53739e8ee13362c84df108bad734c4b64
26cd9ff2fb48cc7fb7c83cc325f4cb4713fc442cc4842baa728c570081be0445
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "26CD9FF2FB48CC7FB7C83CC325F4CB4713FC442CC4842BAA728C570081BE0445"
Last-Modified: Sat, 22 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9270
Expires: Mon, 24 Oct 2022 05:19:40 GMT
Date: Mon, 24 Oct 2022 02:45:10 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F456d7d5b-fd41-4fa5-8e9e-d89e82b0dc48.jpeg
34.120.237.76200 OK 9.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F456d7d5b-fd41-4fa5-8e9e-d89e82b0dc48.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7ad00d9f89cc4d7f29fd53f89b4545f3
c4dbc6b4b8b9cf4f8868ddc060ee731cf43153d7
6d8e82f5aced08627c83945bc8f011bbaea66789427624baaef5104858472ea2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F456d7d5b-fd41-4fa5-8e9e-d89e82b0dc48.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8953
x-amzn-requestid: 5085f7ea-72de-43e0-a670-d221fc6af736
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aelBzHcPIAMFpqQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6355b53e-1c4bfd5c56b0af173eb43001;Sampled=0
x-amzn-remapped-date: Sun, 23 Oct 2022 21:42:22 GMT
x-amz-cf-pop: SFO5-P2, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: pCvtOb9B5beB4xJFbTvDQxO37bcXmPVCAwUOw7hOZLHTe_W-ii4T6Q==
via: 1.1 7dcaa43cd0535d889b549e6a30a57aa0.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google
date: Sun, 23 Oct 2022 22:35:31 GMT
etag: "c4dbc6b4b8b9cf4f8868ddc060ee731cf43153d7"
content-type: image/jpeg
age: 14979
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2aa538fb-7cd1-41f1-aacd-b9ff42991b8b.jpeg
34.120.237.76200 OK 8.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2aa538fb-7cd1-41f1-aacd-b9ff42991b8b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 72d843f94f06a00091ded227a40f24f7
7becba083c646f4715513e07d297ebc56f9d22ab
407d2ea28f44456af3f0f7b7f594703b08d15a5d682756bcad17de85dce65cd7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2aa538fb-7cd1-41f1-aacd-b9ff42991b8b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8361
x-amzn-requestid: 23942897-d28e-4661-b941-1c8eb5ae9735
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aelO4E4BIAMFcpw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6355b592-4df057fb403df49841961951;Sampled=0
x-amzn-remapped-date: Sun, 23 Oct 2022 21:43:46 GMT
x-amz-cf-pop: SFO5-P2, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Ybm5nbcEOMZT4vaC5dx7ji-VXg11O3AUZFfE42y418bv-QU0ntK_MQ==
via: 1.1 b637bd7696854d7acbf96132dcf53200.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 23 Oct 2022 21:46:36 GMT
age: 17914
etag: "7becba083c646f4715513e07d297ebc56f9d22ab"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe87578f5-db38-4350-a6ac-22b0577d75a1.jpeg
34.120.237.76200 OK 7.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe87578f5-db38-4350-a6ac-22b0577d75a1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 548cc254725b085a0794f02585db37f6
69ebcb96188f5e3f6355aabecbe925e26ff00668
09906078ef781e283e939b86e3ee34665ed5df4524a9af4be26f7106a8cab836
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe87578f5-db38-4350-a6ac-22b0577d75a1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7435
x-amzn-requestid: fd538694-534d-4938-bebc-1131c0bb7c62
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aelB1HWdIAMFuSQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6355b53e-2f9210cb5a6a28a71b130497;Sampled=0
x-amzn-remapped-date: Sun, 23 Oct 2022 21:42:22 GMT
x-amz-cf-pop: SFO5-P2, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: GFV2nCltq7Zg9MXGD96a5ajF-Kih-yNwv2rQC8Omlyla0UQ01TYkmw==
via: 1.1 58f9a50682bb94842197f3e957919c60.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 23 Oct 2022 22:03:39 GMT
age: 16891
etag: "69ebcb96188f5e3f6355aabecbe925e26ff00668"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2e44a0c5-308b-4a3c-a704-fed082e5c701.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2e44a0c5-308b-4a3c-a704-fed082e5c701.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f1a2e95e4cdae92b60d0fde61c6c8312
fa110a433705597d1384e6d5dd0e757090dbe366
bfa8bc3faf60272c250c0b7d220c90bcf9f01267907dd81465ed0a6a4fda8fdc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2e44a0c5-308b-4a3c-a704-fed082e5c701.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10639
x-amzn-requestid: 983ddbdb-f97d-44dc-b502-6a555f50217f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aelDaEkBoAMFcRg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6355b548-351c26ae42c01c94616d04b4;Sampled=0
x-amzn-remapped-date: Sun, 23 Oct 2022 21:42:32 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 05znhcULmL8iPplTvsxxMD0wy4YUADkAs0t2T_AhTUBf1pBKAcc0EA==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Sun, 23 Oct 2022 21:46:36 GMT
age: 17914
etag: "fa110a433705597d1384e6d5dd0e757090dbe366"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6e8ac15f-1a51-4bfe-ab4a-570fc480a976.jpeg
34.120.237.76200 OK 4.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6e8ac15f-1a51-4bfe-ab4a-570fc480a976.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f12f21779aa94b557db8037ceefd15b2
1698d8d0ff47fc4e6dd20d99ceae84cfcdd69e86
0d33ee5a721c2f940ff1e7d5fae9abba3781f6d37e458a36285718466ecdcd10
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6e8ac15f-1a51-4bfe-ab4a-570fc480a976.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4434
x-amzn-requestid: 41e95a27-2955-4224-8d2c-f12d1254cda7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aelB0EQboAMFmMw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6355b53e-5cb99b700c84c99c2d9e52d7;Sampled=0
x-amzn-remapped-date: Sun, 23 Oct 2022 21:42:22 GMT
x-amz-cf-pop: SEA73-P2, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: OTe4NY6F7vvMR1vwdg53oUfynNgHOuyn9VPBf7ub1SqnXTgJRj8dXw==
via: 1.1 27f6faf9790b5a2877fb528fa31f7922.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 23 Oct 2022 22:05:54 GMT
age: 16756
etag: "1698d8d0ff47fc4e6dd20d99ceae84cfcdd69e86"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff0e8944f-330b-4c84-abef-bb7192d06408.jpeg
34.120.237.76200 OK 5.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff0e8944f-330b-4c84-abef-bb7192d06408.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 00bb08d0e8d45c0b0daf65ed676f35fa
0e189c28df7add54e092ea9cb101b0fab7d9024d
e2968bade1033fb2b73d28b8a04bcffa5262bd222bf9748bdcb923ef2b1b6416
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff0e8944f-330b-4c84-abef-bb7192d06408.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5440
x-amzn-requestid: e05d1f8e-78e3-4eb6-bebd-3f7a07894e3b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aYvLoGV3IAMFyPQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63535f17-29fac13e0fec920c04885288;Sampled=0
x-amzn-remapped-date: Sat, 22 Oct 2022 03:10:15 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: CEKwEtZe8zx8csLPMAPg55UXZ5ArKwMUt9RGyi2ICz1YptGqog8_Lg==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Sun, 23 Oct 2022 03:44:04 GMT
age: 82866
etag: "0e189c28df7add54e092ea9cb101b0fab7d9024d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 4c236f4ca13cd8fafc580bceb0995642
b6a7de7a8d994ed2cfb5ac74b6d7703de515ecdb
671228953eba5b2678df03acebb493e411752c6f5f72ff7f1e485032241d4aeb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 24 Oct 2022 02:45:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash c648afbf5e3d040dbc290bae3858eb4c
1d5ce50cd8fe30a0853fad3f599403b750784ccd
39a468aa8e7515d809fc04a03e9bc0f2afa85c276c5824e8e44183d4d6a7be45
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2622
Cache-Control: max-age=149012
Content-Type: application/ocsp-response
Date: Mon, 24 Oct 2022 02:45:10 GMT
Etag: "6355950c-118"
Expires: Tue, 25 Oct 2022 20:08:42 GMT
Last-Modified: Sun, 23 Oct 2022 19:25:00 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 280
cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
104.17.25.14200 OK 14 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
IP 104.17.25.14:0
File type ASCII text, with very long lines (48316), with no line terminators
Hash 2e46e3b0807c19e0ee85603dd4ba3f72
cb55679976d9a5d9933f291218b8ff0f95ebdc17
87a3f839cfc8bca3368a7dec7c5ff14e5f613928e899b601292b5a1f1bd5dc05
GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bustygirls4u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 24 Oct 2022 02:45:10 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61182885-3694"
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 6430333
expires: Sat, 14 Oct 2023 02:45:10 GMT
accept-ranges: bytes
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 75ef5ff69af10b06-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash c648afbf5e3d040dbc290bae3858eb4c
1d5ce50cd8fe30a0853fad3f599403b750784ccd
39a468aa8e7515d809fc04a03e9bc0f2afa85c276c5824e8e44183d4d6a7be45
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2622
Cache-Control: max-age=149012
Content-Type: application/ocsp-response
Date: Mon, 24 Oct 2022 02:45:10 GMT
Etag: "6355950c-118"
Expires: Tue, 25 Oct 2022 20:08:42 GMT
Last-Modified: Sun, 23 Oct 2022 19:25:00 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 280
bustygirls4u.com/bridge/ao_loader.js
18.197.205.236200 OK 836 B URL HTTP/2 bustygirls4u.com/bridge/ao_loader.js
IP 18.197.205.236:0
File type ASCII text, with very long lines (835)
Hash 9c129816fdafb5e9525563ba64018bd7
79dfb5a385a3583a597716ac4b1e1649e9b9994d
43d06cd88d872d0f1ab73eda7cf55805382dfd0d56bb90aad3398c72a5bb4acf
GET /bridge/ao_loader.js HTTP/1.1
Host: bustygirls4u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bustygirls4u.com/jump?tds_cid=c84c11d83f0c5603080ecec1edf62d81285422e4&s3=wsjsqu3me1osdavj22vvgjr4&tds_campaign=b1727pos&tds_oid=24401&tds_id=b1727pos_jump_a_1598613018653&dci=bb25dab22c2ea689bfbdbada986627832e97fe95&s1=ps&utm_campaign=497f5345&tds_ac_id=s8655tok&data2=wsjsqu3me1osdavj22vvgjr4&tds_ao=1&id=24401&_tgUrl=aHR0cHM6Ly9idXN0eWdpcmxzNHUuY29tL3Rkcy9hZS90Zy9zL2NkODFkOTI0NDRmYmVjNDk1MDcwOGYxMjZhNzYyZjEzP19fdD0xNjY2NTc5NTA5OTc0Jl9fbD0zNjAw&tds_rt=&utm_content=&tds_host=bustygirls4u.com&utm_source=int
Cookie: dci=bb25dab22c2ea689bfbdbada986627832e97fe95; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 24 Oct 2022 02:45:10 GMT
content-type: application/javascript; charset=UTF-8
content-length: 836
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
x-robots-tag: noindex
accept-ranges: bytes
cache-control: public, max-age=3600
last-modified: Thu, 20 Oct 2022 10:01:48 GMT
etag: W/"344-183f4d782e0"
vary: Accept-Encoding
X-Firefox-Spdy: h2
bustygirls4u.com/ufis/main.js?ippContent=null&wpContent=null&pwaContent=null&doc_location=https%3A%2F%2Fbustygirls4u.com%2Fjump%3Ftds_cid%3Dc84c11d83f0c5603080ecec1edf62d81285422e4%26s3%3Dwsjsqu3me1osdavj22vvgjr4%26tds_campaign%3Db1727pos%26tds_oid%3D24401%26tds_id%3Db1727pos_jump_a_1598613018653%26dci%3Dbb25dab22c2ea689bfbdbada986627832e97fe95%26s1%3Dps%26utm_campaign%3D497f5345%26tds_ac_id%3Ds8655tok%26data2%3Dwsjsqu3me1osdavj22vvgjr4%26tds_ao%3D1%26id%3D24401%26_tgUrl%3DaHR0cHM6Ly9idXN0eWdpcmxzNHUuY29tL3Rkcy9hZS90Zy9zL2NkODFkOTI0NDRmYmVjNDk1MDcwOGYxMjZhNzYyZjEzP19fdD0xNjY2NTc5NTA5OTc0Jl9fbD0zNjAw%26tds_rt%3D%26utm_content%3D%26tds_host%3Dbustygirls4u.com%26utm_source%3Dint&uaDataValues={}
18.197.205.236200 OK 199 B URL HTTP/2 bustygirls4u.com/ufis/main.js?ippContent=null&wpContent=null&pwaContent=null&doc_location=https%3A%2F%2Fbustygirls4u.com%2Fjump%3Ftds_cid%3Dc84c11d83f0c5603080ecec1edf62d81285422e4%26s3%3Dwsjsqu3me1osdavj22vvgjr4%26tds_campaign%3Db1727pos%26tds_oid%3D24401%26tds_id%3Db1727pos_jump_a_1598613018653%26dci%3Dbb25dab22c2ea689bfbdbada986627832e97fe95%26s1%3Dps%26utm_campaign%3D497f5345%26tds_ac_id%3Ds8655tok%26data2%3Dwsjsqu3me1osdavj22vvgjr4%26tds_ao%3D1%26id%3D24401%26_tgUrl%3DaHR0cHM6Ly9idXN0eWdpcmxzNHUuY29tL3Rkcy9hZS90Zy9zL2NkODFkOTI0NDRmYmVjNDk1MDcwOGYxMjZhNzYyZjEzP19fdD0xNjY2NTc5NTA5OTc0Jl9fbD0zNjAw%26tds_rt%3D%26utm_content%3D%26tds_host%3Dbustygirls4u.com%26utm_source%3Dint&uaDataValues={}
IP 18.197.205.236:0
Hash cd4ae55f3af545b5863f65b73a6a7b80
a85fca461d97f90eaf52246b95974eeabba27c20
ae4475effcb2e8533194b150ee30b2472c1cb7498b2c83a764718d962deaa84f
GET /ufis/main.js?ippContent=null&wpContent=null&pwaContent=null&doc_location=https%3A%2F%2Fbustygirls4u.com%2Fjump%3Ftds_cid%3Dc84c11d83f0c5603080ecec1edf62d81285422e4%26s3%3Dwsjsqu3me1osdavj22vvgjr4%26tds_campaign%3Db1727pos%26tds_oid%3D24401%26tds_id%3Db1727pos_jump_a_1598613018653%26dci%3Dbb25dab22c2ea689bfbdbada986627832e97fe95%26s1%3Dps%26utm_campaign%3D497f5345%26tds_ac_id%3Ds8655tok%26data2%3Dwsjsqu3me1osdavj22vvgjr4%26tds_ao%3D1%26id%3D24401%26_tgUrl%3DaHR0cHM6Ly9idXN0eWdpcmxzNHUuY29tL3Rkcy9hZS90Zy9zL2NkODFkOTI0NDRmYmVjNDk1MDcwOGYxMjZhNzYyZjEzP19fdD0xNjY2NTc5NTA5OTc0Jl9fbD0zNjAw%26tds_rt%3D%26utm_content%3D%26tds_host%3Dbustygirls4u.com%26utm_source%3Dint&uaDataValues={} HTTP/1.1
Host: bustygirls4u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bustygirls4u.com/jump?tds_cid=c84c11d83f0c5603080ecec1edf62d81285422e4&s3=wsjsqu3me1osdavj22vvgjr4&tds_campaign=b1727pos&tds_oid=24401&tds_id=b1727pos_jump_a_1598613018653&dci=bb25dab22c2ea689bfbdbada986627832e97fe95&s1=ps&utm_campaign=497f5345&tds_ac_id=s8655tok&data2=wsjsqu3me1osdavj22vvgjr4&tds_ao=1&id=24401&_tgUrl=aHR0cHM6Ly9idXN0eWdpcmxzNHUuY29tL3Rkcy9hZS90Zy9zL2NkODFkOTI0NDRmYmVjNDk1MDcwOGYxMjZhNzYyZjEzP19fdD0xNjY2NTc5NTA5OTc0Jl9fbD0zNjAw&tds_rt=&utm_content=&tds_host=bustygirls4u.com&utm_source=int
Cookie: dci=bb25dab22c2ea689bfbdbada986627832e97fe95; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 24 Oct 2022 02:45:10 GMT
content-type: text/javascript; charset=utf-8
content-length: 199
server: nginx
x-powered-by: Express
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
etag: W/"c7-qF/KRh2X+Q6vUiRrlZdO6ruifCA"
vary: Accept-Encoding
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash ffbfbd6d5d1e91af3c02313339eed0d0
df6457b655ac278fe32f3015bba4cff22dae5b2d
1991ca3e854e53f89b92ce93e01e6094f815b1d2c7c31e664481760211ac200a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 24 Oct 2022 02:45:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn3reference.com/css/webPushMotivationPopupSmall.css?v=2
54.230.111.43200 OK 17 kB URL HTTP/2 cdn3reference.com/css/webPushMotivationPopupSmall.css?v=2
IP 54.230.111.43:0
Hash de111f656fbb212a96fe528691d6c212
ab6156eb8e3b2e406ce5b691354961a73fd2b617
00be4b72b5675be5663e59243ee3d26ad4042acd803587b2d9ddab919c9ee3fc
GET /css/webPushMotivationPopupSmall.css?v=2 HTTP/1.1
Host: cdn3reference.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bustygirls4u.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css
server: nginx
date: Mon, 24 Oct 2022 02:45:10 GMT
last-modified: Wed, 31 Oct 2018 08:29:51 GMT
etag: W/"1340-579821b240313"
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: HwlqF4T5bbqV4wE8ExbOTFcyavCQgfzyN9QSgxWjiSZ5ALjtxHjz9Q==
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 05ee461624e2ec37f65e859afe6543ba
b99dcb558535d3d35d140e730aeeb41587622b30
576b3bf619d0a152889cc44165a229ad0100ccc319cf4d9044b2f26d4b676658
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 24 Oct 2022 02:45:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash ffbfbd6d5d1e91af3c02313339eed0d0
df6457b655ac278fe32f3015bba4cff22dae5b2d
1991ca3e854e53f89b92ce93e01e6094f815b1d2c7c31e664481760211ac200a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 24 Oct 2022 02:45:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash ffbfbd6d5d1e91af3c02313339eed0d0
df6457b655ac278fe32f3015bba4cff22dae5b2d
1991ca3e854e53f89b92ce93e01e6094f815b1d2c7c31e664481760211ac200a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 24 Oct 2022 02:45:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://bustygirls4u.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 19 Oct 2022 19:34:08 GMT
expires: Thu, 19 Oct 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 371463
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://bustygirls4u.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 19 Oct 2022 19:34:08 GMT
expires: Thu, 19 Oct 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 371463
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn3reference.com/landings/24401/css/d7e99b00a0d1712ee633f352316f2200.css
54.230.111.43200 OK 51 kB URL HTTP/2 cdn3reference.com/landings/24401/css/d7e99b00a0d1712ee633f352316f2200.css
IP 54.230.111.43:0
Hash ff602ccff51699deb805e597e097577c
7575633d96f352e17ad28b656529825b34d85920
95d4a75dc1352bb7795010ae2048f5d2563df5d70ef94dc1a41c1e80fe91924a
GET /landings/24401/css/d7e99b00a0d1712ee633f352316f2200.css HTTP/1.1
Host: cdn3reference.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bustygirls4u.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css
server: nginx
date: Mon, 24 Oct 2022 02:45:10 GMT
last-modified: Thu, 25 Aug 2022 15:53:12 GMT
content-encoding: gzip
etag: W/"bde-5e712cb6e8a00"
x-cache: Miss from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: SQKpGt1ARoCRsqzCjIxY97nhP8RNe6ZpmIpscRpS2x6HmAhH8zdujQ==
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash ffbfbd6d5d1e91af3c02313339eed0d0
df6457b655ac278fe32f3015bba4cff22dae5b2d
1991ca3e854e53f89b92ce93e01e6094f815b1d2c7c31e664481760211ac200a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 24 Oct 2022 02:45:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn3reference.com/landings/24401/images/2.gif
54.230.111.43200 OK 1000 kB URL HTTP/2 cdn3reference.com/landings/24401/images/2.gif
IP 54.230.111.43:0
File type GIF image data, version 89a, 350 x 350\012- data
Size 1000 kB (999922 bytes)
Hash b6b27f38cd115cf71f4a78cd5ef2a95f
94d2bb66eec706db9cb5660c58208a92c3464b93
60a79cc5475537d4126be3448f0bd7faacafdc09482241a7fb195fffbe03b281
GET /landings/24401/images/2.gif HTTP/1.1
Host: cdn3reference.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn3reference.com/landings/24401/css/d7e99b00a0d1712ee633f352316f2200.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/gif
content-length: 999922
server: nginx
last-modified: Tue, 03 Dec 2019 13:56:45 GMT
accept-ranges: bytes
date: Mon, 24 Oct 2022 02:45:10 GMT
cache-control: public, max-age=604800
etag: "f41f2-598cd1107e140"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: b7wr40IEpsOgo6-cW9TPeCI6P3iyTfk6fuVfdECUzWv144vN_G5OAQ==
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash bc0e5baa2fbcd0682f32e097ec24865d
6dfc342cc747dae6d363f481acdaa1eefea62346
5a2830c44b3f876ab2a8fe06bfe4a161a50703bf67c180eb1ca4ab71b9e5e59f
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=151760
Date: Mon, 24 Oct 2022 02:45:11 GMT
Etag: "635597c7-1d7"
Expires: Tue, 25 Oct 2022 20:54:31 GMT
Last-Modified: Sun, 23 Oct 2022 19:36:39 GMT
Server: ECS (bsa/EB19)
X-Cache: Miss from cloudfront
Via: 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 6nqDrr4CCiUAutMpPu9CKg58fkmJVO3PAkTqu5LBtZdS4hAksrHQSQ==
Age: 4672
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 05ee461624e2ec37f65e859afe6543ba
b99dcb558535d3d35d140e730aeeb41587622b30
576b3bf619d0a152889cc44165a229ad0100ccc319cf4d9044b2f26d4b676658
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 24 Oct 2022 02:45:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
bustygirls4u.com/ao.js
18.197.205.236200 OK 0 B IP 18.197.205.236:0
GET /ao.js HTTP/1.1
Host: bustygirls4u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bustygirls4u.com/jump?tds_cid=c84c11d83f0c5603080ecec1edf62d81285422e4&s3=wsjsqu3me1osdavj22vvgjr4&tds_campaign=b1727pos&tds_oid=24401&tds_id=b1727pos_jump_a_1598613018653&dci=bb25dab22c2ea689bfbdbada986627832e97fe95&s1=ps&utm_campaign=497f5345&tds_ac_id=s8655tok&data2=wsjsqu3me1osdavj22vvgjr4&tds_ao=1&id=24401&_tgUrl=aHR0cHM6Ly9idXN0eWdpcmxzNHUuY29tL3Rkcy9hZS90Zy9zL2NkODFkOTI0NDRmYmVjNDk1MDcwOGYxMjZhNzYyZjEzP19fdD0xNjY2NTc5NTA5OTc0Jl9fbD0zNjAw&tds_rt=&utm_content=&tds_host=bustygirls4u.com&utm_source=int
Cookie: dci=bb25dab22c2ea689bfbdbada986627832e97fe95; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 24 Oct 2022 02:45:10 GMT
content-type: application/javascript; charset=UTF-8
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
x-robots-tag: noindex
accept-ranges: bytes
cache-control: public, max-age=3600
last-modified: Thu, 20 Oct 2022 10:01:48 GMT
etag: W/"1509-183f4d782e0"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
bustygirls4u.com/bridge/frodi_data.js
18.197.205.236200 OK 0 B URL HTTP/2 bustygirls4u.com/bridge/frodi_data.js
IP 18.197.205.236:0
GET /bridge/frodi_data.js HTTP/1.1
Host: bustygirls4u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bustygirls4u.com/jump?tds_cid=c84c11d83f0c5603080ecec1edf62d81285422e4&s3=wsjsqu3me1osdavj22vvgjr4&tds_campaign=b1727pos&tds_oid=24401&tds_id=b1727pos_jump_a_1598613018653&dci=bb25dab22c2ea689bfbdbada986627832e97fe95&s1=ps&utm_campaign=497f5345&tds_ac_id=s8655tok&data2=wsjsqu3me1osdavj22vvgjr4&tds_ao=1&id=24401&_tgUrl=aHR0cHM6Ly9idXN0eWdpcmxzNHUuY29tL3Rkcy9hZS90Zy9zL2NkODFkOTI0NDRmYmVjNDk1MDcwOGYxMjZhNzYyZjEzP19fdD0xNjY2NTc5NTA5OTc0Jl9fbD0zNjAw&tds_rt=&utm_content=&tds_host=bustygirls4u.com&utm_source=int
Cookie: dci=bb25dab22c2ea689bfbdbada986627832e97fe95; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 24 Oct 2022 02:45:10 GMT
content-type: application/javascript; charset=UTF-8
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
x-robots-tag: noindex
accept-ranges: bytes
cache-control: public, max-age=3600
last-modified: Thu, 20 Oct 2022 10:01:48 GMT
etag: W/"19f8-183f4d782e0"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
bustygirls4u.com/integration.js
18.197.205.236200 OK 0 B URL HTTP/2 bustygirls4u.com/integration.js
IP 18.197.205.236:0
GET /integration.js HTTP/1.1
Host: bustygirls4u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bustygirls4u.com/jump?tds_cid=c84c11d83f0c5603080ecec1edf62d81285422e4&s3=wsjsqu3me1osdavj22vvgjr4&tds_campaign=b1727pos&tds_oid=24401&tds_id=b1727pos_jump_a_1598613018653&dci=bb25dab22c2ea689bfbdbada986627832e97fe95&s1=ps&utm_campaign=497f5345&tds_ac_id=s8655tok&data2=wsjsqu3me1osdavj22vvgjr4&tds_ao=1&id=24401&_tgUrl=aHR0cHM6Ly9idXN0eWdpcmxzNHUuY29tL3Rkcy9hZS90Zy9zL2NkODFkOTI0NDRmYmVjNDk1MDcwOGYxMjZhNzYyZjEzP19fdD0xNjY2NTc5NTA5OTc0Jl9fbD0zNjAw&tds_rt=&utm_content=&tds_host=bustygirls4u.com&utm_source=int
Cookie: dci=bb25dab22c2ea689bfbdbada986627832e97fe95; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 24 Oct 2022 02:45:10 GMT
content-type: text/javascript; charset=utf-8
server: nginx
x-powered-by: Express
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
etag: W/"715-BFqb2dTXlqoJGFPL6eCO6Zn6OAo"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
retarget2core.com/43fbb6270523e1760fa5f0d2579dea07/ac3fc68831981c704535980c826941a5?tds_cid=c84c11d83f0c5603080ecec1edf62d81285422e4&dci=bb25dab22c2ea689bfbdbada986627832e97fe95&j_type=open&jump=24401&jump_name=
35.157.196.4200 OK 0 B URL HTTP/2 retarget2core.com/43fbb6270523e1760fa5f0d2579dea07/ac3fc68831981c704535980c826941a5?tds_cid=c84c11d83f0c5603080ecec1edf62d81285422e4&dci=bb25dab22c2ea689bfbdbada986627832e97fe95&j_type=open&jump=24401&jump_name=
IP 35.157.196.4:0
GET /43fbb6270523e1760fa5f0d2579dea07/ac3fc68831981c704535980c826941a5?tds_cid=c84c11d83f0c5603080ecec1edf62d81285422e4&dci=bb25dab22c2ea689bfbdbada986627832e97fe95&j_type=open&jump=24401&jump_name= HTTP/1.1
Host: retarget2core.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bustygirls4u.com/
Cookie: dci=058ed143af9eeb213cc40386cc5d545a3feddf9b
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 24 Oct 2022 02:45:11 GMT
content-type: image/gif
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
accept-ch: UA, Platform, Model, Mobile, Arch
set-cookie: dci=058ed143af9eeb213cc40386cc5d545a3feddf9b; Max-Age=31536000; Domain=.retarget2core.com; Path=/; Expires=Tue, 24 Oct 2023 02:45:11 GMT; Secure; SameSite=None
X-Firefox-Spdy: h2
cdn3reference.com/js/dc_img.js?v=8
54.230.111.43200 OK 0 B URL HTTP/2 cdn3reference.com/js/dc_img.js?v=8
IP 54.230.111.43:0
GET /js/dc_img.js?v=8 HTTP/1.1
Host: cdn3reference.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bustygirls4u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
server: nginx
date: Mon, 24 Oct 2022 02:45:10 GMT
last-modified: Thu, 29 Oct 2020 09:22:15 GMT
etag: W/"1e8-5b2cbd0d9620d"
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: p-T5QLqbuVVYMjBZgWPAhBdSpl85RLPQKfAiGi5sfRcgTdz7z22TQg==
X-Firefox-Spdy: h2
cdn3reference.com/landings/24401/js/20dff8cf5ed8c45d47eca00751d44eb9.js
54.230.111.43200 OK 0 B URL HTTP/2 cdn3reference.com/landings/24401/js/20dff8cf5ed8c45d47eca00751d44eb9.js
IP 54.230.111.43:0
GET /landings/24401/js/20dff8cf5ed8c45d47eca00751d44eb9.js HTTP/1.1
Host: cdn3reference.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bustygirls4u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
server: nginx
date: Mon, 24 Oct 2022 02:45:10 GMT
last-modified: Thu, 25 Aug 2022 15:53:12 GMT
content-encoding: gzip
etag: W/"17b45-5e712cb6e8a00"
x-cache: Miss from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: c2fw0cRG9KzUtz4vFuki206n4GLYZFaeC-fDUgVmBH00C99GDiDaMA==
X-Firefox-Spdy: h2
cdn3reference.com/images/jump-favicon.ico
54.230.111.43200 OK 0 B URL HTTP/2 cdn3reference.com/images/jump-favicon.ico
IP 54.230.111.43:0
GET /images/jump-favicon.ico HTTP/1.1
Host: cdn3reference.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bustygirls4u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/vnd.microsoft.icon
server: nginx
date: Mon, 24 Oct 2022 02:45:11 GMT
last-modified: Fri, 05 Dec 2014 08:28:50 GMT
cache-control: public, max-age=604800
content-encoding: gzip
etag: W/"47e-50973ddc33480"
x-cache: Miss from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: hKZGJn7Vtqe6VCc4rFEbfO9xYDqsTpj5oG-oK6Rt64h_4g-goPsEew==
X-Firefox-Spdy: h2
bustygirls4u.com/tds/ae?tdsId=s8655tok_r&tds_campaign=s8655tok&utm_sub=opnfnl&s1=ps&utm_source=int&affid=497f5345&subid=&clickid=wsjsqu3me1osdavj22vvgjr4&subid2=wsjsqu3me1osdavj22vvgjr4
18.197.205.236302 Found 0 B URL HTTP/2 bustygirls4u.com/tds/ae?tdsId=s8655tok_r&tds_campaign=s8655tok&utm_sub=opnfnl&s1=ps&utm_source=int&affid=497f5345&subid=&clickid=wsjsqu3me1osdavj22vvgjr4&subid2=wsjsqu3me1osdavj22vvgjr4
IP 18.197.205.236:0
GET /tds/ae?tdsId=s8655tok_r&tds_campaign=s8655tok&utm_sub=opnfnl&s1=ps&utm_source=int&affid=497f5345&subid=&clickid=wsjsqu3me1osdavj22vvgjr4&subid2=wsjsqu3me1osdavj22vvgjr4 HTTP/1.1
Host: bustygirls4u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://bilqi-omv.com/
Connection: keep-alive
Cookie: dci=bb25dab22c2ea689bfbdbada986627832e97fe95; dm=fe450dd0d1dadc615429144d33241f42
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Mon, 24 Oct 2022 02:45:09 GMT
location: https://bustygirls4u.com/jump?tds_cid=c84c11d83f0c5603080ecec1edf62d81285422e4&s3=wsjsqu3me1osdavj22vvgjr4&tds_campaign=b1727pos&tds_oid=24401&tds_id=b1727pos_jump_a_1598613018653&dci=bb25dab22c2ea689bfbdbada986627832e97fe95&s1=ps&utm_campaign=497f5345&tds_ac_id=s8655tok&data2=wsjsqu3me1osdavj22vvgjr4&tds_ao=1&id=24401&_tgUrl=aHR0cHM6Ly9idXN0eWdpcmxzNHUuY29tL3Rkcy9hZS90Zy9zL2NkODFkOTI0NDRmYmVjNDk1MDcwOGYxMjZhNzYyZjEzP19fdD0xNjY2NTc5NTA5OTc0Jl9fbD0zNjAw&tds_rt=&utm_content=&tds_host=bustygirls4u.com&utm_source=int
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
accept-ch: UA, Platform, Model, Mobile, Arch
set-cookie: dci=bb25dab22c2ea689bfbdbada986627832e97fe95; Max-Age=31536000; Domain=.bustygirls4u.com; Path=/; Expires=Tue, 24 Oct 2023 02:45:09 GMT; Secure; SameSite=None
dm=fe450dd0d1dadc615429144d33241f42; Max-Age=432000; Path=/; Expires=Sat, 29 Oct 2022 02:45:09 GMT
X-Firefox-Spdy: h2
bustygirls4u.com/jump?tds_cid=c84c11d83f0c5603080ecec1edf62d81285422e4&s3=wsjsqu3me1osdavj22vvgjr4&tds_campaign=b1727pos&tds_oid=24401&tds_id=b1727pos_jump_a_1598613018653&dci=bb25dab22c2ea689bfbdbada986627832e97fe95&s1=ps&utm_campaign=497f5345&tds_ac_id=s8655tok&data2=wsjsqu3me1osdavj22vvgjr4&tds_ao=1&id=24401&_tgUrl=aHR0cHM6Ly9idXN0eWdpcmxzNHUuY29tL3Rkcy9hZS90Zy9zL2NkODFkOTI0NDRmYmVjNDk1MDcwOGYxMjZhNzYyZjEzP19fdD0xNjY2NTc5NTA5OTc0Jl9fbD0zNjAw&tds_rt=&utm_content=&tds_host=bustygirls4u.com&utm_source=int
18.197.205.236200 OK 0 B URL HTTP/2 bustygirls4u.com/jump?tds_cid=c84c11d83f0c5603080ecec1edf62d81285422e4&s3=wsjsqu3me1osdavj22vvgjr4&tds_campaign=b1727pos&tds_oid=24401&tds_id=b1727pos_jump_a_1598613018653&dci=bb25dab22c2ea689bfbdbada986627832e97fe95&s1=ps&utm_campaign=497f5345&tds_ac_id=s8655tok&data2=wsjsqu3me1osdavj22vvgjr4&tds_ao=1&id=24401&_tgUrl=aHR0cHM6Ly9idXN0eWdpcmxzNHUuY29tL3Rkcy9hZS90Zy9zL2NkODFkOTI0NDRmYmVjNDk1MDcwOGYxMjZhNzYyZjEzP19fdD0xNjY2NTc5NTA5OTc0Jl9fbD0zNjAw&tds_rt=&utm_content=&tds_host=bustygirls4u.com&utm_source=int
IP 18.197.205.236:0
GET /jump?tds_cid=c84c11d83f0c5603080ecec1edf62d81285422e4&s3=wsjsqu3me1osdavj22vvgjr4&tds_campaign=b1727pos&tds_oid=24401&tds_id=b1727pos_jump_a_1598613018653&dci=bb25dab22c2ea689bfbdbada986627832e97fe95&s1=ps&utm_campaign=497f5345&tds_ac_id=s8655tok&data2=wsjsqu3me1osdavj22vvgjr4&tds_ao=1&id=24401&_tgUrl=aHR0cHM6Ly9idXN0eWdpcmxzNHUuY29tL3Rkcy9hZS90Zy9zL2NkODFkOTI0NDRmYmVjNDk1MDcwOGYxMjZhNzYyZjEzP19fdD0xNjY2NTc5NTA5OTc0Jl9fbD0zNjAw&tds_rt=&utm_content=&tds_host=bustygirls4u.com&utm_source=int HTTP/1.1
Host: bustygirls4u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://bilqi-omv.com/
Connection: keep-alive
Cookie: dci=bb25dab22c2ea689bfbdbada986627832e97fe95; dm=fe450dd0d1dadc615429144d33241f42
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 24 Oct 2022 02:45:10 GMT
content-type: text/html; charset=UTF-8
server: nginx
content-encoding: br
X-Firefox-Spdy: h2
cdn3reference.com/js/webPushMotivationPopupSmall.js?v=8
54.230.111.43200 OK 0 B URL HTTP/2 cdn3reference.com/js/webPushMotivationPopupSmall.js?v=8
IP 54.230.111.43:0
GET /js/webPushMotivationPopupSmall.js?v=8 HTTP/1.1
Host: cdn3reference.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bustygirls4u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
server: nginx
date: Mon, 24 Oct 2022 02:45:10 GMT
last-modified: Wed, 31 Oct 2018 08:29:51 GMT
content-encoding: gzip
etag: W/"22c1-579821b2406fb"
x-cache: Miss from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: j_BcdlbNq5T_YwIGhSdTuqCFft-cS1_lmfkr3w5h1iVDEV6LodFHOA==
X-Firefox-Spdy: h2